四招彻底防御LOGO1,熊猫等,所有感染EXE文件的病毒!
2007-04-28 17:18
435 查看
注:转载自程序员日志
第一步:制作免疫补丁(P处理内容)
echo > c:windowsLogo1.exe
echo > c:windowsLogo_1.exe
echo > c:windowsLogo1_1.exe
echo > c:windowsLogo1_.exe
echo > c:windowsSy.exe
echo > c:windows1Sy.exe
echo > c:windows2Sy.exe
echo > c:windows3Sy.exe
echo > c:windows4Sy.exe
echo > c:windows5Sy.exe
echo > c:windows6Sy.exe
echo > c:windows7Sy.exe
echo > c:windows8Sy.exe
echo > c:windows9Sy.exe
echo > c:windows1.com
echo > c:windowsrundll32.exe
echo > c:windowsrundl132.exe
echo > c:windowsvDll.dll
echo > c:window***erouter.exe
echo > c:window***P10RER.com
echo > c:windowsfinders.com
echo > c:windowsShell.sys
echo > c:windowssms*.**e
echo > c:windowskill.exe
echo > c:windowssws.dll
echo > c:windowssws32.dll
echo > c:windowstool.exe
echo > c:windowstool2005.exe
echo > c:windowstool2006.exe
echo > c:windowstool*.**e
echo > c:windowsfinder*.**e
attrib c:windowsLogo1.exe +s +r +h
attrib c:windowsLogo_1.exe +s +r +h
attrib c:windowsLogo1_1.exe +s +r +h
attrib c:windowsLogo1_.exe +s +r +h
attrib c:windowsSy.exe +s +r +h
attrib c:windows1Sy.exe +s +r +h
attrib c:windows2Sy.exe +s +r +h
attrib c:windows3Sy.exe +s +r +h
attrib c:windows4Sy.exe +s +r +h
attrib c:windows5Sy.exe +s +r +h
attrib c:windows6Sy.exe +s +r +h
attrib c:windows7Sy.exe +s +r +h
attrib c:windows8Sy.exe +s +r +h
attrib c:windows9Sy.exe +s +r +h
attrib c:windows1.com +s +r +h
attrib c:windowsrundl132.exe +s +r +h
attrib c:windowsrundll32.exe +s +r +h
attrib c:windowsvDll.dll +s +r +h
attrib c:window***erouter.exe +s +r +h
attrib c:window***P10RER.com +s +r +h
attrib c:windowsfinders.com +s +r +h
attrib c:windowsShell.sys +s +r +h
attrib c:windowssms*.**e +s +r +h
attrib c:windowskill.exe +s +r +h
attrib c:windowssws.dll +s +r +h
attrib c:windowssws32.dll +s +r +h
attrib c:windowstool.exe +s +r +h
attrib c:windowstool2005.exe +s +r +h
attrib c:windowstool2006.exe +s +r +h
attrib c:windowstool*.**e +s +r +h
attrib c:windowsfinder*.**e +s +r +h
==================================================================
第二步:巩固免疫补丁,禁止免疫补丁运行。(注册表内容)
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionGroup Policy Objects本地
UserSoftwareMicrosoftWindowsCurrentVersionPolicie* **plorerDisallowRun]
"**delvals."=" "
"1"="Logo1.exe"
"2"="Logo_1.exe"
"3"="Logo1_1.exe"
"4"="Logo1_.exe"
"5"="0Sy.exe"
"6"="1Sy.exe"
"7"="2Sy.exe"
"8"="3Sy.exe"
"9"="4Sy.exe"
"10"="5Sy.exe"
"11"="6Sy.exe"
"12"="7Sy.exe"
"13"="8Sy.exe"
"14"="9Sy.exe"
"15"="1.com"
"16"="rundll32.exe"
"17"="rundl132.exe"
"18"="vDll.dll"
"19"="exerouter.exe"
"20"="EXP10RER.com"
"21"="finders.com"
"22"="Shell.sys"
"23"="sms*.**e"
"24"="kill.exe"
"25"="sws.dll"
"26"="sws32.dll"
"27"="tool.exe"
"28"="tool2005.exe"
"29"="tool2006.exe"
"30"="tool*.**e"
"31"="finder*.**e"
===============================================
第三步,加强系统自身安全性(P处理内容)
@echo off
echo 程序运行中......
echo y|cacls e: /p everyone:r
echo y|cacls f: /p everyone:r
(P处理内容说明:禁止在E盘,F盘跟目录下创建任何文件及文件夹)
===========================================================
第四步:增强文件权限安全,防止病毒感染(P处理内容)
e:
cd e:netgames
cacl* *.**e /t /e /g /everyone:r
cacl* *.**e /t /e /p /everyone:r
cacls *.dll /t /e /g /everyone:r
cacls *.dll /t /e /p /everyone:r
(P处理内容说明:该批处理会把e:netgame*文件夹下所有的**e和dll文件属性设为只读,同步更新软件会复制文件的只读属性,文件在只读状态下无法修改和保存,但不影响更新和删除(服务器上也必须做这一步)
附:有人问了,用了第三步,那管理员要在其盘符下创建文件夹怎么办?不用着急,运行下面的P处理就解决了。
@echo off
echo 程序运行中......
echo y|cacls e: /g everyone:f
echo y|cacls f: /g everyone:f
第一步:制作免疫补丁(P处理内容)
echo > c:windowsLogo1.exe
echo > c:windowsLogo_1.exe
echo > c:windowsLogo1_1.exe
echo > c:windowsLogo1_.exe
echo > c:windowsSy.exe
echo > c:windows1Sy.exe
echo > c:windows2Sy.exe
echo > c:windows3Sy.exe
echo > c:windows4Sy.exe
echo > c:windows5Sy.exe
echo > c:windows6Sy.exe
echo > c:windows7Sy.exe
echo > c:windows8Sy.exe
echo > c:windows9Sy.exe
echo > c:windows1.com
echo > c:windowsrundll32.exe
echo > c:windowsrundl132.exe
echo > c:windowsvDll.dll
echo > c:window***erouter.exe
echo > c:window***P10RER.com
echo > c:windowsfinders.com
echo > c:windowsShell.sys
echo > c:windowssms*.**e
echo > c:windowskill.exe
echo > c:windowssws.dll
echo > c:windowssws32.dll
echo > c:windowstool.exe
echo > c:windowstool2005.exe
echo > c:windowstool2006.exe
echo > c:windowstool*.**e
echo > c:windowsfinder*.**e
attrib c:windowsLogo1.exe +s +r +h
attrib c:windowsLogo_1.exe +s +r +h
attrib c:windowsLogo1_1.exe +s +r +h
attrib c:windowsLogo1_.exe +s +r +h
attrib c:windowsSy.exe +s +r +h
attrib c:windows1Sy.exe +s +r +h
attrib c:windows2Sy.exe +s +r +h
attrib c:windows3Sy.exe +s +r +h
attrib c:windows4Sy.exe +s +r +h
attrib c:windows5Sy.exe +s +r +h
attrib c:windows6Sy.exe +s +r +h
attrib c:windows7Sy.exe +s +r +h
attrib c:windows8Sy.exe +s +r +h
attrib c:windows9Sy.exe +s +r +h
attrib c:windows1.com +s +r +h
attrib c:windowsrundl132.exe +s +r +h
attrib c:windowsrundll32.exe +s +r +h
attrib c:windowsvDll.dll +s +r +h
attrib c:window***erouter.exe +s +r +h
attrib c:window***P10RER.com +s +r +h
attrib c:windowsfinders.com +s +r +h
attrib c:windowsShell.sys +s +r +h
attrib c:windowssms*.**e +s +r +h
attrib c:windowskill.exe +s +r +h
attrib c:windowssws.dll +s +r +h
attrib c:windowssws32.dll +s +r +h
attrib c:windowstool.exe +s +r +h
attrib c:windowstool2005.exe +s +r +h
attrib c:windowstool2006.exe +s +r +h
attrib c:windowstool*.**e +s +r +h
attrib c:windowsfinder*.**e +s +r +h
==================================================================
第二步:巩固免疫补丁,禁止免疫补丁运行。(注册表内容)
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionGroup Policy Objects本地
UserSoftwareMicrosoftWindowsCurrentVersionPolicie* **plorerDisallowRun]
"**delvals."=" "
"1"="Logo1.exe"
"2"="Logo_1.exe"
"3"="Logo1_1.exe"
"4"="Logo1_.exe"
"5"="0Sy.exe"
"6"="1Sy.exe"
"7"="2Sy.exe"
"8"="3Sy.exe"
"9"="4Sy.exe"
"10"="5Sy.exe"
"11"="6Sy.exe"
"12"="7Sy.exe"
"13"="8Sy.exe"
"14"="9Sy.exe"
"15"="1.com"
"16"="rundll32.exe"
"17"="rundl132.exe"
"18"="vDll.dll"
"19"="exerouter.exe"
"20"="EXP10RER.com"
"21"="finders.com"
"22"="Shell.sys"
"23"="sms*.**e"
"24"="kill.exe"
"25"="sws.dll"
"26"="sws32.dll"
"27"="tool.exe"
"28"="tool2005.exe"
"29"="tool2006.exe"
"30"="tool*.**e"
"31"="finder*.**e"
===============================================
第三步,加强系统自身安全性(P处理内容)
@echo off
echo 程序运行中......
echo y|cacls e: /p everyone:r
echo y|cacls f: /p everyone:r
(P处理内容说明:禁止在E盘,F盘跟目录下创建任何文件及文件夹)
===========================================================
第四步:增强文件权限安全,防止病毒感染(P处理内容)
e:
cd e:netgames
cacl* *.**e /t /e /g /everyone:r
cacl* *.**e /t /e /p /everyone:r
cacls *.dll /t /e /g /everyone:r
cacls *.dll /t /e /p /everyone:r
(P处理内容说明:该批处理会把e:netgame*文件夹下所有的**e和dll文件属性设为只读,同步更新软件会复制文件的只读属性,文件在只读状态下无法修改和保存,但不影响更新和删除(服务器上也必须做这一步)
附:有人问了,用了第三步,那管理员要在其盘符下创建文件夹怎么办?不用着急,运行下面的P处理就解决了。
@echo off
echo 程序运行中......
echo y|cacls e: /g everyone:f
echo y|cacls f: /g everyone:f
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- 01.03病毒预警:闪屏感染者感染exe文件令其失效
- 特别注意"熊猫烧香"病毒!感染全盘EXE文件,并自动删除GHO文件
- exe文件感染病毒,杀毒后不能使用
- 彻底杀除“logo1_.exe”(威金病毒)病毒
- Dcim.exe病毒文件感染相机SD卡处理方案
- 解决U盘感染病毒后所有文件及文件夹被隐藏的方法
- C#中用ILMerge将所有引用的DLL和exe文件打成一个exe文件
- 电脑中毒,所有exe文件打不开的处理方法
- 彻底清除SMSS.EXE病毒
- rundl132.exe,logo1_.exe 病毒专杀工具
- 非常不错的一招防止exe文件被感染的办法
- 熊猫烧香专杀工具源代码,解除被感染的exe文件
- Linux命令:递归删除目录下所有exe文件
- 一个用JAVA写的清除EXE病毒文件的程序(转)
- C#中用ILMerge将所有引用的DLL和exe文件打成一个exe文件
- PE型感染病毒 —— 遍历磁盘PE文件 (2)
- ccc.exe文件及ccc.exe病毒清除方法
- EXERT.EXE是病毒文件
- PE型感染病毒 —— 遍历磁盘PE文件 (2)
- 使用JSmooth将java程序转换成windows上的.exe文件(彻底解决相对目录问题)