D
DevNull
Hello all,
Around my family we have noticed an enormous amount of activity from a
new trojan based on the SpyAxe stuff of a few weeks ago.
Basically while not as annoying as the SpyAxe attack itself, this
malware has alot of trash associated with it.
A large percentage of my friends and family seem to have come down with
this within the last few days leading me to believe it may be spreading
via IM or email. (Which is all we really have in common)
Everyone is now properly Firewalled and has a proper Virus Scan
installed, enabled and paid up.
The Virus Scan is just now detecting the BHO part as some sort of
"puper" variant, which of course is leading to the inevitable phone
calls.
I would like to send everyone a single script or small set of scripts
to automate the removal process, and make sure that this mess is taken
care of properly.
Especially considering that the official stance on this from the virus
removal companies is "It's not malware in the traditional sense so what
you have now is all you'll get at least for the near future".
Switching is out of the question, if I threw anything different onto
these machines, I'm sure some of the users would die of a heart-attack.
Anyways, thus far I have managed to create one script on my own and
wholesale plagarize another.
The first one just basically automagically downloads and extracts the
latest deffinitions files from my AV company, as well as thier current
DOS mode engine (meant for large network deployment, so it's extremely
current).
The other deletes some files that the DOS scan seems to ignore, or not
notice, then procedes to remove the associated registry entries that I
have found thus far.
Thats great except for most of my family is computer illiterate and I
work 12+ hours per day, I just don't have much time or patience to
teach grandma, grandpa, aunts, uncles, cousins etc how to run the first
script in normal mode, then boot into safe mode find the scripts and
run the second one.
What I need to figure out is how I can, from within the first script,
convince windows to boot into safe mode with command prompt.
Then have it run the second script.
Then (most likely from within the second script), set things back to
normal and reboot the computer into the default boot mode, when the all
clear is given.
Everything I have done is in 2 old school batch files, which I will
gladly share.
I am also not opposed to turning them into WSH scripts, if it would
make the difference, I mostly would just need to learn it really quick
(shouldn't be much problem I'm pretty proficient at JavaScript, and I
hear they are pretty similar).
If anyone is interested in what I have written/borrowed thus far please
drop a line in here and I will gladly show the code, not that it's much
to look at.
So can anyone please help me idiot proof this process a bit? Is what
I'm asking even achievable in a scripting only (aka non-compiled)
environment.
Thanx in advance.
p.s. Everyone is (now) running fully patched Windows XP SP2
Around my family we have noticed an enormous amount of activity from a
new trojan based on the SpyAxe stuff of a few weeks ago.
Basically while not as annoying as the SpyAxe attack itself, this
malware has alot of trash associated with it.
A large percentage of my friends and family seem to have come down with
this within the last few days leading me to believe it may be spreading
via IM or email. (Which is all we really have in common)
Everyone is now properly Firewalled and has a proper Virus Scan
installed, enabled and paid up.
The Virus Scan is just now detecting the BHO part as some sort of
"puper" variant, which of course is leading to the inevitable phone
calls.
I would like to send everyone a single script or small set of scripts
to automate the removal process, and make sure that this mess is taken
care of properly.
Especially considering that the official stance on this from the virus
removal companies is "It's not malware in the traditional sense so what
you have now is all you'll get at least for the near future".
Switching is out of the question, if I threw anything different onto
these machines, I'm sure some of the users would die of a heart-attack.
Anyways, thus far I have managed to create one script on my own and
wholesale plagarize another.
The first one just basically automagically downloads and extracts the
latest deffinitions files from my AV company, as well as thier current
DOS mode engine (meant for large network deployment, so it's extremely
current).
The other deletes some files that the DOS scan seems to ignore, or not
notice, then procedes to remove the associated registry entries that I
have found thus far.
Thats great except for most of my family is computer illiterate and I
work 12+ hours per day, I just don't have much time or patience to
teach grandma, grandpa, aunts, uncles, cousins etc how to run the first
script in normal mode, then boot into safe mode find the scripts and
run the second one.
What I need to figure out is how I can, from within the first script,
convince windows to boot into safe mode with command prompt.
Then have it run the second script.
Then (most likely from within the second script), set things back to
normal and reboot the computer into the default boot mode, when the all
clear is given.
Everything I have done is in 2 old school batch files, which I will
gladly share.
I am also not opposed to turning them into WSH scripts, if it would
make the difference, I mostly would just need to learn it really quick
(shouldn't be much problem I'm pretty proficient at JavaScript, and I
hear they are pretty similar).
If anyone is interested in what I have written/borrowed thus far please
drop a line in here and I will gladly show the code, not that it's much
to look at.
So can anyone please help me idiot proof this process a bit? Is what
I'm asking even achievable in a scripting only (aka non-compiled)
environment.
Thanx in advance.
p.s. Everyone is (now) running fully patched Windows XP SP2