NewEraCracker/antiNSA.bat

## antiNSA.bat
@REM
@REM        Absolute Computrace/Lojack/BeeInject Disabler
@REM
@REM           Works around the Ring -3 Bootkit part of
@REM                NSA/TAO and CIA/IOC Framework
@REM
@REM   This tool will backup original Computrace/Lojack files,
@REM  disable the services and then add dummy read-only copies.
@REM
@REM       Edited to strengthen protection against removal
@REM
@REM                      Date: Dec 17th 2018
@REM                    Author: Jorge Oliveira
@REM                   License: Public Domain
@REM
@REM       No warranties or guarantees express or implied.
@REM
for %%e in (rpcnet.exe rpcnetp.exe) do taskkill /im "%%e" /f /t
for %%s in (rpcnet rpcnetp) do sc config "%%s" start= disabled
for %%w in (%windir%\system32 %windir%\sysnative %windir%\syswow64) do (
	for %%f in (rpcnet.exe rpcnetp.exe) do (
		if exist "%%w\%%f" (
			icacls "%%w\%%f" /reset
			attrib -R "%%w\%%f"
			if not exist "%%w\%%f.bak" move "%%w\%%f" "%%w\%%f.bak"
			echo. 1>nul 2>"%%w\%%f"
			attrib +R "%%w\%%f"
			icacls "%%w\%%f" /deny SYSTEM:^(GR,GW,GE,GA^)
		)
	)
	for %%f in (rpcnet.dll rpcnetp.dll) do (
		if exist "%%w\%%f" (
			icacls "%%w\%%f" /reset
			attrib -R "%%w\%%f"
			if exist "%%w\%%f.bak" del "%%w\%%f"
			if not exist "%%w\%%f.bak" move "%%w\%%f" "%%w\%%f.bak"
		)
	)
	if exist "%%w\drivers\etc\hosts" (
		findstr /L /I "search.dnssearch.org" "%%w\drivers\etc\hosts">nul
		if errorlevel 1 (
			echo.>>"%%w\drivers\etc\hosts"
			echo 0.0.0.0   search.dnssearch.org search.namequery.com>>"%%w\drivers\etc\hosts"
		)
	)
)
	@REM
	@REM Absolute Computrace/Lojack/BeeInject Disabler
	@REM
	@REM Works around the Ring -3 Bootkit part of
	@REM NSA/TAO and CIA/IOC Framework
	@REM
	@REM This tool will backup original Computrace/Lojack files,
	@REM disable the services and then add dummy read-only copies.
	@REM
	@REM Edited to strengthen protection against removal
	@REM
	@REM Date: Dec 17th 2018
	@REM Author: Jorge Oliveira
	@REM License: Public Domain
	@REM
	@REM No warranties or guarantees express or implied.
	@REM
	for %%e in (rpcnet.exe rpcnetp.exe) do taskkill /im "%%e" /f /t
	for %%s in (rpcnet rpcnetp) do sc config "%%s" start= disabled
	for %%w in (%windir%\system32 %windir%\sysnative %windir%\syswow64) do (
	for %%f in (rpcnet.exe rpcnetp.exe) do (
	if exist "%%w\%%f" (
	icacls "%%w\%%f" /reset
	attrib -R "%%w\%%f"
	if not exist "%%w\%%f.bak" move "%%w\%%f" "%%w\%%f.bak"
	echo. 1>nul 2>"%%w\%%f"
	attrib +R "%%w\%%f"
	icacls "%%w\%%f" /deny SYSTEM:^(GR,GW,GE,GA^)
	)
	)
	for %%f in (rpcnet.dll rpcnetp.dll) do (
	if exist "%%w\%%f" (
	icacls "%%w\%%f" /reset
	attrib -R "%%w\%%f"
	if exist "%%w\%%f.bak" del "%%w\%%f"
	if not exist "%%w\%%f.bak" move "%%w\%%f" "%%w\%%f.bak"
	)
	)
	if exist "%%w\drivers\etc\hosts" (
	findstr /L /I "search.dnssearch.org" "%%w\drivers\etc\hosts">nul
	if errorlevel 1 (
	echo.>>"%%w\drivers\etc\hosts"
	echo 0.0.0.0 search.dnssearch.org search.namequery.com>>"%%w\drivers\etc\hosts"
	)
	)
	)