Though a little bit more difficult to remove, it’s still possible. In this video I’ll show you how.
Endermanch’s original removal tutorial: https://www.youtube.com/watch?v=4oATWyMMH4A
Windows PE ISO: https://www.hirensbootcd.org/ (The Gandalf Windows PE ISO used in this video was taken down, link is for Hiren’s BootCD which does exactly the same thing)
ISO creator: https://sourceforge.net/projects/iso-creator-cs/files/latest/download
TestDisk: https://www.cgsecurity.org/Download_and_donate.php/testdisk-7.2-WIP.win.zip

Registry Changes:
HKLM:
HKLM//SYSTEM//CurrentControlSet//Control//Keyboard Layout//Scancode Map

HKLM//SOFTWARE//Classes//exefile//shell//open//command
HKLM//SOFTWARE//Classes//exefile//shell/unas//command

HKLM//SOFTWARE//Microsoft//Windows NT//CurrentVersion//Winlogon//AutoAdminLogon
HKLM//SOFTWARE//Microsoft//Windows NT//CurrentVersion//Winlogon//AutoRestartShell
HKLM//SOFTWARE//Microsoft//Windows NT//CurrentVersion//Winlogon//DisableCAD
HKLM//SOFTWARE//Microsoft//Windows NT//CurrentVersion//Winlogon//Userinit

HKLM//SOFTWARE//Microsoft//Windows//CurrentVersion//Policies//System//EnableLUA

HKLM//SOFTWARE//Microsoft//Windows//CurrentVersion//Policies//Explorer//UseDefaultTile
HKLM//SOFTWARE//Microsoft//Windows//CurrentVersion//Policies//System//shutdownwithoutlogon
HKLM//SOFTWARE//Policies//Microsoft//Windows//System//DisableLogonBackgroundImage

HKCU:
HKCU//Software//Microsoft//Windows//CurrentVersion//Policies//System//DisableRegistryTools
HKCU//Software//Policies//Microsoft//Windows//System//DisableCMD

HKCU//Control Panel//Desktop//AutoColorization
HKCU//Control Panel//Mouse//SwapMouseButtons

Music:
Tobu – Candyland [NCS Release]
DEAF KEV – Invincible [NCS Release]
#noescape #malware #trojan

Please take the opportunity to connect and share this video with your friends and family if you find it useful.