Bitcoin killing
Publish: 2021-04-17 18:57:51
1. 1、 Win10 prevention process
win10 platform is relatively simple, because Microsoft has released relevant patches for this virus vulnerability in early March, so as long as your win10 has been automatically updated and upgraded to the latest version (version number is higher than 1511), you can successfully resist wannacrypt virus
operation steps:
1. "Settings" → "update and security" → "Windows Update", check that this item is on
2. Click the Cortana search box in the taskbar, enter "winver" and confirm that the version number is higher than 1511<
win10 users directly upgrade the latest version
II. Win7, win8.1, WINXP processing flow
for non win10 platform computers, because most of them have exceeded the service period, or e to various reasons, they have not opened the update and received the security patch, which is the hardest hit area of this attack. The solution is to download ms17-010 patch manually. At present, Microsoft has urgently released ms17-010 patch for different platforms, and the direct link address is as follows:
Windows XP (kb4012598)
32 bits:
http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsxp-kb4012598-x86-custom-chs_. Exe
64 bit:
http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsserver2003-kb4012598-x64-custom-enu_. Exe
Windows 7 (kb4012212, kb4012215)
32-bit:
http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/02/windows6.1-kb4012212-x86_. msu KB4012212
http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/03/windows6.1-kb4012215-x86_. MSU (kb4012215)
64 bits:
http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/02/windows6.1-kb4012212-x64_. msu KB4012212
http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/03/windows6.1-kb4012215-x64_. MSU (kb4012215)
windows 8.1 (kb4012213, kb4012216)
32-bit:
http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/02/windows8.1-kb4012213-x86_. msu KB4012213
http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/03/windows8.1-kb4012216-x86_. MSU (kb4012216)
64 bits:
http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/02/windows8.1-kb4012213-x64_. msu KB4012213
http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/03/windows8.1-kb4012216-x64_. MSU (kb4012216)
for other platforms or server versions, please go to https://technet.microsoft.com/zh-cn/library/security/MS17-010 Download the corresponding patch file
to search your own windows platform, you need to pay attention to the number of version bits (such as 32-bit / 64 bit)
confirm the platform version number again, click the download button of the corresponding version
click the link to download the patch of this platform directly. It should be noted that indivial platforms (such as win7) will contain two patches, Please download and install in order
3. Temporary disposal method
if it is not convenient for the computer to install the patch, or if you don't have a downloaded patch file on hand, you can consider the following temporary disposal method. The temporary disposal method is to shut down the corresponding port number of the system for immunization, which is effective for the current version of the virus, but it does not rule out the possibility of breaking the virus after it has a variant, The specific methods are as follows:
1. Download the 360 NSA immunization tool
NSA Arsenal immunization tool
software version: XP version
software size: 125.34mb
software license: free
applicable platform: WinXP Vista win8 win7
download address: http://dl.pconline.com.cn/download/996906.html
download the NSA immunization tool released by 360 company immediately, It has the characteristics of time-saving, labor-saving and low operation difficulty. The whole toolkit is 125mb. Double click to decompress automatically. Later, you will enter a main interface and operate according to the screen prompts. When the interface is green, it means the system is safe
NSA immune tool released by 360 company
2. Manually close windows 445, 135, 137, 138, 139 ports
in addition to the existing tools, you can also manually close 445, 135, 137, 138, 139 ports to resist virus attacks. The specific operation steps are as follows:
2.1 close ports 135, 137 and 138
1. Run and input "dcomcnfg"
2. On the right side of the computer option, right-click My Computer and select properties
3. In the default properties tab of my computer properties dialog box, remove the check box before enable Distributed COM on this computer
4. Select the default protocol tab, select connection oriented TCP / IP, and click delete
5. Right click on the network neighborhood to select properties, right click the network tab, and remove the check boxes of Microsoft network file and printer sharing and Microsoft network client to close ports 135, 137, 138 of the sharing end
manually close port
2.2 close port 139
open "network and dial up connection" → "local connection", select "Internet Protocol (TCP / IP)" attribute, enter "advanced TCP / IP settings" → "wins settings", there is a "disable TCP / IP NetBIOS", check to close port 139
2.3 close port 445
"start" → "run", enter "regedit", confirm and locate to "HKEY"_ LOCAL_ MACHINE\ SYSTEM\ CurrentControlSet\ Servi ces\ NetBT\ Parameters ", create a new DWORD value named" smbdeviceenabled "and set it to 0, then port 445 can be closed
note: after manually closing the port number, some intranet services (such as file and printer sharing) may fail. Please choose carefully
write at the end
wannacrypt is one of the most harmful viruses in recent years, second only to the shock wave of that year. The most important thing is that this virus will affect the hard disk data, and it is almost impossible to crack at present. The current method is that wannacrypt will automatically delete the original file before encryption, so some professional data recovery software can be used to try to recover. In short, keeping the system up-to-date is the best way to defend against viruses.
win10 platform is relatively simple, because Microsoft has released relevant patches for this virus vulnerability in early March, so as long as your win10 has been automatically updated and upgraded to the latest version (version number is higher than 1511), you can successfully resist wannacrypt virus
operation steps:
1. "Settings" → "update and security" → "Windows Update", check that this item is on
2. Click the Cortana search box in the taskbar, enter "winver" and confirm that the version number is higher than 1511<
win10 users directly upgrade the latest version
II. Win7, win8.1, WINXP processing flow
for non win10 platform computers, because most of them have exceeded the service period, or e to various reasons, they have not opened the update and received the security patch, which is the hardest hit area of this attack. The solution is to download ms17-010 patch manually. At present, Microsoft has urgently released ms17-010 patch for different platforms, and the direct link address is as follows:
Windows XP (kb4012598)
32 bits:
http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsxp-kb4012598-x86-custom-chs_. Exe
64 bit:
http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsserver2003-kb4012598-x64-custom-enu_. Exe
Windows 7 (kb4012212, kb4012215)
32-bit:
http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/02/windows6.1-kb4012212-x86_. msu KB4012212
http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/03/windows6.1-kb4012215-x86_. MSU (kb4012215)
64 bits:
http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/02/windows6.1-kb4012212-x64_. msu KB4012212
http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/03/windows6.1-kb4012215-x64_. MSU (kb4012215)
windows 8.1 (kb4012213, kb4012216)
32-bit:
http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/02/windows8.1-kb4012213-x86_. msu KB4012213
http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/03/windows8.1-kb4012216-x86_. MSU (kb4012216)
64 bits:
http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/02/windows8.1-kb4012213-x64_. msu KB4012213
http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/03/windows8.1-kb4012216-x64_. MSU (kb4012216)
for other platforms or server versions, please go to https://technet.microsoft.com/zh-cn/library/security/MS17-010 Download the corresponding patch file
to search your own windows platform, you need to pay attention to the number of version bits (such as 32-bit / 64 bit)
confirm the platform version number again, click the download button of the corresponding version
click the link to download the patch of this platform directly. It should be noted that indivial platforms (such as win7) will contain two patches, Please download and install in order
3. Temporary disposal method
if it is not convenient for the computer to install the patch, or if you don't have a downloaded patch file on hand, you can consider the following temporary disposal method. The temporary disposal method is to shut down the corresponding port number of the system for immunization, which is effective for the current version of the virus, but it does not rule out the possibility of breaking the virus after it has a variant, The specific methods are as follows:
1. Download the 360 NSA immunization tool
NSA Arsenal immunization tool
software version: XP version
software size: 125.34mb
software license: free
applicable platform: WinXP Vista win8 win7
download address: http://dl.pconline.com.cn/download/996906.html
download the NSA immunization tool released by 360 company immediately, It has the characteristics of time-saving, labor-saving and low operation difficulty. The whole toolkit is 125mb. Double click to decompress automatically. Later, you will enter a main interface and operate according to the screen prompts. When the interface is green, it means the system is safe
NSA immune tool released by 360 company
2. Manually close windows 445, 135, 137, 138, 139 ports
in addition to the existing tools, you can also manually close 445, 135, 137, 138, 139 ports to resist virus attacks. The specific operation steps are as follows:
2.1 close ports 135, 137 and 138
1. Run and input "dcomcnfg"
2. On the right side of the computer option, right-click My Computer and select properties
3. In the default properties tab of my computer properties dialog box, remove the check box before enable Distributed COM on this computer
4. Select the default protocol tab, select connection oriented TCP / IP, and click delete
5. Right click on the network neighborhood to select properties, right click the network tab, and remove the check boxes of Microsoft network file and printer sharing and Microsoft network client to close ports 135, 137, 138 of the sharing end
manually close port
2.2 close port 139
open "network and dial up connection" → "local connection", select "Internet Protocol (TCP / IP)" attribute, enter "advanced TCP / IP settings" → "wins settings", there is a "disable TCP / IP NetBIOS", check to close port 139
2.3 close port 445
"start" → "run", enter "regedit", confirm and locate to "HKEY"_ LOCAL_ MACHINE\ SYSTEM\ CurrentControlSet\ Servi ces\ NetBT\ Parameters ", create a new DWORD value named" smbdeviceenabled "and set it to 0, then port 445 can be closed
note: after manually closing the port number, some intranet services (such as file and printer sharing) may fail. Please choose carefully
write at the end
wannacrypt is one of the most harmful viruses in recent years, second only to the shock wave of that year. The most important thing is that this virus will affect the hard disk data, and it is almost impossible to crack at present. The current method is that wannacrypt will automatically delete the original file before encryption, so some professional data recovery software can be used to try to recover. In short, keeping the system up-to-date is the best way to defend against viruses.
2. In the bitcoin virus, 360 antivirus is useless, and even some paid antivirus software can not be used
bitcoin virus (bitcoin Trojan horse) "bitcoin blackmailer" was popular abroad in 2014, and was found in China in early 15 years. This kind of Trojan will encrypt 114 kinds of files in the infected computer, such as docx, PDF, xlsx, JPG and so on, making it unable to open normally, and pop up windows to "blackmail" the victim, requiring the victim to pay 3 bitcoin as "ransom". According to the recent bitcoin price found by the reporter from the Internet, 3 bitcoin is almost 5000 yuan or 6000 yuan. This kind of Trojan horse is generally spread through English mail. The name of the Trojan horse program is usually in English, which means "order", "proct details", etc., and uses fax or form icon, which is very confusing. The recipient easily mistakenly thinks that it is a working file and clicks to run the Trojan horse program.
bitcoin virus (bitcoin Trojan horse) "bitcoin blackmailer" was popular abroad in 2014, and was found in China in early 15 years. This kind of Trojan will encrypt 114 kinds of files in the infected computer, such as docx, PDF, xlsx, JPG and so on, making it unable to open normally, and pop up windows to "blackmail" the victim, requiring the victim to pay 3 bitcoin as "ransom". According to the recent bitcoin price found by the reporter from the Internet, 3 bitcoin is almost 5000 yuan or 6000 yuan. This kind of Trojan horse is generally spread through English mail. The name of the Trojan horse program is usually in English, which means "order", "proct details", etc., and uses fax or form icon, which is very confusing. The recipient easily mistakenly thinks that it is a working file and clicks to run the Trojan horse program.
3. < / UL >
Unfortunately, Windows users are attacked by wana series of blackmail virus (bitcoin virus). The current solutions are as follows: (never pay ransom in any case, there is a lot of evidence that even if ransom files are paid, they cannot be decrypted.) < UL >
Windows users can completely eliminate wanacry blackmail virus on devices by formatting all hard disks
indivial users can contact domestic and foreign security manufacturers, such as Qihoo 360, Jinshan drug bully, Kaspersky, mcfel, Tencent security manager and other security centers for assistance in recovering important data
use the file recovery tool to recover. Users who have been infected with the virus can use the computer manager - file recovery tool for file recovery, with a certain probability of recovering your documents
note: we will continue to pay attention to the handling methods of relevant security manufacturers and wait for a more superior perfect unlocking scheme
< H2 > Windows users can install security patches in time, update anti-virus software, and avoid visiting high-risk websites. At present, the wanacry virus has been preliminarily controlled, so users need not panic and fight rationally< br />4. Unfortunately, Windows users are attacked by wanacry blackmail virus. The current solutions are as follows: (never pay ransom in any case. There is a lot of evidence that even if ransom files are paid, they cannot be decrypted.)
Windows users can completely eliminate wanacry blackmail virus on devices by formatting all hard disks
indivial users can contact domestic and foreign security manufacturers, such as Qihoo 360, Jinshan drug bully, Kaspersky, mcfel, Tencent security manager and other security centers for assistance in recovering important data
use "blackmail virus immune tool" to repair. Users download the offline version of Tencent computer manager "blackmail virus immunity tool" through other computers, and the files to a safe and non-toxic U disk; Then turn on the designated computer when WiFi is turned off, the network cable is unplugged and the network is disconnected, and back up important files as soon as possible; Then use the offline version of "blackmail virus immunity tool" to fix the vulnerability with one click through USB flash disk; Network can be normal use of the computer
use the file recovery tool to recover. Users who have been infected with the virus can use the computer manager - file recovery tool for file recovery, with a certain probability of recovering your documents
note: we will continue to pay attention to the handling methods of relevant security manufacturers, waiting for more superior perfect unlocking.
Windows users can completely eliminate wanacry blackmail virus on devices by formatting all hard disks
indivial users can contact domestic and foreign security manufacturers, such as Qihoo 360, Jinshan drug bully, Kaspersky, mcfel, Tencent security manager and other security centers for assistance in recovering important data
use "blackmail virus immune tool" to repair. Users download the offline version of Tencent computer manager "blackmail virus immunity tool" through other computers, and the files to a safe and non-toxic U disk; Then turn on the designated computer when WiFi is turned off, the network cable is unplugged and the network is disconnected, and back up important files as soon as possible; Then use the offline version of "blackmail virus immunity tool" to fix the vulnerability with one click through USB flash disk; Network can be normal use of the computer
use the file recovery tool to recover. Users who have been infected with the virus can use the computer manager - file recovery tool for file recovery, with a certain probability of recovering your documents
note: we will continue to pay attention to the handling methods of relevant security manufacturers, waiting for more superior perfect unlocking.
5. 1. Install a computer manager on the computer
2, and then open the virus check and kill to check and kill the computer virus
3, and then open the toolbox to have a document guardian to decrypt the file
2, and then open the virus check and kill to check and kill the computer virus
3, and then open the toolbox to have a document guardian to decrypt the file
6. Because the cost of encryption is much less than decryption,
suppose that a supercomputer can violently try 1 billion passwords in one second by setting a password with numbers and uppercase and lowercase letters (a total of 62 characters), then:
it takes 1 second to crack 5-digit passwords (62 ^ 5 = 920 million),
it takes 62 seconds to crack 6-digit passwords,
it takes 1 hour to crack 7-digit passwords,
it takes 2.5 days to crack 8-digit passwords,
it takes half a year to crack 9-digit passwords,
it takes 100000 years to decipher 12 (more than the history of human civilization),
it takes 24.3 billion years to decipher 15 (more than the age of the universe)
the 15 bit password takes a few seconds to input more than the 5-bit password, but the decryption cost is almost impossible
even if the quantum computer can increase the cracking speed by 100 million times, it will only offset 27 bits of the 256 bit private key length of bitcoin (2 ^ 27 = 130 million). Even if extraterrestrials appear and the cracking speed is increased by 100 million times for several times in a row (each time the length of the private key is offset by 27 bits), bitcoin can simply upgrade the length of the private key to 512 bits.
suppose that a supercomputer can violently try 1 billion passwords in one second by setting a password with numbers and uppercase and lowercase letters (a total of 62 characters), then:
it takes 1 second to crack 5-digit passwords (62 ^ 5 = 920 million),
it takes 62 seconds to crack 6-digit passwords,
it takes 1 hour to crack 7-digit passwords,
it takes 2.5 days to crack 8-digit passwords,
it takes half a year to crack 9-digit passwords,
it takes 100000 years to decipher 12 (more than the history of human civilization),
it takes 24.3 billion years to decipher 15 (more than the age of the universe)
the 15 bit password takes a few seconds to input more than the 5-bit password, but the decryption cost is almost impossible
even if the quantum computer can increase the cracking speed by 100 million times, it will only offset 27 bits of the 256 bit private key length of bitcoin (2 ^ 27 = 130 million). Even if extraterrestrials appear and the cracking speed is increased by 100 million times for several times in a row (each time the length of the private key is offset by 27 bits), bitcoin can simply upgrade the length of the private key to 512 bits.
7. Jinshan drug tyrant official website has this special killing procere!
Hot content