Saturday, September 18, 2010

Virus cleaning script

We recently had a bad outbreak at work which seemed to spread faster than we could clean. We did several things to limit the ability to spread but could really do nothing while the computers were needed. I wrote this script which disabled all network connections, updated the MS patches, disabled the virus and finally cleaned the virus (4 times) off of all of the computers. We then pushed this script out to all of the computers and ran them near-simultaneously. Upon reboot you should be clean. Email me if you want help with customizing this script for your needs. It uses Kidokiller (Kaspersky), Symantec cleaner, Landesk AV and F-Prot.

cls

::~~~~~~~~~~~~~~~Revision: 2010-09-18~~~~~~~~~~~~~~::
::~~~~~~~~~~Written by Patrick Christian~~~~~~~~~~~::
    ::~~~~~~~~~~~~~~~For WinXP~~~~~~~~~~~~~~::

goto Virus1


:VIRUS1
echo Updating AntiVirus
cd c:\program files\LanDesk\LDClient\Antivirus
start /wait LDAV.exe /update
echo "%Computername%, %date%, %Time%" >>\\NetworkShare\Scans\scanStarted.txt
goto Firewall

:FIREWALL
                      ::Killing Network Connections::
echo Locking computer down...
netsh interface set interface "Local Area Connection" DISABLED
netsh interface set interface "Local Area Connection2" DISABLED
netsh interface set interface "Local Area Connection3" DISABLED
netsh interface set interface "Wireless Network Connection" DISABLED
netsh interface set interface "Wireless Network Connection2" DISABLED
netsh interface set interface "Wireless Network Connection3" DISABLED

:CLEANUP
echo Cleaning up some items...
cd c:\viruso
                      ::Cleaning Reg, Killing AT and Autorun services, Cleaning past Quarantines::
start /wait kk.exe -r -s -z -a -t -j
del C:\Documents and Settings\All Users\Application Data\LANDeskAV\Quarantine\*.qar
goto Patches

:PATCHES
Echo Installing Patches...please wait
start /wait X86-en-windowsxp-kb957097-x86-enu_af78065a797e9fb4c03ba811b04db6a66fa6e2d0.exe /quiet /norestart
start /wait X86-en-windowsxp-kb958644-x86-enu_5c135a8dae5721849430afe27af255f83e64f62b.exe /quiet /norestart
start /wait X86-en-windowsxp-kb958687-x86-enu_a9b85264e9b75e552ae10cd212937b8686a96833.exe /quiet /norestart
start /wait WindowsXP-KB921883-x86-ENU.exe /quiet /norestart
start /wait WindowsXP-KB958644-x86-ENU.exe /quiet /norestart
goto Virus2

:virus2
start /wait d.exe /s /start
start /wait f-downadup.exe
cd c:\program files\LanDesk\LDClient\Antivirus\
start /wait LDAV.exe /ScanComputer /showui
goto Reset


:Reset
del C:\Documents and Settings\All Users\Application Data\LANDeskAV\Quarantine\*.qar
netsh interface set interface "Local Area Connection" ENABLED
netsh interface set interface "Local Area Connection2" ENABLED
netsh interface set interface "Local Area Connection3" ENABLED
netsh interface set interface "Wireless Network Connection" ENABLED
netsh interface set interface "Wireless Network Connection2" ENABLED
netsh interface set interface "Wireless Network Connection3" ENABLED
echo "%Computername%, %date%, %Time%" >>\\NetworkShare\Scans\ScanComplete.txt
goto Shutdown

:Shutdown
shutdown -s -f -t 0

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Sociable


txtDrop.com