There's a suspicious mining communication
Publish: 2021-05-14 14:25:43
1. It should be calculated according to the actual situation. If the manager of the platform insists on doing it even though he knows that he has violated the law, then it must be a kind of fraud. Knowing the law and violating the law add one more crime. Do you understand!, Of course, criminal liability may not be so serious, but joint and several liability is absolute. In the case of police interrogation, one has to identify himself as a victim, just a small manager
2. It's OK to order the mine every day, collect it after 3 hours, and collect it the next day.
3. Yes, this is a real financial fraud group! The company has been advertising on its recruitment website for many years. Only companies with impure motives can attract customers in the name of recruitment. The means can be described as insidious. Once they fall into the trap, they are often empty of money and responsibilities and repent
take another look at their means of collecting money. On the surface, under the banner of foreign exchange margin trading (leverage, but dare not admit futures trading), they use exaggerated high returns as t to lure impulsive and untrue job seekers to open an account. Today, the amount ranges from 60000 to 350000, In this way, the ill gotten gains will continue to flow into their private market. Then the so-called manager will try every means to make you lose money in the transaction, because only in this way can their commission from your account amount fall into their pocket 100%! Because these so-called managers have no fixed salary
- - none of the people in this Indonesian company is true, because letting your money rot on their plate forever is the profit model of this fraud company!!! I would like to remind the kind-hearted domestic compatriots job seekers not to be blinded by rhetoric, because money is not so easy to earn
take another look at their means of collecting money. On the surface, under the banner of foreign exchange margin trading (leverage, but dare not admit futures trading), they use exaggerated high returns as t to lure impulsive and untrue job seekers to open an account. Today, the amount ranges from 60000 to 350000, In this way, the ill gotten gains will continue to flow into their private market. Then the so-called manager will try every means to make you lose money in the transaction, because only in this way can their commission from your account amount fall into their pocket 100%! Because these so-called managers have no fixed salary
- - none of the people in this Indonesian company is true, because letting your money rot on their plate forever is the profit model of this fraud company!!! I would like to remind the kind-hearted domestic compatriots job seekers not to be blinded by rhetoric, because money is not so easy to earn
4. Mine heard a strange voice
2 minutes ago everl Xiaoxuan | classification: single game | browse twice
mine heard a strange voice
2 minutes ago everl Xiaoxuan | classification: single game | browse twice
mine heard a strange voice
2 minutes ago everl Xiaoxuan | classification: single game | browse twice
2 minutes ago everl Xiaoxuan | classification: single game | browse twice
mine heard a strange voice
2 minutes ago everl Xiaoxuan | classification: single game | browse twice
mine heard a strange voice
2 minutes ago everl Xiaoxuan | classification: single game | browse twice
5.
Log in to the system to view the task manager, and view the processes that occupy large memory and cannot be closed. Right click on the process to open the file location (first select Show hidden files and operating system files in the folder option). At this time, you may see a systmss.exe process and a svchost.exe process imitating the operating system. Here you can also see a 2.bat file. Right click to edit and open this file to see which mining organization the malicious process communicates with
by viewing the system operation log, we can analyze the source of the virus, start time and other information. The general reason may be that the hacker did not close port 3389 and used a weak password to remotely log in to the last virus
virus eradication: rename the virus executable file systmss.exe to systmss.exe1, so that the virus cannot be executed. At this time, you can stop the process from the task manager. Open registry editor to delete HKEY_ LOCAL_ The entire directory of machine, system, controlset001, services and systems
for Linux system, please refer to: webpage link
6. The devil's altar, there's a lot in the rotten land. Similar to the workbench, you can synthesize boss summoning supplies such as worm t
in front of meat mountain, you can't use a hammer to destroy it (to destroy it will cause damage to yourself). To defeat meat mountain, you must drop a hammer: Divine hammer. With it, you can destroy the altar without losing blood
after destroying the altar, you will jump out of the command prompt: your world has given Mithril / Mountain Copper / titanium... Every time you smash an altar, new three minerals will be randomly brushed out in the world, and some areas (small areas) will be corroded / bloody at the same time
the rotten place corresponds to the demon altar, and the bloody place corresponds to the bloody altar. In fact, there are two kinds of altars under the ground, one of which has more functions
in front of meat mountain, you can't use a hammer to destroy it (to destroy it will cause damage to yourself). To defeat meat mountain, you must drop a hammer: Divine hammer. With it, you can destroy the altar without losing blood
after destroying the altar, you will jump out of the command prompt: your world has given Mithril / Mountain Copper / titanium... Every time you smash an altar, new three minerals will be randomly brushed out in the world, and some areas (small areas) will be corroded / bloody at the same time
the rotten place corresponds to the demon altar, and the bloody place corresponds to the bloody altar. In fact, there are two kinds of altars under the ground, one of which has more functions
7. Because Pokemon platinum has to detect communication before entering the underground world, and NDS simulator can't communicate, so many people are troubled by the problem that Pokemon platinum simulator can't enter the underground mining, so the game is less fun. But now there is a NDS simulator auxiliary software "no $zoomer" (also known as magnifier) "to solve this problem. Check the setting 5 (Set 5 as analog communication) first, then you will find that you will walk slowly (don't worry about it) and then you can enter the underground world as long as you use the digging tool outdoors! The specific setting method is shown in the figure: [1] no $zoomer2.3.0.1 does not work, there is no ngzoom function option. Use no $zoomer2.3.0.2
8. The task manager of Windows 2000 / XP is a very useful tool. It can provide us with a lot of information, such as the programs (processes) running in the system. However, we may be at a loss in the face of those executable file names. We don't know what they do and whether there will be suspicious processes (viruses, Trojans, etc.). The purpose of this article is to provide some common Windows 2000 process names, and briefly explain their use
in Windows 2000, The system contains the following default processes:
csrss.exe
explorer.exe
internat.exe
lsass.exe
mstask.exe
smss.exe
spoolsv.exe
svchost.exe
services.exe
system
system idle process
taskmgr.exe
winlogon.exe
winmgmt.exe
more processes and their brief descriptions are listed below
process name Description
smss.exesessionmanager
csrss.exe subsystem server process
winlogon.exe manages user login
services.exe contains many system services
lsass.exe manages IP security policies and starts ISAKMP / Oakley (IKE) and IP security drivers
svchost.exe the file protection system of Windows 2000 / XP
spoolsv.exe loads files into memory for later printing.)
explorer.exe resource manager
Pinyin icon of international.exe tray area)
mstask.exe allows programs to run at a specified time
regsvc.exe allows remote registry operation System services) - & gt; Remoteregister
winmgmt.exe provides system management information (system services)
inetinfo.exemsftpsvc, W3SVC, iisadmn
tlntsvr.exe tlnrsvr
tftpd.exe implements TFTP Internet standard. The standard does not require a user name and password
termsrv.exe termservice
dns.exe answers queries and update requests for DNS names
tcpsvcs.exe provides the ability to remotely install Windows 2000 professional on PXE remotely bootable client computers
ismserv.exe allows sending and receiving messages between windows advanced server sites
ups.exe manages the uninterruptible power supply (UPS) connected to the computer
wins.exe provides NetBIOS name service for TCP / IP clients who register and resolve NetBIOS type names
llssrv.exe certificate recording service
ntfrs.exe maintains file synchronization of file directory contents among multiple servers
rssub.exe controls the media used to store data remotely
locator.exe manages the RPC name service database
lserver.exe registers the client license
dfssvc.exe manages logical volumes distributed in LAN or WAN
clipsrv.exe supports the "scrapbook viewer" so that you can view the scrapbook page from the remote scrapbook
msdtc.exe is a parallel transaction, which is distributed in more than two databases, message queues, file systems or other transaction protection resource managers
faxsvc.exe helps you send and receive faxes
cisvc.exe index service
dmdmin.exe disk management request system management service
mnmsrvc.exe allows users with permissions to use NetMeeting to access the windows desktop remotely
netdde.exe provides network transmission and security features of dynamic data exchange (DDE)
smlogsvc.exe configures performance logs and alerts
rsvp.exe provides network signal and local communication control installation functions for quality of service (QoS) - dependent programs and control applications
rseng.exe coordinates services and management tools for storing infrequent data
rsfsa.exe manages the operation of remotely stored files
grovel.exe scans for plicate files on the SIS volume and points the plicate files to a data storage point to save disk space (only useful for NTFS file systems)
scardsvr.ex manages and controls the access of the smart card inserted in the smart card reader
snmp.exe contains an agent that can monitor the activity of network devices and report to the network console workstation
snmptrap.exe receives trap messages generated by local or remote SNMP agents, and then passes the messages to the SNMP manager running on this computer.
utilman.exe starts and configures assistive tools from a window
msiexec.exe installs, repairs and removes software according to the commands contained in the. MSI file
summary: the secret of finding suspicious processes is to look at the process list in the task manager. After reading too much, you can find suspicious processes at a glance, just like looking for strangers in a group of familiar people.
in Windows 2000, The system contains the following default processes:
csrss.exe
explorer.exe
internat.exe
lsass.exe
mstask.exe
smss.exe
spoolsv.exe
svchost.exe
services.exe
system
system idle process
taskmgr.exe
winlogon.exe
winmgmt.exe
more processes and their brief descriptions are listed below
process name Description
smss.exesessionmanager
csrss.exe subsystem server process
winlogon.exe manages user login
services.exe contains many system services
lsass.exe manages IP security policies and starts ISAKMP / Oakley (IKE) and IP security drivers
svchost.exe the file protection system of Windows 2000 / XP
spoolsv.exe loads files into memory for later printing.)
explorer.exe resource manager
Pinyin icon of international.exe tray area)
mstask.exe allows programs to run at a specified time
regsvc.exe allows remote registry operation System services) - & gt; Remoteregister
winmgmt.exe provides system management information (system services)
inetinfo.exemsftpsvc, W3SVC, iisadmn
tlntsvr.exe tlnrsvr
tftpd.exe implements TFTP Internet standard. The standard does not require a user name and password
termsrv.exe termservice
dns.exe answers queries and update requests for DNS names
tcpsvcs.exe provides the ability to remotely install Windows 2000 professional on PXE remotely bootable client computers
ismserv.exe allows sending and receiving messages between windows advanced server sites
ups.exe manages the uninterruptible power supply (UPS) connected to the computer
wins.exe provides NetBIOS name service for TCP / IP clients who register and resolve NetBIOS type names
llssrv.exe certificate recording service
ntfrs.exe maintains file synchronization of file directory contents among multiple servers
rssub.exe controls the media used to store data remotely
locator.exe manages the RPC name service database
lserver.exe registers the client license
dfssvc.exe manages logical volumes distributed in LAN or WAN
clipsrv.exe supports the "scrapbook viewer" so that you can view the scrapbook page from the remote scrapbook
msdtc.exe is a parallel transaction, which is distributed in more than two databases, message queues, file systems or other transaction protection resource managers
faxsvc.exe helps you send and receive faxes
cisvc.exe index service
dmdmin.exe disk management request system management service
mnmsrvc.exe allows users with permissions to use NetMeeting to access the windows desktop remotely
netdde.exe provides network transmission and security features of dynamic data exchange (DDE)
smlogsvc.exe configures performance logs and alerts
rsvp.exe provides network signal and local communication control installation functions for quality of service (QoS) - dependent programs and control applications
rseng.exe coordinates services and management tools for storing infrequent data
rsfsa.exe manages the operation of remotely stored files
grovel.exe scans for plicate files on the SIS volume and points the plicate files to a data storage point to save disk space (only useful for NTFS file systems)
scardsvr.ex manages and controls the access of the smart card inserted in the smart card reader
snmp.exe contains an agent that can monitor the activity of network devices and report to the network console workstation
snmptrap.exe receives trap messages generated by local or remote SNMP agents, and then passes the messages to the SNMP manager running on this computer.
utilman.exe starts and configures assistive tools from a window
msiexec.exe installs, repairs and removes software according to the commands contained in the. MSI file
summary: the secret of finding suspicious processes is to look at the process list in the task manager. After reading too much, you can find suspicious processes at a glance, just like looking for strangers in a group of familiar people.
9. 3.1 local hiding
local hiding refers to the hiding means adopted by Trojan horse to prevent being found by local users, mainly including startup hiding, file hiding, process hiding, kernel mole hiding, original distribution hiding, etc. These methods can be divided into three categories:
hiding Trojans (attaching, bundling or replacing) in legitimate programs
modify or replace the corresponding detection program to hide the output information of Trojan horse
using the working mechanism or defects of the detection program itself to avoid Trojan detection
1. Startup concealment
startup concealment means that the target machine automatically loads and runs Trojan programs without being discovered by users. In Windows system, the typical ways of Trojan start are: modifying the system "start" item; Modify the key value of the registry; Insert common default startup services; Modify the system configuration files (config. Sys, win. Ini, system. Ini, etc.); Modify group policy, etc. These startup modes usually need to modify the relevant files of the system, which are easy to be found by the detection tools. In addition, there are some special Trojan startup methods, such as: file association and parasitic startup (injection of ordinary process), etc
2. File hiding
file hiding includes two aspects: one is to confuse users by camouflage; The second is to hide the Trojan file itself. For the former, in addition to modifying the file attribute to "hide", most of them hide themselves by some file names similar to system files. For the latter, the program related to file system operation can be modified to filter out Trojan information; Special area storage (such as low-level operation on the hard disk, marking some sectors as bad areas, hiding Trojan files in these locations, or storing files in the boot area) can achieve the purpose of hiding itself. In Windows NT / 2000, if the file system is NTFS, you can use NTFS stream to hide Trojan files< Process hiding
a process is usually defined as an instance of a running program, which consists of two parts:
(1) one is the kernel object used by the operating system to manage the process. Kernel objects are also used by the system to store statistics about processes
(2) the other is the address space, which contains the code and data of all executable moles or DLL moles. It also contains space for dynamic memory allocation. Such as thread stack and heap allocation space
a normal windows application will generate a process in the system after running. The task manager in Windows 2000 / XP system can see which processes are running in the system. As long as you usually look at the list of processes in the task manager and get familiar with the basic processes of the system, you can find suspicious processes at any time, which is of great benefit to prevent Trojans and viruses! Therefore, if you want the Trojan horse to run in the server, you must make it disappear in the task manager, that is, the process is hidden
Trojan process hiding includes two aspects: pseudo hiding and true hiding. Pseudo hiding means that the process of Trojan still exists, but disappears in the process list; True hiding is to make the program disappear completely and not work as a process or service. Process hiding is mainly used in Windows system.
local hiding refers to the hiding means adopted by Trojan horse to prevent being found by local users, mainly including startup hiding, file hiding, process hiding, kernel mole hiding, original distribution hiding, etc. These methods can be divided into three categories:
hiding Trojans (attaching, bundling or replacing) in legitimate programs
modify or replace the corresponding detection program to hide the output information of Trojan horse
using the working mechanism or defects of the detection program itself to avoid Trojan detection
1. Startup concealment
startup concealment means that the target machine automatically loads and runs Trojan programs without being discovered by users. In Windows system, the typical ways of Trojan start are: modifying the system "start" item; Modify the key value of the registry; Insert common default startup services; Modify the system configuration files (config. Sys, win. Ini, system. Ini, etc.); Modify group policy, etc. These startup modes usually need to modify the relevant files of the system, which are easy to be found by the detection tools. In addition, there are some special Trojan startup methods, such as: file association and parasitic startup (injection of ordinary process), etc
2. File hiding
file hiding includes two aspects: one is to confuse users by camouflage; The second is to hide the Trojan file itself. For the former, in addition to modifying the file attribute to "hide", most of them hide themselves by some file names similar to system files. For the latter, the program related to file system operation can be modified to filter out Trojan information; Special area storage (such as low-level operation on the hard disk, marking some sectors as bad areas, hiding Trojan files in these locations, or storing files in the boot area) can achieve the purpose of hiding itself. In Windows NT / 2000, if the file system is NTFS, you can use NTFS stream to hide Trojan files< Process hiding
a process is usually defined as an instance of a running program, which consists of two parts:
(1) one is the kernel object used by the operating system to manage the process. Kernel objects are also used by the system to store statistics about processes
(2) the other is the address space, which contains the code and data of all executable moles or DLL moles. It also contains space for dynamic memory allocation. Such as thread stack and heap allocation space
a normal windows application will generate a process in the system after running. The task manager in Windows 2000 / XP system can see which processes are running in the system. As long as you usually look at the list of processes in the task manager and get familiar with the basic processes of the system, you can find suspicious processes at any time, which is of great benefit to prevent Trojans and viruses! Therefore, if you want the Trojan horse to run in the server, you must make it disappear in the task manager, that is, the process is hidden
Trojan process hiding includes two aspects: pseudo hiding and true hiding. Pseudo hiding means that the process of Trojan still exists, but disappears in the process list; True hiding is to make the program disappear completely and not work as a process or service. Process hiding is mainly used in Windows system.
Hot content