Kaseya Community

Virus Removal - great little Gem

  • Vcleaner.txt
    Afternoon all,

    Here is a script that will:
    1. reboot to safe mode
    2. wait 5 minutes
    3. write vcleaner to the computer
    4. execute it and wait till completion
    5. reboot computer into normal mode
    6. write log file.


    You may know that AVG uses vcleaner.exe as its main clean-all scanner.

    It cleans the following viruses.
    I-Worm/Stration, Worm/Generic.FX, Agent.A-AN, BackDoor.Agent.A-Z, BackDoor.Agent.AA-BG, Downloader.Agent.AS, I-Worm/Atak.A-I, Bagle.DA-IU, I-Worm/Bagle.A-Z, I-Worm/Bagle.AA-JD, I-Worm/Bugbear.D, I-Worm/Mytob.A-GC, I-Worm/Netsky.A-Z, Worm/Netsky.AA-AD, I-Worm/Sasser.A-F, I-Worm/Zafi.A-E, PSW.Bispy.A-E, Win32/Gaelicum, Win32/Hidrag

    You will want to do a couple things here.
    1. AVG notes that sometimes you will need to rename vcleaner.exe to something like 2vcleaner.exe, if the computer is really having lots of problems. you will have to look that up with AVG, if you are interested.
    2. You will possibly have to relink your safe mode/normal mode scripts in this script.
    3. Also, you may have to adjust your reboot time pause to fit your criteria.

    Here is the link to get vleaner.exe
    http://free.grisoft.com/ww.virus-removal#3001

    Enjoy


    begin script----

    Script Name: Vcleaner
    Script Description: This script will remove the following viruses while in safe mode.
    I-Worm/Stration, Worm/Generic.FX, Agent.A-AN, BackDoor.Agent.A-Z, BackDoor.Agent.AA-BG, Downloader.Agent.AS, I-Worm/Atak.A-I, Bagle.DA-IU, I-Worm/Bagle.A-Z, I-Worm/Bagle.AA-JD, I-Worm/Bugbear.D, I-Worm/Mytob.A-GC, I-Worm/Netsky.A-Z, Worm/Netsky.AA-AD, I-Worm/Sasser.A-F, I-Worm/Zafi.A-E, PSW.Bispy.A-E, Win32/Gaelicum, Win32/Hidrag




    IF True
    THEN
    Get Variable
    Parameter 1 : 10
    Parameter 2 :
    Parameter 3 : temp
    OS Type : 0
    Execute Script
    Parameter 1 : Reboot to Safe Mode (NOTE: Script reference is NOT imported. Correct manually in script editor.
    Parameter 2 :
    Parameter 3 : 0
    OS Type : 0
    Pause Script
    Parameter 1 : 360
    OS Type : 0
    Write File
    Parameter 1 : #temp#\vcleaner.exe
    Parameter 2 : VSASharedFiles\vcleaner.exe
    OS Type : 0
    Execute File
    Parameter 1 : #temp#\vcleaner.exe
    Parameter 2 :
    Parameter 3 : 3
    OS Type : 0
    Schedule Script
    Parameter 1 : insert script here to reboot to normal mode....
    Parameter 2 :
    Parameter 3 :
    OS Type : 0
    Write Script Log Entry
    Parameter 1 : insert something like this here VCLEANER in safe mode on this computer was successfully completed.
    OS Type : 0
    ELSE


    endscript----

    Legacy Forum Name: Virus Removal - great little Gem,
    Legacy Posted By Username: gamer-x
  • thats pretty sweet...

    I wonder if I could get that to work with sophos

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: jp0070
  • how are you getting past the login screen for safemode?

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: Resistance2Fly
  • I have not yet crossed that threshhold.

    I ran it on my test box next to me, and it auto logs in... so honestly I have not even considered that part yet.

    I just wrote that the other day. Smile

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: gamer-x
  • You can configure Windows XP to automate the logon process if your computer is not part of a domain.

    1.Click Start, click Run, and type control userpasswords2.

    2.Clear the Users must enter a username and password to use this computer check box.

    3.Click Apply.

    4.Enter the user name and password you wish to automatically log on with, and then click OK.

    5.Click OK again and you're all done.

    There ya go. As far as being apart of a domain you got me there. I still haven't figured that one out here at the library.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: cking@faylib.org
  • Domain computers can auto-login as well (I have my Kserver do it).

    It's a simple registry edit. Easy to find on google but if no luck PM and I will post.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: theodis
  • theodis
    Domain computers can auto-login as well (I have my Kserver do it).

    It's a simple registry edit. Easy to find on google but if no luck PM and I will post.



    Could you post the script

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: anantesh.marandi@katalystpartners.com
  • [QUOTE=gamer-x;28739]I have not yet crossed that threshhold.

    I ran it on my test box next to me, and it auto logs in... so honestly I have not even considered that part yet.

    I just wrote that the other day. Smile[/QUOTE]

    Do you even need to? If it boots in to safe mode with networking, shouldn't the agent check in? And if so, you should be able to run nearly any command line tool either directly, or by using the "Use Credentials" command in the script.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: Lmhansen