来源:蜘蛛抓取(WebSpider)
时间:2015-09-28 08:47
标签:
上市公司是什么意思
莆田中实招标有限公司受莆田学院的委托将对下列政府采购项目进行公开招标(招标方式)一、招标编号:pzsg140617
二、招标项目内容:办公自动化oa系统建设
商品名称
规格型号/技术指标
预算单价(元)
预算金额(元)
办公自动化(oa)系统建设
技术架构要求1.oa系统要求采用先进的主流j2ee技术的平台产品,采用java语言开发,操作系统支持windows、unix、linux操作系统;支持oracle10g 、 11g数据库,支持tomcat、websphere、weblogic应用服务器。2.系统架构应采用纯b/s(浏览器/服务器)架构模式,客户端零安装(所使用插件可在登录系统时下载),通过浏览器能稳定可靠使用,系统的维护和版本的更新只限于在服务器上进行。3.系统拥有支持成熟数字校园平台系统的良好整合接口,可与现有数字校园平台无缝连接。4.系统所使用插件应为主流插件产品,应具有良好的稳定性及兼容性,便于集成、开发、部署和应用。5.完善的安全机制:提供口令验证、加密、权限控制等安全机制,可以将数据访问及读写权限控制到每一个操作对象(如:数据库、文档、视图、表单、域等),给每一个用户分配相应的工作权限。同时,通过数字签名技术的应用,保证数据的完整性,防止数据被人为的破坏。6.系统应支持ldap技术,方便对人员信息的统一管理与集成。7.系统须支持集群部署,如应用服务器,文件服务器、数据库服务器、web服务器。8.基于纯web的存储设计、表单设计、流程改造、部署等操作,均不需要重新启动系统服务。9.服务至少支持500用户并发数。10.提供可靠的服务器架构方案,实现服务器系统、数据库的安全冗余、备份,实现双机备份。11.产品分为前台和后台,前台提供普通用户使用功能,后台提供管理员配置流程功能。12.常用格式的附件(如word、excel、ppt、wps、pdf等格式文件)可以直接打开,不需要二次打开;13.office格式文档可以直接在线编辑,并有修改痕迹保留或版本记录;14.所有的功能模块,应保证其可扩展性、安全性和稳定性,操作界面简单易用,各个模块的功能必须以中标后现场的需求调研为准。三、附加要求本次招标要满足以下几个细节:1、数据迁移学校运行文档一体化系统(科易档案管理系统)已经十多年的时间,系统里保留了学校很多的重要的办公数据,在本次升级项目中,中标方要提供优秀的数据迁移方案,保存原系统的历史数据,让原系统(收文登记、发文登记、内部文件三大模块)的数据可以导入到新的oa系统。并根据oa系统中的角色设定,自动分配相应的阅读权限。未来校方将考虑建设数字校园平台,档案管理集成到数字校园平台中,此次的oa中不必实现档案管理功能,但要提供下文的档案管理接口。提供完整的数据迁移方案。2、档案管理接口档案管理接口要完成公文归档到学校档案管理系统、在线查阅管理等功能,包括对收发文进行归档管理;设置归档权限,不同级别的管理员对各自的工作文档定期进行归档;档案接口必须保证与学校原有的档案管理系统的归档标准一致,以实现所有的文档可以按分类自动归档或手动设置归档;在线查阅,可以查看自己已经归档的公文列表。档案的归档格式必须按照国家档案局于2012年发布的《电子档案移交与接收办法》规范归档。3、电子签章随着无纸化办公中对文档的安全性、真实性要求不断的提高,特别是针对手写签名、电子印章需求更加严格,要求在word、wps、pdf页面等文档上电子签名或电子盖章,实现签章可验证、可认证、防抵赖等功能,因此新版办公系统在公文管理模块加入电子签章管理。电子签章软件由签章钥匙盘和软件构成,签章钥匙盘自带cpu、快速存储器和加密处理机制,用于存放单位或个人数字证书、印章信息或签名信息。签章钥匙盘通过usb接口和计算机连接。软件自动嵌入到word/wps/pdf里,用来实现印章或签名。系统可以将电子印章技术和电子签名技术完整的结合在一起,用来检测文档完整性和验证签章用户身份的安全。能够对文档进行数字签名处理,并且在审批单、word/excel文档等需要签章的地方显示图章或手写签名,可以达到纸质盖章或纸质手写签名相同的效果。支持多个单位或个人的会签。电子签章系统需符合cas156-2007《标准电子签名系统应用规范第1部分:ie应用接口》中的规定。4、二维码应用随着二维码技术的推广及普及应用,将二维码应用到办公文档中。公文上印制的二维条码必须符合《机关公文二维条码使用规范》(中秘文发(2005)56号)中的规定。二维码应用,通过识别公文二维码的信息,进行收文登记。在校级发文中,可根据需求生成公文二维码。5、短信接口主要是办公系统与短信网关的集成,实现在办公系统中的重要信息、紧急信息可以通过手机短信系统及时发送到办公人员的手机上,进行相应的提醒,在原有待办事宜在线提醒方式的基础上增加,以方便紧急事务的处理。短信接口要支持多种方式(如modem硬件、移动信息机(mas)、移动办公助理(smep)、db接口
350000
350000
交货期:中标后60天
交货地点:买方指定地点
合同签订日期:中标后7天
三、资格要求:
1.投标人必须具有国内的企业法人资格且营业执照经营范围涵盖本项目招标内容,须提供提供营业执照副本、税务登记证和组织机构代码证的复印件(以提供复印件加盖公章为准)。
2.投标代表必须经投标人的法定代表人关于参与本项目投标的授权,请提供法定代表人授权投标代表的授权委托书原件(投标代表是法定代表人无需),法定代表人或投标代表的身份证复印件。
3.投标人需在递交投标文件时一并提供投标人所在地或项目所在地的检察机关出具的企业和拟任项目负责人行贿犯罪档案查询结果告知函原件(单独密封)。
4.投标人应具备相关法律法规、行政规章条例中规定的参加招标采购活动应当具备的条件。
5.本项目不接受联合体投标。
四、时间安排:
1.招标公告时间: 2014年 9月 11日 --- 2014 年10 月7日
2.招标答疑时间: 2014年 9月 15日 15:30时
3.文件递交截止及开标时间: 2014年 10月 8日 上午9:00时
五、地点安排:
1.投标咨询地点:莆田市城厢区荔景广场12号楼202。
2.投标文件递交地点:莆田市发展服务中心市机关大院7号楼三层。投标文件由招标代理人的工作人员接收。
3.开标地点:莆田市发展服务中心市机关大院7号楼五层。
六、投标人无需报名或向代理机构购买招标文件,直接从莆田市发展服务中心网(www.)、莆田市政府采购网(www.pt.:8081)上下载招标文件。标书工本费100元在递交投标文件时补交。
七、投标保证金:人民币叁仟伍佰元整(¥:3500.00元),投标保证金以转账电汇形式提交,不直接接受现金或汇票,以投标文件递交截止时间前到帐为准。投标人在缴纳保证金时必须以公司的账户或公司的名称缴纳,不得以投标代表个人的名称缴纳。
八、莆田中实招标有限公司指定账户:
(1)保证金缴纳账户:开户名--莆田中实招标有限公司,开户行--莆田市农行城厢支行市府分理处,账号--00329。
(2)购买招标文件及中标服务费缴纳账户:开户名--莆田中实招标有限公司,开户行--中国建设银行莆田市分行,账号—。
九、本次所有投标人必须在“莆田市政府采购网(www.pt.:8081)”注册,且应在“资料下载”中下载“ca控件及供应商标书制作工具”进行网上投标,投标供应商必须提交网上投标文件,同时在开标前提交二份电子版投标文件(密封并在封口处加盖投标人公章)和书面投标文件叁份备用。评标委员会只对网上投标文件进行评审,特殊情况下由莆田市招投标市场管理委员会办公室决定是否启用另外提交的投标文件进行评标。
十、投标人在递交纸式投标文件时还须携带制作电子投标文件的ca卡到开标现场,投标人未完成电子投标的、未携带的或所携带的ca卡未能完成解密的,其投标无效。
十一、投标人的电子版投标文件由商务部分、技术部分与报价部分组成,在网上投标时必须报价并上传商务部分、技术部分投标文件,商务部分、技术部分投标文件中不得有报价部分,否则为无效投标。
十二、投标人对本次招标活动事项提出疑问的,请在招标答疑截止之前,以信函或传真的形式与招标代理机构联系。
十三、我司将在莆田市发展服务中心网(www.)、莆田市政府采购网(www.pt.:8081)、福建省政府采购网和中国政府采购网上发布本项目的采购公告、更改通知、答疑纪要、评标结果等信息,请投标人及时关注,投标人若自己没有在以上网站上查询相关更改通知和答疑纪要等信息而影响投标的,投标人自行承担相关责任。
莆田中实招标有限公司
2014 年9月12日For Small Business
1-888-762-8736(M-F 8:00am-5:00pm CST)
For Enterprise
1-877-218-7353(M-F 8:00am-5:00pm CST)
The Americas
For Business
THREAT INTELLIGENCE: THE DEEP WEB
The latest research and information on the deep web and the cybercriminal underground.FOLLOW THE DATA
What happens to the data after a data breach? See where the data goes.
BKDR_SIMDA.SMEPPublish date: April 20, 2015
Threat Type:Backdoor
Destructiveness:NoEncrypted: Yes
In the wild: Yes
This malware family takes its name from the SIMDA botnet operations, which was taken down in April 2015.This backdoor
arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.It executes then deletes itself afterward.It connects to a website to send and receive information.
Arrival DetailsThis backdoor
arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.InstallationThis backdoor
drops the following files: %User Profile%\Application Data\{random}.reg%User Profile%\Application Data\mcp.ico%User Profile%\Application Data\Mozilla\Firefox\Profiles\{random}\searchplugins\search.xml%Desktop%\Computer.lnk%User Temp%\{random}.sys%User Temp%\{random}-{random}.exe %User Temp%\{random number}.tmp%User Temp%\{random}.exe(Note: %User Profile% is the current user's profile folder, which is usually C:\Documents and Settings\{user name} on Windows 2000, XP, and Server 2003, or C:\Users\{user name} on Windows Vista and 7.. %Desktop% is the desktop folder, where it usually is C:\Documents and Settings\{user name}\Desktop in Windows 2000, Windows Server 2003, and Windows XP (32- and 64-bit); C:\Users\{user name}\Desktop in Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows Server 2008, and Windows Server 2012.. %User Temp% is the user's temporary folder, where it usually is C:\Documents and Settings\{user name}\Local Settings\Temp on Windows 2000, Windows Server 2003, and Windows XP (32- and 64-bit); C:\Users\{user name}\AppData\Local\Temp on Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows Server 2008, and Windows Server 2012.)It drops the following copies of itself into the affected system: %User Profile%\Application Data\ScanDisc.exe%User Profile%\Application Data\{random}.exe%User Temp%\{Random Number}.tmp(Note: %User Profile% is the current user's profile folder, which is usually C:\Documents and Settings\{user name} on Windows 2000, XP, and Server 2003, or C:\Users\{user name} on Windows Vista and 7.. %User Temp% is the user's temporary folder, where it usually is C:\Documents and Settings\{user name}\Local Settings\Temp on Windows 2000, Windows Server 2003, and Windows XP (32- and 64-bit); C:\Users\{user name}\AppData\Local\Temp on Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows Server 2008, and Windows Server 2012.)It executes then deletes itself afterward.Autostart TechniqueThis backdoor
creates the following registry entries to enable automatic execution of dropped component at every system startup: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce{random name} = "%User Profile%\Application Data\{random name}.exe"Other System ModificationsThis backdoor
adds the following registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\SystemConsentPromptBehaviorAdmin = "0" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\SystemConsentPromptBehaviorUser = "0"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\SystemEnableLUA = "0"HKEY_LOCAL_MACHINE\Software\Microsoft\Windowsupdate = "shortcut"It modifies the following registry entries: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{GUID}NameServer = "8.8.8.8"(Note: The default value data of the said registry entry is "".)Backdoor RoutineThis backdoor
connects to the following websites to send and receive information: {BLOCKED}9.{BLOCKED}6.87.106report.{pseudorandom}.comupdate.{pseudorandom}.com{BLOCKED}9.{BLOCKED}3.196.94{BLOCKED}9.{BLOCKED}7.173.222{BLOCKED}9.{BLOCKED}6.66.239{BLOCKED}.{BLOCKED}9.248.152{BLOCKED}9.{BLOCKED}6.66.239Download RoutineThis backdoor
connects to the following website(s) to download and execute a malicious file: http://update1.{BLOCKED}exefeed.eu/?abbr=RTK&action=download&setupType=umx&setupFileName=process_64.exehttp://update1.{BLOCKED}exefeed.eu/?abbr=RTK&action=download&setupType=um32&setupFileName=process_32.exeHOSTS File ModificationThis backdoor
modifies the system's HOSTS files to redirect users once the following Web site(s) are accessed: :{BLOCKED}.{BLOCKED}.68.97<:{BLOCKED}.{BLOCKED}.68.97:{BLOCKED}.{BLOCKED}.68.97:{BLOCKED}.{BLOCKED}.68.97:{BLOCKED}.{BLOCKED}.68.97:{BLOCKED}.{BLOCKED}.68.97:{BLOCKED}.{BLOCKED}.68.97:{BLOCKED}.{BLOCKED}.68.97:{BLOCKED}.{BLOCKED}.68.97:{BLOCKED}.{BLOCKED}.68.97:{BLOCKED}.{BLOCKED}.68.97:{BLOCKED}.{BLOCKED}.68.97:{BLOCKED}.{BLOCKED}.68.97:{BLOCKED}.{BLOCKED}.68.97:{BLOCKED}.{BLOCKED}.68.97:{BLOCKED}.{BLOCKED}.68.97:{BLOCKED}.{BLOCKED}.68.97:{BLOCKED}.{BLOCKED}.68.97:{BLOCKED}.{BLOCKED}.68.97:{BLOCKED}.{BLOCKED}.68.97:{BLOCKED}.{BLOCKED}.68.97:{BLOCKED}.{BLOCKED}.68.97:{BLOCKED}.{BLOCKED}.68.97:{BLOCKED}.{BLOCKED}.68.97:{BLOCKED}.{BLOCKED}.68.97:{BLOCKED}.{BLOCKED}.68.97:{BLOCKED}.{BLOCKED}.186.249www.:{BLOCKED}.{BLOCKED}.186.249gr.uk.:{BLOCKED}.{BLOCKED}.112.8ir.uk.:{BLOCKED}.{BLOCKED}.239.84uk.:{BLOCKED}.{BLOCKED}.112.8dk.:{BLOCKED}.{BLOCKED}.112.8au.:{BLOCKED}.{BLOCKED}.112.8ro.:{BLOCKED}.{BLOCKED}.112.8ca.:{BLOCKED}.{BLOCKED}.112.8pt.:{BLOCKED}.{BLOCKED}.112.8it.:{BLOCKED}.{BLOCKED}.112.8de.:{BLOCKED}.{BLOCKED}.112.8es.:{BLOCKED}.{BLOCKED}.112.8tr.:{BLOCKED}.{BLOCKED}.112.8hu.:{BLOCKED}.{BLOCKED}.112.8br.:{BLOCKED}.{BLOCKED}.112.8cz.:{BLOCKED}.{BLOCKED}.112.8ie.:{BLOCKED}.{BLOCKED}.112.8ch.:{BLOCKED}.{BLOCKED}.112.8nl.:{BLOCKED}.{BLOCKED}.112.8se.:{BLOCKED}.{BLOCKED}.112.8no.:{BLOCKED}.{BLOCKED}.112.8fr.:{BLOCKED}.{BLOCKED}.112.8pl.:{BLOCKED}.{BLOCKED}.112.8mx.:{BLOCKED}.{BLOCKED}.112.8search.yahoo.co.jp:{BLOCKED}.{BLOCKED}.112.8.gr.:{BLOCKED}.{BLOCKED}.112.8malaysia.:{BLOCKED}.{BLOCKED}.112.8vn.:{BLOCKED}.{BLOCKED}.112.8cl.:{BLOCKED}.{BLOCKED}.112.8id.:{BLOCKED}.{BLOCKED}.112.8in.:{BLOCKED}.{BLOCKED}.112.8co.:{BLOCKED}.{BLOCKED}.112.8ph.:{BLOCKED}.{BLOCKED}.112.8nz.:{BLOCKED}.{BLOCKED}.112.8ve.:{BLOCKED}.{BLOCKED}.112.8ar.:{BLOCKED}.{BLOCKED}.112.8fi.:{BLOCKED}.{BLOCKED}.112.8th.:{BLOCKED}.{BLOCKED}.112.8sg.:{BLOCKED}.{BLOCKED}.112.8ch.:{BLOCKED}.{BLOCKED}.112.8at.:{BLOCKED}.{BLOCKED}.112.8za.:{BLOCKED}.{BLOCKED}.112.8cn.:{BLOCKED}.{BLOCKED}.112.8www.:{BLOCKED}.{BLOCKED}.87.101:{BLOCKED}.{BLOCKED}.87.101connect.facebook.net:{BLOCKED}.{BLOCKED}.87.101::1 localhost<connect.facebook.netInformation TheftThis backdoor
gathers the following data: Volume InformationLanguage InformationComputer NameNetwork AdapterSusClientIdProduct IdWindows Install DateOther DetailsThis backdoor
checks for the presence of the following process(es): vba32arkit.execv.exeirise.exeIrisSvc.exewireshark.exedumpcap.exeZxSniffer.exeAircrack-ng Gui.exeobserver.exetcpdump.exeWinDump.exewspass.exeRegshot.exeollydbg.exePEBrowseDbg.exewindbg.exeDrvLoader.exeSymRecv.exeSyser.exeapis32.exeVBoxService.exeVBoxTray.exeSbieSvc.exeSbieCtrl.exeSandboxieRpcSs.exeSandboxieDcomLaunch.exeSUPERAntiSpyware.exeERUNT.exeERDNT.exeEtherD.exeSniffer.exeCamtasiaStudio.exeCamRecorder.exeNOTES: This backdoor tries to open a file %System Root%\cgvi5r6i\vgdgfd.72g, which may contain shell commands.
It checks for the existence of the following registries.
HKEY_CURRENT_USER\Software\CommView
HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Services\IRIS5
HKEY_CURRENT_USER\Software\eEye Digital Security
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wireshark
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\wireshark.exe
HKEY_CURRENT_USER\SOFTWARE\ZxSniffer
HKEY_CURRENT_USER\SOFTWARE\Cygwin
HKEY_CURRENT_USER\SOFTWARE\Cygwin
HKEY_CURRENT_USER\SOFTWARE\B Labs\Bopup Observer
HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Bopup Observer
HKEY_CURRENT_USER\Software\B Labs\Bopup Observer
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Win Sniffer_is1
HKEY_CURRENT_USER\Software\Win Sniffer
HKEY_CURRENT_USER\SOFTWARE\Classes\PEBrowseDotNETProfiler.DotNETProfiler
HKEY_CURRENT_USER\Software\Microsoft\tVersion\Explorer\MenuOrder\Start \Debugging Tools for Windows (x86)
HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Services\SDbgMsg
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\der\Start Menu2\Programs\APIS32.
HKEY_CURRENT_USER\Software\Syser Soft
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\APIS32
HKEY_CURRENT_USER\SOFTWARE\APIS32
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Oracle VM VirtualBoxGuest Additions
HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Services\VBoxGuest
HKEY_CURRENT_USER\SOFTWARE\Microsoft\tVersion\Uninstall\Sandboxie
HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Services\SbieDrv
HKEY_CURRENT_USER\Software\Classes\Folder\shell\sandbox
HKEY_CURRENT_USER\Software\Classes\*\shell\sandbox
HKEY_CURRENT_USER\
HKEY_CURRENT_USER\SOFTWARE\Classes\SUPERAntiSpywareContextMenuExt.SASCon.1
HKEY_CURRENT_USER\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ERUNT_is1
HKEY_CURRENT_USER\SYSTEM\ControlSet001\EnumRoot\LEGACY_TBN178D5\0000
HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\services\tbn178d5\DisplayName
HKEY_CURRENT_USER\SYSTEM\ControlSet001\services\tbn178d5
HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBN178D5\0000
It also checks for loaded libraries:
SBIEDLL.DLL
SBIEDLLX.DLL
DBGHELP.DLL
It also checks if the following information are equal:
Computer Name = Sandbox
User name = CurrentUser
File name = file.exe
When a number of conditions are met, the malware executes an infinite loop.
It appends the legitimate file %User Profile%\Application Data\Mozilla\Firefox\Profiles\{random}\prefs.js with user_pref("browser.search.selectedEngine", "/search?q={searchTerms}");
Step 1Before doing any scans, Windows XP, Windows Vista, and Windows 7 users must
to allow full scanning of their computers.Step 2Note that not all files, folders, and registry keys and entries are installed on your computer during this malware's/spyware's/grayware's execution. This may be due to
incomplete installation or other operating system conditions. If you do not find the same files/folders/registry information, please proceed to the next step.Step 3Restart in Safe Mode
[ Learn More ]Step 4 Delete this registry value
[ Learn More ]
Important: Editing the Windows Registry incorrectly can lead to irreversible system malfunction. Please do this step only if you know how or you can ask assistance from your system administrator. Else, check this
first before modifying your computer's registry.
In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce{random name} = &%User Profile%\Application Data\{random name}.exe&In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\SystemConsentPromptBehaviorAdmin = &0&In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\SystemConsentPromptBehaviorUser = &0&In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\SystemEnableLUA = &0&In HKEY_LOCAL_MACHINE\Software\Microsoft\Windowsupdate = &shortcut&Step 5 Restore this modified registry value
[ Learn More ] Important: Editing the Windows Registry incorrectly can lead to irreversible system malfunction. Please do this step only if you know how or you can ask assistance from your system administrator. Else, check this
first before modifying your computer's registry.
In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{GUID}From: NameServer = &8.8.8.8&To: NameServer = && Step 6Remove these strings added by the malware/grayware/spyware in the HOSTS file
[ Learn More ]
:{BLOCKED}.{BLOCKED}.68.97
<:{BLOCKED}.{BLOCKED}.68.97
:{BLOCKED}.{BLOCKED}.68.97
:{BLOCKED}.{BLOCKED}.68.97
:{BLOCKED}.{BLOCKED}.68.97
:{BLOCKED}.{BLOCKED}.68.97
:{BLOCKED}.{BLOCKED}.68.97
:{BLOCKED}.{BLOCKED}.68.97
:{BLOCKED}.{BLOCKED}.68.97
:{BLOCKED}.{BLOCKED}.68.97
:{BLOCKED}.{BLOCKED}.68.97
:{BLOCKED}.{BLOCKED}.68.97
:{BLOCKED}.{BLOCKED}.68.97
:{BLOCKED}.{BLOCKED}.68.97
:{BLOCKED}.{BLOCKED}.68.97
:{BLOCKED}.{BLOCKED}.68.97
:{BLOCKED}.{BLOCKED}.68.97
:{BLOCKED}.{BLOCKED}.68.97
:{BLOCKED}.{BLOCKED}.68.97
:{BLOCKED}.{BLOCKED}.68.97
:{BLOCKED}.{BLOCKED}.68.97
:{BLOCKED}.{BLOCKED}.68.97
:{BLOCKED}.{BLOCKED}.68.97
:{BLOCKED}.{BLOCKED}.68.97
:{BLOCKED}.{BLOCKED}.68.97
:{BLOCKED}.{BLOCKED}.68.97
:{BLOCKED}.{BLOCKED}.186.249
www.:{BLOCKED}.{BLOCKED}.186.249
gr.uk.:{BLOCKED}.{BLOCKED}.112.8
ir.uk.:{BLOCKED}.{BLOCKED}.239.84
uk.:{BLOCKED}.{BLOCKED}.112.8
dk.:{BLOCKED}.{BLOCKED}.112.8
au.:{BLOCKED}.{BLOCKED}.112.8
ro.:{BLOCKED}.{BLOCKED}.112.8
ca.:{BLOCKED}.{BLOCKED}.112.8
pt.:{BLOCKED}.{BLOCKED}.112.8
it.:{BLOCKED}.{BLOCKED}.112.8
de.:{BLOCKED}.{BLOCKED}.112.8
es.:{BLOCKED}.{BLOCKED}.112.8
tr.:{BLOCKED}.{BLOCKED}.112.8
hu.:{BLOCKED}.{BLOCKED}.112.8
br.:{BLOCKED}.{BLOCKED}.112.8
cz.:{BLOCKED}.{BLOCKED}.112.8
ie.:{BLOCKED}.{BLOCKED}.112.8
ch.:{BLOCKED}.{BLOCKED}.112.8
nl.:{BLOCKED}.{BLOCKED}.112.8
se.:{BLOCKED}.{BLOCKED}.112.8
no.:{BLOCKED}.{BLOCKED}.112.8
fr.:{BLOCKED}.{BLOCKED}.112.8
pl.:{BLOCKED}.{BLOCKED}.112.8
mx.:{BLOCKED}.{BLOCKED}.112.8
search.yahoo.co.jp:{BLOCKED}.{BLOCKED}.112.8.
gr.:{BLOCKED}.{BLOCKED}.112.8
malaysia.:{BLOCKED}.{BLOCKED}.112.8
vn.:{BLOCKED}.{BLOCKED}.112.8
cl.:{BLOCKED}.{BLOCKED}.112.8
id.:{BLOCKED}.{BLOCKED}.112.8
in.:{BLOCKED}.{BLOCKED}.112.8
co.:{BLOCKED}.{BLOCKED}.112.8
ph.:{BLOCKED}.{BLOCKED}.112.8
nz.:{BLOCKED}.{BLOCKED}.112.8
ve.:{BLOCKED}.{BLOCKED}.112.8
ar.:{BLOCKED}.{BLOCKED}.112.8
fi.:{BLOCKED}.{BLOCKED}.112.8
th.:{BLOCKED}.{BLOCKED}.112.8
sg.:{BLOCKED}.{BLOCKED}.112.8
ch.:{BLOCKED}.{BLOCKED}.112.8
at.:{BLOCKED}.{BLOCKED}.112.8
za.:{BLOCKED}.{BLOCKED}.112.8
cn.:{BLOCKED}.{BLOCKED}.112.8
www.:{BLOCKED}.{BLOCKED}.87.101
:{BLOCKED}.{BLOCKED}.87.101
connect.facebook.net:{BLOCKED}.{BLOCKED}.87.101
::1 localhost
connect.facebook.net
Step 7Search and delete this file
[ Learn More ]
There may be some files that are hidden. Please make sure you check the Search Hidden Files and Folders checkbox in the "More advanced options" option to include all hidden files and folders in the search result.
%User Profile%\Application Data\{random}.reg%User Profile%\Application Data\mcp.ico%User Profile%\Application Data\Mozilla\Firefox\Profiles\{random}\searchplugins\search.xml%Desktop%\Computer.lnk%User Temp%\{random}.sys%User Temp%\{random}-{random}.exe%User Temp%\{random number}.tmp%User Temp%\{random}.exeStep 8Restart in normal mode and scan your computer with your Trend Micro product for files detected as BKDR_SIMDA.SMEP. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this
for more information.NOTES: Note: Before proceeding to Step 8, do the following to remove the strings added by the malware/grayware/spyware in the file %User Profile%\Application Data\Mozilla\Firefox\Profiles\{random}\prefs.js file.
To edit this file:
Open the file %User Profile%\Application Data\Mozilla\Firefox\Profiles\{random}\prefs.js using a text editor such as Notepad.
Find and delete the following entry:
user_pref("browser.search.selectedEngine", "/search?q={searchTerms}");
Save the file then close the text editor.
Featured Stories
Connect with us on |
| Business Challenges||Asia Pacific Region (APAC):Latin America Region (LAR):North America Region (NABU):Europe, Middle East, & Africa Region (EMEA):
