This repository has been archived by the owner on Dec 3, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 3
/
ransom-prevention.bat
100 lines (90 loc) · 2.68 KB
/
ransom-prevention.bat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
@echo off
:: Inspired by bantya and his gist at https://gist.github.com/bantya/f1796317490cbc8d1264565245488e97
:: Simple way to prevent an infection with Bad Rabbit or Petya/NotPetya
TITLE Ransomware Prevention
Color 0C
SET v=1.0.1
net session>nul 2>&1
if NOT %errorLevel% == 0 (
echo.
echo # You need admin rights for this to work!
echo # Right-click this file and choose "Run as administrator".
echo.
echo # Press any key to exit...
pause>NUL
exit
)
:start
Color 0F
cls
echo.
echo Script for BadRabbit and Petya/NotPetya prevention. Version %v%, 2017.
echo Visit https://github.com/phoenix1747/ransom-prevention/ for updates.
echo.
echo.
echo # This will create some files so that Bad Rabbit or Petya/NotPetya will be
echo # prevented from installing on this computer.
echo.
echo.
echo.
echo # What do you want to do? You can (i)nstall or (r)emove the needed files.
SET /P ANSWER=# Would you like to continue? (i/r):
if /i %ANSWER%==i goto INSTALL
if /i %ANSWER%==r goto REMOVE
goto unrecog
:INSTALL
:: BadRabbit
echo This is not an empty file. Generated by ransom-prevention.bat > %windir%\cscc.dat
echo This is not an empty file. Generated by ransom-prevention.bat > %windir%\infpub.dat
icacls "%windir%\cscc.dat" /inheritance:r /remove *S-1-5-32-544
icacls "%windir%\infpub.dat" /inheritance:r /remove *S-1-5-32-544
:: Petya and NotPetya
echo This is not an empty file. Generated by ransom-prevention.bat > %windir%\perfc.dll
echo This is not an empty file. Generated by ransom-prevention.bat > %windir%\perfc.dat
echo This is not an empty file. Generated by ransom-prevention.bat > %windir%\perfc
icacls "%windir%\perfc.dll" /inheritance:r /remove *S-1-5-32-544
icacls "%windir%\perfc.dat" /inheritance:r /remove *S-1-5-32-544
icacls "%windir%\perfc" /inheritance:r /remove *S-1-5-32-544
goto FINISHED
:REMOVE
:: BadRabbit
icacls "%windir%\cscc.dat" /grant *S-1-5-32-544:F
icacls "%windir%\infpub.dat" /grant *S-1-5-32-544:F
del %windir%\cscc.dat
del %windir%\infpub.dat
:: Petya and NotPetya
icacls "%windir%\perfc.dll" /grant *S-1-5-32-544:F
icacls "%windir%\perfc.dat" /grant *S-1-5-32-544:F
icacls "%windir%\perfc" /grant *S-1-5-32-544:F
del %windir%\perfc.dll
del %windir%\perfc.dat
del %windir%\perfc
:FINISHED
if errorlevel 1 goto error
COLOR 0A
cls
echo.
echo Done! All processes have completed successfully.
echo.
echo Press any key to exit...
pause>NUL
exit
:error
COLOR 0C
cls
echo.
echo An error occured!
echo Oops, something went wrong! Please check your permissions and try again.
echo.
echo Press any key to exit...
pause>NUL
exit
:unrecog
cls
COLOR 0C
echo.
echo ^>^> Bad usage. You have to use one of the available arguments.
echo.
echo Press any key to restart...
pause>NUL
goto start