Introduction:
dBug is a tiny utility that essentially serves the same purpose as KillEmAll, to neutralize malware that prevents you from running anti-malware tools, while taking a far different approach and working much faster. dBug 1.1 and above can also be run from a WinPE environment, serving the same purpose as utils like HitmanPro Kickstarter.
Purpose:
dBug does NOT locate or remove malware. It merely provides you with the opportunity to run anti-malware tools or manually find and remove the malware.
Behavior:
dBug removes Windows auto-start entries and restricts executables from running in common malware hiding places, then it restarts Windows. The idea is that the malware cannot load after a restart, and from there you can use removal tools or processes to locate and remove the malware.
Usage:
- When malware has taken over Windows, run dBug as many times as it takes for it to restart Windows. Once Windows begins a restart, you know that dBug has done its job.
- Once Windows has restarted, the malware should not be running and you have the opportunity to use removal tools and processes. Locate and remove the malware.
- With the malware removed, run dBug a second time to get the removal prompt; you will also have a dBug_Undo.cmd that does the same thing. Removal will undo the changes made by dBug.exe so other legitimate applications have the opportunity to function normally.
- For reference only, the manual command to undo the dBug modifications is to run the dBug.exe with a command line parameter of “/u” (no quotes of course) ex: dBug.exe /u
WinPE/Offline Usage: (Available in v1.1)
- Prepare a WinPE disk or flash drive if you do not have one already. Consult the guide here: https://www.d7xtech.com/tech-info/creating-a-winpe-5-1-bootable/
- Load your WinPE disk/flash drive with the dBug files, and run dBug_WinPE.cmd.
- Select the target drive letter containing the Windows partition the infection is located on. If using a Win8.1SE build (linked to in step 1) this is typically C: drive.
- Next you will receive a shutdown prompt, select yes and do NOT load the WinPE build this time, boot straight into Windows, which should start with NO RUNNING MALWARE.
- Remove the malware causing the issue with standard tools.
- Finally run dBug_Undo.cmd from the dBug_[random] directory in order to undo the changes made by dBug.exe so other legitimate applications have the opportunity to function normally.
Tips & Tricks:
- Rename the “dBug.exe” file to a critical Windows executable file name, such as “svchost.exe” “winlogon.exe” or “explorer.exe” before usage. Naming it as a critical Windows executable will sometimes fool the malware into allowing it to run initially, giving it enough time to make its modifications and perform the restart. Note you will need to rename it back before using (or alter the names inside) the dBug_Undo.cmd and dBug_WinPE.cmd files to use those properly.
Caveats:
- Do NOT use with remote access tools; more than likely it will prevent the software from running and therefore prevent you from reconnecting!!!
License:
- Freeware. Completely free for personal and commercial use.
We’re glad you wish to make a donation to our team, and even more so that whatever we’ve done for you was worth it!
Thank you for supporting our team, from the entire crew at d7xTech, Inc!
($5 minimum - do not use a $ in the price field!)
Recent Changes:
- 19.4.16 – Misc code changes and fixes; version numbering now reflects the release date.
- 2.0 – Complete re-write. Operates FASTER. Prevents MUCH MORE.
- 1.2.1 – Minor bug fix.
- 1.2 – Added a reminder prompt on startup when dBug is ‘active’ (meaning that you still need to run dBug_Undo.cmd to finish.)
- 1.1 – Added a WinPE mode so dBug can run from a WinPE environment and make its modifications to Windows prior to booting into that copy of Windows, so that the malware never executes to begin with.
Download
Downloaded 516 times
