Database Search
If you can't find the information using the categories below, post a question over in our WinBatch Tech Support Forum.
TechHome
Samples from Users
 | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
|
- !!DISCLAIMER!!
- Account Name Associated with a Process
- Activating McAfees PGP to Create a Self Decrpyting EXE
- Adding Item to the Tool Menu of IE to Run WB
- Alex Verboons Sample Scripts
- Ansi Character Chart
- API List
- Application Installer
- ARGB Function
- asciichart
- Asynchronously Run a WinBatch Script Against a List of Workstations
- Auto Indent WBT Script
- Auto Install For SpybotSD
- Automate Transactions with MS Money 5
- Automation of Adobe Acrobat Exchange
- Backup Folders With All Permissions
- Boot and Logon Timer
- Build a Bootable Window CD-Rom
- Calculate IP Address Range
- Capturing STDOUT
- CD-ROM Drive Letter Environment Variable Setting Script
- Change Ownership on Files
- Change Screen Resolution
- Check if Adobe Acrobat is Installed
- Check Service UDF
- Check string format
- ChopShop File Splitter (Chop Files into Smaller Chunks)
- ChopShop Heavyweight
- Code - A String Externalizer
- Command Shared Printer Installer
- Console Front End
- Console Output to Screen and File
- Controlling Winamp remotely
- Convert Concatenation from Colon to StrCat using TXL
- Countdown Days
- CPU Time of a Process
- Create a splash screen
- Critical Error Handler
- Cron Scheduler - Winbatch Version
- CSV to HTML Table
- CueCat bar code reading script
- Cute Binary Clock Example
- Day Light SavingsTime Information
- Decompile CHM using 7-Zip
- DesktopHopper
- Determine Current Interactive User From System Account
- Determine Windows Vista and Windows 2008 version
- Directory Display examples
- Download a File Via HTTP Request with a Progress Bar
- Dr Watson Parser
- Drawing Pictures using the GDI Dll_1
- Drawing Pictures using the GDI Dll_2
- DynamicDesk Provides Multiple Desktops
- EarthView - Rendered View of the Earth from Space
- eBay Pager
- Eject CDROM Tray
- Email Error Snapshot
- Error Handler For Entire Script
- Event Reminder Script
- Exit and Remove Current Scripts Folder
- Extender to change IP Address
- Fancy Scrolling in Box Functions
- Fast Sort for Itemlist and Files
- Flashing Window Title Example
- Fytek - PDF Converter
- GDI Image Encoding
- GDI Image Resize
- Generic Install Routine
- Generic Printer Configuration
- Get Original Windows CD Key
- Get Selected IE7 Tab Title
- Get Status Bar of Internet Explorer
- Get User and Memory Info
- Getting the Environment Path
- Global Variable Storage - a trick with Pointers
- Gnuplot and Winbatch
- googletrans
- Growl Notify UDF
- High-Resolution Elapsed Timer
- How to Open those Special Win95 folders
- How to win at Stones Cheat Sheet
- HTML Editor
- HTTP Download with progress bar using dynamic dialog
- Image Sizer
- Ini File Editor
- Intercepting WinPopUp - Mailslot Tricks
- Ip Device List
- IsMenuChecked and IsMnuEnabled
- Job Manager Example
- List Administrative Shares Freespace in HTML
- List Installed Applications
- List Outlook Personal Folders PST Files
- Locate Taskbar UDF
- LogParser
- Look up official Mailing address at USPS website
- Lunch Restaurant Chooser
- Mail Current Mailbox Size
- Make Ascii Chart
- Make Change to NT Server While Screensaver Runs
- Make PopUp Menus from Systray Icons
- Make Popup Menus
- McAfee 4.0.2 Update
- MD5 - MD4 Checksum Using the Crypto Api
- MegaPop UDF
- MessageBox UDF
- Messenger Type Client
- Microsoft Agent Example
- Modem Scan - Get Descriptor
- Network Statistics - Bytes Received Sent
- Office 97 Installation Sample Code
- Outlook Exchange Mail Profile Maker
- Outlook Settings
- Parse Variable Commandline Parameters
- Pc Inventory Update
- PC Inventory
- PcAnywhere Host Configs
- Pi.wbt
- Profile an Application
- Progress Bar in Dialog
- Query Event Log Based on Todays Date
- Rasmon
- Read Local LAN News of the Day
- Read Text File With Status Bar
- Remove Comments from code
- Remove Leading Zeros
- Remove XP Windows Messenger
- Rename a Computer using NETDOM
- Replace an In Use File on Restart
- Rolling Logfile UDF
- Run as an SMTP Server
- Script Code Indentation Fixer
- Script Expire Routine
- Script Viewer
- Scrolling BoxText
- Scrolling Log Window
- Service Manager
- Set Timezone Code
- SHFileDelete
- SHFileOperations
- Simple Little Lottery Program
- Simple MSI Install
- Simple Script to Find My IP Address
- Simple Shell UDFs
- SMS Short Messaging with GSM Modems
- SMS-like Software Distribution in the Background
- Snapshot Server
- SOAP and WinBatch
- Software Metering Example
- SoundEx
- SourceK0d3R
- Split Up Large Text File
- Spyware Startup Removal
- String Externalizer Script
- Switchboard WinBatch
- Syncing Multiple Winbatch Scripts
- SystemInfo Plus Office Version
- Text to PDF UDF
- TrapKeys alternative to WaitforKey
- Two dimensional Array Conversion UDFs
- UDF Get Hwnd
- UrlClip
- Use Private Netscape Bookmark and Cookies during Session
- UT2004 Cache Convertor
- Utility to Start Several Apps in Different Modes
- Variable Dump
- VBScript JScript in WinBatch
- VisualBoxEditor to Visually Design WB Boxes
- Watch (Monitor) a Directory
- Watch for Files and Do Something
- wbconvert2pdfcreator
- WB_RAD Rapid Application Development Interface
- WIA Image Properties
- WILL Lookup Utility
- WinBatch Script to Uninstall Lotus Sametime
- Windows 2000 System State Backup
- WORM_SDBOT Removal Tool
- Wrap Text in Code
- Write Text on a Bitmap
- Write Text to the Screen
- Zen-Works sample
- ZLIB Compression UDFs
Can't find the information you are looking for here? Then leave a message over on our WinBatch Tech Support Forum.
WORM_SDBOT Removal Tool
Note: user sample code
Another day, another worm. No real protection against this one if a user downloads it and runs it... To spread, it simply uses an internal database of usernames / passwords to try and compromise local accounts on other systems and install itself. Symantec Antivirus defs (10/12) found this on some machines but wouldn't clean it (tried to delete it without killing the process...FAILED)... on a couple other machines, it didn't even see it... even with like 4 instances of the bug loaded into memory....
Anyway, here's a cleaning tool. Not the most perfect code, but kills the thing quick like... oh... if you do get this, make sure local accounts have strong passwords after cleaning or you might just get re-infected.
CLEANSDBOT.WBT
;---------------------------------------------------------------------------------------------------
; WORM_SDBOT.XS Removal Tool
; -= KK (Crypt) 2004 =-
; Reference: http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?Vname=WORM_SDBOT.XS
;
; Note: Different AV vendors call it by different names and may detect it as another variant...
; Symantec Antivirus did detect this on some machine with current defs but was failing to remove it.
;---------------------------------------------------------------------------------------------------
;Addextender("wproc34i.dll")
;Addextender("wwpst34i.dll") ; Postie for Email routine...can be commented out if you don't want the email
addextender("WWPST44I.DLL")
addextender("WWPRC44I.DLL")
Windir=Environment("Windir")
:Top
ProcessList=tListProc()
Exists=StrIndexWild(ProcessList,"integator.exe",1)
If Exists !=0 Then IntControl (56,"integator.exe", 1, "", 0)
If Exists !=0 Then Goto Top
If FileExist("%WinDir%\integator.exe") Then FileDelete("%WinDir%\integator.exe")
If FileExist("%WinDir%\System32\integator.exe") Then FileDelete("%WinDir%\system32\integator.exe")
If RegExistValue(@REGMachine,"SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices[Windows Fix]") !=0
RegDelValue(@REGMachine,"SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices[Windows Fix]")
EndIf
If RegExistValue(@REGCurrent,"SOFTWARE\Microsoft\Windows\CurrentVersion\Run[Windows Fix]") !=0
RegDelValue(@REGCurrent,"SOFTWARE\Microsoft\Windows\CurrentVersion\Run[Windows Fix]")
EndIf
If RegExistValue(@REGMachine,"SOFTWARE\Microsoft\Windows\CurrentVersion\Run[Windows Fix]") !=0
RegDelValue(@REGMachine,"SOFTWARE\Microsoft\Windows\CurrentVersion\Run[Windows Fix]")
;Email routine can be commented out if you don't want it..
MachineName=Environment("ComputerName")
UserName=Environment("Username")
SendTo = "somerecipient@your.domain.com"
Host="mailhost"
From = "FromAddress@your.domain.com"
UserId=""
Password=""
Port="25"
CCList=""
BCCList=""
Subject=StrCat("-= Virus Found on ", MachineName, " (user=",Username,") =-")
Msg="Was found infected with SDBOT"
Attachments=''
Flags=""
kInit(Host,From,UserId,Password,Port)
kDest(SendTo,CCList,BCCList)
kSendText(Subject,Msg,Attachments,Flags)
EndIF
Article ID: W16709
File Created: 2013:04:01:09:21:08
Last Updated: 2013:04:01:09:21:08