W32LoveSAN - KiXtart.org

You are not logged in. [Log In] KiXtart.org website » Forums » KiXtart » Basic Scripting » W32LoveSAN

Page 3 of 3

Topic Options

#44003 - 2003-08-18 11:04 PM Re: W32LoveSAN
NTDOC NTDOC Administrator Registered: 2000-07-28 Posts: 11631 Loc: CA	The SU can be done, but is NOT very secure deploying it. Please search and look for posts with regards to the KiXCrypt utility if you really must perform the task in this manner. http://www.kixhelp.com/Downloads/kixcyrpt3.0b.zip http://www.kixtart.org/cgi-bin/ultimatebb.cgi?ubb=get_topic&f=14&t=000412
Top

#44004 - 2003-08-18 11:33 PM Re: W32LoveSAN
Sealeopard Sealeopard KiX Master Registered: 2001-04-25 Posts: 11165 Loc: Boston, MA, USA	I have to wonder how anti-virus updates are then distributed if you're not allowed to install anything without the user's consent? _________________________ There are two types of vessels, submarines and targets.
Top

#44005 - 2003-08-19 01:27 AM Re: W32LoveSAN
Radimus Radimus Moderator Registered: 2000-01-06 Posts: 5187 Loc: Tampa, FL	look in the UDF forum for a UDF called UpdateApps() I wrote it to be a simple request for install wrapper. where is displays a message about the app, and a yes/no prompt for non-critical apps with a counter and a OK message for critical apps _________________________ How to ask questions the smart way <-----------> Before you ask
Top

#44006 - 2003-08-19 08:05 PM Re: W32LoveSAN
Bob Deerinwater Bob Deerinwater Starting to like KiXtart Registered: 2002-05-05 Posts: 101 Loc: Covina California	In regards to how we deploy our antivirus. Panda Software runs a program call rinstall with a script after it.....this has me thinking if i can use their program for the install. it looks similar to kix but will check it out. if you want a sample of their script let me know
Top

#44007 - 2003-08-20 02:32 AM Re: W32LoveSAN
Bob Deerinwater Bob Deerinwater Starting to like KiXtart Registered: 2002-05-05 Posts: 101 Loc: Covina California	NTDOC, did you ever get a chance to post the admin script for this. In plain words (SU) sucks works on some but not consistent enought to feel comfortable.
Top

#44008 - 2003-08-20 03:47 AM Re: W32LoveSAN
Sealeopard Sealeopard KiX Master Registered: 2001-04-25 Posts: 11165 Loc: Boston, MA, USA	Then run it via Task Scheduler. Example scripts have already been posted in the 'Scripts' forum. _________________________ There are two types of vessels, submarines and targets.
Top

#44009 - 2003-08-20 03:04 PM

Re: W32LoveSAN

MM club member

Registered: 2000-11-20
Posts: 1342
Loc: NL

FYI

I have two scripts: One for the MS Patch and one to remove the virus

code:

; **************************************************************************************************************
; * 	                                                                                                       *
; *  Dit script controleerd of Security Patch Q823980 geinstalleerd is op Windows XP pc's.                     *
; *  Indien dit niet het geval is wordt het alsnog geinstalleerd.					       *
; *  Datgene wat het script aantreft wordt gelogd							       *
; *													       *
; *  14/08/2003 - Co 				                       *
; *                                                                                                            *
; **************************************************************************************************************
 
$srv='\\server\log$\Q823980\'+@wksta+'.txt'
If @INWIN=1

	open(1,$srv,5)	
	  $logdata='Workstation'+Chr(9)+'OS'+Chr(9)+'Build'+Chr(9)+'SP'+Chr(9)+'NT Version'+'Mac Address'+Chr(9)+'IPAddress'+Chr(9)+'UserID'+Chr(9)+'Full Name'+Chr(9)+'privilege level'+Chr(9)+'day'+Chr(9)+'date'+Chr(9)+'Time'+Chr(9)+'RPC Version'+Chr(13)+Chr(10)
	$nul=WriteLine(1,$logdata)

 	Dim $KBPath,$RPCver
 	$KBPath='\\server\updates\Q823980.exe'
	$RPCver=GetFileVersion('%windir%\system32\Rpcrt4.dll', 'Productversion')
	
	Select
		
		Case @ProductType='Windows XP Professional' and $CSD = 0 and $RPCver <> '5.1.2600.109' and not KeyExist('HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB823980')

				Shell '%comspec% /c $KBPath'
				$logdata=@Wksta+Chr(9)+@ProductType+Chr(9)+@Build+Chr(9)+@CSD+Chr(9)+@Dos+Chr(9)+@Address+Chr(9)+@IPADDRESS0+Chr(9)+@UserID+Chr(9)+@FullName+Chr(9)+@priv+Chr(9)+@day+Chr(9)+@date+Chr(9)+@Time+Chr(9)+$RPCver+Chr(13)+Chr(10)
				$nul=WriteLine(1,$logdata)
					  
		Case @ProductType='Windows XP Professional' and $CSD = 1 and $RPCver <> '5.1.2600.1230' and not KeyExist('HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB823980')

				;Shell '%comspec% /c '+$KBPath+'\'+$KBFile+''
				Shell '%comspec% /c $KBPath'
				$logdata=@Wksta+Chr(9)+@ProductType+Chr(9)+@Build+Chr(9)+@CSD+Chr(9)+@Dos+Chr(9)+@Address+Chr(9)+@IPADDRESS0+Chr(9)+@UserID+Chr(9)+@FullName+Chr(9)+@priv+Chr(9)+@day+Chr(9)+@date+Chr(9)+@Time+Chr(9)+$RPCver+Chr(13)+Chr(10)
				$nul=WriteLine(1,$logdata)

					  
		Case @ProductType='Windows XP Professional' and $RPCver = '5.1.2600.109' or $RPCver = '5.1.2600.1230'
				$logdata=@Wksta+Chr(9)+'Q823980 is reeds geinstalleerd'+Chr(13)+Chr(10)
				        $nul=WriteLine(1,$logdata)
	
	    			
		
	EndSelect
EndIf
:end
$nul=Close(1)

code:

; **************************************************************************************************************
; * 	                                                                                                       *
; *  Dit script controleerd of het W32.Blaster virus of varianten hiervan aanwezig is op Windows XP pc's.      *
; *  Indien dit niet het geval is wordt het alsnog geinstalleerd.					       *
; *  Als het script het virus aantreft wordt het gelogd.					               *
; *													       *
; *  14/08/2003 - Co 				                       *
; *                                                                                                            *
; **************************************************************************************************************
 


$sys='system32'
If @inwin = 2
$sys='system'
endif

$srv='\\server\log$\msblast\'+@wksta+'.log'


$reg = readvalue("HKLM\Software\Microsoft\Windows\currentVersion\Run","Windows auto update")
If @error = 0
	open(1,$srv,5)
	$logdata='Workstation'+Chr(9)+'OS'+Chr(9)+'Build'+Chr(9)+'SP'+Chr(9)+'NT '+'Mac'+Chr(9)+'IPAddress'+Chr(9)+'UserID'+Chr(9)+'Full Name'+Chr(9)+'privilege level'+Chr(9)+'day'+Chr(9)+'date'+Chr(9)+'Time'+Chr(13)+Chr(10)
  	$actie='Regkey Windows auto update is verwijderd'+Chr(13)+Chr(10)
	$nul=WriteLine(1,$logdata)
	$logdata=@Wksta+Chr(9)+@ProductType+Chr(9)+@Build+Chr(9)+@CSD+Chr(9)+@Dos+Chr(9)+@Address+Chr(9)+@IPADDRESS0+Chr(9)+@UserID+Chr(9)+@FullName+Chr(9)+@priv+Chr(9)+@day+Chr(9)+@date+Chr(9)+@Time+Chr(13)+Chr(10)
	$nul=WriteLine(1,$logdata)
	$nul=writeline(1,$actie)
	Delvalue("HKLM\Software\Microsoft\Windows\currentVersion\Run","Windows auto update")
	
	$nul=Close(1)
Endif

If exist("%windir%\$sys\msblast.exe")<>0
	open(1,$srv,5)
        $logdata='Workstation'+Chr(9)+'OS'+Chr(9)+'Build'+Chr(9)+'SP'+Chr(9)+'NT'+chr(9)+'Mac'+Chr(9)+'IPAddress'+Chr(9)+'UserID'+Chr(9)+'Full Name'+Chr(9)+'privilege level'+Chr(9)+'day'+Chr(9)+'date'+Chr(9)+'Time'+Chr(13)+Chr(10)
  	$actie='msblast.exe is verwijderd'+Chr(13)+Chr(10)
	$nul=WriteLine(1,$logdata)
        $logdata=@Wksta+Chr(9)+@ProductType+Chr(9)+@Build+Chr(9)+@CSD+Chr(9)+@Dos+Chr(9)+@Address+Chr(9)+@IPADDRESS0+Chr(9)+@UserID+Chr(9)+@FullName+Chr(9)+@priv+Chr(9)+@day+Chr(9)+@date+Chr(9)+@Time+Chr(13)+Chr(10)
	$nul=WriteLine(1,$logdata)
	$nul=writeline(1,$actie)
	Shell "%COMSPEC% /e:1024 /c \\server\Updates\Sophos\RESOLVE.COM -DF=BLASTERA.DAT -NOC > nul"
 	del "%windir%\$sys\msblast.exe"
	
        $nul=Close(1)
Endif

If exist("%windir%\$sys\teekids.exe")<>0
	open(1,$srv,5)
        $logdata='Workstation'+Chr(9)+'OS'+Chr(9)+'Build'+Chr(9)+'SP'+Chr(9)+'NT'+Chr(9)+'Mac'+'IPAddress'+Chr(9)+'UserID'+Chr(9)+'Full Name'+Chr(9)+'privilege level'+Chr(9)+'day'+Chr(9)+'date'+Chr(9)+'Time'+Chr(13)+Chr(10)
	$actie='teekids.exe is verwijderd'+Chr(13)+Chr(10)
	$nul=WriteLine(1,$logdata)
	$logdata=@Wksta+Chr(9)+@ProductType+Chr(9)+@Build+Chr(9)+@CSD+Chr(9)+@Dos+Chr(9)+@Address+Chr(9)+@IPADDRESS0+Chr(9)+@UserID+Chr(9)+@FullName+Chr(9)+@priv+Chr(9)+@day+Chr(9)+@date+Chr(9)+@Time+Chr(13)+Chr(10)
	$nul=WriteLine(1,$logdata)
	$nul=writeline(1,$actie)
	Shell "%COMSPEC% /e:1024 /c \\server\Updates\Sophos\RESOLVE.COM -DF=BLASTERA.DAT -NOC > nul"
	del "%windir%\$sys\teekids.exe"
	
        $nul=Close(1)
Endif

If exist("%windir%\$sys\penis32.exe")<>0
	open(1,$srv,5)
        $logdata='Workstation'+Chr(9)+'OS'+Chr(9)+'Build'+Chr(9)+'SP'+Chr(9)+'NT'+Chr(9)+'Mac'+Chr(9)+'IPAddress'+Chr(9)+'UserID'+Chr(9)+'Full Name'+Chr(9)+'privilege level'+Chr(9)+'day'+Chr(9)+'date'+Chr(9)+'Time'+Chr(13)+Chr(10)
	$actie='penis32.exe is verwijderd'+Chr(13)+Chr(10)
	$nul=WriteLine(1,$logdata)
	$logdata=@Wksta+Chr(9)+@ProductType+Chr(9)+@Build+Chr(9)+@CSD+Chr(9)+@Dos+Chr(9)+@Address+Chr(9)+@IPADDRESS0+Chr(9)+@UserID+Chr(9)+@FullName+Chr(9)+@priv+Chr(9)+@day+Chr(9)+@date+Chr(9)+@Time+Chr(13)+Chr(10)
	$nul=WriteLine(1,$logdata)
	$nul=writeline(1,$actie)
	Shell "%COMSPEC% /e:1024 /c \\server\Updates\Sophos\RESOLVE.COM -DF=BLASTERA.DAT -NOC > nul"
	del "%windir%\$sys\penis32.exe"
	
        $nul=Close(1)
Endif

[ 21. August 2003, 09:03: Message edited by: CO ]

_________________________
Co

Top

#44010 - 2003-08-20 03:10 PM Re: W32LoveSAN
Co Co MM club member Registered: 2000-11-20 Posts: 1342 Loc: NL	Ooh and we have modified the executable with Wise for Windows Installer. Users can install it with Administrator credentials. Co _________________________ Co
Top

#44011 - 2003-08-24 12:01 AM Re: W32LoveSAN
NTDOC NTDOC Administrator Registered: 2000-07-28 Posts: 11631 Loc: CA	Bob, The one that I posted as an Administrator script is here. http://www.kixtart.org/board/ultimatebb.php?ubb=get_topic;f=2;t=004517
Top

Page 3 of 3

Previous Topic View All Topics

Index Next Topic

Moderator: Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart

Hop to:

Shout Box

Search the board with:
superb Board Search
or try with google:

	Web kixtart.org