Published On Premiered Nov 28, 2020
Hello, my friends! Let's hit 30K likes? Check out my website! https://enderman.ch
Today I am going to show you how to remove NoEscape, as well as its set of quirks and the backstory behind it! Now with a download link and more bugfixes.
Links:
NoEscape - https://go.enderman.ch/noescape
BootData - https://dl.malwarewatch.org/software/...
Password:
mysubsarethebest
Registry values (tried to sort them by importance):
HKLM\SYSTEM\CurrentControlSet\Control\Keyboard Layout\Scancode Map
HKLM\SOFTWARE\Classes\exefile\shell\open\command
HKLM\SOFTWARE\Classes\exefile\shell\runas\command
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoAdminLogon
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DisableCAD
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\UseDefaultTile
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\shutdownwithoutlogon
HKLM\SOFTWARE\Policies\Microsoft\Windows\System\DisableLogonBackgroundImage
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools
HKCU\Software\Policies\Microsoft\Windows\System\DisableCMD
HKCU\Control Panel\Desktop\AutoColorization
HKCU\Control Panel\Mouse\SwapMouseButtons
Timestamps:
0:00 - Intro
0:18 - Infection
1:12 - Recovery
1:29 - Restoring bootloader data
2:54 - Removing malware body
3:15 - Fixing the registry
4:40 - Restoring themes and users
6:08 - Touching up the registry
6:46 - Outro
Still got questions? Don't hesitate, send them to [email protected]!
Hope you have a great day!
#endermanch #malware #trojan