Removing NoEscape.exe - Boot Sector included

Описание к видео Removing NoEscape.exe - Boot Sector included

Though a little bit more difficult to remove, it's still possible. In this video I'll show you how.
Endermanch's original removal tutorial:    • How to remove NoEscape.exe [Download ...  
Windows PE ISO: https://www.hirensbootcd.org/ (The Gandalf Windows PE ISO used in this video was taken down, link is for Hiren's BootCD which does exactly the same thing)
ISO creator: https://sourceforge.net/projects/iso-...
TestDisk: https://www.cgsecurity.org/Download_a...

Registry Changes:
HKLM:
HKLM\SYSTEM\CurrentControlSet\Control\Keyboard Layout\Scancode Map

HKLM\SOFTWARE\Classes\exefile\shell\open\command
HKLM\SOFTWARE\Classes\exefile\shell\runas\command

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoAdminLogon
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DisableCAD
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\UseDefaultTile
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\shutdownwithoutlogon
HKLM\SOFTWARE\Policies\Microsoft\Windows\System\DisableLogonBackgroundImage

HKCU:
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools
HKCU\Software\Policies\Microsoft\Windows\System\DisableCMD

HKCU\Control Panel\Desktop\AutoColorization
HKCU\Control Panel\Mouse\SwapMouseButtons

Music:
Tobu - Candyland [NCS Release]
DEAF KEV - Invincible [NCS Release]
#noescape #malware #trojan

Комментарии

Информация по комментариям в разработке

Похожие видео