Current location - Plastic Surgery and Aesthetics Network - Plastic surgery and medical aesthetics - Somebody help me, my computer is always under attack.
Somebody help me, my computer is always under attack.
Got the virus intrusion.win.mssql.worm.helkern.

Invasion. Win.mssql.worm.helkern is a very harmful worm. The worm uses a buffer overflow vulnerability to enter the victim's machine. It will send itself to Microsoft SQL 1434 port with random IP address. That's why many friends saw it attack their computers. Actually, you don't need to worry. This virus will only infect the computer's memory (it will disappear after you turn it off). Under the defense of Kabbah, it will never appear or exist in your computer.

Brief description of the virus:

Bugs. SQL.Helkern is a widespread worm virus, which has been spreading all over the world since June 5438+1October 25th, 2003, causing network paralysis in many areas. An Tian Lab captured the virus spreading package on the same day, analyzed it, and provided the following solutions.

Because this worm is a memory worm without a file carrier, it will not leave any back door in the system, and it will be cleared as long as it is restarted. Just because a large number of machines around the world are constantly scanning after being infected, they may be infected immediately after being turned on. After being infected, due to the rapid exhaustion of resources, it may enter a state of suspended animation, affecting user configuration and patch operation.

At the same time, because users all over the world download through Microsoft, Microsoft's website will be slow and it may be difficult to download and upgrade. Users can process in the following order.

The treatment scheme is as follows:

The first step, the user first checks the system:

All users who don't install SQL Server will not be infected, so they don't have to do anything. All users who have installed SQL Server but have installed Sql Server SP3 will not be infected.

If users don't know if their machine is at risk, they can download the AntiPort to see if udp 1434 is open:

Address:/service/freetools/antiyport.zip.

If users are not sure whether they need to install patches, they can download sql Vulnerability Viewer:

Address:/products/freetools/sqlcheck.exe

Step 2: Prohibit the connection of 1434 port: Users with a single firewall can prohibit the connection of 1434 port through the firewall. Users who do not have a firewall can install an independent firewall, or they can only allow necessary connection ports by configuring the advanced properties of the network card to achieve the purpose of prohibiting connections. When configuring, users are advised to unplug the network cable.

With this configuration, all UDP connections will be blocked.

After the configuration is completed, the user can restart the computer and then download the SQL Server SP3 patch.

Patch address:/SQL/downloads/2000/SP3.asp.

If the download speed of sp3 is slow, you can download a patch separately first.

Patch address:/blog/00489215/00197255.shtml.

Related articles
  • Please briefly describe the technological points of bread dough and bread making.
  • Where do men go for plastic surgery? Be very private and professional! Shy question!
  • How about Changsha Shi Sheng Sunshine New Energy Co., Ltd.?
  • Six days after a girl is born, the woman born on which day is blessed.
  • It is said that skin aging is the loss of collagen. Is there any way to supplement collagen?
  • What movies did the heroine in the movie "Lovely Bones" appear in?
  • What good enrollment activities are there in the micro-plastic surgery training school?
  • Is there any standard for the bending life of cables?
  • Will Botox stovepipe rebound?
  • Which Chinese medicine prescriptions can lose weight?

    • copyright 2024 Plastic Surgery and Aesthetics Network All rights reserved