Can someone who knows way more than I assisted me with the following script?
Ok, I know I'm asking for the world here... I've had some basic experience with VBScript prior to getting to where I am. On average I remove 3 to 4 maleware programs running on remote systems every day and while I realize the futility of trying to scrub them clean... I do try to bring them back to being functional. For sometime I've had the following idea that I'd like to do but it's beyond my skill.... Here's the pseudo code I have created:
On Error Resume Next
Dim ScanFolder ProcessInformation ProcessFound PID
Delete all Files and Folders in %temp%
' Including Hidden Files Folders
Search %temp% for Exe
' Including Hidden Exe
IF Exe found THEN
ELSE do Nothing
Check Windows Version
IF XP THEN
ScanFolder = C:\Documents and Settings
ScanFolder = C:\Users
Search ScanFolder for EXE files ' Including Hidden and System Exe
IF found THEN
ProcessFound = File.exe
Get Data on file
' Data here is refering to Description, Image Path Name, Owner, Company
' Name, etc. Things that can help identify it.
PID = ProcessID
ProcessInformation = Data
Display "The following process was locate:" ProcessFound & ProcessInformation & "Would you like to Delete the process? Warning this cannot be Undone! If you are unsure Please Click Unsure to end the process."
Prompt Yes, No, Unsure
IF Yes THEN
Display "Would you like to continue?"
Prompt Yes, No
IF Yes THEN continue process
ELSE end process
IF No, THEN
Go to next EXE file
IF Unsure THEN
Display "Did ending the process help?"
Prompt Yes, No
IF Yes THEN
IF No THEN
Do nothing and continue process
Some VBScript Diety out there can assist in creating this... you will have made my productivity go through the roof and I will personally vouch for you at the gates of heaven ^_^ (does bribary work here???? lol)
Community Chosen Answer
To be honest, much as dugullett said, this is highly unlikely to clean the machines. I don't see this saving you time and effort. It is just hiding the problem, and will make things worse in the long run. You have two general options to clean malware.
1. Reformat and redeploy. This is the guarantee. Often you will find if you take other steps, such as creating a standardized image and utilizing a good backup schema, this is the fastest way to deal with machines that get infected. You can greatly reduce the infection rate with good security products including antivirus, anti-malware, firewalls, network access control, IDS/IPS, etc.
2. We are IT professionals. We like to tinker with things. You can investigate the malware, and figure out how to remove it manually or with a program. With many infections, we can figure it out ourselves and get things clean to the point of reasonable mitigated risk. I've found Symantec writes some great automated removal tools and instructions that you can run as one-offs, or script.
My observation, however, is that you are past the reasonable tinkering stage if you are tired of doing it and at the point where you want to automate the removal. If that's the case, you are probably just wasting your time trying to write your own automated removal tools in an attempt to save time. The ways to save time are to find and shut down the sources of the infections (which if you are at the point of writing scripts to remove these things, I highly recommend you look for the source, as it is likely on your network, the result of policy violations, or the result of a lack of controls), and to use the professional resources out there to get you out of the malware removal business and back to your actual job.