标题: 给你们来个东东:映像劫持法免疫病毒 [打印本页]
作者: bluewaterx 时间: 2008-9-23 19:32 标题: 给你们来个东东:映像劫持法免疫病毒
谁猜猜是做什么的
@echo off
setlocal enabledelayedexpansion
set vD1=System32 Sysrunt Syswindow Winvnc Wqk Sysedit32 Spfw Something sockets service server vpm vsecomr bin pw32 pcx pcfwallicon notpa netspy netip
set vD2=mstesk msie5 msgsvr16 msgsvc msgsrv36 winupdate windown vsstart task_bar system sockets Msblast Microsoft mprdll Msabel32 mdm Mbbmanager
set vD3=sxs SVOHOST 180ax a adaware Alchem alevir aqadcup archive arr ARUpdate asm av avserve avserve2 backWeb bargains basfipm belt Biprep blss bokja
set vD4=bootconf bpc brasil BRIDGE.DLL Buddy BUGSFIX bundle bvt cashback cdaEngine cmd32 cmesys conscorr cxtpls datemanager dcomx Desktop directs divx
set vD5=dllreg dmserver dpi dssagent dvdkeyauth emsw exdl exec EXP explored Fash ffisearch fntldr fsg_4104 FVProtect gator gmt goidr hbinst hbsrv hwclock
set vD6=hxdl hxiul iedll iedriver IEHost iexplorer infus infwin intdel isass istsvc jawa32 jdbgmrg kazza keenvalue kernel32 lass lmu loader lssas mapisvc32
set vD7=mario md mfin32 mmod mostat msapp msblast mscache msccn32 mscman msdm msgfix msiexec16 msinfo mslagent mslaugh msmc msmgt msmsgri32 msrexe mir0.dat
set vD8=mssvc32 mssys msvxd mwsoemon mwsvm netd32 nls nssys32 nstask32 nsupdate ntfs64 NTOSA32 omniscient onsrvr optimize P2P pcsvc pgmonitr PIB powerscan
set vD9=prizesurfer prmt prmvr ray rb32 rcsync rk run32dll rundll16 ruxdll32 saap sahagent saie sais salm satmat save savenow scam32 scrsvr scvhost
set vD11=SearchUpdate33 SearchUpgrader soap spoler Ssk stcloader Susp svc svchosts svshost SyncroAd sysfit system system32 tb_ TBPS teekids tibs3 tricklere
set vD12=ts ts2 tsa tsadbot tsl tsm2 Tvm tvmd tvtmd updmgr VVSN wast web webdav webrebates webrebates0 win-bugsfix win_upd2 win32 winactive winad winadalt
set vD13=winadctl WinAdTools WINdirect windows wingo wininetd wininit winlock winlogin winmain winnet winppr32 winrarshell32 WinRatchet WinSched winservn
set vD14=winshost winssk32 winstart winstart001 WinStatKeep wintaskad Wintime wintsk32 winupdate winupdt winupdtl winxp wmon32 wnad wo wovax wsup wsxsvc
set vD15=wtoolsa WToolsA wtoolss wuamgrd wupdate wupdater wupdt Xhrmy y baidu
for /l %%i in (1,1,15) do for %%j in (!vD%%i!) do reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\%%j.exe" /v Debugger /t REG_SZ /d "全盘禁止运行%%j.exe" /f >nul 2>nul &&echo 成功免疫:〖%%j.exe〗 √
pause
for /l %%i in (1,1,15) do for %%j in (!vD%%i!) do reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\%%j.exe" /f >nul 2>nul &&echo 取消免疫:〖%%j.exe〗 √
───────────────── 版务记录 ─────────────────setlocal enabledelayedexpansion
set vD1=System32 Sysrunt Syswindow Winvnc Wqk Sysedit32 Spfw Something sockets service server vpm vsecomr bin pw32 pcx pcfwallicon notpa netspy netip
set vD2=mstesk msie5 msgsvr16 msgsvc msgsrv36 winupdate windown vsstart task_bar system sockets Msblast Microsoft mprdll Msabel32 mdm Mbbmanager
set vD3=sxs SVOHOST 180ax a adaware Alchem alevir aqadcup archive arr ARUpdate asm av avserve avserve2 backWeb bargains basfipm belt Biprep blss bokja
set vD4=bootconf bpc brasil BRIDGE.DLL Buddy BUGSFIX bundle bvt cashback cdaEngine cmd32 cmesys conscorr cxtpls datemanager dcomx Desktop directs divx
set vD5=dllreg dmserver dpi dssagent dvdkeyauth emsw exdl exec EXP explored Fash ffisearch fntldr fsg_4104 FVProtect gator gmt goidr hbinst hbsrv hwclock
set vD6=hxdl hxiul iedll iedriver IEHost iexplorer infus infwin intdel isass istsvc jawa32 jdbgmrg kazza keenvalue kernel32 lass lmu loader lssas mapisvc32
set vD7=mario md mfin32 mmod mostat msapp msblast mscache msccn32 mscman msdm msgfix msiexec16 msinfo mslagent mslaugh msmc msmgt msmsgri32 msrexe mir0.dat
set vD8=mssvc32 mssys msvxd mwsoemon mwsvm netd32 nls nssys32 nstask32 nsupdate ntfs64 NTOSA32 omniscient onsrvr optimize P2P pcsvc pgmonitr PIB powerscan
set vD9=prizesurfer prmt prmvr ray rb32 rcsync rk run32dll rundll16 ruxdll32 saap sahagent saie sais salm satmat save savenow scam32 scrsvr scvhost
set vD11=SearchUpdate33 SearchUpgrader soap spoler Ssk stcloader Susp svc svchosts svshost SyncroAd sysfit system system32 tb_ TBPS teekids tibs3 tricklere
set vD12=ts ts2 tsa tsadbot tsl tsm2 Tvm tvmd tvtmd updmgr VVSN wast web webdav webrebates webrebates0 win-bugsfix win_upd2 win32 winactive winad winadalt
set vD13=winadctl WinAdTools WINdirect windows wingo wininetd wininit winlock winlogin winmain winnet winppr32 winrarshell32 WinRatchet WinSched winservn
set vD14=winshost winssk32 winstart winstart001 WinStatKeep wintaskad Wintime wintsk32 winupdate winupdt winupdtl winxp wmon32 wnad wo wovax wsup wsxsvc
set vD15=wtoolsa WToolsA wtoolss wuamgrd wupdate wupdater wupdt Xhrmy y baidu
for /l %%i in (1,1,15) do for %%j in (!vD%%i!) do reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\%%j.exe" /v Debugger /t REG_SZ /d "全盘禁止运行%%j.exe" /f >nul 2>nul &&echo 成功免疫:〖%%j.exe〗 √
pause
for /l %%i in (1,1,15) do for %%j in (!vD%%i!) do reg delete "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\%%j.exe" /f >nul 2>nul &&echo 取消免疫:〖%%j.exe〗 √
执行:HAT
操作:在帖子标题中增加搜索关键字;代码加code标签
说明:原标题"给你们来个东东"不利于论坛搜索
处罚:因属论坛新人,不予积分处罚
提示:请访问 {7326}论坛新手必读,所有人的基本行为准则[转帖]
───────────────── 版务记录 ─────────────────
[ Last edited by HAT on 2008-9-24 at 09:07 PM ]
作者: HAT 时间: 2008-9-23 20:05
使用映像劫持的方法免疫病毒?
作者: tireless 时间: 2008-9-23 20:29
再加上个 orz.exe 吧,我前几天中了这个...
作者: slore 时间: 2008-9-23 21:00
直接把那个删除了设置个权限比这个效果好,代码还短。