private void MainDWSButton_Click(object sender, RoutedEventArgs e) { var createRestorePoint = SwitchCreateRestorePoint.IsChecked != null && (bool)SwitchCreateRestorePoint.IsChecked; var removeDigTrack = SwitchDigTrackThelemetry.IsChecked != null && (bool)SwitchDigTrackThelemetry.IsChecked; var addSpyToHosts = SwitchAddSpyHosts.IsChecked != null && (bool)SwitchAddSpyHosts.IsChecked; var switchAddSpyIps = SwitchAddSpyIps.IsChecked != null && (bool)SwitchAddSpyIps.IsChecked; var switchDisablePrivateSettings = SwitchDisablePrivateSettings.IsChecked != null && (bool)SwitchDisablePrivateSettings.IsChecked; var switchDisableWindowsDefender = SwitchDisableWindowsDefender.IsChecked != null && (bool)SwitchDisableWindowsDefender.IsChecked; var switchDefaultPhotoVierwer = SwitchDefaultPhotoVierwer.IsChecked != null && (bool)SwitchDefaultPhotoVierwer.IsChecked; new Thread(() => { EnableOrDisableWindow(false); if (createRestorePoint) { RestorePoint.CreateRestorePoint($"Use Destroy Windows Spying on {DateTime.Now.Day}-{DateTime.Now.Month}-{DateTime.Now.Year}"); } if (removeDigTrack) { Logger.Log("Disable telemetry..."); DWSFunctions.DigTrackFullRemove(); Logger.Log("Delete keylogger..."); WindowsUtil.RunCmd("/c reg add \"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search\" /v \"AllowCortana\" /t REG_DWORD /d 0 /f "); Logger.Log("Disable cortana..."); foreach (var serviceName in DwsResources.ServicesList) { ServiceSC.DisableService(serviceName); } foreach (var currentTask in DwsResources.Disabletaskslist) { WindowsUtil.ProcStartargs("SCHTASKS", $"/Change /TN \"{currentTask}\" /disable"); Logger.Log($"Disabled task: {currentTask}", Logger.LogType.SUCCESS); } } if (addSpyToHosts) { foreach (var currHost in DwsResources.Hostsdomains) { HostsEditor.AddHostToHosts(currHost); } } if (switchAddSpyIps) { foreach (var currentIpAddr in DwsResources.IpAddr) { WindowsUtil.RunCmd($"/c route -p ADD {currentIpAddr} MASK 255.255.255.255 0.0.0.0"); WindowsUtil.RunCmd($"/c route -p change {currentIpAddr} MASK 255.255.255.255 0.0.0.0 if 1"); WindowsUtil.RunCmd($"/c netsh advfirewall firewall delete rule name=\"{currentIpAddr}_Block\""); WindowsUtil.RunCmd( string.Format( "/c netsh advfirewall firewall add rule name=\"{0}_Block\" dir=out interface=any action=block remoteip={0}", currentIpAddr)); Logger.Log($"Add Windows Firewall rule: \"{currentIpAddr}_Block\""); } WindowsUtil.RunCmd("/c netsh advfirewall firewall delete rule name=\"Explorer.EXE_BLOCK\""); WindowsUtil.RunCmd( $"/c netsh advfirewall firewall add rule name=\"Explorer.EXE_BLOCK\" dir=out interface=any action=block program=\"{System.IO.Path.GetPathRoot(Environment.SystemDirectory)}Windows\\explorer.exe\""); WindowsUtil.RunCmd("/c netsh advfirewall firewall delete rule name=\"WSearch_Block\""); WindowsUtil.RunCmd( "/c netsh advfirewall firewall add rule name=\"WSearch_Block\" dir=out interface=any action=block service=WSearch"); Logger.Log("Add Windows Firewall rule: \"WSearch_Block\"", Logger.LogType.SUCCESS); Logger.Log("Ip list blocked", Logger.LogType.SUCCESS); } if (switchDisablePrivateSettings) { foreach (var currentRegKey in DwsResources.Regkeyvalandother) { WindowsUtil.SetRegValueHkcu(currentRegKey, "Value", "Deny", RegistryValueKind.String); } WindowsUtil.SetRegValueHkcu(@"SOFTWARE\Microsoft\Windows\CurrentVersion\Search", "CortanaEnabled", "0", RegistryValueKind.DWord); WindowsUtil.SetRegValueHkcu(@"SOFTWARE\Microsoft\InputPersonalization", "RestrictImplicitInkCollection", "1", RegistryValueKind.DWord); WindowsUtil.SetRegValueHklm(@"SOFTWARE\Policies\Microsoft\Windows\Windows Search", "DisableWebSearch", "1", RegistryValueKind.DWord); WindowsUtil.SetRegValueHklm(@"SOFTWARE\Policies\Microsoft\Windows\Windows Search", "ConnectedSearchUseWeb", "0", RegistryValueKind.DWord); WindowsUtil.SetRegValueHklm(@"SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors", "DisableLocation", "1", RegistryValueKind.DWord); WindowsUtil.SetRegValueHklm(@"SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors", "DisableWindowsLocationProvider", "1", RegistryValueKind.DWord); WindowsUtil.SetRegValueHklm(@"SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors", "DisableLocationScripting", "1", RegistryValueKind.DWord); WindowsUtil.SetRegValueHklm(@"SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors", "DisableSensors", "1", RegistryValueKind.DWord); WindowsUtil.SetRegValueHklm(@"SYSTEM\CurrentControlSet\Services\lfsvc\Service\Configuration", "Status", "0", RegistryValueKind.DWord); WindowsUtil.SetRegValueHklm( @"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Sensor\Overrides\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}", "SensorPermissionState", "0", RegistryValueKind.DWord); WindowsUtil.SetRegValueHkcu(@"SOFTWARE\Microsoft\Siuf\Rules", "NumberOfSIUFInPeriod", "0", RegistryValueKind.DWord); WindowsUtil.SetRegValueHkcu(@"SOFTWARE\Microsoft\Siuf\Rules", "PeriodInNanoSeconds", "0", RegistryValueKind.DWord); WindowsUtil.SetRegValueHkcu(@"SOFTWARE\Microsoft\Windows\CurrentVersion\Search", "BingSearchEnabled", "0", RegistryValueKind.DWord); WindowsUtil.SetRegValueHklm(@"SOFTWARE\Policies\Microsoft\Windows\TabletPC", "PreventHandwritingDataSharing", "1", RegistryValueKind.DWord); WindowsUtil.SetRegValueHklm(@"SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports", "PreventHandwritingErrorReports", "1", RegistryValueKind.DWord); WindowsUtil.SetRegValueHklm(@"SOFTWARE\Policies\Microsoft\Windows\AppCompat", "DisableInventory", "1", RegistryValueKind.DWord); WindowsUtil.SetRegValueHklm(@"SOFTWARE\Policies\Microsoft\Windows\Personalization", "NoLockScreenCamera", "1", RegistryValueKind.DWord); WindowsUtil.SetRegValueHklm(@"SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo", "Enabled", "0", RegistryValueKind.DWord); WindowsUtil.SetRegValueHkcu(@"SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo", "Enabled", "0", RegistryValueKind.DWord); WindowsUtil.SetRegValueHkcu(@"SOFTWARE\Microsoft\Input\TIPC", "Enabled", "0", RegistryValueKind.DWord); WindowsUtil.SetRegValueHklm(@"SOFTWARE\Policies\Microsoft\Biometrics", "Enabled", "0", RegistryValueKind.DWord); WindowsUtil.SetRegValueHklm(@"SOFTWARE\Policies\Microsoft\Windows\CredUI", "DisablePasswordReveal", "1", RegistryValueKind.DWord); WindowsUtil.SetRegValueHkcu(@"SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync", "SyncPolicy", "5", RegistryValueKind.DWord); WindowsUtil.SetRegValueHkcu(@"SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\Personalization", "Enabled", "0", RegistryValueKind.DWord); WindowsUtil.SetRegValueHkcu(@"SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\BrowserSettings", "Enabled", "0", RegistryValueKind.DWord); WindowsUtil.SetRegValueHkcu(@"SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\Credentials", "Enabled", "0", RegistryValueKind.DWord); WindowsUtil.SetRegValueHkcu(@"SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\Language", "Enabled", "0", RegistryValueKind.DWord); WindowsUtil.SetRegValueHkcu(@"SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\Accessibility", "Enabled", "0", RegistryValueKind.DWord); WindowsUtil.SetRegValueHkcu(@"SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\Windows", "Enabled", "0", RegistryValueKind.DWord); Logger.Log("Private settings disabled", Logger.LogType.SUCCESS); } if (switchDisableWindowsDefender) { try { // REG FILE IMPORT WindowsUtil.ProcStartargs("regedit.exe", $"/s \"{WindowsUtil.ExtractResourceToTemp(Encoding.ASCII.GetBytes(Properties.Resources.windowsdefender_disable), "windowsdefender_disable.reg")}\""); Logger.Log("Disable Windows Defender complete.", Logger.LogType.SUCCESS); WindowsUtil.SetRegValueHklm(@"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer", "SmartScreenEnabled", "Off", RegistryValueKind.String); Logger.Log("Disable Smart Screen complete.", Logger.LogType.SUCCESS); } catch (Exception ex) { Logger.Log($"Error disable Windows Defender or Smart Screen. Exception: {ex}", Logger.LogType.ERROR); } } if (switchDefaultPhotoVierwer) { WindowsUtil.SetRegValueHkcu(@"Software\Classes\.ico", null, "PhotoViewer.FileAssoc.Tiff", RegistryValueKind.String); WindowsUtil.SetRegValueHkcu(@"Software\Classes\.tiff", null, "PhotoViewer.FileAssoc.Tiff", RegistryValueKind.String); WindowsUtil.SetRegValueHkcu(@"Software\Classes\.bmp", null, "PhotoViewer.FileAssoc.Tiff", RegistryValueKind.String); WindowsUtil.SetRegValueHkcu(@"Software\Classes\.png", null, "PhotoViewer.FileAssoc.Tiff", RegistryValueKind.String); WindowsUtil.SetRegValueHkcu(@"Software\Classes\.gif", null, "PhotoViewer.FileAssoc.Tiff", RegistryValueKind.String); WindowsUtil.SetRegValueHkcu(@"Software\Classes\.jpeg", null, "PhotoViewer.FileAssoc.Tiff", RegistryValueKind.String); WindowsUtil.SetRegValueHkcu(@"Software\Classes\.jpg", null, "PhotoViewer.FileAssoc.Tiff", RegistryValueKind.String); Logger.Log("Set Default PhotoViewer complete.", Logger.LogType.SUCCESS); } Logger.Log("COMPLETE.", Logger.LogType.SUCCESS); EnableOrDisableWindow(true); if (MessageBox.Show("Complete.\r\nRestart system now?", "Ask", MessageBoxButton.YesNo, MessageBoxImage.Question) == MessageBoxResult.Yes) { Process.Start("shutdown.exe", "-r -t 0"); } }).Start(); }
private void EnableWindowsDefenderClick(object sender, RoutedEventArgs e) { // REG FILE IMPORT WindowsUtil.ProcStartargs("regedit.exe", $"/s \"{WindowsUtil.ExtractResourceToTemp(Encoding.ASCII.GetBytes(Properties.Resources.windowsdefender_enable), "windowsdefender_enable.reg")}\""); Logger.Log("Enable Windows Defender complete.", Logger.LogType.SUCCESS); }
private void MainDWSButton_Click(object sender, RoutedEventArgs e) { var createRestorePoint = SwitchCreateRestorePoint.IsChecked != null && (bool)SwitchCreateRestorePoint.IsChecked; var removeDigTrack = SwitchDigTrackThelemetry.IsChecked != null && (bool)SwitchDigTrackThelemetry.IsChecked; var switchDisablePrivateSettings = SwitchDisablePrivateSettings.IsChecked != null && (bool)SwitchDisablePrivateSettings.IsChecked; var switchDisableWindowsDefender = SwitchDisableWindowsDefender.IsChecked != null && (bool)SwitchDisableWindowsDefender.IsChecked; new Thread(() => { EnableOrDisableWindow(false); if (createRestorePoint) { RestorePoint.CreateRestorePoint($"Use Destroy Windows Spying on {DateTime.Now.Day}-{DateTime.Now.Month}-{DateTime.Now.Year}"); } if (removeDigTrack) { Logger.Log("Disable telemetry..."); DWSFunctions.DigTrackFullRemove(); Logger.Log("Delete keylogger..."); WindowsUtil.RunCmd("/c reg add \"HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Windows Search\" /v \"AllowCortana\" /t REG_DWORD /d 0 /f "); Logger.Log("Disable cortana..."); foreach (var serviceName in DwsResources.ServicesList) { ServiceSC.DisableService(serviceName); } foreach (var currentTask in DwsResources.Disabletaskslist) { WindowsUtil.ProcStartargs("SCHTASKS", $"/Change /TN \"{currentTask}\" /disable"); Logger.Log($"Disabled task: {currentTask}", Logger.LogType.SUCCESS); } } if (switchDisablePrivateSettings) { foreach (var currentRegKey in DwsResources.Regkeyvalandother) { WindowsUtil.SetRegValueHkcu(currentRegKey, "Value", "Deny", RegistryValueKind.String); } WindowsUtil.SetRegValueHkcu(@"SOFTWARE\Microsoft\Windows\CurrentVersion\Search", "CortanaEnabled", "0", RegistryValueKind.DWord); WindowsUtil.SetRegValueHkcu(@"SOFTWARE\Microsoft\InputPersonalization", "RestrictImplicitInkCollection", "1", RegistryValueKind.DWord); WindowsUtil.SetRegValueHklm(@"SOFTWARE\Policies\Microsoft\Windows\Windows Search", "DisableWebSearch", "1", RegistryValueKind.DWord); WindowsUtil.SetRegValueHklm(@"SOFTWARE\Policies\Microsoft\Windows\Windows Search", "ConnectedSearchUseWeb", "0", RegistryValueKind.DWord); WindowsUtil.SetRegValueHklm(@"SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors", "DisableLocation", "1", RegistryValueKind.DWord); WindowsUtil.SetRegValueHklm(@"SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors", "DisableWindowsLocationProvider", "1", RegistryValueKind.DWord); WindowsUtil.SetRegValueHklm(@"SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors", "DisableLocationScripting", "1", RegistryValueKind.DWord); WindowsUtil.SetRegValueHklm(@"SOFTWARE\Policies\Microsoft\Windows\LocationAndSensors", "DisableSensors", "1", RegistryValueKind.DWord); WindowsUtil.SetRegValueHklm(@"SYSTEM\CurrentControlSet\Services\lfsvc\Service\Configuration", "Status", "0", RegistryValueKind.DWord); WindowsUtil.SetRegValueHklm( @"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Sensor\Overrides\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}", "SensorPermissionState", "0", RegistryValueKind.DWord); WindowsUtil.SetRegValueHkcu(@"SOFTWARE\Microsoft\Siuf\Rules", "NumberOfSIUFInPeriod", "0", RegistryValueKind.DWord); WindowsUtil.SetRegValueHkcu(@"SOFTWARE\Microsoft\Siuf\Rules", "PeriodInNanoSeconds", "0", RegistryValueKind.DWord); WindowsUtil.SetRegValueHkcu(@"SOFTWARE\Microsoft\Windows\CurrentVersion\Search", "BingSearchEnabled", "0", RegistryValueKind.DWord); WindowsUtil.SetRegValueHklm(@"SOFTWARE\Policies\Microsoft\Windows\TabletPC", "PreventHandwritingDataSharing", "1", RegistryValueKind.DWord); WindowsUtil.SetRegValueHklm(@"SOFTWARE\Policies\Microsoft\Windows\HandwritingErrorReports", "PreventHandwritingErrorReports", "1", RegistryValueKind.DWord); WindowsUtil.SetRegValueHklm(@"SOFTWARE\Policies\Microsoft\Windows\AppCompat", "DisableInventory", "1", RegistryValueKind.DWord); WindowsUtil.SetRegValueHklm(@"SOFTWARE\Policies\Microsoft\Windows\Personalization", "NoLockScreenCamera", "1", RegistryValueKind.DWord); WindowsUtil.SetRegValueHklm(@"SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo", "Enabled", "0", RegistryValueKind.DWord); WindowsUtil.SetRegValueHkcu(@"SOFTWARE\Microsoft\Windows\CurrentVersion\AdvertisingInfo", "Enabled", "0", RegistryValueKind.DWord); WindowsUtil.SetRegValueHkcu(@"SOFTWARE\Microsoft\Input\TIPC", "Enabled", "0", RegistryValueKind.DWord); WindowsUtil.SetRegValueHklm(@"SOFTWARE\Policies\Microsoft\Biometrics", "Enabled", "0", RegistryValueKind.DWord); WindowsUtil.SetRegValueHklm(@"SOFTWARE\Policies\Microsoft\Windows\CredUI", "DisablePasswordReveal", "1", RegistryValueKind.DWord); WindowsUtil.SetRegValueHkcu(@"SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync", "SyncPolicy", "5", RegistryValueKind.DWord); WindowsUtil.SetRegValueHkcu(@"SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\Personalization", "Enabled", "0", RegistryValueKind.DWord); WindowsUtil.SetRegValueHkcu(@"SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\BrowserSettings", "Enabled", "0", RegistryValueKind.DWord); WindowsUtil.SetRegValueHkcu(@"SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\Credentials", "Enabled", "0", RegistryValueKind.DWord); WindowsUtil.SetRegValueHkcu(@"SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\Language", "Enabled", "0", RegistryValueKind.DWord); WindowsUtil.SetRegValueHkcu(@"SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\Accessibility", "Enabled", "0", RegistryValueKind.DWord); WindowsUtil.SetRegValueHkcu(@"SOFTWARE\Microsoft\Windows\CurrentVersion\SettingSync\Groups\Windows", "Enabled", "0", RegistryValueKind.DWord); Logger.Log("Private settings disabled", Logger.LogType.SUCCESS); } if (switchDisableWindowsDefender) { try { // REG FILE IMPORT WindowsUtil.ProcStartargs("regedit.exe", $"/s \"{WindowsUtil.ExtractResourceToTemp(Encoding.ASCII.GetBytes(Properties.Resources.windowsdefender_disable), "windowsdefender_disable.reg")}\""); Logger.Log("Disable Windows Defender complete.", Logger.LogType.SUCCESS); WindowsUtil.SetRegValueHklm(@"SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer", "SmartScreenEnabled", "Off", RegistryValueKind.String); Logger.Log("Disable Smart Screen complete.", Logger.LogType.SUCCESS); } catch (Exception ex) { Logger.Log($"Error disabling Windows Defender or Smart Screen. Exception: {ex}", Logger.LogType.ERROR); } } Logger.Log("COMPLETE.", Logger.LogType.SUCCESS); EnableOrDisableWindow(true); if (MessageBox.Show("Complete.\r\nRestart system now?", "Ask", MessageBoxButton.YesNo, MessageBoxImage.Question) == MessageBoxResult.Yes) { Process.Start("shutdown.exe", "-r -t 0"); } }).Start(); }