Mining chain 53 ports

1. This trojan takes advantage of the "eternal blue" vulnerability to attack and spread in the local area network. It builds a robust botnet of the infected machine, supports the self-renewal of the intranet, and lurks in the computer for a long time to extract Monroe money. Because most ordinary personal computers have been patched by windows security update and Tencent computer manager and other security software, they are basically not affected by wanna miner. It is suggested that if the suspected wanna miner mining Trojan horse is found, the poisoned machine can be located and isolated in time. It can be judged by scanning port 26931. If the port is open, the host has been infected; If you need to patch the intranet, all the computers that have not been patched. It is suggested that professional terminal security management software should be installed in the whole network, such as Tencent Yudian. The administrator should carry out mass antivirus and patch installation for the whole network to avoid unnecessary losses.

2. (1) Download the wallet software, install it, and close the wallet software after synchronizing data
(2) click system "start", "run", enter% appdata% in it, and then click OK (WIN XP and win7 systems both operate in this way), or press "win" key and "R" key at the same time to open the running interface
(3) after confirming the second step, open a file manager and display the interface as shown in the figure below. Find the folder named after the currency, litecoin. The data corresponding to the wallet software are all in this folder. Double click to open this folder
(4) configure the. Conf file
at the beginning, enter Notepad to confirm and open Notepad software, Input the following contents in it: ( the following code directly)
rpcuser = Test
rpcpassword = Test
rpcport = 11095
daemon = 1
server = 1
Gen = 0
testnet = 0
Listen = 0
maxconnections = 100
rpcallowip = 10.255.16. *

rpcuser, rpcpassword and rpcport can be modified or not, Rpcallowip needs to be modified according to your own situation. If your miner and wallet software are on the same machine, delete the line rpcallowip
after the file is modified, save it to the previous litecain directory with the file name of litecain.conf, or save it to the desktop, and then it
take the mining software cgminer as an example, modify the IP address of the pools part in the cgminer.conf file
URL part to the IP address of the machine where your wallet is located. Port 11095 is the port configured in litecain.conf just now. User and pass are the same, just keep consistent with the above configuration file< In addition, it is suggested to modify the values of the other two parameters as follows:
& quot; queue" : & quot; 0",< br />" scan-time" : & quot; 1",
after setting, run cgminer to start mining....

3. Methods / steps
first of all, if it is a virus written by a rookie, you can find the file path in the task manager, directly terminate the process tree, or directly find the path to delete it<

2 / 6
Second, if the other party's technology is enough, it is difficult for us to terminate the process, then we can download a computer housekeeper. Now the computer housekeeper also increases the scanning rate of mining virus, and if we find it, we can clean it directly

3 / 6
thirdly, if the computer housekeeper can't handle it, then we can check and kill avast. This program is the first in anti-virus, and it's like a sword for mining viruses<

4 / 6
Fourth, if we still suspect that there is a mining virus on the computer after using avast, we first open the process and manually put the document path to the quarantine area

5 / 6
fifthly, after we put it in the isolation area, we use avast's relaxation for analysis, and then send it to avast's staff. If we suspect that it is a mining virus, the other party will give us manual analysis. If it is, the other party will also help us delete it

6 / 6
sixthly, if we still have doubts after being determined in our profession, if it's not Daniel, then my uncle will need to install the computer again. After all, everything is clear
network experience: https://jingyan..com/article/ca41422f1d83601eae99edf3.html
thank you (≥ 8711; ≦)

4. The risk of digital currency is very big. Now, the country does not support digital currency

5. {
" balance_host": & " deepbit.net", < br /> " balance_token_url": & " http://deepbit.net/settings/" , < br /> " balance_url": & "/ api/%s", < br /> " host": & " pit.deepbit.net", < br /> " name": & " deepbit", < br /> " port": 8332,
" url": & " http://deepbit.net" < br /> },

6.

Log in to the system to view the task manager, and view the processes that occupy large memory and cannot be closed. Right click on the process to open the file location (first select Show hidden files and operating system files in the folder option). At this time, you may see a systmss.exe process and a svchost.exe process imitating the operating system. Here you can also see a 2.bat file. Right click to edit and open this file to see which mining organization the malicious process communicates with

by viewing the system operation log, we can analyze the source of the virus, start time and other information. The general reason may be that the hacker did not close port 3389 and used a weak password to remotely log in to the last virus

virus eradication: rename the virus executable file systmss.exe to systmss.exe1, so that the virus cannot be executed. At this time, you can stop the process from the task manager. Open registry editor to delete HKEY_ LOCAL_ The entire directory of machine, system, controlset001, services and systems

for Linux system, please refer to: webpage link