table of Contents
I. Introduction
Second, the question is proposed
Third, the problem solving
Fourth, applicable people
Five, still exists
Sixth, other
Seven, batch source code
reference
I. Introduction
Not long ago, it is nothing to do with http://www.sometips.com/, and after reading "file permissions and registry privileges" is inspired. So this is the result of this article.
Second, the question is proposed
Most of the Trojans and some viruses are related to the self-start or files of the registry or to implement self-start through the system service. See "Self-starting mode" in Windows, which has a way to prevent Trojans or virus modifications Item and increase service?
Third, the problem solves
The registration form of Windows2000 / XP / 2003 is to set permissions, but we use less. Set the permissions of the following registry keys:
1. Set the registry self-starting item for Everyone read-only (Run, Runonce, RunService), prevent Trojans, viruses from starting from the startup project
2, set .txt, .com, .exe, .inf, .ini, .bat and other files associated with Everyone read-only, prevent Trojans, viruses from starting through file association
3, set the registry hklm / system / currentControlset / Services to read reading, prevent Trojans, the virus from starting in "service"
The permission setting of the registry key can be implemented in the following manner:
1. If in the domain environment, it may be implemented through the group policy of the active directory.
2. Group Policy of the local computer comes (command line SECEDIT)
3, this article is implemented by SetaCl this program, you can download at http://www.helge.mynetCologne.de/setAcl/
4, manual operation can pass the regedt32 (Windows2000 system, "permission") or regedit (Windows 2003 / XP, "Edit" menu) under "Permissions") under the "Safety"
The batch code is given later.
If only the user group permissions, the above key value is read-only by default, you can not be troublesome.
Fourth, applicable people
1) People who are not very familiar with the computer, unstormal / unloading software
2), I like to download the software installed online.
3), each computer has an administrator privilege, and these people's computer levels are uniform.
Five, still exists
1), install anti-virus software, when patch, you can operate those registry, so you have to restore the permission settings, then install, reset after installation. inconvenient
2), can't prevent 3721, I don't know if the authority of 3721 is too high (I heard that 3721 is started by the driver, there is Ring 0 level permission)
3), only suitable for Windows2000 / XP / 2003, there is no way.
4), only deal with those simple viruses and Trojans
Sixth, other
Everyone can see this article, it may not help you: neuropathy, two or three sentences have finished doing things, not to make like papers, write such a lot, waste my time. If this is true, it is really sorry. Just because the company is implementing ISO, I also think that there is quite good in ISO. In order to standardize my document, I will do more practice.
Packing programs can be:
Https://www.xfocus.net/php/tools.php?sub=down&tid=741
download.
Seven, batch source code
@goto start
============================================================================================================================================================================================================= ============ Name: Antio Tima
Features:
1. Disable Self-started items (Run Runonce Runservices)
2, prohibit modification .txt, .com, .exe, .inf, .ini, .bat, etc.
3. Prohibition of modifying "service" information
Principle: Set the registry authority is read-only
Version revision
Revision Date Revision Revision
1.0 2004-12-22 NETU0 creates this script
============================================================================================================================================================================================================= ============
: start
@Setlocal
@REM activity code page is in Chinese
@CHCP 936> NUL 2> NUL
@echo.
@ e ***************************************************************** ************
@echo #
@echo # Welcome to the anti-Trojm horse program
@echo #
@echo #
@ e ***************************************************************** ************
: chkos
@echo.
@VER | Find "2000"> NUL 2> NUL
@if "% errorlevel%" == "0" goto: 2000
@VER | Find "Microsoft Windows [Version 5"> NUL 2> NUL
@if "% errorlevel%" == "0" goto: 2003
@VER | Find "XP"> NUL 2> NUL
@if "% errorlevel%" == "0" goto: XP
@echo.
@echo # Your operating system is not one of Windows 2000 / XP / 2003 and cannot be used.
@goto quit
@REM inserting different commands in different systems in the following statement
: 2000
@set UpdatePolicy = SECEDIT / RefreshPolicy Machine_Policy> NUL 2> NUL
@goto selection
: XP
@Set updatePolicy = GPUPDATE / FORCE> NUL 2> NUL @ Goto Selection
: 2003
@Set updatePolicy = GPUPDATE / FORCE> NUL 2> NUL
@goto selection
: Selection: SELECTION
@Rem User Choice
@echo.
@echo Please enter the number in front of the following options
@echo.
@echo 1: Installing an anti-Troim horse protection
@echo 2: Delete an anti-Troim horse protection (restore default settings)
@echo 3: View technical information
@echo 4: Exit
@echo.
@set / p UserSelection = Enter your selection (1, 2, 3, 4)
@IF "% userSelection% ==" 1 "goto install
@IF "% userSelection% ==" 2 "goto uninstall
@IF "% userSelection%" == "3" goto information
@IF "% userSelection% ==" 4 "goto quit
@REM Enter other characters
@cls
@goto selection
Information
@cls
@echo ========================================================================== ==============
@echo #
@echo # Welcome to the anti-Trojm horse program
@echo #
@echo # Features:
@echo #
@echo # 1, set the registry from the startup item as read-only (run, runonce, runservice),
@echo # prevents Trojans, the virus is started from the start-up item
@echo # 2, set .txt, .com, .exe, .inf, .ini, .bat, etc., is associated with read only,
@echo # prevents Trojans, viruses from starting through file association
@echo # 3, Set the Registry HKLM / System / CurrentControlSet / Services for read-only
@echo # prevents Trojans, the virus starts in "service"
@echo #
@echo # Note:
@echo # Some installers also use the above registry keys, please run this program before installation,
@echo # and select 2 and restore the default settings. After the installation is complete, re-run this program.
@echo # and select 1, implement anti-Troima protection
@echo ========================================================================== =============== @ echo.
@echo Press any key to return to choose
@pause> NUL 2> NUL
@cls
@goto selection
: INSTALL
@set op = / grant every / read / p: no_dont_copy
@goto doit
: Uninstall
@set op = / revoke everyOnd / read / P: YES
@goto doit
: DOIT
@echo.
@echo is performing operation ...
@Rem HKLM
@SetaCl Machine / Software / Microsoft / Windows / CurrentVersion / Run / Registry% OP%> NUL 2> NUL
@SetaCl Machine / Software / Microsoft / Windows / CurrentVersion / Runonce / Registry% OP%> NUL 2> NUL
@SetaCl Machine / Software / Microsoft / Windows / CurrentVersion / RunServices / Registry% OP%> NUL 2> NUL
@SetaCl Machine / Software / Microsoft / Windows / CurrentVersion / Runex / Registry% OP%> NUL 2> NUL
@SetaCl Machine / Software / Microsoft / Windows / CurrentVersion / RunonceEx / Registry% OP%> NUL 2> NUL
@SetaCl Machine / Software / Microsoft / Windows / CurrentVersion / RunserviceSex / Registry% OP%> NUL 2> NUL
@Rem HKCU
@SetaCl current_user / suftware / microsoft / windows / currentversion / run / registry% op%> NUL 2> NUL
@SetaCl current_user / soft / microsoft / windows / currentversion / runonce / registry% OP%> NUL 2> NUL
@SetaCl current_user / suftware / microsoft / windows / currentversion / runservices / registry% op%> NUL 2> NUL
@SetaCl Current_User / Software / Microsoft / Windows / CurrentVersion / Runex / Registry% OP%> NUL 2> NUL
@setacl CURRENT_USER / SOFTWARE / Microsoft / Windows / CurrentVersion / RunOnceEX / registry% OP%> nul 2> nul @ setacl CURRENT_USER / SOFTWARE / Microsoft / Windows / CurrentVersion / RunServicesEx / registry% OP%> nul 2> nul
@SetaCl Current_User / Software / Microsoft / Windows / CurrentVersion / Runservices / Registry% OP%> NUL 2> NUL
@Rem Users
@SetaCl User / Software / Microsoft / Windows / CurrentVersion / Run / Registry% OP%> NUL 2> NUL
@SetaCl User / Software / Microsoft / Windows / CurrentVersion / Runonce / Registry% OP%> NUL 2> NUL
@SetaCl User / Software / Microsoft / Windows / CurrentVersion / RunServices / Registry% OP%> NUL 2> NUL
@SetaCl User / Software / Microsoft / Windows / CurrentVersion / Runex / Registry% OP%> NUL 2> NUL
@SetaCl User / Software / Microsoft / Windows / CurrentVersion / Runonceex / Registry% OP%> NUL 2> NUL
@SetaCl User / Software / Microsoft / Windows / CurrentVersion / RunserviceSex / Registry% OP%> NUL 2> NUL
@SetaCl User / Software / Microsoft / Windows / CurrentVersion / RunservicesOnce / Registry% OP%> NUL 2> NUL
@Rem Services
@SetaCl Machine / System / CurrentControlset / Services / Registry% OP%> NUL 2> NUL
@Rem Classes_Root
@SetaCl classes_root / evEfile / shell / open / command / registry% op%> NUL 2> NUL
@SetaCl classes_root / inIfile / shell / open / command / registry% op%> NUL 2> NUL
@SetaCl classes_root / txtfile / shell / open / command / registry% OP%> NUL 2> NUL
@SetaCl classes_root / comfile / shell / open / command / registry% op%> NUL 2> NUL
@SetaCl classes_root / batfile / shell / open / command / registry% op%> NUL 2> NUL
@SetaCl classes_root / inffile / shell / open / command / registry% op%> NUL 2> NUL
@echo is updating account strategy, reviewing strategy ...
@Rem [Refresh Local Security Policy]
@% UpdatePolicy%> NUL 2> NUL @ Echo account policy, audit policy update completion
: Complete
@echo operation
@echo.
@echo.
@echo Please press any key to exit.
@pause> NUL 2> NUL
: quit
@Rem Clear
@del% systemroot% / system32 / setacl.exe> NUL 2> NUL
@Del% systemroot% / system32 / antitrojanhorse.bat> NUL 2> NUL
@Endlocal
