Lanmz - Форум Гиков - Показать сообщение отдельно - Борьба с вирусами на съемных носителях (autorun.inf)

**Ivan_83** · 22.04.2008, 20:06

НЕ КАШЕРНО!!!!!!!!!!!!!!!!!!!!!!!!!!

Цитата:


	REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\Explorer] "NoDriveTypeAutoRun"=dword:000000ff ;запретить автоматический запуск на всех дисках [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\Explorer] "NoDriveTypeAutoRun"=dword:000000ff ;откл автозапуск на всех дисках [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Policies\Explorer] "NoDriveTypeAutoRun"=dword:000000ff ;откл автозапуск на всех дисках [-HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\MountPoints2] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=dword:00000001 [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\usbmon] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\Print\Monitors\USB Monitor] "Driver"="usbmon.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Pr int\Monitors\USB Monitor] "Driver"="usbmon.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Pr int\Monitors\USB Monitor] "Driver"="usbmon.dll" [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adam.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EGHOST.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmo.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kabaload.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvDetect.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP.kxp] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MagicSet.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmsk.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.com] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NOD32.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFWLiveUpdate.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctor.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ras.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMon.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.com] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep.exe] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREng.EXE] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.kxp] [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WoptiClean.exe]

Вообще, на предприятиях оно через ГП в домене отключается, это так, для дома-частников-одиночек.

Добавлено через 4 минуты
А ещё, в конторах, где нет необходимости/возможности ставить антивирь, можно в домене такой логон скрипт сделать:

Цитата:


	@echo off cls echo Autorun automatic cleaner - now working attrib -r -s -h -a %windir%\system32\usbmons.dll >nul 2>nul del %windir%\system32\usbmons.dll /s /q /f >nul 2>nul echo Deleting autorun.inf from all drives for %%a in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do ( if exist %%a:\autorun.inf echo %%a:\Autorun.inf attrib -r -s -h -a %%a:\autorun.inf >nul 2>nul&del %%a:\autorun.inf /f /q >nul 2>nul ) echo Cleaning Recycled/Recycler for %%a in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) do ( for %%b in (EXE COM PIF BAT CMD LNK) do ( attrib -r -s -h -a %%a:\RECYCLER\.%%b /s >nul 2>nul&attrib -r -s -h -a %%a:\RECYCLED\.%%b /s >nul 2>nul del %%a:\recycler\.%%b /s /q /f >nul 2>nul&del %%a:\recycled\.%%b /s /q /f >nul 2>nul ) ) attrib -r -s -h -a c:\found.??? /S /D >nul 2>nul del c:\found.???\. /s /q /f >nul 2>nul rd c:\found.??? >nul 2>nul

Строчку с юзбимонсом можно убрать, если безправные.
И при каждом логоне оно будет вычищать все диски.