sablefoxx Posted January 5, 2008 Share Posted January 5, 2008 @ sablefoxx, Yea I knew I could disable it in gpedit, just didn't know how to implement that in a batch. Oh ok, you just have to edit some reg keys, never done it in batch but you can do it using a .vbs. in high school we wrote one to enable taskmgr, cmd, and some other stuff because they were blocked (but you could just create a shortcut to gpedit and change the the settings lol), however a friend of mine got in some deep shit after getting caught using gpedit so we wrote this .vbs to auto-mate the proccess. here is the code just edit it to disable rather then enable them. Set WshShell = WScript.CreateObject("WScript.Shell") With WScript.CreateObject("WScript.Shell") On Error Resume Next .RegDelete "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystemDisableRegistryTools" .RegDelete "HKCUSoftwarePoliciesMicrosoftWindowsSystemDisableCMD" .RegDelete "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystemDisableTaskMgr" .RegDelete "HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciessystemDisableTaskMgr" .RegDelete "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystemNoDispCPL" .RegDelete "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRestrictCPL" End With Mybox = MsgBox(jobfunc & enab & vbCR & "Ultimate Pwnage Complete :-p", 4096, t) ^^Coded by Javabudd^^ Quote Link to comment Share on other sites More sharing options...
G-Stress Posted January 5, 2008 Author Share Posted January 5, 2008 @ sablefoxx, This looks like this is already setup to disable as it is, rather then enable? I'm not too good with vb yet, so im not sure how to set it to disable if this script "enables", but if it isn't too hard I'll use this script and a one that disables as well :-D Thanks Quote Link to comment Share on other sites More sharing options...
sc0rpi0 Posted January 5, 2008 Share Posted January 5, 2008 @ Sc0rpi0, Yea I plan to use pskill to kill all existing av/spyware processes... or wouldn't it be better if instead of killing the process just stop the service temporarily ;) Great idea! These anti-av tricks don't really work that well with mcafee. Even with all of its processes killed, whenever a directory is accessed or a file run, the processes start again... :-( Any idea? Quote Link to comment Share on other sites More sharing options...
sablefoxx Posted January 5, 2008 Share Posted January 5, 2008 Kill process, encrypt (if you wanna bring it back) or delete all Mcafee program files. Run what ever you want. Decrypt (if you bothered to save the files) Mcafee. That may work, just and idea tho. @G-Stress That code simple deletes the reg keys, just write a .bat to add them. @echo off cls reg import "example_key" exit Quote Link to comment Share on other sites More sharing options...
G-Stress Posted January 5, 2008 Author Share Posted January 5, 2008 @ Sc0rpi0, Yes mcaffee and norton are the 2 im gonna be most concerned with, because that's what I mostly see on people's computers. Like sablefoxx said deleting or encrypting mcaffee files would be a good idea also... maybe if xp use built in windows encryption if possibly with a .bat file. Also most of these AV's have services that run and im not sure, but I think even if the process is killed the service or some type of service associated with the av is still running depending on av. @ sablefoxx, I thought it deleted them I just wanted to make sure:) I will definitely use this script, thanks. Quote Link to comment Share on other sites More sharing options...
sc0rpi0 Posted January 5, 2008 Share Posted January 5, 2008 @ Sc0rpi0, Yes mcaffee and norton are the 2 im gonna be most concerned with, because that's what I mostly see on people's computers. Like sablefoxx said deleting or encrypting mcaffee files would be a good idea also... maybe if xp use built in windows encryption if possibly with a .bat file. Also most of these AV's have services that run and im not sure, but I think even if the process is killed the service or some type of service associated with the av is still running depending on av. So you're saying to delete the program files? Just a suggestion, but wouldn't it be best to kill the processes, make a zipped copy of the program files, delete them, run the otherwise-detected stuff, and finally replace the program files and rerun the processes? Kind of complicated but maybe I'll create a special batch file package for just Norton and Mcafee. I have Mcafee but most people I've talked to have Norton. Neither are pausible or completely killable. Quote Link to comment Share on other sites More sharing options...
G-Stress Posted January 5, 2008 Author Share Posted January 5, 2008 @ Sc0rpi0, hmmm... yea that does sound a bit complicated. I'm gonna re-install mcaffee and see what I can think of. The way im setting mine up though I want the user to kill their own AV. For example the average user if they thought they might have a virus what's the first thing their gonna do... try to do a virus scan so my idea is to if virusprocess try's to execute then do this, etc. I'm tryin to set something up so each step an average user would take to troubleshoot something like a virus it wil backfire, but I also have antidote:) Quote Link to comment Share on other sites More sharing options...
sc0rpi0 Posted January 5, 2008 Share Posted January 5, 2008 @ Sc0rpi0, hmmm... yea that does sound a bit complicated. I'm gonna re-install mcaffee and see what I can think of. The way im setting mine up though I want the user to kill their own AV. For example the average user if they thought they might have a virus what's the first thing their gonna do... try to do a virus scan so my idea is to if virusprocess try's to execute then do this, etc. I'm tryin to set something up so each step an average user would take to troubleshoot something like a virus it wil backfire, but I also have antidote:) Sounds good! Please tell me how it goes. Thanks. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.