勒索病毒防护脚本,一键关闭高危端口和服务
%1 mshta vbscript:CreateObject('Shell.Application').ShellExecute('cmd.exe','/c %~s0 ::','','runas',1)(window.close)&&exitecho.@echo offcolor 1fecho.chcp 65001echo.title 您正在使用一键关闭危险端口和服务 by Mannixecho.echo 您正在使用一键关闭危险端口和服务echo.echo 正在帮您关闭这些危险端口,请稍等echo.echo 正在开启Windows防火墙服务echo.net start MpsSvcecho.echo 正在帮您开启Windows防火墙自启动echo.sc config MpsSvc start= autoecho.echo 正在启用防火墙echo.netsh advfirewall set allprofiles state onecho.
echo 正在帮您关闭端口....echo.echo.echo.
echo 正在关闭 135 端口 请稍候…netsh advfirewall firewall delete rule name = 'Disable port 135 - TCP'netsh advfirewall firewall add rule name = 'Disable port 135 - TCP' dir = in action = block protocol = TCP localport = 135echo.netsh advfirewall firewall delete rule name = 'Disable port 135 - UDP'netsh advfirewall firewall add rule name = 'Disable port 135 - UDP' dir = in action = block protocol = UDP localport = 135echo.
echo 正在关闭 137 端口 请稍候…netsh advfirewall firewall delete rule name = 'Disable port 137 - TCP'netsh advfirewall firewall add rule name = 'Disable port 137 - TCP' dir = in action = block protocol = TCP localport = 137echo.netsh advfirewall firewall delete rule name = 'Disable port 137 - UDP'netsh advfirewall firewall add rule name = 'Disable port 137 - UDP' dir = in action = block protocol = UDP localport = 137echo.
echo 正在关闭 138 端口 请稍候…netsh advfirewall firewall delete rule name = 'Disable port 138 - TCP'netsh advfirewall firewall add rule name = 'Disable port 138 - TCP' dir = in action = block protocol = TCP localport = 138echo.netsh advfirewall firewall delete rule name = 'Disable port 138 - UDP'netsh advfirewall firewall add rule name = 'Disable port 138 - UDP' dir = in action = block protocol = UDP localport = 138echo.
echo 正在关闭 139 端口 请稍候…netsh advfirewall firewall delete rule name = 'Disable port 139 - TCP'netsh advfirewall firewall add rule name = 'Disable port 139 - TCP' dir = in action = block protocol = TCP localport = 139echo.netsh advfirewall firewall delete rule name = 'Disable port 139 - UDP'netsh advfirewall firewall add rule name = 'Disable port 139 - UDP' dir = in action = block protocol = UDP localport = 139echo.
echo 正在关闭 445 端口 请稍候…netsh advfirewall firewall delete rule name = 'Disable port 445 - TCP'netsh advfirewall firewall add rule name = 'Disable port 445 - TCP' dir = in action = block protocol = TCP localport = 445echo.netsh advfirewall firewall delete rule name = 'Disable port 445 - UDP'netsh advfirewall firewall add rule name = 'Disable port 445 - UDP' dir = in action = block protocol = UDP localport = 445echo.
echo 正在关闭 3389 端口 请稍候…netsh advfirewall firewall delete rule name = 'Disable port 3389 - TCP'netsh advfirewall firewall add rule name = 'Disable port 3389 - TCP' dir = in action = block protocol = TCP localport = 445echo.netsh advfirewall firewall delete rule name = 'Disable port 3389 - UDP'netsh advfirewall firewall add rule name = 'Disable port 3389 - UDP' dir = in action = block protocol = UDP localport = 445echo.
echo 危险端口已经用Windows防火墙关闭成功
echo.echo ----------------echo 正在关闭 Workstation(LanmanWorkstation)服务sc stop LanmanWorkstationsc config LanmanWorkstation start= disabled
echo.echo ----------------echo 正在关闭 Server(LanmanServer)服务sc stop LanmanServersc config LanmanServer start= disabled
echo.echo ----------------echo 正在关闭 TCP/IP NetBIOS Helper(lmhosts)共享服务sc stop lmhostssc config lmhosts start= disabled
echo.echo ----------------echo 正在关闭 Distributed Transaction Coordinator(MSDTC)共享服务sc stop MSDTCsc config MSDTC start= disabled
echo.echo ----------------echo 正在关闭 NetBT 服务sc stop NetBTsc config NetBT start= disabled
echo.echo ----------------reg add 'hklm\System\CurrentControlSet\Services\NetBT\Parameters' /v 'SMBDeviceEnabled' /t reg_dword /d '0' /freg add 'hklm\SOFTWARE\Microsoft\Ole' /v 'EnableDCOM' /t reg_sz /d 'N' /freg add 'hklm\SOFTWARE\Microsoft\Rpc' /v 'DCOM Protocols' /t reg_multi_sz /d '' /f
echo.echo ----------------echo 恭喜您,危险端口已经关闭,请重新启动电脑后用 netstat -an 查看本地端口
echo 按任意键退出pause>nul 赞 (0)