IFEO Tool is a simple batch file that adds or removes registry keys from Image File Execution Options (IFEO). This tool was developed to make more easier the proccess of blocking unknown trojan, virus or worms by simply adding the EXE to the list of IFEO with a dummy file execution.
The problem!
A user is using the computer and notice a increase of CPU usage or suddently the computer start running slow. The logic step for the user is view the Task Manager or Process Explorer and find which processes are causing this. The user then tries to close them but they keep re-opening or simply they don't close and the user antivirus does nothing.
The solution!
Execute the IFEO Tool batch file with admin privileges, write the process name + extension and restart the computer. After reboot go to the EXE location and delete it.
Limitation
It isn't possible to block EXEs with similar names to system files (For example: svchost.exe). Doing this will lock the computer and it will require a rollback or reinstalation of Windows.
Download:
Source
The problem!
A user is using the computer and notice a increase of CPU usage or suddently the computer start running slow. The logic step for the user is view the Task Manager or Process Explorer and find which processes are causing this. The user then tries to close them but they keep re-opening or simply they don't close and the user antivirus does nothing.
The solution!
Execute the IFEO Tool batch file with admin privileges, write the process name + extension and restart the computer. After reboot go to the EXE location and delete it.
Limitation
It isn't possible to block EXEs with similar names to system files (For example: svchost.exe). Doing this will lock the computer and it will require a rollback or reinstalation of Windows.
Download:
Source
Code:
@echo off
@title IFEO Tool
:start
echo .....................................................
echo . IFEO Tool .
echo . .
echo . Block EXEs from running in the machine .
echo . .
echo . (This program requires admin privileges to run) .
echo .....................................................
echo (1) Add registry key .
echo (2) Remove registry key .
echo .....................................................
set /p choice=Choose what you like to do (1/2) :
if "%choice%"=="1" goto 1
if "%choice%"=="2" goto 2
cls
goto start
:1
cls
echo .....................................................
echo . IFEO Tool .
echo . .
echo . Block EXEs from running in the machine .
echo . .
echo . (This program requires admin privileges to run) .
echo .....................................................
set /p id1="Write EXE: "
reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\%id1%" /v Debugger /t REG_SZ /d "ntsd -d" /f
pause
cls
goto start
:2
cls
echo .....................................................
echo . IFEO Tool .
echo . .
echo . Block EXEs from running in the machine .
echo . .
echo . (This program requires admin privileges to run) .
echo .....................................................
set /p id1="Write EXE: "
reg delete "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\%id1%" /f
pause
cls
goto start
