Hello,
I've written the "InUse Destroyer.vbs" script (IUD). IUD allows in-use
files to be scheduled for deletion or replacement at reboot. Yes,
there are other utilities that do that, but AFAIK, unlike IUD, they
don't work under all Windows versions (W95, W98, NT4, W2K & WXP).
I wrote IUD to easily schedule registry hives to be replaced at boot
by versions in which spyware launch points have been suppressed. I
also use it to delete spyware files, including AppInit_DLLs infectors.
The IUD script:
1. will replace but won't delete a registry hive
2. accepts any number of deletions and replacements
3. appends its instructions to any existing instructions
4. detects if an append is in progress and displays this in all
windows with the ">>" symbol
5. optionally reboots the system when done.
The script is written in VBScript and requires WMI (and Admin rights)
for NT4 or higher. (WMI is not required under W98.) Please note that
it does *not* handle Unicode file names. The GUI is in VBScript -- I
opted to avoid an IE interface because the script targets infected
systems and use of IE on an infected system is reckless.
IUD can be downloaded here:
http://www.silentrunners.org/InUse%20Destroyer.vbs
or here: http://tinyurl.com/6qjah
Its MD5 hash is: C9D1BF1ED265365C65737B08BDC1017A
regards, Andy
----------
To identify everything that starts up with Windows, download
"Silent Runners.vbs" at www.silentrunners.org
----------
--
Editor's Note: The 43rd Most Powerful Person in Networking says...
Register today to take the TruSecure ICSA exam by 12/31/04 at
<http://www.2test.com> , use promo code "CT1204" and you will pay just
$221.25 US Dollars for domestic exam delivery and $296.25 US Dollars
for international delivery.
Visit <https://ticsa.trusecure.com> for complete details regarding the
TICSA credential and to take the free sample exam.
--
