系统防御批处理
<P>昨天跟芯片一起用DOS,手发痒了,编了个小家伙给大家,一点点小意思,不知道有没有用,我没来得及实验,源码在下面,要使用的可以直接放到记事本,后缀为bat就行了。<BR><BR>优点及原理:在临时文件夹下的文件设置为基本用户,没有修改系统的权限(Wsyscheck,冰刃之类的还是可以结束进程,这个没办法。。。)在安全模式的注册表的键值都设置成只读,防止病毒删除安全模式(用鼠标删除失败,病毒删除不知道)删除盘符下autorun.inf,再建同名文件夹,(设为隐藏,系统,只读)由于大多数都不是NTFS的,就不设权了。。。。<BR><BR>缺点:如果注册表的安全模式的键值被删除了,再用这个就没办法恢复,要解除以后再恢复键值。。。所以使用前确保系统清洁~~~<BR><BR>这个P处理写的很粗糙,有很多缺陷,时间有限,如果大家怕有问题的可以在虚拟机试试。。。改进之处请大家不吝指出。。<BR></P><P>最后,请大家多多耻笑(指教)<BR></P>
<P>====================================================<BR>@echo off<BR>echo **********************************************************************<BR>echo # #<BR>echo # 欢迎使用系统防御批处理 #<BR>echo # 国家一级勋章,暂时还没拿到. -_- #<BR>echo # 此为上网安全系统加固防御必备工具 #<BR>echo # byTOMMY #<BR>echo **********************************************************************<BR>set regedit1=HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Paths\{bf6c47e3-6173-4b6d-9994-d2f5525fa53a}<BR>set regedit2=HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Paths\{69de8c15-7fe7-4465-9649-ecb33575cc83}<BR>set regedit3=HKLM\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\131072\Paths\{47bd30ef-4269-4e70-8e6d-0809e1ed2dd9}<BR>:start<BR>@echo 1、开始加固<BR>@echo 2、取消加固<BR>@echo 3、退出<BR>@set /p UserSelection=请输入你的选择:(1、2、3)<BR>@if "%UserSelection%"=="1" goto install<BR>@if "%UserSelection%"=="2" goto uninstall<BR>@if "%UserSelection%"=="3" goto end<BR>cls<BR>goto start<BR>:install<BR>set reg1=add<BR>set cacls=[2 6 12 22 8 19]<BR>set Attribute=+r +s +h<BR>goto run1<BR>:uninstall<BR>set reg2=delete<BR>set cacls=[1 5 7 11 21 17]<BR>set Attribute=-r -s -h<BR>goto run2<BR>:run1<BR>rem 使用本地策略组的注册表项,直接添加受限文件地址,用通配符<BR>echo 正在创建注册表项……<BR>reg %reg1% "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers" /v Levels /t REG_DWORD /D 131072 /f >>nul<BR>reg %reg1% "%regedit1%" /v Description /t REG_SZ /f >>nul<BR>reg %reg1% "%regedit1%" /v ItemData /t REG_EXPAND_SZ /D "%ProgramFiles%\Internet Explorer\iexplorer" /f >>nul<BR>reg %reg1% "%regedit1%" /v SaferFlags /t REG_DWORD /D 0 /f >>nul<BR>reg %reg1% "%regedit2%" /v Description /t REG_SZ /f >>nul<BR>reg %reg1% "%regedit2%" /v SaferFlags /t REG_DWORD /D 0 /f >>nul <BR>reg %reg1% "%regedit2%" /v ItemData /t REG_EXPAND_SZ /D "%USERPROFILE%\Local Settings\Temp\*.*" /f >>nul<BR>reg %reg1% "%regedit3%" /v Description /t REG_SZ /f >>nul<BR>reg %reg1% "%regedit3%" /v SaferFlags /t REG_DWORD /D 0 /f >>nul <BR>reg %reg1% "%regedit3%" /v ItemData /t REG_EXPAND_SZ /D "%USERPROFILE%\Local Settings\Temp\**\*.*" /f >>nul<BR>goto Competence<BR>:run2<BR>rem 删除建立的本地安全策略的键值<BR>echo 正在删除注册表项……<BR>reg %reg2% "%regedit1%" /f >nul 2>nul<BR>reg %reg2% "%regedit2%" /f >nul 2>nul<BR>reg %reg2% "%regedit3%" /f >nul 2>nul<BR>goto Competence<BR>:Competence<BR>rem 调用内置的注册表权限管理程序regini修改安全模式权限(由于单单对父键设的话,删除父键无效,但里面的子键会被删除)<BR>echo 设置安全模式……<BR>set safeboot=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot<BR>echo %safeboot% %cacls% >>tem.ini<BR>echo HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden %cacls% >>tem.ini<BR>echo %safeboot%\minimal %cacls% >>tem.ini<BR>echo %safeboot%\Network %cacls% >>tem.ini<BR>rem 下面是安全模式的子键,循环取值<BR>FOR %%F in (AppMgmt AVGAnti-SpywareDriver AVGAnti-SpywareGuard Base BootBusExtender Bootfilesystem CryptSvc DcomLaunch dmadmin dmboot.sys dmio.sys dmload.sys dmserver EventLog Filesystem Filter HelpSvc Netlogon PCIConfiguration PlugPlay PNPFilter Primarydisk RpcSs SCSIClass sermouse.sys sr.sys SRService SystemBusExtender vga.sys vgasave.sys WinMgmt {36FC9E60-C465-11CF-8056-444553540000} {4D36E965-E325-11CE-BFC1-08002BE10318} {4D36E967-E325-11CE-BFC1-08002BE10318} {4D36E969-E325-11CE-BFC1-08002BE10318} {4D36E96A-E325-11CE-BFC1-08002BE10318} {4D36E96B-E325-11CE-BFC1-08002BE10318} {4D36E96F-E325-11CE-BFC1-08002BE10318} {4D36E977-E325-11CE-BFC1-08002BE10318} {4D36E97B-E325-11CE-BFC1-08002BE10318} {4D36E97D-E325-11CE-BFC1-08002BE10318} {4D36E980-E325-11CE-BFC1-08002BE10318} {71A27CDD-812A-11D0-BEC7-08002BE2092F} {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}) do echo HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\minimal\%%F %cacls% >>tem.ini<BR>for %%s in (AFD AppMgmt AVGAnti-SpywareDriver AVGAnti-SpywareGuard Base BootBusExtender Bootfilesystem Browser CryptSvc DcomLaunch Dhcp dmadmin dmboot.sys dmio.sys dmload.sys dmserver DnsCache EventLog Filesystem Filter HelpSvc ip6fw.sys ipnat.sys LanmanServer LanmanWorkstation LmHosts Messenger NDIS NDISWrapper Ndisuio NetBIOS NetBIOSGroup NetBT NetDDEGroup Netlogon NetMan Network NetworkProvider nm nm.sys NtLmSsp PCIConfiguration PlugPlay PNPFilter PNP_TDI Primarydisk rdpcdd.sys rdpdd.sys rdpwd.sys rdsessmgr RpcSs SCSIClass sermouse.sys SharedAccess sr.sys SRService StreamsDrivers SystemBusExtender Tcpip TDI tdpipe.sys tdtcp.sys termservice vga.sys vgasave.sys WinMgmt WZCSVC {36FC9E60-C465-11CF-8056-444553540000} {4D36E965-E325-11CE-BFC1-08002BE10318} {4D36E967-E325-11CE-BFC1-08002BE10318} {4D36E969-E325-11CE-BFC1-08002BE10318} {4D36E96A-E325-11CE-BFC1-08002BE10318} {4D36E96B-E325-11CE-BFC1-08002BE10318} {4D36E96F-E325-11CE-BFC1-08002BE10318} {4D36E972-E325-11CE-BFC1-08002BE10318} {4D36E973-E325-11CE-BFC1-08002BE10318} {4D36E974-E325-11CE-BFC1-08002BE10318} {4D36E975-E325-11CE-BFC1-08002BE10318} {4D36E977-E325-11CE-BFC1-08002BE10318} {4D36E97B-E325-11CE-BFC1-08002BE10318} {4D36E97D-E325-11CE-BFC1-08002BE10318} {4D36E980-E325-11CE-BFC1-08002BE10318} {71A27CDD-812A-11D0-BEC7-08002BE2092F} {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}<BR>) do echo HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\%%s %cacls% >>tem.ini<BR>regini tem.ini&del tem.ini<BR>if "%UserSelection%"=="2" goto end<BR>echo 正在处理文件,可能需要比较长的时间,请稍候,若过久无响应,请按ctrl+c结束……<BR>for %%e in (C D E F G H I J K L M N O P Q) do del /f %%e:\autorun.inf /q >nul 2>nul<BR>for %%h in (C D E F G H I J K L M N O P Q) do md %%h:\autorun.inf >nul 2>nul<BR>for %%z in (C D E F G H I J K L M N O P Q) do attrib %Attribute% %%z:\autorun.inf /s /d >nul 2>nul<BR><BR>:end<BR>echo 完成,多谢使用,有任何问题请联系QQ:3153489841</P>
<P>pause >nul<BR></P> 还不错!设置安全模式还蛮快的,赞一个! 希望写好一点,现在都是NTFS格式,带权限的--------多谢 看上去不错的样子 谢谢楼主分享 ! 现在还有点看不懂! 谢谢分享
页:
[1]