2015年1月9日 星期五

解除 Zipfldr.dll 預防感染的小招?

regsvr32 /u zipfldr.dll

以前這招,可以防止病毒漫無目的的攻擊 zip 文件,也就不會莫名其妙就中毒了。

情節:以前很多病毒,根據感染壓縮文件,來擴散感染,因此?必須要禁止讀取 zip 文件,來避免遭到中毒;因此?一些人會將 微軟預設的 zip load File 功能取消。




現在?搞起來就比較複雜了


這兩指令?無效..........

regsvr32 /u c:\windows\System32\zipfldr.dll
regsvr32 /u c:\windows\SysWOW64\zipfldr.dll


只能開 REGEDIT 去解除功能項

{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}
{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}


-------------------------------------------------------------------------------------
cpoy 複製貼入到純文字檔案,修改檔名為 reg 點兩下就生效,如果想恢復?去 copy 下面的備份文件,一樣是貼入純文字檔,再改成 .reg 點兩下。

Windows Registry Editor Version 5.00

[-HKEY_CLASSES_ROOT\CLSID\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}]
[-HKEY_CLASSES_ROOT\CLSID\{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}]

-------------------------------------------------------------------------------------


國外一些知名網站的解說

http://codesociety.com/2009/07/27/disable-zip-folders-in-windows-7-vista-xp/





資安最大的問題是,大家認為很安全............其實不然............





---------------------------------------------------------------------------------------------

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}]
@="CompressedFolder"

[HKEY_CLASSES_ROOT\CLSID\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}\DefaultIcon]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,7a,00,69,00,\
  70,00,66,00,6c,00,64,00,72,00,2e,00,64,00,6c,00,6c,00,00,00

[HKEY_CLASSES_ROOT\CLSID\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}\Implemented Categories]

[HKEY_CLASSES_ROOT\CLSID\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}\Implemented Categories\{00021490-0000-0000-C000-000000000046}]
@=hex(0):

[HKEY_CLASSES_ROOT\CLSID\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}\InProcServer32]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,7a,00,69,00,\
  70,00,66,00,6c,00,64,00,72,00,2e,00,64,00,6c,00,6c,00,00,00
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}\ProgID]
@="CompressedFolder"

[HKEY_CLASSES_ROOT\CLSID\{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}\ShellFolder]
"Attributes"=dword:200001a0
"UseDropHandler"=""

---------------------------------------------------------------------------------------------

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}]
@="Cabinet Shell Folder"

[HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}\Implemented Categories]

[HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}\Implemented Categories\{00021490-0000-0000-C000-000000000046}]

[HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}\InProcServer32]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
  00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,63,00,61,00,\
  62,00,76,00,69,00,65,00,77,00,2e,00,64,00,6c,00,6c,00,00,00
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}\ShellFolder]
"Attributes"=dword:680001a0

---------------------------------------------------------------------------------------------

沒有留言:

張貼留言

年度專案議題

  • 電子信號調適現象 - 一個簡單的【喇叭聲音】調適電路,用途上?不!觀念上符合所有【電子機構】的電路迴圈概念。 黃線 = 信號 紅線 = 火線 黑線 = 輸出 想增加音量就從電池著手 想改善音質就要注意【線路材質、IC效果】,當然?也可能是喇叭無法輸出過大的功率。 這樣的簡單電路,卻恰好足以描繪大多數電路配置觀念。 當 I...
    2 週前