3.30
No matter how no words day, until the end, the boss gives a small project, requiring a solution to: an undertaking department, requires the installation of firewall and online anti-virus software.
Going home from get off work, the boss called, asking tomorrow to travel to foreign countries, ready to prepare, using the IPDVIEW system.
Download this system at http://www.ipdview.com, I found that it is a management software that manages software for the entire LAN, based on IIS, full of simple.
3.31
Business trip. Appe short to the destination.
The unit is mainly attacked by Trojans, our job is to cooperate with their network management inspection network, killing viruses.
Infectious viruses are: Updaterv7.exe, in IDS, the attack on the 135, 445 port is a mess.
4.1
After yesterday and today's careful study, some information on the virus:
1. Attack port: 135,445
2. Modify the registry: there under HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows / CurrentVersion / Run the following key: Updater Service V7 = following key under the "updaterv7.exe" HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows / CurrentVersion / RunServices: Updater Service v7 = "Updaterv7.exe"
4. The file exists: c: / winnt / system32 / under the following procedure: Updaterv7.exe, simultaneously generate TestFile files in E: /
5. Add the following services: itpvzqn "// ip / e $ / updaterv7.exe" -service
Search through online data, it is found that the virus should be high wave variants, which is more useful: DCOM, RPC, LSASS, WebDev, SQL, etc., but can find solutions in Google.
If you have information on this virus, you can also post in this post: http://community.9cbs.net/expert/topic/3900/3900157.xml? Temp = .7668268
