Kaseya Community

I need a script to quietly run spybot

  • Hi everybody... I don't know if someone already has this script. My spybot installation script works great the problem is that we need to run it manually after the installation.

    Is there a script to quietly scan, fix and immunize pc ?

    Thanks...

    Legacy Forum Name: I need a script to quietly run spybot,
    Legacy Posted By Username: christian@syneteksolutions.com
  • Here is my two part SpyBot 1.4 script. I have it on my list of things to do to get this up to 1.5. I actually pulled this script as the update portion caused 1.5 install to pop up on the user desktops. Not something I anticipated or wanted to happen. I go this script of off the old forums once upon a time. Nothing original here.

    Script Name: Run Spybot Step 1
    Script Description: Run Spybot /taskbarhide /autoupdate /autocheck /autofix /autoclose /immunize
    Update the script to update deff files if you need to. Step 2 Add /Autoupdate and Step 5

    IF Test File
    Parameter 1 : C:\Program Files\Spybot - Search & Destroy\spybotsd.exe
    Exists :
    THEN
    Write File
    Parameter 1 : C:\Program Files\Spybot - Search & Destroy\Default configuration.ini
    Parameter 2 : VSASharedFiles\Default configuration.ini
    OS Type : 1
    Execute File
    Parameter 1 : "C:\Program Files\Spybot - Search & Destroy\spybotsd.exe"
    Parameter 2 : /taskbarhide /autocheck /autofix /onlyspyware /autoclose /autoupdate /autoimmunize
    Parameter 3 : 3
    OS Type : 1
    Write Script Log Entry
    Parameter 1 : Spybot Run Successfully on XP
    OS Type : 1
    Execute Script
    Parameter 1 : Run Spybot Step 2 (NOTE: Script reference is NOT imported. Correct manually in script editor.
    Parameter 2 :
    Parameter 3 : 0
    OS Type : 1
    ELSE
    Get Variable
    Parameter 1 : 4
    Parameter 2 :
    Parameter 3 : agentDrv
    OS Type : 1
    Write File
    Parameter 1 : #agentDrv#temp\spybotsd14.exe
    Parameter 2 : VSASharedFiles\spybotsd14.exe
    OS Type : 1
    Execute File
    Parameter 1 : #agentDrv#temp\spybotsd14.exe
    Parameter 2 : /verysilent /nocancel /noicons /components="main"
    Parameter 3 : 3
    OS Type : 1
    Write File
    Parameter 1 : C:\Program Files\Spybot - Search & Destroy\Default configuration.ini
    Parameter 2 : VSASharedFiles\Default configuration.ini
    OS Type : 1
    Write Script Log Entry
    Parameter 1 : Spybot Installed Successfully on XP
    OS Type : 1
    Execute Script
    Parameter 1 : Run Spybot Step 2 (NOTE: Script reference is NOT imported. Correct manually in script editor.
    Parameter 2 :
    Parameter 3 : 0
    OS Type : 1



    Script Name: Run Spybot Step 2
    Script Description: Second part of the Run Spybot Step 1. This checks to see if Fixes.txt exist and then uploads them to the script log for reporting.

    IF Test File
    Parameter 1 : C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\logs\fixes.txt
    Exists :
    THEN
    Get Variable
    Parameter 1 : 1
    Parameter 2 : C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\logs\fixes.txt
    Parameter 3 : fixes
    OS Type : 0
    Get File
    Parameter 1 : C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\logs\fixes.txt
    Parameter 2 : Spybot-fixes.txt
    Parameter 3 : 1
    OS Type : 0
    Write Script Log Entry
    Parameter 1 : #fixes#
    OS Type : 0
    Write Script Log Entry
    Parameter 1 : Spyware/Adware was found.
    OS Type : 0
    ELSE
    Write Script Log Entry
    Parameter 1 : No Spyware/Adware found.
    OS Type : 0



    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: jamie177
  • Thanks for the script and the quick response Jamie177. I also have that script and it prompt the user to update to version 1.5.

    I downloaded spybotsd1.5 and when the installation ends it won't create the file: "C:\Program Files\Spybot - Search & Destroy\spybotsd.exe". You have a few .exe files like SDMain.exe but when you try to run it the user interface comes up.

    Have you or someone else ran that script on a machine and actually fix or immunize the pc ??

    I have tried with both versions and nothing !! Sad

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: christian@syneteksolutions.com
  • You are not trying hard enough. Check out the Spybot forums sometimes.

    Anyway, there were some changes with 1.5, and some of Spybot's executables are now hidden as protected operating system files. To see them:


    Using Windows Explorer navigate to:
    C:\Program Files\Spybot - Search & Destroy
    In the Tools menu select Folder Options…
    In the Folder Options dialog select the View tab.
    Under the "Hidden files and folders" options:
    Make sure "Show hidden files and folders" is selected.
    Not "Do not show hidden files and folders".
    Uncheck the following option:
    Hide protected operating system file (Recommended)
    Click the Apply button.
    Click the OK button.
    The files should now be displayed

    Gabe

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: gabe
  • Thanks Gabe !!
    I'll get to it right away !!!

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: christian@syneteksolutions.com
  • Bah. Y'all beat me to it. (My SpyBot script suite is much more Byzantine. I won't bore you with it.) I can add a few points, though:

    The "default configuration" INI file? SpyBot ignores that one in the automated "run as system" scans, but if you craft a Configuration.ini and plunk it down in the All Users\App Data\Spybot directory then you'll get the behaviour you want. (It's in there, by the way, that SpyBot is directed to create the Fixes.txt file instead of creating timestamp-named logfiles for each run.)

    We delete the RunOnce registry entry that SpyBot sometimes likes to create if it finds something best removed with a post-reboot scan. If the automated scan (that they probably didn't know was running anyway) can't fix everything then there's no point annoying the end user the next time they restart their computer.

    No matter how hard I try, I can't quite convince SpyBot to leave the Windows firewall the hell alone. So, I have a "kill and disable XP's firewall" script which fires if the Fixes log notes that SpyBot turned it on. (There are almost no environments among our client base in which the XP firewall is useful or welcome. And, of course, in the cases where XP's firewall is turned on... SpyBot won't complain about it, thus no firewall-killer script is fired.)

    With all that said... the changes made in 1.5 made SpyBot unfeasible for weekly scanning like we used to do with 1.4. As noted upthread, SpyBot now likes to make itself known sometimes even when you try to install/run it as hidden as possible. My script suite is now used only as an initial automated troubleshooting process instead of a deployed part of our weekly client scripting.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: GreyDuck
  • We've had the same problems with 1.5 (i.e. it doesn't stay "hidden/silent" to the end user).
    Has anyone figured out a way around this?
    We also have stopped using it in our standard daily/weekly scripts due to this problem. But we'd like to use it again but haven't figured out how to truly keep it silent at all times.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: kentschu
  • I have a Spybot script that performs beautifully. The only thing that happens is the update window appears in the taskbar for about three seconds, but I don't think you can overcome that. It's tiered into multiple scripts that will be called depending on whether the target system already has SB installed.

    To check for SB 1.5.x, you can test for the existence of this registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1
    You can also get directory path from registry using this string: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1\InstallLocation and then execute file in directory path and run SpybotSD.exe with these arguments:

    /taskbarhide /autoupdate /autoimmunize /autocheck /autofix /autoclose /allhives /onlyspyware

    I use this and it runs with no user interaction.

    If it needs to be installed, I run the install file with these arguments:

    /verysilent /components="main" /noicons /tasks="!launchteatimer" /sp- /surpressmsgboxes /supressmsgboxes

    Again, this runs without any user interaction. You can execute as system and wait for completion, and then as the next step, run your scanning script after the installation. One of the last two arguments there I believe is the one that keeps any dialogue boxes from coming up. Since I tried it with the last one before and still got dialogue boxes, I believe the second to last one (which is misspelled) is actually the one that bypasses all the message boxes.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: daniel@securemycompany.com
  • Do you know how to turn TeaTimer off (if it is on) with a script? Is there an entry in the online.ini or default configuration.ini file(s) that gets set when you check/uncheck TeaTimer under Tools> Resident?

    Thanks!
    Bill

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: billmccl
  • I did notice a registry value that seems to appear when you enable TeaTimer. It's referenced in step five of the script below. Now that you've got me tinkering, here's something that might work:

    Script Name: Disable TeaTimer
    Script Description:

    IF User Is Logged In
    Parameter 1 :
    THEN
    Get Variable
    Parameter 1 : 10
    Parameter 2 :
    Parameter 3 : temp
    OS Type : 0
    Write File
    Parameter 1 : #temp#pskill.exe
    Parameter 2 : pskill.exe
    OS Type : 0
    Execute Shell Command
    Parameter 1 : #temp#pskill.exe TeaTimer.exe
    Parameter 2 : 1
    OS Type : 0
    Pause Script
    Parameter 1 : 2
    OS Type : 0
    Delete Registry Value
    Parameter 1 : HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SpybotSD TeaTimer
    OS Type : 0

    ELSE
    Execute Script
    Parameter 1 : Disable TeaTimer (NOTE: Script reference is NOT imported. Correct manually in script editor.
    Parameter 2 : 1
    Parameter 3 : 2
    OS Type : 0


    This script should be run while the user is logged in since removes a registry key from the hkey_current_user hive, thus the IF THEN ELSE conditions I put in there.
    You'll need to get pskill from PsTools to put on your server. TeaTimer does a pretty nice job resisting everything, but PsKill seems to do a much nicer job killing it than Taskkill.exe. You'll need to kill TeaTimer to perform the second part: deleting the registry key. That's the key that causes TeaTimer to run at startup.
    Theoretically this will do the job, but I didn't test the script very thoroughly so if you want to use it I highly recommend that you test it out extensively on your own before using it on any live machines, since there's a good chance this script could use some tweaking. For example, it should probably start out with a script that checks if TeaTimer is enabled/running on the target machine that calls this script if it is.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: daniel@securemycompany.com
  • I reported the /taskbarhide feature not working on the new version of Spybot 1.5.2 back in March

    http://forums.spybot.info/showthread.php?t=25113

    Spybot has recognised it as a bug and released a beta fix for it.

    http://forums.spybot.info/project.php?issueid=199

    Cheers,
    X

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: XeviouS
  • Daniel, would you mind posting your Spybot Scripts? Do you run SpybotSD.exe twice (once for update, once for scan)? Is anyone else still having problems with v1.5.2? My scripts will work OK some times, but other times they don't. When I remote into a problem PC, I can load Task Manager before the scripts run and I will see Spybot - Search and Destroy run, then another instance will start, change to Updater, then I see "Not Responding". When they complete and the 3rd instance of Spybot starts running (scan), it works OK. But, some times the script will think it's done, when it's not, and complete, but no checks.txt file will be found.

    Thanks!

    daniel@securemycompany.com
    I have a Spybot script that performs beautifully. The only thing that happens is the update window appears in the taskbar for about three seconds, but I don't think you can overcome that. It's tiered into multiple scripts that will be called depending on whether the target system already has SB installed.

    To check for SB 1.5.x, you can test for the existence of this registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1
    You can also get directory path from registry using this string: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1\InstallLocation and then execute file in directory path and run SpybotSD.exe with these arguments:

    /taskbarhide /autoupdate /autoimmunize /autocheck /autofix /autoclose /allhives /onlyspyware

    I use this and it runs with no user interaction.

    If it needs to be installed, I run the install file with these arguments:

    /verysilent /components="main" /noicons /tasks="!launchteatimer" /sp- /surpressmsgboxes /supressmsgboxes

    Again, this runs without any user interaction. You can execute as system and wait for completion, and then as the next step, run your scanning script after the installation. One of the last two arguments there I believe is the one that keeps any dialogue boxes from coming up. Since I tried it with the last one before and still got dialogue boxes, I believe the second to last one (which is misspelled) is actually the one that bypasses all the message boxes.


    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: billmccl
  • Yeah, I'm having the same problems with 1.5.2 as yourself Bill. It'll install fine but when I try to run it I have the same issue where it will run sometimes and other times it won't make it past that initial update process kicking in. More often then not I have to take manual control to make sure it's doing what it should be doing. I'm really hoping to get this sorted as it's been wrecking my head. Any updates from anyone? Thanks!

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: Alan_R
  • What I did to get past the update problem is I have my script update first, wait a minute then do the scan and fix problems found.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: RichardB
  • I run the update with the "wait for completion" flag in the script, but a wait probably won't hurt either... so I just added one to my update & scan script. Good idea, thanks!

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: GreyDuck