[开源]wana decryptor 比特币勒索病毒,自制防御工具原理,开源!
wana decryptor 病毒主要利用 NSA公开漏洞 对 Windows 10以下系列操作系统SMB 445端口进行远程代码执行...
防御方式如下: 使用记事本打开,另存为 关闭445.bat 即可
@color 0a
echo ------------------------------------------------------------------------
echo | |
echo | dewana decrptor |
echo | |
echo | 仅供学习参考,严禁用于商业用途 |
echo | |
echo ------------------------------------------------------------------------
echo | HtTp://www.icefox.org |
echo ------------------------------------------------------------------------rem 关闭智能卡服务
net stop SCardSvr
net stop SCPolicySvc
sc config SCardSvr start= disabled
sc config SCPolicySvc start= disabled
rem 开启服务
net start MpsSvc
rem 开机启动
sc config MpsSvc start= auto
rem 启用防火墙
netsh advfirewall set allprofiles state on
rem 屏蔽端口netsh advfirewall firewall add rule name="block udp 445" dir=in protocol=udp localport=445 action=block
netsh advfirewall firewall add rule name="block tcp 445" dir=in protocol=tcp localport=445 action=block
echo ------------------------------------------------------------------------
echo |防御启动成功!, 如果需要屏蔽其他端口请自行修改请按任意键继续,重启生效|
echo ------------------------------------------------------------------------
::netsh advfirewall firewall add rule name="block udp 137" dir=in protocol=udp localport=137 action=block
::netsh advfirewall firewall add rule name="block tcp 137" dir=in protocol=tcp localport=137 action=block
::netsh advfirewall firewall add rule name="block udp 138" dir=in protocol=udp localport=138 action=block
::netsh advfirewall firewall add rule name="block tcp 138" dir=in protocol=tcp localport=138 action=block
::netsh advfirewall firewall add rule name="block udp 139" dir=in protocol=udp localport=139 action=block
::netsh advfirewall firewall add rule name="block tcp 139" dir=in protocol=tcp localport=139 action=block
pause
