Created
June 27, 2017 19:32
-
-
Save Shadow0ps/9c73dcc9d3e18dae78a0e4894d276082 to your computer and use it in GitHub Desktop.
This will create a file called perfc in the C:\Windows directory. Petya/Goldeneye looks for this file and if it exists it terminates the program.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| if (!(Test-Path "C:\Windows\perfc")) | |
| { | |
| New-Item -path C:\Windows -name perfc -type "file" -value "Inoculated" | |
| Write-Host "System Inoculated" | |
| } | |
| else | |
| { | |
| Write-Host "File already exists! Your system may be infected." | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
https://twitter.com/hackerfantastic/status/879792893824782337
Hacker Fantastic
@HackerFantastic
Kill switch does NOT WORK, created %WINDIR%\perfc & .dat & .dll on a clean 2008 host. Petya still spreads and infects via MS17-010.
[end tweet]
(In other words, this stops the PsExec+WMIC combo, but won't help if you're not patched for MS17-010)