Thursday, August 5, 2010

Teach you to quickly identify "Sasser"


May 1 Jing Xian Internet "Sasser (Worm.Sasser)" menacing viruses, the virus is through Microsoft's latest high-risk vulnerability-LSASS vulnerability (MS04-011 bulletin Microsoft) spread, the danger of great current WINDOWS 2000/XP/Server 2003 operating system users such as the existence of the vulnerability, users of these operating systems as long as an Internet, there may be the virus attacks. Teach users how to quickly identify the following "Sasser (Worm.Sasser)" virus.

If the user's computer is one of the following phenomena, then that has been poisoned, they should take immediate measures to eliminate the virus.

First, a system error dialog box appears

Attack of the user, if a virus attack fails, the user's computer will appear LSA Shell service exceptions box, and then restart the computer after a minute there the "System Shutdown" box.



Second, a corresponding record in the system log

If the user can not determine whether there had their own computer box above exception or system reboot prompt, you can also view the system log of the way to ascertain whether the poisoning. Method is to run the Event Viewer program, see which system log, if logging as shown below, the proof has been poisoned.



Third, the system resources are a large number of occupation

Virus A successful attack will take up a lot of system resources, so that 100% CPU utilization, appears the phenomenon of the computer running unusually slow.

Fourth, there is named in memory of the process avserve

Virus A successful attack will generate in memory process called avserve.exe, users can use Ctrl + Shift + Esc approach called "Task Manager" and then see if there is a memory in the process of the virus.

5, appears in the system directory file named avserve.exe virus

Virus if the attack is successful, the system installation directory (default is C: WINNT) generated under a virus file named avserve.exe.

6, the virus appears in the registry key

Virus A successful attack would create a registry entry HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun virus key: "avserve.exe" = "% WINDOWS% avserve.exe".






Recommended links:



Convert Flv To Avi



FTP Site Preferences



ps3 FORMAT



Premier XML Or CSS Tools



Yunjie: Mr. Chen in The "correction"?



Audio CD Players REPORT



Popped into the home appliance industry with high black horse



Comment Shell Tools



Convert Dvd To Wmv



Easy to change Driving



C + + Programmers To Easily Commit The Error Of 10 C #



CMM KPA and KP in the distribution of statistics



QUICKTIME to avi



Spring Independent WAP wait policy



China's Largest Drilling Company Defectors Brush Out Of Legal Counsel, The Credit Risk Of Specul