Ungayihumusha Kanjani I-ID Yomcimbi Wokuphepha We-Windows 4688 Ophenyweni
Isingeniso
Ngokuvumelana ne Microsoft, ama-ID omcimbi (aphinde abizwe ngokuthi izihlonzi zomcimbi) akhomba ngokuhlukile umcimbi othile. Yinkomba yezinombolo enamathiselwe kumcimbi ngamunye ofakwe uhlelo lokusebenza lwe-Windows. Isihlonzi siyahlinzeka Imininingwane mayelana nesigameko esenzekile futhi singasetshenziswa ukuhlonza nokuxazulula izinkinga eziphathelene nokusebenza kwesistimu. Umcimbi, kulo mongo, ubhekisela kunoma yisiphi isenzo esenziwe isistimu noma umsebenzisi ohlelweni. Le micimbi ingabukwa ku-Windows kusetshenziswa Isibukeli Somcimbi
I-ID yomcimbi engu-4688 ifakiwe noma nini lapho inqubo entsha idaliwe. Ibhala uhlelo ngalunye olwenziwe umshini nedatha yawo ewuhlonzayo, okuhlanganisa umdali, okuhlosiwe, kanye nenqubo ewuqalile. Imicimbi eminingana ingene ngaphansi kwe-ID yomcimbi ethi 4688. Lapho usungenile, i-Subsystem yesiphathi Sesikhathi (SMSS.exe) yethulwa, futhi kungene umcimbi othi 4688. Uma isistimu itheleleke nge-malware, uhlelo olungayilungele ikhompuyutha kungenzeka ludale izinqubo ezintsha ezizosebenza. Izinqubo ezinjalo zizobhalwa ngaphansi kwe-ID 4688.
I-ID yomcimbi wokutolika 4688
Ukuze utolike i-ID 4688 yomcimbi, kubalulekile ukuqonda izinkambu ezihlukene ezifakwe kulogu lomcimbi. Lezi zinkambu zingasetshenziselwa ukuthola noma yikuphi ukungahambi kahle futhi kulandelelwe umsuka wenqubo emuva emthonjeni wayo.
- Isihloko sabadali: le nkambu inikeza ulwazi mayelana ne-akhawunti yomsebenzisi ecele ukudalwa kwenqubo entsha. Lo mkhakha uhlinzeka ngomongo futhi ungasiza abaphenyi be-forensic ukuthi bakhombe okudidayo. Kubandakanya izinkundla ezingaphansi ezimbalwa, okuhlanganisa:
-
- I-Security Identifier (SID)” Ngokusho kuka Microsoft, i-SID iyinani eliyingqayizivele elisetshenziselwa ukukhomba umphathiswa. Isetshenziselwa ukukhomba abasebenzisi emshinini we-Windows.
- Igama le-akhawunti: i-SID ixazululwe ukubonisa igama le-akhawunti eqalise ukudalwa kwenqubo entsha.
- Isizinda se-Akhawunti: isizinda ikhompyutha okungeyaso.
- I-ID yelogo: inani eliyingqayizivele le-hexadecimal elisetshenziselwa ukukhomba iseshini yelogo yomsebenzisi. Ingasetshenziselwa ukuhlobanisa imicimbi equkethe i-ID yomcimbi efanayo.
- Isihloko Okuhlosiwe: le nkambu inikeza ulwazi mayelana ne-akhawunti yomsebenzisi inqubo esebenza ngaphansi kwayo. Isihloko esishiwo emcimbini wokudalwa kwenqubo, kwezinye izimo, singase sihluke esihlokweni esishiwo kumcimbi wokunqanyulwa kwenqubo. Ngakho, lapho umdali nomgomo bengenalo igama elifanayo, kubalulekile ukufaka isihloko okuhlosiwe nakuba bobabili bebhekisela ku-ID yenqubo efanayo. Izinkundla ezingaphansi ziyafana nalezo zesihloko somdali ngenhla.
- Ulwazi Lwenqubo: le nkambu inikeza ulwazi oluningiliziwe mayelana nenqubo edaliwe. Kubandakanya izinkundla ezingaphansi ezimbalwa, okuhlanganisa:
-
- I-ID Yenqubo Entsha (i-PID): inani elihlukile le-hexadecimal elinikezwe inqubo entsha. Isistimu yokusebenza ye-Windows ilusebenzisela ukulandelela izinqubo ezisebenzayo.
- Igama Lenqubo Entsha: indlela egcwele kanye negama lefayela elisebenzisekayo elaqaliswa ukudala inqubo entsha.
- Uhlobo Lokuhlola Amathokheni: ukuhlola amathokheni kuyindlela yokuvikela esetshenziswa yiWindows ukuze kutholwe ukuthi i-akhawunti yomsebenzisi igunyaziwe yini ukwenza isenzo esithile. Uhlobo lwethokheni inqubo ezosetshenziswa ukucela amalungelo aphakeme lubizwa ngokuthi “uhlobo lokuhlola amathokheni.” Kunamanani amathathu angenzeka kule nkambu. Uhlobo 1 (%%1936) luchaza ukuthi inqubo isebenzisa ithokheni yomsebenzisi ezenzakalelayo futhi ayicelanga izimvume ezikhethekile. Kule nkambu, inani elivame kakhulu. Uhlobo 2 (%% 1937) lubonisa ukuthi inqubo icele amalungelo omlawuli agcwele ukuthi asebenze futhi yaphumelela ekuwatholeni. Uma umsebenzisi asebenzisa uhlelo lokusebenza noma inqubo njengomlawuli, luyavulwa. Uhlobo 3 (%%1938) lubonisa ukuthi inqubo ithole kuphela amalungelo adingekayo ukuze kwenziwe isenzo esiceliwe, nakuba icele amalungelo aphakeme.
-
- Ilebula Eyisibopho: ilebula yobuqotho eyabelwe inqubo.
- I-ID Yenqubo Yomdali: inani eliyingqayizivele le-hexadecimal elinikezwe inqubo eqalise inqubo entsha.
- Igama Lenqubo Yomdali: indlela ephelele kanye negama lenqubo edale inqubo entsha.
- I-Process Command Line: inikeza imininingwane mayelana nezimpikiswano ezidluliselwe emyalweni wokuqalisa inqubo entsha. Ihlanganisa izinkundla ezimbalwa ezihlanganisa uhla lwemibhalo lwamanje namahashi.
Isiphetho
Lapho uhlaziya inqubo ethile, kubalulekile ukuthola ukuthi isemthethweni yini noma inonya. Inqubo esemthethweni ingabonakala kalula ngokubheka isihloko somdali futhi icubungule izinkambu zolwazi. I-ID yenqubo ingase isetshenziselwe ukukhomba okudidayo, njengenqubo entsha ebangelwa inqubo yomzali engajwayelekile. Umugqa womyalo ungasetshenziswa futhi ukuze kuqinisekiswe ukuba semthethweni kwenqubo. Isibonelo, inqubo enezimpikiswano ezihlanganisa indlela yefayela eya kudatha ebucayi ingase ibonise inhloso engalungile. Inkambu Yesihloko Somdali ingasetshenziswa ukuze kunqunywe ukuthi i-akhawunti yomsebenzisi ihlotshaniswa yini nomsebenzi osolisayo noma inamalungelo aphakeme.
Ngaphezu kwalokho, kubalulekile ukuhlobanisa i-ID 4688 yomcimbi neminye imicimbi efanele ohlelweni ukuze uthole umongo mayelana nenqubo esanda kwakhiwa. I-ID yomcimbi engu-4688 ingahlotshaniswa ne-5156 ukuze kunqunywe ukuthi inqubo entsha ihlotshaniswa nanoma yikuphi ukuxhumana kwenethiwekhi. Uma inqubo entsha ihlotshaniswa nesevisi esanda kufakwa, umcimbi 4697 (ukufakwa kwesevisi) ungahlotshaniswa ne-4688 ukuze unikeze ulwazi olwengeziwe. I-ID yomcimbi 5140 (ukudala ifayela) ingasetshenziswa futhi ukukhomba noma imaphi amafayela amasha adalwe inqubo entsha.
Sengiphetha, ukuqonda umongo wesistimu ukunquma amandla umthelela yenqubo. Inqubo eqalwe kuseva ebalulekile ingase ibe nomthelela omkhulu kunaleyo eyethulwe emshinini ozimele. Umongo usiza ukuqondisa uphenyo, ukubeka phambili impendulo nokuphatha izinsiza. Ngokuhlaziya izinkambu ezihlukene kulogi yomcimbi nokwenza ukuhlobana nezinye izehlakalo, izinqubo ezixakile zingalandelelwa kumsuka wazo futhi kunqunywe imbangela.
