注：转载自程序员日志

 

第一步：制作免疫补丁（P处理内容）
echo > c:windowsLogo1.exe
echo > c:windowsLogo_1.exe
echo > c:windowsLogo1_1.exe
echo > c:windowsLogo1_.exe
echo > c:windowsSy.exe
echo > c:windows1Sy.exe
echo > c:windows2Sy.exe
echo > c:windows3Sy.exe
echo > c:windows4Sy.exe
echo > c:windows5Sy.exe
echo > c:windows6Sy.exe
echo > c:windows7Sy.exe
echo > c:windows8Sy.exe
echo > c:windows9Sy.exe
echo > c:windows1.com
echo > c:windowsrundll32.exe
echo > c:windowsrundl132.exe
echo > c:windowsvDll.dll
echo > c:window***erouter.exe
echo > c:window***P10RER.com
echo > c:windowsfinders.com
echo > c:windowsShell.sys
echo > c:windowssms*.**e
echo > c:windowskill.exe
echo > c:windowssws.dll
echo > c:windowssws32.dll
echo > c:windowstool.exe
echo > c:windowstool2005.exe
echo > c:windowstool2006.exe
echo > c:windowstool*.**e
echo > c:windowsfinder*.**e

attrib c:windowsLogo1.exe +s +r +h
attrib c:windowsLogo_1.exe +s +r +h
attrib c:windowsLogo1_1.exe +s +r +h
attrib c:windowsLogo1_.exe +s +r +h
attrib c:windowsSy.exe +s +r +h
attrib c:windows1Sy.exe +s +r +h
attrib c:windows2Sy.exe +s +r +h
attrib c:windows3Sy.exe +s +r +h
attrib c:windows4Sy.exe +s +r +h
attrib c:windows5Sy.exe +s +r +h
attrib c:windows6Sy.exe +s +r +h
attrib c:windows7Sy.exe +s +r +h
attrib c:windows8Sy.exe +s +r +h
attrib c:windows9Sy.exe +s +r +h
attrib c:windows1.com +s +r +h
attrib c:windowsrundl132.exe +s +r +h
attrib c:windowsrundll32.exe +s +r +h
attrib c:windowsvDll.dll +s +r +h
attrib c:window***erouter.exe +s +r +h
attrib c:window***P10RER.com +s +r +h
attrib c:windowsfinders.com +s +r +h
attrib c:windowsShell.sys +s +r +h
attrib c:windowssms*.**e +s +r +h
attrib c:windowskill.exe +s +r +h
attrib c:windowssws.dll +s +r +h
attrib c:windowssws32.dll +s +r +h
attrib c:windowstool.exe +s +r +h
attrib c:windowstool2005.exe +s +r +h
attrib c:windowstool2006.exe +s +r +h
attrib c:windowstool*.**e +s +r +h
attrib c:windowsfinder*.**e +s +r +h

==================================================================

第二步：巩固免疫补丁，禁止免疫补丁运行。（注册表内容）
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionGroup Policy Objects本地

UserSoftwareMicrosoftWindowsCurrentVersionPolicie* **plorerDisallowRun]
"**delvals."=" "
"1"="Logo1.exe"
"2"="Logo_1.exe"
"3"="Logo1_1.exe"
"4"="Logo1_.exe"
"5"="0Sy.exe"
"6"="1Sy.exe"
"7"="2Sy.exe"
"8"="3Sy.exe"
"9"="4Sy.exe"
"10"="5Sy.exe"
"11"="6Sy.exe"
"12"="7Sy.exe"
"13"="8Sy.exe"
"14"="9Sy.exe"
"15"="1.com"
"16"="rundll32.exe"
"17"="rundl132.exe"
"18"="vDll.dll"
"19"="exerouter.exe"
"20"="EXP10RER.com"
"21"="finders.com"
"22"="Shell.sys"
"23"="sms*.**e"
"24"="kill.exe"
"25"="sws.dll"
"26"="sws32.dll"
"27"="tool.exe"
"28"="tool2005.exe"
"29"="tool2006.exe"
"30"="tool*.**e"
"31"="finder*.**e"

===============================================

第三步，加强系统自身安全性（P处理内容）
@echo off
echo 程序运行中......
echo y|cacls e: /p everyone:r
echo y|cacls f: /p everyone:r

（P处理内容说明：禁止在E盘，F盘跟目录下创建任何文件及文件夹）

===========================================================

第四步：增强文件权限安全，防止病毒感染（P处理内容）
e:
cd e:netgames
cacl* *.**e /t /e /g /everyone:r
cacl* *.**e /t /e /p /everyone:r
cacls *.dll /t /e /g /everyone:r
cacls *.dll /t /e /p /everyone:r

（P处理内容说明：该批处理会把e:netgame*文件夹下所有的**e和dll文件属性设为只读,同步更新软件会复制文件的只读属性，文件在只读状态下无法修改和保存,但不影响更新和删除（服务器上也必须做这一步）

附：有人问了，用了第三步，那管理员要在其盘符下创建文件夹怎么办？不用着急，运行下面的P处理就解决了。

@echo off
echo 程序运行中......
echo y|cacls e: /g everyone:f
echo y|cacls f: /g everyone:f