Kaseya Community

Silent Hijackthis Script

  • Has anyone had any luck with running hijackthis completely silent and log results to a text file? I can get it to run but it always pops up with the user interface even with the silent command line switch.

    Mac


    here is the unfinished script

    Script Name: Part 1 HijackThis Silent log to text and email
    Script Description: Runs HijackThis.exe with the silent command line switch on system drive, generates a text file in the default Temp folder and emails results(via child script).

    IF True
    THEN
    Get Variable
    Parameter 1 : 6
    Parameter 2 :
    Parameter 3 : MachID
    OS Type : 0
    Get Variable
    Parameter 1 : 3
    Parameter 2 :
    Parameter 3 : install
    OS Type : 0
    Write File
    Parameter 1 : #install#\HijackThis.exe
    Parameter 2 : VSASharedFiles\HijackThis.exe
    OS Type : 0
    Execute File
    Parameter 1 : #install#\HijackThis.exe
    Parameter 2 : /silentautolog
    Parameter 3 : 3
    OS Type : 0
    Write Script Log Entry
    Parameter 1 :
    OS Type : 0
    ELSE

    Legacy Forum Name: Silent Hijackthis Script,
    Legacy Posted By Username: Mac
  • The obvious question is this: Do you have version 1.99.2 or higher?

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: Lmhansen
  • I have version 2.0.0.2 directly from trendmicro's site. Any ideas?

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: Mac
  • I think the new Hijackthis (2.x) needs to actually be installed on the system, but I haven't tested to verify this ...

    Try setting the HKLM\Software\TrendMicro\HijackThis\ShowIntroFrame value to 0 before running the executable.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: Lmhansen
  • Hijackthis does not require an install routine before running. This is an option however.

    Try setting the script to run hijackthis as a shell command with the /silentautolog option rather than using execute file.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: David Wickboldt
  • I have canned the Hijackthis in favor of silent runner.vbs. Its smaller and there is less risk of accidentally have some user interaction. Plus, it will give most of the same results.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: Mac
  • The way we did it was to write the following registry keys before running hijackthis


    [HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\HijackThis]
    "Version"="202"
    "LanguageFile"="(Default)"
    "ShowIntroFrame"="1"


    Save that to a reg file and regedit /s the file. Use a shell command to run HiJackThis.exe /silentautolog

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: hsamayoa
  • Here's the script we use...

    If you import this, you have to fix the registry key below as the forum adds a space between the last \ and Version...just FYI

    Script Name: Run HijackThis
    Script Description: Run HijackThis on the target machine, save a log file, and then upload that file to the KServer. Current HijackThis version is 2.0.2. If this changes, you'll need to change the registry value in Step 3 to whatever the new version is (this prevents the EULA from appearing on first run - which will hang HijackThis if you are running in silent mode).

    IF True
    THEN
    Get Variable
    Parameter 1 : 10
    Parameter 2 :
    Parameter 3 : AgentTempPath
    OS Type : 0
    Delete File
    Parameter 1 : #AgentTempPath#\HijackThis\HijackThis.log
    OS Type : 0
    Set Registry Value
    Parameter 1 : HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\HijackThis\Version
    Parameter 2 : 202
    Parameter 3 : REG_SZ
    OS Type : 0
    Write File
    Parameter 1 : #AgentTempPath#\HijackThis\HijackThis.exe
    Parameter 2 : VSASharedFiles\HijackThis\HijackThis.exe
    OS Type : 0
    Execute File
    Parameter 1 : #AgentTempPath#\HijackThis\HijackThis.exe
    Parameter 2 : /silentautolog
    Parameter 3 : 3
    OS Type : 0
    Get File
    Parameter 1 : #AgentTempPath#\HijackThis\HijackThis.log
    Parameter 2 : HijackThis\HijackThis.log
    Parameter 3 : 0
    OS Type : 0
    Write Script Log Entry
    Parameter 1 : HijackThis log creation completed.
    OS Type : 0
    ELSE

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: benny@geeksaknockin.com
  • Thank you so much for sharing your script. I would try it right now but a beer is good and some sleep is better. Have a good night.

    M

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: Mac
  • [QUOTE=hsamayoa]Save that to a reg file and regedit /s the file.[/QUOTE]

    Silly question: Why do that when you can just let the script set those values? That way you can update the script as needed without having to update a .reg file, redeploy and reapply. Heck, one of my favorite uses of Kaseya scripting is to fiddle with the registry.

    [QUOTE=benny]If you import this, you have to fix the registry key below as the forum adds a space between the last \ and Version...just FYI[/QUOTE]

    You might try the forum's "CODE" block feature (the "pound sign" button); I think it lets you get around that little quirk. I'm not 100% certain of that right now, though, and I'm not in a position to test. (I'm foruming while waiting for a progress indicator to finish...)

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: GreyDuck
  • I just ran this script...works great, thank you!

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: pbrophy
  • GreyDuck
    Silly question: Why do that when you can just let the script set those values? That way you can update the script as needed without having to update a .reg file, redeploy and reapply. Heck, one of my favorite uses of Kaseya scripting is to fiddle with the registry.


    Just lazy it was easy for for me to export that key and upload.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: hsamayoa
  • Hey, never let it be said that I stood in the way of another person's laziness. The gods know I'm certainly lazy enough...!

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: GreyDuck
  • HAHA thanks

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: hsamayoa
  • Re-export of the script after adding all 3 registry changes and fixing the first one.
    Script Name: HijackThis /silentautolog
    Script Description: runs HijackThis.exe /silentautolog

    IF True
    THEN
    Get Variable
    Parameter 1 : 10
    Parameter 2 :
    Parameter 3 : AgentTempPath
    OS Type : 0
    Delete File
    Parameter 1 : #AgentTempPath#\HijackThis\HijackThis.log
    OS Type : 0
    Set Registry Value
    Parameter 1 : HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\HijackThis\Version
    Parameter 2 : 202
    Parameter 3 : REG_SZ
    OS Type : 0
    Set Registry Value
    Parameter 1 : HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\HijackThis\LanguageFile
    Parameter 2 : (Default)
    Parameter 3 : REG_SZ
    OS Type : 0
    Set Registry Value
    Parameter 1 : HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\HijackThis\ShowIntroFrames
    Parameter 2 : 1
    Parameter 3 : REG_SZ
    OS Type : 0
    Write File
    Parameter 1 : #AgentTempPath#\HijackThis\HijackThis.exe
    Parameter 2 : VSASharedFiles\Utils\HijackThis\HijackThis.exe
    OS Type : 0
    Execute File
    Parameter 1 : #AgentTempPath#\HijackThis\HijackThis.exe
    Parameter 2 : /silentautolog
    Parameter 3 : 3
    OS Type : 0
    Get File
    Parameter 1 : #AgentTempPath#\HijackThis\HijackThis.log
    Parameter 2 : HijackThis\HijackThis.log
    Parameter 3 : 0
    OS Type : 0
    Write Script Log Entry
    Parameter 1 : HijackThis log creation completed.
    OS Type : 0
    ELSE



    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: rwitt