First, what is orange August
Second, identification of the virus
For these viruses, three methods can be used simply to identify them:
The first one:
Open "My Computer", _select_ the menu "Tools" - "" Folder Options ", click" View ", uncheck" Hide protected operating system files "before the check mark, and the" Hidden files and folders " item, _select_ "Show hidden files and folders", and cancel the "Hide extensions for known file types" before the check mark, then click "OK." Into the c: windowssystem32 directory (windows2000 system c: winnt directory), if found to have called "command", "dxdiaq.com", "finder.com", "msconfig.com", "regedit.com" and "rundll32 . com "and other documents generated, the instructions are in the" Mississippi Trojan (trojan.psw.misc) "or its variants.
The second measure:
Click the "Start" button, _select_ "Run", type "regedit" and OK to start Registry Editor. Open the "hkey_local_machinesoftwaremicrosoftwindows ntcurrentversionwindows" entry in the right window to find appinit_dlls. If the value "kb (middle six figures) m.log", such as "kb896588m.log", "kb235780m.log", "kb75976m.log" etc., then is the new "Legend Terminator (trojan . psw.lmir) "and its variants.
The third measure:
Press ctrl + alt + del keyboard key, or right-click on the task bar and _select_ "Task Manager." Click the "Processes" tab. If you find the name "svohost.exe" process, then that is infected with the "qq Pass (trojan.psw.qqpass)" virus or its variants.
Orange in August is mainly for anti-virus software:
Kaspersky
symantec antivirus
Rising
Jiangmin antivirus software
Skynet Personal Firewall
Phage
Trojan killer
Kingsoft
Solution:
1. Patch: http://www.microsoft.com/china/technet/security/bulletin/ms06-040.mspx
2. Download Zhuanshagongju Download: http://download.rising.com.cn/zsgj/viruskille.exe
3. Use a personal firewall is blocking viruses
(1), the main program start Rising Personal Firewall, click the "_Set_tings" menu, _select_ "ip rules."
(2), in the pop-up "_set_ ip rule Rising Personal Firewall" window, click "Add Rule" button.
(3), enter the rule name "ms06-040", perform action to "prohibit", and then click "Next." The other address is _set_ to "any
Address ", the local address is _set_ to" all addresses ", the protocol type" tcp ", the other port _select_" any port ", the local
Port _Select_ion "port list" and enter the following in its "139,445", the alarm mode _select_ion "tray animation" and "logging" two
Items _select_ed, click Save. |