青松 Pine
欢乐时光病毒自发现至今,以其隐蔽性、难根除性和广泛、强有力的传播性使众多的电脑用户中了该病毒,并遭受了不同程度的恶性损失,有些用户中了该病毒还没察觉,到了发作时已不能“拯救”了,使整个系统甚至整部电脑都瘫痪,也有中了该病毒的电脑用户为了能彻底地将它消灭掉而绞尽脑汁,但始终都不能达到预期的目。 Since the discovery of the virus has happy hour, with its hidden, difficult to eradicate and broad, strong communication makes a large number of computer users in the virus, and suffered the loss of different degrees of malignancy, some users of the virus has not aware of, to attack when not "saved" so that the whole system or even the whole computer was paralyzed, but also the virus in the computer users in order to destroy it completely out of the brains, but still can not achieve the desired head. 笔者在上个星期也行了个“好运”,有幸和“欢乐时光”共舞了几天,所幸的是通过我不懈地同该病毒作艰苦的斗争后终于取得了彻底的胜利,同时由于走了不少的弯路,也积累了不少的经验和技巧。 I also line up in the last week a "good luck", honor, and "Happy Hour" dance for a few days, fortunately, is the same through my tireless fight hard for the virus after finally achieved a complete victory, while Since taking a lot of detours, and has accumulated a lot of experience and skills. 为了使已感染了该病毒的广大的电脑用户能少走些弯路,能更快、更有效、更彻底地消灭该病毒,同时也使没感染该病毒的电脑用户能对该病毒有更深入系统的认识,以便能更为有效地预防被该病毒感染的概率,在此特将我对该病毒的认识及杀毒方法、技巧写出来和广大朋友共勉。 In order to have been infected with the virus, the majority of computer users to take some detours less, faster, more efficient, more thorough elimination of the virus, but also not infected with the virus, computer users can have a better system for the virus understanding, in order to more effectively prevent the probability of being infected by the virus, especially in this my understanding of the virus and anti-virus methods, techniques, and the majority of friends encourage each other to write out.
一、欢乐时光的危害性 First, the danger of Happy Hour
该病毒具有极强的危害性,“毒性”巨大,已被列入高危害性的病毒,它的危害性主要表现在以下几个方面: The virus is extremely hazardous, "toxic" great, has been included in the high danger of the virus, its harm lies in the following areas:
1、逐步删除硬盘中的.EXE和.DLL文件,并破坏html、htm、htt、vbs 和asp 文件的内容(被修改成病毒代码); 1, and gradually remove the hard drive. EXE and. DLL files, and destruction of html, htm, htt, vbs and asp file (virus code has been modified);
其先期表现为系统资源严重不足,最终导致系统瘫痪。 The early performance of a serious shortage of system resources, eventually leading to system collapse.
2、该病毒会通过OUTLOOK EXPRESS邮箱地址簿自动向外转发带毒邮件,大量散发病毒邮件,本地的联系人地址越多,收件箱中信件越多,散发邮件数量也越多,造成的破坏也越大。 2, the virus through OUTLOOK EXPRESS mail address book to forward infected messages out automatically, distributing a large number of virus e-mail, contact address, the more local, more mail inbox, the number of messages distributed more damage the greater.
3、修改桌面墙纸的设置。 3, modify the desktop wallpaper setting. 我的电脑感染该病毒后被设置的墙纸在重新开机后就没了,开始我没察觉是“欢乐时光”的杰作时以为是我在打雷时开着电脑被雷打坏了我的主机,后来清除该病毒后此现象就没了。 My computer is infected with the virus after setting wallpaper gone after a reboot, I did not notice the beginning of "Happy Hour" is a masterpiece of thought that when I open the thunder broke my computer was mine host, and later clear the virus after this phenomenon gone.
4、不仅能使个人计算机系统瘫痪,同时还可感染HTML文件致使外部网页带毒,导致浏览该网站的用户都将受到感染,该病毒具有极强的传播能力。 4, not only make the personal computer system failures, but can also cause infection of the external website HTML files infected, leading to browse the site's users are infected, the virus is highly transmissible.
二、感染欢乐时光病毒后会出现哪些“症状” Second, happy hour virus infection which occurs after the "symptoms"
被该病毒感染后,总的来说电脑会减慢程序运行速度、增加文件尺寸、出现新的奇怪的文件、降低可以使用的内存总数、发出奇怪的显示和声音效果、打印出现问题、异常要求用户输入口令、死机现象增多、系统不认识磁盘或硬盘不能引导系统等,具体表现为: After being infected by the virus, the whole computer will slow down the running speed, increase the file size, file a new strange, can be used to reduce the amount of memory, display, and a strange sound effects, printing problems, unusual requests user enter a password, the phenomenon of death increased, the system does not recognize the disk or hard disk can not boot system, specifically as follows:
1、机器不能正常启动。 1, the machine does not start. 加电后机器根本不能启动,或者可以启动,但所需要的时间比原来的启动时间变长而且有时会突然出现黑屏现象。 Power of the machine can not start, or you can start, but needs more time than the original start time will be longer and sometimes sudden blank screen.
2、运行速度降低。 2, the speed reduction. 如在运行某个程序时,读取数据的时间比原来长,存文件或打开文件的时间都增加了。 If you run a program, read a long period of time than the original, save the file or open a file of time have increased.
3、内存空间迅速变小。 3, the memory space quickly becomes smaller. 由于该病毒程序可以进驻内存,而且又能繁殖,因此可使内存空间逐渐变小最终变为“0”,用户什么信息也进不去。 Because the virus can be stationed in the memory, and can reproduce, so the memory can eventually become gradually smaller, "0", the user what information anyhow.
5、经常出现“死机”现象。 5, often "crash" phenomenon. 正常的操作极少会造成死机现象,如果机器经常死机,那可能是由于系统被病毒感染了。 Normal operation of the phenomenon rarely cause crashes, often if the machine crashes, it may be because the system is virus infected.
6、外部设备工作异常。 6, the external device is not working. 外部设备在工作时出现一些用理论或经验说不清道不明的异常现象,如经常表现为在打印时出现错误的消息框,我那时中了此病毒时就常出现后台打印错误的消息框,提示后台元文件错误或内存不足等,清除此病毒后此现象就没了。 External devices at work, some experience with the theory or explain Tao unknown anomaly, as has been expressed in print an error message box, I was in this virus often appear when the spooler error message box, prompt background metafile error or memory shortage, etc., remove this virus gone after this phenomenon.
7、经常出现无故自动关机。 7, often automatically shut down for no reason. 在进行电脑操作时经常会突然无故地自动关机。 During operation, the computer will often suddenly and automatically shut down for no reason.
8、在进行电脑操作时频繁出现内存不足的消息框。 8, during the frequent computer memory when the message box. 有些用户反映说中了该病毒后,WIN98开机后速度很慢,128M的内存运行一些小程序居然提示说内存资源不足。 Some users have reported that in the virus, WIN98 boot is very slow, 128M of memory to run small programs that actually prompted the memory resources. 同时按下ctrl+alt+del时,出现的关闭程序提示框内,出现有一连窜的wrispt程序,并不断的增加,但多次重启,开关机仍不消失。 While pressing ctrl + alt + del, the prompt box that appears close the program, there are a row channeling wrispt program, and continue to increase, but many times restart, switch machine does not disappear.
9、出现许多奇怪的现象,如我的一位曾中了该病毒的朋友对我说他那时在打开电脑时,机器就会不停的跳出一个对话框,问你要以何种方式打开 9, there were many strange phenomena, such as the one I had in the virus when a friend told me that he open the computer, the machine will stop pop up a dialog box asking what you want to open
C:WINDOWSHELP.VBS C: WINDOWSHELP.VBS
文件,删除该文件后,如果你什么都不动,它就不再跳出来,但是你一旦打开任何程序,它就又开始跳出这个对话框,问你要以何种方式打开C:WINDOWSHELP.VBS File, delete the file, if you do not move, it will not come out, but once you open any program, it began to jump out of this dialog box asking how you want to open the C: WINDOWSHELP.VBS
文件,直到你内存不足而死机! File, until you memory and crash!
三、如何确定已感染欢乐时光病毒 Third, how to determine the virus has infected Happy Hour
如果你的电脑出现了以上任何一种或一种以上的现象,就有可能中了病毒,但如果症状还不是很明显话还是不能断定中了病毒,至少不能断定中的是欢乐时光病毒,判断是否中了欢乐时光病毒,最简单的方法是用能查杀该病毒的杀毒软件进行查杀,但是在目前,不少的杀毒软件厂商都称能查杀此病毒,但实际上情况并不是那么的乐观。 If your computer has one or more of any of the above phenomenon, it is possible the virus, but if the symptoms are not very clear, then, or can not conclude that the virus, at least not in the happy hour to determine the virus, to determine is in a happy hour virus, the simplest method is to use to killing the virus killing anti-virus software, but in the present, many antivirus software vendors are said to killing the virus, but in fact the situation is not so of optimism. 我的电脑被该病毒感染后就用了先后有三四个最新版本并称能彻底杀死该病毒的软件进行查杀结果是杀掉了一百多个的“欢乐时光”,但不知它是在不断的“生儿育女”还是没杀干净,始终不能彻底将它杀光,最后还得用手工作业才完全彻底地杀掉该病毒。 My computer was infected by the virus after three or four with the latest version has claimed to completely kill the virus software is the result of killing more than a hundred killed the "Happy Hour", but I do not know it was constant "having children" did not kill or a clean, still can not completely kill it, and finally had to hand the work of industry that is fully and completely kill the virus. 所以,如果你怀疑你的电脑中了该病毒,而你的杀毒软件又不能查出来的话,最好用手工查一查,以便一旦真的中了能及时查出来并采取有效的手段将它彻底地消灭掉,从而避免由该病毒造成不必要的损失。 So, if you suspect your computer has the virus and your anti-virus software can not check out, then check out the best hand, so that if really check out in a timely and effective means to take it completely land destroyed, caused by the virus in order to avoid unnecessary losses. 手工查毒的方法是: Manual virus scanning method is:
1、点击“开始”菜单,单击“查找”命令,选择“文件或文件夹”,在弹出的“查找:所有文件”的对话框的“名称”里输入“htm”或“html”、 “htt”、“asp”(输入时勿加引号),在“搜索”中选择“本地硬盘驱动器C;D”,等电脑搜索出所有的“htm”或“html”、“htt”、 “asp”文件后,看看有没有一些设备中的这类文件(如WIN98的帮助文件)的修改日期是否近期被修改的(即看看是否近期被欢乐时光病毒修改过,一般来说这些文件用户都不需也不去修改),如果发现这些文件中有些的修改日期显示是近期的,则就可能中了该病毒了,但这还不能完全确定,需进一步检查。 1, click the "Start" menu, click "Find" command, select "Files or Folders" in the pop-up "Find: All Files" in dialog "Name", enter "htm" or "html", " htt "," asp "(input not in quotes), in the" Search "and select" Local Hard Drive C; D ", and other computer search of all the" htm "or" html "," htt "," asp " file, see if there is some equipment in such documents (such as help files WIN98) whether the recent modified date is changed (ie, happy hour to see if the virus has recently been modified, in general, users of these documents are not not to be modified), if we find some of these files show is a recent modification date, then the virus may be in, but this can not be determined, need further examination.
2、打开上述所说的可疑的这类文件。 2, open the above mentioned type of suspicious files.
3、在IE中,点击“查看”选中“源文件”。 3, in IE, click on "View" select "source."
4、在打开的笔记本中点击“搜索”选中“查找”命令,将“Rem I am sorry! happy 4, in the open notebook click "search" select "Find" command, the "Rem I am sorry! Happy
time” 复制上去然后点击“查找下一个”,如果能查到此字串,表明该文件已被感染或者说你的电脑已被该病毒感染了,如果没发现该字串则表明此文件没被该病毒感染但这并不表明你的电脑没有被该病毒感染,因此,如果查了一二个文件没查出来,为保险起见,有必要查十个或二十个以上可疑的这类文件,然后就可以确定了。 time "copy up and click" Find Next ", if this string is found, indicating that the file is infected or that your computer has been infected by the virus, if it did not find the string indicates that this file is not The virus does not mean that your computer is not infected by the virus, so if a search did not check out two files, for insurance purposes, it is necessary to check the ten or twenty or more suspicious of such documents, can then be determined.
四、消灭欢乐时光病毒的方法及技巧 Fourth, happy hour virus eradication methods and techniques
鉴于欢乐时光病毒有很大的隐蔽性,所以想彻底杀光它仅靠市面上的即使是最新的声称是最好的杀毒软件恐怕也很难达到预期的目的,有不少的用户都反映很难将它彻底清除,受害不浅,搞得人头昏脑胀,我中了该病毒后就如此,烦得不得了,差点疯了,不过后来还是被我想出了办法将它“摆平”了。 Given a great happy hour virus hidden, so I want to completely kill it alone even if the market is the latest claim is probably the best anti-virus software is difficult to achieve the intended purpose, many users are reflected very It is difficult to completely remove the victim does not light, and made people confused, and I in the virus after that, very, very tired, almost crazy, but I was still being figured out a way to it "settle" the . 那么,怎样才能稳妥地“斩斩草除根”呢? So, how can we safely "cut extermination" mean? 以下是我个人的杀毒方法和经验: The following is my personal anti-virus methods and experience:
1、在解毒之前,先备份重要的数据文件,哪怕是有毒的文件。 1, in detoxification before you back up important data files, even if it is toxic paper. 一旦解毒失败了,你仍可以将这些文件恢复回来,再使用其它解毒软件进行修复。 Once detoxification fails, you can still restore these files back, and then use other software to repair detoxification. 尽管这种可能性不大,但也要预防万一。 Although this is unlikely, but also to prevent the event.
2、用三个以上能查杀该病毒的杀毒软件依次进行查杀。 2, with three more to killing the virus anti-virus software, in turn killing. 为什么要这样做呢? Why do this? 我中了该病毒后用一个市面上非常有名的也被公认为优秀的杀毒软件进行查杀,结果当时清除了一百多个欢乐时光的病毒,我当时以为彻底地将它消灭了,不想过了一星期又出现了带有该病毒的邮件,于是我就用该杀毒软件再次进行查杀,却又查不出来,后来我就到网上下载了另二个也是非常有名的称能杀死该病毒的软件轮流进行查杀,才基本上将它清除的七七八八,但还没能将它彻底地消灭掉,直至后来我再用手工删除了运行该病毒的某些程序(此法将在后面介绍)才把它彻底地杀光了。 I have the virus in the market with a very famous also been recognized as excellent anti-virus software to killing, the result was more than a hundred happy hour cleared the virus, I thought it would be completely eliminated, do not want too a week with the virus appeared mail, so I use the antivirus software killing again, but not check out, then I went to download the other two are also very famous saying to kill the virus software turns the killing, it was basically cleared 7788, but it can not completely destroyed, until then I then manually delete the virus to run some programs (this method will described later) before you get it completely kill the.
3、启动杀毒软件后,在“扫描位置”设置表中选择“全部硬盘”,在“扫描目标”中的复选项中选择“内存”、“扇区目标”、“文件”、“压缩程序”的设置(如果病毒是从BBS 3, start anti-virus software, in the "scanning position" settings menu, select "All drives" in the "scan targets" in the complex options, select "Memory", "target sectors", "document", "compression program "settings (if the virus is from BBS
和因特网下载的包裹文件中感染的,则一定要打开“包裹文件”这项设置才能将它们清除)。 And the Internet to download the package file infection, be sure to open the "package file" this set before they can be removed).
在杀毒的过程中,如果出现某些被感染病毒的文件不能被杀毒软件清除,则应将它们删除掉。 In the process of virus, if there is some virus-infected files to be anti-virus software can not be removed, they shall be removed.
4、删除收件箱中所有带有Untitled.htm 附件的邮件。 4, to delete all Inbox mail attachments with Untitled.htm.
5、欢乐时光是用VBScript编写的一段恶意脚本。 5, Happy Hour is a malicious script written in VBScript. VBScript代码在本地是通过Windows Script VBScript code locally by Windows Script
Host解释执行的,将它删除后,你的计算机就丧失了对VBScript的执行能力,这样,你就再也不用担心这些用VBS和JS编写的E-MAIL病毒了,而且还能预防新的E-MAIL病毒呢。 Host interpreted, and delete it, your computer will lose the ability to execute on the VBScript, so you no longer have to worry about with VBS and JS E-MAIL written the virus, but also to prevent the new E -MAIL viruses do.
Windows Script Windows Script
Host本来是被系统管理员用来配置桌面环境和系统服务,实现最小化管理的一个手段,但对于大部分一般用户而言,WSH并没有多大用处,所以最好禁止Windows Host was originally used by the system administrator configure the desktop environment and system services, to achieve a means to minimize the management, but for most general users, WSH, and not much use, so it is best to prevent Windows
Script Host, 禁止VBScript(JScript)文件执行有以下几种办法: Script Host, banned VBScript (JScript) file to perform are the following ways:
⑴、在“我的电脑”—“查看”—“文件夹选项”对话框中,点击“文件类型”,删除VBS、VBE、JS、JSE文件后缀名与应用程序的映射。 ⑴, in the "My Computer" - "View" - "Folder Options" dialog box, click "File Types", delete the VBS, VBE, JS, JSE file extension and application mapping.
⑵、在Windows目录中,找到WScript.exe和JScript.exe,更改其名称或者干脆删除。 ⑵, in the Windows directory, find WScript.exe and JScript.exe, change its name or simply deleted.
⑶、在Win9X和Windows NT4.0上,可以通过“控制面板”中的“添加/删除程序”项来安全删除“Windows Script ⑶, in Win9X and Windows NT4.0, you can through the "Control Panel" in the "Add / Remove Programs" item to Safely Remove "Windows Script
Host”。 Host ".
杀毒时的注意事项: Anti-virus precautions:
⑴、不要一下子安装过多的杀毒软件,最多一次装二个,将它备份,用了后就御掉,要用时再重新安装,因为它们之间有些并不兼容,我就曾一下子装了三个造成了多次自动关机,并差点儿开不了机的,后来御了一个后才恢复了过来。 ⑴, not too much at once anti-virus software installed, two at most once installed, will it back up, took off after the Imperial, to use when re-installing, because some are not compatible between them, I had a sudden installed three automatic shutdown caused by a number, and almost can not be switched, but then after the recovery of a royal over.
⑵、尽量不要用二个以上的杀毒软件同时进行杀毒,这样可能会使硬盘受损,我曾有个朋友就是用二个杀毒软件同时进行杀毒而杀坏硬盘的。 ⑵, try not to use more than two anti-virus anti-virus software at the same time, this may cause hard disk damage, I had a friend is to use two anti-virus and anti-virus software at the same time kill the bad hard drive.
五、预防被欢乐时光感染 Fifth, the prevention of infection by Happy Hour
1、在计算机上安装实时化带有防火墙的杀毒软件, 1, installed on your computer with real-time anti-virus software firewall,
这类杀毒软件会时刻监视用户对外的任何操作。 Such anti-virus software will always monitor any user of foreign operations. 如从网上下载有关文件或接收电子邮件,运行有关邮件附件的文档或程序时, If the documents downloaded from the Internet or receive e-mail attachments to run on a document or program,
时刻监视着这些文件是否带毒。 These files are always monitoring the infected. 如有,会自动进行报警,并立即清除,不需人为干涉,当然对于这些软件要及时升级,才能取得最佳的效果。 If yes, the alarm will automatically and immediately remove, without human intervention, of course, in time for the software upgrade, in order to achieve the best results.
2、尽量不要公开自己的电子邮件地址,这样做一则可以避免收到有问题的邮件,二来也可避免收到大量的无用广告。 2, try not to open their own email address, do one avoid the problem of e-mail received, and secondly, to avoid receiving a lot of useless ads. 同时如果发现邮箱中有不明来源的邮件应小心谨慎对待,尤其是带有可执行附件的邮件,如.EXE、.VBS、.JS等,尽量第一时间将它们删除掉。 And if that mailbox has a message of unknown origin should be treated carefully, especially with executable attachments such as. EXE,. VBS,. JS, so as to remove them first time out.
3、关闭邮件“预览”特性。 3, turn off message "Preview" feature. 带有欢乐时光病毒的邮件极有可能就是在预览的时候执行,为稳妥起见,请关闭邮件的“预览”窗口,关闭的方法是:点击OUTLOOK EXPRESS Happy Hour with e-mail virus is most likely when the execution in the preview, for the sake, turn off the message "Preview" window is closed: Click OUTLOOK EXPRESS
工具菜单上的“查看”,选中“布局”,在出现的对话框中清除“显示预览窗格”。 Tools on the menu "View", select "Layout" in the dialog box that appears, clear the "Show preview pane."
4、建议使用网景Netscape的邮件系统。 4, it is recommended to use Netscape Netscape's mail system. 目前包括欢乐时光在内的所有邮件病毒主要的攻击目标是微软的OUTLOOK,一则MICROSOFT树大招风,许多别有用心之人想靠攻击它的薄弱环节来显示自己实力,二则微软的邮件系统一直被专家认为有很多漏洞。 Now including Happy Hour, including all e-mail virus mainly targets the Microsoft OUTLOOK, a MICROSOFT tree attracts the wind, many ulterior motives of the people rely on attack its weak link to show their strength, two of Microsoft's mail system has been experts There are many loopholes. 因此如果各位有兴趣的话不妨换一种邮件系统,试试网景(据说Netscape漏洞还是比较少),也许会好些。 So if you are interested may wish to change their e-mail system, try Netscape (Netscape said loopholes or less), may be better.
5、在OUTLOOK EXPRESS工具菜单上点击“工具/选项/安全”中选择“受限站点区域(较安全)”。 5, in OUTLOOK EXPRESS click on the Tools menu "Tools / Options / Security", select "Restricted sites zone (More secure)."
6、不要浏览色情网站,以免接触到带有该病毒的网页而被感染。 6, Do not visit porn sites, so as not to come into contact with the virus were infected Web page.
7、Happytime的运行利用了IE的scriptlet.typelib等漏洞,使它在创造、编辑你的文件系统时IE不会弹出警告对话框。 7, Happytime run using the IE scriptlet.typelib other loopholes in it to create, edit your file system, IE will not pop up a warning dialog box. 建议你去微软下载相应的补丁程序,地址是http://www.microsoft.com/windows/ie_intl/cn/security /eyedog.htm,升级后碰到此类的脚本,IE就会弹出警告对话框,由你决定是否运行,就再不会出现点击邮件的主题病毒就自动执行的情况了。 I suggest you to download the Microsoft patch, the address is http://www.microsoft.com/windows/ie_intl/cn/security/eyedog.htm, upgraded encounter this kind of script, IE will pop up a warning dialog box , whether you decide to run, it then click the subject of the message will not appear automatically execute the virus on the situation.
Tidak ada komentar:
Posting Komentar