Showing posts with label Tips. Show all posts
Showing posts with label Tips. Show all posts

Sunday, May 14, 2017

Free Tool Check Wanacry Ransomware Virus By BKAV Anti Virus Lastest


This morning, May 15, 2012, Bkav Technology Group has released the free Wanna Crypt (also known as Wanna Crypt0r or Wanna Cry) - a powerful malware that is spreading vigorously in more than 90 countries. In the world, including Vietnam.

Bkav's free tool helps users scan the computer for Wanna Crypt infections. More importantly, this tool can check and alert if the computer contains the EternalBlue flaw - the vulnerability that Wanna Crypt exploits to infiltrate the computer.


Users can download the tool from Bkav.com.vn/Tool/CheckWanCry.exe. The tool does not require installation, which can always be launched for scanning. Users of Bkav Pro or Bkav Endpoint will not need to run the tool because they have automatic protection.

Earlier, Wanna Crypt extorted only a few hours ago, infecting more than 100,000 computers worldwide. Recognized initially from Bkav virus monitoring system on 13/5, there have been cases of this infection in Vietnam. The number of infections is expected to increase sharply in the beginning of next week, with large numbers of computers switched on when people return to work.

Wanna Crypt is able to scan entire computers in the same network for search and direct access to machines containing EternalBlue vulnerabilities without the user having to directly manipulate attachments or malicious links. So, just one computer in a company / organization infected with malicious code, all the other computers in the network will be vulnerable to malicious code attack, encrypt the data.

According to Bkav experts, Wanna Crypt can be classified as the highest risk because of both rapid spread and severe destruction. The infection type of malicious code is not new, but shows that the trend to take advantage of new vulnerabilities to attack, make money will also be used by hackers in the coming time, especially the vulnerabilities of the operating system.

After scanning with a tool, if you detect a vulnerable computer, you need to copy all the important data on the machine, update the patch for the operating system by going to Windows Update → Check for updates to check the The latest patch.


To prevent the risk of malicious infections, experts recommend that users open text files received from the Internet in a Safe Run quarantine environment and install regular antivirus software on the computer for automatic protection.




Tips To Protect You From The Wannacry Virus Effectively Lastest



A. Check port 445
Open CMD Admin Admin and type
Netstat -an | Findstr 445
If the type does not show what is OK and if the letter LISTENNING, then block the port immediately
B. Turn off SMB (Open Powershell on and off the following commands)
Open Start-> Windows PowerShell-> Right-click Windows Powershell and select Run as administrator
Copy each line Paste into. If it fails, ignore it
Remove-WindowsFeature FS-SMB1
Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol
Sc.exe config lanmanworkstation depend = bowser / mrxsmb20 / nsi
Sc.exe config mrxsmb10 start = disabled
Sc.exe config lanmanworkstation depend = bowser / mrxsmb10 / nsi
Sc.exe config mrxsmb20 start = disabled
Set-SmbServerConfiguration -EnableSMB2Protocol $ false
Set-ItemProperty -Path "HKLM: \ SYSTEM \ CurrentControlSet \ Services \ LanmanServer \ Parameters" SMB2 -Type DWORD -Value 0 -Force

B. Block port 445/137/138/139 on the firewall
Any machine that has Antivirus installed on its own firewall must be configured on the firewall
Of the Anivirus
And do not use any Antivirus or Windows Defener do the following
Step 1: Open the Firewall search startup list and select Windows Firewall with Advanced security
Step 2: Inbound Rules-> New Rule-> Port
Step 3: Select UDP-> Specific local ports enter this line in 445, 137, 138, 139
Step 4: Block the connection
Step 5: Tick all 3
Step 6: Naming option-> finish
Step 7: Check if the firewall is enabled or not

C. Turn off Sever service
B1: Run-> Services.msc
B2: Look to Services Server. Right click on Stop
B3: Double click on it. Startup type changes to Disabled. Apply-> OK
After finishing all RESTART AGAIN. DON'T SHUTDOWN

Or install antivirus software here