[{"data":1,"prerenderedAt":134},["ShallowReactive",2],{"content:\u002F2021\u002Fvirus-fakefolder":3,"surround:\u002F2021\u002Fvirus-fakefolder":122},{"id":4,"title":5,"body":6,"categories":95,"date":97,"description":98,"draft":99,"extension":100,"image":101,"meta":102,"navigation":103,"path":105,"permalink":106,"published":106,"readingTime":107,"recommend":106,"references":106,"seo":112,"sitemap":113,"stem":114,"tags":115,"type":119,"updated":120,"__hash__":121},"content\u002Fposts\u002F2021\u002Fvirus-fakefolder.md","假文件夹病毒真的会发作",{"type":7,"value":8,"toc":87},"minimark",[9,19,23,26,29,35,38,41,44,47,50,53,65,69,72,78],[10,11,12],"p",{},[13,14,18],"a",{"href":15,"rel":16},"https:\u002F\u002Fmp.weixin.qq.com\u002Fs\u002FuiJgwmLSX6hYPkIR7pRbRw",[17],"nofollow","查看原文",[20,21,22],"h2",{"id":22},"事件经过",[10,24,25],{},"2021年5月初，高二第二学期期中考试过后，在整理排版成绩单的过程中，同办公室的一名教师发现自己电脑除C盘之外，其他硬盘的文件均被删除。",[10,27,28],{},"这名教师在发现文件消失后，立刻请本班的学生来恢复文件并杀毒。出于兴趣，笔者在检查该机时，发现硬盘根目录存在被Fakefolder（又名incaseformat）病毒感染的文件夹以及incaseformat.txt（病毒发作留下的文件）。被删除的数据很难恢复。",[30,31],"pic",{":mirror":32,"caption":33,"src":34},"true","参考图片","https:\u002F\u002Fmmbiz.qpic.cn\u002Fmmbiz_png\u002F9sIibiadwv3fakRBg1y4yOeSUKNE2Sdf26SuYFj0v7jz4Wpao1JAzlibcKia6mPLktFvKabXAcWOsZbxIB01DdGnCQ\u002F640",[20,36,37],{"id":37},"病毒原理",[10,39,40],{},"该病毒主要通过感染U盘中的文件夹传播。当用户打开被感染的文件夹时，病毒就会隐藏电脑和U盘中的文件夹，并将自己伪装成原文件夹。",[10,42,43],{},"该病毒已有十几年的历史，从2010年愚人节开始，每隔几天便删除用户文件，由于编写问题，从2021年才开始发作。电脑被病毒感染后，每隔20秒就会检测系统日期，满足逻辑则执行删除操作。",[20,45,46],{"id":46},"防范措施",[10,48,49],{},"推测学校目前的病毒传播路径：打印店或学生家长所在单位→初中微机教室→学校打印部→各班及教师电脑。",[10,51,52],{},"此前笔者已经在多名教师的U盘及学校打印部中发现此病毒，且笔者的u盘也多次遭遇该病毒感染，所幸杀毒及时，并未造成数据损失。",[10,54,55,56,60,61,64],{},"病毒的辨识方法：被病毒感染的文件夹图标为“",[57,58,59],"strong",{},"上下打开","”样式（类似风琴包），而正常的文件夹图标为“",[57,62,63],{},"左右翻开","”样式（类似资料册、文件盒）。",[30,66],{":mirror":32,"caption":67,"src":68},"假文件夹病毒图标（与XP系统相同）","https:\u002F\u002Fmmbiz.qpic.cn\u002Fmmbiz_png\u002F9sIibiadwv3fakRBg1y4yOeSUKNE2Sdf26Iz5iaibw8n6R2icQ5VGk3jnaic4Zlvqsc3uarsjfIKdPbBzrYVNHZPLX8Q\u002F640",[10,70,71],{},"若发现硬盘和U盘中的文件夹被感染，请及时安装杀毒软件进行杀毒。",[10,73,74,77],{},[57,75,76],{},"附","：安全打开感染文件夹的方法",[79,80,81,84],"blockquote",{},[10,82,83],{},"Win7：打开“计算机”，在“组织”菜单中打开“文件夹和搜索选项”，在“查看”选项卡中选择“显示隐藏的文件、文件夹和驱动器”，取消勾选“隐藏已知文件的扩展名”，点击确定，忽略带有“.exe”后缀的病毒（请及时杀毒），打开被隐藏的文件夹即可。",[10,85,86],{},"Win10：打开“此电脑”，在“查看”选项卡中打开“选项”，在“文件夹选项”中的“查看”选项卡中选择“显示隐藏的文件、文件夹和驱动器”，取消勾选“隐藏已知文件的扩展名”，点击确定，忽略带有“.exe”后缀的病毒（请及时杀毒），打开被隐藏的文件夹即可。",{"title":88,"searchDepth":89,"depth":89,"links":90},"",4,[91,93,94],{"id":22,"depth":92,"text":22},2,{"id":37,"depth":92,"text":37},{"id":46,"depth":92,"text":46},[96],"安全","2021-05-08 23:08:30","2021年5月，高中校园发生假文件夹病毒事件，通过U盘传播，病毒伪装文件夹并定时删除数据。预防措施包括留意文件夹图标异常，安装杀毒软件并正确显示隐藏文件以识别和清除病毒。",false,"md","https:\u002F\u002Ffly.webp.se\u002F?url=https:\u002F\u002Fmmbiz.qpic.cn\u002Fmmbiz_png\u002F9sIibiadwv3fakRBg1y4yOeSUKNE2Sdf26SuYFj0v7jz4Wpao1JAzlibcKia6mPLktFvKabXAcWOsZbxIB01DdGnCQ\u002F640",{"coverDim":103,"slots":104},true,{},"\u002F2021\u002Fvirus-fakefolder",null,{"text":108,"minutes":109,"time":110,"words":111},"4 min read",3.505,210300,701,{"title":5,"description":98},{"loc":105},"posts\u002F2021\u002Fvirus-fakefolder",[116,117,118],"Windows","恶意软件","应急处理","tech","2021-10-01 21:30:00","S0wVg9FSGsi8vNGYfZcLJhHTRezV4blKRx46elXdcHE",[123,129],{"title":124,"path":125,"stem":126,"date":127,"type":128,"children":-1},"电脑是你修坏的吗","\u002F2021\u002Fclassroom-pc-1","posts\u002F2021\u002Fclassroom-pc-1","2021-04-06","story",{"title":130,"path":131,"stem":132,"date":133,"type":128,"children":-1},"修监控 (授权转载)","\u002F2021\u002Fclassroom-pc-2","posts\u002F2021\u002Fclassroom-pc-2","2021-07-09",1782091378081]