以下内容为程序代码:
arp绑定
arp -d
arp -s 192.168.0.1 00-50-8B-B9-24-50
防止real exploit
regsvr32 /u /s "C:\Program Files\Real\RealPlayer\ierjplug.dll"
regsvr32 /u /s "C:\Program Files\Real\RealPlayer\rpplugins\ierpplug.dll"
ren "C:\Program Files\Real\RealPlayer\rpplugins\ierpplug.dll" ierpplug.bak
ren "C:\Program Files\Real\RealPlayer\ierjplug.dll" ierjplug.bak
ren "C:\Program Files\Real\RealPlayer\rpplugins\rpwm3260.dll" rpwm3260.bak
taskkill /f /im realsched.exe
防止机器狗补丁[现在貌似360防止机器狗补丁2.0出来了,大家用这个。]
\\update\soft$\Gameup\addoldef.exe
导入防0day exploit木马网页注册表
copy /y \\192.168.0.245\soft$\Gameup\deny.reg c:\windows\system32
regedit /s %windir%\system32\deny.reg
导入防木马病毒客户端host文件
echo y|cacls %windir%\system32\drivers\etc\hosts /g everyone:f
attrib -r -a -s -h %windir%\system32\drivers\etc\hosts
copy "\\192.168.0.245\soft$\Gameup\hosts" "c:\windows\system32\drivers\etc\" /y
attrib +r +a +s +h %windir%\system32\drivers\etc\hosts
echo y|cacls %windir%\system32\drivers\etc\hosts /g everyone:r
关闭别人到客户机的135端口通信[不关闭客户机135端口到服务器通信]
ipseccmd -w REG -p "clxp safe policy" -r "Block TCP/135" -f *=0:135:TCP -n BLOCK -x
刷新组策略
gpupdate /force
百度超级搜霸远程代码执行0day exploit
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A7F05EE4-0426-454F-8013-C41E3596E9E9}]
联众游戏大厅又有远程执行0day exploit
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{61F5C358-60FB-4A23-A312-D2B556620F20}]
PPStream PowerPlay.dll 堆栈溢出漏洞
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}]
迅雷ActiveX控件DownURL2远程溢出漏洞
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EEDD6FF9-13DE-496B-9A1C-D78B3215E266}]
联众ConnectAndEnterRoom ActiveX控件栈溢出漏洞
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AE93C5DF-A990-11D1-AEBD-5254ABDD2B69}]
超星阅览器Pdg2 ActiveX控件栈溢出漏洞
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7F5E27CE-4A5C-11D3-9232-0000B48A05B2}]
迅雷5-迅雷看看 0day exploit
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F3E70CEA-956E-49CC-B444-73AFE593AD7F}]
Qvod Player播放器0day漏洞
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}]
FlashGet 拒绝服务漏洞
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FB5DA724-162B-11D3-8B9B-AA70B4B0B524}]
PPlive MngModule.dll 0day exploit
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9F0F8700-A4D8-4E24-A3E0-1CA654CB5179}]
#kill-bit MS06-014 MS06072 MS07-017
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BD96C556-65A3-11D0-983A-00C04FC29E30}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BD96C556-65A3-11D0-983A-00C04FC29E36}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AB9BCEDD-EC7E-47E1-9322-D4A210617116}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0006F033-0000-0000-C000-000000000046}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0006F03A-0000-0000-C000-000000000046}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6e32070a-766d-4ee6-879c-dc1fa91d2fc3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6414512B-B978-451D-A0D8-FCFDF33E833C}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7F5B7F63-F06F-4331-8A26-339E03C0AE3D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{06723E09-F4C2-43c8-8358-09FCD1DB0766}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{639F725F-1B2D-4831-A9FD-874847682010}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BA018599-1DB3-44f9-83B4-461454C84BF8}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D0C07D56-7C69-43F1-B4A0-25F5A11FAB19}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E8CCCDDF-CA28-496b-B050-6C07C962476B}]
#kill-bit Yahoo! Messenger 8.1.0.421溢出漏洞
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{24F3EAD6-8B87-4C1A-97DA-71C126BDA08F}]
#kill-bit Apple Quicktime UDTA ATOM整数溢出漏洞
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}]
#kill-bit NCTAudioFile2 ActiveX远程栈溢出漏洞
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{77829F14-D911-40FF-A2F0-D11DB8D6D0BC}]
RealNetworks RealPlayer rmoc3260.dll ActiveX控件内存破坏漏洞
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0FDF6D6B-D672-463B-846E-C6FF49109662}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{224E833B-2CC6-42D9-AE39-90B6A38A4FA2}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3B46067C-FD87-49B6-8DDD-12F0D687035F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3B5E0503-DE28-4BE8-919C-76E0E894A3C2}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{44CCBCEB-BA7E-4C99-A078-9F683832D493}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A1A41E11-91DB-4461-95CD-0C02327FD934}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}]
#kill-bit 暴风影音2 mps.dll组件多个缓冲区溢出漏洞
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6BE52E1D-E586-474F-A6E2-1A85A9B4D9FB}]
#kill-bit 未知的CLSID。。。网马里发现的。
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00EF2092-6AC5-47c0-BD25-CF2D5D657FEB}]
#kill-bit 韩国jetAudio播放器ActiveX控件漏洞2008.1.19发现利用。
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}]
#kill-bit MSIE DHTML Edit跨站脚本漏洞
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2D360201-FFF5-11d1-8D03-00A0C959BC0A}]
#kill-bit Microsoft IE navcancl.htm跨站脚本执行漏洞(MS07-033)。
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EEE78591-FE22-11D0-8BEF-0060081841DE}]
#kill-bit McAfee Security Center集中配置GUI远程溢出漏洞
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9BE8D7B2-329C-442A-A4AC-ABA9D7572602}]
#kill-bit 瑞星在线扫描远程代码执行漏洞
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153}]
#kill-bit MS07-027
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{d4fe6227-1288-11d0-9097-00aa004254a0}]
#kill-bit Symantec的远程执行漏洞
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{22ACD16F-99EB-11D2-9BB3-00400561D975}]
--------------------------------------------------------------------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{22ACD16F-99EB-11D2-9BB3-00400561D975}]
"Compatibility Flags"=dword:00000400
如上添加,则禁用此activeX
--------------------------------------------------------------------------------
Skype的ActiveX控件漏洞
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LocalMachine_Lockdown]
"Skype.exe"=dword:00000001
有些下载网站、电影网站会欺骗用户下载这些有漏洞的讯雷、Qvod来收获肉鸡,请大家不要上当。
 |
http://wglm.net/upwglm/soft/1_080908183332.rar |
