该用户发布的程序捆绑远控木马,请下载运行过的同学尽快杀毒,远控利用白加黑启动,木马路径: C:\PHP5433\goopdate.exe 白文件 C:\PHP5433\goopdate.dll 黑文件,用来给两个exe添加启动项 C:\PHP5433\sdiagnhost.exe 远控木马主体 远控连接地址:ffcc1.casacam.net (45.195.198.207) 大家发现异常请及时到举报区举报。 木马, 一键
zouqiang 发表于 2024-3-25 09:48 真是个垃圾!害死人呀! Windows Registry Editor Version 5.00 ;固态硬盘优化 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\BootOptimizeFunction] "Enable"="n" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Memory Management\PrefetchParameters] "EnablePrefetcher"=dword:00000000 ;关闭错误报告 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting] "Disabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting] "DoReport"=dword:00000000 "ShowUI"=dword:00000000 ;关闭系统还原 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "RPSessionInterval"=dword:00000000 "DisableSR"=dword:00000001 "CreateFirstRunRp"=dword:00000000 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SPP\Clients] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] "DisableSR"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer] "LimitSystemRestoreCheckpointing"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Dfrg\BootOptimizeFunction] "Enable"="n" ;关闭用户账户控制(UAC) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=dword:00000000 "EnableLUA"=dword:00000000 ;记事本自动换行 [HKEY_CURRENT_USER\Software\Microsoft\Notepad] "fWrap"=dword:00000001 ;减少关机等待时间 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control] "WaitToKillServiceTimeout"="0" [HKEY_CURRENT_USER\Control Panel\Desktop] "HungAppTimeout"="3000" "WaitToKillAppTimeout"="10000" ;禁用驱动签名 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Driver Signing] "Policy"=hex:01 [HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows NT\Driver Signing] "BehaviorOnFailedVerify"=dword:00000000 ;禁止U盘等所有磁盘自动运行(保留光盘自动播放) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDriveTypeAutoRun"=dword:000000ff [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDriveTypeAutoRun"=dword:000000ff [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR] "AutoRun"=dword:000000ff [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\USBSTOR] "AutoRun"=dword:000000ff [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cdrom] "Autorun"=dword:000000ff [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cdrom] "Autorun"=dword:000000ff ;禁止远程修改注册表 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SECUREPIPESERVERS\WINREG] "remoteregaccess"=dword:00000001 ;开启win10护眼 [HKEY_CURRENT_USER\Control Panel\Colors] "Window"="202 234 206" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\DefaultColors\Standard] "Window"=dword:00caeace ;任务栏时间显示秒 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "ShowSecondsInSystemClock"=dword:00000001 ;设置默认保留带宽为0 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters] "Tcp1323Opts"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Psched] "NonBestEffortLimit"=dword:00000000 ;修改状态栏透明度 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "UseOLEDTaskbarTransparency"=dword:00000001 以上是此工具修改注册表的内容,有修改的话可以去修改回去。(看下其他电脑的值是多少)
