- I-C:\Windows isiqulathi seefayili sijolise rhoqo isoftwe ofuna ukungabonwa.
- Izixhobo zasimahla ezinje ngeSikena soKhuseleko seMicrosoft kunye nohlalutyo lwasenkundleni zinokubhaqa kwaye zisuse izoyikiso.
- Kukho iindlela eziphambili zokulandelela umsebenzi onobungozi ngokuhlalutya logs, Ukulanda kwangaphambili kunye noBhaliso Windows.
Khangela kwaye ususe iifayile ezirhanelwayo okanye ezingalunganga kulawulo C: IiWindows Ngomnye wale misebenzi, nangona isenokubonakala ikhethekile kwiingcali kuyo khu seleko, nawuphi na umsebenzisi weWindows kufuneka azi kakuhle. Inkqubo yokusebenza yeMicrosoft, ngokwendalo, ijolise rhoqo kwiintsholongwane, iiTrojans, iransomware, nazo zonke iintlobo zezoyikiso, ngoko ke ukugcina ikhompyuter yakho icocekile kwaye ikhuselwe kubalulekile ukunqanda iingxaki ezinkulu. Ukuba ukhe wakrokrela ukuba ifayile efihliweyo okanye inkqubo inokuthi ibeke esichengeni ukhuseleko lwekhompyuter yakho, eli nqaku lenzelwe ukukunika zonke izitshixo kunye neendlela-zombini zobuchwephesha kunye nezasekhaya-kufuneka uchonge nayiphi na ifayile enokuba yingozi ngexesha kwaye wazi ukuba ungasabela njani.
Ngaphambi kokuba siqale, kubalulekile ukukhumbula oko uthintelo Isesona sixhobo sakho singcono. Ukuba ne-antivirus ehlaziyiweyo kunye nengqiqo encinci xa ukhangela kwaye ukhuphela iifayile ngamanyathelo okuqala okunciphisa umngcipheko. Nangona kunjalo, nokuthatha amanyathelo okhuseleko, akukho mntu ukhululekileyo ekuhlangabezaneni nezisongelo ezintsonkothileyo eziphepha ukhuseleko lwemveli. Ke ngoko, ukwazi iindlela, izixhobo, kunye neenkqubo zokuhlalutya kunye nokulandelela iifayile ezingalunganga, ngakumbi ngaphakathi C: IiWindows, kuya kukuvumela ukuba usabele ngokufanelekileyo kulo naluphi na uphawu losulelo.
Kutheni i-C:\Windows ifolda ebuthathaka?
Ukuba uye wadibana neeforamu, iiwebhusayithi ezikhethekileyo okanye amaxwebhu asemthethweni eMicrosoft, ngokuqinisekileyo uya kuyazi loo nto C: IiWindows izindlu ze iifayile ezibalulekileyo yenkqubo yokusebenza. Apha, iifayile ezisemthethweni eziyimfuneko zihlala kunye nezinye ezinokubakho emhlophe egqibeleleyo ngenxa yosulelo. Ngapha koko, izoyikiso ezininzi zifuna ukuzifihla ngaphakathi C: IiWindows okanye iincwadi zayo ezisezantsi ezisebenzisa amagama afanayo neefayile ezisemthethweni, izenza kube nzima ukuzibhaqa.
Cima okanye ulungise ifayile kulo mendo ngaphandle kokwazi kakuhle umsebenzi wayo onokubangela Ukungazinzi kwinkqubo okanye ubangele ukuba iWindows iyeke ukuqala. Yiyo loo nto kufuneka usoloko uqhubeka ngononophelo kwaye ufune ulwazi oluthembekileyo malunga nefayile nganye ekrokrisayo phambi kokuthatha amanyathelo angqongqo.
Iindidi zeefayile ezikrokrisayo onokudibana nazo
Ngaphakathi C: IiWindows kunye neefolda zayo ezinxulumeneyo (System32, Temp, Prefetch, debug, njl.), kuqhelekile ukufumana iifayile ezinolu lwandiso olulandelayo okanye iimpawu ezinokukrokra ukuba awuyazi indlela yokuzichonga:
- Iifayile zetmp: yakhe iifayile zethutyana leyo, phantsi kweemeko eziqhelekileyo, akufanele ihlale kwisistim ixesha elide. Ukuba ufumana iifayile ze.tmp kwi C: IiWindows o C: iWindowsTemp Iifayile ezinkulu okanye ezingaqhelekanga zinokuba ziintsalela ze-malware.
- .exe, .dll okanye .sys iifayile: Ephunyeziweyo (.exe), amathala eencwadi (.dll) kunye abaqhubi (.sys) zikhethwa kwizoyikiso zokufihla. Amagama athile aqhelekileyo-kodwa angeyonyani alinganisa iifayile ezisemthethweni zeWindows, ke ukujonga indawo yazo kunye nesiginitsha yedijithali kubalulekile.
- Iifayile ezinamagama angaqhelekanga okanye angachaziyo: Iifayile ezifana abc123.exe o asdjk.tmp Zidla ngokuveliswa yi-malware efuna ukungaqatshelwa phakathi kweefayile zenkqubo esemthethweni.
- Iifayile kubalawuli abangaqhelekanga: Ukuba ufumana eziphunyeziweyo kwiincwadi ezineenkcukacha ezifana C: \ Windows \ debug okanye iifayile ezinkulu kwi C: \ Windows \ Prefetch, phanda ngemvelaphi yazo ngaphambi kokuba uzicime.
Izixhobo kunye neendlela zokuhlalutya iifayile ezikrokrelayo
Ukuchonga kunye nokunciphisa iifayile ezinobungozi, Unezixhobo ezininzi zasimahla kunye neendlela ezisebenzayo onazo oko kuya kukunceda ukwahlula phakathi kweefayile ezingenabungozi kunye nezoyikiso zokwenyani.
Iskena soKhuseleko lweMicrosoft Yenye yezona zinto zicetyiswayo. Sisicelo sasimahla esivela kuMicrosoft onokuthi usikhuphele kwaye senza iskena esinzulu se-malware. Ngokungafaniyo ne-antivirus yemveli, Iskena soKhuseleko Ayinikezeli ukhuseleko lwexesha lokwenyani, kodwa endaweni yoko isebenza njengoncedo olufanelekileyo ukuba uyakrokrela ukuba i-antivirus yakho ayiphumelelanga okanye iphelelwe lixesha. Isixhobo sihlaziywa yonke imihla, kodwa hlala ukhumbula ukukhuphela inguqulelo yamva nje ngaphambi kokuba uyisebenzise.
Olunye ukhetho oluluncedo yi Isixhobo sokususa iSoftware esikhohlakeleyo (MSRT), nayo evela kuMicrosoft, yenzelwe ukususa i-malware eqhelekileyo nexhaphakileyo. Nangona kunjalo, akukho MSRT okanye iSkena soKhuseleko esithatha indawo yesoftware ye-antivirus egcweleyo kwaye kufuneka isetyenziswe kuphela njenge-backup yokucoca indawo.
Uhlalutyo oluthile lwefayile, amaqonga afana VirusTotal ikuvumela ukuba ulayishe iifayile ezikrokrelekayo kwaye uziskene ngeenjini ezininzi ze-antivirus esekwe kwilifu. Kucetyiswa ukuba ungalayishi iifayile ezineenkcukacha eziyimfihlo., ekubeni nangona iinkonzo ziyimfihlo, kuhlala kukho umngcipheko.
Amanyathelo okuskena iifayile ezosulelekileyo ngeMicrosoft Safety Scanner
Ukusebenzisa iSkena soKhuseleko kulula, kodwa nantsi a inkqubo eneenkcukacha ukusebenzisa ngokupheleleyo iimpawu zayo:
- Fikelela kwifayile ye- Isayithi esemthethweni ye-Microsoft Scanner kwaye ukhuphele uguqulelo oluhambelana nesixokelelwano sakho (i-32-bit okanye i-64-bit).
- Qalisa ifayile ekhutshelweyo ngaphandle kokufaka nantoni na.
- Khetha uhlobo lokuskena: Ukuskena ngokukhawuleza ukujonga ezona ndawo zibalulekileyo, Igcwele (Iskena esipheleleyo) uhlalutyo olucokisekileyo, okanye Ngokwesiqhelo (Iskena esilungiselelweyo) kwiifolda ezithile.
- Cofa "Okulandelayo" kwaye uvumele inkqubo ukuba igqibezele. Ixesha elithathayo liya kuxhomekeka kumthamo weefayile kunye nokusebenza kwekhompyuter yakho.
Kwakuba kugqityiwe, iSkena soKhuseleko siya kubonelela ngesishwankathelo sezinto ezifunyenweyo nezisusiweyo. Ukufumana iinkcukacha ezipheleleyo, jonga kwakhona ifayile. msert.log en C: \ Windows \ debug, apho zonke iifayile ezikrokrelekayo, izoyikiso ezifunyenweyo kunye neentshukumo ezithathiweyo zidweliswe.
Uhlalutyo oluvela kumgca womyalelo
Kubasebenzisi abaphambili okanye kwiindawo zobuchwephesha, Iskena soKhuseleko inokuqhutywa ukusuka CMD Kulawulo olongezelelweyo, jonga nje kwisiqulathi seefayili apho ukhuphele khona into ephunyeziweyo kwaye uqalise ezi imiyalelo kuxhomekeke kwinto oyifunayo:
- msert/f -Ukuskena ngokupheleleyo
- msert/f:y -Ukuskena okupheleleyo kunye nokucoca ngokuzenzekelayo
- msert/q – Imo ethe cwaka
- mse /h -Fumana izoyikiso ezinzulu kuphela
Umzekelo, iskena esipheleleyo esithe cwaka siya kuba msert/f/q.
Kufuneka wenze ntoni ngeefayile ezichongiweyo?
Umbuzo oqhelekileyo ngowokuba kukhuselekile na ukucima zonke iifayile eziphawulwe njengezikrokrisayo okanye zosulelekile. Ayiyiyo yonke into efunyaniswe njengerhanelekayo enengozi.; Iimpawu zobuxoki ziqhelekileyo, ngakumbi kwiifayile zenkqubo okanye izicelo ezisemthethweni.
Iifayile zexeshana (.tmp), abo bahlala kuyo C: iWindowsTemp okanye ngaphakathi I-AppData\Local\Temp, kunye nezo zinxulumene ne-cache ye-browser, zihlala zikhuselekile ukucima. Nangona kunjalo, ngaphambi kokucima iifayile eziphunyeziweyo (.exe, .dll, .sys) okanye iifayile kubalawuli ababalulekileyo, phanda umsebenzi wabo okanye udibane nengcali. Kule nto, kunokuba luncedo ukufunda indlela yokwenza susa iintsholongwane ezithile kwiWindows.
Ukhetho olucetyiswayo kukuqalisa kwakhona ngaphakathi Uhlobo olukhuselekile, bonisa iifayile ezifihliweyo, kwaye uyicime ngesandla ifayile eyingxaki. Emva koko, yenza iskena esongezelelweyo ukuqinisekisa ukuba inkqubo icocekile.
Ukubaluleka kweelog zenkundla kunye nezinto zakudala kwiWindows
Los iinkuni zesiganeko (iilogi) kunye nezinye izinto zakudala kwi-Windows zisebenza ngeenjongo ezimbini: ukufumanisa izoyikiso ezifihlakeleyo okanye ukulandelela usulelo. Iifayile .evtx, igcinwe ngaphakathi C:\Windows\System32winevt\Logs, ziqulethe ulwazi malunga nokungena, utshintsho lwenkqubo, kunye neziganeko ezibalulekileyo. Ukuhlalutya ezi logs kunceda ukufumanisa ukuba nini kwaye njani inkqubo yosulelo, okanye ukuba naziphi na iifayile ezikrokrelekayo bezisebenza ngemihla ethile.
Izixhobo ezinje Umbukeli womsitho (isehlo.msc), Winlogbeat (ukuthumela ngaphandle kwiinkqubo ezifana ne-ELK), okanye izikripthi ngaphakathi PowerShell yenza kube lula ukufumana iziganeko ezifanelekileyo, ezifana neenzame zofikelelo olungaphumelelanga okanye ukwenza ifayile engaqhelekanga. Ukufunda indlela yokuvula kunye nokuphonononga ezi logs, unokuqhagamshelana Usisebenzisa njani uMjongi weMnyhadala kwiWindows.
Umyalelo umzekelo:
Get-WinEvent -LogName Security | Where-Object {$_.Id -eq 4625} | Select-Object TimeCreated, Message
Ikuvumela ukuba uchonge iinzame zokungena ezingaphumelelanga, ziluncedo ekubhaqeni umsebenzi okrokrelekayo okanye uhlaselo olunoburhalarhume olunokwenzeka.
Landa iifayile, ii-LNKs, kunye namaqhosha obhaliso
Ukongeza kwiilogi, ezinye izinto zakudala zibonelela ngobungqina bomsebenzi onobungozi:
- Ukulanda kwangaphambili (.pf): ibekwe ngaphakathi C: \ Windows \ PrefetchEzi fayile zirekhoda ixesha kunye nalapho inkqubo yenziwe khona. Ukuzihlalutya kunokutyhila ukuphunyezwa kwe-malware nokuba sele icinyiwe.
- Iifayili ze-LNK: Iindlela ezimfutshane eziqulethe imethadatha malunga neefayile ezivulekileyo kunye nendawo yazo, ziluncedo ekulandeleleni umsebenzi wabasebenzisi okanye i-malware.
- Irejista yeWindows: iisetingi zeevenkile, iinkqubo eziziqalelayo, iindlela, kunye nezixhobo eziqhagamshelweyo. Izitshixo zokuphonononga ezifana HKLM\Software\Microsoft\Windows\ CurrentVersion\Run o AppCompatCache inceda ukubona i-malware eqhubekayo.
I-Ransomware, ukubuyisela, kunye neendlela ezingcono
El ransomware ifihla iifayile kwaye ifuna intlawulelo. Iimpawu kwiinkonzo ezifana ne-OneDrive zikuvumela ukuba ubhaqe kwaye uxelele ukuba iifayile zithotyelwe, nangona kusoloko kukuhle ukuba neendawo ezigcinwayo ezisexesheni ukuze kube lula ukuchacha. Ukuba ukrokrela ukuba inkqubo yakho ithotyelwe, kunokuba luncedo ukuphonononga ukuba njani buyisela kwakhona iifayile kwiWindows.
Kwimeko yohlaselo lwe-ransomware, amanyathelo aqhelekileyo ngala:
- Chonga ukuba zeziphi iifayile ezifihliweyo
- Coca izixhobo nge-antivirus ehlaziyiweyo
- Buyisela iifayile kwii-backups ezithembekileyo
Ukuba usulelo luyazingisa, ezinye iinkonzo zibonelela ngoncedo lobuchwephesha okanye ukhetho lokuseta ngokutsha izixhobo.
Uhlalutyo oluqinileyo lwe-DLL kunye nobuchule obuphambili
Uhlalutyo oluphezulu lwe-DLL lukuvumela ukuba ujonge ezi fayile ngaphandle kokuzenza, usebenzisa izixhobo ezinje I-PEiD, UkuxhomekekaWalker o PEviewLa maqonga abonisa ukuba ngawaphi amathala eencwadi kunye nemisebenzi abayisebenzisayo, nto leyo eyenza kube lula ukubona ukuziphatha okukrokrisayo. Ukuphucula ukuchongwa, unokujonga kwakhona ukuxhomekeka kwi Vimba okanye ulawule izibuko ze-USB kwi-Windows.
Umzekelo, ukujonga ukuba i-DLL isebenzisa imisebenzi eyingozi efana BhalaFayile okanye uqhagamshelo lwe-intanethi ngokusebenzisa iivenkile zeencwadi ezifana Wininet.dll o Ws2_32.dllUbukho bokuxhomekeka okungaqhelekanga okanye imihla yokudala yamva nje ingabonisa isenzo esibi.
Ngokunjalo, amaqonga entsebenziswano ezifana VirusTotal Bavumela abaphandi ukuba bathelekise i-hashes kwaye bafumane ulwazi olongezelelweyo, olunceda ukufumanisa ukuba isampuli iyingozi.
Umbhali onomdla malunga nehlabathi le-bytes kunye netekhnoloji ngokubanzi. Ndiyakuthanda ukwabelana ngolwazi lwam ngokubhala, kwaye yile nto ndiza kuyenza kule bhlog, ndikubonise zonke izinto ezinomdla malunga nezixhobo, isoftware, ihardware, iindlela zetekhnoloji, kunye nokunye. Injongo yam kukukunceda uhambe kwihlabathi ledijithali ngendlela elula neyonwabisayo.