在 Internet Explorer 中阻止域的技术
一台旧的 Windows XP Pro (SP3) 工作站上有病毒,我们被要求处理该工作站,该工作站已关闭一年多了。我们能够清理它(Malware Bytes、SpyBot、Symantec 等),至少我们是这么认为的。
嗅探集线器上的流量不会透露任何信息,因此病毒似乎确实处于休眠状态和/或已被删除,工作站也没有出现任何其他症状,除了无法浏览 *.microsoft.com、symantec.com 等。仍然来自 Internet Explorer。
除了常见的可疑情况(IE 中的代理设置更改、主机文件等)之外,您还可以在哪里限制 Internet Explorer 的访问?似乎没有加载任何附加组件,我们也看不到任何恶意进程正在运行。
注意:我们不是在寻找另一个可以运行的工具(即combofix),而是在寻找有关如何/在何处实施这些限制的技术细节。即挂钩到 TCP/IP 堆栈、注册表项等。
Had a virus on an old Windows XP Pro (SP3) workstation we were given to dispose of that had been powered down for over a year. We were able to clean it up (Malware Bytes, SpyBot, Symantec, etc.), or so we thought.
Sniffing traffic on a hub doesn't reveal anything so it appears that the virus is indeed dormant and/or removed, nor is the workstation experiencing any other symptoms except that you cannot browse to *.microsoft.com, symantec.com, etc. from within Internet Explorer still.
Outside of the usual suspects -- proxy settings change in IE, hosts files, etc. -- where else could you restrict access with Internet Explorer? There doesn't appear to be any add-ons loaded, nor can we see any rogue processes running.
NOTE: we're not looking for another tool to run (i.e. combofix), but technical details on how/where these restrictions are implemented. i.e. hooks into the TCP/IP stack, registry keys, etc.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
如果您想要一个中央配置点,您还可以使用内部 DNS 服务器来错误解析域。它的工作原理与
hosts
文件类似,但它是集中式的。If you want a central configuration point, you could also use your internal DNS server to mis-resolve domains. This works just like the
hosts
file, but it's centralized.