The "Magic Wave" virus automatically searches the network for a system-compromised computer and directs these computers to download and execute the virus files directly. As long as these users ' computers do not have patches installed and are connected to the Internet, they may be infected. The computer that infects the virus automatically connects to a specific channel on a specific IRC server and accepts the hacker Remote control command. The user's bank card account number, password and other privacy information are likely to be stolen by hackers. Because the virus is connected to an IRC server in China, the virus is likely to be written for people.
For this vicious virus, rising has been upgraded. Rising Antivirus 2006 version 18.40.01 version and a higher version of the virus can be completely wiped out, please the vast number of users in a timely manner to upgrade anti-virus software. At the same time, rising recommended users to open rising Personal Firewall version 2006, and closed 139 and 445 ports. Also, log on to the Microsoft website to download and install ms-06-040 patches to protect against this virus attack.
Name
"Magic Wave (WORM.MOCBOT.A)" and "Magic Wave variant B" (worm.mocbot.b)
Virus definition
Systemic high-risk vulnerabilities for transmission of malignant viruses
means of transmission and preventive measures
Means of transmission
The virus will use Microsoft ms06-040 high-risk vulnerabilities to spread. When a user's computer suffers from the virus attack, a system service crashes and no internet-like symptoms occur. Windows XP users reflect the Internet 10 minutes will be automatically disconnected, must restart the computer. As the virus appears to be released from Microsoft patch only a few days, many users have not had time to update the system.
Purge method
Encounter "Magic wave" virus attack, users need not panic. Just follow these three steps to quickly clear the virus.
Step One: Use personal firewalls to block virus attacks. The user opens the personal firewall and closes the 139 and 445 ports.
1, start rising Personal Firewall main program, click the "Settings" menu, select "IP rules."
2, in the pop-up "set rising Personal Firewall IP Rules" window, click the "Add Rules" button.
3, the rule name fills in "ms06-040", executes the action to "prohibit", then clicks "Next". The offset address is set to "arbitrary address", the local address is set to "all addresses", the protocol type chooses "TCP", the other port chooses "any port", the local port selects "Port list" and enters "139,445" under it, the alert mode chooses "tray animation" and "Log Record" to select, click Save.
The second step is to make a patch
You can login to Microsoft's website to download and install the corresponding operating system ms-06-040 patch to protect against this virus attack. (attachment is already downloaded good patches, everyone in accordance with your system decompression installation.)
We recommend that you visit the Microsoft China website to install all the critical updates to prevent viruses that use other vulnerabilities to spread and destroy.
The third trick is to remove the virus
Because of the number of variants of the virus, each variant generated file location is different, so manual removal of the virus is not very convenient, we recommend that you upgrade anti-virus software to the latest version of the virus to kill.