1. Этот сайт использует файлы cookie. Продолжая пользоваться данным сайтом, Вы соглашаетесь на использование нами Ваших файлов cookie. Узнать больше.
Приветствуем вас,Гость, на форуме IFUD.WS. Обязательно рекомендуется к прочтению правила форума http://ifud.ws/threads/obnovleno-pravila-foruma.7759

IFEO Tool - Block malicious EXEs from running in your machine

Тема в разделе "Наш Софт", создана пользователем nocd, 25 май 2019.

  1. TopicStarter Overlay
    nocd

    nocd

    Регистрация:
    6 ноя 2016
    Сообщения:
    292
    Симпатии:
    49
    IFEO Tool is a simple batch file that adds or removes registry keys from Image File Execution Options (IFEO). This tool was developed to make more easier the proccess of blocking unknown trojan, virus or worms by simply adding the EXE to the list of IFEO with a dummy file execution.

    The problem!
    A user is using the computer and notice a increase of CPU usage or suddently the computer start running slow. The logic step for the user is view the Task Manager or Process Explorer and find which processes are causing this. The user then tries to close them but they keep re-opening or simply they don't close and the user antivirus does nothing.

    The solution!
    Execute the IFEO Tool batch file with admin privileges, write the process name + extension and restart the computer. After reboot go to the EXE location and delete it.

    Limitation
    It isn't possible to block EXEs with similar names to system files (For example: svchost.exe). Doing this will lock the computer and it will require a rollback or reinstalation of Windows.

    Download:
    Войти или зарегистрироваться, чтобы увидеть ссылку.

    Source
    Код:
    @echo off
    @title IFEO Tool
    :start
    echo .....................................................
    echo .                   IFEO Tool                       .
    echo .                                                   .
    echo .      Block EXEs from running in the machine       .
    echo .                                                   .
    echo .  (This program requires admin privileges to run)  .
    echo .....................................................
    echo (1) Add registry key                                .
    echo (2) Remove registry key                             .
    echo .....................................................
    set /p choice=Choose what you like to do (1/2) : 
    if "%choice%"=="1" goto 1
    if "%choice%"=="2" goto 2
    cls
    goto start
    :1
    cls
    echo .....................................................
    echo .                   IFEO Tool                       .
    echo .                                                   .
    echo .      Block EXEs from running in the machine       .
    echo .                                                   .
    echo .  (This program requires admin privileges to run)  .
    echo .....................................................
    set /p id1="Write EXE: "
    reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\%id1%" /v Debugger /t REG_SZ /d "ntsd -d" /f
    pause
    cls
    goto start
    :2
    cls
    echo .....................................................
    echo .                   IFEO Tool                       .
    echo .                                                   .
    echo .      Block EXEs from running in the machine       .
    echo .                                                   .
    echo .  (This program requires admin privileges to run)  .
    echo .....................................................
    set /p id1="Write EXE: "
    reg delete "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\%id1%" /f
    pause
    cls
    goto start
    
     
    Метки:

Поделиться этой страницей

Загрузка...