Sign in to follow this  
Followers 0
RogerRabbitsClone

autorun.inf not running compiled script

Started by RogerRabbitsClone,

4 posts in this topic

#1 ·  Posted

so i wrote a script to install malewarebytes and run the definitions update. 

#cs ----------------------------------------------------------------------------

for this to work, you must rename the malewarebytes installer "dun dun dun.exe" 
and put it in the same folder as this script or the compiled script

#ce ----------------------------------------------------------------------------

run ("dun dun dun.exe")
WinWaitActive ("[CLASS:TSelectLanguageForm]")
send ("{enter}")
WinWaitActive ("[CLASS:TWizardForm]", "Welcome to the Malwarebytes' Anti-Malware Setup Wizard")
send ("!N")
WinWaitActive ("[CLASS:TWizardForm]", "License Agreement")
send ("!A")
send ("!N")
WinWaitActive ("[CLASS:TWizardForm]", "Information")
send ("!N")
WinWaitActive ("[CLASS:TWizardForm]", "Select Destination Location")
send ("!N")
WinWaitActive ("[CLASS:TWizardForm]", "Select Start Menu Folder")
send ("!N")
WinWaitActive ("[CLASS:TWizardForm]", "Select Additional Tasks")
send ("!D")
send ("!N")
WinWaitActive ("[CLASS:TWizardForm]", "Ready to Install")
send ("!I")
WinWaitActive ("[CLASS:TWizardForm]", "Completing the Malwarebytes' Anti-Malware Setup Wizard")
send ("!F")

i found that if i put this on a flash drive i can beat the "anti-virus 2009-2010" virus into submission enough i can do a system restore. (it usually doesnt let you run antivirus and it actually takes over AVG and mcafee)

i dont know if theres a new strain or what, but i cant run this on an infected computer im working on. autoplay pops up but i cant actually access the flash drive.

so here was my plan, write an autorun.inf to run the compiled script. 

[autorun]
icon = krusty.ico
shellexecute = auto mbam.exe
open = auto mbam.exe
run = auto mbam.exe

well, the autorun.inf doesnt run the program. not on this computer, or any other. ive checked the settings on the computers, but they have autorun/autoplay enabled.

does autoit inherently block the use of an autorun.inf once its compiled?

<--a good way to start you day

Share this post

Link to post
Share on other sites



#2 ·  Posted

No. AutoIt does no such thing.

Share this post

Link to post
Share on other sites

#3 ·  Posted

so then in theory, this autorun should open this compiled script?

<--a good way to start you day

Share this post

Link to post
Share on other sites

#4 ·  Posted (edited)

Supposed to be, not unless your infection has something it can do about it.

For disabling some viruses, I just resort to using ProcessExplorer and Autoruns, then using some stand alone scanners to hopefully clean the system. ClamWin does a good job unloading infected programs from memory, so you can try using its memory scan to kill it before you start cleaning the system.

EDIT: Note that it only works well when your critical Windows programs are not infected at all. If they are, ClamWin will unload them too, making you stuck with a blank screen.

Edited by omikron48

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing AutoIt General Help and Support