Haddii aad la kulantay xaqiiqda ah in Yandex aysan shaqeynin, halkii aad muujin lahayd bogga caadiga ah, waxay ku yiraahdaa, "Oh ... Codsiyada laga helay cinwaankaaga waxay la mid yihiin kuwa tooska ah" oo waxay waydiisanayaan inay galaan lambarka taleefanka si ay u sii wataan raadinta - marka hore, ha rumaysan: kaliya habka kale ee jahawareerka si aad u hesho lacagtaada adiga oo adeegsanaya software xun.
Qodobkan waxaan eegeynaa sida looga takhaluso farriintan iyo soo celinta bogga caadiga ah ee Yandex.
Maxay tahay iyo sababta Yandex u qori lahayd sidaas?
First of all, bogga aad aragto ma aha at oo dhan goobta Yandex, kaliya isticmaalaya naqshad isku mid ah si aad u hanjabin. Ie Nuxurka fayruusku waa markaad codsato boggaga caanka ah (kiiskeena, Yandex), ma muujineyso bogga dhabta ah, laakiin wuxuu kaa qaadanayaa bogga phishing. Wax la mid ah ayaa dhacaya marka ardayda isku fasalka ah iyo shabakadaha kale ee bulshadu aanay furmin oo sidoo kale lagaa codsan inaad soo dirtid SMS ama gali lambarka taleefankaaga.
Codsiyada cinwaankaaga IP waxay la mid yihiin kuwa tooska ah.
Sida loo hagaajiyo bogga Oh ee Yandex
Oo hadda sida loo xaliyo xaaladdan oo looga saaro fayruska. Habkani aad ayuu ula mid yahay kan aan horeyba ugu sharaxay qodobada iyo boggaga ma furmayo, laakiin Skype way shaqeysaa.
Sidaas darteed, haddii Yandex uu qoro Oh, ka dibna waxaan sameynaa kuwan soo socda:
- Ku bilaw tifatiraha diiwaanka, taas oo riix badhanka Win + R iyo gelitaanka amarka regedit.
- Furo laanta diiwaanka HKEY_LOCAL_MACHINE SOFTWARE Microsoft Windows NT CurrentVersion Windows
- Si taxaddar leh u fiiri "AppInit_DLLs" iyo qiimaheeda - guji midig, waxaad ku doorataa "Beddel", ka qaad wadada DLL ee ku xusan halkaas. Xasuuso meesha ku yaala faylka si aad u tirtirto.
- Furan Jadwalka Tababaraha ee Windows iyo ka eeg hawlaha firfircoon ee Maktabadda Scheduler - oo ay ka mid yihiin kuwa kale, waa in ay soo muuqdaan shay oo bilaabaya faylka hore ee exe isla meesha laybereeriga ah ee AppInit_DLLs. Tirtir hawshan.
- Dib u cusbooneysii kombuyuutarka, si fiican ugu haboon.
- Tirtir faylasha laba meelood oo ku yaal meesha fayraska - DLL iyo faylka Exe ee hawsha.
Taas ka dib, waxaad horey u bilaabi kartaa kombuyuutarka horeba qaab caadi ah, oo u badan tahay, haddii aad isku daydo inaad furto Yandex ee browser, waxay si furan u furi doontaa.
Qalab kale ayaa leh caawinta AVZ antivirus.
Doorashadan, guud ahaan, dib u soo celinta mid hore, laakiin, laga yaabee, waxay noqon doontaa mid ku habboon oo u nadiifin qof. Si tan loo sameeyo, waxaan u baahan nahay anteeno antivirus oo bilaash ah, kaas oo aad ka soo dejisan karto halkan: http://z-oleg.com/secur/avz/download.php
Ka dib markii aad soo dejisey, ka soo saari archive, ku orday, iyo in menu muhiimka ah "File" - "System Research". Taas ka dib, riix batoonka "Start"; uma baahnid inaad bedesho goobo (wax keliya oo aad ubaahantahay inaad sheegto meesha aad ku kaydsanayso warbixinta).
Warbixinta kama dambaysta ah, ka dib daraasadda, raadso qaybta "Autostart" oo raadi feylka DLL, ee sharaxaadda lagu tilmaamay HKEY_LOCAL_MACHINE SOFTWARE Microsoft Windows NT CurrentVersion Windows AppInit_DLLs Marka laga eego qodobkan waa inaad xasuusnaataa (nuqul) magaca faylka.
Malware DLL Warbixinta AVZ
Ka dibna fiiri warbixinta "Scheduler Tasks" oo waxaad ka heli kartaa faylka exe ee ku yaala isku midka ah DLL ee ka horeeyay cutubkii hore.
Ka dib markaa, AVZ, dooro "File" - "Run script" iyo kumbuyuutarka u maamul sida soo socota:
bilaabi DeleteFile ('waddada DLL ee shayga ugu horeeya'); DeleteFile ('waddada EXE ee sheyga labaad'); ExecuteSysClean; RebootWindows (run); dhammaad.
Ka dib markaad fuliso qoraalkaan, kombuyuutarku si toos ah ayuu u bilaabi doonaa markaad bilaabayso Yandex, farriinta "Oh" mar dambe ma muuqan doonto.
Haddii waxbarashadu caawisay, fadlan la wadaag dadka kale adigoo isticmaalaya isku-xirka shabakadaha bulshada ee hoos ku qoran.