Published On Dec 1, 2020
Though a little bit more difficult to remove, it's still possible. In this video I'll show you how.
Endermanch's original removal tutorial: • How to remove NoEscape.exe [Download ...
Windows PE ISO: https://www.hirensbootcd.org/ (The Gandalf Windows PE ISO used in this video was taken down, link is for Hiren's BootCD which does exactly the same thing)
ISO creator: https://sourceforge.net/projects/iso-...
TestDisk: https://www.cgsecurity.org/Download_a...
Registry Changes:
HKLM:
HKLM\SYSTEM\CurrentControlSet\Control\Keyboard Layout\Scancode Map
HKLM\SOFTWARE\Classes\exefile\shell\open\command
HKLM\SOFTWARE\Classes\exefile\shell\runas\command
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoAdminLogon
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DisableCAD
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\UseDefaultTile
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\shutdownwithoutlogon
HKLM\SOFTWARE\Policies\Microsoft\Windows\System\DisableLogonBackgroundImage
HKCU:
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools
HKCU\Software\Policies\Microsoft\Windows\System\DisableCMD
HKCU\Control Panel\Desktop\AutoColorization
HKCU\Control Panel\Mouse\SwapMouseButtons
Music:
Tobu - Candyland [NCS Release]
DEAF KEV - Invincible [NCS Release]
#noescape #malware #trojan