360 bitcoin NAS detector
Publish: 2021-04-23 22:49:36
1. 1、 Win10 prevention process
win10 platform is relatively simple, because Microsoft has released relevant patches for this virus vulnerability in early March, so as long as your win10 has been automatically updated and upgraded to the latest version (version number is higher than 1511), you can successfully resist wannacrypt virus
operation steps:
1. "Settings" → "update and security" → "Windows Update", check that this item is on
2. Click the Cortana search box in the taskbar, enter "winver" and confirm that the version number is higher than 1511<
win10 users directly upgrade the latest version
II. Win7, win8.1, WINXP processing flow
for non win10 platform computers, because most of them have exceeded the service period, or e to various reasons, they have not opened the update and received the security patch, which is the hardest hit area of this attack. The solution is to download ms17-010 patch manually. At present, Microsoft has urgently released ms17-010 patch for different platforms, and the direct link address is as follows:
Windows XP (kb4012598)
32 bits:
http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsxp-kb4012598-x86-custom-chs_. Exe
64 bit:
http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsserver2003-kb4012598-x64-custom-enu_. Exe
Windows 7 (kb4012212, kb4012215)
32-bit:
http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/02/windows6.1-kb4012212-x86_. msu KB4012212
http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/03/windows6.1-kb4012215-x86_. MSU (kb4012215)
64 bits:
http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/02/windows6.1-kb4012212-x64_. msu KB4012212
http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/03/windows6.1-kb4012215-x64_. MSU (kb4012215)
windows 8.1 (kb4012213, kb4012216)
32-bit:
http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/02/windows8.1-kb4012213-x86_. msu KB4012213
http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/03/windows8.1-kb4012216-x86_. MSU (kb4012216)
64 bits:
http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/02/windows8.1-kb4012213-x64_. msu KB4012213
http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/03/windows8.1-kb4012216-x64_. MSU (kb4012216)
for other platforms or server versions, please go to https://technet.microsoft.com/zh-cn/library/security/MS17-010 Download the corresponding patch file
to search your own windows platform, you need to pay attention to the number of version bits (such as 32-bit / 64 bit)
confirm the platform version number again, click the download button of the corresponding version
click the link to download the patch of this platform directly. It should be noted that indivial platforms (such as win7) will contain two patches, Please download and install in order
3. Temporary disposal method
if it is not convenient for the computer to install the patch, or if you don't have a downloaded patch file on hand, you can consider the following temporary disposal method. The temporary disposal method is to shut down the corresponding port number of the system for immunization, which is effective for the current version of the virus, but it does not rule out the possibility of breaking the virus after it has a variant, The specific methods are as follows:
1. Download the 360 NSA immunization tool
NSA Arsenal immunization tool
software version: XP version
software size: 125.34mb
software license: free
applicable platform: WinXP Vista win8 win7
download address: http://dl.pconline.com.cn/download/996906.html
download the NSA immunization tool released by 360 company immediately, It has the characteristics of time-saving, labor-saving and low operation difficulty. The whole toolkit is 125mb. Double click to decompress automatically. Later, you will enter a main interface and operate according to the screen prompts. When the interface is green, it means the system is safe
NSA immune tool released by 360 company
2. Manually close windows 445, 135, 137, 138, 139 ports
in addition to the existing tools, you can also manually close 445, 135, 137, 138, 139 ports to resist virus attacks. The specific operation steps are as follows:
2.1 close ports 135, 137 and 138
1. Run and input "dcomcnfg"
2. On the right side of the computer option, right-click My Computer and select properties
3. In the default properties tab of my computer properties dialog box, remove the check box before enable Distributed COM on this computer
4. Select the default protocol tab, select connection oriented TCP / IP, and click delete
5. Right click on the network neighborhood to select properties, right click the network tab, and remove the check boxes of Microsoft network file and printer sharing and Microsoft network client to close ports 135, 137, 138 of the sharing end
manually close port
2.2 close port 139
open "network and dial up connection" → "local connection", select "Internet Protocol (TCP / IP)" attribute, enter "advanced TCP / IP settings" → "wins settings", there is a "disable TCP / IP NetBIOS", check to close port 139
2.3 close port 445
"start" → "run", enter "regedit", confirm and locate to "HKEY"_ LOCAL_ MACHINE\ SYSTEM\ CurrentControlSet\ Servi ces\ NetBT\ Parameters ", create a new DWORD value named" smbdeviceenabled "and set it to 0, then port 445 can be closed
note: after manually closing the port number, some intranet services (such as file and printer sharing) may fail. Please choose carefully
write at the end
wannacrypt is one of the most harmful viruses in recent years, second only to the shock wave of that year. The most important thing is that this virus will affect the hard disk data, and it is almost impossible to crack at present. The current method is that wannacrypt will automatically delete the original file before encryption, so some professional data recovery software can be used to try to recover. In short, keeping the system up-to-date is the best way to defend against viruses.
win10 platform is relatively simple, because Microsoft has released relevant patches for this virus vulnerability in early March, so as long as your win10 has been automatically updated and upgraded to the latest version (version number is higher than 1511), you can successfully resist wannacrypt virus
operation steps:
1. "Settings" → "update and security" → "Windows Update", check that this item is on
2. Click the Cortana search box in the taskbar, enter "winver" and confirm that the version number is higher than 1511<
win10 users directly upgrade the latest version
II. Win7, win8.1, WINXP processing flow
for non win10 platform computers, because most of them have exceeded the service period, or e to various reasons, they have not opened the update and received the security patch, which is the hardest hit area of this attack. The solution is to download ms17-010 patch manually. At present, Microsoft has urgently released ms17-010 patch for different platforms, and the direct link address is as follows:
Windows XP (kb4012598)
32 bits:
http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsxp-kb4012598-x86-custom-chs_. Exe
64 bit:
http://download.windowsupdate.com/d/csa/csa/secu/2017/02/windowsserver2003-kb4012598-x64-custom-enu_. Exe
Windows 7 (kb4012212, kb4012215)
32-bit:
http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/02/windows6.1-kb4012212-x86_. msu KB4012212
http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/03/windows6.1-kb4012215-x86_. MSU (kb4012215)
64 bits:
http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/02/windows6.1-kb4012212-x64_. msu KB4012212
http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/03/windows6.1-kb4012215-x64_. MSU (kb4012215)
windows 8.1 (kb4012213, kb4012216)
32-bit:
http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/02/windows8.1-kb4012213-x86_. msu KB4012213
http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/03/windows8.1-kb4012216-x86_. MSU (kb4012216)
64 bits:
http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/02/windows8.1-kb4012213-x64_. msu KB4012213
http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/03/windows8.1-kb4012216-x64_. MSU (kb4012216)
for other platforms or server versions, please go to https://technet.microsoft.com/zh-cn/library/security/MS17-010 Download the corresponding patch file
to search your own windows platform, you need to pay attention to the number of version bits (such as 32-bit / 64 bit)
confirm the platform version number again, click the download button of the corresponding version
click the link to download the patch of this platform directly. It should be noted that indivial platforms (such as win7) will contain two patches, Please download and install in order
3. Temporary disposal method
if it is not convenient for the computer to install the patch, or if you don't have a downloaded patch file on hand, you can consider the following temporary disposal method. The temporary disposal method is to shut down the corresponding port number of the system for immunization, which is effective for the current version of the virus, but it does not rule out the possibility of breaking the virus after it has a variant, The specific methods are as follows:
1. Download the 360 NSA immunization tool
NSA Arsenal immunization tool
software version: XP version
software size: 125.34mb
software license: free
applicable platform: WinXP Vista win8 win7
download address: http://dl.pconline.com.cn/download/996906.html
download the NSA immunization tool released by 360 company immediately, It has the characteristics of time-saving, labor-saving and low operation difficulty. The whole toolkit is 125mb. Double click to decompress automatically. Later, you will enter a main interface and operate according to the screen prompts. When the interface is green, it means the system is safe
NSA immune tool released by 360 company
2. Manually close windows 445, 135, 137, 138, 139 ports
in addition to the existing tools, you can also manually close 445, 135, 137, 138, 139 ports to resist virus attacks. The specific operation steps are as follows:
2.1 close ports 135, 137 and 138
1. Run and input "dcomcnfg"
2. On the right side of the computer option, right-click My Computer and select properties
3. In the default properties tab of my computer properties dialog box, remove the check box before enable Distributed COM on this computer
4. Select the default protocol tab, select connection oriented TCP / IP, and click delete
5. Right click on the network neighborhood to select properties, right click the network tab, and remove the check boxes of Microsoft network file and printer sharing and Microsoft network client to close ports 135, 137, 138 of the sharing end
manually close port
2.2 close port 139
open "network and dial up connection" → "local connection", select "Internet Protocol (TCP / IP)" attribute, enter "advanced TCP / IP settings" → "wins settings", there is a "disable TCP / IP NetBIOS", check to close port 139
2.3 close port 445
"start" → "run", enter "regedit", confirm and locate to "HKEY"_ LOCAL_ MACHINE\ SYSTEM\ CurrentControlSet\ Servi ces\ NetBT\ Parameters ", create a new DWORD value named" smbdeviceenabled "and set it to 0, then port 445 can be closed
note: after manually closing the port number, some intranet services (such as file and printer sharing) may fail. Please choose carefully
write at the end
wannacrypt is one of the most harmful viruses in recent years, second only to the shock wave of that year. The most important thing is that this virus will affect the hard disk data, and it is almost impossible to crack at present. The current method is that wannacrypt will automatically delete the original file before encryption, so some professional data recovery software can be used to try to recover. In short, keeping the system up-to-date is the best way to defend against viruses.
2. In the bitcoin virus, 360 antivirus is useless, and even some paid antivirus software can not be used
bitcoin virus (bitcoin Trojan horse) "bitcoin blackmailer" was popular abroad in 2014, and was found in China in early 15 years. This kind of Trojan will encrypt 114 kinds of files in the infected computer, such as docx, PDF, xlsx, JPG and so on, making it unable to open normally, and pop up windows to "blackmail" the victim, requiring the victim to pay 3 bitcoin as "ransom". According to the recent bitcoin price found by the reporter from the Internet, 3 bitcoin is almost 5000 yuan or 6000 yuan. This kind of Trojan horse is generally spread through English mail. The name of the Trojan horse program is usually in English, which means "order", "proct details", etc., and uses fax or form icon, which is very confusing. The recipient easily mistakenly thinks that it is a working file and clicks to run the Trojan horse program.
bitcoin virus (bitcoin Trojan horse) "bitcoin blackmailer" was popular abroad in 2014, and was found in China in early 15 years. This kind of Trojan will encrypt 114 kinds of files in the infected computer, such as docx, PDF, xlsx, JPG and so on, making it unable to open normally, and pop up windows to "blackmail" the victim, requiring the victim to pay 3 bitcoin as "ransom". According to the recent bitcoin price found by the reporter from the Internet, 3 bitcoin is almost 5000 yuan or 6000 yuan. This kind of Trojan horse is generally spread through English mail. The name of the Trojan horse program is usually in English, which means "order", "proct details", etc., and uses fax or form icon, which is very confusing. The recipient easily mistakenly thinks that it is a working file and clicks to run the Trojan horse program.
3. < / UL >
Unfortunately, Windows users are attacked by wana series of blackmail virus (bitcoin virus). The current solutions are as follows: (never pay ransom in any case, there is a lot of evidence that even if ransom files are paid, they cannot be decrypted.) < UL >
Windows users can completely eliminate wanacry blackmail virus on devices by formatting all hard disks
indivial users can contact domestic and foreign security manufacturers, such as Qihoo 360, Jinshan drug bully, Kaspersky, mcfel, Tencent security manager and other security centers for assistance in recovering important data
use the file recovery tool to recover. Users who have been infected with the virus can use the computer manager - file recovery tool for file recovery, with a certain probability of recovering your documents
note: we will continue to pay attention to the handling methods of relevant security manufacturers and wait for a more superior perfect unlocking scheme
< H2 > Windows users can install security patches in time, update anti-virus software, and avoid visiting high-risk websites. At present, the wanacry virus has been preliminarily controlled, so users need not panic and fight rationally< br />4. Unfortunately, Windows users are attacked by wanacry blackmail virus. The current solutions are as follows: (never pay ransom in any case. There is a lot of evidence that even if ransom files are paid, they cannot be decrypted.)
Windows users can completely eliminate wanacry blackmail virus on devices by formatting all hard disks
indivial users can contact domestic and foreign security manufacturers, such as Qihoo 360, Jinshan drug bully, Kaspersky, mcfel, Tencent security manager and other security centers for assistance in recovering important data
use "blackmail virus immune tool" to repair. Users download the offline version of Tencent computer manager "blackmail virus immunity tool" through other computers, and the files to a safe and non-toxic U disk; Then turn on the designated computer when WiFi is turned off, the network cable is unplugged and the network is disconnected, and back up important files as soon as possible; Then use the offline version of "blackmail virus immunity tool" to fix the vulnerability with one click through USB flash disk; Network can be normal use of the computer
use the file recovery tool to recover. Users who have been infected with the virus can use the computer manager - file recovery tool for file recovery, with a certain probability of recovering your documents
note: we will continue to pay attention to the handling methods of relevant security manufacturers, waiting for more superior perfect unlocking.
Windows users can completely eliminate wanacry blackmail virus on devices by formatting all hard disks
indivial users can contact domestic and foreign security manufacturers, such as Qihoo 360, Jinshan drug bully, Kaspersky, mcfel, Tencent security manager and other security centers for assistance in recovering important data
use "blackmail virus immune tool" to repair. Users download the offline version of Tencent computer manager "blackmail virus immunity tool" through other computers, and the files to a safe and non-toxic U disk; Then turn on the designated computer when WiFi is turned off, the network cable is unplugged and the network is disconnected, and back up important files as soon as possible; Then use the offline version of "blackmail virus immunity tool" to fix the vulnerability with one click through USB flash disk; Network can be normal use of the computer
use the file recovery tool to recover. Users who have been infected with the virus can use the computer manager - file recovery tool for file recovery, with a certain probability of recovering your documents
note: we will continue to pay attention to the handling methods of relevant security manufacturers, waiting for more superior perfect unlocking.
5.
Once the computer is infected with this bitcoin blackmail virus, all the file data on the computer will be forcibly encrypted. If it is not delivered in the form of bitcoin to the virus maker & lt; Ransom;, Then these files can't be decrypted and retrieved. Even if the ransom is paid this time, they may be decrypted next time; Patronize & quot& mdash;& mdash; That is to say, this virus is very important to & lt; Pay attention to data & quot; It's hard to estimate the harm that can be caused by the users, especially the enterprise users
How to avoid the harm of bitcoin blackmail virus< p> As soon as bitcoin blackmail virus came into being, it immediately caused an uproar around the world. Major network security organizations and well-known anti-virus software began to pay attention to this problemthere is a lot about & lt; Manually set the firewall to close the sensitive port of the computer, so as to resist the bitcoin blackmail virus; But this kind of method is more suitable for those who know computer better; Non white people;, For example, for a third rate programmer like me, this method is more suitable for me. I can't even use antivirus software
but for the general public, it may be necessary to deal with it in a simpler way
it has been several years since the advent of bitcoin extortion virus. In order to help users' computers fight against bitcoin extortion virus attacks, many anti-virus software have certain defense mechanisms. For example, 360 launched a & lt; Anti blackmail service;, If your data is encrypted by bitcoin extortion virus when 360 is installed on your computer, 360 will compensate for your ransom and recover your data
users who don't know how to use computers can choose to install anti-virus software to defend you against such viruses, but it depends on their hobbies to choose which one
6. Dragon is a supernatural animal in Chinese mythology, which is the length of a hundred scales. It is one of the most representative traditional cultures of the Chinese nation< br /> http://ke..com/link?url=_- i080ZJhX_ Q0rS12C
7.
Hello, open the anti blackmail service in the security guard, so you can defend against blackmail virus
8.
The location of 360 NSA Arsenal immunization tools:
1. First, open 360 antivirus software and enter the main interface of 360 antivirus software
9. It is very useful to use NAS Arsenal immune tools to detect whether there are loopholes in the system, and close the ports affected by the loopholes, so as to avoid being attacked by blackmail software and other viruses.
10. If your computer is not infected, please install the latest ms17-010 patch released by Microsoft immediately; As Windows XP, 2003 and other versions no longer support updates, you can detect vulnerabilities and close the affected interfaces through 360 "NSA Arsenal immunity tool"
Close ports 445, 135, 137, 138 and 139 to turn off network sharing
please don't click or download unknown links, emails or files
for those who are infected with virus, there is no solution for encrypting data. If the data is backed up or the files in the computer are irrelevant, you can format the hard disk and reload the system. Pay attention to re install the system to isolate the Internet, to avoid word infection, at the same time hit the patch mentioned above
if you don't understand all of the above, you can first pinch the network cable and the important files of the computer to the U disk or mobile hard disk
you can click here to download the patch of this virus. Of course, you can also download it directly to the official website
or you can find the NAS Arsenal immune tool in 360 software, or you can update it automatically with your own computer
1. Select the control panel to open the program in the lower right corner
Close ports 445, 135, 137, 138 and 139 to turn off network sharing
please don't click or download unknown links, emails or files
for those who are infected with virus, there is no solution for encrypting data. If the data is backed up or the files in the computer are irrelevant, you can format the hard disk and reload the system. Pay attention to re install the system to isolate the Internet, to avoid word infection, at the same time hit the patch mentioned above
if you don't understand all of the above, you can first pinch the network cable and the important files of the computer to the U disk or mobile hard disk
you can click here to download the patch of this virus. Of course, you can also download it directly to the official website
or you can find the NAS Arsenal immune tool in 360 software, or you can update it automatically with your own computer
1. Select the control panel to open the program in the lower right corner
Hot content