[Guide]Way to Disable Keylogger/ Telemetry v3.55

You need to login to view this posts content.

 

You know what? It might be a good idea to route block those and hosts block the other ones in case they change the servers.

 

You need to login to view this posts content.

 

You need to login to view this posts content.

 

You need to login to view this posts content.

 

You need to login to view this posts content.

 

Agreed we need to skim down on the List to see what should and shouldn't be there.

However we have a starting point now we can go off of.

Jinjie we go for a multivector to see which is the best way to handle it!

 

Nice powershell snipplet so far. Could you add the registry entries from deagles ?

 

Show me the entries and I can make em go into powershell

 

You need to login to view this posts content.

 

You need to login to view this posts content.

 

You need to login to view this posts content.

 

No we are not back to the drawing board!

Stand by I will have a link soon!

 

Cert error is due to little typo:

Code:

certutil -addstore "Disallowed" "$PWD/0msitwww2.crt"

Code:

certutil -addstore "Disallowed" "$PWD/msitwww2.crt"

Code:

Set-ItemProperty -path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SQMClient\Windows" -Name "CEIPEnable" -Type "DWord" -Value "0x00000000"

in line 38.

Also hosts file is backed up correctly but there's nothing added to it.

 

You need to login to view this posts content.

 

S1ave77 we use the backup for the uninstall process to make it easier on ourselves

 

You need to login to view this posts content.

 

You need to login to view this posts content.

 

@ Smorgan

Regarding the not added lines to hosts file, you missed one line from Mr Jinjes original:

Code:

Function Hosts_Updater (){

$a = Get-Content "C:\Windows\System32\Drivers\etc\hosts"
$b = Get-Content "$PWD\ip.list.txt"

ForEach ($i in $b) {
$a += "127.0.0.1          $i"
$a | Set-Content "C:\Windows\System32\Drivers\etc\hosts"
}}
Hosts_Updater

With that line added all entries are added correctly to hosts file :flowers2:.

Now only one reg path seems to be missing:

Code:

Microsoft Windows [Version 6.4.9841]
(c) 2014 Microsoft Corporation. All rights reserved.

C:\Windows\System32>cd /d "C:\Users\s1ave77\Desktop\###.TELEMETRY.###"

C:\Users\s1ave77\Desktop\###.TELEMETRY.###>powershell -executionpolicy bypass -File privacy.pack.by.Smorgan.ps1
Privacy Tweaks

Disable Windows Error Reporting
True
Clear the Event Cache

Certificate Section

Disallowed "Untrusted Certificates"
Certificate "Microsoft IT SSL SHA2" added to store.
CertUtil: -addstore command completed successfully.
Disallowed "Untrusted Certificates"
Certificate "Microsoft Secure Server CA 2011" added to store.
CertUtil: -addstore command completed successfully.

Hosts Modification



Disable DiagTracking

Set-ItemProperty : Cannot find path
'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack\TestHooks' because it does not
exist.
At C:\Users\s1ave77\Desktop\###.TELEMETRY.###\privacy.pack.by.Smorgan.ps1:43 char:1
+ Set-ItemProperty -path "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microso ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (HKEY_LOCAL_MACH...Track\TestHooks:String) [Set-ItemProperty], ItemNotFo
   undException
    + FullyQualifiedErrorId : PathNotFound,Microsoft.PowerShell.Commands.SetItemPropertyCommand


C:\Users\s1ave77\Desktop\###.TELEMETRY.###>

 

Sigh I'm still working on my powershell as its somewhat flaky given how new I am to it.