{"id":920,"date":"2024-07-23T20:36:22","date_gmt":"2024-07-23T20:36:22","guid":{"rendered":"https:\/\/www.pedrof.com\/blog\/?page_id=920"},"modified":"2024-07-24T23:33:22","modified_gmt":"2024-07-24T23:33:22","slug":"fixer-for-crowdstrike-incident","status":"publish","type":"page","link":"https:\/\/www.pedrof.com\/blog\/en\/projects\/fixer-for-crowdstrike-incident\/","title":{"rendered":"Fixer for CrowdStrike incident"},"content":{"rendered":"<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"513\" height=\"467\" src=\"https:\/\/www.pedrof.com\/blog\/wp-content\/uploads\/2024\/07\/CrowdStrike_Fixer.png\" alt=\"\" class=\"wp-image-898\" srcset=\"https:\/\/www.pedrof.com\/blog\/wp-content\/uploads\/2024\/07\/CrowdStrike_Fixer.png 513w, https:\/\/www.pedrof.com\/blog\/wp-content\/uploads\/2024\/07\/CrowdStrike_Fixer-300x273.png 300w\" sizes=\"auto, (max-width: 513px) 100vw, 513px\" \/><\/figure>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\">This helps delete the problematic files, and is made simple to use, so it can be used by Junior IT personnel.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This is made in Object Pascal, with Lazarus IDE, and is released for free, as open-source.<\/p>\n\n\n\n<h2 class=\"wp-block-heading has-text-align-center\">Features<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Simple and intuitive<\/li>\n\n\n\n<li>Ability to first check for the problematic files (C-00000291*.sys), without changing anything on the system<\/li>\n\n\n\n<li>1-Click removal of the problematic files<\/li>\n\n\n\n<li>Ability to Enable and Disable the Windows Safe Mode &#8211; both from the App and from the WinPE bootable ISO<\/li>\n\n\n\n<li>Does not require the use of command line<\/li>\n\n\n\n<li>Works fully offline and does not contact any servers (eg. does not &#8220;phone home&#8221;)<\/li>\n\n\n\n<li>Free and open-source<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading has-text-align-center\">How to use the App<\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code>1. Boot into Safe mode or Windows Recovery Environment\n2. If necessary, unlock the C: Drive with the button \"Unlock C:\\ Drive with Bitlocker\"\n3. Run the application and click \"FIX IT\"\n3. Reboot<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading has-text-align-center\">Download the App<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/www.pedrof.com\/files\/crowdstrike_fixer\/1.04\/fixer_64.exe\" data-type=\"link\" data-id=\"https:\/\/www.pedrof.com\/files\/crowdstrike_fixer\/1.04\/fixer_64.exe\">Download version 1.04 (64 Bits)<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/www.virustotal.com\/gui\/file\/090c17e02d0d52ad48f290a8684c1a1baaf755c51aab968ab90316a6fcd38c3d\" data-type=\"link\" data-id=\"https:\/\/www.virustotal.com\/gui\/file\/090c17e02d0d52ad48f290a8684c1a1baaf755c51aab968ab90316a6fcd38c3d\">100% clean on VirusTotal<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">SHA-1 Hash: <a>CA9E87F62404E73C27CE1823ED808E8C516AEA0A<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/www.pedrof.com\/files\/crowdstrike_fixer\/1.04\/fixer_source_code_1.04.zip\" data-type=\"link\" data-id=\"https:\/\/www.pedrof.com\/files\/crowdstrike_fixer\/1.04\/fixer_source_code_1.04.zip\">Source Code<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading has-text-align-center\">Create a bootable ISO<\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"767\" src=\"https:\/\/www.pedrof.com\/blog\/wp-content\/uploads\/2024\/07\/Fixer_WinPE.png\" alt=\"\" class=\"wp-image-947\" srcset=\"https:\/\/www.pedrof.com\/blog\/wp-content\/uploads\/2024\/07\/Fixer_WinPE.png 1024w, https:\/\/www.pedrof.com\/blog\/wp-content\/uploads\/2024\/07\/Fixer_WinPE-300x225.png 300w, https:\/\/www.pedrof.com\/blog\/wp-content\/uploads\/2024\/07\/Fixer_WinPE-768x575.png 768w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><figcaption class=\"wp-element-caption\">Fixer as a bootable option, running from a bootable USB<\/figcaption><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">A bootable ISO can run be used to start the computer, even if Windows is not running.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">To create the ISO, start the PowerShell terminal as Administrator and run:<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>irm https:\/\/www.pedrof.com\/fixer.ps1 | iex<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The will install the <em>Windows Assessment and Deployment Kit (Windows ADK) and Windows PE add-on<\/em> on your computer and create the bootable file in your Desktop: fixer.iso<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">To then create a a USB drive, use <a href=\"https:\/\/rufus.ie\/\" data-type=\"link\" data-id=\"https:\/\/rufus.ie\/\">Rufus<\/a>, with the default options.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">System requirements:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Windows 10 or Windows 11<\/li>\n\n\n\n<li>Internet access: approximately 3.4 GB will be downloaded<\/li>\n\n\n\n<li>Space requirements: 9 GB of available space<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>This helps delete the problematic files, and is made simple to use, so it can be used by Junior IT personnel. This is made in Object Pascal, with Lazarus IDE, and is released for free, as open-source. Features How to use the App Download the App Download version 1.04 (64 Bits) 100% clean on VirusTotal&hellip; <a class=\"more-link\" href=\"https:\/\/www.pedrof.com\/blog\/en\/projects\/fixer-for-crowdstrike-incident\/\">Continue reading <span class=\"screen-reader-text\">Fixer for CrowdStrike incident<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"parent":305,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-920","page","type-page","status-publish","hentry","entry"],"_links":{"self":[{"href":"https:\/\/www.pedrof.com\/blog\/wp-json\/wp\/v2\/pages\/920","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.pedrof.com\/blog\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.pedrof.com\/blog\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.pedrof.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.pedrof.com\/blog\/wp-json\/wp\/v2\/comments?post=920"}],"version-history":[{"count":28,"href":"https:\/\/www.pedrof.com\/blog\/wp-json\/wp\/v2\/pages\/920\/revisions"}],"predecessor-version":[{"id":1077,"href":"https:\/\/www.pedrof.com\/blog\/wp-json\/wp\/v2\/pages\/920\/revisions\/1077"}],"up":[{"embeddable":true,"href":"https:\/\/www.pedrof.com\/blog\/wp-json\/wp\/v2\/pages\/305"}],"wp:attachment":[{"href":"https:\/\/www.pedrof.com\/blog\/wp-json\/wp\/v2\/media?parent=920"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}