hn4u @ Last updated 21/11/04 22:42
Go to my homepage at http://4u.jcisio.com
Full version available at http://4u.jcisio.com/r/article174.htm
Không rõ

Sircam

Ngay 23/07/2001, tai Viet Nam da xuat hien loai virus cuc ky nguy hiem, co

ten Sircam (W32.Sircam.Worm@mm), duoc gui kem email voi tieu de ngau nhien.

Nguoi dung se nhan duoc email voi dia cac dia chi quen thuoc. Khi file dinh

kem duoc mo, Sircam se nhanh chong truy nhap vao cac file trong thu muc

C:\My Documents\ va address book.

Bi nhiem vuris, may tinh cua ban se chay cham han lai. Dieu nay la do virus

dang sao luu toan bo cac file trong thu muc My Documents vao thung rac

Recycle Bin. Sau do, cac dia chi trong address book cua ban se duoc virus su

dung de gui di noi dung cac file ma chung vua truy cap, cung voi mot nhan

ban cua no.

Theo thong bao cua cac trang web phong chong virus, Sircam co the se format

toan bo o cung cua nan nhan.

Xin hay loai bo virus nay ngay lap tuc theo cach sau day:

Neu ban dang trong mang, hay lap tuc cach ly may tinh cua minh bang cach:

tat modem hoac rut cable mang (khi ban trong mang noi bo).

Sau do:

1. Doi ten file: C:\WINDOWS\Regedit.exe thanh Regedit.bat

2. Tat may tinh cua ban roi khoi dong theo che do Safe Mode, nhan F5 trong

qua trinh khoi dong.

3. Sau khi vao Windows duoi che do Safe Mode, ban hay sao luu registry cua

may tinh (phong khi co loi trong qua trinh chinh sua):

- Nhan Start\Run roi danh vao regedit.bat, nhan OK

- Chon menu Registry/Export Registry File

- Trong File Name, ban go vao: backup

- Trong muc Save In, chon Desktop

- Chon All trong Export Range

- Cuoi cung nhan vao nut Save

4. Ban quay lai cua so Registry Editor

- Tim theo nhanh:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices

- Trong cua so ben phai, nhan nut phai chuot vao gia tri Driver32 va chon

Delete

- Ban co the se phat hien ra mot nhanh nua co ten RunServices- o ngay ben

duoi. Hay nhan nut phai chuot va nhanh nay va chon Delete

5. Tim theo nhanh: HKEY_LOCAL_MACHINE\Software\SirCam

- Nhan chuot phai vao SirCam roi chon Delete

6. Tiep tuc tim den nhanh: HKEY_CLASSES_ROOT\exefile\shell\open\command

- Nhan nut phai chuot vao gia tri Default o cua so ben phai, chon Delete

- Sau do thoat khoi Registry Editor

7. Xoa dong lenh khoi dong cua virus:

- Nhan Start/Run, go: edit autoexec.bat

- Xoa chuoi: @win c:\recycled\sicr32.exe

8. Sau do thoat vao Windows. Ban hay tat may bang cach nhan vao nut Reset

(khong dung Restart cua Windows).

9. Khi may bat dau khoi dong

- Neu ban dang dung he dieu hanh Windows 95 hoac Windows 98: nhan F8, chon

Safe Mode Command Prompt Only

- Doi voi Windows ME hoac Windows XP, ban phai dung dia khoi dong.

10. Danh C:\NC\NC de vao chuong trinh NC trong DOS (nen dung NC vi xoa bang

dong lenh DOS rat kho va mat thoi gian) - Thuong trong cac may tinh hien nay

deu co san chuong trinh nay.

11. Kiem tra de chac rang, NC hien toan bo cac file an tren o cung cua ban.

Neu chua co:

- Nhan F9

- Chon Command\Configuration\Panel Options

- Danh dau [x] vao Show all Hidden file

- Nhan OK de tro lai NC

12. Xoa toan bo cac file trong C:\Recycled\ bang cach nhan dau (*) o ben

phim phu roi nhan F8

13. Xoa file C:\Windows\System\Scam32.exe

14. Vao thu muc Windows, dua dong tro toi file run32.exe, ban se thay co 2

file an: run32.exe va rundll32.exe.  Xoa ca hai file nay.

15. Xoa rundll32.exe, doi ten file run32.exe thanh run32dll.exe. Sau do, ban

co the doi thuoc tinh cho file nay bang cach nhan F9, nhan F, nhan A roi bo

lua chon Hidden trong phan Attributes.

16. Nhan OK, thoat khoi NC (nhan F10) roi khoi dong lai may tinh.

Sau do, ban nen hay dung cac chuong trinh anti-virus thong dung, nhu Norton

Anti-Virus, MacAfee hoac PC-Cilline quet lai toan bo may de kiem tra lai ket

qua. Khi da chac la may khong con virus va chay on dinh, ban co the an tam

xoa file backup cua registry ma ban vua sao luu.

hainam4u @ Last updated 21/11/04 22:42
Go to my homepage at http://4u.jcisio.com