I work for an IT shop that sees some computers come in with rather nasty viruses. We are working an autorun script that will run a malware killing tool (RKill) when we insert a USB or CD (preferably USB.) We want to run the tool as soon as the USB or CD is inserted without having UAC popup, ideally anyway. Our second choice is to have it open the Autorun options, even on PCs that have been locked down a la FBI virus. We have autorun.inf, a .bat that calls a .exe, and the .exe for the tool we want to run in the root of the USB or CD. We have tried the solution found here, but that didn't work.
The code for autorun.inf and rkill.bat are below.
autorun.inf:
[autorun]
open=rkill.bat
Where the autorun.bat file reads:
start rkill.exe
rkill.bat:
start rkill.exe
I understand that there may not be a reliable way to do this, but any help would be greatly appreciated.
use this:
[autorun]
OPEN=rkill.bat
SHELLEXECUTE=rkill.bat
ACTION=run rkill.bat
ICON=rkill.exe,0
works for me!
also, I run a pc repair shop also, so, a tip for you: use a boot disk
any of these work wonders:
Windows PE (with custom script)
Comodo Rescue Disc
You could customize the autorun popup to include your exe. Don't know why your using a batch file to execute a program.
autorun.inf
[autorun]
ShellExecute=rkill.exe
UseAutoPlay=1
Don't know if this works, not at home atm. But doesn't hurt to try.
-D
Alternate to Dimitri's answer above:
[autorun]
Open=rkill.exe
Icon=(icon file) <- OPTIONAL
Related
I'm trying to make an installer for a program and for that program to work I need to alter a few important windows files
I'm trying to make it like this:
plug in the usb
boot from the usb
wait for the installer to finish
boot windows and taaada program installed
I used all kinds of variations of Ms-Dos to do this but all of them don't copy my program's files or fail at something else
Any idea how to make something similar ?
You could try NTFSDOS if you want to keep being in DOS, or you could use some Linux distribution and mount the harddrives partition that way.
I need to know if a program exists ( or if I can create) that runs that computer's command prompt from a USB, without having to log in. I guess I don't really care if it is that computers cmd, but I need all of the modern functions of today's cmd. I also need to make sure that it has full administrative privileges. I know that it is possible, because just about every Linux system uses a similar system when it initially boots up, even when just downloaded to USB.
I guess I really need something that I can use with multiboot (a pure ISO file, not something like Rufus, which requires you to format usb). I don't know, but I don't think an ms dos thingy would have all of today's commands in cmd.
Any help much appreciated. Piece.
Edit: I just need the equvolent of single user mode in a Mac. Administrative access to the terminal without login info.
You can boot windows to safe mode limited command prompt, or you can launch a cmd window via the startup group (but you can't get a full screen after XP and the window can be closed with the latter method).
That is the first issue for you to solve, and then you can consider booting from USB.
I want to run a .exe file (or) any application from pen drive on insert in to pc. I dont want to use Autorun.inf file, as all anti virus software's blocks it. I have used portable application launcher also, that also using autorun only. so once again anti virus software blocks it. Is there any alternative option, such that .exe file from pen drive should start automatically on pen drive insert?
Anti-virus programs block autorun.inf on the solely purpose not to allow some .exe-s to start automatically on pen drive insert. So, basically, what you're asking is impossible.
I havent used Windows in a long time, but I am fairly sure there is a setting in Windows to enable/disable autorunning executeables on mounted drives. That and changing such setting in your antivirus application (or get a new, saner one) would be my best guess.
Good luck!
Sometimes after I install a program, a window appears on the screen and tells me, "To complete the installation, restart the system".
Now, I just want to know when a program requires a reboot and so my question is:
What kinds of operations does a program do that require a reboot?
One of the most common reasons is if you need to replace files that are in use (such as, say, what Windows Update does), then you have to tell the system to replace it on the next reboot.
Generally speaking, it's to replace/modify files that are in use by the system (and locked), so they can be updated on boot, before they are locked again.
Often when they install special drivers / hooks in Windows itself, like creating a virtual drive with DaemonTools. Either they need to replace files that are in use or a reboot is needed for the program to merge in the OS's inner layers.
The main reason for a reboot is files that in use that the installer could not replace. You can look at the registry under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\FileRenameOperations and see which files will be removed or renamed after the reboot.
I have some code that is reading a config file, but when I open the file in TextPad, I see different values than my application does. I checked it with Notepad. Notepad agrees with my application, TextPad shows something else.
This is on Vista x64 Business.
Any idea what could be causing this? I've looked in the Context Menu->Properties->Previous Versions details, but it says "There are no previous versions available".
Here's the steps to replicate (I can't make it happen reliably):
Installed .NET app in Program files.
That app reads the config file, but is falling over.
I manually edit that config file in Textpad.
The change doesn't take effect.
I open the config file in Notepad, and see something different.
Try making the change in Notepad and saving, and get this error message:
Notepad
Cannot create the C:\Program Files (x86)\Daniel Schaffer\WorkingOn for FogBugz\FogBugz > WorkingOn.exe.config file.
Make sure that the path and file name are correct.
I can't put the content here as it's XML and is being encoded by Superuser.com, but here's a link to a screencast: http://screencast.com/t/zhERl7mocp4.
Sounds like a case of you don't have administrator privs, when you installed your app. Sometimes when you install an app with no admin privs, it behave really strangely because of vista security model. I had a similar problem to this last year. It wasn't the exactly, but it was strange behaviour, until I figured out it was vista's security model. It elevates it into application/user security context, from what I know, as my brain froze when I was reading about it, as it was pure muck and virtually useless from what I can see.
Try opening Textpad (excellent app) with Run as Administrator, and then edit the config. See what happens. If it stays then same then its a prives problem. If that doesn't work, deinstall you app, and then install it as an administrator. That will give the app the write admin privs to work. Then when you edit the config. See if that works.
Take a look at this. You can elevate an app to run as administrator, Using the techniques found here. How to elevate an application.. Try all these before you do a reinstall.
If that doesn't work, post your question to server fault. Also post it to a suitable MSDN forum.
Hope that help.
Bob.
This is interesting. My guess is that a Vista Feature called UAC Virtualization (aka Data Redirection) is at work here. It basically redirects legacy applications to %USERPROFILE%\AppData\VirtualStore\Program Files\... so they can write files in the program's directory.
Maybe Textpad tries to open the file in read-write mode while both your application and Notepad use it read-only?
You can fire up Process Monitor to see the exact magic, and please let me know ;-)
Try just to strip that whitespace character from application name; my guess is something related to canonical path building
try to copy file to another path and reopen it. see if it changes the result.
One thing you can do is observe what exact file each of those methods ends up opening. To do this,
launch Process Monitor from the sysinternal suite.
look only for file operations (deselect registry operations on the right of the toolbar)
select only your own process (filter out all the processes that you don't care about, or just include your own process name in the filter list)
You can also simply use the search function for your file name, this might be the faster route.
Process monitor has helped me find so many issues it's amazing.