Malwarebytes

fields2grand · September 29, 2011

Hello Folks!

Just came across this site after deciding to automate a Malwarebytes install. Like so many others before me I think i've racked my brain to the point where I can't get it so here I am.

The script works great all but for one step. After the program updates, a dialog box pops up and says that the database was successfully updated. I tried Winwaitactive then enter to try to get it to get out of that prompt and continue with my quickscan but it just won't go. I'm posting the code below. I've been editing between lines 8 and 9, the last two commands. Please help!!!

$ver=FileGetVersion("C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe")

If $ver<"1.46.0.0" Then ;Check if installed. If not, do so.

InetGet("http://www.malwarebytes.org/mbam/program/mbam-setup.exe", "c:\mb.exe", 0)

RunWait("c:\mb.exe /SILENT")

FileDelete ("c:\mb.exe")

EndIf

;Installed. Update then scan.

RunWait("C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe /updateshowdialog")

RunWait("C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe /quickscanterminate")

I think I'm running into troubles because there's two boxes open with Malwarebytes in the title, the update window and the dialog box saying it was successful. Thanks everyone!!!

mbam2.au3

Spiff59 · September 29, 2011

All the command line parameters have changed in a recent release.

Look them up in the mbam help file.

I think you want "/update -silent" rather than " /updateshowdialog".

Edit: Your first post! Ahem...

Welcome to the forum :graduated:

Your scan parms are probably going to be "/scan -quick -terminate"

Edited September 29, 2011 by Spiff59

fields2grand · September 29, 2011

After doing some digging it appears that the free version doesn't support the -silent switch. So I'm still getting stuck. The database updates successfully and then the box pops up "database successfully updated" I tried to enter a sleep command for 60 sec then an ENTER command but no go. I don't think I'm cut out for this stuff. Looks like fun stuff. Could be very useful if I knew what I was doing lol!!!

Chimaera · September 29, 2011

free does support it as i use it that way

/sp- /silent /norestart

thats the switches i use at work to install free version, last i checked unless ive missed a change

EDIT sorry my bad didnt read all the post properly

These are the params as far as im aware

mbam.exe /parameter
(where parameter is one of the following)
/debug: allows you to collect information to send as a bug report.
/developer: this command line parameter is explained in the false positives section.
/minimized: allows you to start the program minimized.
/quickscan: allows you to run a quick scan.
/quickscanterminate: allows you to run a quick scan. Program terminates if no items found.
/fullscan: allows you to run a full scan.
/fullscanterminate: allows you to run a full scan. Program terminates if no items found.
/runupdate: allows you to update the program without displaying result dialogs.
/register: allows you to register the program without displaying main dialog.
/fullauto: allows you to run a full scan silently.
Example: mbam.exe /register 12345 AAAA-BBBB-CCCC-DDDD
/updateshowdialog: allows you to update the program displaying all dialogs.
/schedule : allows you to schedule an update and scan for a specific hour. Scan will happen 5 minutes after update.
Example: mbam.exe /schedule 0 (will schedule for 12:00 AM local time)
Example: mbam.exe /schedule 5 (will schedule for 5:00 AM local time)
Example: mbam.exe /schedule 23 (will schedule for 11:00 PM local time)
/updateshowdialog: allows you to update the program displaying all dialogs.
Example: mbam.exe /quickscan

Edited September 29, 2011 by Chimaera

tporter · October 2, 2011

Not that I want to keep you from doing something cool with AutoIt, but have you seen NiNite.com? You'll find that Malwarebytes is one of the options. It is an awesome utility, we use the paid version all day long at my company, saves us hours of labor each week! The free version is just as good though, so long as you have a net-connection on the target computer.

It won't configure it for you however, so you may still want to use AutoIt for that.

Edited October 2, 2011 by tporter

fields2grand · October 4, 2011

I'd like to get real specific here. My script has not changed from the first post. I am unable to run the switch /runupdate without getting a registration error so I'm stuck with my 8th line with the switch as /updateshowdialog. I need put something between Line 8 and 9 that will hit ok for me but it's not working for me. So when line 8 kicks in, it updates the defs with a green status bar. This window stays open and another box comes up that says update complete. Between line 8 and 9 i have entered a sleep command for 120 seconds and then sent an enter command. It does nothing. If I manually hit enter, the update boxes go away and continues onto line 9 that starts a quick scan. The script does everything I want it to do except hitting OK at the update successful box and continuing with the script. I appreciate you taking the time to read this.

Chimaera · October 4, 2011

This works for me

$mbam_source = "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"
RunWait($mbam_source & " /updateshowdialog")

You still have to Ok the udated from version screen though

RunWait("C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe /updateshowdialog")

That works as well

Are you sure you dont have an x64 system somewhere like mine, i cant test without the x86 bit as i dont have 32 bit

Edited October 4, 2011 by Chimaera

Spiff59 · October 4, 2011

They've apparently left backward compatibility in place for the old command-line options for the time being. But unless you want a suprise someday soon and find your script broken, I'd suggest using the current parameters, the ones in the help file, the ones I mentioned in post #2 of this thread.

Ok, so they restrict all the nifty subparameters to only registrered users... " -silent" is unavailable" to you unless you shell out the bucks. So, try something like this (I've stuck in 3 different ways to do it, there are likely more):

$name = "Malwarebytes' Anti-Malware"
ShellExecute(@ProgramFilesDir & "\" & $name & "\mbam.exe", "/update")
WinWaitActive($name)
; kill the thing
Send("{Enter}") ; option 1
; or
ControlSend($name, "", "Button1", "{Enter}") ;option 2
; or
WinClose($name) ; option 3

edit: typo (PS - I'd probably go with option #2)

Edited October 4, 2011 by Spiff59

storme · October 5, 2011

I've been doing something and have problems elsewhere but here is the solution I designed.

Func Update()
; Return values .: Success - returns True
;                 Failure - False
;                 |@Error  - 1 = Malwarebytes running and can't be closed
;                 |@Error  - 2 = unable to run Malwarebytes (may not be installed)
;Stop Malewarebytes if it is already running
If ProcessExists("mbam.exe") Then
  ProcessClose("mbam.exe")
  ProcessWaitClose("mbam.exe", 5)
  If @error Then
   ; Can't close process
   Return SetError(1, 0, False)
  EndIf
EndIf
; Run update
setStatus("Update definitions")
Local $pid = Run(GetInstalledPath() & "mbam.exe /update", GetInstalledPath())
If @error Then
  Return SetError(2, 0, False)
EndIf
Opt("WinTitleMatchMode", 4)
While ProcessExists($pid)
  If WinExists("Malwarebytes' Anti-Malware", "The database was successfully ") Then
   ControlClick("Malwarebytes' Anti-Malware", "The database was successfully ", "Button1")
   ExitLoop
  ElseIf WinExists("Malwarebytes' Anti-Malware", "You have the latest database v") Then
   ControlClick("Malwarebytes' Anti-Malware", "You have the latest database v", "Button1")
   ExitLoop
  EndIf
  Sleep(50)
WEnd
Return True
EndFunc   ;==>Update

You'll also need this function

Func GetInstalledPath()
; @error = 1 - Not installed
;Get Installed path
Static $sInstalledPath = ""
If $sInstalledPath = "" Then
  $sInstalledPath = RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1", "InstallLocation")
  If @error Then
   $sInstalledPath = ""
   Return SetError(1, 0, "")
  EndIf
EndIf
Return $sInstalledPath
EndFunc   ;==>GetInstalledPath

That should solve your problem.

Good Luck!

John Morrison

aka

Storm-E

shivers222 · November 11, 2011

I think the point that everyone is missing is that he can't automate pushing the "Ok" button after MalwareBytes updates. I'm having the same issue. Whenever the MalwareBytes window is active, all of the AutoIt keyboard and mouse commands stop working, so it becomes impossible to interact with the window. The whole point to automating a MWB scan is to not have to push any buttons after starting the script, so having to click "Ok" defeats the purpose. I don't know why MWB is being weird like this but it seems to be an compatibility issue between MWB and AutoIt.

rcmaehl · November 11, 2011

I think the point that everyone is missing is that he can't automate pushing the "Ok" button after MalwareBytes updates. I'm having the same issue. Whenever the MalwareBytes window is active, all of the AutoIt keyboard and mouse commands stop working, so it becomes impossible to interact with the window. The whole point to automating a MWB scan is to not have to push any buttons after starting the script, so having to click "Ok" defeats the purpose. I don't know why MWB is being weird like this but it seems to be an compatibility issue between MWB and AutoIt.

It's probably some protection MalwareBytes uses to prevent malicious automation of it or something.

storme · November 12, 2011

I think the point that everyone is missing is that he can't automate pushing the "Ok" button after MalwareBytes updates. I'm having the same issue. Whenever the MalwareBytes window is active, all of the AutoIt keyboard and mouse commands stop working, so it becomes impossible to interact with the window. The whole point to automating a MWB scan is to not have to push any buttons after starting the script, so having to click "Ok" defeats the purpose. I don't know why MWB is being weird like this but it seems to be an compatibility issue between MWB and AutoIt.

2 Questions

1. Do you have the paid version of MB?

2. Did you try my code?

The reason I ask is..... it works perfectly on my computer with the unpaid version.

Yes... It does press buttons and lots more.

John Morrison

Chimaera · November 12, 2011

I had another little revisit to this and went back and rechecked some bits

this is weird

RunWait("C:Program Files (x86)Malwarebytes' Anti-Malwarembam.exe /runupdate") ;<<< gives me the Mbam $Error windows which was mentioned by OP

RunWait("C:Program Files (x86)Malwarebytes' Anti-Malwarembam.exe /updateshowdialog"); <<< only gives the dialogs and an OK button to press

RunWait("C:Program Files (x86)Malwarebytes' Anti-Malwarembam.exe /update") ;<<< works fine with just an OK button to press

/update isnt actually part of the switches ??? so bit weird

storme · November 12, 2011

I had another little revisit to this and went back and rechecked some bits

this is weird

RunWait("C:Program Files (x86)Malwarebytes' Anti-Malwarembam.exe /runupdate") ;<<< gives me the Mbam $Error windows which was mentioned by OP

RunWait("C:Program Files (x86)Malwarebytes' Anti-Malwarembam.exe /updateshowdialog"); <<< only gives the dialogs and an OK button to press

RunWait("C:Program Files (x86)Malwarebytes' Anti-Malwarembam.exe /update") ;<<< works fine with just an OK button to press

/update isnt actually part of the switches ??? so bit weird

Check the HELP on the About tab.

The Help file only mentions the "/update". I did find a mention of "/runupdate" in the MB forum but they siad it was outdated.

John Morrison

Spiff59 · November 13, 2011

Ahem.

One does not have to go farther than this very thread to find repeated mention of MB changing their command-line parameters With the reminders from storme and I, maybe the word will get out... or not.

Edited November 13, 2011 by Spiff59

hackersarchangel · January 11, 2012

@John

I just copied your script verbatim, it does not press the ok button for me, it highlights it, makes it the active button, but does not press it.

Tried a couple of variations (CLASS:Button, ID:2), Send("[ENTER]"), etc and no dice, however I can certainly press Enter and it goes away.

Not sure why this is such a bother, the AutoIt Window program gives me the same ID's and information everytime I run it.

Edit: And yes, I am running the unpaid version, fresh install of the program. The version I'm using is 1.6 if that helps, got to thinking that maybe they did something between versions?

Added the Opt("TrayIconDebug", 1) line and it's stopping where it's looking for the window. It's not able to grab the window properly, thus unable to click it. However the AutoIt Window Info tool is able to detect the handle of the window, give me information about the button, it's class, etc. Something is interfering with AutoIt's ability to see the window. Probably being done on purpose by Malwarebytes.

Edit 2: I feel dumb. There was a change in the name. They took away the apostrophe after Malwarebytes.

Edited January 11, 2012 by hackersarchangel

lgvlgv · January 11, 2012

look at how this guy did it, he have malware and other antivirus stuff installerd running and uninstaling silent for u.

Malwarebytes

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Recently Browsing 0 members