Skip to content

Instantly share code, notes, and snippets.

@ArtikusHG
Forked from ujeenator/stop-petya.bat
Last active June 29, 2017 06:23
Show Gist options
  • Save ArtikusHG/e039876634cfb60ae801373280868f5b to your computer and use it in GitHub Desktop.
Save ArtikusHG/e039876634cfb60ae801373280868f5b to your computer and use it in GitHub Desktop.
A simple batch script to stop the petya ransomware from encrypting files.
@echo off
cls
color 02
echo Welcome to StoPetya!
echo Please make sure you're running this script with admin rights.
echo Press any key to fix the petya ransomware...
pause >NUL
color 04
cls
echo Deleting fies...
del %WINDIR%\perfc.* /f >NUL
timeout 1 >NUL
color 02
cls
echo Creating files...
echo > %WINDIR%\perfc
echo > %WINDIR%\perfc.dat
echo > %WINDIR%\perfc.dll
timeout 1 >NUL
cls
echo Finishing...
attrib +R %WINDIR%\perfc.* >NUL
timeout 1 >NUL
echo Done! Enjoy your protected PC :)
timeout 2 >NUL
start /b "" cmd /c del "%~f0"&exit /b
@ArtikusHG
Copy link
Author

ArtikusHG commented Jun 28, 2017

StoPetya - more user-friendly fork of stop-petya.bat.

Petya is a new version of the petya ransomwre which was noticed in march 2016.
Al what this script does, is the following:

  1. Create C:/Windows/perfc
  2. Create C:/Windows/perfc.dat
  3. Create C:/Windows/perfc.dll
  4. Change the permissions of all files to read-only.
  5. Delete itself.
    As @0xAmit from twitter noticed, petya seems to stop encrypting your files if it notices that C:/Windows/perfc exists. other researchers, however, noticed that it happens if perfc.dat or perfc.dll exists, and is read-only. So, to be sure, this script creates all these files and sets the permissions of these files to read-only.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment