"Popular Science" reported on the 8th, Boston Dynamics developed under the support of the U.S. military out of a dog, whether it is the backcountry, or war-torn city of rubble-strewn alleys, this robot can faithfully Follow the soldiers to perform the task. This is called the "big dog" dog Frisbee Diao may only be put back, it can be for soldiers burdened with hundreds of pounds of tools, even though it ran in flames without fear. Allegedly, the "big dog" is the world's most ambitious legs Robot, its stability and the direction amazing sense of direction, can handle many unknown challenges on the battlefield. Prototype "Big Dog" figure similar to Great Dane, ran three miles per hour or more away, you can climb a 45 degree angle slope on wheeled or tracked vehicles suitable for the terrain ahead, it can load 120 lbs forced march. But the "prototype dog" is just a puppy, Boston Dynamics developed hope this summer will launch the second generation of the "big dog" march to at least double the speed and load. "Big Dog" body is a steel structure, which is equipped with a cylindrical gasoline Engine for the "big dog" of hydraulic systems, computers and inertial measure unit (imu) to provide power. Inertia calculation unit is an important part robot, which uses fiber-optic laser gyroscope and a tracking dog accelerator movement and location. These devices play a role together with four legs, you can make the "big dog" towards accurate pace. Dog legs made of aluminum, each leg has three joints, the use of hydraulic stimulation, computers per second can be re-configured the joint 500. Sensors mounted on the joints, is responsible for measuring the strength and position of the computer refer to these data, combined with information obtained from the inertial measure unit, identified four legs should be lifted or put down, go right or go left. Adjusted by the flow of liquid water pressure joints, each computer can only accurately paw down. This robot vision as well: its head is equipped with a stereo camera and a laser scanner. The first generation of the "big dog" can not move forward in accordance with these two instruments, but the second generation will take advantage of the terrain in front of them to identify, find obstacles. Now the "big dog" need remote control, but the next edition of the "big dog" will get free body, no one to guide, you can make their own decisions. Experts predict that in the next eight years, more powerful ability to take care of themselves more "big dog" ready to ride on the battlefield.
Translated by Google
Computer Virus "dog"
Behind the dog's lifetime, there have been a lot of people say there penetrate to restore the card, the freezing point of the virus, but no samples in various forums evidence until August 29, 2007 Finally someone posted a sample in the community. The virus has no name, the icon is sony's dog Bo, like their predecessors, like the panda, we gave it a name called dog. Works Robot itself will release a pcihdd.sys to drivers directory, pcihdd.sys is an underlying hard disk drive to improve its own priority to restore the card or freezing to replace the hard drive and then access the specified URL, the Web site as long as the connection is automatically Download a large number of viruses and malicious plug-ins. Then modify the boot manager to take over the most frightening thing is, it will spread through the internal network, a Taichung trick, can lead to all computers throughout the network automatically restart. The point is that a virus, way to hook the way if intrusion system, replacing the hard disk drive efficiency is too low, and the destruction of a way to restore it is not the best, there is the scope of application of this technology is very small, only reduction technology vendors There are within the scope of the spread, in this regard, only China in the international arena, and therefore, it is likely that the industry bar. For the Internet, the dog is to prove safety from cafes, restored for all product design, predictable its destructive power will soon exceed Panda. Fortunately, many patches are immune to appear, from the date of dispatch of the major anti-virus software in order to be able to killing. Immune patch dispute The number now is immune vaccine patch form to harmless sample copy to the drivers, the virus that deceive itself to run, play to prevent harm purposes. This form of the problem is that some users for their own safety will run some virus scanning program (such as qq doctors and the like) on the machine. Such a vaccine would be mistaken for a virus, but also spent a lot of tongue. The solution The latest solution is to assign a separate system32/drivers directory user, without giving administror modify permissions. Although this can be resolved, but after installing the driver is a headache thing. To completely clear the virus after treatment restart my computer on it, play on the patch before! Or this: A registry, group policy prohibits run userinit.exe process 2 Add the batch at startup projects a: Force Quit userinit.exe process taskkill / f / im userinit.exe (which back "/ im" parameter for the process image name, this command is only valid for xp users) b: Forced to _delete_ userinit.exe file del / f / a / q% systemroot% system32userinit.exe c: Create a file userinit.exe immune to% systemroot% system32 Command: md% systemroot% system32userinit.exe> nul 2> nul Or md% systemroot% system32userinit.exe attrib + s + r + h + a% systemroot% system32userinit.exe d: reg add "hklmsoftwaremicrosoftwindows ntcurrentversionimage file execution optionsuserinit.exe" / v debugger / t reg_sz / d debugfile.exe / f userinit1.exe is a normal file name changed, adding an extra one, you can make changes, but you want to manually modify these four registry and export, this batch to normal use. Latest trends The development seems to stop the dog from the sample and it has not released a new version is found, which to us are very worried, because although a thorough study, and now all the means of defense against the virus works, but a dog start the update, a little change can be a large area to escape the principle means of defense general, it seems the outbreak dog's just waiting, but not everyone can be as high a pillow. Currently circulating on the Internet called dog virus, the virus uses the disk device stack hook system to achieve the purpose of penetrating, great harm can penetrate any software and hardware under the current technical conditions to restore! Basically can not rely restore resist. All currently known reduction products, are unable to penetrate the infection and prevent the spread of the virus. Dog is a Trojan Downloader automatically downloads the Trojan, virus infection from a network, endanger the safety of the user account. Will release the dog run named pcihdd.sys drivers, software drivers be competing for the hard drive to restore control of the original system, and by replacing the userinit.exe file to achieve boot. >> So how to identify whether it has been poisoned? The key is in the dog in the userinit.exe file, the file in the file system directory system32 folder, right click and view the properties, if you do not see the Version tab in the Properties window of the file, it indicates that the machine has been in dog. If you have a version label is normal. Temporary solution: First on the route closure ip: ros script, to add to their own / Ip firewall filter add chain = forward content = yu.8s7.net action = reject comment = "df6.0" add chain = forward content = www.tomwg.com action = reject Second, in the c: documents to establish immunity under windowssystem32drivers: pcihdd.sys, Third, he wants to modify the file when doing the master disc, the packers and replace. Establish a clear word in the% systemroot% system32drivers pcihdd.sys file directory folder attribute _set_ to prohibit any person Batch md% systemroot% system32driverspcihdd.sys cacls% systemroot% system32driverspcihdd.sys / e / p everyone: n cacls% systemroot% system32userinit.exe / e / p everyone: r exit Currently, the network popular following workaround, or can be an emergency in case of emergency: 1, the first copy in a non-toxic system system32 userinit.exe, a file named fuckigm.exe (file name can be taken), which is the following batch file to point to perform! That is the boot alternatives userinit.exe! The original userinit.exe reserved! In fact, more than just for the purpose of copying multiple copies of insurance! May prevent future variants play a role. 2, create a batch file named userinit.bat (file name can be arbitrarily taken, but when it comes to the following registry key and consistent to), as follows: start fuckigm.exe (Oh, simple enough, right?) 3, modify the registry key, the userinit.exe to userinit.bat. Reads as follows: windows registry editor version 5.00 [Hkey_local_machinesoftwaremicrosoftwindows ntcurrentversionwinlogon] "Userinit" = "c: windowssystem32userinit.bat," In this three-step, so that the dog can no longer fierce it up! This is in windows 2003 test, double-click the dog, no reaction, contrast batch is normal, that this dog did not change it! Switch machine games are no exception! But the only drawback is that there will be a flash of black box when using the classic mode boot boot! If you suspect trouble, it does not matter. The above three batches of users have been doing a good job, a direct copy of the deposit for the next batch execution ok. Three steps into one @ Echo off Userinit.exe ::: copied directly toxic to the system under system32 fuckigm.exe cd / d% systemroot% system32 copy / y userinit.exe fuckigm.exe> nul Creating userinit.bat ::: echo @ echo off >> userinit.bat echo start fuckigm.exe >> userinit.bat ::: Registry operations reg add "hklmsoftwaremicrosoftwindows ntcurrentversionwinlogon" / v userinit / t reg_sz / d "c: windowssystem32userinit.bat," / f> nul ::: _Delete_ itself (advocating environmental protection) del / f / q% 0 Of course, if it is not, download the program killigm. Then run inside the program directly extract: dog immune patch bat can be executed. Another circulated on the Internet, a new variant of the method of preventing: Start menu Run Enter cmd cd ...... to drivers md pcihdd.sys cd pcihdd.sys md 1 ... Prevent the latest variant. Note: This method can only be prevented, for killing dog have to rely on the latest anti-virus program for the job. For this virus, anti-virus experts suggest the majority of users in a timely manner virus database update antivirus software, filled system vulnerabilities, ensuring open "web monitoring" the Internet, "Mail Monitoring" function; disable the system AutoPlay feature to prevent the virus from the u disk, mp3, mobile hard drives and other removable storage device into the computer; login online account, bank account network using a soft keyboard to enter the account number and password
Translated by Google
"Dog" new and old versions of virus signatures
1: The new version of the "dog" virus written using vc + + 6.0, the old version of the "dog" virus written in assembly. 2: The new version of the "dog" virus uses upx shell, the old version of "dog" unknown viruses using the shell. 3: The new version of the "dog" virus driver file is very small (1,536 bytes), the old version of the "dog" virus driver file is large (6,768 bytes). 4: The new version of the "dog" No uninstall _delete_s the virus to install the driver, the old version of "dog" after the work is completed virus will install the driver unloaded _delete_d. 5: The new version of the "dog" virus for the system "conime.exe", "ctfmon.exe" and "explorer.exe" file, the old version of the "dog" virus only for the system "userinit.exe" file. 6: The new version of the "dog" virus does not operate on the registry, the old version of the "dog" virus registry "hkey_local_machinesoftwaremicrosoftwindows ntcurrentversionwinlogon" operating items (feeling the operation is not necessary, because after you restart the system, "Restore Protection program, "the system will restore lost). 7: The new version of the "dog" virus going to call the real system file system dllcache folder to run the old version of "dog" virus is not to call the real system file system dllcache folder to run. 8: The new version of the "dog" virus uses a console program icons, the old version of the "dog" virus uses a black dog machine pattern icon. Probably came out on top of the points list, after careful analysis of their works and coding style, you can infer the new version "dog" virus and the old version of "dog" virus is not decided by a person's hands.
Translated by Google
Error Correction
Here are two technical problems to be corrected, some parts of the article circulated on the network analysis "dog" virus (new and old versions), there are two express the wrong place. The first is: the analysis in those mentioned in the article "'dog' virus will destroy the 'restore savers' system to restore function failure." In fact, the understanding of the concept came about from those who are wrong expression, is not a clear understanding of people, would seriously mislead readers. Correct expression should be like this: "'dog' and did not destroy the virus 'restore savers' system restore feature did not make it fail just installed a virus own disk filter driver to operate the real disk i / o. port, perform modifications to the real disk overwrite "c: windowsexplorer.exe" target file (the file name is defined by the author of the virus, is not fixed, but it is certain that become real is the existence of the file on disk and viruses. After the run, usually only cover a real disk to modify system files, and then not to destroy other real disk file) operation. Although the 'robot' virus run a lot of other malicious programs downloaded and installed to run, but restart After the computer, these will be restored 'restore savers' system out, but that was the only real disk files modified coverage has not been restored. If you find that you restart the computer, the system still has a lot of virus in the operation. fact, these After the system is restarted, that has been modified by the system program after covering all came back to re-download and install a malicious program running that is, every time you restart the computer, we must re-download and install other malicious programs once all. " The second is this: in those analyzes mentioned in the article "'dog' virus will replace the system of normal procedure 'conime.exe', 'ctfmon.exe', 'explorer.exe' or 'userinit.exe'" or "'dog' virus will infect the system's normal procedures 'conime.exe', 'ctfmon.exe', 'explorer.exe' or 'userinit.exe'". In fact, the understanding of the concept came about from those who are wrong expression, is not a clear understanding of people, would seriously mislead readers. Correct expression should be like this: "'dog' virus is not replaced those of the normal file system, but for those who carry out the normal file stored on the hard drive in the real physical address in order to cover the appropriate way to write malicious data. everyone can got normal system files 'explorer.exe', system files are modified after covering the virus 'explorer.exe' and viruses unleashed malicious programs 'tmp281.tmp'. contrast internal data code after they are found that the modified virus is a system file 'explorer.exe' data codes and the front portion "virus released malware 'tmp281.tmp' file is identical to the data code, and the code data is still behind the normal system file 'explorer.exe' behind the data code. . " The concept is simple to explain: Replace: the original goal of the program code all data removed, with a new program to replace the previous data code the entire program. In this way, the program only after the new program replaces the function. Infection: In the target without damaging the original program data code, the original goal of the program code, additional data on the new program data code. Thus, the function of both the original program after infection target program, there are features of the new program. Overrides: 0 header address data from the original goal of the program code, starting a new program is written backwards execution coverage data source operating sequentially, we only assume that the original goal of the program file is much larger than the new program. Thus, after the implementation of the program covered only the functionality of the new procedures, although the original goal of the program is part of the data code also exists, but has not been called, it will not execute.
Translated by Google
Summary
Top of the meaning of "restore saver" for the use of a disk filter driver written in System Restore saver, a little-known software "freezing Restore Wizard" and "shadow system". In other words, even if the user's computer is installed on top of such a "reduction saver", as long as the middle of the "dog" class use to wear "Restore Saver" technology to the virus, even if you restart your computer, but has been modified the file "explorer.exe" is also still not restored, because the virus has been covering malicious code into the real disk file. The current "dog" class use to wear "Restore Saver" technology has a fatal weakness virus, that is the real system files they must be covered from the start to run after you restart your computer, otherwise they lose the presence of the virus meaning. "Dog" virus protection are only able to penetrate the disk, and can not penetrate the registry (can not be saved to add or modify the data in the registry), this is its biggest flaw today. Actually, the registry information is also in the form of data files stored on disk, the next generation "robot" virus could achieve penetration of the registry function, etc. At that time, it may be difficult to guard against. This is nothing, the next generation of "dog" virus may use own disk filter driver files to infect pe real hard drive under considerable horror ah! ! Once infected with the version of the "dog" virus, which can penetrate not only the "Restore saver", the same real system will be poisoned. Because the virus modifies system files covering the true "c: windowsexplorer.exe". So every time you restart the computer, the system covered by the program is modified "c: windowsexplorer.exe" It will be in the background of the infected computer connected to the network to download the hacker to download pre-defined list of all malicious programs and automatically invoke operation. So if the user of the virus more, tens of thousands of computers simultaneously started hacker download server will hang it? Oh ~! !
Translated by Google
"Dog" questions and answers
Question 1: This is the latest variant of the robot dog, whether you made the December 19 broadcast of dog variants of the virus is the same virus? Answer: It is not the same virus, but it works very similar. After careful analysis of how they work and coding style can be speculated that the new version of "dog" virus and the old version of "dog" virus is not decided by a person's hands. Question 2: This latest variant is more powerful dog? Powerful there? Previous dog virus is different in what? Answer: It should be relatively strong too big. Contrast "dog" a new class, some of the characteristics of old versions of the virus are as follows: Question 3: Impact of Internet cafes dog virus big impact on the number of individual users? Answer: the impact and influence of individual Internet users are equally great. Because regardless of whether the computer system installed "Protection System Restore" program will also download a lot of (currently download 27 malicious programs) online gaming Trojan and other malicious programs installed to run, giving the infected computer users bring certain loss . If the "user's computer hardware configuration is relatively low" or "mutually incompatible phenomena exist downloaded multiple malicious programs", then will cause the user's computer system crashes can not start to run out.
Translated by Google
杀毒方法
Download:
Translated by Google
“机器狗”变种
Through this channel, the file system monitoring) on the file system filter driver (most file access control and monitoring
Translated by Google
变种hddguard
avgrssvc.exe
Translated by Google
Description
Most of the virus would be more popular in the Internet and other large computer networks, usually in the PC is not easy in this virus, most anti-virus software can now killing the virus.