Stopping a Windows Executable from Running
To prevent a file from being created, in the past I have created a folder with the same name. This lets you stop a file from running (the example used is a worm executable):
- Create a registry key with the name of the process you want to prevent to execute. Ex.:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\calc.exe
- Under this new key you've just created, create a SZ value called "Debugger" and set it to the following value:
SZ Debugger = "cmd.exe /c echo %time% %date% calc.exe >> c:\ExecBlocked.log"
From http://blogs.technet.com/marcelofartura/archive/2006/10/24/a-virus-infection-contolling-the-outbreak-tip.aspx with slight mods by me.