勒索病毒防护脚本,一键关闭高危端口和服务

admin 2021年7月27日02:40:43评论149 views字数 3446阅读11分29秒阅读模式

勒索病毒防护脚本,一键关闭高危端口和服务


%1 mshta vbscript:CreateObject("Shell.Application").ShellExecute("cmd.exe","/c %~s0 ::","","runas",1)(window.close)&&exitecho.@echo offcolor 1fecho.chcp 65001echo.title 您正在使用一键关闭危险端口和服务 by Mannixecho.echo 您正在使用一键关闭危险端口和服务echo.echo 正在帮您关闭这些危险端口,请稍等echo.echo 正在开启Windows防火墙服务echo.net start MpsSvcecho.echo 正在帮您开启Windows防火墙自启动echo.sc config MpsSvc start= autoecho.echo 正在启用防火墙echo.netsh advfirewall set allprofiles state onecho.
echo 正在帮您关闭端口....echo.echo.echo.
echo 正在关闭 135 端口 请稍候…netsh advfirewall firewall delete rule name = "Disable port 135 - TCP"netsh advfirewall firewall add rule name = "Disable port 135 - TCP" dir = in action = block protocol = TCP localport = 135echo.netsh advfirewall firewall delete rule name = "Disable port 135 - UDP"netsh advfirewall firewall add rule name = "Disable port 135 - UDP" dir = in action = block protocol = UDP localport = 135echo.
echo 正在关闭 137 端口 请稍候…netsh advfirewall firewall delete rule name = "Disable port 137 - TCP"netsh advfirewall firewall add rule name = "Disable port 137 - TCP" dir = in action = block protocol = TCP localport = 137echo.netsh advfirewall firewall delete rule name = "Disable port 137 - UDP"netsh advfirewall firewall add rule name = "Disable port 137 - UDP" dir = in action = block protocol = UDP localport = 137echo.
echo 正在关闭 138 端口 请稍候…netsh advfirewall firewall delete rule name = "Disable port 138 - TCP"netsh advfirewall firewall add rule name = "Disable port 138 - TCP" dir = in action = block protocol = TCP localport = 138echo.netsh advfirewall firewall delete rule name = "Disable port 138 - UDP"netsh advfirewall firewall add rule name = "Disable port 138 - UDP" dir = in action = block protocol = UDP localport = 138echo.
echo 正在关闭 139 端口 请稍候…netsh advfirewall firewall delete rule name = "Disable port 139 - TCP"netsh advfirewall firewall add rule name = "Disable port 139 - TCP" dir = in action = block protocol = TCP localport = 139echo.netsh advfirewall firewall delete rule name = "Disable port 139 - UDP"netsh advfirewall firewall add rule name = "Disable port 139 - UDP" dir = in action = block protocol = UDP localport = 139echo.
echo 正在关闭 445 端口 请稍候…netsh advfirewall firewall delete rule name = "Disable port 445 - TCP"netsh advfirewall firewall add rule name = "Disable port 445 - TCP" dir = in action = block protocol = TCP localport = 445echo.netsh advfirewall firewall delete rule name = "Disable port 445 - UDP"netsh advfirewall firewall add rule name = "Disable port 445 - UDP" dir = in action = block protocol = UDP localport = 445echo.
echo 正在关闭 3389 端口 请稍候…netsh advfirewall firewall delete rule name = "Disable port 3389 - TCP"netsh advfirewall firewall add rule name = "Disable port 3389 - TCP" dir = in action = block protocol = TCP localport = 445echo.netsh advfirewall firewall delete rule name = "Disable port 3389 - UDP"netsh advfirewall firewall add rule name = "Disable port 3389 - UDP" dir = in action = block protocol = UDP localport = 445echo.
echo 危险端口已经用Windows防火墙关闭成功
echo.echo ----------------echo 正在关闭 Workstation(LanmanWorkstation)服务sc stop LanmanWorkstationsc config LanmanWorkstation start= disabled
echo.echo ----------------echo 正在关闭 Server(LanmanServer)服务sc stop LanmanServersc config LanmanServer start= disabled
echo.echo ----------------echo 正在关闭 TCP/IP NetBIOS Helper(lmhosts)共享服务sc stop lmhostssc config lmhosts start= disabled
echo.echo ----------------echo 正在关闭 Distributed Transaction Coordinator(MSDTC)共享服务sc stop MSDTCsc config MSDTC start= disabled
echo.echo ----------------echo 正在关闭 NetBT 服务sc stop NetBTsc config NetBT start= disabled
echo.echo ----------------reg add "hklmSystemCurrentControlSetServicesNetBTParameters" /v "SMBDeviceEnabled" /t reg_dword /d "0" /freg add "hklmSOFTWAREMicrosoftOle" /v "EnableDCOM" /t reg_sz /d "N" /freg add "hklmSOFTWAREMicrosoftRpc" /v "DCOM Protocols" /t reg_multi_sz /d "" /f
echo.echo ----------------echo 恭喜您,危险端口已经关闭,请重新启动电脑后用 netstat -an 查看本地端口
echo 按任意键退出pause>nul


本文始发于微信公众号(利刃信安):勒索病毒防护脚本,一键关闭高危端口和服务

  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2021年7月27日02:40:43
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   勒索病毒防护脚本,一键关闭高危端口和服务http://cn-sec.com/archives/393534.html

发表评论

匿名网友 填写信息