Stopping a Windows Executable from Running

To prevent a file from being created, in the past I have created a folder with the same name. This lets you stop a file from running (the example used is a worm executable):

  1. Create a registry key with the name of the process you want to prevent to execute. Ex.: calc.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\calc.exe 
    
  1. Under this new key you've just created, create a SZ value called "Debugger" and set it to the following value:
    SZ Debugger = "cmd.exe /c echo  %time% %date% calc.exe >> c:\ExecBlocked.log"
    

From http://blogs.technet.com/marcelofartura/archive/2006/10/24/a-virus-infection-contolling-the-outbreak-tip.aspx with slight mods by me.

Comments

No comments.