之前當然是有裝防毒軟體.= =.但重灌之後現在情況很慘

一堆應用程式都開不了.很多程式都灌不了.而且PC-cillie更新至最新後

也是偵測不到該病毒.剛剛重灌完.從格式化開始網路線就沒接上.結果還是一樣

應用程式都開不了.我的電腦是有CDEFG五個槽.因為其他四個槽都有蠻重要的檔案.

所以我只有格式化C槽.我要怎麼判斷這病毒潛藏在哪個槽呢..= =

用卡巴線上掃毒掃了1小時半.CDEFG五槽全掃完也是沒有結果

如果沒辦法格式化其他槽的情況下.有什麼辦法能清掉這個病毒呢.QQ?

我沒有隔空把脈的能力
你這樣子說我也無能為力..

所以給我樣本吧...

可能是開機型病毒
建議格式化完重灌前 先重建mbr

看來你是中了開機型病毒( Boot Virus)

一般的掃毒軟體(Norton Antvirus 2007 / McAfee2007 / Nod32)能掃到
但就是砍不掉.你可試看看用98開機片(要有fdisk tool) 然後開機進到純Dos
用A:\Fdisk/MBR

再用Format 就可徹底砍掉病毒

還是沒有辦法用防毒軟體去找到病毒..

目前電腦還是有多數exe執行檔沒辦法開.開啟都會跳出一個dos視窗然後一下子就關閉了

好煩.煩了一整天都在稿這個病毒.又沒有作開機片的習慣.= =.整個就是毀了

難道病毒是潛在硬體裡嗎..徹底被病毒打敗了..

防毒軟體救命阿...

MS04-011_LSASS_EXPLOIT




發現日期: Apr 12, 2004
風險: 重要的
描述:


This buffer overrun vulnerability in the Local Security Authority Subsystem Service (LSASS) allows remote code execution. Once successfully exploited, a remote attacker is able to gain full control of the affected system. It may be used by a malware to perform malicious activities, such as accessing and modifying the file system and replication.

LSASS provides an interface for managing local security, domain authentication, and Active Directory processes. It handles authentication for both the client and the server. It also contains features used to support Active Directory utilities.

Microsoft has posted more information about this vulnerability, among others, in their Security Bulletin MS04-011.


修正程式資訊:


IMPORTANT NOTE:

This detection is not a detection for the vulnerability of your machine. If you got this warning, it is an indication that a malicious piece of code passed through your network or your machine, but was detected by Trend Micro as MS04-011_LSASS_EXPLOIT.

If you have patched your system against the LSASS Vulnerability, then your system should be safe from the damage that may be brought about by this exploit code.

Otherwise, you can look up the patch information for your Windows version on this site. Trend Micro advises users to refrain from using their system until it has been completely patched against this vulnerability.

Trend Micro Solution

Users of Trend Micro PC-cillin Internet Security and Network VirusWall can detect this exploit at the network layer with Network Virus Pattern (NVP) 10180, or later.

Download the latest NVW pattern file from the following site:

http://www.trendmicro.com/download/product.asp?producti d=45

Disabling Network Virus Emergency Center Pop-ups

If you have already patched your system, and want to turn the pop-up messages off, please refer to the following Knowledge Base solutions:

For PC-cillin Internet Security 2005 Users:
Knowledge Base Solution ID 22606

For PC-cillin Internet Security 2004 Users:
Knowledge Base Solution ID 22608

Note: Disabling the network virus pop-up display option means you will not be alerted for ALL network attacks to your system, not just this particular exploit attack.


電腦經常會收到攻擊的警告..= =..這有用嗎..

你找一個檔案比較小的exe檔給我就可以了

這是已經開不了的WinRAR 3.5安裝程式

這樣有用嗎..@@?

前幾天還有幾個奇怪的現象.就是Windosw的自動更新設定裡

比如現在時間9:45分.我就設定10點檢查更新.結果到了10點時.我也沒在點網頁或開檔案

就莫名其妙彈出10幾個病毒檔不斷攻入.

昨天中這個病毒時也是差不多的情形.11:58分時我就想更新一下Windosw看看.自動更新設定為12點檢查更新

結果差不多時間到12點又是10幾個病毒不斷攻入.之後就中了這個重灌也刪不掉的病毒.= =.

中病毒的方法應該不止局限於開網頁開檔案.= =