Inoona uye inobvisa mafaira anofungidzirwa kana malware muC:\Windows

Mundobytes » Anti-malware » Maitiro ekuona uye kubvisa anofungidzira mafaera kana malware muC:\Windows

Iyo C: \ Windows folda inogara ichitariswa malware uyo anotsvaka kuenda asingaonekwi.
Maturusi emahara seMicrosoft Safety Scanner uye forensic ongororo inogona kuona nekubvisa kutyisidzira.
Pane nzira dzepamusoro dzekutevera chiitiko chakaipa nekuongorora matanda, Prefetch uye Registry Windows.

Tarisa mafaera anofungidzirwa uye malware muWindows

Tsvaga uye bvisa mafaira ekufungira kana malware mudhairekitori C: \ Windows Iri rimwe remabasa ayo, kunyangwe angaite seanongoitwa nenyanzvi mune cybersecurity, chero mushandisi weWindows anofanirwa kunyatsoziva. Microsoft's sisitimu yekushandisa ndeye, nemasikirwo, inogaro tariswa kune mavhairasi, Trojans, ransomware, uye marudzi ese ekutyisidzira, saka kuchengetedza komputa yako yakachena uye yakachengetedzwa kwakakosha kudzivirira matambudziko makuru. Kana iwe wakambofungidzira kuti faira yakavanzika kana maitiro anogona kukanganisa kuchengetedzwa kwekombuta yako, chinyorwa ichi chakagadzirirwa kukupa makiyi ese uye matekiniki - ese ehunyanzvi uye epamba - iwe unofanirwa kuona chero faira rinogona kuve nengozi munguva uye kuziva maitiro ekuita.

Tisati tatanga, zvinokosha kuti tiyeuke izvozvo kudzivirira Chichiri chombo chako chakanakisa. Kuve neantivirus yakagadziridzwa uye pfungwa shoma kana uchitsvaga uye kurodha mafaera ndiwo matanho ekutanga ekudzikisa njodzi. Nekudaro, kunyangwe kutora matanho ekuzvidzivirira, hapana anosunungurwa kubva mukusangana nekutyisidzira kwakaoma kunonzvenga dziviriro yechinyakare. Naizvozvo, kuziva makwara, maturusi, uye maitiro ekuongorora uye kuronda mafaera akashata, kunyanya mukati C: \ Windows, ichakubvumira kuti uite zvinobudirira kune chero chiratidzo chetachiona.

Sei iyo C: \ Windows folda iri kunzwisiswa?

Kana iwe wakabvunza maforamu, akasarudzika mawebhusaiti kana zviri pamutemo Microsoft zvinyorwa, iwe unotozviziva kare C: \ Windows dzimba dze mafaera akakosha ye sisitimu yekushandisa. Pano, akakosha mafaera ari pamutemo anogara pamwe nemamwe angave ari chena yakakwana nokuda kwezvirwere. Muchokwadi, kutyisidzira kwakawanda kunoda kuzvivharisa mukati C: \ Windows kana maforodha ayo anoshandisa mazita akafanana nemafaira ari pamutemo, zvichiita kuti zviome kuona.

Delete kana shandura faira riri munzira iyi usingazivi chaizvo basa rayo rinogona kukonzera kusagadzikana muhurongwa kana kutokonzeresa Windows kumira kubhowa. Ndosaka uchifanira kugara uchienderera mberi nekuchenjerera uye kutsvaga ruzivo rwakavimbika nezve faira rega rega rinofungidzirwa usati watora matanho akasimba.

Mhando dzemafaira anofungidzirwa aungasangana nawo

Mukati C: \ Windows uye maforodha ayo anoenderana (System32, Temp, Prefetch, debug, nezvimwe.)

.tmp mafaira: Mwanakomana mafaira echinguvana iyo, pasi pemamiriro ezvinhu, haifaniri kuramba iri pahurongwa kwenguva refu. Kana ukawana .tmp mafaira mukati C: \ Windows o C: \ Windows \ Temp Mafaira makuru kana asinganzwisisike ane mazita anogona kunge ari masara emalware.
.exe, .dll kana .sys mafaira: Zvinoitwa (.exe), maraibhurari (.dll) uye vatyairi (.sys) anosarudzwa kuitira kutyisidzira. Mamwe akajairika-asi emanyepo-mazita anotevedzera zviri pamutemo mafaera eWindows, saka kutarisa nzvimbo yavo uye siginecha yedhijitari kwakakosha.
Mafaira ane mazita asina kurongeka kana asingatsananguri: Mafaira akadai abc123.exe o asdjk.tmp Iwo anowanzo kugadzirwa nemarware ayo anotsvaga kuenda asina kucherechedzwa pakati peakakodzera system mafaira.
Mafaira mumadhairekitori asina kujairika: Kana iwe ukawana executables mumaforodha senge C: \ Windows \ debug kana mafaira makuru mukati C: \ Windows \ Prefetch, ongorora kwaakabva asati aabvisa.

Nzira yekugovera sei Instagram reel kune nyaya yako? Android uye iOS

Zvishandiso uye nzira dzekuongorora mafaira anofungidzirwa

Kuziva uye kumisa mafaera ane hutsinye, Iwe une akati wandei emahara maturusi uye anoshanda matekiniki aunawo izvo zvichakubatsira iwe kusiyanisa pakati pemafaira asingakuvadzi uye kutyisidzira chaiko.

Microsoft Safety Scanner Ndechimwe chezvinhu zvinokurudzirwa zvinoshandiswa. Icho chishandiso chemahara kubva kuMicrosoft chaunogona kudhawunirodha uye chinoita yakadzama scan ye malware. Kusiyana neyakajairwa antivirus, Safety Scanner Iyo haipe dziviriro yenguva-chaiyo, asi inoshanda seyakanaka mubatsiri kana iwe uchifungidzira kuti antivirus yako yakundikana kana kuti yapera. Chishandiso chinogadziridzwa zuva nezuva, asi gara uchiyeuka kudhawunirodha yazvino vhezheni usati waishandisa.

Imwe sarudzo inobatsira ndeye Iyo yakaipa Software Removal Tool (MSRT), zvakare kubva kuMicrosoft, yakagadzirirwa kubvisa yakajairika uye yakapararira malware. Nekudaro, hapana MSRT kana Chengetedzo Scanner inotsiva yakazara-inoratidzwa antivirus software uye inofanirwa kungoshandiswa se backup yekuchenesa nzvimbo.

Kune chaiyo faira kuongororwa, mapuratifomu akadai VirusTotal kukubvumidza kurodha mafaira anofungidzirwa uye kuatarisisa neakawanda makore-based antivirus injini. Inokurudzirwa kusaisa mafaera ane ruzivo rwakavanzika., sezvo kunyange masevhisi ari ega, panogara paine njodzi.

Matanho ekutarisa mafaera ane hutachiona neMicrosoft Safety Scanner

Kushandisa Chengetedza Scanner iri nyore, asi heino a zvakadzama maitiro kushandisa zvizere maitiro ayo:

Tsvaga iyo Microsoft Safety Scanner yepamutemo saiti uye dhawunirodha iyo vhezheni inoenderana neyako system (32-bit kana 64-bit).
Mhanya iyo faira yakatorwa pasina kuisa chero chinhu.
Sarudza rudzi rwe scan: Quick scan kuongorora nzvimbo dzakanyanya kukosha, Yakazara (Full scan) kuti unyatsoongorora, kana Tsika (Customized scan) kune mamwe mafolder.
Dzvanya "Next" uye bvumira maitiro kuti apedze. Nguva yazvinotora zvinoenderana nehuwandu hwemafaira uye kuita kwekombuta yako.

Kana wapedza, Safety Scanner ichapa pfupiso yezvinhu zvakawanikwa uye zvakabviswa. Kuti uwane ruzivo rwakakwana, ongorora faira. msert.log en C: \ Windows \ debug, uko mafaera ese anofungidzirwa, akaonekwa kutyisidzira uye zviito zvakatorwa zvakanyorwa.

Transitions vs. Animations muPowerPoint: Misiyano uye Kushandiswa Kwepamusoro

Ongororo kubva pamutsetse wekuraira

Kune vashandisi vepamberi kana munzvimbo dzehunyanzvi, Safety Scanner inogona kumhanya kubva CMD Kuti uwane mamwe kutonga, ingo famba uchienda kune iyo folda kwawakadhawunirodha zvinogoneka uye wotanga izvi rairo zvinoenderana nezvamunoda:

mseti /f – Full scan
msert /f:y - Yakazara scan uye otomatiki kuchenesa
msert /q - Silent mode
msert/h -Inoona chete kutyisidzira kwakakomba

Semuenzaniso, yakazara silent scan ingave msert /f/q.

Chii chekuita nemafaira akaonekwa?

Mubvunzo wakajairika ndewekuti zvakachengeteka here kudzima mafaera ese akanyorwa seanofungira kana ane hutachiona. Hazvisi zvese zvinoonekwa sezvinofungidzirwa kuti zvinokuvadza.; Nhema dzenhema dzakajairika, kunyanya kune mafaira ehurongwa kana maapplication ari pamutemo.

Mafaira enguva pfupi (.tmp), avo vari mukati C: \ Windows \ Temp kana in AppDataLocal\Temp, uye idzo dzine hukama nebrowser cache, kazhinji dzakachengeteka kudzima. Zvisineyi, usati wadzima mafaira anogona kuitwa (.exe, .dll, .sys) kana mafaira ari mudhairekitori dzakakosha, tsvaga basa rawo kana bvunza nyanzvi. Nokuda kweizvi, zvinogona kubatsira kudzidza nzira bvisa mavhairasi chaiwo muWindows.

Sarudzo inokurudzirwa ndeyekutanga mukati Nzira Yakachengeteka, ratidza mafaera akavanzika, uye nemaoko dzima faira rine dambudziko. Wobva waita imwe scan kuti uone kuti system yacho yakachena.

Kukosha kweforensic logs uye zvigadzirwa muWindows

ari matanda echiitiko (matanda) uye zvimwe zvigadzirwa muWindows zvinoshandisa chinangwa chehuviri: kuona kutyisidzira kwakavanzika kana kuronda hutachiona. Files .vtx, yakachengetwa mukati C: WindowsSystem32winevtLogs, ine ruzivo nezve logins, shanduko yehurongwa, uye zviitiko zvakakosha. Kuongorora matanda aya kunobatsira kuona kuti system yacho yakatapukirwa riini uye sei, kana kuti chero mafaera aifungirwa aishanda pamazuva chaiwo.

Zvishandiso senge Chiitiko mutariri (chiro.msc), Winlogbeat (kutumira kune masisitimu akaita seELK), kana zvinyorwa mukati PowerShell ita kuti zvive nyore kuwana zviitiko zvakakosha, sekutadza kuedza kuwana kana kugadzirwa kwefaira kusinganzwisisike. Kuti udzidze maitiro ekuita uye kuongorora matanda aya, unogona kubvunza Maitiro ekushandisa Chiitiko Viewer muWindows.

Command muenzaniso:
Get-WinEvent -LogName Security | Where-Object {$_.Id -eq 4625} | Select-Object TimeCreated, Message
Iyo inokutendera iwe kuti uone yakakundikana yekupinda kuyedza, inobatsira pakuona fungidziro chiitiko kana zvingangoita brute simba kurwiswa.

Maitiro ekubatanidza Instagram uye Facebook kune zvakananga mameseji

Prefetch mafaira, LNKs, uye registry kiyi

Mukuwedzera kune matanda, zvimwe zvigadzirwa zvinopa humbowo hwekuita kwakashata:

Prefetch (.pf): irimo C: \ Windows \ PrefetchAya mafaera anorekodha nguva uye kubva kupi chirongwa chakaitwa. Kuaongorora kunogona kuratidza kuurayiwa kwemalware kunyangwe akatodzimwa.
LNK Mafaira: Zvidimbu zvine metadata nezve mafaera akavhurika nenzvimbo yawo, anobatsira pakuronda zviitiko zvemushandisi kana malware.
Register yeWindows: Zvirongwa zvezvitoro, zvirongwa zvekuzvitanga, nzira, uye zvishandiso zvakabatana. Ongorora makiyi akadai HKLMSoftwareMicrosoftWindowsCurentVersionRun o AppCompatCache inobatsira kuona inoramba malware.

Ransomware, kupora, uye maitiro akanakisa

El ransomware encrypts mafaera uye inoda rudzikinuro. Zvimiro zviri mumasevhisi akaita seOneDrive zvinokutendera kuti uone uye uzivise kana mafaera akakanganisika, kunyangwe zvichigara zvakanaka kuve neazvino-backups kuti ufambise kupora. Kana iwe uchifungidzira kuti system yako yakakanganiswa, zvinogona zvakare kubatsira kuongorora kuti sei dzora maforodha muWindows.

Muchiitiko chekurwiswa kweransomware, matanho akajairwa ndeaya:

Ziva kuti ndeapi mafaira akavharidzirwa
Chenesa zvishandiso zvine antivirus yakagadziridzwa
Dzosera mafaira kubva kune akavimbika backups

Kana hutachiona hukaramba huchienderera mberi, mamwe masevhisi anopa rubatsiro rwehunyanzvi kana sarudzo yekumisikidza zvishandiso.

Kuongorora kwakasimba kweDLL uye matekiniki epamusoro

Yepamberi yakashata DLL ongororo inobvumidza iwe kuti uongorore mafaera aya usingaaite, uchishandisa maturusi akadai PEiD, DependencyWalker o PEviewAya mapuratifomu anoratidza kuti ndeapi maraibhurari uye mabasa avanoshandisa, zvichiita kuti zvive nyore kuona maitiro ekufungira. Kuti uvandudze kuonekwa, iwe unogona zvakare kufunga nezvekutarisa zvinoenderana mukati Vhara kana kubata USB ports muWindows.

Semuenzaniso, kutarisa kana DLL inoshandisa mabasa ane njodzi senge WriteFile kana kubatanidza internet kuburikidza nezvitoro zvemabhuku zvakaita se Winnet.dll o Ws2_32.dllKuvapo kwekutsamira kusina kujairika kana mazuva ekugadzira achangoburwa anogona kuratidza chiitiko chakashata.

Saizvozvowo, mapuratifomu ekubatana akadai se VirusTotal Vanobvumira vaongorori kuti vaenzanise hashes uye vawane rumwe ruzivo, izvo zvinobatsira kuona kana sampuli ine njodzi.

Nyaya inoenderana:

Maitiro ekubvisa FileRepMalware Virus muWindows

Isaac

Anofarira munyori nezve nyika yemabytes uye tekinoroji zvakazara. Ini ndinoda kugovera ruzivo rwangu kuburikidza nekunyora, uye ndizvo zvandichaita mune ino blog, kukuratidza zvinhu zvese zvinonyanya kufadza nezve gadget, software, hardware, tekinoroji maitiro, nezvimwe. Chinangwa changu ndechekukubatsira kufamba munyika yedhijitari nenzira iri nyore uye inonakidza.