Weekly Spybot scan using KIX script!!!!!!!!!!!!!!!!!!!! - KiXtart.org

You are not logged in. [Log In] KiXtart.org website » Forums » KiXtart » Advanced Scripting » Weekly Spybot scan using KIX script!!!!!!!!!!!!!!!!!!!!

Page 1 of 2

Topic Options

#145379 - 2005-08-11 03:59 PM

Weekly Spybot scan using KIX script!!!!!!!!!!!!!!!!!!!!

Scriptodude Offline

Fresh Scripter

Registered: 2005-04-22
Posts: 26

[LONG LINES EDITED/REMOVED By NTDOC]

I wrote this script back at the end of 03 because we were having serious spyware/adware
related problems on our domain. The script basically checks to see if spybot 1.3 is
installed, if so then checks for updates, kills a butt-load of known malware processes
and then runs a scan and fixes any problems if found.

I was wondering if any of the "kix addicts" out here had any advice on how to clean
this script up and even make it run a little more efficiently. I am getting ready to
adapt this script to the new Spybot 1.4. Any advice/criticism would be appreciated.

Thanks,
Bryan

Code:

 
;Package script for SDO
;Created by
;11/12/03
;
;Spybot Search & Destroy v1.3 SCAN ONLY!
;
;**WARNING** - This is a silent script! Spybot will automatically scan and remove any 
;detected spyware/adware ;without asking for confirmation! Do NOT use this script unless 
;you are ok with Spybot removing all entries ;without confirmation from the user. 
;
;MODIFIED - 12/9/03 - Added section to verify version of Spybot, check if fixes existed 
;previously move them ;to old folder, kill common spyware processes, delete runonce 
;value so Spybot will not start at boot, and ;verify that Spybot created a fixes log
; after scan.
;
;MODIFIED - 1/13/04 - Added line to Spybot scan section to copy tools.dll to Spybot 
;programs folder.
;
;MODIFIED - 1/16/04 - Added a butt-load of processes to kill before running a scan.
;
;MODIFIED - 11/22/04 - Updated list of processes to kill before scan
;
;MODIFIED - 4/7/05 - Added COPY command to copy exclude list to local system due 
;to a problem with Spybot deleting ;HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\
;{2093C8E0-3811-11D0-A6BE-0040052A64D9} from the registry and causing ;ViewNow to 
;try and repair itself on RMD systems.


:start

$nul = ""
$PCNAME = @WKSTA
$NTEventSource = "KiXtart"
$SpybotExists = EXIST("C:\Program Files\Spybot - Search & Destroy\spybotsd.exe")
$SpybotVer = GetFileVersion("C:\Program Files\Spybot - Search & Destroy\spybotsd.exe",
 "FileVersion")
 
  goto "SpybotExists"

;***************************************************************************
;****************
;Check to see if Spybot is already installed!
;**************************************************************************
;*****************

:SpybotExists

IF $SpybotExists = 1
	goto "CheckVer"
else
	goto "report2"

Endif

;*************************************************************************
;******************
;Check to see if Spybot is version 1.3 or greater!
;*************************************************************************
;******************

:CheckVer

IF $SpybotVer >= "1, 3, 0, 12"
	goto "OldFixes"
    else
	goto "report3"

;*************************************************************************
;******************
;If Spybot existed previously move the old fix logs to a folder named Old!
;************************************************************************
;*******************

:OldFixes

IF EXIST("%ALLUSERSPROFILE%\Application Data\Spybot - Search & Destroy\logs\fixe*.txt")
	MOVE "%ALLUSERSPROFILE%\Application Data\Spybot - Search & Destroy\logs
	\fixe*.txt" "%ALLUSERSPROFILE%\Application Data\Spybot - Search & 
	Destroy\logs\fixe*.old"
	goto "SpybotScan"
    else
	goto "SpybotScan"

;***************************************************************************
;***************
;Run an autoupdate to download the latest detections.
;**************************************************************************
;****************

:SpybotScan

MD "%ALLUSERSPROFILE%\Application Data\Spybot - Search & Destroy\logs"
COPY "\\\Spybot\SPYBOT\Excludes\*.*" "%ALLUSERSPROFILE%\Application Data\
Spybot - Search & Destroy\Excludes" /c /h /r /s

;$mbox = Messagebox ("		    !!!!!WEEKLY SPYWARE SCAN NOTIFICATION!!!!!
;
;	- Spybot will begin scanning for known spyware and adware in 10 minutes.
;	- Click the OK button to start the scan immediately.
;	- There is no need to reboot after the scan.
;	- If you have any issues or concerns please contact the.
;	- We apologize for any inconvenience this may cause.
;
;				 Thank You,
;				 , "WEEKLY SPYBOT SCAN!!!!", 4096, 600)
				 
SHELL "C:\Program Files\Spybot - Search & Destroy\spybotsd.exe /taskbarhide 
/autoupdate /autoclose"


;***************************************************************************
;***************
;Kill some of the most common spyware/adware processes so that they can be 
;"fixed" without a reboot and then ;run a silent check on the system and 
;remove anything Spybot finds.  The default configuration.ini file(copied 
;to local pc above) is set to Confirmation=0 which tells Spybot not to prompt 
;the user to removed selected ;items after a scan.  In this same file the 
;Legals= option has been set to 1 so that Spybot will not prompt the ;user 
;with a legal notice the first time the program runs.
;*************************************************************************
;*****************

COPY ".\PSKILL.EXE" "C:\"
SHELL "c:\PSKILL.EXE 180ax.exe"
SHELL "c:\PSKILL.EXE a.exe"
SHELL "c:\PSKILL.EXE actalert.exe"
SHELL "c:\PSKILL.EXE adaware.exe"
SHELL "c:\PSKILL.EXE alchem.exe"
SHELL "c:\PSKILL.EXE alevir.exe"
SHELL "c:\PSKILL.EXE aqadcup.exe"
SHELL "c:\PSKILL.EXE arr.exe"
SHELL "c:\PSKILL.EXE arupdate.exe"
SHELL "c:\PSKILL.EXE asm.exe"
SHELL "c:\PSKILL.EXE av.exe"
SHELL "c:\PSKILL.EXE avserve.exe"
SHELL "c:\PSKILL.EXE avserve2.exe"
SHELL "c:\PSKILL.EXE autoupdate.exe"
SHELL "c:\PSKILL.EXE backweb.exe"
SHELL "c:\PSKILL.EXE bargains.exe"
SHELL "c:\PSKILL.EXE basfipm.exe"
SHELL "c:\PSKILL.EXE belt.exe"
SHELL "c:\PSKILL.EXE biprep.exe"
SHELL "c:\PSKILL.EXE blss.exe"
SHELL "c:\PSKILL.EXE bokja.exe"
SHELL "c:\PSKILL.EXE bootconf.exe"
SHELL "c:\PSKILL.EXE bpc.exe"
SHELL "c:\PSKILL.EXE brasil.exe"
SHELL "c:\PSKILL.EXE bridge.dll"
SHELL "c:\PSKILL.EXE bugsfix.exe"
SHELL "c:\PSKILL.EXE bundle.exe"
SHELL "c:\PSKILL.EXE bvt.exe"
SHELL "c:\PSKILL.EXE cashback.exe"
SHELL "c:\PSKILL.EXE cfd.exe"
SHELL "c:\PSKILL.EXE cmd32.exe"
SHELL "c:\PSKILL.EXE CMEsys.exe"
SHELL "c:\PSKILL.EXE CMEupd.exe"
SHELL "c:\PSKILL.EXE conime.exe"
SHELL "c:\PSKILL.EXE conscorr.exe"
SHELL "c:\PSKILL.EXE datemanager.exe"
SHELL "c:\PSKILL.EXE dcomx.exe"
SHELL "c:\PSKILL.EXE directs.exe"
SHELL "c:\PSKILL.EXE divx.exe"
SHELL "c:\PSKILL.EXE dllreg.exe"
SHELL "c:\PSKILL.EXE dmserver.exe"
SHELL "c:\PSKILL.EXE dpi.exe"
SHELL "c:\PSKILL.EXE dpps2.exe"
SHELL "c:\PSKILL.EXE dssagent.exe"
SHELL "c:\PSKILL.EXE dvdkeyauth.exe"
SHELL "c:\PSKILL.EXE ebatesmoemoneymaker.exe"
SHELL "c:\PSKILL.EXE emsw.exe"
SHELL "c:\PSKILL.EXE exdl.exe"
SHELL "c:\PSKILL.EXE exec.exe"
SHELL "c:\PSKILL.EXE explore.exe"
SHELL "c:\PSKILL.EXE explored.exe"
SHELL "c:\PSKILL.EXE fash.exe"
SHELL "c:\PSKILL.EXE fntldr.exe"
SHELL "c:\PSKILL.EXE fs_4104.exe"
SHELL "c:\PSKILL.EXE fvprotect.exe"
SHELL "c:\PSKILL.EXE game.exe"
SHELL "c:\PSKILL.EXE gator.exe"
SHELL "c:\PSKILL.EXE GMT.exe"
SHELL "c:\PSKILL.EXE goidr.exe"
SHELL "c:\PSKILL.EXE hbinst.exe"
SHELL "c:\PSKILL.EXE hbsrv.exe"
SHELL "c:\PSKILL.EXE hxdl.exe"
SHELL "c:\PSKILL.EXE hxiul.exe"
SHELL "c:\PSKILL.EXE iedll.exe"
SHELL "c:\PSKILL.EXE iedriver.exe"
SHELL "c:\PSKILL.EXE iehost.exe"
SHELL "c:\PSKILL.EXE iexplorer.exe"
SHELL "c:\PSKILL.EXE infus.exe"
SHELL "c:\PSKILL.EXE infwin.exe"
SHELL "c:\PSKILL.EXE intdel.exe"
SHELL "c:\PSKILL.EXE intdel_2.exe"
SHELL "c:\PSKILL.EXE isass.exe"
SHELL "c:\PSKILL.EXE istsvc.exe"
SHELL "c:\PSKILL.EXE jawa32.exe"
SHELL "c:\PSKILL.EXE jdbgmrg.exe"
SHELL "c:\PSKILL.EXE kazza.exe"
SHELL "c:\PSKILL.EXE keenvalue.exe"
SHELL "c:\PSKILL.EXE kernel32.exe"
SHELL "c:\PSKILL.EXE lass.exe"
SHELL "c:\PSKILL.EXE launcher.exe"
SHELL "c:\PSKILL.EXE loader.exe"
SHELL "c:\PSKILL.EXE lssas.exe"
SHELL "c:\PSKILL.EXE mapisvc32.exe"
SHELL "c:\PSKILL.EXE mario.exe"
SHELL "c:\PSKILL.EXE md.exe"
SHELL "c:\PSKILL.EXE mfin32.exe"
SHELL "c:\PSKILL.EXE mmod.exe"
SHELL "c:\PSKILL.EXE mostat.exe"
SHELL "c:\PSKILL.EXE msapp.exe"
SHELL "c:\PSKILL.EXE msbb.exe"
SHELL "c:\PSKILL.EXE msblast.exe"
SHELL "c:\PSKILL.EXE mscache.exe"
SHELL "c:\PSKILL.EXE msccn32.exe"
SHELL "c:\PSKILL.EXE mscman.exe"
SHELL "c:\PSKILL.EXE msdm.exe"
SHELL "c:\PSKILL.EXE msgfix.exe"
SHELL "c:\PSKILL.EXE msiexec16.exe"
SHELL "c:\PSKILL.EXE msinfo.exe"
SHELL "c:\PSKILL.EXE mslagent.exe"
SHELL "c:\PSKILL.EXE mslaugh.exe"
SHELL "c:\PSKILL.EXE msmc.exe"
SHELL "c:\PSKILL.EXE msmgt.exe"
SHELL "c:\PSKILL.EXE msmsgri32.exe"
SHELL "c:\PSKILL.EXE msn.exe"
SHELL "c:\PSKILL.EXE msrexe.exe"
SHELL "c:\PSKILL.EXE mssvc32.exe"
SHELL "c:\PSKILL.EXE mssys.exe"
SHELL "c:\PSKILL.EXE msvxd.exe"
SHELL "c:\PSKILL.EXE mwsoemon.exe"
SHELL "c:\PSKILL.EXE mwsvm.exe"
SHELL "c:\PSKILL.EXE netd32.exe"
SHELL "c:\PSKILL.EXE nls.exe"
SHELL "c:\PSKILL.EXE nssys32.exe"
SHELL "c:\PSKILL.EXE nstask32.exe"
SHELL "c:\PSKILL.EXE nsupdate.exe"
SHELL "c:\PSKILL.EXE omniscient.exe"
SHELL "c:\PSKILL.EXE onsrvr.exe"
SHELL "c:\PSKILL.EXE optimize.exe"
SHELL "c:\PSKILL.EXE p2p networking.exe"
SHELL "c:\PSKILL.EXE patch.exe"
SHELL "c:\PSKILL.EXE pcsvc.exe"
SHELL "c:\PSKILL.EXE pgmonitr.exe"
SHELL "c:\PSKILL.EXE pib.exe"
SHELL "c:\PSKILL.EXE powerscan.exe"
SHELL "c:\PSKILL.EXE Precisiontime.exe"
SHELL "c:\PSKILL.EXE precpop2.exe"
SHELL "c:\PSKILL.EXE prizesurfer.exe"
SHELL "c:\PSKILL.EXE prmt.exe"
SHELL "c:\PSKILL.EXE prmvr.exe"
SHELL "c:\PSKILL.EXE ray.exe"
SHELL "c:\PSKILL.EXE rb32.exe"
SHELL "c:\PSKILL.EXE rcsync.exe"
SHELL "c:\PSKILL.EXE run32dll.exe"
SHELL "c:\PSKILL.EXE rundll.exe"
SHELL "c:\PSKILL.EXE rundll16.exe"
SHELL "c:\PSKILL.EXE ruxdll32.exe"
SHELL "c:\PSKILL.EXE saap.exe"
SHELL "c:\PSKILL.EXE sahagent.exe"
SHELL "c:\PSKILL.EXE sais.exe"
SHELL "c:\PSKILL.EXE save.exe"
SHELL "c:\PSKILL.EXE savenow.exe"
SHELL "c:\PSKILL.EXE sc.exe"
SHELL "c:\PSKILL.EXE scam32.exe"
SHELL "c:\PSKILL.EXE scrsvr.exe"
SHELL "c:\PSKILL.EXE scvhost.exe"
SHELL "c:\PSKILL.EXE searchupgrader.exe"
SHELL "c:\PSKILL.EXE service.exe"
SHELL "c:\PSKILL.EXE showbehind.exe"
SHELL "c:\PSKILL.EXE slmss.exe"
SHELL "c:\PSKILL.EXE soap.exe"
SHELL "c:\PSKILL.EXE spoler.exe"
SHELL "c:\PSKILL.EXE spoolsvv.exe"
SHELL "c:\PSKILL.EXE spyhunter.exe"
SHELL "c:\PSKILL.EXE srng.exe"
SHELL "c:\PSKILL.EXE start.exe"
SHELL "c:\PSKILL.EXE stcloader.exe"
SHELL "c:\PSKILL.EXE support.exe"
SHELL "c:\PSKILL.EXE svc.exe"
SHELL "c:\PSKILL.EXE svchosts.exe"
SHELL "c:\PSKILL.EXE svshost.exe"
SHELL "c:\PSKILL.EXE sync.exe"
SHELL "c:\PSKILL.EXE system.exe"
SHELL "c:\PSKILL.EXE system32.exe"
SHELL "c:\PSKILL.EXE tb_setup.exe"
SHELL "c:\PSKILL.EXE teekids.exe"
SHELL "c:\PSKILL.EXE trickler.exe"
SHELL "c:\PSKILL.EXE tsadbot.exe"
SHELL "c:\PSKILL.EXE tvm.exe"
SHELL "c:\PSKILL.EXE tvmd.exe"
SHELL "c:\PSKILL.EXE tvtmd.exe"
SHELL "c:\PSKILL.EXE update.exe"
SHELL "c:\PSKILL.EXE updatestats.exe"
SHELL "c:\PSKILL.EXE updmgr.exe"
SHELL "c:\PSKILL.EXE uptodate.exe"
SHELL "c:\PSKILL.EXE viewmgr.exe"
SHELL "c:\PSKILL.EXE virtualbouncer.exe"
SHELL "c:\PSKILL.EXE vvsn.exe"
SHELL "c:\PSKILL.EXE wast.exe"
SHELL "c:\PSKILL.EXE weather.exe"
SHELL "c:\PSKILL.EXE web.exe"
SHELL "c:\PSKILL.EXE webdav.exe"
SHELL "c:\PSKILL.EXE webrebates.exe"
SHELL "c:\PSKILL.EXE webrebates0.exe"
SHELL "c:\PSKILL.EXE win_upd2.exe"
SHELL "c:\PSKILL.EXE win32.exe"
SHELL "c:\PSKILL.EXE win32us.exe"
SHELL "c:\PSKILL.EXE winactive.exe"
SHELL "c:\PSKILL.EXE winad.exe"
SHELL "c:\PSKILL.EXE winadtools.exe"
SHELL "c:\PSKILL.EXE win-bugsfix.exe"
SHELL "c:\PSKILL.EXE windirect.exe"
SHELL "c:\PSKILL.EXE windows.exe"
SHELL "c:\PSKILL.EXE wingo.exe"
SHELL "c:\PSKILL.EXE wininetd.exe"
SHELL "c:\PSKILL.EXE wininit.exe"
SHELL "c:\PSKILL.EXE winlock.exe"
SHELL "c:\PSKILL.EXE winlogin.exe"
SHELL "c:\PSKILL.EXE winmain.exe"
SHELL "c:\PSKILL.EXE winnet.exe"
SHELL "c:\PSKILL.EXE winppr32.exe"
SHELL "c:\PSKILL.EXE winratchet.exe"
SHELL "c:\PSKILL.EXE winservn.exe"
SHELL "c:\PSKILL.EXE winssk32.exe"
SHELL "c:\PSKILL.EXE winstart.exe"
SHELL "c:\PSKILL.EXE winstart001.exe"
SHELL "c:\PSKILL.EXE wintime.exe"
SHELL "c:\PSKILL.EXE wintsk32.exe"
SHELL "c:\PSKILL.EXE winupdate.exe"
SHELL "c:\PSKILL.EXE winxp.exe"
SHELL "c:\PSKILL.EXE wjview.exe"
SHELL "c:\PSKILL.EXE wmon32.exe"
SHELL "c:\PSKILL.EXE wnad.exe"
SHELL "c:\PSKILL.EXE wo.exe"
SHELL "c:\PSKILL.EXE wovax.exe"
SHELL "c:\PSKILL.EXE wsup.exe"
SHELL "c:\PSKILL.EXE wtoolsa.exe"
SHELL "c:\PSKILL.EXE wtoolss.exe"
SHELL "c:\PSKILL.EXE wuamgrd.exe"
SHELL "c:\PSKILL.EXE wupdate.exe"
SHELL "c:\PSKILL.EXE wupdater.exe"
SHELL "c:\PSKILL.EXE wupdmgr.exe"
SHELL "c:\PSKILL.EXE wupdt.exe"
SHELL "c:\PSKILL.EXE y.exe"
SHELL "c:\PSKILL.EXE ytrckrbr.exe"
DEL "c:\pskill.exe"

SHELL "C:\Program Files\Spybot - Search & Destroy\spybotsd.exe /taskbarhide
 /autocheck /autofix /autoclose"

;Below I remove the value to run Spybot at next reboot one time because
; most of the users in the domain do not ;have local admin priv.

$RunOnce = DelValue("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\RunOnce", "SpybotSnD")
	goto "VerifyFix"

;Verify that Spybot actually fixed the Spyware that was found on 
;the local computer.  If so log an event to the ;Application log.

:VerifyFix

$Filename = Dir("%AllUSERSPROFILE%\Application Data\
Spybot - Search & Destroy\logs\Fixes*.txt")
COPY "%AllUSERSPROFILE%\Application Data\Spybot - 
Search & Destroy\logs\$Filename" "\\\spybot13\Weekly\@WKSTA_@YDAYNO.log"

LOGEVENT( 4 , 1001 , "Spybot has scanned and removed spyware on this computer!" 
, "$PCNAME", "$NTEventSource")
    goto "report"
Endif


;**********************************************************************
;**********************
;Write Reports
;*********************************************************************
;***********************

:report
OPEN (1, "\\\Spybot13\Spybotscan.log", 5)
WRITELINE (1, @DATE + " " + @TIME + " Spybot has scanned and fixed 
spyware on " + $PCNAME + chr(13) + chr(10))
goto "end"

:report2
OPEN (1, "\\\Spybot13\Spybotnotinstalled.log", 5)
WRITELINE (1, @DATE + " " + @TIME + " Spybot is not installed on " 
+ $PCNAME + chr(13) + chr(10))
goto "end"

:report3
OPEN (1, "\\\Spybot13\Spybotv13notinst.log", 5)
WRITELINE (1, @DATE + " " + @TIME + " An older version of Spybot is 
installed on " + $PCNAME + chr(13) + chr(10))
goto "end"

:report4
OPEN (1, "\\\Spybot13\Spybotnofix.log", 5)
WRITELINE (1, @DATE + " " + @TIME + " Spybot scanned and did not find 
any problems on " + $PCNAME + chr(13) + chr(10))

:end
Exit

Edited by NTDOC (2005-09-22 07:51 AM)

Top

#145380 - 2005-08-11 04:05 PM Re: Weekly Spybot scan using KIX script!!!!!!!!!!!!!!!!!!!!
Radimus Radimus Moderator Registered: 2000-01-06 Posts: 5187 Loc: Tampa, FL	put those file names in an array and make a for each loop $exes='180ax','a','actalert','adaware','','','','','','','','','' for each $exe in $exes shell 'c:\PSKILL.EXE '+$exe+'.exe' next _________________________ How to ask questions the smart way <-----------> Before you ask
Top

#145381 - 2005-08-11 04:09 PM Re: Weekly Spybot scan using KIX script!!!!!!!!!!!!!!!!!!!!
Scriptodude Scriptodude Fresh Scripter Registered: 2005-04-22 Posts: 26	Will do Radimus. Thanks for the tip.
Top

#145382 - 2005-08-11 04:41 PM Re: Weekly Spybot scan using KIX script!!!!!!!!!!!!!!!!!!!!
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	or kill them all using WMI. _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#145383 - 2005-08-11 05:14 PM Re: Weekly Spybot scan using KIX script!!!!!!!!!!!!!!!!!!!!
Bryce Bryce KiX Supporter Registered: 2000-02-29 Posts: 3167 Loc: Houston TX	break that long line...
Top

#145384 - 2005-08-11 06:39 PM Re: Weekly Spybot scan using KIX script!!!!!!!!!!!!!!!!!!!!
Scriptodude Scriptodude Fresh Scripter Registered: 2005-04-22 Posts: 26	I had a feeling when I posted this script you guys would not like the long pskill line. Thanks for the tips guys.
Top

#145385 - 2005-08-11 06:43 PM Re: Weekly Spybot scan using KIX script!!!!!!!!!!!!!!!!!!!!
Bryce Bryce KiX Supporter Registered: 2000-02-29 Posts: 3167 Loc: Houston TX	and GOTO's... considered bad form in programming.
Top

#145386 - 2005-08-11 06:56 PM Re: Weekly Spybot scan using KIX script!!!!!!!!!!!!!!!!!!!!
Radimus Radimus Moderator Registered: 2000-01-06 Posts: 5187 Loc: Tampa, FL	replace $PCNAME + chr(13) + chr(10) with $PCNAME + @crlf _________________________ How to ask questions the smart way <-----------> Before you ask
Top

#145387 - 2005-08-11 07:11 PM Re: Weekly Spybot scan using KIX script!!!!!!!!!!!!!!!!!!!!
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	Why all the triple hacks? OPEN (1, "\\\Spybot13\Spybotscan.log", 5) A little overzealous sanitization? _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#145388 - 2005-08-15 09:41 PM Re: Weekly Spybot scan using KIX script!!!!!!!!!!!!!!!!!!!!
Skatterbrainz Skatterbrainz Starting to like KiXtart Registered: 2002-10-17 Posts: 172 Loc: Virginia, USA	The code that downloads to %AllUsersProfile% won't work unless the user has local Admin rights. You can invoke PSKILL from a remote share, no need to download and run it local. Other than that (and the comments others posted above) it looks nice, good work. Any other comments I'd have would be embellishment or cosmetic. Edited by Skatterbrain (2005-08-15 09:42 PM) _________________________ silence is golden, but duct tape is silver
Top

#145389 - 2005-08-23 10:39 PM Re: Weekly Spybot scan using KIX script!!!!!!!!!!!!!!!!!!!!
Scriptodude Scriptodude Fresh Scripter Registered: 2005-04-22 Posts: 26	Bryce, So should I use CASE statements or just allow ELSE and ENDIF statements to carry me through the code. Depends on the code? Thanks, Bryan Bryan Edited by NTDOC (2005-09-22 07:52 AM)
Top

#145390 - 2005-08-23 10:41 PM Re: Weekly Spybot scan using KIX script!!!!!!!!!!!!!!!!!!!!
Scriptodude Scriptodude Fresh Scripter Registered: 2005-04-22 Posts: 26	Thanks RADIMUS. Les, Yes. I removed some server path's throughout the script for obvious security reasons. Thanks, Bryan
Top

#145391 - 2005-08-23 10:46 PM Re: Weekly Spybot scan using KIX script!!!!!!!!!!!!!!!!!!!!
Scriptodude Scriptodude Fresh Scripter Registered: 2005-04-22 Posts: 26	Skatterbrain, Normally I run this script through SMS using local system or the software installation account. Thanks for the tip. The main comments I have been lokking for are just ways to shorten/simplify the script and hopefully make it run faster. Bryce's reply about the goto statement's makes me think I should change over to CASE. Thanks again, Bryan
Top

#145392 - 2005-08-23 10:51 PM Re: Weekly Spybot scan using KIX script!!!!!!!!!!!!!!!!!!!!
Mart Mart KiX Supporter Registered: 2002-03-27 Posts: 4673 Loc: The Netherlands	Could you please break up this line: Quote: ;Kill some of the most common spyware/adware processes so...... Just add the text to some extra comment lines and it would mucht more readble. Quote: .... Bryce's reply about the goto statement's makes me think I should change over to CASE If - Else - Endif or Select - Case - EndSelect are both much better then those stinking GOTO's _________________________ Mart - Chuck Norris once sold ebay to ebay on ebay.
Top

#145393 - 2005-09-22 07:37 AM

Re: Weekly Spybot scan using KIX script!!!!!!!!!!!!!!!!!!!!

2manyhats Offline

Fresh Scripter

Registered: 2005-09-07
Posts: 33

[LONG LINES Broken by NTDOC]

I know this is an old post but I spent some time trying to clean up this code
as I have an interest in this topic. Since I am relatively new to KiXtart I
probably butchered the code, but just need to see if I am on the right track.
I don't know how to create an array yet so I left out that part. I have
implemented a similar script, though not as robust as Scriptdude's approach,
also with goto's

Below is what I came up with. Is gooood or is baaad?

Code:

 
:start

$nul = ""
$PCNAME = @WKSTA
$NTEventSource = "KiXtart"
$SpybotExists = EXIST("C:\Program Files\Spybot - Search & Destroy\spybotsd.exe")
$SpybotVer = GetFileVersion("C:\Program Files\Spybot - Search & Destroy\spybotsd.exe",
 "FileVersion")

Select 
  
  Case 1
    IF $SpybotExists = 1
  
	IF $SpybotVer >= "1, 3, 0, 12"
	  IF EXIST("%ALLUSERSPROFILE%\Application Data\Spybot - Search & Destroy\
	  logs\fixe*.txt")
	    MOVE "%ALLUSERSPROFILE%\Application Data\Spybot - Search & Destroy
	    \logs\fixe*.txt" "%ALLUSERSPROFILE%\Application Data\Spybot - 
	    Search & Destroy\logs\fixe*.old"
	    MD "%ALLUSERSPROFILE%\Application Data\Spybot - Search & Destroy\logs"
	    COPY "\\\Spybot\SPYBOT\Excludes\*.*" "%ALLUSERSPROFILE%\
	    Application Data\Spybot - Search & Destroy\Excludes" /c /h /r /s

	    ;$mbox = Messagebox ("		    !!!!!
	    WEEKLY SPYWARE SCAN NOTIFICATION!!!!!
	    ;
	    ;	- Spybot will begin scanning for known spyware 
	    ;and adware in 10 minutes.
	    ;	- Click the OK button to start the scan immediately.
	    ;	- There is no need to reboot after the scan.
	    ;	- If you have any issues or concerns please contact the.
	    ;	- We apologize for any inconvenience this may cause.
	    ;
	    ;				 Thank You,
	    ;				 , "WEEKLY SPYBOT SCAN!!!!", 4096, 600)
				 
	    SHELL "C:\Program Files\Spybot - Search & Destroy\spybotsd.exe 
	    /taskbarhide /autoupdate /autoclose"

	    ;-----------------------------------------------------------------
	    ;--------------------------------------------------------------------	
	    ;this section would normally contain code to kill spyware processes
	    ;--------------------------------------------------------------
	    ;-----------------------------------------------------------------------

	    SHELL "C:\Program Files\Spybot - Search & Destroy\spybotsd.exe
	     /taskbarhide /autocheck /autofix /autoclose"

	    ;Below I remove the value to run Spybot at next reboot one time 
	    ;because most of the users in the domain do not ;have local admin priv.

	    $RunOnce = DelValue("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
	    Windows\CurrentVersion\RunOnce", "SpybotSnD")
	    goto "VerifyFix"

	    ;Verify that Spybot actually fixed the Spyware that was found on 
	    ;the local computer.  If so log an event to the ;Application log.
	    $Filename = Dir("%AllUSERSPROFILE%\Application Data\
	    Spybot - Search & Destroy\logs\Fixes*.txt")
	    COPY "%AllUSERSPROFILE%\Application Data\
	    Spybot - Search & Destroy\logs\$Filename" "\\\spybot13\
	    Weekly\@WKSTA_@YDAYNO.log"

	    LOGEVENT( 4 , 1001 , "Spybot has scanned and removed spyware 
	    on this computer!" , "$PCNAME", "$NTEventSource")
    	    
	    OPEN (1, "\\\Spybot13\Spybotscan.log", 5)
	    WRITELINE (1, @DATE + " " + @TIME + " Spybot has scanned and 
	    fixed spyware on " + $PCNAME + chr(13) + chr(10))
	  else
	    OPEN (1, "\\\Spybot13\Spybotnofix.log", 5)
	    WRITELINE (1, @DATE + " " + @TIME + " Spybot scanned and 
	    did not find any problems on " + $PCNAME + chr(13) + chr(10))
          ENDIF
    	else
	  OPEN (1, "\\\Spybot13\Spybotv13notinst.log", 5)
	  WRITELINE (1, @DATE + " " + @TIME + " An older version of 
	  Spybot is installed on " + $PCNAME + chr(13) + chr(10))
	ENDIF
    
    Endif



  Case 2
    OPEN (1, "\\\Spybot13\Spybotnotinstalled.log", 5)
    WRITELINE (1, @DATE + " " + @TIME + " Spybot is not installed 
    on " + $PCNAME + chr(13) + chr(10))

ENDSELECT

Edited by NTDOC (2005-09-22 07:55 AM)

Top

#145394 - 2005-09-22 08:00 AM Re: Weekly Spybot scan using KIX script!!!!!!!!!!!!!!!!!!!!
NTDOC NTDOC Administrator Registered: 2000-07-28 Posts: 11628 Loc: CA	You should start your OWN topic and reference this one if wanted or needed. You should also not post Long Lines as it makes it quite difficult to scroll and read it. Same issues as other code. GOTO is frowned upon and not required. Normal users would not be able to run this as they wouldn't have permissions to run it. As a remote Admin script it needs a bit of work to make it work. If Radimus is still messing with this then he probably has the most mature code available to use and it uses KiXforms. If not, then if I get time I'll try to take a look at this and see about firming up the code a bit.
Top

#145395 - 2005-09-22 04:17 PM Re: Weekly Spybot scan using KIX script!!!!!!!!!!!!!!!!!!!!
2manyhats 2manyhats Fresh Scripter Registered: 2005-09-07 Posts: 33	NTDOC, I appreciate your willingness to work with me. Should I repost in the newbie section or scripts? Thanks, Kevin Edited by 2manyhats (2005-09-22 04:20 PM)
Top

#145396 - 2005-09-22 05:32 PM Re: Weekly Spybot scan using KIX script!!!!!!!!!!!!!!!!!!!!
Radimus Radimus Moderator Registered: 2000-01-06 Posts: 5187 Loc: Tampa, FL	Install: spybotsd13.exe /verysilent /nocancel /noicons /components="main" spybotsd_tools.exe /S spybotsd_includes.exe /S Configure: copy "Default configuration.ini" "C:\Program Files\Spybot - Search & Destroy" /y copy Configuration.ini "C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy" /y Run: "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autoimmunize /taskbarhide /onlyspyware /autocheck /autofix /autoclose Edited by Radimus (2005-09-22 05:33 PM) _________________________ How to ask questions the smart way <-----------> Before you ask
Top

#145397 - 2005-09-22 07:07 PM Re: Weekly Spybot scan using KIX script!!!!!!!!!!!!!!!!!!!!
NTDOC NTDOC Administrator Registered: 2000-07-28 Posts: 11628 Loc: CA	You can post in either forum. Scripts requires you to post actual script code and Starters allows both posting only a question and/or script code as well.
Top

#145398 - 2005-09-22 07:09 PM Re: Weekly Spybot scan using KIX script!!!!!!!!!!!!!!!!!!!!
NTDOC NTDOC Administrator Registered: 2000-07-28 Posts: 11628 Loc: CA	Rad, By now I'm sure everyone would rather be using the newer 1.4 of Sypbot. Do you know if there have been any changes for 1.4 vs the older 1.3 ?
Top

Page 1 of 2

Previous Topic View All Topics

Index Next Topic

Moderator: Glenn Barnas, NTDOC, Arend_, Jochen, Radimus, Allen, ShaneEP, Ruud van Velsen, Mart

Hop to:

Shout Box

Search the board with:
superb Board Search
or try with google:

	Web kixtart.org