Upload
renee-barlow
View
41
Download
0
Embed Size (px)
DESCRIPTION
RSU Threat Training. Sophon Ponglaksamana : Technical Account Manager. Agenda. - ไวรัสคอมพิวเตอร์คืออะไร - ประเภทของไวรัสคอมพิวเตอร์ - ช่องทางการแพร่กระจายของไวรัสคอมพิวเตอร์ - สาเหตุการติดไวรัสของเครื่องคอมพิวเตอร์ - การตรวจสอบการติดไวรัส - ไวรัสคอมพิวเตอร์เข้ามาคุกคามได้อย่างไร - PowerPoint PPT Presentation
Citation preview
Copyright 2009 Trend Micro Inc.Classification 04/20/23 1
RSU Threat Training
Sophon Ponglaksamana : Technical Account Manager
Copyright 2009 Trend Micro Inc.Classification 04/20/23 2
Agenda
-ไวรั�สคอมพิวเตอรั ค�ออะไรั- ปรัะเภทของไวรั�สคอมพิวเตอรั - ช่�องทางการัแพิรั�กรัะจายของไวรั�สคอมพิวเตอรั - สาเหต�การัตดไวรั�สของเครั��องคอมพิวเตอรั - การัตรัวจสอบการัตดไวรั�ส- ไวรั�สคอมพิวเตอรั เข!ามาค�กคามได!อย�างไรั- วธี#ป$องก�นไวรั�สคอมพิวเตอรั - ข!อควรัรัะว�งในการัเป'ดไฟล์ ต�างๆ เช่�น email, data files
Copyright 2009 Trend Micro Inc.Classification 04/20/23 3
Agenda
- โปรัแกรัมสแกนไวรั�ส Trend micro- เครั��องม�อป$องก�นไวรั�สจาก flash drive เช่�น autorun killer, usb security,- การัท,างานของซอฟต แวรั สแกนไวรั�ส- การัค!นหาวธี#ก,าจ�ดไวรั�สจากอนเตอรั เน.ต- แนะน,าเว.บไซต ก,าจ�ดไวรั�ส- สาธีตเทคนคการัป$องก�นแล์ะก,าจ�ดไวรั�ส
Copyright 2009 Trend Micro Inc.Classification 04/20/23 4
-ไวรั�สคอมพิวเตอรั ค�ออะไรั- ปรัะเภทของไวรั�สคอมพิวเตอรั
Copyright 2009 Trend Micro Inc.
Threat Environment Evolution to Crimeware
2001
Co
mp
lexi
ty
2003 2004 2005 2007
Crimeware
Spyware
SpamMass Mailers
IntelligentBotnets
Web BasedMalware Attacks
• Multi-Vector• Multi-Component
• Web
Polymorphic• Rapid Variants• Single Instance• Single Target• Regional Attacks• Silent, Hidden • Hard to Clean• Botnet Enabled
VulnerabilitiesWorm/Outbreaks
Copyright 2009 Trend Micro Inc.
What are the types of virus/malware?• Joke program: A virus- like program that often manipulates the
appearance of things on a computer monitor.
• Trojan program: An executable program that does not replicate but instead resides on systems to perform malicious acts, such as opening ports for hackers to enter. Traditional antivirus solutions can detect and remove viruses but not Trojans, especially those already running on the system.
• Virus: A program that replicates. To do so, the virus needs to attach itself to other program files and execute whenever the host program executes.
• Test virus: An inert file that acts like a real virus and is detectable by virus-scanning software. Use test viruses, such as the EICAR test script , to verify that your antivirus installation scans properly.
• Packers: A compressed and/ or encrypted Windows or Linux executable program, often a Trojan horse program. Compressing executables makes packer more difficult for antivirus products to detect.
• Others: Virus/Malware not belonging to any of the above categories.
• Generic: A potential security risk. Trend Micro considers a “generic” virus/malware a potential security risk based on its behavior and characteristics,
Copyright 2009 Trend Micro Inc.
What are the types of spyware/grayware?
• Spyware : Gathers data, such as account user names and passwords, and transmits them to third parties
• Adware : Displays advertisements and gathers data, such as user Web surfing preferences, used for targeting advertisements at the user through a Web browser
• Dialer : Changes computer Internet settings and can force a computer to dial pre-configured phone numbers through a modem. These are often pay-per-call or international numbers that can result in a significant expense for your organization
• Joke program : Causes abnormal computer behavior, such as closing and opening the CD-ROM tray and displaying numerous message boxes
• Hacking tool : Helps hackers enter computers
• Remote access tool : Helps hackers remotely access and control computers
• Password cracking application: Helps hackers decipher account user names and passwords
• Others: Other types of potentially malicious programs
Copyright 2009 Trend Micro Inc.Classification 04/20/23 8
- ช่�องทางการัแพิรั�กรัะจายของไวรั�สคอมพิวเตอรั - สาเหต�การัตดไวรั�สของเครั��องคอมพิวเตอรั - ไวรั�สคอมพิวเตอรั เข!ามาค�กคามได!อย�างไรั
Copyright 2009 Trend Micro Inc.
Enterprise Endpoints the ultimate targets
Web threats
• Viruses• Trojans• Bots• Rootkits• Spyware• Adware• Key Logger• Information Stealer
Messaging threats
• Worms• Viruses• Phishing• Pharming• SPAM
Network threats• Network worms• Hacking• DoS
Copyright 2009 Trend Micro Inc.
IT Environment ChangesThreat Landscape
• Exponential growth in malware– 3 new unique malware every 1 seconds– Profit drives sophistication and “quality” of malware
• Web is #1 infection vector– Even legitimate sites spread malware– 90% of all new malware leverages the Web
• Vulnerabilities are exploited faster– 74% of attacks emerge the same day than patches– 89% of attacks work remotely, over the network
Web-based attacks
Copyright 2009 Trend Micro Inc.
57 205 7991,484
2,3973,881
6,279
10,160
16,438
26,598
2007 2009 2011 2013 2015
Signature file updates take too long • Delay protection across all clients and servers• Leave a critical security gap
Signature files are becoming too big • Increase impact on endpoint resources• Unpredictable increase of client size
Patches cannot be deployed in time• Systems remain exposed to exploits• Average time to patch was 55 days in 2009
Unique threat samples PER HOUR
IT Environment ChangesChallenge: Traditional Approaches Fail
Copyright 2009 Trend Micro Inc.
04/20/23Classification
High Impact Threats
• Compromised Website (Italian Job)
MPack Server(malware site)
ONE.COM TWO.COM THREE.COM FOUR.COM FIVECOM SIX.COM
Group of web sites with IFRAMES pointing to malware site
UserUser goes to six.com
IFRAME in six.com connects to mpack server
Mpack server serves malicious code to user
Copyright 2009 Trend Micro Inc.Paramount Q1 2008 - 13
Host A (192.168.1.3)
Host C (192.168.1.1)
Gateway
Host B (192.168.1.2)
Host D (192.168.1.4)
How ARP Works?
Who has 192.168.1.1?
Host A is sending an ARP request…
I have 192.168.1.1 My MAC address is [Host B MAC address]
Host B is sending an ARP response…
Man in the middle
Be Gateway now
Copyright 2009 Trend Micro Inc.Paramount Q1 2008 - 14
Web threat and PE virus relationship
WEB Malicious user deploys TSPY_LINEAGE on the web…
Malicious user deploys PE_LOOKED to infect files and propagate via network shares
Network of Computers
PE_LOOKED downloads TSPY_LINEAGE
TSPY_LINEAGE gets downloaded from the web
TSPY_LINEAGE steals information and sends it to malicious user
Copyright 2009 Trend Micro Inc. 15Classification
From the Trend Micro 2009 Annual Threat Report Roundup:
• Social networking sites will grow as targets
• Social engineering will become increasingly prevalent and clever
• Unlike the global economy, the underground economy will continue to flourish
Copyright 2009 Trend Micro Inc.
Passive Attack Active Attack
Classification 04/20/23 16
Details of Black Hat Attack
• Google Hacking• WhoIs Query• Social Community• Offline Research
• Web Crawling• Network Scanning/Mapping• Port Scanning• Vulnerability Scanning• OS Fingerprinting• Enumeration• Social Engineering
• Malware Propagation
• Malware Acquisition and Execution (by the user)
• Active Exploit• Malware Placement and Execution (by the hacker)
• Malware Infection Behavior (File Infection, Program HiJacking, AV Retaliation, Process Termination, System Restriction, etc.)• Malicious Payload (Information Theft, Denial-of-Service, Backdoor, Agents, etc.)• Hacking Tools, Remote Access Tools
• Detection Avoidance (Covert Channel, Rootkit, Polymorphism, Fast Update Mechanism, File System Manipulation, Multiple-variant deployment, Login Hijacking, Use of Normal Applications, etc.)
Line of Successful Infection
Copyright 2009 Trend Micro Inc. 17Classification
Cybercriminals will formulate more direct and brazen extortion tactics to gain quicker access to cash
• Malware developers, anti-detection vendors, and botnet herders are becoming better at their “jobs”
Copyright 2009 Trend Micro Inc. 18Classification
Business as usual for botnets but heavier monetization by botnet herders
• Bot masters will aim for faster monetization
• “Pay-per-install” business model
Copyright 2009 Trend Micro Inc. 19
Mobile threats will have more impact.
• Consumer acceptance of mobile phone-based financial activity is increasing
• Two distinct handset-based (albeit rudimentary) botnets were detected in 2009
Copyright 2009 Trend Micro Inc. 20
Compromised products come straight from the factory.
• Devices that are tampered coming off the shelves are increasing – Media players– Other USB devices– Digital photo frames
• Even “known good” software run the risk of being embedded with a malware component
Copyright 2009 Trend Micro Inc. 21Classification
Web threats will continue to plague Internet users.
• Poisoned searches
• More malicious scripts, less binaries
• Malvertisements
• Application vulnerabilities
Copyright 2009 Trend Micro Inc. 22Classification
Web threats will continue to plague Internet users.
• Attack possibilities even in cloud-based scenarios
- Manipulating the connection to the cloud
- Attacking the cloud itself
- Cloud vendor data breaches
Copyright 2009 Trend Micro Inc.Classification 04/20/23 23
Man-In-The-Middle (MITM) Attack
• ARP Spoofing/Poisoning (active sniffing)– Poisoned ARP contains IP of destination with MAC address of the MITM
• DNS Poisoning– Provides fake DNS information to redirect network traffic to malicious destination– (DNS spoofing, Proxy Server DNS poisoning, DNS cache poisoning, Pharming, etc.)
• Session Hijacking– This is taking control of TCP session exchanged between two computers– This is being done by altering the sequence number of a TCP session
Man-In-The-Middle
Source To Real Destination
Copyright 2009 Trend Micro Inc.Classification 04/20/23
DNS Poisoning Attack
Fake Website Fake Website www.g00gl3.comwww.g00gl3.com
Victim
Poisoned DNS on the ISP side
Legit Website Legit Website www.google.comwww.google.com
Copyright 2009 Trend Micro Inc. 25Classification
Cybercriminals will use social media and social networks to enter users’ “circle of trust.”
• Social engineering will continue to play a big role in threat propagation
• Social networks will be ripe venues for stealing PII
Copyright 2009 Trend Micro Inc.Classification 04/20/23 26
Web Server Attack/Compromise
• Cross-Site Scripting (XSS)– Crafted URI <legit URL> + <injected malicious javascript>– Example: victimwebsite.com/default.asp?name=<script>evilScript()</script>
• SQL Injection– Use of SQL statements to directly access the DB behind a web server
• IFRAME Injection– Injection of foreign IFRAME scripts on a target victim web page
• Other web application exploits that enables the attacker to do modification on the web server for the purpose of…
– Redirecting users to a malicious website (disease vector)– Implementing a drive-by download
Copyright 2009 Trend Micro Inc.Classification 04/20/23
Effects of Web Server AttackWebsite Defacement
Compromised Website
Copyright 2009 Trend Micro Inc.Classification 04/20/23 28
Denial-of-Service Attack (DoS)
• DoS prevents unauthorized users from accessing a computer or network
• Types DoS Attack: Smurf, Ping-of-Death, SYN flood, Teardrop, etc.
• DoS involving two or mote attacking host is called distributed denial-of-service (or DDOS).
Infected Machine
Attacked Server
Clients
DoS ATTACK
DoS ATTACK
Request Timed Out
Host Not Found
Request Timed OutHost Not Found
Request Timed Out
Copyright 2009 Trend Micro Inc.Classification 04/20/23 29
Exploit Packets
• Exploit packet are crafted packets (that cause buffer overflow) which contain a code (payload) that takes advantage of a certain vulnerability on the target machine
• Zero-Day Exploit is an exploit that is found in-the-wild before or on the same date that the vulnerability was discovered.
SECURITY EXPOSURE
VULNERABILITY
VULNERABILITY
EXPLOIT
Copyright 2009 Trend Micro Inc.04/20/23 30
Exploit Terminologies and ConceptsAn vulnerable system is a particular OS version that contains a certain version of a Windows
DLL which is used by a particular application
An vulnerable system is a particular OS version that contains a certain version of a Windows
DLL which is used by a particular application
Certain versions of Windows DLL’s contain
functions which are vulnerable and can be
exploited
Certain versions of Windows DLL’s contain
functions which are vulnerable and can be
exploited
Malware FileMalware File
Exploit
Exploit worm malwares usually have code that simulates a file server
that provides the malware copy to
exploited machines
Exploit worm malwares usually have code that simulates a file server
that provides the malware copy to
exploited machinesThe worm malware contains exploit code whose main task is to cause the vulnerable application to crash
The worm malware contains exploit code whose main task is to cause the vulnerable application to crash
The malicious routines that the exploit will perform are called shellcode which
connects to the malware file server to download
the malware to the system
The malicious routines that the exploit will perform are called shellcode which
connects to the malware file server to download
the malware to the system
Copyright 2009 Trend Micro Inc.04/20/23 31
Exploit Worm Operating Algorithm
Exploit
Exploit
192.168.100.2
192.168.100.3
The malware will first enumerate all machines in the network and find out the IP addresses of
the connected machines.
The malware will first enumerate all machines in the network and find out the IP addresses of
the connected machines.Infected System
It will then setup a ftp/http server which will
wait for requests from any exploited machine.
It will then setup a ftp/http server which will
wait for requests from any exploited machine.
If the machine is vulnerable, then the
exploit packet will cause the affected application to hang and the exploit shellcode will trigger.
If the machine is vulnerable, then the
exploit packet will cause the affected application to hang and the exploit shellcode will trigger.
The exploit shellcode will connect back to the
malware ftp/http server to download the malware copy to the exploited system and execute the malware in the
system.
The exploit shellcode will connect back to the
malware ftp/http server to download the malware copy to the exploited system and execute the malware in the
system.
Copyright 2009 Trend Micro Inc.Classification 04/20/23 32
Command & Control (C&C) or Backdooring
Command and Control (C&C)
• Backdoors has two(2) components: client and server component
• Server component (acts as the Bot client/zombie) is the infecting malware that opens up backdoor communication, receives command from a C&C server, and executes them
• Client component (or the hacker console) which enables the cyber criminal to send commands and takes control of the machine/s which was infected by the server component
• Backdoor client system which controls so many server components or bots is called in layman’s term as “command and control” or C&C server.
Copyright 2009 Trend Micro Inc.Classification 04/20/23 33
Information Theft
Victim
Cyber TheftLogged Keystrokes
Personal/Confidential Files
Email Addresses
System Information
Application Serial Keys
Account Credentials
Browser History
Copyright 2009 Trend Micro Inc.Classification 04/20/23 34
- วธี#ป$องก�นไวรั�สคอมพิวเตอรั - ข!อควรัรัะว�งในการัเป'ดไฟล์ ต�างๆ เช่�น email, data files
Copyright 2009 Trend Micro Inc.Classification 04/20/23 35
Worms
Email Worm
IM Worm
Network Worm
Copyright 2009 Trend Micro Inc.
Malware started from a simple programMalware started from a simple programcalled “Elk Cloner”called “Elk Cloner”
Classification 04/20/23 36
• Most mobile malware threats to date cannot be called serious, however we have seen several have capabilities that are similar to information stealers on desktop systems.
• WINCE_INFOJACK.A – runs on Windows CE/Mobile devices; has information stealing capabilities, as well as changing the security settings of the mobile device.
• SYMBOS_YXES.A and SYMBOS_YXES.B – runs on Symbian devices; also has information stealing capabilities, .B variant can also spam user contacts on the phone
It will get on all your disksIt will infiltrate your chipsYes it's Cloner!It will stick to you like glueIt will modify ram tooSend in the Cloner!
Copyright 2009 Trend Micro Inc.
Early Mobile NetworkingEarly Mobile Networking
Classification 04/20/23 37
Bluetooth Hijacker
Copyright 2009 Trend Micro Inc.Classification 04/20/23 38
The Age of Mobile ComputingThe Age of Mobile Computing
Unlike the previous generation of cell phones that were at their worst susceptible to local Bluetooth hijacking, modern Internet-tethered cellphones are today susceptible to being probed, fingerprinted, and surreptitiously exploited by hackers from anywhere on the internet.
Copyright 2009 Trend Micro Inc.
The latest trend is “iPhone Mania”The latest trend is “iPhone Mania”
Classification 04/20/23 39
• However, while attacks based on malicious files on mobile devices are limited, there is nothing that stops Web-based threats from working on Internet-capable mobile devices.
• Examples: phishing attacks can be carried out whatever the platform.
• FAKEAV alerts appear on any system, even iPhones
Copyright 2009 Trend Micro Inc.
iPhone JailbreakingiPhone JailbreakingThe possibilities are endless.
Classification 04/20/23 40
Dutch users of jailbroken iPhones in T-Mobile's 3G IP range began experiencing a pop-up ransomware (due to IP scanning via the internet). The popup window notifies the victim that the phone has been hacked, and then sends that victim to a website where a $5 ransom payment is demanded to remove the malware infection
The worm would install a wallpaper of the British 1980's pop star Rick Astley onto the victim's iPhone, and it succeeded in infecting an estimated 21,000 victims within about a week in Australia.
Copyright 2009 Trend Micro Inc. 41
FackAV Review
• FakeAV official website– XpAntivirusonline.com– XPOnlinescanner.com– XPSecuritycenter.com– XPAntispyware.com– XPAntiviruspro.com– XPAntivirus2008.com– XPAntivirus-scanner.com– XPAntivirus.com– XPAntivirussite.com– FileShredder2008.com– XPDownloadings.com
– CleanerMaster.com
Copyright 2009 Trend Micro Inc. 42
FakeAV still alive in 2009&2010
• XPVirusProtection, TotalVirusProtection, MalwareDoc(ref: http://www.lavasoft.com/mylavasoft/company/blog/2-new-rogue-antivirus-programs)
• Anti-Virus-1
(ref: http://sunbeltblog.blogspot.com/2009/02/new-rogue-anti-virus-1.html)
• AntiSpyware Protector, System Guard Center, Privacy components(ref: http://sunbeltblog.blogspot.com/2009/02/new-rogue-security-products.html)
• SpyBurner, XpyBurner System Tuner, HDriveSweeper(ref: http://sunbeltblog.blogspot.com/2009/02/new-rogue-xpyburner.html)
Copyright 2009 Trend Micro Inc. 43
Reality Check on FAKE AV’s
112/04/20
43
Why are they reoccurring? Because the malwares are updating by the minute, website brought and spawns up in another host, malware knows they are being detected so they are innovating and we didn’t have the complete sample from the 1st visible case of the said malware since it wasn’t deemed a note worth case during the time.
Copyright 2009 Trend Micro Inc.Classification 04/20/23 44
Regional Web Threats, Web Compromised SAMPLE
Copyright 2009 Trend Micro Inc.Classification 04/20/23 45
Regional Web Threats, Web Compromised SAMPLE
Copyright 2009 Trend Micro Inc.Classification 04/20/23 46
Malware file Hunt Down
• Directory / Folder– Program Files– System32– Windows– C:\
Copyright 2009 Trend Micro Inc.Classification 04/20/23 47
Malware file Hunt Down
• Date and Time stamp– Most recent file that was added or modified– Locate malware component files
4 suspected files were recently added in your system
2 of which arrived at the same time,indicating that an installer or trojandropper had placed these files.
Copyright 2009 Trend Micro Inc.Classification 04/20/23 48
Malware file Hunt Down
• Filename– Wrong Spelling (e.g. svchost.exe scvhost.exe)
– Double extension name (e.g. Nude_Britney.jpg.exe)
– Random name
Copyright 2009 Trend Micro Inc.Classification 04/20/23 49
Malware file Hunt Down
• File ICON– Spoofed icons
– Generic icons
– Shortcut Link icons found at desktop
Pixilated icon of Microsoft update warning
Fabricated icon of Microsoft security center
Legitimate icon of Microsoft security center, but Microsoftdoes not use this icon for win32 / executable files.
Legitimate normal files usually have unique file icon
Shortcut links could also provide the file location of its executable.Icons with explicit graphics usually attracts users into clicking the iconthus allowing the execution of its executable file
Copyright 2009 Trend Micro Inc.Classification 04/20/23 50
Example : Virus
Copyright 2009 Trend Micro Inc.
WORM_DOWNAD.ADTo get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.
Initial samples received on: Dec 30, 2008
Vulnerability used: (MS08-067) Vulnerability in Server Service Could Allow Remote Code Execution (958644)
Payload 1: Downloads files
Payload 2: Connects to a URL
Copyright 2009 Trend Micro Inc.
WORM_DOWNAD.AD
Replication channel1. Via MS08-067
vulnerability exploit
2. Via network shares, by attacking the admin password to the share
3. Via removable storage
4. Via Internet
Victim• Unpatched Windows
• Account with weak password
• Enable autorun on windows (enable by default)
• User with internet access
• Highly dependant on Pattern solutions
Copyright 2009 Trend Micro Inc.
PE_SALITY.M Behavior Details
• Deletes entries under "Safeboot" key—possibly to prevent users from doing anything in safe mode
Copyright 2009 Trend Micro Inc.Classification 04/20/23 54
Example : FakeAV
Copyright 2009 Trend Micro Inc.Classification 04/20/23 55
Example : FakeAV
Copyright 2009 Trend Micro Inc.Classification 04/20/23 56
Example : FakeAV
Copyright 2009 Trend Micro Inc.Classification 04/20/23 57
The Security Challenge
• Malware threats are now being deployed in multiple variants deployed in multiple variants at the same time by using sophisticated packing (compression) and encryption technology (this is the reason behind the rapid growth of undetected malware volume in-the-wild)
• Malware threats are now implementing “active update” mechanism now implementing “active update” mechanism (i.e. malware binaries are being updated every less than an hour)
• Threats are now using legit channel now using legit channel to attack/infect such as using HTTP and port 80 which are not advisable to block
• Malware threats are attacking and disabling security and antivirus attacking and disabling security and antivirus productsproducts
• Malware threats are using advanced stealth techniques are using advanced stealth techniques (i.e. rootkits) to avoid detection
• Threats are using 0-day exploits to attack/infect using 0-day exploits to attack/infect (0-day exploits are normally unblockable)
Copyright 2009 Trend Micro Inc.Classification 04/20/23 58
- โปรัแกรัมสแกนไวรั�ส Trend micro- การัท,างานของซอฟต แวรั สแกนไวรั�ส
Copyright 2009 Trend Micro Inc.Classification 04/20/23 59
OSCE client
Copyright 2009 Trend Micro Inc.
Scan Flows Scan Flows – detailed– detailed
Copyright 2009 Trend Micro Inc.
Internal Document
Proof of Concept – Basic setup
• This is a basic diagram of OfficeScan which can show most of the features as POC
Copyright 2009 Trend Micro Inc.62
Client Console Scan Tab
From the Scan tab you can:
• Select the drives and directories you want to manually scan
• Begin a manual scan– Scanning will use settings
configured in client console with privileges or OfficeScan management console
• Run Damage Cleanup Services (DCS)
Copyright 2009 Trend Micro Inc.63
Client Console Scan Results Tab
From the Scan Results tab you can:
• View the results from the most recent manual scan
• View statistics about the most recent manual scan
Copyright 2009 Trend Micro Inc.64
Client Console Log Report Tab
From the Log Report tab you can:
• View logs about the virus activities on your computer
• Manage logs and assess your computer’s protection
Copyright 2009 Trend Micro Inc.65
Additional Functions
Real-time Monitor
• Real-time scan status– Last file scanned– Last virus found
• Scan Statistics– Total number of files
scanned– Number of infected filed
• Scheduled Scan Settings– When scan is scheduled
to run
Copyright 2009 Trend Micro Inc.
Example scan results
Copyright 2009 Trend Micro Inc.
Example scan results
Copyright 2009 Trend Micro Inc.
Example scan results
Copyright 2009 Trend Micro Inc.Classification 04/20/23 69
- เครั��องม�อป$องก�นไวรั�สจาก flash drive เช่�น autorun killer, usb security
Copyright 2009 Trend Micro Inc.
USB Scan
Copyright 2009 Trend Micro Inc.Classification 04/20/23 71
- การัค!นหาวธี#ก,าจ�ดไวรั�สจากอนเตอรั เน.ต- แนะน,าเว.บไซต ก,าจ�ดไวรั�ส- สาธีตเทคนคการัป$องก�นแล์ะก,าจ�ดไวรั�ส
Copyright 2009 Trend Micro Inc.
http://us.trendmicro.com/us/trendwatch/
Copyright 2009 Trend Micro Inc.
http://free.antivirus.com/clean-up-tools/
Copyright 2009 Trend Micro Inc.
http://housecall.trendmicro.com/index.html
Copyright 2009 Trend Micro Inc.
http://free.antivirus.com/clean-up-tools/
Copyright 2009 Trend Micro Inc.
http://about-threats.trendmicro.com/
Copyright 2009 Trend Micro Inc.
http://about-threats.trendmicro.com/Search.aspx?language=us&p=worm_downad.ad
Copyright 2009 Trend Micro Inc.
http://about-threats.trendmicro.com/malware.aspx?language=us&name=WORM_DOWNAD.AD
Copyright 2009 Trend Micro Inc.
Sysclean1. ทำ��ก�รสร��งโฟลเดอร�ส��หร�บโปรแกรม Sysclean บนคอมพิ�วเตอร�2. ด�วน�โหลด Sysclean จ�ก
http://www.trendmicro.com/ftp/products/tsc/sysclean.com ไปไว�ทำ��โฟลเดอร� ทำ��ได�สร��งไว�
3. ทำ��ก�รด�วน�โหลดไฟล�• Control Pattern (lptxxx.zip) จาก
http://www.trendmicro.com/download/pattern-cpr.asp
Copyright 2009 Trend Micro Inc.
Sysclean• ท,าการัแตกไฟล์ ไว!ท#�โฟล์เดอรั ท#�ได!สรั!างไว!
4. ให!ป'ดโปรัแกรัมท�/งหมดท#�ได!เป'ดไว! แล์ะท,าการัรั�นโปรัแกรัม Sysclean.com
Copyright 2009 Trend Micro Inc.
Sysclean5. ทำ��ก�รร�นโปรแกรม Sysclean.com และ Click Scan
Copyright 2009 Trend Micro Inc.
Sysclean6. Sysclean จะทำ��ก�ร Scan Virus และ Spyware
Copyright 2009 Trend Micro Inc.Classification 04/20/23 83
- แจ!งไปท#�ส,าน�กบรัการัเทคโนโล์ย#สารัสนเทศ- ตดต�อเบอรั : 5648/5649-Email : [email protected]
แจ!งป1ญหาไวรั�ส
Copyright 2009 Trend Micro Inc.Classification 04/20/23 84