Run ComboFix in script?

You need help to start using UVK? You have a doubt on a UVK feature? Post here!
Forum rules
We have no special rules for UVK forums. Just try to be polite and clear in your posts.
Please don't post spam in this forum. Spammers will be banned by IP, e-mail and username.
We reserve the right to delete all posts and ban all users we consider not having respected these rules without warning.
Post Reply
netmonk99
Posts: 13
Joined: Tue May 29, 2012 6:44 am

Run ComboFix in script?

Post by netmonk99 »

Is it possible to download, update and run ComboFix as part of a script in UVK?
Fred
Site Admin
Posts: 2357
Joined: Sat Jul 30, 2011 12:05 pm
Location: Red coast, France
Contact:

Re: Run ComboFix in script?

Post by Fred »

Well, download and run combofix as part of a script should be easy, but the author doesn't approve it.

At least that's what bleepingcomputer told me when I had it automated in the automatic anti-malware scans. They had me remove it.

But I guess for a private script it should be OK:
One thing we humans have in common is that we are all different. So, if you think you're weird because you're different from everyone else, then we are all weird.

Fred
netmonk99
Posts: 13
Joined: Tue May 29, 2012 6:44 am

Re: Run ComboFix in script?

Post by netmonk99 »

Would you mind PM'ing me the script for it, if you don't want it posted publicly?

Thanks!
Fred
Site Admin
Posts: 2357
Joined: Sat Jul 30, 2011 12:05 pm
Location: Red coast, France
Contact:

Re: Run ComboFix in script?

Post by Fred »

It's really no big deal, netmonk99. You just have to often check if they have changed the download url.

Code: Select all

 <Download>
http://download.bleepingcomputer.com/dl/6d336c2bc7b73a36ac8e3ea720fab839/4fd064c1/windows/security/anti-virus/c/combofix/ComboFix.exe | %Temp%\CmboFx.exe

 <RunWait>
%Temp%\CmboFx.exe
If the combofix process ends before the end of the scan, the script will also continue before the end of the scan, which may not be desirable.

Also, combofix usually restarts the machine automatically, so I think you should leave the combofix scan for the very end of the script, and don't use the <Reboot> or <Shutdown> commands.
One thing we humans have in common is that we are all different. So, if you think you're weird because you're different from everyone else, then we are all weird.

Fred
Fred
Site Admin
Posts: 2357
Joined: Sat Jul 30, 2011 12:05 pm
Location: Red coast, France
Contact:

Re: Run ComboFix in script?

Post by Fred »

I just noticed they still use the 10 minutes download link. I was hoping they had removed it.

The download url only works for 10 minutes. I guess you'l have to download it manually and put it in a portable media device.
One thing we humans have in common is that we are all different. So, if you think you're weird because you're different from everyone else, then we are all weird.

Fred
Post Reply