-
-
Save ArtikusHG/e039876634cfb60ae801373280868f5b to your computer and use it in GitHub Desktop.
A simple batch script to stop the petya ransomware from encrypting files.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @echo off | |
| cls | |
| color 02 | |
| echo Welcome to StoPetya! | |
| echo Please make sure you're running this script with admin rights. | |
| echo Press any key to fix the petya ransomware... | |
| pause >NUL | |
| color 04 | |
| cls | |
| echo Deleting fies... | |
| del %WINDIR%\perfc.* /f >NUL | |
| timeout 1 >NUL | |
| color 02 | |
| cls | |
| echo Creating files... | |
| echo > %WINDIR%\perfc | |
| echo > %WINDIR%\perfc.dat | |
| echo > %WINDIR%\perfc.dll | |
| timeout 1 >NUL | |
| cls | |
| echo Finishing... | |
| attrib +R %WINDIR%\perfc.* >NUL | |
| timeout 1 >NUL | |
| echo Done! Enjoy your protected PC :) | |
| timeout 2 >NUL | |
| start /b "" cmd /c del "%~f0"&exit /b |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
StoPetya - more user-friendly fork of stop-petya.bat.
Petya is a new version of the petya ransomwre which was noticed in march 2016.
Al what this script does, is the following:
As @0xAmit from twitter noticed, petya seems to stop encrypting your files if it notices that C:/Windows/perfc exists. other researchers, however, noticed that it happens if perfc.dat or perfc.dll exists, and is read-only. So, to be sure, this script creates all these files and sets the permissions of these files to read-only.