英雄論壇

人間遊戲 遊戲人間
http://board.odyes.com/phpBB3/

有裝iis server的看一下吧

http://board.odyes.com/phpBB3/viewtopic.php?f=13&t=6904

1 頁 (共 1 頁)

發表於 : 週五 9月 21, 2001 12:26 pm
lucky
Nimda病毒以及多種變種
特徵:產生一堆*.eml檔
傳播:email,網芳,iis server
預防方法
有裝iis server的
nt 升sp6 aq293826_w2k_sp3_x86_tw.exe
q300972_w2k_sp3_x86_tw.exe
win200 升sp2 chtq299444i.exe
chtq300972i-NT4-x86.exe
不要收任何email
如果你收到一封有可疑副檔的信(目前是78k)
不管有沒有執行副檔,一打開就恭喜你中獎了,另一說法是就算你不打開也會中
把網路芳鄰關掉
如果不關,那至少win98把資源分享都設密碼
win2000把guest帳號停止
治療方法
如果是W32.Minda.A@mm
中了以後裝了諾頓防毒也沒用(至少目前最新的patch還不能)
它只能告訴你->中毒了
如果先裝了,能不能擋住 ? (不知)
小弟目前知道的方法是砍掉所有的*.eml,*.nws,winzip
win98要把system.ini有"exploer load.exe"的那一行刪掉http://securityresponse.symantec.com/avcenter/Fixnimd.com可以自動完成這些事
請仁人志士告訴偶還有沒有其他的 ?
---------------------------------------------
再這樣下去全世界網路會癱瘓掉
麻煩大家至少讓自己的電腦不要中毒吧
幫助自己也幫助別人



<font size=-1>[ 這篇文章被編輯過: lucky 在 2001-09-21 12:34 ]</font>

發表於 : 週四 9月 20, 2001 9:11 pm
Leeny
Troj_Nimda.a
這超猛的, 我公司死一票

發表於 : 週四 9月 20, 2001 8:01 am
秋天
以下轉載自寶寶
娜妲病毒(Troj_Nimda.a)藉三種感染管道百毒齊下,擴散速度直逼紅色警戒

網路防毒專家趨勢科技呼籲,收到Readme.exe(讀我)檔案,請直接刪除,勿開啟以免中毒;企業用戶即刻更新防毒元件、即時掃毒,網路連線電腦必須100 %掃瞄

http://www.trend.com.tw/corporate/about ... 010919.htm
------------------------------------------------------------------------------------------------
偶 十九號淩晨發現偶中獎的....快企檢查吧~

發表於 : 週三 9月 19, 2001 8:00 pm
Francis
過了這麼久終於上來啦
是網路遷好了還是在網咖?

發表於 : 週三 9月 19, 2001 6:50 pm
lucky
新病毒 名稱 "W32.Nimda.A@mm"

特徵是搜尋*.eml 出現不正常的信

從email,iis server,網芳guest帳號..多方式感染

目前尚未有馬上清除的程式出來
比上次的code red三代更猛
電腦有裝網路的人 禱告吧


<font size=-1>[ 這篇文章被編輯過: lucky 在 2001-09-19 18:53 ]</font>

發表於 : 週六 8月 04, 2001 10:02 pm
Hunter[3K]
@@....我在不LAG下去查...
還是有出現耶....
是不是每一台打那個就會出現呀???

發表於 : 週四 8月 02, 2001 8:30 am
lucky
有一個叫code red worm的病毒
此病毒在網路上流傳
尋找iis server加以破壞
例如當你覺得很lag的時候
在dos下模式打netstat -n
出現如下表示你已經中獎了

Proto Local Address Foreign Address State
TCP 211.74.233.88:80 212.98.162.229:3087 CLOSE_WAIT
TCP 211.74.233.88:1612 25.218.189.59:80 ESTABLISHED
TCP 211.74.233.88:1877 15.186.135.251:80 ESTABLISHED
TCP 211.74.233.88:1881 63.112.165.123:80 ESTABLISHED
TCP 211.74.233.88:1921 214.144.79.110:80 ESTABLISHED
TCP 211.74.233.88:1925 33.50.159.29:80 ESTABLISHED
TCP 211.74.233.88:1930 132.23.234.125:80 ESTABLISHED
TCP 211.74.233.88:1939 157.228.0.79:80 ESTABLISHED
TCP 211.74.233.88:1942 143.28.146.39:80 ESTABLISHED
TCP 211.74.233.88:1948 17.119.120.184:80 ESTABLISHED
TCP 211.74.233.88:1952 18.171.95.216:80 ESTABLISHED
TCP 211.74.233.88:1954 209.232.236.113:80 ESTABLISHED
TCP 211.74.233.88:1957 63.230.66.18:80 ESTABLISHED
TCP 211.74.233.88:1971 38.235.208.138:80 ESTABLISHED
TCP 211.74.233.88:1982 162.75.179.102:80 ESTABLISHED
TCP 211.74.233.88:1984 131.17.166.12:80 ESTABLISHED
TCP 211.74.233.88:1986 205.204.243.3:80 ESTABLISHED
TCP 211.74.233.88:1987 159.199.68.90:80 ESTABLISHED
TCP 211.74.233.88:1988 15.75.122.21:80 ESTABLISHED
TCP 211.74.233.88:1991 209.167.211.181:80 ESTABLISHED
TCP 211.74.233.88:2001 152.148.62.144:80 ESTABLISHED
TCP 211.74.233.88:2002 128.237.214.196:80 ESTABLISHED
TCP 211.74.233.88:2013 13.48.129.175:80 ESTABLISHED
TCP 211.74.233.88:2015 214.122.224.12:80 ESTABLISHED
TCP 211.74.233.88:2020 63.35.177.108:80 ESTABLISHED
TCP 211.74.233.88:2036 214.218.132.247:80 ESTABLISHED
TCP 211.74.233.88:2040 38.114.223.29:80 ESTABLISHED
TCP 211.74.233.88:2041 132.88.221.7:80 ESTABLISHED
TCP 211.74.233.88:2052 143.83.71.218:80 ESTABLISHED
TCP 211.74.233.88:2062 33.154.171.108:80 ESTABLISHED
TCP 211.74.233.88:2063 128.83.51.102:80 ESTABLISHED
TCP 211.74.233.88:2065 3.222.56.2:80 ESTABLISHED
TCP 211.74.233.88:2069 198.223.252.115:80 ESTABLISHED
TCP 211.74.233.88:2075 6.10.94.65:80 ESTABLISHED
TCP 211.74.233.88:2076 13.206.184.182:80 ESTABLISHED
TCP 211.74.233.88:2090 137.158.100.241:80 ESTABLISHED
TCP 211.74.233.88:2091 140.244.43.1:80 ESTABLISHED
TCP 211.74.233.88:2097 70.108.223.91:80 SYN_SENT
TCP 211.74.233.88:2098 56.213.49.94:80 SYN_SENT
TCP 211.74.233.88:2101 65.119.93.2:80 SYN_SENT
TCP 211.74.233.88:2102 150.135.115.134:80 ESTABLISHED
TCP 211.74.233.88:2105 23.125.239.86:80 SYN_SENT
TCP 211.74.233.88:2112 108.157.22.245:80 SYN_SENT
TCP 211.74.233.88:2113 81.147.37.13:80 SYN_SENT
TCP 211.74.233.88:2117 60.122.181.238:80 SYN_SENT
TCP 211.74.233.88:2119 193.176.251.179:80 SYN_SENT
TCP 211.74.233.88:2120 77.204.13.23:80 SYN_SENT
TCP 211.74.233.88:2121 181.111.186.238:80 SYN_SENT
TCP 211.74.233.88:2122 103.21.162.186:80 SYN_SENT
TCP 211.74.233.88:2123 195.167.193.34:80 ESTABLISHED
TCP 211.74.233.88:2126 171.154.114.42:80 SYN_SENT
TCP 211.74.233.88:2128 200.219.106.230:80 ESTABLISHED
TCP 211.74.233.88:2130 17.192.10.11:80 ESTABLISHED
TCP 211.74.233.88:2131 126.12.132.156:80 SYN_SENT
TCP 211.74.233.88:2132 43.85.14.162:80 SYN_SENT
TCP 211.74.233.88:2133 24.190.250.189:80 ESTABLISHED
TCP 211.74.233.88:2134 155.212.80.66:80 ESTABLISHED
TCP 211.74.233.88:2135 48.153.72.221:80 SYN_SENT
TCP 211.74.233.88:2136 218.214.75.62:80 SYN_SENT
TCP 211.74.233.88:2139 199.45.187.168:80 SYN_SENT
TCP 211.74.233.88:2140 21.105.120.133:80 SYN_SENT
TCP 211.74.233.88:2142 121.96.191.197:80 SYN_SENT
TCP 211.74.233.88:2147 12.213.230.205:80 SYN_SENT
TCP 211.74.233.88:2149 175.111.193.21:80 SYN_SENT
TCP 211.74.233.88:2150 220.211.199.126:80 SYN_SENT
TCP 211.74.233.88:2151 69.237.6.248:80 SYN_SENT
TCP 211.74.233.88:2152 102.101.59.82:80 SYN_SENT
TCP 211.74.233.88:2153 172.120.112.126:80 SYN_SENT
TCP 211.74.233.88:2154 109.65.55.155:80 SYN_SENT
TCP 211.74.233.88:2155 192.162.181.223:80 SYN_SENT
TCP 211.74.233.88:2156 6.182.115.245:80 SYN_SENT
TCP 211.74.233.88:2157 215.133.71.9:80 SYN_SENT
TCP 211.74.233.88:2158 56.115.133.85:80 SYN_SENT
TCP 211.74.233.88:2159 180.171.117.227:80 SYN_SENT
TCP 211.74.233.88:2160 68.246.12.175:80 SYN_SENT
TCP 211.74.233.88:2161 87.181.38.73:80 SYN_SENT
TCP 211.74.233.88:2162 97.74.117.196:80 SYN_SENT
TCP 211.74.233.88:2163 4.84.140.72:80 ESTABLISHED
TCP 211.74.233.88:2164 77.32.178.61:80 SYN_SENT
TCP 211.74.233.88:2165 43.255.92.69:80 SYN_SENT
TCP 211.74.233.88:2166 47.97.36.203:80 SYN_SENT
TCP 211.74.233.88:2167 184.216.130.105:80 SYN_SENT
TCP 211.74.233.88:2168 123.59.151.219:80 SYN_SENT
TCP 211.74.233.88:2169 187.129.240.240:80 SYN_SENT
TCP 211.74.233.88:2170 24.211.58.171:80 SYN_SENT
TCP 211.74.233.88:2171 137.184.135.164:80 ESTABLISHED
TCP 211.74.233.88:2172 4.110.54.140:80 ESTABLISHED
TCP 211.74.233.88:2173 117.142.64.10:80 SYN_SENT
TCP 211.74.233.88:2174 14.3.217.188:80 SYN_SENT
TCP 211.74.233.88:2175 29.131.242.73:80 SYN_SENT
TCP 211.74.233.88:2176 85.22.114.92:80 SYN_SENT
TCP 211.74.233.88:2179 171.81.117.188:80 ESTABLISHED
TCP 211.74.233.88:2180 145.250.172.136:80 ESTABLISHED
TCP 211.74.233.88:2183 102.4.92.245:80 SYN_SENT
TCP 211.74.233.88:2184 143.161.62.155:80 SYN_SENT
TCP 211.74.233.88:2185 219.7.235.135:80 SYN_SENT
TCP 211.74.233.88:2188 197.8.142.94:80 SYN_SENT
TCP 211.74.233.88:2190 175.18.121.136:80 SYN_SENT
TCP 211.74.233.88:2195 142.233.9.200:80 SYN_SENT
TCP 211.74.233.88:2196 109.13.9.107:80 SYN_SENT
TCP 211.74.233.88:2197 23.190.70.161:80 SYN_SENT
TCP 211.74.233.88:2198 70.59.24.219:80 SYN_SENT

他會自動幫你弄一堆port到處連傳送封包
此病毒無法用防火牆擋,已流傳到無數主機上
win2000需要server pack1以上並到此下載更新程式http://www.microsoft.com/technet/treeview/defa ... 01-033.asp
此病毒已對全世界的網路流量造成很大的影響,如果
你閒麻煩不願意更新的話,請至少重開機,也可暫時清除此病毒,因為此病毒只存於記憶體上
所有顯示的時間為 UTC+08:00
1 頁 (共 1 頁)
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/