-
-
Save LiEnby/b95ffb5e2830aada2fa33d6cba6bd70a to your computer and use it in GitHub Desktop.
| @echo off | |
| set "params=%*" | |
| cd /d "%~dp0" && ( if exist "%temp%\getadmin.vbs" del "%temp%\getadmin.vbs" ) && fsutil dirty query %systemdrive% 1>nul 2>nul || ( echo Set UAC = CreateObject^("Shell.Application"^) : UAC.ShellExecute "cmd.exe", "/k cd ""%~sdp0"" && %~s0 %params%", "", "runas", 1 >> "%temp%\getadmin.vbs" && "%temp%\getadmin.vbs" && exit /B ) | |
| echo This script completley removes Parental Controls from Windows 10 / 11 | |
| echo Press any key to disable parental controls | |
| pause>nul | |
| echo Blocking parental controls server ... | |
| echo # Disable parental controls >> %WINDIR%\System32\drivers\etc\hosts | |
| echo 0.0.0.0 rs3clients.timeusage.family.microsoft.com >> %WINDIR%\System32\drivers\etc\hosts | |
| echo 0.0.0.0 clientfd.family.microsoft.com >> %WINDIR%\System32\drivers\etc\hosts | |
| echo 0.0.0.0 family.microsoft.com >> %WINDIR%\System32\drivers\etc\hosts | |
| echo Disabling parental controls service.. | |
| sc stop WpcMonSvc | |
| sc config WpcMonSvc start= disabled | |
| echo Deleting parental controls service... | |
| reg delete "HKLM\SYSTEM\CurrentControlSet\Services\WpcMonSvc" /f | |
| echo Deleting WpcDesktopMonSvc.dll ... | |
| takeown /f %WINDIR%\System32\WpcDesktopMonSvc.dll | |
| cacls %WINDIR%\System32\WpcDesktopMonSvc.dll /e /p %USERNAME%:F | |
| del %WINDIR%\System32\WpcDesktopMonSvc.dll /Q /F | |
| echo Deleting cached Parental Control Settings in ProgramData ... | |
| takeown /f "%PROGRAMDATA%\Microsoft\Windows\Parental Controls" | |
| cacls "%PROGRAMDATA%\Microsoft\Windows\Parental Controls" /e /p %USERNAME%:F | |
| del "%PROGRAMDATA%\Microsoft\Windows\Parental Controls" /S /Q /F | |
| rd "%PROGRAMDATA%\Microsoft\Windows\Parental Controls" /S /Q | |
| echo Deleting cached Parental Control Settings in Registry ... | |
| powershell -noprofile -noninteractive -command "function Take-Permissions { param($rootKey, $key, [System.Security.Principal.SecurityIdentifier]$sid = 'S-1-5-32-545', $recurse = $true); switch -regex ($rootKey) { 'HKCU|HKEY_CURRENT_USER' { $rootKey = 'CurrentUser' } 'HKLM|HKEY_LOCAL_MACHINE' { $rootKey = 'LocalMachine' } 'HKCR|HKEY_CLASSES_ROOT' { $rootKey = 'ClassesRoot' } 'HKCC|HKEY_CURRENT_CONFIG' { $rootKey = 'CurrentConfig' } 'HKU|HKEY_USERS' { $rootKey = 'Users' } }; $import = '[DllImport(\"ntdll.dll\")] public static extern int RtlAdjustPrivilege(ulong a, bool b, bool c, ref bool d);'; $ntdll = Add-Type -Member $import -Name NtDll -PassThru; $privileges = @{ SeTakeOwnership = 9; SeBackup = 17; SeRestore = 18 }; foreach ($i in $privileges.Values) { $null = $ntdll::RtlAdjustPrivilege($i, 1, 0, [ref]0) }; function Take-KeyPermissions { param($rootKey, $key, $sid, $recurse, $recurseLevel = 0); $regKey = [Microsoft.Win32.Registry]::$rootKey.OpenSubKey($key, 'ReadWriteSubTree', 'TakeOwnership'); $acl = New-Object System.Security.AccessControl.RegistrySecurity; $acl.SetOwner($sid); $regKey.SetAccessControl($acl); $acl.SetAccessRuleProtection($false, $false); $regKey.SetAccessControl($acl); if ($recurseLevel -eq 0) { $regKey = $regKey.OpenSubKey('', 'ReadWriteSubTree', 'ChangePermissions'); $rule = New-Object System.Security.AccessControl.RegistryAccessRule($sid, 'FullControl', 'ContainerInherit', 'None', 'Allow'); $acl.ResetAccessRule($rule); $regKey.SetAccessControl($acl); }; if ($recurse) { foreach($subKey in $regKey.OpenSubKey('').GetSubKeyNames()) { Take-KeyPermissions $rootKey ($key+'\'+$subKey) $sid $recurse ($recurseLevel+1); } }; }; Take-KeyPermissions $rootKey $key $sid $recurse; };Take-Permissions 'HKLM' 'SOFTWARE\Microsoft\Windows\CurrentVersion\Parental Controls' 'S-1-5-32-544' $true;" | |
| reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Parental Controls" /f | |
| echo Done! .. | |
| pause>nul |
Is there a way without needing administrator
it was a virus
…
On Sat, 15 Feb 2025 at 23:13, TheDolphinCoder11 @.> wrote: @.* commented on this gist. ------------------------------ This is the program that had 3 trogan horses This batch file killed my laptop Fuck you LiEnby could you please point to the part of the script that is the 'trojan' part i mean its a batch file something like that would be kind of impossible to hide. fair enough tbh, that guy must be a hater cause uhh i don't see any external links. and what you said. — Reply to this email directly, view it on GitHub https://gist.github.com/LiEnby/b95ffb5e2830aada2fa33d6cba6bd70a#gistcomment-5440862 or unsubscribe https://github.com/notifications/unsubscribe-auth/BKSBDWTC3VPJNSN6HVFOLUD2P7C2FBFKMF2HI4TJMJ2XIZLTSKBKK5TBNR2WLJDUOJ2WLJDOMFWWLO3UNBZGKYLEL5YGC4TUNFRWS4DBNZ2F6YLDORUXM2LUPGBKK5TBNR2WLJDHNFZXJJDOMFWWLK3UNBZGKYLEL52HS4DFVRZXKYTKMVRXIX3UPFYGLK2HNFZXIQ3PNVWWK3TUUZ2G64DJMNZZDAVEOR4XAZNEM5UXG5FFOZQWY5LFVEYTCOBRG4YTKOBVU52HE2LHM5SXFJTDOJSWC5DF . You are receiving this email because you commented on the thread. Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub .
There is literally no way for this to be a virus, it's a batch file, all the commands are clearly visible in the code and there is absolutely nothing malicious happening. It's possible antivirus might have marked this as malicious or suspicious or potentially unwanted because of the commands that are being run - stopping services and deleting registry keys, but all of those services and registry keys are directly related to parental controls and have to be removed in order to fully cripple / stop parental controls from running on a machine. Please don't spread misinformation just because you don't understand what it is you're looking at.
fair enough tbh, that guy must be a hater cause uhh i don't see any external links. and what you said.