Home

Console program to check if files has been changed by crypto ransomware like Locky.
The program can monitor folders on shares which are mapped by the user.
It can create local hares with subst and net use command and monitor these shares for file changes.
The programm runs under user account.
This way it is possible to monitor shares which are mapped by the user.

Commandline parameter:
-i
Add a windows autorun entry for lockymonitor.exe to the registry.
This way lockymonitor.exe runs hidden every time when a user log into windows.
Installs a windows service LockyDisconnectService.
This service can dissable all physical network adapters if a alarm is triggerd.

-u
Uninstall will remove LockyMonitor.exe from windows autorun in the registry.
Uninstall the windows LockyDisconnectService.
Delete the lockymonitor folder.

To install run InstallLockyMonitor.CMD as administrator.
To uninstall run UninstallLockyMonitor.CMD as administrator.

To change the Program settings edit the xml file:
"C:\Program Files\LockyMonitor\LockyMonitor.exe.config"

Dokumentation of the programm parameters in LockyMonitor.exe.config is not avaliable yet.
There are some comments about the parmaters in the c# source code.

Project Members:

• sojasprosse (admin)