Thursday, July 4, 2019

Malware Prevention: Autoit3 worms

Here is a script I wrote almost one year ago.  Purpose is to immunize (block) AutoIt3 worms that disguise as GoogleChrome, Firefox and Skype.  It's almost a year and I still encounter this on customers flash drives.

What it does is create four folders namely:

  • GoogleChrome
  • MozillaFirefox
  • Skypee
  • Skype

and locked them so the worm no longer have access to those folders.

Folder used by worm with denied Full control

Copy and paste the following to Notepad ans save as Immunize.bat
Change the Drive variable if you want to immunize your external/USB drives as well.

--------------------

@ECHO OFF

 REM Replace Drive=*: with the appropriate drive letter

 SET Drive=C:
%Drive%

 CLS
ECHO Immunize against GoogleChrome, MozillaFirefox and Skype (AutoIt3 worms)
ECHO By WinXPert (7/09/2018)
ECHO https://www.facebook.com/groups/pinoytechrambo
ECHO https://www.facebook.com/groups/CTExperts.PH/
ECHO.
ECHO IMMUNIZING Drive %Drive%
ECHO.
PAUSE

 MD "%Drive%"\GoogleChrome"
ATTRIB +h +s /s /d ""%Drive%"\GoogleChrome"
icacls ""%Drive%"\GoogleChrome" /inheritance:r /deny "Everyone:(OI)(CI)(F)" "ANONYMOUS LOGON:(OI)(CI)(F)"

 MD ""%Drive%"\MozillaFirefox"
ATTRIB +h +s /s /d ""%Drive%"\MozillaFirefox"
icacls ""%Drive%"\MozillaFirefox" /inheritance:r /deny "Everyone:(OI)(CI)(F)" "ANONYMOUS LOGON:(OI)(CI)(F)"

 MD ""%Drive%"\Skypee"
ATTRIB +h +s /s /d ""%Drive%"\Skypee"
icacls ""%Drive%"\Skypee" /inheritance:r /deny "Everyone:(OI)(CI)(F)" "ANONYMOUS LOGON:(OI)(CI)(F)"

 MD ""%Drive%"\Skype"
ATTRIB +h +s /s /d ""%Drive%"\Skype"
icacls ""%Drive%"\Skype" /inheritance:r /deny "Everyone:(OI)(CI)(F)" "ANONYMOUS LOGON:(OI)(CI)(F)"

 PAUSE

--------------------

Remember a byte of prevention is worth a megabyte of cure.


All content ("Information") contained in this report is the copyrighted work of WinXPert: Virus and Malware Removal.

The Information is provided on an "as is" basis. WinXPert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, WinXPert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise. 
Copyright © 2019 WinXPert. All rights reserved. All other trademarks are the sole property of their respective owners.

To GOD be the glory!
Posted by at
Labels: , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)