Look at LSB init scripts for more information.
Copy to /etc/init.d:
# replace "$YOUR_SERVICE_NAME" with your service's name (whenever it's not enough obvious)
peet47
peet47
/ Kill-Ransomware.ps1
Created
November 5, 2019 13:05
— forked from thomaspatzke/Kill-Ransomware.ps1
Ransomware Killer
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Ransomware Killer v0.1 by Thomas Patzke <thomas@patzke.org> | |
| # Kill all parent processes of the command that tries to run "vssadmin Delete Shadows" | |
| # IMPORTANT: This must run with Administrator privileges! | |
| Register-WmiEvent -Query "select * from __instancecreationevent within 0.1 where targetinstance isa 'win32_process' and targetinstance.CommandLine like '%vssadmin%Delete%Shadows%'" -Action { | |
| # Kill all parent processes from detected vssadmin process | |
| $p = $EventArgs.NewEvent.TargetInstance | |
| while ($p) { | |
| $ppid = $p.ParentProcessID | |
| $pp = Get-WmiObject -Class Win32_Process -Filter "ProcessID=$ppid" | |
| Write-Host $p.ProcessID |
peet47
/ _service.md
Created
March 8, 2017 19:31
— forked from naholyr/_service.md
Sample /etc/init.d script
peet47
/ keybase.md
Created
July 20, 2016 13:27
I hereby claim:
- I am peet47 on github.
- I am petermassini (https://keybase.io/petermassini) on keybase.
- I have a public key ASCQSjWnzRrfuLOjJCkTrYEM5JYXw-S839NW1tl7jR3WMwo
To claim this, I am signing this object: