System Errors After using This Bot.
Closed this issue · 3 comments
Bot was working fine until i attempt to run the command !uacbypass with no success at all. Errors started appearing When clicking at Taskbar shortcuts as noted below:
C:\Windows\System32\fodhelper.exe | file will not open anymore | Error is now being shown, it seens whenever this file is clicked systems tries to locate the bot binary.exe for whatever reason. (There has been a registry change I believe ath the !uacbypass command.
If I attempt to Open Network and Internet Settings a Command Prompt opens and Error appears looking for the file.
Errors in video:
https://user-images.githubusercontent.com/3595920/128725054-829a0d84-4824-426b-a982-b5048405af08.mp4
https://user-images.githubusercontent.com/3595920/128725059-ddfe140d-ef1f-42ed-9cf8-5610b38ce35b.mp4
CMD has now Parameters set to it as shown in the image:: "C:\Windows\System32\cmd.exe" /k start C:\Users%username%\AppData\Local\Temp_MEI60802\D:\Folder\Exercises\2 - Remote Access Trojan\dist\SecureXDRAT.exe
Registry Changes made by the bot:
Indeed the uacbypass command does some modifications to the registry with the fodhelper binary, This bypass used to work on my machine a while ago but I cannot confirm it still works.
This module is one of the only modules that has never been updated so it's probably really buggy
I have gotten some help with other person, it appear to be because I compiled it to .exe, it is intended to work with only .py scripts not been able to bypass .exe.
the fix for this issue is:
Here is the fix by moon825:
powershell Remove-Item "HKCU:\Software\Classes\ms-settings" -Recurse -Force