序言:昨天玩游戏时使用辅助脚本,但是在打开后会自动下载2345压缩软件安装包,让人纠结。
以下如何避免恶意脚本自动下载流氓软件:主要通过更改hosts文件
下载辅助脚本 http://www.lanzous.com/u/609428933?t将其命名为1.exe
使用strings(LINUX软件)查找静态字符串
$ strings 1.exe | grep ‘http.*://‘
http://pan.lanzou.com/p/609428933?t
http://www.520cxzm.com/fz/fz.html
http://www.520cxzm.com/
http://www.520cxzm.com/down/cx.html
http://www.520cxzm.com/buy/
https://jq.qq.com/?_wv=1027&k=5pfEFY1
http://web.3366.com/meishi/
http://my.4399.com/yxmsdzls/
http://pan.lanzou.com/u/609428933
http://www.kelepan.com/space_fenghuo_4825.html
http://pan.baidu.com/s/1bn3YBGN
%http://www.globalsign.net/repository/03
"http://crl.globalsign.net/root.crl0
&https://www.globalsign.com/repository/03
"http://crl.globalsign.net/root.crl0
+http://crl.globalsign.net/Timestamping1.crl0
%http://www.globalsign.net/repository/0
&https://www.globalsign.com/repository/0
-http://crl.globalsign.com/gs/gscodesigng2.crl0
4http://secure.globalsign.com/cacert/gscodesigng2.crt04
(http://ocsp2.globalsign.com/gscodesigng20
http://www.233zm.com/bbyz.html
http://www.chinadiary.com/blog-50895-809236.htm
http://www.lanzous.com/u/609428933?t
http://xiazai.zol.com.cn/detail/15/149406.shtml
http://wpa.qq.com/msgrd?v=3&uin=294712662&site=qq&menu=yes
http://www.520cxzm.com/zx/12.html
http://my.4399.com/yxwmpy/play-sid-1-site-2_1-ref-news-channel-news-randsj-0.46407446218654513
http://www.233zm.com/cx.html#
" "http://dh.4399fx.com/#id"
https://jifendownload.2345.cn/jifen_2345/p8_k66279710_v2.0.exe
http://dh-cfg.liuxue789.cn/dh.jb
https://
http://
http://rj.baidu.com/soft/detail/17153.html?ald,
http://
其中有一个https://jifendownload.2345.cn/jifen_2345/p8_k66279710_v2.0.exe很明显就是2345压缩包地址了
修改windows的hosts文件,增加
127.0.0.1 jifendownload.2345.cn
现在就不会再下载了
原文:https://www.cnblogs.com/nsfoxer/p/12917839.html