Stopping a Windows Executable from Running

To prevent a file from being created, in the past I have created a folder with the same name. This lets you stop a file from running (the example used is a worm executable):

  1. Create a registry key with the name of the process you want to prevent to execute. Ex.: calc.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\calc.exe 
  1. Under this new key you've just created, create a SZ value called "Debugger" and set it to the following value:
    SZ Debugger = "cmd.exe /c echo  %time% %date% calc.exe >> c:\ExecBlocked.log"

From with slight mods by me.


No comments.