Skip to content
forked from KernelPan1k/KpRm

KpRm is a tool to delete all removal tools used during a disinfection

License

Notifications You must be signed in to change notification settings

KovalevArtem/KpRm

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 

Repository files navigation

KpRm

Google logo

KpRm is a tool to use to finalize a disinfection, it removes the following software:

  • AdliceDiag (Tigzy)
  • Ads (Gen-Hackman)
  • AdsFix (Gen-Hackman)
  • AdwCleaner (Malwarebytes)
  • AHK_NavScan (Batch_Man)
  • AlphaDecrypter (Michael Gillespie)
  • AswMBR (Avast!Software)
  • AuroraDecrypter (Michael Gillespie)
  • AutorunsVTChecker (regist)
  • AVCertClean (fr33tux)
  • Offline CryptoMix Ransomware Decryptor (Avast!Software)
  • Avenger (swandog46)
  • BitKangarooDecrypter (Michael Gillespie)
  • BitStakDecrypter (Michael Gillespie)
  • BlitzBlank (Emsisoft)
  • BTCWareDecrypter (Michael Gillespie)
  • Catchme (Gmer)
  • Check Browsers LNK (Alex Dragokas & regist)
  • CKScanner (askey127)
  • Clean_DNS (Gen-Hackman)
  • ClearLNK (Alex Dragokas)
  • CMD_Command (Gen-Hackman)
  • CoinVaultDecryptor (Kaspersky Labs)
  • Combofix (sUBs)
  • Crypt38Decrypter (Michael Gillespie)
  • CryptoSearch (Michael Gillespie)
  • DDS (sUBs)
  • CryptON Ransomware Decryptor (Emsisoft)
  • Defogger (jpshortstuff)
  • DCryDecrypter (Michael Gillespie)
  • EasyRestorePoint (kernel-panik)
  • Eset Online Scanner (Eset)
  • FilesLockerDecrypter (Michael Gillespie)
  • FixExec (BleepingComputer)
  • FixPurge (McVivien2)
  • FRST (Farbar)
  • FSS (Farbar)
  • GetSystemInfo (Kaspersky Labs)
  • GhostCryptDecrypter (Michael Gillespie)
  • GIBON Ransomware Decryptor (Michael Gillespie)
  • GooredFix (jpshortstuff)
  • GrantPerms (Farbar)
  • HiddenTear Bruteforcer (Michael Gillespie)
  • HiddenTear Decrypter (Michael Gillespie)
  • HostsXpert (funkytoad)
  • Hosts-perm.bat (BleepingComputer)
  • InsaneCryptDecrypter (Michael Gillespie)
  • JavaRa (Fred de Vries et Paul McLain)
  • Jigsaw Decrypter (Michael Gillespie)
  • Junkware Removal Tool (Malwarebytes corporation)
  • ListCWall (BleepingComputer)
  • ListParts (Farbar)
  • LogOnFix (Xplode)
  • MBAR (Malwarebytes corporation)
  • MBRCheck (a_d_13)
  • MbrScan (Eric_71)
  • mbr.exe (Gmer)
  • McAfee Labs RootkitRemover (McAfee)
  • MicroCop Decryptor (Michael Gillespie)
  • Miniregtool (Farbar)
  • Minitoolbox (Farbar)
  • MKV (El Desaparecido & C_XX)
  • Mole02Decryptor (M AV)
  • OneClick2RP (Laddy)
  • OTA (Old_Timer)
  • OTC (Old_Timer)
  • OTH (Old_Timer)
  • OTL (Old_Timer)
  • OTM (Old_Timer)
  • OTS (Old_Timer)
  • PCHunter (epoolsoft)
  • Pre_Scan (Gen-Hackman)
  • PowerLockyDecrypter (Michael Gillespie)
  • ProcessClose (Gen-Hackman)
  • QuickDiag (Gen-Hackman)
  • RakhniDecryptor (Kaspersky Lab)
  • Rannoh Decryptor (Kaspersky Lab)
  • RansomNoteCleaner (Michael Gillespie)
  • RegtoolExport (Xplode)
  • Remediate VBS Worm (bartblaze)
  • Report_Antivir (Laddy)
  • Report_CHKDSK (Laddy)
  • ResetNavigator (SoftwareQuality)
  • Rkill (Grinler)
  • RogueKiller (Tigzy)
  • Rooter (Team IDN)
  • RootkitRevealer (Microsoft)
  • RstAssociations (Xplode) (scr) (exe)
  • RstHosts (Xplode)
  • ScanRapide (Lydem)
  • ShadeDecryptor (Kaspersky Labs)
  • Shortcut Cleaner (BleepingComputer)
  • Seaf (C_XX)
  • SecurityCheck (screen317)
  • ServicesRepair (Eset)
  • SMBCheck (Webroot)
  • StrikedDecrypter (Michael Gillespie)
  • StupidDecryptor (Michael Gillespie)
  • Symantec Kovter Removal Tool (Symantec)
  • SystemLook (jpshortstuff)
  • SFTGC (Pierre13)
  • TDSSkiller (Kaspersky Labs)
  • TFC (Old_Timer)
  • ToolsDiag (Amesam)
  • UAC-LEVEL (Amesam)
  • UAC Manager (Xplode)
  • UnHide (BleepingComputer)
  • Unlock92Decrypter (Michael Gillespie)
  • Usb File Resc (Streuner Corporation)
  • UsbFix (El desaparecido & C_XX)
  • UnZacMe (Gen-Hackman)
  • Webroot DE-BUG (Webroot)
  • WildfireDecryptor (Kaspersky Labs)
  • WinChk (Xplode)
  • WinsockAnalyzer (Xplode)
  • WinUpdatefix (Xplode)
  • XoristDecryptor (Kaspersky Labs)
  • ZHPCleaner (Nicolas Coolman)
  • ZHPDiag (Nicolas Coolman)
  • ZHPLite (Nicolas Coolman)
  • ZHPFix (Nicolas Coolman)
  • Zoek (Smeenk)

The search for executables downloaded by the user is only performed in the Desktop and the download folder. To respect Nicolas Coolman's choice, the quarantine of ZHP tools located under AppData\ZHP is no longer deleted, however a line in the report indicates its presence.

- Save the registry

To restore hives easily, it is possible to use KPLive: https://github.com/KernelPan1k/KpLive

- Delete recovery points

- Create a restore point

During this phase, KpRm first activates system recovery and then deletes recovery points that were created less than 24 hours ago. After creating a restore point, this tool will list all the points on the machine. It is important to always check in this list if the restore point has been created, especially if the machine is running on Windows 10.

- Restore system settings

  • Reset DNS cache
  • Reset the WinSock catalog
  • Hide hidden files
  • Hide protected files
  • Show known file extensions

- Restore the UAC

  • ConsentPromptBehaviorAdmin (5)
  • ConsentPromptBehaviorUser (3)
  • EnableInstallerDetection (0)
  • EnableLUA (1)
  • EnableSecureUIAPaths (1)
  • EnableUIADesktopToggle (0)
  • EnableVirtualization (1)
  • FilterAdministratorToken (0)
  • PromptOnSecureDesktop (1)
  • ValidateAdminCodeSignatures (0)

Project website: https://kernel-panik.me/tool/kprm/

Donation

If you think KpRm has helped you, you can make a donation:

Bitcoin address:

1L7YjRfxaci9Zwz5Hv84wfRYSmcbQSTNAo

Stellar Lumens address:

GCLLHFLOZFYIV5IR2BWBIU7Q55E4EYWHWAOPYMLN3NHXTBQQCAIWJ6FC

Contributors

About

KpRm is a tool to delete all removal tools used during a disinfection

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • AutoIt 100.0%