أستغفر الله العظيم ... سبحان الله وبحمده



العودة   منتديات داماس > برامج الكمبيوتر والانترنت > برامج


مواضيع مميزة  


آخر عشرة مواضيع المواضيع النشطة


08-10-2004, 07:39 PM
بوعبداللطيف غير متصل
عضـو
رقم العضوية: 14472
تاريخ التسجيل: Sep 2004
المشاركات: 3
إعجاب: 0
تلقى 0 إعجاب على 0 مشاركة
تلقى دعوات الى: 0 موضوع
    #1  

حل لمشكلة فايرووووس ؟!؟!


لمشكلة فايرووووس ؟!؟! ..
يعطيكم العافية اخواني ..
بصراحة اعاني من مشكلة فايروس مادري وش يبي لمشكلة فايرووووس ؟!؟!
اسمه ( svcsp.exe )
احذفه ويرد يطلع لي بعد فترة يقول المكافي انه هناك فايروس اسمه كذا ..
ولا يمكن اصلاحه او حذفه من خلال برنامج المكافي ..
فاذهب لمكان الملف واحذفه وتروح الرسالة .. وبعد يومين 3 يطلع لي مرة ثانية ..
اتمنى الافادة :(:(





المواضيع المشابهه
الموضوع كاتب الموضوع المنتدى مشاركات آخر مشاركة
اريد حل لمشكلة النيرو خالد السيف صيانة الكمبيوتر وحلول الحاسب الألي - هاردوير 7 03-09-2010 05:02 PM
ارجو حل لمشكلة الرامات سعيد المصرى 22 برامج 8 02-02-2010 04:54 PM
طلب حل لمشكلة هذة النجوم abonabih22 صيانة الكمبيوتر وحلول الحاسب الألي - هاردوير 8 22-01-2010 03:29 PM
حل لمشكلة التراكر شيخ عرب تبادل الملفات: تـورنت 3 18-06-2009 08:12 PM
اريد حل لمشكلة م رفض الوصول ابو المجاهدين تبادل الملفات: تـورنت 1 24-09-2007 01:05 PM
08-10-2004, 09:09 PM
بوعبداللطيف غير متصل
عضـو
رقم العضوية: 14472
تاريخ التسجيل: Sep 2004
المشاركات: 3
إعجاب: 0
تلقى 0 إعجاب على 0 مشاركة
تلقى دعوات الى: 0 موضوع
    #2  

:(:(:(:(:(:(:(:(:(

08-10-2004, 09:34 PM
arabic-lion غير متصل
عضو محترف
رقم العضوية: 375
تاريخ التسجيل: Jun 2003
المشاركات: 400
إعجاب: 0
تلقى إعجاب 1 على مشاركة واحدة
تلقى دعوات الى: 0 موضوع
    #3  


http://www.trendmicro.com/vinfo/viru...WORM_AGOBOT.UJ

WORM_AGOBOT.UJ






Overview Technical Details





QUICK LINKS Solution | Understanding New Pattern Format

--------------------------------------------------------------------------------

Virus type: Worm

Destructive: No

Pattern file needed: 1.952.32

Scan engine needed: 6.810

Overall risk rating: Low

--------------------------------------------------------------------------------

Reported infections: Low

Damage Potential: High

Distribution Potential: High



--------------------------------------------------------------------------------

Description:

This memory-resident worm is another variant of the AGOBOT family that exploits the vulnerabilities discussed in the following pages:


Microsoft Security Bulletin MS03-026
Microsoft Security Bulletin MS03-007
Microsoft Security Bulletin MS03-001
This worm propagates through network shares* and drops a copy of itself as SVCSP.EXE in the Windows system folder. It uses a list of user names and passwords to gain access to shared folders.

It acts as a server program controlled by an Internet Relay Chat (IRC) bot* thus capable of certain backdoor activities.

It is also capable of stealing the CD keys of popular Windows-based games and terminating certain programs.

This worm also is capable of launching denial of service (DoS) attacks. Lastly* it modifies the HOSTS file* which prevents the user from accessing certain antivirus and security Web sites.

It runs on Windows 95* 98* ME* NT* 2000 and XP.

Solution:



Restarting in Safe Mode

» On Windows 95


Restart your computer.
Press F8 at the Starting Windows 95 message.
Choose Safe Mode from the Windows 95 Startup Menu then press Enter.

» On Windows 98 and ME


Restart your computer.

Press the CTRL key until the startup menu appears.

Choose the Safe Mode option then press Enter.

» On Windows NT (VGA mode)


Click Start>Settings>Control Panel.
Double-click the System icon.
Click the Startup/Shutdown tab.
Set the Show List field to 10 seconds and click OK to save this change.
Shut down and restart your computer.
Select VGA mode from the startup menu.

» On Windows 2000


Restart your computer.

Press the F8 key* when you see the Starting Windows bar at the bottom of the screen.

Choose the Safe Mode option from the Windows Advanced Options Menu then press Enter.
» On Windows XP


Restart your computer.

Press F8 after the Power-On Self Test (POST) is done. If the Windows Advanced Options Menu does not appear* try restarting and then pressing F8 several times after the POST screen.
Choose the Safe Mode option from the Windows Advanced Options Menu then press Enter.
Terminating the Malware Program

This procedure terminates the running malware process.

Open Windows Task Manager.
» On Windows 95* 98* and ME* press
CTRL+ALT+DELETE
» On Windows NT* 2000* and XP* press
CTRL+SHIFT+ESC* then click the Processes tab.
In the list of running programs** locate the process:
SVCSP.EXE
Select the malware process* then press either the End Task or the End Process button* depending on the version of Windows on your system.
To check if the malware process has been terminated* close Task Manager* and then open it again.
Close Task Manager.

--------------------------------------------------------------------------------
*NOTE: On systems running Windows 95* 98* and ME* Windows Task Manager may not show certain processes. You can use a third party process viewer such as Process Explorer to terminate the malware process. Otherwise* continue with the next procedure* noting additional instructions.
Removing Autostart Entries from the Registry

Removing autostart entries from the registry prevents the malware from executing at startup.

Open Registry Editor. Click Start>Run* type REGEDIT* then press Enter.
In the left panel* double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>Run>
In the right panel* locate and delete the entry or entries:
MsnServices = "svcsp.exe"
In the left panel* double-click the following:
HKEY_LOCAL_MACHINE>Software>Microsoft>
Windows>CurrentVersion>RunServices
In the right panel* locate and delete the entry or entries:
MsnServices = "svcsp.exe"

--------------------------------------------------------------------------------
NOTE: If you were not able to terminate the malware process as described in the previous procedure* restart your system.
Removing Malware Entries from the HOSTS file

Deleting malware entries from the HOSTS file prevents the redirection of antivirus Web sites to the local machine.


Open the following file using a text editor (such as NOTEPAD):
%System%\drivers\etc\HOSTS
(Note: %System% is the Windows system folder* which is usually C:\WINNT\System32 on Windows NT and 2000* and C:\Windows\System32 on Windows XP.)
Delete the following entries:
127.0.0.1 avp.com
127.0.0.1 ca.com
127.0.0.1 customer.symantec.com
127.0.0.1 dispatch.mcafee.com
127.0.0.1 download.mcafee.com
127.0.0.1 f-secure.com
127.0.0.1 kaspersky.com
127.0.0.1 liveupdate.symantec.com
127.0.0.1 liveupdate.symantecliveupdate.com
127.0.0.1 mast.mcafee.com
127.0.0.1 mcafee.com
127.0.0.1 my-etrust.com
127.0.0.1 nai.com
127.0.0.1 networkassociates.com
127.0.0.1 rads.mcafee.com
127.0.0.1 secure.nai.com
127.0.0.1 securityresponse.symantec.com
127.0.0.1 sophos.com
127.0.0.1 symantec.com
127.0.0.1 trendmicro.com
127.0.0.1 update.symantec.com
127.0.0.1 updates.symantec.com
127.0.0.1 us.mcafee.com
127.0.0.1 viruslist.com
127.0.0.1

www.avp.com
127.0.0.1

www.ca.com
127.0.0.1

www.f-secure.com
127.0.0.1

www.kaspersky.com
127.0.0.1

www.mcafee.com
127.0.0.1

www.my-etrust.com
127.0.0.1

www.nai.com
127.0.0.1

www.networkassociates.com
127.0.0.1

www.sophos.com
127.0.0.1

www.symantec.com
127.0.0.1

www.trendmicro.com
127.0.0.1

www.viruslist.com
Save the file and close the text editor.
RECOMMENDATIONS

Applying Patches

This malware exploits known vulnerabilities affecting the Windows NT platforms. Download and install the following patches to secure your system:

Microsoft Security Bulletin MS03-026
Microsoft Security Bulletin MS03-007
Microsoft Security Bulletin MS03-001
Refrain from using your Microsoft product until the appropriate patch has been installed. Trend Micro advises users to download critical patches upon release by vendors.

Additional Windows ME/XP Cleaning Instructions

Running Trend Micro Antivirus

Scan your system with Trend Micro antivirus and delete all files detected as WORM_AGOBOT.UJ. To do this* Trend Micro customers must download the latest pattern file and scan their system. Other Internet users can use HouseCall* Trend Micro's free online virus scanner.

Trend Micro offers best-of-breed antivirus and content-security solutions for your corporate network* small and medium business or home PC.



For additional information about this threat* see Technical Details.


 


حل لمشكلة فايرووووس ؟!؟!

English

Powered by vBulletin® Version
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
The owner and operator of the site is not responsible for the availability of, or any content provided.
Topics that are written in the site reflect the opinion of the author.
جميع ما يُطرح من مواضيع ومشاركات تعبر عن رأي كاتبها ولا تعبر عن رأي مالك الموقع أو الإدارة بأي حال من الأحوال.