Thursday, July 29, 2010

Teach you to quickly identify "Sasser"


May 1 Jing Xian Internet "Sasser (Worm.Sasser)" menacing viruses, the virus is through Microsoft's latest high-risk vulnerability-LSASS vulnerability (MS04-011 bulletin Microsoft) spread, the danger of great current WINDOWS 2000/XP/Server 2003 operating system users such as the existence of the vulnerability, users of these operating systems as long as an Internet, there may be the virus attacks. Teach users how to quickly identify the following "Sasser (Worm.Sasser)" virus.

If the user's computer is one of the following phenomena, then that has been poisoned, they should take immediate measures to eliminate the virus.

First, a system error dialog box appears

Attack of the user, if a virus attack fails, the user's computer will appear LSA Shell service exceptions box, and then restart the computer after a minute there the "System Shutdown" box.



Second, a corresponding record in the system log

If the user can not determine whether there had their own computer box above exception or system reboot prompt, you can also view the system log of the way to ascertain whether the poisoning. Method is to run the Event Viewer program, see which system log, if logging as shown below, the proof has been poisoned.



Third, the system resources are a large number of occupation

Virus A successful attack will take up a lot of system resources, so that 100% CPU utilization, appears the phenomenon of the computer running unusually slow.

Fourth, there is named in memory of the process avserve

Virus A successful attack will generate in memory process called avserve.exe, users can use Ctrl + Shift + Esc approach called "Task Manager" and then see if there is a memory in the process of the virus.

5, appears in the system directory file named avserve.exe virus

Virus if the attack is successful, the system installation directory (default is C: WINNT) generated under a virus file named avserve.exe.

6, the virus appears in the registry key

Virus A successful attack would create a registry entry HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun virus key: "avserve.exe" = "% WINDOWS% avserve.exe".






Recommended links:



best video FORMAT



Wizard Chat And Instant Messaging



Shop Audio CD Players



"Tomato Garden" case of first instance pronounced loss of Chengdu, a TOTAL of over 10 million soft



Compilation of various source - DRIVER



Must-read. NET FREQUENTLY Asked Questions Summary



Ma, "New York Times" published a signed Article: Small is beautiful because



Meiling: Select Game Gu Gu and Back



DOWNLOAD converter mp4 to 3gp



mpeg4 to Avi



HTML COMPONENT (HTML COMPONENTS) one of the



mkv file Converter



Alibaba IPO made to decrypt the rich mythology behind the movement



Difficulties in the implementation of ANTI-MONOPOLY law



No comments:

Post a Comment