會感染硬碟MBR區型的病毒-BKDR_SINOWAL.EK資料來源 PC-CILLIN 網頁 http://www.trendmicro.com/vinfo/zh-tw/virusencyclo/default5.asp?VName=BKDR%5FSINOWAL%2EEK&VSect=T症狀:Arrival DetailsThis 租房子backdoor may be dropped by other malware.It may arrive bundled with malware packages as a malware component.InstallationThis backdoor drops the following copy(ies) of itself: 看房子%Temp%\{Random character}.tmp %User Temp%\{Random character}.tmp (Note: %Temp% is the Windows Temporary folder, which is usually C:\Windows\Temp or C:\WINNT\Temp. 房地產%User Temp% is the current user's Temp folder, which is usually C:\Documents and Settings\{user name}\Local Settings\Temp on Windows 2000, XP, and Server 2003.)It 房屋買賣drops the following file(s)/component(s): %Temp%\{Random character}.tmp - also detected by Trend Micro as BKDR_SINOWAL.EK Autostart TechniquesThis backdoor creates the following 買屋registry key(s)/entry(ies) to enable its automatic execution at every system startup: 濾心HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{DEF85C80-216A-43ab-AF70-1665EDBE2780}ImagePath = "\??\%Temp%\{Random number}.tmp"It overwrites the Master 商務中心Boot Record (MBR) with its own code. The said routine enables it to start even before the operating system is loaded. It also drops a rootkit component on the affected system. Affected 小型辦公室PlatformsThis backdoor runs on Windows 98, ME, NT, 2000, XP, and Server 2003.解決方法:自動方式:1.下載PC-CILLON 所提供的 ROOKIT BUSTER 清除工具,執行手動方式:1.先掃描病毒2.用XP光碟機開片,然辦公室出租後按  "R" 到修護晝面,,然後輸入 FIXMBR3.完成(2)的動作後,重新開機,執行 REGEDIT.EXE,把 HKEY_LOCAL_MACHINE>SYSTEM>CurrentControlSet>Services 宜蘭民宿{DEF85C80-216A-43ab-AF70-1665EDBE2780}刪除掉 


.msgcontent .wsharing ul li { text-indent: 0; }



分享

Facebook
Plurk
YAHOO!

創作者介紹

新電視

sv68svqsot 發表在 痞客邦 PIXNET 留言(0) 人氣()