Aegis Posted March 15, 2005 Share Posted March 15, 2005 One might not be able to go as far as calling it an antivirus, but there is a hidden virus-blocking mechanism included with Windows. Using the registry, one can block certain file names. And just as it turns out, most viruses have a certain definite name that can be blocked using this method. Just go to the Symantec site and add all virus filenames from the threat pages to the registry. The keys are:[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]"DisallowRun"=dword:00000001[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun]"1"="virus1.exe""2"="virus2.exe""3"="virus3.exe"And so on...Although I have yet to find a virus that does not have a definite filename. One of the disadvantages of this approach is that if a virus were to have the same filename as a system file, then you cannot block the filename. I have created a sample file that blocks some of the current viruses. To use it, copy this to notepad and save as filename.reg and run it.Windows Registry Editor Version 5.00[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]"DisallowRun"=dword:00000001[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun]"1"="toosexy.pif""2"="x.exe""3"="xx.exe""4"="winnett.exe""5"="scvhost.exe""6"="cpu.dll""7"="csrss.dat""8"="csrss.ini""9"="csrss.lnk""10"="Readme.txt.exe""11"="daemon.exe""12"="Infect.drv""13"="Infectate.reg""14"="Muerte.drv""15"="daemon2.exe" Link to comment Share on other sites More sharing options...
matrix0978 Posted March 15, 2005 Share Posted March 15, 2005 but if you use this now, wouldnt it block those system files like scvhost.exe from running which is need for Windows to run? Link to comment Share on other sites More sharing options...
MCT Posted March 15, 2005 Share Posted March 15, 2005 does the firewall have 2 be installed/active for this 2 work? sounds interesting.. Link to comment Share on other sites More sharing options...
Aegis Posted March 16, 2005 Author Share Posted March 16, 2005 Seems that matrix0978 has fallen for a classic virus trick. The file that he is referring to his svchost.exe, not scvhost.exe. And no firewall is needed. Link to comment Share on other sites More sharing options...
webyourbusiness Posted March 17, 2005 Share Posted March 17, 2005 Seems that matrix0978 has fallen for a classic virus trick. The file that he is referring to his svchost.exe, not scvhost.exe. And no firewall is needed.<{POST_SNAPBACK}>classic indeed - you read what you expect to read - I do it at least 50% of time, probably a lot more; and I'm aware of the problem!! Link to comment Share on other sites More sharing options...
jondercik Posted March 21, 2005 Share Posted March 21, 2005 You can also do with with GPOs with a Windows 2003 domain. It falls under software restriction policies. You can also do this for older OS's using SMS. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now