Kaseya Community

Safe Mode Reboot Script

  • We have found that most all adware / spyware and viruses can be removed in safe mode. What are the steps required to run removal scans and cleanup scripts in safe mode and then reboot the machine back into normal mode for further actions?

    Thanks,

    Chris


    Legacy Forum Name: Safe Mode Reboot Script,
    Legacy Posted By Username: outfishin
  • Seeing how most adware / spyware / viruses can be easily removed in safemode:

    We have developed ascript to configure a computer to automatically reboot into safemode and automatically start the agent in safemode so it is available to remote control without any user intervention.

    We also have developed a script to undo the safemode changes and reboot the computer back into normal mode.

    I will attempt to get Kevin Carlson's input on this process tomorrow.

    Thanks,

    Chris


    Legacy Forum Name: Script Discussion,
    Legacy Posted By Username: outfishin
  • safemode2.zip
    Seeing how most adware / spyware / viruses can be easily removed in safemode:

    We have developed ascript to configure a computer to automatically reboot into safemode and automatically start the agent in safemode so it is available to remote control without any user intervention.

    We also have developed a script to undo the safemode changes and reboot the computer back into normal mode.

    All required files are in the zip file. The kasurtsk.reg file should work for all 2000 and newer OS's without changes. The bootsafe.ini file might need to be modified for different boot partitions, drive types, ... I also have the scripts setup to automatically reboot the machine after making the changes. You do not want to click any of the "Continue script if step fails" options.

    I hide my agent and all my scripts deep under the Program Files folder, so you might want to modify the run location for your purpose.

    I have updated the scripts to remove the read only and hidden attributes of some boot.ini files.

    Happy malware and virus killing!!!

    Chris


    Legacy Forum Name: Script Discussion,
    Legacy Posted By Username: outfishin
  • Additional notes -

    Remote Control:

    1. You should preinstall WinVnc before attempting the first safe mode remote control.

    2. We were able to control a client with a wireless internet connection as long as the connection is controlled by the built in Windows Wireless configuration software.


    Legacy Forum Name: Script Discussion,
    Legacy Posted By Username: outfishin
  • SmileI like the script one problem is can't VNC with remote controle. So I started the agentmon.exe manully and was able to connect. But the problem is if the user is not in front of the machine to do this you can't get connected so then I put the agentmon.exe in started up with the bootup to safe mode seem to work but only once. Is there away to add tothe script start the agentmon.exe. Not very good with scripts yet. Any help would be great

    Legacy Forum Name: Script Discussion,
    Legacy Posted By Username: itopsr
  • kausrtskwin2k.zip
    New Item 1:

    For Windows 2000 to work, you have to force a few more servies to automatically load. Simply add one more step to your script that if the OS is Win 2000, import this kausrtskwin2k registry file.

    Legacy Forum Name: Script Discussion,
    Legacy Posted By Username: outfishin
  • kausrtsk.zip
    New Item 2:

    I have updated the previous kausrtsk.reg file touse the default agent service names. If your Agentmon.exe file is not autostarting, you probably need this file. It replaces the need for the older version below.




    Legacy Forum Name: Script Discussion,
    Legacy Posted By Username: outfishin
  • SmileThis works great, glad to see the effort it is greatly appreicated. It's good to know people are always willing to help out

    Legacy Forum Name: Script Discussion,
    Legacy Posted By Username: itopsr
  • A word of caution. The bootsafe.ini file that the script uses assumes that Windows is in partition(1). If it is not, when it reboots, you get an errors stating that the hal.dll file is missing or corrupt.

    You have to run an XP repair to get back the good boot.ini file.




    Legacy Forum Name: Script Discussion,
    Legacy Posted By Username: vplaza
  • All you have to do is split the script up into 2 parts, having the 1st script read the boot.ini file into the script log as a variable, that way you can have the main body of the script check to make sure you are still on partition(1) for the computer you are running against. This way there is no worry about inadvertently replacing the boot.ini with the wrong partition...

    Legacy Forum Name: Script Discussion,
    Legacy Posted By Username: owen
  • Good day,

    Has anyone come up with another way to run safe mode, besides what is currently listed in this thread?



    I have been playing around with it, but cannot seem to get the agentmon to start inside safe mode.

    Also, this way, "boot.ini" makes me a little nervous.



    I have not seen any discussion on this thread in some time and wanted to know if this was the "accepted' method that everyone was using.

    Gamer-X

    "People who have NOT been through the Kaseya trainning program yet"


    Legacy Forum Name: Script Discussion,
    Legacy Posted By Username: Gamer-X
  • So far, this is the only script we use.

    Legacy Forum Name: Script Discussion,
    Legacy Posted By Username: vplaza
  • can you explain a little bit more about the 2 scripts that you split it into...?



    I like your method, but do not quite follow the entire scripting process.

    Any help is appreciated.

    Gamer-X


    Legacy Forum Name: Script Discussion,
    Legacy Posted By Username: Gamer-X
  • I believe Owen will need to reply to you about splitting the script.

    I simply use two versions of the boot to safe mode script. One version is used explicitly for machines with the boot partition on (1) and another for those with the boot partition on (2).

    I'd like to have one script that handled both so there is no danger of inadvertently running the incorrect script, but it hasn't been a priority.


    Legacy Forum Name: Script Discussion,
    Legacy Posted By Username: vplaza
  • When I split this script, it was to ensure that I did not change the boot.ini on a system that was not standard. So I split the script, the first part collects the Boot.ini as a variable, and then calls the 2nd script which checks the boot.ini to make sure it's proper before modifying it. Here are the 2 scripts:

    Script Name: Safe Mode Agent Execute
    Script Description:

    IF Test File
    Parameter 1 : c:\Boot.ini
    Exists :
    THEN
    Get Variable
    Parameter 1 : 1
    Parameter 2 : c:\boot.ini
    Parameter 3 : boot
    OS Type : 0
    Write Script Log Entry
    Parameter 1 : #boot#
    OS Type : 0
    Execute Script
    Parameter 1 : Safe Mode Agent 1 (NOTE: Script reference is NOT imported. Correct manually in script editor.
    Parameter 2 :
    Parameter 3 : 0
    OS Type : 0
    ELSE

    Here is the second script, a slightly modified version of the original script:

    Script Name: Safe Mode Agent 1
    Script Description:


    IF Check Variable
    Parameter 1 : #boot#
    Contains Stick out tongueartition(1)
    THEN
    Write File
    Parameter 1 : c:\progra~1\common~1\system\maint\agent\instsrv.exe
    Parameter 2 : VSASharedFiles\instsrv.exe
    OS Type : 0
    Write File
    Parameter 1 : c:\progra~1\common~1\system\maint\agent\kausrtsk.reg
    Parameter 2 : VSASharedFiles\kausrtsk.reg
    OS Type : 0
    Pause Script
    Parameter 1 : 10
    OS Type : 0
    Execute Shell Command
    Parameter 1 : c:\progra~1\common~1\system\maint\agent\instsrv "KaUsrTsk" c:\progra~1\common~1\system\maint\agent\kausrtsk.exe
    Parameter 2 : 0
    OS Type : 0
    Execute Shell Command
    Parameter 1 : regedit.exe /s c:\progra~1\common~1\system\maint\agent\kausrtsk.reg
    Parameter 2 : 0
    OS Type : 0
    Execute Shell Command
    Parameter 1 : attrib c:\boot.ini -s -h -r
    Parameter 2 : 1
    OS Type : 0
    Execute Shell Command
    Parameter 1 : ren c:\boot.ini bootgood.ini
    Parameter 2 : 1
    OS Type : 0
    Write File
    Parameter 1 : c:\boot.ini
    Parameter 2 : VSASharedFiles\bootsafe.ini
    OS Type : 0
    Pause Script
    Parameter 1 : 10
    OS Type : 0
    Reboot
    OS Type : 0
    ELSE
    Write Script Log Entry
    Parameter 1 : This computer does not have Windows installed on partition(1)
    OS Type : 0

    This is an overlooked feature I use frequently.


    Legacy Forum Name: Script Discussion,
    Legacy Posted By Username: owen