Malware
Migrates a business licensed version of SentinelOne to a new mgmt server. Must edit first two lines of the script with the new server url and binding. Will prompt for the passphrase when ran. Can report using $S1$, $S1error$.
Read MorePerforms the Vaccination as described in this article, by creating a few read only files which should prevent NotPetya/Petya/Petna/SortaPetya infections.
Read MoreChecks various registry entries for indicators of a Crypto infection. Also, generates a “honeypot” document, If the document becomes encrypted the script will alarm as well.. Able to report with $CryptoAudit$, $CryptoYES$. Acknowledgments: Many thanks to MarcR, MattK from Kaseya Community for inspiration as posted on http://community.kaseya.com/resources/m/knowexch/86518.aspx#pi5230=2 This script is provided “AS-IS”. Please make sure…
Read MoreDownload latest version of ComboFix to temp directory. Renames the file to CMBOFX2010.
Read MoreSilently installs HiJack This 2.02. Updates a registry file so that you don’t have to acknowledge the new version. Then runs a full scan and stores it on c:tempHijackThisHiJackThis.log.
Read MoreScript will test to see if the latest version of MalwareBytes is loaded, and download it and install it if it isn’t. It will then show a message to the customer that a scan is going to happen. It will scan the system, and send an email in 50 min (you need to customize email…
Read MoreScript downloads txt files with current dl location. Script then downloads McAfee stinger, runs scan and fixes any infections. Script then writes results to script log and emails log file to to email address entered at script scheduling. Script then deletes exe and all txt files.
Read MoreDownloads and runs RKill.exe, need to review log file on systemrootrkill.log. Script downloads txt file with dl location then executes and writes to script log if successful.
Read MoreScript downloads installer and installs with /verysilent /nocancel /noicons /components=”main”. Script then deletes installer and writes to script log if successful.
Read MoreDownloads installer to temp directory, then runs with the /S argument. Writes to script log if successful.
Read More