Advanced Malware Cleaning, courtesy of Mark Russinovich
http://www.microsoft.com/emea/spotlight/sessionh.aspx?videoid=359
An excellent video that explains some methods of cleaning up malware from your system. Mark is part of the brains behind the various SysInternals tools (now a Microsoft entity).
Rundll32.exe application not found because of Windows Antivirus Pro/Windows Police Pro: What to do
Finally! A quick registry fix for the Windows Antivirus 2009 Police Pro Security-whatever virus.
This thing is monsto-annoying. The thing will eat your Internet connection, it will smack your anti-malware software and it will kidnap your AV and hold it hostage. This virus sucks big-time. Even if you clean your system, the repair renders your system pretty much inoperable (in any useful sense).
How do I clean it? Typically, I’ll use the Kaspersky rescue CD – burn it using CDBurnerXP (it’s an ISO file).
So here’s the deal: Usually, when you clean up your system using the typical clean-up techniques and then restart, you’ll get the following error at boot:
C:\WINDOWS\system32\rundll32.exe
Application not found.
Super duper.
Then when you try to run any executable, you get the following (this does not show ‘.exe’ rather ‘.html’ pictured below. I didn’t get a proper screenshot because, well, you know, I couldn’t run any executable screen capture tools):
To fix this, you absolutely MUST have cleaned your system using your favorite (and hopefully effective) cleanup regiment.
- Click on ‘Start’> ‘Run’, then type ‘Notepad’ in the open field and press enter. You will again get the prompt as seen above, but scroll down the list and click on ‘Notepad’, then click ‘OK’.
- Notepad will open with a bunch of gobbledygook (yes, that is my technical term, and I’m sticking with it). Clear the contents by pressing [ctrl]+[a] and then hit your delete key. Type the following below EXACTLY as shown.
Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\exefile\shell\open\command] @="\"%1\"%*"
- When you’ve typed this up, click ‘File’> ‘Save as’ and then save it as ‘registry.reg’ to your Windows Desktop.
- Close out of Notepad, then double-click the registry file you saved to your desktop. When it asks if you want to import the registry key to your system, click ‘yes’.
That’s it, your exe file associations should now work again.
Windows Update Agent force script, email results version 2.6
via [Spiceworks Community Script Center]
This script (the core was pulled from Microsoft’s website, and the WindowsUpdate agent install was borrowed from Torgeir Bakken – thank you!) will tell the WU Automatic Update Client (wuaclt.exe) to ‘detectnow’, download and install missing windows updates as compared to it’s update server. Works for WSUS and regular Windows Update site.
You can force a client to restart after the updates have been applied (if a reboot is pending, or if you plain just want to restart for the heck of it).
The script is highly configurable, and should fit most applications where users/admins need to force a download and installation of approved updates.
NOTE: If there are a LOT of downloads to pull, the status window (or log) will say “Downloading” for that entire time. I’m not sure how to get a download progress of each update…maybe someone can help me with that.
Note on command-line switches: If you don’t specify a switch (for example, ‘email:’) the corresponding variable defined in the script will provide the needed information (command-line switches take precedence).
Why I put this script together:
Our desktop deployment technicians needed a script that would pull updates immediately and install.
We have some computers that are sometimes logged on or not (but they run services that must be running almost constantly), and are never rebooted.
The user ignores the ‘you have new updates available’ message, so updates are never installed. This script will let you install the updates, and then it tells the WUA to present the ‘restart’ message – which more users are apt to respond to.
If the client running the script doesn’t have the 2.0 WUA installed, Torgeir’s portion of the script will automatically install it (please contact me if this doesn’t work – I modified his script slightly to plug into mine!).
After the script runs, it will email a recipient the resulting logfile that is produced. Very handy for running with my Front-end to PSEXEC tool.
You need to edit the following variables:
* sExePath – this is the location of the WindowsUpdateAgent20-x86.exe. Download it from http://go.microsoft.com/fwlink/?LinkId=43264
* strMailFrom – arbitrary reply-to address
* strMailto – email address you want the report to mail to (this is for manual mode – or if the command-line switch isn’t specified).
* strSMTPServer – the IP address of the email server you are sending the reports through.
Optional variables:
- Silent: 0 = verbose, 1 = silent (no windows or visible information)
- Intdebug: 0 = off, 1 = 1 (see some variables that are being passed)
- strAction: prompt|install|detect. Prompt gives users opportunity to install updates or not, install just installs them, detect updates the WU collection and downloads the updates (but does not install them) – useful if you want to have the computer refresh its stats to the stat server but not install the updates.
- blnEmail: 0 = off|1 = on. If set to 0, the script will not email a log file. If you specify an email address in the command-line, this will force the script to switch blnEmail to ‘1′.
- strRestart: 0 = Do nothing|1 = restart|2 = shutdown. Command-switch ‘restart:’ supercedes this variable.
Command line switches:
- action: prompt|install|detect
- mode: silent|verbose
- email: you@yourdomain.com
- restart: 0 (do nothing)| 1 (restart) | 2 (shutdown)
- force: 0 (do not enforce restart action – this is optional, by default it is set to 0) | 1 (enforce restart action)
- emailsubject: – Text for custom subject enclosed in quotations (i.e. “This is a custom subject”
- fulldnsname: 0 (use non-qualified server name) | 1 (use fully qualified DNS name of the server that the script ran on)
- emailifallok: 0 (don’t email a report if there are no problems with the update process) | 1 (email report whether there are errors or not)
- smtpserver: x.x.x.x or smtp mail hostname (define an alternate SMTP server)
- logfile: “x:\path\log.txt”
- authtype: cdoAnonymous|cdoNTLM|cdoBasic (SMTP authentication type)
- authID: userid (SMTP authentication ID)
- authPassword: password (SMTP authentication password)
Finally, rename the file with .vbs extension
Example of usage:
| Action | Command-line |
| Install updates silently, email you a logfile, then restart the computer | updatehf.vbs action:install mode:silent email:you@yourdomain.com restart:1 |
| Detect missing updates, email you a logfile, then do nothing (no restart) | updatehf.vbs action:detect mode:verbose email:you@yourdomain.com restart:0 |
| Prompt user to let them decide whether or not to install updates, email you a logfile, prompt user for restart | updatehf.vbs action:prompt mode:verbose email:you@yourdomain.com restart:1 |
| Install updates silently, email you a logfile, then shutdown the computer if a reboot is pending-> | updatehf.vbs action:install mode:silent email:you@yourdomain.com restart:2 |
| Install updates silently, email you a logfile, then shutdown the computer no matter if a reboot is pending or not-> | updatehf.vbs action:install mode:silent email:you@yourdomain.com restart:2 force:1 |
| Detect missing updates or pending reboot silently, email you a logfile, then restart if there is a pending reboot -> | updatehf.vbs action:detect mode:silent email:you@yourdomain.com restart:1 |
| Detect missing updates or pending reboot silently, email you a logfile, then restart no matter if there is a pending reboot -> | updatehf.vbs action:detect mode:silent email:you@yourdomain.com restart:1 force:1 |
Download it from the Spiceworks Community Script Center
Welcome to the I|Toolbox!
After 4 years (if I remember right) of www.vbshf.com – and thousands upon thousands of downloads of the WSUS/Windows Update Force script, I’ve decided to modernize a bit and get a WordPress blog. I was pretty much limited by the dated MegaBBS (it served me VERY well over the years), and needed something that gave me a bit more control while keeping up with the current times. So, I give you ‘The I|Toolbox’ – a play on the ubiquitous iThis and iThat, but really stands for Information Technology.
This blog will attempt to bring you the old favorite scripts from www.vbshf.com while also providing a place to share user submitted scripts and tools. Perhaps this mission will change over time, but that’s the gist right now.
