Last active
January 10, 2024 12:30
-
-
Save NewEraCracker/9fc65c356db013bc51a1f1ba389c7100 to your computer and use it in GitHub Desktop.
antiNSA.bat
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@REM | |
@REM Absolute Computrace/Lojack/BeeInject Disabler | |
@REM | |
@REM Works around the Ring -3 Bootkit part of | |
@REM NSA/TAO and CIA/IOC Framework | |
@REM | |
@REM This tool will backup original Computrace/Lojack files, | |
@REM disable the services and then add dummy read-only copies. | |
@REM | |
@REM Edited to strengthen protection against removal | |
@REM | |
@REM Date: Dec 17th 2018 | |
@REM Author: Jorge Oliveira | |
@REM License: Public Domain | |
@REM | |
@REM No warranties or guarantees express or implied. | |
@REM | |
for %%e in (rpcnet.exe rpcnetp.exe) do taskkill /im "%%e" /f /t | |
for %%s in (rpcnet rpcnetp) do sc config "%%s" start= disabled | |
for %%w in (%windir%\system32 %windir%\sysnative %windir%\syswow64) do ( | |
for %%f in (rpcnet.exe rpcnetp.exe) do ( | |
if exist "%%w\%%f" ( | |
icacls "%%w\%%f" /reset | |
attrib -R "%%w\%%f" | |
if not exist "%%w\%%f.bak" move "%%w\%%f" "%%w\%%f.bak" | |
echo. 1>nul 2>"%%w\%%f" | |
attrib +R "%%w\%%f" | |
icacls "%%w\%%f" /deny SYSTEM:^(GR,GW,GE,GA^) | |
) | |
) | |
for %%f in (rpcnet.dll rpcnetp.dll) do ( | |
if exist "%%w\%%f" ( | |
icacls "%%w\%%f" /reset | |
attrib -R "%%w\%%f" | |
if exist "%%w\%%f.bak" del "%%w\%%f" | |
if not exist "%%w\%%f.bak" move "%%w\%%f" "%%w\%%f.bak" | |
) | |
) | |
if exist "%%w\drivers\etc\hosts" ( | |
findstr /L /I "search.dnssearch.org" "%%w\drivers\etc\hosts">nul | |
if errorlevel 1 ( | |
echo.>>"%%w\drivers\etc\hosts" | |
echo 0.0.0.0 search.dnssearch.org search.namequery.com>>"%%w\drivers\etc\hosts" | |
) | |
) | |
) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment