Question
When I started the system today, I suddenly found a new account named piress, and suddenly realized that my computer may be infiltrated. Later I found that many people on the internet encountered such problems. After a step-by-step verification, a security vulnerability has recently been detected in MySQL. After remotely logging on to MySQL, you can log on to the database without authentication once every 225 attempts. I am so sad that someone else scanned port 3306 when I installed MySQL, and remotely planted a Trojan ......
After
1. Search for similar cases on the Internet, and then enter F8 in safe mode to delete the piress account.
2. view the log file. Right-click Management and choose event viewer.
In security mode, I see the following content:
A user named piress executes an MSI installation program, that is, planting Trojans. Check the time and you will find that the installation of MySQL is pinned! It seems that this vulnerability has been widely used!
3. the MySQL password in the mode is 1234, which is too simple and more complex.
4. Since the virus is poisoned, many virus files will be generated, so we need to use anti-virus software for offline antivirus. So I got 169 viruses ...... I haven't been so poisoned for a long time! I used to use Linux. Now I need to transfer my work to Windows. Ah, I am poisoned! As follows:
5. Pay attention to network connections. For example, if "netstat-an" is used, you can use the "Traffic firewall" that comes with 360 to check the network connection status. If an exception occurs, the network will be cut off immediately to prevent viruses!
Summary
1. When installing MySQL, try to select another port (3306 by default). The password is a little more complicated! In the next step, do not select "Allow Remote Logon ".
2. From the piress account, we can see that attackers only use some simple tools (maybe written by others) and LPK. DLL is a common Trojan). I guess it was completed by a cainiao copying xxx's tutorial. In fact, there is no technical content.
3. It's safer in liunx! In Windows, Trojan horses and Trojans are everywhere. It is easy to learn. As a result, many cainiao are catching up with Tom as a zombie ...... BS is a ridiculous cainiao.
Blog.csdn.net/whuslei
(Full text)
Source: http://blog.csdn.net/whuslei/article/details/7893754
Question
When I started the system today, I suddenly found a new account named piress, and suddenly realized that my computer may be infiltrated. Later I found that many people on the internet encountered such problems. After a step-by-step verification, a security vulnerability has recently been detected in MySQL. After remotely logging on to MySQL, you can log on to the database without authentication once every 225 attempts. I am so sad that someone else scanned port 3306 when I installed MySQL, and remotely planted a Trojan ......
After
1. Search for similar cases on the Internet, and then enter F8 in safe mode to delete the piress account.
2. view the log file. Right-click Management and choose event viewer.
In security mode, I see the following content:
A user named piress executes an MSI installation program, that is, planting Trojans. Check the time and you will find that the installation of MySQL is pinned! It seems that this vulnerability has been widely used!
3. the MySQL password in the mode is 1234, which is too simple and more complex.
4. Since the virus is poisoned, many virus files will be generated, so we need to use anti-virus software for offline antivirus. So I got 169 viruses ...... I haven't been so poisoned for a long time! I used to use Linux. Now I need to transfer my work to Windows. Ah, I am poisoned! As follows:
5. Pay attention to network connections. For example, if "netstat-an" is used, you can use the "Traffic firewall" that comes with 360 to check the network connection status. If an exception occurs, the network will be cut off immediately to prevent viruses!
Summary
1. When installing MySQL, try to select another port (3306 by default). The password is a little more complicated! In the next step, do not select "Allow Remote Logon ".
2. From the piress account, we can see that attackers only use some simple tools (maybe written by others) and LPK. DLL is a common Trojan). I guess it was completed by a cainiao copying xxx's tutorial. In fact, there is no technical content.
3. It's safer in liunx! In Windows, Trojan horses and Trojans are everywhere. It is easy to learn. As a result, many cainiao are catching up with Tom as a zombie ...... BS is a ridiculous cainiao.
Blog.csdn.net/whuslei
(Full text)
Source: http://blog.csdn.net/whuslei/article/details/7893754