|
mthompson
Seasoned But Casual Onlooker
USA
43 Posts
Status: offline |
 Posted - 01/17/2009 : 8:08:56 PM
|
This script automates the running of the F-Secure Conflicker/DownADUP removal tool FSMRT.exe
The script will copy the file fsmrt.exe (F-Secure DownADUp removal tool) to c:\ (if needed), execute the file, then take appropiate action according to the returncode of the file (nothing, reboot, or shutdown).
The script will create a txt file for the actions taken for on all systems (Clean.txt, Cleared.txt, or Infected.txt), and a txt file for the actions taken for each system (machineName.txt).
These files are stored in a central location you define with the StrServer and StrShare variables. You will need to place the FSMRT.exe in the same location.
The script has been tested for functionality. There is no commenting. You are using this script at your own risk.
The intent is to place this script into a system startup GPO.
The application (fsmrt.exe) requires administrative access to the system as it is doing it's scan.
FSMRT.exe is available at
ftp://ftp.f-secure.com/anti-virus/tools/beta/fsmrt.zip
'**************** Start of Script
on error resume next
Dim StrServer
Dim StrShare
Dim StrComputer
Dim objFSO
Dim objLogFile
Dim objFSO2
Dim objLogFile2
Dim objFSO3
Dim WshNetwork
Dim WshShell
Dim WshEnv
Dim objSystemInfo
Dim OpSysSet
StrServer = "ServerName"
StrShare = "ShareName"
set wshnetwork = CreateObject("wscript.network")
StrComputer = wshnetwork.computername
set wshnetwork = nothing
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objLogFile = objFSO.OpenTextFile("\\" & StrServer & "\" & StrShare & "\" & StrComputer & ".txt", 8, True)
objLogFile.Write("F-Secure Trojan/Worm Scan started at " & now() & " ")
objLogFile.Writeline
Set objFSO3 = CreateObject("Scripting.FileSystemObject")
If objFSO3.FileExists("c:\fsmrt.exe") Then
objLogFile.Write("Application File already in place")
objLogFile.Writeline
Else
objLogFile.Write("Copying FSMRT File to " & StrComputer)
objLogFile.Writeline
objFSO3.CopyFile "\\" & StrServer & "\" & StrShare & "\fsmrt.exe", "c:\"
End If
Set WshShell = WScript.CreateObject("WScript.Shell")
Set WshEnv = WshShell.Environment("PROCESS")
WshEnv("SEE_MASK_NOZONECHECKS") = 1
Return = WshShell.Run("c:\fsmrt.exe >>\\" & StrServer & "\" & StrShare & "\" & StrComputer &".txt", 0, true)
WshEnv.Remove("SEE_MASK_NOZONECHECKS")
Set objSystemInfo = CreateObject("ADSystemInfo")
Set OpSysSet = GetObject("winmgmts:{(Shutdown)}//" & StrComputer & "/root/cimv2").ExecQuery("select * from Win32_OperatingSystem where Primary=true")
For each OpSys in OpSysSet
If Return = 10 Or Return = 1 Then
Set objFSO2 = CreateObject("Scripting.FileSystemObject")
Set objLogFile2 = objFSO2.OpenTextFile("\\" & StrServer & "\" & StrShare & "\Cleared.txt", 8, True)
objLogFile2.Write("Trojan/Worm Found ... Item cleaned " & StrComputer & " rebooted at " & now() & " ")
objLogFile2.Writeline
objLogFile.Write("Trojan/Worm Found ... Item cleaned " & StrComputer & " rebooted at " & now() & " ")
objLogFile.Writeline
OpSys.Reboot()
ElseIf Return = 2 Then
Set objFSO2 = CreateObject("Scripting.FileSystemObject")
Set objLogFile2 = objFSO3.OpenTextFile("\\" & StrServer & "\" & StrShare & "\Infected.txt", 8, True)
objLogFile2.Write("Trojan/Worm Found ... Cannot clean " & StrComputer & " Shutdown at " & now() & " ")
objLogFile2.Writeline
objLogFile.Write("Trojan/Worm Found ... Cannot clean " & StrComputer & " Shutdown at " & now() & " ")
objLogFile.Writeline
opSys.Win32Shutdown(5)
Else
Set objFSO2 = CreateObject("Scripting.FileSystemObject")
Set objLogFile2 = objFSO3.OpenTextFile("\\" & StrServer & "\" & StrShare & "\Clean.txt", 8, True)
objLogFile2.Write("Nothing found on " & StrComputer & " ... Ending Scan at " & now() & " ")
objLogFile2.Writeline
objLogFile.Write("Nothing found on " & StrComputer & " ... Ending Scan at " & now() & " ")
objLogFile.WriteLine
End If
Next
Set objLogFile2 = nothing
Set objLogFile = nothing
Set objFSO3 = nothing
Set objFSO2 = nothing
Set objFSO = nothing
Set WshShell = Nothing
'**************** End of Script
|
|
Conflicker/DownADUp
