Wanna Cry Vaccine ~ Ransomware Immunisation

in #technology8 years ago (edited)

hacker647_051417014610.jpg

Hey.. just wanted to make a quick post in case anyone is running a windows box and still needs a patch solution for there windows systems, hope all my fellow brothers and sisters still using Microsoft products decide to make the leap over to the Linux side of the equation, and I think this is a great example of why that should happen...

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskdl.exe]
"Debugger"="taskkill /F /IM "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskse.exe]
"Debugger"="taskkill /F /IM "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wannacry.exe]
"Debugger"="taskkill /F /IM "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mssecsvc.exe]
"Debugger"="taskkill /F /IM "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tasksche.exe]
"Debugger"="taskkill /F /IM "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskhsvc.exe]
"Debugger"="taskkill /F /IM "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wcry.exe]
"Debugger"="taskkill /F /IM "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\111.exe]
"Debugger"="taskkill /F /IM "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lhdfrgui.exe]
"Debugger"="taskkill /F /IM "

Here is the source

Sort:  

All this patch will do is help kill processes with the names set forth in the registry entries.. I would highly recommend reading the the article to understand the finer details of applying the patch.. but from what I was reading on github, it looks like a pretty straight forward solution..