360 Security Guard Offline Disaster Relief Edition

360 Security Guard Offline Disaster Relief Edition is an offline version of security software developed by 360 in response to a wide range of worm viruses. The advantage of not having to install it online is that even after a virus attack and network interruption, 360 Security Guard can be installed and comes with nsa We have an arsenal of immune tools to repair system vulnerabilities in a timely manner.

Introduction to 360 Security Guard Offline Disaster Relief Software

The ransomware virus will forcibly encrypt various types of data such as pictures, documents, videos, and compressed packages on the disk, causing the files to be unable to be opened normally. The ransomware viruses that broke out this time include ONION and WNCRY, which will tamper with disk files to .onion and .wncry suffixes respectively. The amount of virus extortion is as high as more than 50,000 yuan.
Ransomware viruses generally use high-strength encryption algorithms. Without the private key of the virus creator, it would take at least hundreds of thousands of years for an ordinary computer to brute force it. If you have been infected, you should scan the entire system for anti-virus and patch it as soon as possible. Don't be misled by the rumor that "computer patching will slow down".
In April this year, the NSA (U.S. National Security Agency) hacking arsenal was leaked and made public, including an "Eternal Blue" hacking weapon specifically designed to remotely attack the Windows file sharing port (port 445).
This virus outbreak uses EternalBlue to attack vulnerable Windows devices. Since the education network did not block port 445, there were a large number of machines with exposed vulnerabilities, which became the hardest hit area for ransomware viruses. In addition, the intranets of some enterprises and infrastructure in industries such as transportation and energy that were not patched in time were also infected.
In layman's terms, if the system is vulnerable to NSA weapon attacks, the ransomware virus can automatically infect the system as long as it is turned on and connected to the Internet without any action on your part.

360 Security Guard Offline Disaster Relief Edition Frequently Asked Questions

In response to network ransomware attacks, 360 Security Guard urgently provides emergency measures for users across the country. It can scan and repair vulnerabilities attacked by NSA hacker weapons with one click, close high-risk ports on unpatched systems such as XP, and comprehensively intercept ransomware viruses.
1. The virus is so harmful, what patches are needed?
Answer: It is strongly recommended that users check and install relevant system patches. For Windows 7 and above operating systems, the MS17-010 patch needs to be installed. Microsoft’s official download address is:
For Windows XP/2003 and other systems that have been officially out of service, Microsoft has launched special security patches targeting the vulnerabilities exploited by the virus.
Windows XP systems need to be upgraded to SP3 before installing this patch. In addition, users who have installed the 360 ​​Tianqing system can use its system repair function to repair and scan the system and install all patches.
Before putting the machine online for patching, you need to unplug the network cable and temporarily disable the Server service on the system. For specific instructions, please refer to the operation manual provided by 360 Enterprise Security.
2. Is there any anti-virus tool that can kill this worm?
Answer: Currently, both 360 Tianqing and Security Guard can detect and kill this virus. However, once the virus is implanted before the virus is detected, or the user's files have been successfully locked or encrypted, the data cannot be recovered. In this case, you can try the recovery tool provided by 360, which may recover some data.
360 ransomware worm file recovery tool:
3. How to close port 445 on the host?
Answer: Right-click "My Computer" on the Windows system, double-click "Server" in the service item under "Services and Applications", select Disable for "Startup Type" in the Server properties page that appears, and click "Stop" button to close the service. After the operation is successful, it is recommended to restart the system to ensure it takes effect.
4. I have installed 360 Tianqing, is it guaranteed that I will not be affected by this virus?
Answer: If the user's host is running Tianqing normally and ensures that the patch management module is turned on, the host in the network can be forced to install patches in time to fix the vulnerability. If the vulnerability is repaired in time, it can avoid being infected by the ransomware worm.
5. This incident occurred on the weekend, and the PCs of most user units were shut down. How should we troubleshoot and defend after going to work on Monday?
Answer: You can first download the patch upgrade file in a safe way and copy it to a USB flash drive that is confirmed to be non-toxic. Disconnect the network connection before starting the PC on Monday, and then restore the network connection after confirming that all PCs in the network have installed the patch offline.
6. Does this virus affect POS machines?
Answer: First, confirm the type of operating system used by the POS machine. Generally, mobile POS machines use non-Windows systems, so they will not be infected by this virus. If the user's particular device does use the Windows operating system, it is recommended to contact the device vendor for a solution.
7. Will the virus affect POS machines, handheld machines in special industries, and industrial computers? Will airport customers’ security screening machines and display systems be affected? How to deal with it?
Answer: First, confirm the type of operating system used by the POS machine. Generally, mobile POS machines use non-Windows systems, so they will not be infected by this virus. If special equipment such as POS machines, handheld machines, industrial computers, and security inspection machines do use the Windows operating system, it is recommended to contact the equipment supplier for a solution.
8. Why is it still affected even though it has been patched before?
Answer: The patch number corresponding to the vulnerability exploited this time is MS17-010. Users may not have updated the corresponding patch, especially for old operating systems such as Windows XP/2003. Microsoft did not provide security patches before. Due to the significant impact of this incident The patch for the old system was only released on May 13, so it must be installed in time.
9. Are there scanning tools that can detect unpatched hosts?
Answer: You can download and run the NSA vulnerability detection tool to detect whether there are vulnerabilities, but this tool does not support use on server systems. For server systems, it is recommended to manually confirm whether the patch has been installed. Currently, network vulnerability scanners such as OpenVAS can perform remote vulnerability detection functions. Administrators can use them if necessary, focusing on MS17-010-related vulnerabilities. These vulnerabilities are used by this worm virus and need to be dealt with promptly after discovery.
10. Why did I find that I was infected with the virus when I turned on my computer without being connected to the Internet?
Answer: The virus is transmitted by exploiting vulnerabilities in the operating system. If the host is not connected to the Internet when it is turned on, it is likely that it was infected before it was shut down last time.
11. Can Windows XP/2003 English version system be protected by installing patches?
Answer: Yes, Microsoft has provided corresponding patches for Windows XP/2003. Download them from the following website:
12. I have blocked port 135/137/138/139/445 at the network exit and installed the corresponding system patch. Can this virus be effectively prevented? Are there any other preventive measures?
Answer: The virus can be effectively prevented by blocking ports and installing patches, but this does not rule out the virus being implanted into the user system in other forms. Therefore, it is recommended that users install 360 Tianqing and Security Guard to further protect the host system.
13. After using the immunity tool provided by 360, can I save the work of installing system patches?
Answer: Regardless of whether you run the immunity tool or not, you need to apply patches to repair vulnerabilities to fundamentally avoid infection. In addition, if the terminal receives a file carrying the virus and runs it, the terminal will still be infected. Therefore, it is recommended that users install 360 Tianqing to ensure effective protection against viruses.
14. We have firewall equipment deployed in our network, can it block it?
Answer: The firewall can play a certain interception role. By setting security policies, blocking TCP445 port services, or enabling the IPS function of the firewall, attacks that exploit this vulnerability can be blocked. However, the firewall can only detect the traffic forwarded by it, and cannot protect against the spread of viruses between internal hosts or through emails. The most effective way to avoid being implanted with this virus is to install the corresponding patch on the system

1: Optimized performance

2: We are serious about solving bug problems