Hi malware fighters,
If you want to enroll an anti-spyware program on a couple of machines, the following can be a usefull script:
It was used to enroll MS antispyware on various machines. ----------------------------------------------------------
'MSAS Install Script - ryan@overdose.net
'ipFile = path to list of hosts
ipFile = "C:\scripts\installmsas\list.txt"
'execPath = path to executable file
execPath = "C:\scripts\installmsas\msantispy.msi"
'execCommand = command to execute, including path, switches, etc
execCommand = "msiexec.exe /i c:\msantispy.msi /qn INSTALLDIR=c:\MSAS\"
execCommand2 = "C:\msas\gcasDtServ.exe /regserver"
'fileName = filename of executable
fileName = "msantispy.msi"
'pathToLog = path to the logfile
pathToLog = "C:\scripts\installmsas\install_log.txt"
On Error Resume Next
Set oNet = CreateObject("WScript.Network")
Set oFS = CreateObject("Scripting.FileSystemObject")
Set oSvcLocal = GetObject("winmgmts:root\cimv2")
Set oIPFile = oFS.OpenTextFile(ipFile, 1, false)
Set oOutputFile = oFS.CreateTextFile(pathToLog, TRUE)
If (Err.Number <> 0) Then
WScript.Echo "Cannot open " & ipFile
WScript.Quit
End If
While Not oIPFile.atEndOfStream
ip = oipFile.ReadLine()
oOutputFile.WriteLine(vbCrLf & "Connecting to " & ip & "... ")
WScript.Echo vbCrLf & "Connecting to " & ip & "... "
Err.Clear
Set oSvcRemote = GetObject("winmgmts:\\" & ip & "\root\cimv2")
If (Err.Number <> 0) Then
oOutputFile.WriteLine("Failed to connect to " & ip & ".")
WScript.Echo "Failed to connect to " & ip & "."
Else
oNet.RemoveNetworkDrive "x:"
oNet.MapNetworkDrive "x:", "\\" & ip & "\C$"
' copy msas file to remote pc
Set oSourceFile = oSvcLocal.Get("cim_datafile=""" & replace(execPath, "\", "\\") & """")
returnCode = oSourceFile.Copy("x:\\" & fileName)
If (returnCode <> 0 and returnCode <> 10) Then
' Failure detected and failure was not "file already exists."
oOutputFile.WriteLine("Failed copy " & fileName & " to " & ip & " - Error Code: " & returnCode)
WScript.Echo "Failed copy " & fileName & " to " & ip & " - Error Code: " & returnCode
oNet.RemoveNetworkDrive "x:"
Else
oOutputFile.WriteLine(fileName & " copied to " & ip)
WScript.Echo fileName & " copied to " & ip
Set oProcess = oSvcRemote.Get("win32_process")
returnCode = oProcess.Create(replace(execCommand, "\", "\\"))
If (returnCode <> 0) Then
oOutputFile.WriteLine("Failed to start install on " & ip & " Error Code: " & returnCode)
WScript.Echo "Failed to start install on " & ip & " Error Code: " & returnCode
oNet.RemoveNetworkDrive "x:"
Else
Set oDestFile = oSvcLocal.Get("cim_datafile=""x:\\" & fileName & """")
'Wait for the installation to complete.
For waitTime = 0 To 120 ' Lay and wait--up to two minutes for the installation to complete.
WScript.Sleep 10000 ' Sleep
'Delete temporary file as soon as possible after it is freed.
If (oDestFile.Delete() = 0) Then
Exit For
End If
Next ' Otherwise, loop again and keep waiting...
oOutputFile.WriteLine("Installation successful on " & ip & ".")
WScript.Echo "Installation successful on " & ip & "."
End If 'Create process succeeded.
'now register server
returnCode = oProcess.Create(replace(execCommand2, "\", "\\"))
If (returnCode <> 0) Then
oOutputFile.WriteLine("Failed to register server on " & ip & " Error Code: " & returnCode)
WScript.Echo "Failed to register server on " & ip & " Error Code: " & returnCode
Else
oOutputFile.WriteLine("Registration successful on " & ip & ".")
WScript.Echo "Registration successful on " & ip & "."
End If
End If
End If
WEnd
oOutputFile.Close
If we analyse this script for what it is worth through for instance ScriptSentry it can also come in handy to enroll malicious code onto machines. Are you alerted now to the two-sidedness of the sword, called SCRIPT!,
polonus
