⬆️ ⬇️

We get rid of Amigo, MailUpdater, Yandex Browser and others

The whole story is that it is possible in principle to prohibit the installation of programs in the domain by means of a GPO, and in this case during the installation an account login / password with the necessary rights will be requested. But here's a bad luck - programs like those specified in the title of the article (+ browser manager, Unity Player, etc.) are installed in the user's folder and successfully work in the system. Found a very simple (article just 1 page) way to get rid of Amigo once and for all! Who cares, I ask under the cat.



Google on this topic issues articles that describe the algorithm for banning the installation of software for a publisher's certificate. The method is good, but time consuming, and the certificates can change, and pulling them out of the installer is problematic ... in the end, I never managed to implement it. My algorithm is very simple:



We know that “favorite” by all admins programs are installed in the c: \ Users \% username% \ AppData \ Local folder (correct if there are still hidden places). So it occurred to me that if we create folders with the names of programs we don't need ourselves, and remove all ntfs rights for them, it turns out that the program simply cannot be installed in the right folder.



So, this script:

')

::      rmdir c:\Users\%username%\AppData\Local\Mail.Ru /s /q rmdir c:\Users\%username%\AppData\Local\MailRu /s /q rmdir c:\Users\%username%\AppData\Local\Unity /s /q rmdir c:\Users\%username%\AppData\Local\Amigo /s /q rmdir c:\Users\%username%\AppData\Local\Apps /s /q ::  mkdir c:\Users\%username%\AppData\Local\Mail.Ru mkdir c:\Users\%username%\AppData\Local\MailRu mkdir c:\Users\%username%\AppData\Local\Unity mkdir c:\Users\%username%\AppData\Local\Amigo mkdir c:\Users\%username%\AppData\Local\Apps ::  (    ) echo y|cacls c:\Users\%username%\AppData\Local\Mail.Ru /C /G domain.ru\adminuser:F echo y|cacls c:\Users\%username%\AppData\Local\MailRu /C /G domain.ru\adminuser:F echo y|cacls c:\Users\%username%\AppData\Local\Unity /C /G domain.ru\adminuser:F echo y|cacls c:\Users\%username%\AppData\Local\Amigo /C /G domain.ru\adminuser:F echo y|cacls c:\Users\%username%\AppData\Local\Apps /C /G domain.ru\adminuser:F 




As you can see, the list of programs in the example is small (Mail.Ru and MailRu are from the games of mail and satellite, UnityPlayer, Amigo, Apps - I saw something bad there).



The list can be replenished with any noticed programs that create their own folder, the main thing is to know the name of such a folder. There are a lot of nasty things, like Browser Manager, nichrome, bromium and others. While this has not come to us, I cannot find out the names of the folders, but everything is in your hands!



Then everything is simple - we put the launch of this file in logon scripts, or in scheduled tasks (for the user when entering the system), and enjoy the result! It works in Win7 100%, Amigo, for example, does not even produce any errors, it is simply not installed.



ps Amigo and other rubbish can run before the script, thus will not allow to delete your folder. To make everything clear, you need to rewrite the script so that it scans all the folders of all computer users for bad guys and put it on execution when the computer starts. I am overwhelmed with emotions, I rather wanted to write an article, so complete the script yourself to the desired state.



pss Please do not say that the script is written ugly ugly, and everything can be done in a loop through the list of folders, etc. ... It is simplified for clarity, the simplicity of the idea as a whole.

Source: https://habr.com/ru/post/269321/



All Articles