Defense Against machine dog virus (EDog) by micro-Point Software

This kind of article will get angry.

Recently, a large number of industry users reported that the robot dog virus has had a serious impact on their normal production and living order. Industry users in Internet cafes, school data centers, and local area networks can use the following methods to prevent the virus:

Chinese name: robot dog Virus

Virus named: Trojan-Downloader.Win32.EDog.h

Virus features: uses the penetration recovery card to paralyze Internet cafes, school data centers, and the company's LAN.

Virus Technology Analysis:

Http://bbs.security.ccidnet.com/read.php? Tid = 561631

Solution:

Manual detoxification:

The infected computer can use the boot system to replace the SystemRoot %/system32/userinit.exe file of the infected system with the normal userinit.exe file in the same region.

Micro-point solution:

The bot virus is automatically cleared using the micro-point active defense software. The micro-point active defense software automatically fixes the infected system when it is restarted.

Preventive solution:

The micro-point active defense software uses the New Technology of behavior monitoring to identify viruses. It is deployed in a demanding environment where the recovery card cannot be upgraded frequently. Even if it is not upgraded, it can effectively prevent the "robot dog" virus and its variants. Therefore, we recommend that you install micro-point active defense software for Internet cafes, schools, and other relief card users to protect your computer from the virus "BOT dog" and maintain the normal operation and use of your LAN.

How to install micro-point active defense software for Internet cafes, school data centers, and local networks:

1. Install using GHOST:

1. Install a computer first. Remove the computer's recovery card protection before installation. do not register the computer during installation. After installation, do not enter the system when the computer is started, directly go to the ghost for backup;

2. After the backup is complete, start the computer. Generally, you do not need to set the micro-Point Software. For special requirements, refer to [Note settings ];

3. Use the ghost backup file to reply to other computers, and register the micro-point active defense software one by one. After the registration is successful, import the configuration file exported in step 2 to avoid setting one by one.

Note: Due to the large number of computers, we recommend that you use the same email address for registration, but the registration password must be different. We recommend that you use the computer number. Note that the password must contain at least 6 characters, if the length of the serial number is not long, you can enter the serial number twice to ensure that the length is not long enough and is easy to remember.

Ii. Installation and Registration

1. Disable the computer's recovery card protection and install the first computer using the micro-point active defense software installer;

2. Start the computer. Generally, you do not need to set the micro-Point Software. For special requirements, refer to [Note settings ];

3. Install and register one by one, restart the computer, and import the configuration file exported in step 2.

Note: Due to the large number of computers, we recommend that you use the same email address for registration, but the registration password must be different. We recommend that you use the computer number. Note that the password must contain at least 6 characters, if the length of the serial number is not long, you can enter the serial number twice to ensure that the length is not long enough and is easy to remember.

Iii. Notes-set up the micro-point active defense Software

1) upgrade settings: If your Internet cafes, data centers, and local networks do not use proxy Internet access, you can directly use the default update method; for Internet cafes and school data centers that use a recovery card, automatic software update may fail due to the protection of the recovery card. You can choose to manually upgrade the software. Then enable the recovery card upgrade on a regular basis (every week and every day.

2) Real-time Monitoring policy setting for program behavior: After the micro-point active defense software detects a virus, the alarm window will pop up by default to notify the user. Some users who are playing games in Internet cafes may dislike the pop-up window. To avoid this problem, we recommend that you select "automatic processing + silent mode" in the "real-time monitoring policy for program behavior" so that the alarm Prompt window is not displayed;

3) Traditional firewall: by default, the firewall function is not enabled for the micro-point active defense software. To enable the function, right-click the micro-point tray in the status bar and select start/stop firewall. In addition to being threatened by viruses and Trojans, ARP spoofing attacks are also a major threat to Internet cafes and school data centers. The micro-point active defense software provides good protection against ARP attacks, detects and removes ARP virus programs, including unknown ARP spoofing attacks. However, because the firewall frequently asks users whether to allow access to the network, the micro-point active defense software can determine the unknown viruses and Trojans based on the Program behavior analysis technology, it provides strong protection capabilities for computers. Therefore, we recommend that you do not enable the firewall function to avoid increasing your management workload. Right-click a project and add it to a trusted program.

4) for the above configuration, use the "Auxiliary Function"-"Import and Export" settings to export these settings to the configuration file for later installation.