lsass.exe, system restart |
lsass.exe, system restart |
Yume |
Jan 11 2005, 22:47
Post
#16
|
challenger Group: Jounin Posts: 3875 Joined: 4-March 04 |
Ek, es vairs nezinu kā ir jabūt, bet šķiet ka tā, nav jābū. Man tie SVCHosti 3 veidos parādās,bet es neatceros kas man agrāk bija.
Vai tagad man jauna parādība, viņs pirms izslēgties man tā prasa.. -------------------- |
MareX |
Jan 11 2005, 23:52
Post
#17
|
Heimin Group: Chuunin Posts: 17 Joined: 27-December 04 |
Kaa jau agraaak "edg" mineeja tas visticamaak ir Sasser viirusa paveids -> links (liidziigs gadiijums)...
Vari pameegjinaat izdariit sekojosho... 1) Atrodi kaadu Sasser removal tool (ieteicams jaunaako)... piem Symantec, Microsoft, McAfee AVERT Stinger. 2) Lejuplaadee manis jau iteikto SafeXP. 3) Ieteicams jau laiciigi pamekleet kaadu ugunsmuuri... piem Microsoft (Win XP iebuuveetais), citi... 4) Atvieno datoru no interneta un jebkaada datoru tiikla... 5) Palaid Sasser removal tool (ieteicams to dariit nostarteejot datoru Safe Mode)... seko instrukcijaam... 6) Palaid SafeXP un saliec vismaz shaadas opcijas (iteicams)... * Disable Remote Desktop support Prevents your machine from having the ability to be remotely controlled by a system administrator or via the internet. * Disable Remote Registry service Disallows remote computers to access and modify the registry on the local computer. * Disable RPC Locator service Prevents your machine from using a specially malformed argument to be executed with system privileges by an attacker. The Locator service is not enabled by default except on Windows 2000 domain controllers and Windows NT 4.0 domain controllers * Disable Windows Update service Changes Windows automatic updates to manual mode(jo dazhi viirusi prot Windows Auto Update izmantot sev par labu). * Disable UPNP/SSDP service UPnP is a set of communications protocol standards that allow networked TCP/IP devices to announce their presence to all other devices on the network and to then inter-operate in a flexible and pre-defined fashion. There are currently limited UnPnP devices available and due to a recent security flaw it's advisable to disable this service. This also allows you to disable Universal Plug and Play Network Address Translation discovery which uses the Simple Service Discovery Protocol (SSDP) to reduce bandwidth and increase security. * Disable support for DCOM Distributed Component Object Model, or DCOM, provides a method for distributed network applications to communicate with one another. This setting allow you to disable support for DCOM. * Disable the POSIX Subsystem Windows 2000 and XP still come with the POSIX subsystem which allows the use of Unix commands against your system. * Enable Windows File Protection Windows File Protection (WFP) protects certain files that are key to the Windows 2000/XP operating system. These files are protected to prevent deletion of key files, unauthorized updating, and file damage that may be caused by viruses. * Protect Against SYN Flood Attacks Windows includes protection that allows it to detect and adjust when the system is being targeted with a SYN flood attack (a type of denial of service attack). When enabled the connection responses time out more quickly in the event of an attack. * Prevent Denial of Service Attacks Denial of service attacks are network attacks that are aimed at making a computer or a particular service unavailable to network users. These settings can be used to increase the ability for Windows to defend against these attacks when connected directly to the Internet. It also eliminates DHCP vulnerability. * Disable listening on TCP port 445 Disables the raw SMB transport to cause malicious NetBIOS attacks and protect users from inadvertently exposing files on their computers, and also to block worms which spread via open file shares. 7) Pirms pievienot datoru atpakalj internetam (datoru tiiklam)... ieteicams uzinstaleet un aktivizeet kaadu no 3. punktaa mineetajiem ugunsmuuriem. Good Luck!!! -------------------- |
edg |
Jan 12 2005, 00:03
Post
#18
|
limpene grauž aknas Group: Jounin Posts: 2899 Joined: 17-February 04 From: PM |
Par probleemas atkalparaadiishanos:
* peec viirusa izdzeeshanas tas visdriizaak veikli no interneta atkal ieliida tavaa datoraa. Sasser ir ljoti epideemisks, normaals ieperinaashanaas laiks ir 40 sekundes. * antiviiruss tev vairs neko nepaliidzees, jo sasser vinju ir veiksmiigi piebeidzis Ietiekums: Lasi un klausi MareX postu, peec kura punktu izpildiishanas paarinstallee nortonu, jo tev vinjsh jau ir chupaa. -------------------- Mani posti top, jo tev dziivee truukst, ko lasiit! Es glaabju pasauli, piedaavaajot tai lasaamvielu! Kvalitaate, shvalitaate.
Disclaimer: Viss manis teiktais ir apshaubaams manis pasha no gaisa uzpuusts un uz punjkjiem balstiits viedoklis. |
zenofex |
Jan 12 2005, 00:44
Post
#19
|
Nausicaa fanboy Group: Jounin Posts: 1019 Joined: 12-February 04 From: Nav |
Aizmirsu veel atgaadinaat - Windows apdeitus jaasaliek, viens no vinjiem aizlaapiija to sasser caurumu ciet. Katraa gadiijumaa, paskaties pie add/remove programms vai ir likti kaadi apdeiti windiem. Konkreeti jaabuut shaadam updeitam KB835732.
Ja nav, tad te var nokachaat. -------------------- - "Amen, hallelujah and peanut butter!"
© Dutch, Black Lagoon |
MareX |
Jan 12 2005, 04:07
Post
#20
|
Heimin Group: Chuunin Posts: 17 Joined: 27-December 04 |
Tiko tikai pamaniiju... shito postu...
QUOTE(Yume @ Jan 11 2005, 21:02) Op, nezinu kā būs pēc piecam minūtēm, bet pagaidām edq piedāvālais stingers palīdzēja, vienīgais ka vīruss ko tas atrada bija SVCHost. Bet nu jau labas 5 minūtes dators pieklāīgi stradā. UPDT: nep, pēc minūtēm 6 šoreiz izslēdzās. Nu bāc, kas tam ķēmam ir? KO? Informaacijai: Par svchost.exe... Microsoft, WinTasks, Security Task Manager info... no Security Task Manager (The svchost.exe file is located in the c:\windows\System32 folder. In other cases, svchost.exe is a virus, spyware, trojan or worm!)... shii sisteemas servisa nosaukumu ir iecieniijushi taadi viirusi kaa... * W32.Welchia.Worm no WinTasks (svchost.exe is a process which is registered as the W32.Welchia.Worm. It takes advantage of the Windows LSASS vulnerability, which creates a buffer overflow and instigates your computer to shut down.)... * W32.Blaster.Worm no Symantec Security Response (Due to the random nature of how the worm constructs the exploit data, this may cause the RPC service to crash if it receives incorrect data. This may manifest as svchost.exe, generating errors as a result of the incorrect data.)... -------------------- |
MareX |
Jan 12 2005, 04:29
Post
#21
|
Heimin Group: Chuunin Posts: 17 Joined: 27-December 04 |
Veidi kaa izsargaaties no shaada tipa viirusem (neviens variants negarantee 100% aizsardziibu... jo kuru katru mirkli kaads ljoti gudrs cilveeks... kas pielieto savu talantu par labu tumshajiem speekiem... var radiit kaarteejo jauno super viirusu vai arii jaunu jau esosho viirusu hibriidu)...
1) Izmantot Microsoft hot-fixus... vadoties peec Microsoft, Symantec Security Response vai VirusList.COM informacijas (jaapiebilst ka shis veids nav novice lietotaajam piemeerots un prasa pastaaviigu apsekoshanu)... 2) Vai arii izmantot vienkaarshu, bet efektiivu utiliitu kaa SafeXP (atkaartojos sorry)... kas vienkaarshi atsleedz lielaako dalju no funkcijaam kas ljauj viirusiem nokljuut juusu datoraa... turklaat shiis funkcijas nemaz naf nepiecieshamas vienkaarsham lietotaajam (ja nu vieniigi... juusu dators iisteniibaa ir korporatiivs dators un juus nestraadaajiet ar vinju atrodoties pie vinja, bet atrodoties attaalaa vietaa ar interneta starpnieciibu)... Es personiigi iesaku izmantot 2. variantu... shad tad arii uzmetot aci web lapaam no 1. varianta... + veel kaadu pusliidz normaalu ugunsmuuri un Anti-Viirusu (kas attiecaas uz AV softu... tad peec pieredzes varu teikt... pat ja uzinstalee kaut 4. vai vairaak AV... var gadiities gadiijumi kad kaads atradiis taadas lietas ko cits neatrada un neatradiis ko cits atrada). -------------------- |
deBUGa |
Jan 12 2005, 09:44
Post
#22
|
Shishaku Group: Chuunin Posts: 374 Joined: 25-May 04 |
Ņja... tas ir sāpīgs pasākums... Vienreiz iemanījos dabūt līdzīgu vīrusu sistēmas installēšanas laikā. No tā laika pirms Windows installācijas rauju tīklavadu laukā (DHCP gadījumā).
QUOTE(Nezināms) Labāk nedabūt gribot nekā dabūt negribot. -------------------- viss augstāk uzrakstītais nepretendē uz absolūto patiesību un ir tikai mans subjektīvais viedoklis...
|
Inc |
Jan 12 2005, 09:59
Post
#23
|
Danshaku Group: Jounin Posts: 158 Joined: 22-July 04 |
Antivīruss rokas neiztaisnos.
|
Yume |
Jan 12 2005, 13:42
Post
#24
|
challenger Group: Jounin Posts: 3875 Joined: 4-March 04 |
Oi, tagad zināšu ko darīt, un ceru ka man pietiks laika to izdarīt.
Bet jebkurā gadījumā paldies, gudriem cilvēkiem par palīdzību! Un, jā.. ko lai dara ka rokas no nepareizās vietas aug, tur pat antivīrus nepalīdz. -------------------- |
Laugh|nGMan |
Mar 9 2005, 11:00
Post
#25
|
Samurai Group: Chuunin Posts: 118 Joined: 5-October 04 From: Riga, Latvia |
QUOTE(zenofex @ Jan 12 2005, 00:44) Aizmirsu veel atgaadinaat - Windows apdeitus jaasaliek, viens no vinjiem aizlaapiija to sasser caurumu ciet. Katraa gadiijumaa, paskaties pie add/remove programms vai ir likti kaadi apdeiti windiem. Konkreeti jaabuut shaadam updeitam KB835732. Ja nav, tad te var nokachaat. Zelta vārdi Vajadzīgs tikai ielāps. Bet viņu nav tik vienkārši novilkt, jo tiklīdz tu esi globālajā timeklī dažu sekunžu-minūšu laikā notiek restarts Tamdēļ komandrindā jāraksta kaut kāda shutdown delay komanda un tad varēs mierīgi novilkt to ielāpu. -------------------- Laugh|nGMan [ACF] [KOR] [CHN] [ARC]
|
ETM |
Mar 9 2005, 11:06
Post
#26
|
Very Old Fart Group: 40K Posts: 1177 Joined: 20-January 05 From: Man pajāt |
shutdown -a
-------------------- Because i can!
|
Laugh|nGMan |
Mar 9 2005, 11:40
Post
#27
|
Samurai Group: Chuunin Posts: 118 Joined: 5-October 04 From: Riga, Latvia |
Nu Yume! Tagad viss ir tavās rokās.
-------------------- Laugh|nGMan [ACF] [KOR] [CHN] [ARC]
|
ETM |
Mar 9 2005, 12:04
Post
#28
|
Very Old Fart Group: 40K Posts: 1177 Joined: 20-January 05 From: Man pajāt |
emmm... tas topiks ir 2 meeneshus vecs. shaubos, vai probleema veel ir aktuaala.
-------------------- Because i can!
|
Yume |
Mar 9 2005, 23:21
Post
#29
|
challenger Group: Jounin Posts: 3875 Joined: 4-March 04 |
Tu vari smieties, bet ir..
Es tiku galā ar system shutdown.. bet tas lsass vēlarvien nec laukā. Un tiklīdz es viņu aiveru, man slēdzās system restore. Imēģināts jau ir viss iespējamais, neskaitot- winda restartēšanu. Tagad gaidu brīvāku brīdi, lai to izdarītu. -------------------- |
jurc |
Mar 9 2005, 23:29
Post
#30
|
Tennou Group: Jounin Posts: 1993 Joined: 21-October 04 From: Liepāja |
Yume.. neilgi pēc šī topica izveidošanas, man bija tā pati problēma! Man palīdzēja tas ka pirmāmkārtām uzliku firewall, jo pamanīju ja slēdzas pie neta, ta viņš izmet to figņu, kā tīkla vadu izrauj ārā tā viss ok. Nācās bik pačakarēties kamēr novilku kādu firewall, jo parasti pie kādiem 98% kompis pārstartējās... Bet nu uzliku firewall, ta vēl antivīrusu un ar kompi tagad viss ir ok...
-------------------- |
Lo-Fi Version | Time is now: 27 April 2024 - 03:46 |