扫一扫
分享文章到微信
扫一扫
关注官方公众号
至顶头条
以下是引用片段: @gotostart ============================================================== 名称:反特洛伊木马 功能: 1、禁用自启动项目(runrunoncerunservices) 2、禁止修改.txt、.com、.exe、.inf、.ini、.bat等等文件关联 3、禁止修改"服务"信息 原理:设置注册表权限为只读 版本修订情况 版本号 修订日期 修订人 修订内容 1.0 2004-12-22 netu0 创建本脚本 ============================================================== :start @SETLOCAL @rem活动代码页设为中文 @chcp936>nul2>nul @echo. @echo************************************************************ @echo# @echo# 欢迎使用反特洛伊木马程序 @echo# @echo# @echo************************************************************ :chkOS @echo. @ver|find"2000">nul2>nul @if"ERRORLEVEL"=="0"goto:2000 @ver|find"MicrosoftWindows[版本5">nul2>nul @if"ERRORLEVEL"=="0"goto:2003 @ver|find"XP">nul2>nul @if"ERRORLEVEL"=="0"goto:XP @echo. @echo#您的操作系统不是Windows2000/XP/2003中的一种,无法使用。 @gotoquit @rem在下面语句插不同系统的不同命令 :2000 @setUpdatePolicy=secedit/refreshpolicymachine_policy>nul2>nul @gotoSelection :XP @setUpdatePolicy=GPUpdate/Force>nul2>nul @gotoSelection :2003 @setUpdatePolicy=GPUpdate/Force>nul2>nul @gotoSelection :Selection @remUserChoice @echo. @echo请输入以下选项前面的数字 @echo. @echo1:安装反特洛伊木马保护 @echo2:删除反特洛伊木马保护(恢复默认设置) @echo3:查看技术信息 @echo4:退出 @echo. @set/pUserSelection=输入您的选择(1、2、3、4) @if"UserSelection"=="1"gotoinstall @if"UserSelection"=="2"gotouninstall @if"UserSelection"=="3"gotoinformation @if"UserSelection"=="4"gotoquit @rem输入其他字符 @cls @gotoSelection :information @cls @echo ============================================================ @echo# @echo# 欢迎使用反特洛伊木马程序 @echo# @echo#功能: @echo# @echo# 1、设置注册表自启动项为只读(Run、RunOnce、RunService), @echo# 防止木马、病毒通过自启动项目启动 @echo# 2、设置.txt、.com、.exe、.inf、.ini、.bat等等文件关联为只读, @echo# 防止木马、病毒通过文件关联启动 @echo# 3、设置注册表HKLM/SYSTEM/CurrentControlSet/Services为只读 @echo# 防止木马、病毒以"服务"方式启动 @echo# @echo#注意事项: @echo# 某些安装程序也会用到以上注册表键,请在安装前运行本程序, @echo# 然后选择2,恢复默认设置。安装完成后,重新运行本程序, @echo# 然后选择1,实施反特洛伊木马保护 @echo============================================================== @echo. @echo按任意键,返回选择 @pause>nul2>nul @cls @gotoSelection :install @setOP=/granteveryone/read /p:no_dont_copy @gotoDoit :uninstall @setOP=/revokeeveryone/read /p:yes @gotoDoit oit @echo. @echo正在执行操作... @remHKLM @setaclmachine/SOFTWARE/Microsoft/Windows/CurrentVersion/Run/registryOP>nul2>nul @setaclmachine/SOFTWARE/Microsoft/Windows/CurrentVersion/RunOnce/registryOP>nul2>nul @setaclmachine/SOFTWARE/Microsoft/Windows/CurrentVersion/RunServices/registryOP>nul2>nul @setaclmachine/SOFTWARE/Microsoft/Windows/CurrentVersion/RunEX/registryOP>nul2>nul @setaclmachine/SOFTWARE/Microsoft/Windows/CurrentVersion/RunOnceEX/registryOP>nul2>nul @setaclmachine/SOFTWARE/Microsoft/Windows/CurrentVersion/RunServicesEx/registryOP>nul2>nul @remHKCU @setaclCURRENT_USER/SOFTWARE/Microsoft/Windows/CurrentVersion/Run/registryOP>nul2>nul @setaclCURRENT_USER/SOFTWARE/Microsoft/Windows/CurrentVersion/RunOnce/registryOP>nul2>nul @setaclCURRENT_USER/SOFTWARE/Microsoft/Windows/CurrentVersion/RunServices/registryOP>nul2>nul @setaclCURRENT_USER/SOFTWARE/Microsoft/Windows/CurrentVersion/RunEX/registryOP>nul2>nul @setaclCURRENT_USER/SOFTWARE/Microsoft/Windows/CurrentVersion/RunOnceEX/registryOP>nul2>nul @setaclCURRENT_USER/SOFTWARE/Microsoft/Windows/CurrentVersion/RunServicesEx/registryOP>nul2>nul @setaclCURRENT_USER/SOFTWARE/Microsoft/Windows/CurrentVersion/RunServicesOnce/registryOP>nul2>nul @remUSERS @setaclUSER/SOFTWARE/Microsoft/Windows/CurrentVersion/Run/registryOP>nul2>nul @setaclUSER/SOFTWARE/Microsoft/Windows/CurrentVersion/RunOnce/registryOP>nul2>nul @setaclUSER/SOFTWARE/Microsoft/Windows/CurrentVersion/RunServices/registryOP>nul2>nul @setaclUSER/SOFTWARE/Microsoft/Windows/CurrentVersion/RunEX/registryOP>nul2>nul @setaclUSER/SOFTWARE/Microsoft/Windows/CurrentVersion/RunOnceEX/registryOP>nul2>nul @setaclUSER/SOFTWARE/Microsoft/Windows/CurrentVersion/RunServicesEx/registryOP>nul2>nul @setaclUSER/SOFTWARE/Microsoft/Windows/CurrentVersion/RunServicesOnce/registryOP>nul2>nul @remServices @setaclMACHINE/SYSTEM/CurrentControlSet/Services/registryOP>nul2>nul @remCLASSES_ROOT @setaclCLASSES_ROOT/exefile/shell/open/command/registryOP>nul2>nul @setaclCLASSES_ROOT/inifile/shell/open/command/registryOP>nul2>nul @setaclCLASSES_ROOT/txtfile/shell/open/command/registryOP>nul2>nul @setaclCLASSES_ROOT/comfile/shell/open/command/registryOP>nul2>nul @setaclCLASSES_ROOT/batfile/shell/open/command/registryOP>nul2>nul @setaclCLASSES_ROOT/inffile/shell/open/command/registryOP>nul2>nul @echo正在更新帐户策略、审核策略...... @REM[刷新本地安全策略] @UpdatePolicy>nul2>nul @echo帐户策略、审核策略更新完成 :complete @echo操作完成 @echo. @echo. @echo请按任意键退出。 @pause>nul2>nul :quit @remClear @delsystemroot/system32/setacl.exe>nul2>nul @delsystemroot/system32/AntiTrojanhorse.bat>nul2>nul @ENDLOCAL |
如果您非常迫切的想了解IT领域最新产品与技术信息,那么订阅至顶网技术邮件将是您的最佳途径之一。