网马防御新方法：CLSID - 网吧网管交流区 - IXPUB技术社区

一星会员

精华贴数 0
社区积分 99
技术积分 15
阅读权限 20
论坛排名 5326
注册日期 2008-4-9

论坛徽章 0

使用道具底部

发表于 2008-4-10 20:47 资料我的博客短消息加为好友

网马防御新方法：CLSID

听说是新方法。也没单独试过。
注意：此法只是避免访问病毒网站时病毒自动下载，如果是下载到本地运行病毒，还是需要另做防御方法的，比如穿透病毒，在本地运行病毒，是无法防止穿透的。
开机通道导入注册表即可，即时生效。
-----------------------------------------------------
俺已经整理完了。目前就是这么多了。用起来感觉很安全。。都不知道什么是机器狗。什么是传透了。
reg文件:

FREE:

Windows Registry Editor Version 5.00

#kill-bit MS06-014
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BD96C556-65A3-11D0-983A-00C04FC29E30}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BD96C556-65A3-11D0-983A-00C04FC29E36}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AB9BCEDD-EC7E-47E1-9322-D4A210617116}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0006F033-0000-0000-C000-000000000046}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0006F03A-0000-0000-C000-000000000046}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7F5B7F63-F06F-4331-8A26-339E03C0AE3D}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{06723E09-F4C2-43c8-8358-09FCD1DB0766}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{639F725F-1B2D-4831-A9FD-874847682010}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BA018599-1DB3-44f9-83B4-461454C84BF8}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D0C07D56-7C69-43F1-B4A0-25F5A11FAB19}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E8CCCDDF-CA28-496b-B050-6C07C962476B}]
"Compatibility Flags"=dword:00000400
#kill-bit Yahoo! Messenger 8.1.0.421溢出漏洞
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{24F3EAD6-8B87-4C1A-97DA-71C126BDA08F}]
"Compatibility Flags"=dword:00000400
#kill-bit Apple Quicktime UDTA ATOM整数溢出漏洞
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}]
"Compatibility Flags"=dword:00000400
#kill-bit NCTAudioFile2 ActiveX远程栈溢出漏洞
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{77829F14-D911-40FF-A2F0-D11DB8D6D0BC}]
"Compatibility Flags"=dword:00000400
#kill-bit 百度搜霸ActiveX控件远程代码执行漏洞
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A7F05EE4-0426-454F-8013-C41E3596E9E9}]
"Compatibility Flags"=dword:00000400
#kill-bit PPStream 堆栈溢出漏洞
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5EC7C511-CD0F-42E6-830C-1BD9882F3458}]
"Compatibility Flags"=dword:00000400
#kill-bit 暴风影音2 mps.dll组件多个缓冲区溢出漏洞
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6BE52E1D-E586-474F-A6E2-1A85A9B4D9FB}]
"Compatibility Flags"=dword:00000400
#kill-bit 迅雷ActiveX控件DownURL2方式远程缓冲区溢出漏洞
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EEDD6FF9-13DE-496B-9A1C-D78B3215E266}]
"Compatibility Flags"=dword:00000400
#kill-bit QVOD播放器最新漏洞
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F3D0D36F-23F8-4682-A195-74C92B03D4AF}]
"Compatibility Flags"=dword:00000400
#kill-bit 联众
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AE93C5DF-A990-11D1-AEBD-5254ABDD2B69}]
"Compatibility Flags"=dword:00000400
#kill-bit 联众新0day
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{61F5C358-60FB-4A23-A312-D2B556620F20}]
"Compatibility Flags"=dword:00000400
#kill-bit 超星阅读器
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7F5E27CE-4A5C-11D3-9232-0000B48A05B2}]
"Compatibility Flags"=dword:00000400
#kill-bit 迅雷看看
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F3E70CEA-956E-49CC-B444-73AFE593AD7F}]
"Compatibility Flags"=dword:00000400
#kill-bit 未知的CLSID。。。网马里发现的。
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00EF2092-6AC5-47c0-BD25-CF2D5D657FEB}]
"Compatibility Flags"=dword:00000400
#kill-bit 韩国jetAudio播放器ActiveX控件漏洞2008.1.19发现利用。
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8}]
"Compatibility Flags"=dword:00000400
#kill-bit MSIE DHTML Edit跨站脚本漏洞
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2D360201-FFF5-11d1-8D03-00A0C959BC0A}]
"Compatibility Flags"=dword:00000400
#kill-bit Microsoft IE navcancl.htm跨站脚本执行漏洞（MS07-033）。
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EEE78591-FE22-11D0-8BEF-0060081841DE}]
"Compatibility Flags"=dword:00000400
#kill-bit McAfee Security Center集中配置GUI远程溢出漏洞
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9BE8D7B2-329C-442A-A4AC-ABA9D7572602}]
"Compatibility Flags"=dword:00000400
#kill-bit FlashGet 拒绝服务漏洞
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FB5DA724-162B-11D3-8B9B-AA70B4B0B524}]
"Compatibility Flags"=dword:00000400
#kill-bit 瑞星在线扫描远程代码执行漏洞
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153}]
"Compatibility Flags"=dword:00000400
#kill-bit MS07－027
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{d4fe6227-1288-11d0-9097-00aa004254a0}]
"Compatibility Flags"=dword:00000400
#kill-bit Symantec的远程执行漏洞
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{22ACD16F-99EB-11D2-9BB3-00400561D975}]
"Compatibility Flags"=dword:00000400
#kill-bit Yahoo! Music Jukebox的ActiveX控件缓冲区溢出漏洞，远程攻击者可能利用此漏洞控制用户系统。
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5F810AFC-BB5F-4416-BE63-E01DD117BD6C}]
"Compatibility Flags"=dword:00000400
#kill-bit MS07-004
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{10072CEC-8CC1-11D1-986E-00A0C955B42E}]
"Compatibility Flags"=dword:00000400
#8:44 2008-3-6 IE被劫持
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4D2EAF15-81D0-42DA-8C39-19EDD39E0FB3}]
"Compatibility Flags"=dword:00000400
#MS06-057(2008-04-10更新)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{844F4806-E8A8-11d2-9652-00C04FC30871}]
"Compatibility Flags"=dword:00000400