Start anti-Trojan attack

For most of my friends, the most troublesome thing they encounter when surfing the internet is when they encounter rogue software. They will be uploaded without knowing it and cannot be deleted if they want to delete it, although there are a lot of tools dedicated to deleting these rogue software, most people just endure it and will not really find the tool to delete it. Therefore, we are very important to do a good job of defense.

So how can we defend? To know how to defend, we need to know the principles of rogue software and some hacker Trojans. Let's take a look at it below.

Most of the rogue software is nothing more than generating a dll file under your % systemroot %, and then using this dll file to achieve the goal of "rogue. The hacker Trojan is even more complex, so our current goal is to prevent rogue software and some hacker trojans from creating files under % systemroot %. In other words, the current user is not permitted to write to % systemroot %. Maybe you will ask, can we create a new user and limit the permissions to achieve the goal? In fact, this is not false, but we know it is in the windowsNT kernel. Different users have different configuration files. If you want the current user to play games and browse webpages, you must avoid rogue software. We only need to log out and switch to another user with limited permissions. If you don't want to play the game, you have to switch back. But do not forget. When you log out, it also allows rogue software or hacker Trojans to take advantage.

So today we want to prevent rogue software and hacker Trojans by connecting to the internet after we start the game directly.

Step 1: create an anti-boot System"

(Method 1)

In this case, we need to set the boot. ini file. What is the boot. ini file? I believe all my friends with some computer knowledge know that what should I do if I don't know? Don't worry. Please go to the hacker base Forum novice school to take a look at the analysis of boot. ini this article, the address connection is: html "> http://bbs.hackbase.com/viewthread-2868505-1.html

Well, let's first modify our boot. ini. When we enter the system, we can select "anti-rogue system". Before that, please remove the read-only attribute of boot. ini.

Then we can modify the boot. ini file.

The normal boot. ini should be

[Boot loader]

Timeout = 5

Default = multi (0) disk (0) rdisk (0) partition (1) WINDOWS

[Operating systems]

Multi (0) disk (0) rdisk (0) partition (1) WINDOWS ="
MicrosoftWindowsXPProfessional "/noexecute = optin/fastdetect

I will not explain what the specific parameters mean. The focus today is not here. If you want to know the meaning of the parameters, please go to the analysis boot. ini mentioned above to find an explanation.

After removing the read-only attribute of boot. ini, add a line below

Multi (0) disk (0) rdisk (0) partition (1) WINDOWS = "anti-Rogue System"
/Noexecute = optin/fastdetect

Save and add the read-only attribute of boot. ini. When we enter the system, the system will prompt you to select the system and we will see

 

We can access the anti-rogue system.

Nickname: What if I cannot do this for a certain reason?

Name: I always configure an incorrect system. The next time I enter the system, I want to restore it. What should I do if I want to enable the anti-rogue system?

Don't worry, we still have method 2

(Method 2)

Then we will surely think of modifying the advanced options of system F8. When we start the system, press F8 directly to enter the safe mode. Can we select "anti-rogue system" after press F8? Of course ~

We found NTLDR, also removed the read-only attribute, and opened it with a UltraEdit-32

We changed the last correct configuration to the anti-rogue system, move the cursor to the front of the last time, and then enter the anti-rogue system. The text behind should be replaced by spaces. Note: Do not bring down the grid, re-Modify the typo. The space must be strictly set and saved.

Step 2: implement anti-hooligans during startup

The above steps are modified. We only changed the name. In fact, it remains unchanged from the original nature. Now we need to implement the anti-Rogue policy.

Nickname: is it possible to guard against hooligans when it is started? So happy.

Big name: you are happy, P. How can this problem be implemented?

It is actually very simple. Add a file to the startup Item. Start him at startup. To prevent rogue attacks

Nickname: Yes, so smart.

Name: Smart P. What else do we do before? It's just a matter of subjective feelings, but it's actually useless.

Well .... It is useless .. it is because I am too fond of food and do not know how to use boot. ini to achieve the effect of the Startup File, but also can only let the specified system to start, the remaining system does not start. There is only one system. If anyone knows this, please teach me.

Add a batch. The content is as follows:

@ Echo off

Setlocal

Cls

Color 7

Title anti-Rogue main program v1.0

Echo welcome to anti-Rogue main program v1.0

Echo by unknown [hackbase]

If not % OS % = Windows_NT echo this program can only run on Windows snt or above! & Goto exit

Echo this program is too rough to be developed. When exiting the system, execute xf. bat. Otherwise, the system cannot be entered, and the consequences are at your own risk.

Echo remember ~~ Remember ~~~

Does echo enable anti-rogue programs? [Y/n]

Set/p host =

If {% host % }={ y} echo anti-rogue program is starting... OK! & Goto: loop

If {% host % }={ n} echo the anti-rogue program is not started successfully & exit

Input the current user name for echo.

Set/p user =

If {% user % }={} echo, enter the current user name! | Exit

: Loop

Cacls % systemroot %/p % user %: N

Echo Stage 1 is successfully set... OK!

Cacls % systemroot %/system32/p % user %: N

Echo Stage 2 is successfully set... OK!

Goto: OK

: OK

Echo congratulations! The Anti-rogue program is successfully set.

@ Pause

Save as wuminger. bat

There is also an xf. bat

@ Echo off

Setlocal

Cls

Color 7

Title anti-Rogue Exit Main Program v1.0

Echo welcome to anti-Rogue Exit Main Program v1.0

Echo by unknown [hackbase]

Input the current user name for echo.

?? Set/p user =

If {% user % }={} echo, enter the current user name! | Exit

Cacls % systemroot %/p % user %: F

Cacls % systemroot %/system32/p % user %: F

Echo anti-rogue program exited successfully

@ Pause

Then we add it to the startup Item (see below for details)

 

Run regedit, open the registry, and find

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun

Create a new string

 

Screen. width * 0.7) {this. resized = true; this. width = screen. width * 0.7; this. alt = Click here to open new window;} "border = 0>

Then point the path to our wuminger. bat my wuminger. bat in the C root directory.

 

Screen. width * 0.7) {this. resized = true; this. width = screen. width * 0.7; this. alt = Click here to open new window;} "border = 0>

Just edit it.

When we start this time, we can defend against Trojans as prompted.