172 replies to this topic

[NerdFencer]

This is an automated system rescue tool that I have created to use at work. It is designed to take any computer ranging from heavily infected to just a little crapped up and make it run like new.

Version 2.5

Basic Overview of Features

* Virus/Spyware/Rootkit Scanning
* Temp File Cleanup
* Registry Optimization and scanning
* Fix Windows Services
* Performance Tweaks
* Drive Defrag/Check
* Speed up Acrobat Reader
* Restore or Optimize Services Settings
Note: This is only the Highlights, not the full feature list

The only external files that it includes (in compiled executable) are...

* exclude.lst (a custom exclude list for RegSeeker)
* services.ini (settings for services options)
* startups.zip (settings for start-up removal)
* help.ico
All are included in the download

Update History

Plain Text        expandcollapse  popup

Update v2.5->2.5.1
* Added "Clear Cmd Autoruns" to address a security vulnerability in cmd.exe

Update v2.4->2.5
* Fixed a lot of bugs
* Removed RegSeeker (was causing errors)
* Added a custom winapp2.ini file for extra app support in CCleaner
* Removed multilingual support (at least for now... needed to fix line 66 bug)

Update v2.3->2.4
* Now kills malicious processes every 15 seconds
* Complete overhaul of the "AutoRuns Prune" Feature
* Added more misc fixes to "Fix Explorer"
* Added revert feature for Autoruns Cleaning
* Added Simple User Interface "/simple"

Update: Version 2.2->2.3
* Added multi-lingual support
* Added in-depth logging
* Added revert feature on services
* Large backend update
* Consolidated Features
* Bugfixes

Update: Version 2.1->2.2
* Ton of bugfixes
* Entire new tab of WinFixes
* Drastic updates to fixes resembling features from Dial-a-Fix (added many new specific error fixes)
* Tooltips on all items
* Terms of use on first run

Update: Version 2.0d->2.1
* Major Code Opt
* Added "Disable Extra System Notifications"
* Added "Disable Security Notifications"
* Improved "Optomize Resource Usage"

Update: Version 2.0c->2.0d
* Some Bug-fixes (Thanks GrayFox)
* Minor architecture update

Update: Version 1.9->2.0
* Added "Quick Scan" For RegSeeker
* Fixed MalwareBytes download link 
* Sped up services by switching from net to WMI (no external files required anymore)
* Added entries to Autoruns Pruning
* Some Minor Bugfixes

For full revision history go here
For a binary download go here

Updated 04/27/2010
Note: The latest version of AutoIt is required to compile this script

Comments, Feature Requests?
Previous Downloads: 1945

Attached Files

•  AutoClean v2.5.1 SRC.zip   142.04K   2214 downloads

Edited by NerdFencer, 27 April 2010 - 12:23 PM.

[Avian]

Very nice! Looks like a good tool to keep on my USB drive!

Avian

[dmob]

Very nice. Been doing some of these manually.
This should come in handy

[storme]

GREAT program!
I've been "thinking" about making something like this for ages. While I've been thinking you've been doing :-)!!

I haven't run it yet as I am researching all the "things" you are doing. I never jump where "cleanup" programs are concerned. Just a suggestion... with the various disablings you are doing it may be a good idea to add a comment (URL) so that others may look it up and see why you did what you did and decide if they want to do the same.

EG Why did you disable "DNSCache" service? There must be a good reason for it but I was unable to find it.

One thing that would be good to add is command line switches. Wouldn't be to hard to add to your program.
eg
/RUNALL - Your program starts and just does it's thing (GOOD if you only have limited control of the computer and just want it to FIX IT :-)
You could also add a switch for each program it uses so you could run just one of them.


Avian mentioned installing this on a USB stick. The way I'd use this program would be to download all the "utils" it uses before going out as the computer I'm working on may not have Internet access or access to the utils site maybe blocked by the malware.
What about making a check to see if the file has already been downloaded and if so using it and not deleting it after?

Hope you don't mind the suggestions. Well done!
John Morrison
aka
Storm-E

[NerdFencer]

Thank you all for the feedback.
I am working on the next release (v1.2, which should be up later tonight). I will be sure to include documentation as to precisely what it does.

The DNSCache service needs to be disabled because it slows down internet connectivity significantly when used with a large hosts file. It also serves no critical function in DNS or DHCP, so it can be safely disabled.

Local storage of the program downloads will not be in v1.2, but I will be sure to have it by v1.3
Command Switches will be in v1.2

v1.2 will also include a basic services pruning option. I am currently checking that it wont interfere with systems on a domain.

To make sure it runs correctly on a USB drive, I will also include materials required for it to be used by PortableApps.

More suggestions are always welcome
-Matt

[storme]

[quote name='NerdFencer' date='02 December 2009 - 12:50 AM' timestamp='1259679000' post='749828']
The DNSCache service needs to be disabled because it slows down internet connectivity significantly when used with a large hosts file. It also serves no critical function in DNS or DHCP, so it can be safely disabled.
{/quote]
Interesting thanks.

[quote]
v1.2 will also include a basic services pruning option. I am currently checking that it wont interfere with systems on a domain.
[/quote]
I've noticed that some virus mess up services (ie disable services you need). Maybe you could set them all to the correct state (auto, manual, etc). Don't know if there is a reliable list you could download for this operation. :-(

Command line switches
/REOOOT
/NOREBOOT

OH one other thing. What has this been tested on XP, Vista, Win7, ???
If you've only tested it on one system it would be worth putting a check and warning at the start of the program (eg "Program untested on your Operating system. Use at own risk!"


Looking good
John Morrison
aka
Storm-E

[NerdFencer]

The services state reset is a good idea, ill see about putting it into v1.3

I have tested it on XP Home, XP Pro (OEM and Enterprise), XP MCE, and Vista Home Premium. It breaks on Vista because of a change in its zip support. I will be migrating to full use of 7-zip archival in v1.3, which will add Windows Vista (tested programs individually and they work), and theoretically windows 7 support (not tested, but sub programs say they work).

Edited by NerdFencer, 01 December 2009 - 04:25 PM.

[NerdFencer]

Updated to v1.2

I did the Command Line Params a bit differently than storme suggested...
/runall
/runall-norestart
/runall-silent
/runall-silent-norestart

[storme]

Updated to v1.2

I did the Command Line Params a bit differently than storme suggested...
/runall
/runall-norestart
/runall-silent
/runall-silent-norestart

Not a problem for me. :-)
I'll download and have a bit of a play. The programs you're using are very interesting.

:-)
John Morrison

[storme]

It might be worth looking at "dial-a-fix" it has a lot of things you may like to add. Maybe even include it. Though it hasn't been updated and has a few problems with IE8 it's still a great "fixer".

Make sure you take a look at "The hammer button: "Tools" - opens a secondary dialog with quite a bit more powerful scripts". A couple of eh goodies below.

- Repair Permissions
secedit.exe /analyze /db C:\WINDOWS\sectest.db /cfg C:\WINDOWS\inf\defltwk.inf /log C:\WINDOWS\security\logs\secanalyze.log

secedit.exe /configure /db C:\WINDOWS\sectest.db /cfg C:\WINDOWS\inf\defltwk.inf /log C:\WINDOWS\security\logs\secrepair.log

- Process idle tasks
rundll32.exe advapi32.dll,ProcessIdleTasks

Thought they maybe useful.

John Morrison
aka
Storm-E

[storme]

OK just looking though your CCleaner options you've set. SOME may cause some problems for some people. I've extracted the ones that I think may cause problems below.

IniWrite("CCleaner\ccleaner.ini","Options","(App)Start Menu Shortcuts","True")
IniWrite("CCleaner\ccleaner.ini","Options","(App)Desktop Shortcuts","True")
- What of links to CDs like a lot of KIDs games? NO CD = Invalid = DELETE = sad kid

IniWrite("CCleaner\ccleaner.ini","Options","(App)Window Size/Location Cache","True")
- I can see the reason for this. But if someone has it set up just the way he likes it, this may cause some problems.

What you think?

[NerdFencer]

- Repair Permissions
secedit.exe /analyze /db C:\WINDOWS\sectest.db /cfg C:\WINDOWS\inf\defltwk.inf /log C:\WINDOWS\security\logs\secanalyze.log

secedit.exe /configure /db C:\WINDOWS\sectest.db /cfg C:\WINDOWS\inf\defltwk.inf /log C:\WINDOWS\security\logs\secrepair.log

- Process idle tasks
rundll32.exe advapi32.dll,ProcessIdleTasks

I will be updating to 1.3 shortly, and have already fixed the secedit issue...
secedit only comes with windows XP Pro and later, so I now have it downloading subinacl (a microsoft tool that does basically the same thing)

IniWrite("CCleaner\ccleaner.ini","Options","(App)Start Menu Shortcuts","True")
IniWrite("CCleaner\ccleaner.ini","Options","(App)Desktop Shortcuts","True")
- What of links to CDs like a lot of KIDs games? NO CD = Invalid = DELETE = sad kid

These options delete the ordering cache only. (sets everything to default locations)

IniWrite("CCleaner\ccleaner.ini","Options","(App)Window Size/Location Cache","True")
- I can see the reason for this. But if someone has it set up just the way he likes it, this may cause some problems.

I've been using this option when cleaning up people's computers for a couple years now without complaint. I think its safe. Even so, how hard is it to re-size a window?

I downloaded a copy of Dial-a-Fix
It has some interesting options in it.
I like (and will probably include) the following options based off of their options list...

* Fix Time/Date (Reset Service and set this up to sync time with the NIST server, not windows time)
* Fix Windows Installer
* Fix Windows Update
* Fix SSL/HTTPS/Cryptsvc
* Re-Register System DLLs
* Flush Icons
* Process Idle Tasks
* Repair/Update IE
* Fix Help and Support
* Some Equivalent to WinSockFix
* SFC Scan (Purges then scans)
Thanks for the link

[storme]

I will be updating to 1.3 shortly, and have already fixed the secedit issue...
secedit only comes with windows XP Pro and later, so I now have it downloading subinacl (a microsoft tool that does basically the same thing)

Great!

These options delete the ordering cache only. (sets everything to default locations)

DOH! sorry didn't read that. I was stung by another "cleanup" program and thought it was the same.

I've been using this option when cleaning up people's computers for a couple years now without complaint. I think its safe. Even so, how hard is it to re-size a window?

For some of my customers...Immpossible...
But good point I was just being cautious.

I downloaded a copy of Dial-a-Fix
It has some interesting options in it.
I like (and will probably include) the following options based off of their options list...

* Fix Time/Date (Reset Service and set this up to sync time with the NIST server, not windows time)
* Fix Windows Installer
* Fix Windows Update - Watch for errors and fix if possible
* Fix SSL/HTTPS/Cryptsvc
* Re-Register System DLLs
* Flush Icons
* Process Idle Tasks
* Repair/Update IE
* Fix Help and Support
* Some Equivalent to WinSockFix - Except doesn't need a reboot
* SFC Scan (Purges then scans)
Thanks for the link

Be careful with the sfc.exe /purgecache if you don't have the right CD handy you can't repair files found in the scan. I've hit it a few times where it's asking for a SP3 CD and the system only has a SP1 CD. The system was raised to SP3 by windows updates.
IF you can find a solution to that let me know as it's a major annoyance, I used to use SFC all the time until SP3 started messing up.

Keep up the great work. Once you add the predownloaded programs option this will do most of what I'm now doing by hand...sigh
You may like to add a "/Download-updates" with the preloaded option so the latest versions of the programs can be downloaded each day. I am using Wget to do my downloads as it checks the date of the local file against the server and only downloads newer files and saves on downloads.

e.g

WGET -N <a href='http://www.malwaresupport.com/mbam/program/mbam-setup.exe' class='bbc_url' title='External link' rel='nofollow external'>http://www.malwaresupport.com/mbam/program/mbam-setup.exe</a> -P..\_spyware\malwarebytes

:-)

[NerdFencer]

Easiest way around the CD issue is to make it not use the CD.
http://download.microsoft.com/download/e/e/9/ee9d0116-c9fe-4fc2-b59c-406cbfb6d515/xpsp3_5512.080413-2113_usa_x86fre_spcd.iso
I can just emulate a CD drive and mount that ISO as the disk. It will be slow on the download, but it will work.

[storme]

Easiest way around the CD issue is to make it not use the CD.
http://download.microsoft.com/download/e/e/9/ee9d0116-c9fe-4fc2-b59c-406cbfb6d515/xpsp3_5512.080413-2113_usa_x86fre_spcd.iso
I can just emulate a CD drive and mount that ISO as the disk. It will be slow on the download, but it will work.

Just curious what is the CD? I can see it's SP3 but is it SP3 upgrade CD and will it cover Home and Pro?
Also won't you need to download and install and emulator to do that?

[NerdFencer]

Just curious what is the CD? I can see it's SP3 but is it SP3 upgrade CD and will it cover Home and Pro?
Also won't you need to download and install and emulator to do that?

It is an install disk that covers home and pro.
1 file...
vcdrom.sys

[NerdFencer]

Updated to v1.3

[rogerd2u]

This is a VERY IMPRESSIVE application! WELL DONE!! I look forward to seeing additional features!

This is an automated system rescue tool that I have created to use at work. It is designed to take any computer ranging from heavily infected to just a little crapped up and make it run like new.

Version 1.3

[storme]

Got another tool to add to your "little script"

ERUNT and NTREGOPT
http://www.larshederer.homepage.t-online.de/erunt/
If you are unable to create a restore point OR as well as ERUNT will backup the registry
AND
NTREGOPT is a great Registry defrag or as he puts it "Registry Optimization".

OH and a little nudge how is the "Local file copy" version of your script going. Looks like all that is needed is to modify the "download" function and add a "flag" so the download can be forced to happen.

OK when I wrote that I thought why not do it.

Func DownloadFile($name, $outfile, $url, $silent = False, $useLocal = True, $forceDownload = False)
    If $useLocal And FileExists($outfile) Then
        ;local copy exists
        If Not $forceDownload Then
            Return SetError(0, 0, True)
        EndIf
    EndIf

Hope that helps! I havn't tested it but it's basic script so shouldn't have any problems.

Keep up the great work
John Morrison
aka
Storm-E

[NerdFencer]

Thanks rogerd2u, You may be interested in the new version 1.4 that I just posted

storme
As always, thanks for the suggestions
Looking at the FAQ, neither ERUNT or NTREGOPT are fully Vista and 7 Compatible yet
I will wait for windows Vista and 7 Compatibility before implementing an ERUNT backup

NTREGOPT is one of many tools that do the same very useful things to the registry. PageDefrag defrags the registry as well. This tool may or may not do it better, but I see little point putting it in if while is not Windows Vista and 7 compatible and I already have a tool that does something very similar

On a related note, the new updates in v1.4 make it a good replacement for Dial-A-Fix. I have not implemented some things from the tools menu, but the entire main menu has equivalents in AutoClean that work with windows vista and 7, and in most cases more thorough (thanks to technet). That is an interesting program, thanks again for the link.