Posts Tagged ‘WannaCry’

WannaCryToolkit scanner and removal toolkit

Posted: 14/05/2017 in Uncategorized
Tags: , , ,

Trustlook ( Security and technology company) has released a scanner and removal toolkit to help system administrators protect Windows computers that are either vulnerable to or have been infected with the dangerous strain of ransomware known as WannaCry.|

 1. WannaCry Ransomware Scanner Tool

The Wannacry Scanner can help system admin to scan your network for vulnerable windows systems, the tool is under “scanner” directory.

Installation

git clone https://github.com/apkjet/TrustlookWannaCryToolkit.git
cd TrustlookWannaCryToolkit/scanner/
pip install -r requirements.txt

 Usage

Usage: wannacry_tlscan.py host/network
Example:
wannacry_tlscan.py 192.168.0.100
wannacry_tlscan.py 192.168.0.0/24
Single host scan
wannacry_tlscan.py 192.168.0.100
Single a network
wannacry_tlscan.py 192.168.0.0/24

2. WannaCry Vaccine Tool

The WannaCry Vaccine Tool help user to prevent your system from being affected by WannaCry Ransomeware.

1. Run

tl_wannacry_console.exe and tl_wannacry_no_console.exe prevent WannaCry Ransomeware to encrypt user’s files.

The two tools works pretty much the same, except tl_wannacry_console.exe comes with a console to show some progress information. tl_wannacry_no_console.exe runs in background.

Users may want to add tl__wannacry_no_console.exe to Windows startup script, so everytime user start his computer, Trustlook WannaCry Vaccine Tool will start prevent your system from being affected.

2. Add to Windows startup script

add tl_wannacry_no_console.exe value to following register script

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

Source download: github

Advertisements