Solutions to ARP spoofing attacks against 16a.us viruses

Source: Internet
Author: User
Tags one more line website server access

The recent unit LAN computer Internet, most of the site page display will be abnormal, Kabbah visit the site will be prompted "" Trojan program trojan-downloader.js.agent.gd file hxxp://16a.us/*.js, view HTML source code, will have one more line at the top of all the pages, at first thought is our unit website server was hanged Trojan, later found that access to other sites is also the same problem, including the construction Bank, IT168 and other large sites, so the problem is locked in our local area network, began to find solutions to the Internet, tried various methods have no effect, Including:

1, modify the Hosts file

2, download the 360 security defender of what the fixed-time software

3, upgrade the operating system patches

4, upgrade anti-virus software, the latest virus library and so on

This morning, not reconciled, continue to find the answer in the search engine (and this problem must be solved, otherwise the unit of colleagues on the internet basically in a semi-paralyzed state, the vast majority of sites show abnormalities), by a post inspired, Think that the 16a.us virus phenomenon should belong to the APR virus deception attack, so in Baidu to retrieve about the APR virus Deception attack solution, after testing and demonstration, our unit LAN computer problem all solve, do not dare to enjoy, deliberately to take out the solution to share, hoping to help other is for this problem is hard to burn colleagues Children!

The specific resolution steps are as follows (static binding of the MAC address of the Gateway):

1th step: Close all IE browser, enter cmd mode

2nd step: Input ARP-A instructions, you can see the results of the return of the LAN gateway IP address and MAC address (Gateway MAC address the correctness of the need to confirm with network management, in case the virus has been in your computer's ARP cache modified the gateway's MAC address).

3rd Step: Enter the Arp-s gateway IP address Gateway MAC address, remember to enter the MAC address here is the need for the correct gateway MAC address.

4th step: Into the network properties, if not dynamically obtained IP address, changed to dynamic access to the IP address (if the IP address has been dynamically obtained, then repair the network connection can be).

The 5th step: Solve the problem, open IE, test to see if the site has previously been problematic now show normal.

Note:

1. It is recommended that the third step be written as a batch file and added to the startup item, otherwise the configuration will be lost after each startup.

2, if the DNS server MAC address is hijacked, processing the corresponding DNS server Mac binding.

3, the above method is only a symptom, and there is no permanent cure, we have to find a complete and clear 16a.us culprit (that is, in the local area network computer, there must be a computer is indeed poisoned or was hung on a Trojan horse) method.



Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.