Wanna Cry Vaccine ~ Ransomware Immunisation

in #technology7 years ago (edited)

hacker647_051417014610.jpg

Hey.. just wanted to make a quick post in case anyone is running a windows box and still needs a patch solution for there windows systems, hope all my fellow brothers and sisters still using Microsoft products decide to make the leap over to the Linux side of the equation, and I think this is a great example of why that should happen...

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskdl.exe]
"Debugger"="taskkill /F /IM "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskse.exe]
"Debugger"="taskkill /F /IM "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wannacry.exe]
"Debugger"="taskkill /F /IM "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mssecsvc.exe]
"Debugger"="taskkill /F /IM "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tasksche.exe]
"Debugger"="taskkill /F /IM "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskhsvc.exe]
"Debugger"="taskkill /F /IM "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wcry.exe]
"Debugger"="taskkill /F /IM "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\111.exe]
"Debugger"="taskkill /F /IM "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lhdfrgui.exe]
"Debugger"="taskkill /F /IM "

Here is the source

#video #tutorials #windows #microsoft
7 years ago in #technology by
$0.00
    4 votes
    Reply 3
    Sort:  
  • Trending
    • [-]
     7 years ago  

    Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:
    http://stackoverflow.com/questions/2984846/set-image-file-execution-options-will-always-open-the-named-exe-file-as-defaul

    [-]
     7 years ago  

    Is it really that simple?

    [-]
     7 years ago (edited) 

    All this patch will do is help kill processes with the names set forth in the registry entries.. I would highly recommend reading the the article to understand the finer details of applying the patch.. but from what I was reading on github, it looks like a pretty straight forward solution..