Seeing how most adware / spyware / viruses can be easily removed in safemode:

We have developed ascript to configure a computer to automatically reboot into safemode and automatically start the agent in safemode so it is available to remote control without any user intervention.

We also have developed a script to undo the safemode changes and reboot the computer back into normal mode.

I will attempt to get Kevin Carlson's input on this process tomorrow.

Thanks,

Chris


Legacy Forum Name: Script Discussion,
Legacy Posted By Username: outfishin

Seeing how most adware / spyware / viruses can be easily removed in safemode:

We have developed ascript to configure a computer to automatically reboot into safemode and automatically start the agent in safemode so it is available to remote control without any user intervention.

We also have developed a script to undo the safemode changes and reboot the computer back into normal mode.

All required files are in the zip file. The kasurtsk.reg file should work for all 2000 and newer OS's without changes. The bootsafe.ini file might need to be modified for different boot partitions, drive types, ... I also have the scripts setup to automatically reboot the machine after making the changes. You do not want to click any of the "Continue script if step fails" options.

I hide my agent and all my scripts deep under the Program Files folder, so you might want to modify the run location for your purpose.

I have updated the scripts to remove the read only and hidden attributes of some boot.ini files.

Happy malware and virus killing!!!

Chris


Legacy Forum Name: Script Discussion,
Legacy Posted By Username: outfishin

Additional notes -

Remote Control:

1. You should preinstall WinVnc before attempting the first safe mode remote control.

2. We were able to control a client with a wireless internet connection as long as the connection is controlled by the built in Windows Wireless configuration software.


Legacy Forum Name: Script Discussion,
Legacy Posted By Username: outfishin

I like the script one problem is can't VNC with remote controle. So I started the agentmon.exe manully and was able to connect. But the problem is if the user is not in front of the machine to do this you can't get connected so then I put the agentmon.exe in started up with the bootup to safe mode seem to work but only once. Is there away to add tothe script start the agentmon.exe. Not very good with scripts yet. Any help would be great

Legacy Forum Name: Script Discussion,
Legacy Posted By Username: itopsr

New Item 1:

For Windows 2000 to work, you have to force a few more servies to automatically load. Simply add one more step to your script that if the OS is Win 2000, import this kausrtskwin2k registry file.

Legacy Forum Name: Script Discussion,
Legacy Posted By Username: outfishin

New Item 2:

I have updated the previous kausrtsk.reg file touse the default agent service names. If your Agentmon.exe file is not autostarting, you probably need this file. It replaces the need for the older version below.




Legacy Forum Name: Script Discussion,
Legacy Posted By Username: outfishin

This works great, glad to see the effort it is greatly appreicated. It's good to know people are always willing to help out

Legacy Forum Name: Script Discussion,
Legacy Posted By Username: itopsr

A word of caution. The bootsafe.ini file that the script uses assumes that Windows is in partition(1). If it is not, when it reboots, you get an errors stating that the hal.dll file is missing or corrupt.

You have to run an XP repair to get back the good boot.ini file.




Legacy Forum Name: Script Discussion,
Legacy Posted By Username: vplaza

All you have to do is split the script up into 2 parts, having the 1st script read the boot.ini file into the script log as a variable, that way you can have the main body of the script check to make sure you are still on partition(1) for the computer you are running against. This way there is no worry about inadvertently replacing the boot.ini with the wrong partition...

Legacy Forum Name: Script Discussion,
Legacy Posted By Username: owen

Good day,

Has anyone come up with another way to run safe mode, besides what is currently listed in this thread?



I have been playing around with it, but cannot seem to get the agentmon to start inside safe mode.

Also, this way, "boot.ini" makes me a little nervous.



I have not seen any discussion on this thread in some time and wanted to know if this was the "accepted' method that everyone was using.

Gamer-X

"People who have NOT been through the Kaseya trainning program yet"


Legacy Forum Name: Script Discussion,
Legacy Posted By Username: Gamer-X

So far, this is the only script we use.

Legacy Forum Name: Script Discussion,
Legacy Posted By Username: vplaza

can you explain a little bit more about the 2 scripts that you split it into...?



I like your method, but do not quite follow the entire scripting process.

Any help is appreciated.

Gamer-X


Legacy Forum Name: Script Discussion,
Legacy Posted By Username: Gamer-X

I believe Owen will need to reply to you about splitting the script.

I simply use two versions of the boot to safe mode script. One version is used explicitly for machines with the boot partition on (1) and another for those with the boot partition on (2).

I'd like to have one script that handled both so there is no danger of inadvertently running the incorrect script, but it hasn't been a priority.


Legacy Forum Name: Script Discussion,
Legacy Posted By Username: vplaza

When I split this script, it was to ensure that I did not change the boot.ini on a system that was not standard. So I split the script, the first part collects the Boot.ini as a variable, and then calls the 2nd script which checks the boot.ini to make sure it's proper before modifying it. Here are the 2 scripts:

Script Name: Safe Mode Agent Execute
Script Description:

IF Test File
Parameter 1 : c:\Boot.ini
Exists :
THEN
Get Variable
Parameter 1 : 1
Parameter 2 : c:\boot.ini
Parameter 3 : boot
OS Type : 0
Write Script Log Entry
Parameter 1 : #boot#
OS Type : 0
Execute Script
Parameter 1 : Safe Mode Agent 1 (NOTE: Script reference is NOT imported. Correct manually in script editor.
Parameter 2 :
Parameter 3 : 0
OS Type : 0
ELSE

Here is the second script, a slightly modified version of the original script:

Script Name: Safe Mode Agent 1
Script Description:


IF Check Variable
Parameter 1 : #boot#
Contains artition(1)
THEN
Write File
Parameter 1 : c:\progra~1\common~1\system\maint\agent\instsrv.exe
Parameter 2 : VSASharedFiles\instsrv.exe
OS Type : 0
Write File
Parameter 1 : c:\progra~1\common~1\system\maint\agent\kausrtsk.reg
Parameter 2 : VSASharedFiles\kausrtsk.reg
OS Type : 0
Pause Script
Parameter 1 : 10
OS Type : 0
Execute Shell Command
Parameter 1 : c:\progra~1\common~1\system\maint\agent\instsrv "KaUsrTsk" c:\progra~1\common~1\system\maint\agent\kausrtsk.exe
Parameter 2 : 0
OS Type : 0
Execute Shell Command
Parameter 1 : regedit.exe /s c:\progra~1\common~1\system\maint\agent\kausrtsk.reg
Parameter 2 : 0
OS Type : 0
Execute Shell Command
Parameter 1 : attrib c:\boot.ini -s -h -r
Parameter 2 : 1
OS Type : 0
Execute Shell Command
Parameter 1 : ren c:\boot.ini bootgood.ini
Parameter 2 : 1
OS Type : 0
Write File
Parameter 1 : c:\boot.ini
Parameter 2 : VSASharedFiles\bootsafe.ini
OS Type : 0
Pause Script
Parameter 1 : 10
OS Type : 0
Reboot
OS Type : 0
ELSE
Write Script Log Entry
Parameter 1 : This computer does not have Windows installed on partition(1)
OS Type : 0

This is an overlooked feature I use frequently.


Legacy Forum Name: Script Discussion,
Legacy Posted By Username: owen