Kaseya Community

VIPRE Rescue script?

  • Hey guys, I need some serious help with getting VIPRE rescue to run on client workstations. While I've created a self-extracting, run deep_scan.bat after extract file, the problem I always run in to is below.

    For those of you not familiar with VIPRERESCUE, the batch file simply is
    cls
    @echo off

    rem SBREDrv.sys MUST be copied to system32 (there could be a mismatch with existing installed binaries)
    rem sbbd.exe MUST be copied to system32 (there could be a mismatch with existing installed binaries)
    rem sbrc.exe will be run from its current location

    echo Copying rootkit engine driver to system folder...
    copy SBREDrv.sys "%SystemRoot%\system32\drivers"
    echo Copying boot time scanner to system folder...
    copy sbbd.exe "%SystemRoot%\system32"
    cmd /k VIPRERescueScanner.exe /deep /log


    But when deep_scan.bat runs via kaseya script (execute shell command as user c:\VIPRERESCUE\deep_scan.bat) nothing happens///No command prompt opens up or anything...

    The program runs fine when done manually, even just START -> RUN ->
    c:\VIPRERESCUE\deep_scan.bat

    I've dont 3 days worth of testing this script and am really at a loss...

    Legacy Forum Name: VIPRE Rescue script?,
    Legacy Posted By Username: strategicmicro
  • Also wanted to note that when I set the command to run as system and throw quotes around the command, it still doesn't run, but there's 2 cmd.exe in my task manager now...

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: strategicmicro
  • Your script won't work because VIPRERescueScanner.exe looks for files and folders in the local directory in which it's executed from. I'm not done fine tuning this, but it will get the job done:

    <?xml version="1.0" encoding="utf-8"?>
    <ScriptExport xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.kaseya.com/vsa/2008/12/Scripting">
      <Procedure name="VIPRE Rescue" treePres="3">
        <Body description="">
          <If description="">
            <Condition name="True" />
            <Then>
              <Statement description="" name="GetVariable" continueOnFail="false">
                <Parameter xsi:type="EnumParameter" name="VariableType" value="AgentTempDirectory" />
                <Parameter xsi:type="StringParameter" name="SourceContent" value="" />
                <Parameter xsi:type="StringParameter" name="VariableName" value="AgentTemp" />
              </Statement>
              <Statement description="" name="GetURL" continueOnFail="false">
                <Parameter xsi:type="StringParameter" name="URL" value="http://live.sunbeltsoftware.com/Download/" />
                <Parameter xsi:type="StringParameter" name="ResponseFileName" value="#AgentTemp#\VRescue.exe" />
                <Parameter xsi:type="BooleanParameter" name="WaitComplete" value="True" />
              </Statement>
              <Statement description="" name="WriteFile" continueOnFail="false">
                <Parameter xsi:type="StringParameter" name="Path" value="#AgentTemp#\kunzip.exe" />
                <Parameter xsi:type="StringParameter" name="ManagedFile" value="VSASharedFiles\unzip.exe" />
              </Statement>
              <Statement description="" name="ExecuteShellCommand" continueOnFail="false">
                <Parameter xsi:type="StringParameter" name="Command" value="#AgentTemp#\kunzip -d #AgentTemp#\VIPRERescue -o #AgentTemp#\VRescue.exe" />
                <Parameter xsi:type="EnumParameter" name="ExecuteAccount" value="System" />
                <Parameter xsi:type="BooleanParameter" name="Is64Bit" value="False" />
              </Statement>
              <Statement description="" name="WriteFile" continueOnFail="false">
                <Parameter xsi:type="StringParameter" name="Path" value="#AgentTemp#\deep_scan.bat" />
                <Parameter xsi:type="StringParameter" name="ManagedFile" value="VSASharedFiles\deep_scan.bat" />
              </Statement>
              <Statement description="" name="ExecuteFile" continueOnFail="false">
                <Parameter xsi:type="StringParameter" name="Path" value="#AgentTemp#\deep_scan.bat" />
                <Parameter xsi:type="StringParameter" name="Arguments" value="" />
                <Parameter xsi:type="EnumParameter" name="ExecuteAccount" value="System" />
                <Parameter xsi:type="BooleanParameter" name="WaitComplete" value="True" />
              </Statement>
            </Then>
          </If>
        </Body>
      </Procedure>
    </ScriptExport>
    
    The deep_scan.bat file is this:
    cls
    @echo off
    cd C:\kworking\VIPRERescue
    copy /Y SBREDrv.sys "%SystemRoot%\system32\drivers"
    copy /Y sbbd.exe "%SystemRoot%\system32"
    cmd /k VIPRERescueScanner.exe /deep /log
    


    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: jviggiano



    [edited by: Brendan Cosgrove at 5:24 PM (GMT -8) on 12-17-2010] .
  • Thanks, I'll give this a try and see what I get.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: strategicmicro
  • Works GREAT. This is the solution we've been looking for. Now my boss wants it to run once a week and generate custom reports based on text inside the logfile. Project 2 is underway

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: strategicmicro
  • how's that going? How does the network react to pushing out a 75mb file to all the PC's.....

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: capitalcitycomp
  • I had success on my test computer. But any other machine and it keeps on downloading Vipre over and over and over and over and keeps running it over and over and over and over.

    It's ruined a few setups already. I believe that the problem lies with our rather poor (hardware-wise) Kserver

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: strategicmicro