Page 1 of 2 12 LastLast
Results 1 to 25 of 41

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Will It Blend? :) Kiko's Avatar
    Join Date: Jun:2002
    Location: Ñîôèÿ
    Posts: 606

    ×åñòèò âè íîâ âèðóñ! (Welchia)

    Òàçè ñóòðèí ìå ñúáóäèõà ñ îïëàêâàíå, ÷å èíòåðíåòà å íåïîñòîÿíåí è ñêîðîñòà âúâ âúòðåøíàòà ìðåæà å áàâíà. Îêàçà ñå ÷å ïðè÷èíàòà çà òîâà å íîâ âèðóñ (Welchia), êîéòî íåçíàéíî çàùî ãåíåðèðà ãîëÿì òðàôèê â ìðåæàòà è ñúîòâåòíî îò âñåêè çàðàçåí êîìïþòúð ñå ïðàùàò îãðîìíî êîëè÷åñòâî ïàêåòè êîèòî ôëóäâàò îñòàíàëèòå êîìïþòðè â ìðåæàòà âêëþ÷èòåëíî è ñúðâúðà.


    Àêî è ïðè âàñ îò íèùîòî ñå ïîÿâè ãîëÿì òðàôèê çíàéòå ÷å òîâà å âèðóñ÷å (Welchia)!

    Åòî è òóë÷å çà ÷èñòåíå íà âèðóñà http://www.symantec.com/avcenter/FixWelch.exe

    Åòî êàêâî ïðàâè òóë÷åòî:

    The service "RpcPatch" is viral. It is deleted.

    The service "RpcTftpd" is viral. It is deleted.

    The process "DLLHOST.EXE" is viral. It is terminated.

    The tool has deleted the viral file "C:\WINNT\system32\wins\DLLHOST.EXE" .

    The file "C:\WINNT\System32\wins\svchost.exe" is deleted.

    W32.Welchia.Worm has been successfully removed
    from your computer!

    Here is the report:

    The total number of the scanned files: 50363
    The number of deleted files: 2
    The number of repaired files: 0
    The number of viral processes terminated: 1
    The number of viral services deleted: 2
    The number of registry entries fixed: 0
    Last edited by Kiko; 20th August 2003 at 17:21.

  2. #2
    a.k.a. Nerd NerdiX's Avatar
    Join Date: Jul:2003
    Location: Âîäà è êàë ÎÎÄ
    Posts: 2,448

    Õà õà

    Not Affected Software:
    Microsoft Windows Server 2003

    Ïîíå òàêà êàçâàò îò Ðåäìúíò...

  3. #3
    See you in court! Pentagramm's Avatar
    Join Date: Dec:2002
    Location: Gent University, Belgium
    Posts: 451
    íåçíàì, íî äíåñ ñúâñåí íåî÷àêâàíî ïîëó÷èõ ñëåäíèÿ èìåéë:
    îò: Lex.BG <>äî: Lex.BG users <>òåìà: VIRUS WARRNINGäàòà: Zdraweite,

    Lex.bg Wi uwedomqwa za razprostranenieto po elektronna poshta na virus s ime
    Sobig.F, koito zarazqwa sistemi s instaliran Windows 9.x/ME/NT/2000/XP.

    Virusyt se razprostranqwa po e-mail pod formata na prikachen file. Pismata
    koito se poluchavat imat subject ot vida: "RE: <suobshtenie> ", kato
    "<suobshtenie>" moze da e proizvolna posledowatelnost ot dumi, ili ot vida
    "your acount <bukvi>",obiknoveno 8 malki latinski simvola.

    Za da ste absolutno sigurni 4e Sobig.F ne e dostignal do Washiq komputyr,
    prowerete dali ste polu4ili e-mail s goreposo4enite harakteristiki.
    Ako eventualno ste polu4ili podobno pismo NE
    aktiwiraite prika4eniq file, iztriite syob6tenieto i
    se uwerete, 4e ste go premahnali i ot papkata Deleted items.
    Poveche informaciq za na4inite, po koito mojete da se predpazite ot silnata
    wirusna ataka i za towa kak da po4istite virusa, mojete da namerite na adres:
    http://www.computel.bg/docs.php?list=virus.


    Ekipyt na Lex.bg
    -------
    Ñòðàííî çàùî ïúê òî÷íî Ëåêñ.áã ñà ðåøèëè, ÷å òðÿáâà äà èçâåñòÿâàò çà âèðóñè... ìîæå áè å ðåêëàìåí òðèê... êîé çíàå...
    "Do you understand life, Master?"
    "Of course not. I know a few things. I love learning. I have tried to understand this world. I listen to everyone. I put to one side what seems doubtful and I am cautious about the rest."
    Gore Vidal
    Creation

  4. #4
    Registered User SeT's Avatar
    Join Date: Aug:2002
    Location: Sofia
    Posts: 6,865
    Òîçè âèðóñ ïðåñëåäâà Worm Blaster è ãî óíèùîæàâà, ïîñëå çàòâàðÿ äóïêèòå â ñèñòåìàòà
    ïðîãðàìèðàí å äà ñå ñàìîóíèùîæè ïðåç 2004
    ïðîáëåìà å ÷å òúðñè äðóãè çàðàçåíè êîìïþòðè è îò òàì ãåíåðèðà òîçè ãîëÿì òðàôèê

  5. #5
    HARDWAREBG MOD MACHINE alex_matrix's Avatar
    Join Date: Sep:2002
    Location: >>SOFIA<<
    Posts: 1,045
    ìîëÿ, òè ñåðèîçíî ëè

    àêî å òàêà êîè å òîçè äîáúð âèðóñî ïèñà÷....
    èñêàì äà ìó ñòèñíà ðúêàòà

    ñàìî ÷å íå å ïîìèñëè çà õîðàòà êîèòî ïëàùàò íà Ì ÷å òîãàâà ùåòèòå íàèñòèíà ùå ñà ôèíàíñîâè

  6. #6
    Registered User SeT's Avatar
    Join Date: Aug:2002
    Location: Sofia
    Posts: 6,865

  7. #7
    Will It Blend? :) Kiko's Avatar
    Join Date: Jun:2002
    Location: Ñîôèÿ
    Posts: 606
    Originally posted by SeT

    Removal Tool
    http://securityresponse.symantec.com...oval.tool.html
    Áðàòî÷êà âå÷å èìà ïîñòíàò ëèíê êúì òîâà òóë÷å.

  8. #8
    Registered User SeT's Avatar
    Join Date: Aug:2002
    Location: Sofia
    Posts: 6,865
    e íå ñúì âèäÿë

  9. #9
    ÎÒ×Å ÍÀØ... Ba4o Kiro's Avatar
    Join Date: May:2001
    Location: Ñîôèÿ
    Posts: 5,561
    Ìàëèèè, òîÿ "âèðóñ-àíòèâèðóñ" íàïðàâî ìå "'ôúðëè ó òú÷"! Ìàé "ñòðàíè÷èíòå åôåêòè" êîèòî ïðè÷èíÿâà (çàáàâÿíå íà I-net âðúçêàòà ïîðàäè íà÷èíà íà ðàçïðîñòðàíåíèå è îïèòà çà äàóíëîóäâàí íà "KB823980" ïà÷-à) ãî õàðàêòåðèçèðàò êàòî âèðóñ, à êàòî öÿëà ìàé å íàïðàâåí ñ "áëàãîðîäíà öåë" ?!
    Èçêëþ÷èòåëíî ñòðàííî ïîâåäåíèå çà âèðóñ - â òîâà ïîíå ñúì ñèãóðåí.
    Â4K Xtreme GraphiX|Intel Intel® Core i7™ 920@4000MHz|ASUS P6T Deluxe V2|3x2GB Apacer 1333@1600MHz DDR3|1x74GB WD Raptor 10Krpm/1x640GB WD 7.2Krpm|ASUS GeForce 8800GTX 768MB GDDR3|Chieftec DG-01/Chieftec CFT-1200G-DF 1.2KW|SB X-Fi Platinium|LiteON 16H5S

  10. #10
    Wall-e delian's Avatar
    Join Date: May:2003
    Location: ::1
    Posts: 4,723
    Ìàëèèè, ðàçêàçà ìè èãðàòà â ïåòúê. À Wireless-a àêî çíàåòå êàê ñå øàøêà îò òîçè òðàôèê ñ ìíîãî íà áðîé ìàëêè ïàêåòè - íå å èñòèíà. Ñèãóðíî ùå èìà äâå ñåäìèöè äà ñè ÷èñòÿ êëèåíòèòå.

  11. #11
    Will It Blend? :) Kiko's Avatar
    Join Date: Jun:2002
    Location: Ñîôèÿ
    Posts: 606
    Originally posted by delian
    Ìàëèèè, ðàçêàçà ìè èãðàòà â ïåòúê. À Wireless-a àêî çíàåòå êàê ñå øàøêà îò òîçè òðàôèê ñ ìíîãî íà áðîé ìàëêè ïàêåòè - íå å èñòèíà. Ñèãóðíî ùå èìà äâå ñåäìèöè äà ñè ÷èñòÿ êëèåíòèòå.
    Äà íàèñòèíà ñå øàøêà Wireless-a!
    Çà ðàäîñò âå÷å ñè èç÷èñòèõ êëèåíòèòå.

  12. #12
    Registered User Svetlix's Avatar
    Join Date: Mar:2003
    Location: Ïëåâåí
    Posts: 3,260
    Òîêó ùî ïðî÷åòîõ èíôîðìàöèÿòà çà òîçè âèðóñ è ïðîñòî íå ïîâÿðâàõ íà òîâà êîåòî ïðî÷åòîõ
    Íå î÷àêâàõ ïðîñòî, ÷å ùå äîéäå äåíÿ â êîéòî ùå èìà âèðóñ êîéòî óíèùîæàâà äðóã âèðóñ. Åâàëà íà òàêèâà ñúçäàòåëè íà âèðóñè
    Ãîòèíî å äà ñè âàæåí íî ïî-âàæíî å äà ñè ãîòèí!

  13. #13
    Registered User subn3t's Avatar
    Join Date: Apr:2003
    Location: 127.0.0.1
    Posts: 1,143

    Re: Õà õà

    Originally posted by Nerd
    Not Affected Software:
    Microsoft Windows Server 2003

    Ïîíå òàêà êàçâàò îò Ðåäìúíò...
    äà íå å *NIX áàçèðàíî òâà ?
    Â ðàçãîâîðà ñå ðàæäà èñòèíàòà.
    Ìîÿòà ïîëîâèíêà

  14. #14
    Registered User
    Join Date: Mar:2003
    Location: Ñîôèÿ
    Posts: 200
    Svetlix> íå ñè ñúâñåì ïðàâ. Âúðíè ñå ìààààààëêî íàçàä â åïîõàòà íà âåçäåñúùèÿ DOS. Òàì òîâà ñ âèðóñà-àíòèâèðóñ ñå ñëó÷âàøå ÷åñòî. Å, äðóã å âúïðîñúò, ÷å ïîíÿêîãà ñå ñëó÷âàøå ïî ñëó÷àéíîñò è ñ ïîìîùòà íå íà èíòåðíåò, à íà FTP (ðàçáèðàé Floppy Transfer Protocol) Ïðèíöèïíî, "òúðêàíèÿ" ìåæäó âèðóñîïèñà÷èòå ñúùåñòâóâàò îòäàâíà, òàêà ÷å íèùî ÷óäíî ÷å ñå ïîÿâè è íåùî òàêîâà â "ñúâðåìåííèÿ" Win* ñâÿò

    Peace
    Bus station is the place where bus stops. Train station is the place where train stops. În my desk I have WORKSTATION...

  15. #15
    Registered User Svetlix's Avatar
    Join Date: Mar:2003
    Location: Ïëåâåí
    Posts: 3,260
    Ìàëêàòà ïîäðîáíîñò å ÷å àç ñå çàíèìàâàì ñ êîìïþòðè îò ñúâñåì ñêîðî è DOS ìè å ïîçíàò äî òîëêîâà êîëêîòî äà íå ñå çàãóáÿ è äà ìîãà äà ñè èíñòàëíà Windows èëè äà ñè ðàçäåëÿ òâúðäèÿ äèñê. Çàòîâà çà ìåí òîâà å íåùî íîâî. PEACE!
    Ãîòèíî å äà ñè âàæåí íî ïî-âàæíî å äà ñè ãîòèí!

  16. #16
    Registered User tomcat's Avatar
    Join Date: Jun:2003
    Location: Bourgas
    Posts: 97

    Re: ×åñòèò âè íîâ âèðóñ! (Welchia)

    Àáå êàêâî âñúùíîñò ïðåäñòàâëÿâà
    "C:\WINNT\System32\wins\svchost.exe"
    ôàéëà è êàêâî âúðøè?
    Àç â Task manager-à ãî èìàì ïîíå äåñåòèíà ïúòè çàðåäåí.
    Âúçìîæíî ëè å äà å òîçè âèðóñ (Welchia) ? À òðàôèêà íà ìîìåíòè íàèñòèíà å ó÷óäâàùî ãîëÿì.

  17. #17
    Wall-e delian's Avatar
    Join Date: May:2003
    Location: ::1
    Posts: 4,723
    Ìè ÷åòè íàé-îòãîðå. Íå å âúçìîæíî, à íàïðàâî ñè å òîé.

  18. #18
    Registered User tomcat's Avatar
    Join Date: Jun:2003
    Location: Bourgas
    Posts: 97
    Originally posted by delian
    Ìè ÷åòè íàé-îòãîðå. Íå å âúçìîæíî, à íàïðàâî ñè å òîé.

    Äà, àìà ÍÅ. Ïðîâåðèõ ñ òóë÷åòî è íèùî... ×èñòî... Èíà÷å ñúì ñúñ NortonAntivirus Corporate Edition - Update-íàò, ZoneAlarmPro - òåãëèõ ãî ñïåöèàëíî çà Windows 2003 Server.

  19. #19
    Wall-e delian's Avatar
    Join Date: May:2003
    Location: ::1
    Posts: 4,723
    Õììì. ß ïðîáâàé ñ òîâà.
    Attached Files

  20. #20
    Registered User tomcat's Avatar
    Join Date: Jun:2003
    Location: Bourgas
    Posts: 97
    Ïðîáâàõ òîçè Stinger. Ãëåäàéòå ñåãà êàêâî ïèøå â .log ôàéëà:
    ~~~~~~~~~~~~~~~~~
    Scan initiated on Fri Aug 29 22:57:42 2003
    Number of clean files: 394 (òîâà å çà C

    Scan initiated on Fri Aug 29 22:58:13 2003
    Number of clean files: 40650 (òîâà å çà D: E: è F
    ~~~~~~~~~~~~~~~~~
    Àêî àêî òîâà å âÿðíî, çíà÷è ñúì ñå ïðåâúðíàë â ëàáîðàòîðèÿ çà áèîëîãè÷íî îðúæèå íà Ïåíòàãîíà

    Êîå å ñúìíèòåëíîòî îáà÷å - êàòî ãî ïóñíàõ âòîðè ïúò ìè äàäå ñúùèÿ ðåçóëòàò (ñàìî çà C:, ÷å íå ìè ñå ÷àêàøå). Çíà÷è èëè èìà áèîëîãè÷íà èíâàçèÿ èëè ... è àç íåçíàì êàêâî

  21. #21
    Wall-e delian's Avatar
    Join Date: May:2003
    Location: ::1
    Posts: 4,723
    Àêî ñàìî òîâà òè å äàë, ìîæåø äà ñïèø ñïîêîéíî, òîâà îçíà÷àâà, ÷å èìàø òîëêîâà ÷èñòè ôàéëîâå. Àêî èìàø âèðóñ äàâà êàòî ïî-ãîðå, êîè ôàéëîâå ñà çàðàçåíè, êîè å èçòðèë è ò.í.

  22. #22
    Registered User tomcat's Avatar
    Join Date: Jun:2003
    Location: Bourgas
    Posts: 97
    OK Ùå ïîäðåìíà ìàëêî
    Thanks

    P.S.
    Áå òîçè Windows Server 2003 ìíîãî services ñòàðòèðà áå... ìíîãî íåùî òóé íåùî. È òîâà svchost.exe óïðàâëÿâà ÷àñò îò òÿõ ìàé. Èëè íåùî òàêîâà. Çàòîâà ãî èìàì òîëêîâà ïúòè â Task manager-à. Â÷åðà âçåõ ïîðàç÷èñòèõ ìàëêî. Èçêëþ÷èõ ïîíå 6-7 îò ðàç, ÷å íå ìè ñå çàíèìàâàøå ïîâå÷å. Àìà èìà îùå íåùà, êîèòî ìîæå äà ñå èçêëþ÷àò. Àéäå ñòèãà ñúì ïèñàë, ÷å ìíîãî offtopic ñòàíàõà íåùàòà.
    Last edited by tomcat; 29th August 2003 at 10:09.

  23. #23
    Ïðèìèòèâ Pesho®'s Avatar
    Join Date: Nov:2001
    Location: Sofia
    Posts: 5,169
    Îðèãèíàëíîòî svchost.exe ñå íàìèðà â system32 äèðåêòîðèÿòà, à âèðóñíîòî òàêîâà å â system32\wins\, òîâà å ðàçëèêàòà. Áåç îðèãèíàëíîòî íå ìîæå, åé íå ñå îïèòâàéòå äà ãî èçòðèåòå (íå ÷å ùå ìîæåòå äå)

  24. #24
    Registered User tomcat's Avatar
    Join Date: Jun:2003
    Location: Bourgas
    Posts: 97
    ÷å òî ìîéòî áèëî âèðóñíî áðå. àìà áèëî, ùîòî çàáúðñàõ win-à è ïðîâåðèõ öåëèÿ êîìï. è ìàé âå÷å ãî íÿìà

  25. #25
    Registered User ^Kj^TRN's Avatar
    Join Date: Sep:2003
    Posts: 43
    ñ 2003 ñúì îò 6 ìåñåöà âå÷å èìàì ñàìî Symantec Antivirus Corporate Server êîèòî å íàñòðîåí íà AutoUpdate è äîñåãà íå ñúì èìàë ïðîáëåìè ñ âèðóñîè ;-)
    The Real Net - The Real Internet Provider
    http://www.trnnet.tk

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Copyright © 1999-2011 Õàðäóåð ÁÃ. Âúçìîæíî å ñúäúðæàíèåòî íà òàçè ñòðàíèöà äà å îáåêò íà àâòîðñêè ïðàâà.
iskamPC.com | mobility.BG | Bloody's Techblog | Êðèïòîâàëóòè è ìàéíèíã | 3D Vision Blog | Ìàãàçèí çà åëåêòðîííè öèãàðè