Iznogoud Posted August 9, 2007 Share Posted August 9, 2007 I need to delete some files before windows get started. So this must be something like Delete file on reboot option.I found a topic of Larry wich suggested using a DLLcall, but somehow i do not get it to work.Topic:http://www.autoitscript.com/forum/index.ph...p;hl=MoveFileExExample code wich i used:DLLCall("kernel32.dll","int","MoveFileEx","str","C:\Windows\System32\Winlogon2.exe","ptr",0,"int",5)Reason:Stupid spyware/virus infections keep corrupting the Winlogon.exe and i am fixing this with a live cd but i have read it could be done by AutoIT or at least with the DLLcall of MoveFileEx.This would save me allot of time.I am doing something wrong but what? Link to comment Share on other sites More sharing options...
DW1 Posted August 9, 2007 Share Posted August 9, 2007 Don't the keys in RunServices run before the user logs in? I think Services run as 'SYSTEM' before the user is logged in.... Does this still apply to XP??? Can somebody verify this for me? AutoIt3 Online Help Link to comment Share on other sites More sharing options...
weaponx Posted August 9, 2007 Share Posted August 9, 2007 Use Unlocker http://ccollomb.free.fr/unlocker/or get it from Majorgeeks http://www.majorgeeks.com/Unlocker_d4660.html Link to comment Share on other sites More sharing options...
Iznogoud Posted August 9, 2007 Author Share Posted August 9, 2007 Use Unlocker http://ccollomb.free.fr/unlocker/or get it from Majorgeeks http://www.majorgeeks.com/Unlocker_d4660.htmlI do not want to use an application if its possible to use a DLL call.A command trough the command line for an example is way easier than using "WinWaitActive" for using with a 2nd application. Link to comment Share on other sites More sharing options...
Iznogoud Posted August 9, 2007 Author Share Posted August 9, 2007 (edited) I have found another good link to mention.http://www.diamondcs.com.au/freeutilities/dellater.phpThis is an application does the same but after deletion it gives an Succes pop up. I read an a forum that a user has deleted the Succes error and re-compiled it. This was possible because the application is open source.The only problem is the file is a .ASM file. Wich i do not no how to re-compile it. So maybe someone could help me with this if the DLL call in AutoIT is to difficult.Code of the .ASM fileexpandcollapse popup;################################# ;# DelLater v1.0 # ;# For Win 95/98/ME/2K/XP/2003 # ;# Copyright (C) 2003, DiamondCS # ;# http://www.diamondcs.com.au # ;# Donated to the public domain. # ;################################# ; ; DESCRIPTION: ; DelLater allows you to mark files to be deleted the ; next time Windows starts. This is useful for times ; when a file can't be deleted because it's in use, ; and this is the method used by anti-virus scanners ; when they're unable to delete files for that reason. ; ; All efforts were made to ensure that DelLater adheres ; to the guidelines outlined in the MoveFileEx documents ; (Platform SDK - Microsoft Developer Network), including ; using two seperate methods as required (one for ; 95/98/ME, the other for NT/2K/XP/2003). ; http://msdn.microsoft.com/library/default.asp?url=/library/en-us/fileio/base/movefileex.asp .386 .model flat, stdcall option casemap:none include \masm32\include\windows.inc include \masm32\include\kernel32.inc includelib \masm32\lib\kernel32.lib include \masm32\include\user32.inc includelib \masm32\lib\user32.lib .data sTitle db 'DelLater',0 sError db 'Unable to mark this file for deletion',0 sMoved db 'File marked for deletion after reboot',0 sExist db 'File not found',0 sText db 'Usage: dellater.exe <filename>',0 sWininit db '\wininit.ini',0 sGroup db 'rename',0 sNull db 'NUL',0 sWindir db 270 dup(0) wfd WIN32_FIND_DATA <?> osvi OSVERSIONINFO <> .code _entrypoint: call GetCommandLineA ;## Process the cmdline cmp byte ptr [eax], 22h je paramNext2 paramNext1: inc eax cmp byte ptr [eax], 20h je paramLast cmp byte ptr [eax], 0 je NoParams jmp paramNext1 paramNext2: inc eax cmp byte ptr [eax], 22h je EndParams jmp paramNext2 EndParams: inc eax paramLast: cmp byte ptr [eax], 0 je NoParams inc eax cmp byte ptr [eax], 0 je NoParams ;## Parameters found, check if file exists push eax;preserve eax push offset wfd push eax call FindFirstFile cmp eax, INVALID_HANDLE_VALUE jne MarkFile pop eax push 10h push offset sExist push eax push 0h call MessageBoxA jmp CodeEnd MarkFile: ;## Check OS version mov osvi.dwOSVersionInfoSize, 148 push offset osvi call GetVersionEx cmp dword ptr [osvi.dwPlatformId], VER_PLATFORM_WIN32_NT je WinNT cmp dword ptr [osvi.dwMajorVersion], 4 jne WinNT Win9x: ;## Win95/98/ME method push 270 push offset sWindir call GetWindowsDirectory push offset sWininit push offset sWindir call lstrcat pop eax push eax push 260 push eax push eax call GetShortPathName pop eax push eax push offset sWindir push eax push offset sNull push offset sGroup call WritePrivateProfileString cmp eax, 0 je Failed jmp Success ;## WinNT/2K/XP/2003 method WinNT: pop eax push eax;preserve eax push MOVEFILE_DELAY_UNTIL_REBOOT push NULL push eax;Filename call MoveFileEx cmp eax, 0 je Failed Success: pop eax push 40h push offset sMoved push eax push 0h call MessageBoxA jmp CodeEnd Failed: pop eax push 10h push offset sError push eax push 0h call MessageBoxA jmp CodeEnd ;## No parameters specified, display usage info NoParams: push 40h push offset sTitle push offset sText push 0h call MessageBoxA CodeEnd: invoke ExitProcess, 0 end _entrypoint ;## Program end.Offcourse i hope it is possible with the DLL call in AutoIT. So if someone has the time and the effort to help me, please... Edited August 9, 2007 by Iznogoud Link to comment Share on other sites More sharing options...
DW1 Posted August 9, 2007 Share Posted August 9, 2007 ASM anybody? AutoIt3 Online Help Link to comment Share on other sites More sharing options...
Iznogoud Posted August 10, 2007 Author Share Posted August 10, 2007 ASM anybody?As far as i have read, you can compile ASM files in Visual Basic and such more applications.But i stick with my first case, the DLL call of Harry is possible because he would not post it if it was not working correctly.A few examples would clear things up. Link to comment Share on other sites More sharing options...
Basicz Posted May 21, 2008 Share Posted May 21, 2008 It's very interesting if Autoit can remove files on reboot ... Has someone an idea about this ?? [right]Sorry for my poor english(dictionary beside)[/right][center]Search before ask will helping the community of AutoIt.[/center][center]...seeking in the search forum and help-file's, with all the most answer's that i need. Hope for you too.[/center] Link to comment Share on other sites More sharing options...
ArifDigitalLab Posted May 21, 2008 Share Posted May 21, 2008 Ya it will be fine if we can delete files on startup before starting any other program. does anybody knows how to delete files at startup ? Link to comment Share on other sites More sharing options...
Basicz Posted May 21, 2008 Share Posted May 21, 2008 And it will resolve our problem too... then i can write the virus remover continually ^^ [right]Sorry for my poor english(dictionary beside)[/right][center]Search before ask will helping the community of AutoIt.[/center][center]...seeking in the search forum and help-file's, with all the most answer's that i need. Hope for you too.[/center] Link to comment Share on other sites More sharing options...
BrettF Posted May 21, 2008 Share Posted May 21, 2008 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce Vist my blog!UDFs: Opens The Default Mail Client | _LoginBox | Convert Reg to AU3 | BASS.au3 (BASS.dll) (Includes various BASS Libraries) | MultiLang.au3 (Multi-Language GUIs!)Example Scripts: Computer Info Telnet Server | "Secure" HTTP Server (Based on Manadar's Server)Software: AAMP- Advanced AutoIt Media Player | WorldCam | AYTU - Youtube Uploader Tutorials: Learning to Script with AutoIt V3Projects (Hardware + AutoIt): ArduinoUseful Links: AutoIt 1-2-3 | The AutoIt Downloads Section: | SciTE4AutoIt3 Full Version! Link to comment Share on other sites More sharing options...
Basicz Posted May 21, 2008 Share Posted May 21, 2008 (edited) Wow Mr.Bert will come to survive us (Joke^^)... Thank's for helping Bert Yub(I didn't know about this word but it call like some um or yes ..i like it ^^) these are Registry keys that the most virus start to run... (or HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run) but in my case it's work in another way. And i being to study the virus... again But i'm testing the virus on my notebook and it is inoperative ....waiting for repair after then i can analyze it later... but is there only this way with Registry Keys to resolve this problem ?? Edited May 21, 2008 by Basicz [right]Sorry for my poor english(dictionary beside)[/right][center]Search before ask will helping the community of AutoIt.[/center][center]...seeking in the search forum and help-file's, with all the most answer's that i need. Hope for you too.[/center] Link to comment Share on other sites More sharing options...
James Posted May 21, 2008 Share Posted May 21, 2008 Well you would have to have the program run on startup, then detect when Windows is rebooting then delete files Blog - Seriously epic web hosting - Twitter - GitHub - Cachet HQ Link to comment Share on other sites More sharing options...
Basicz Posted May 21, 2008 Share Posted May 21, 2008 Well you would have to have the program run on startup, then detect when Windows is rebooting then delete files Sorry but can you explain it a little more about your solution ^^ [right]Sorry for my poor english(dictionary beside)[/right][center]Search before ask will helping the community of AutoIt.[/center][center]...seeking in the search forum and help-file's, with all the most answer's that i need. Hope for you too.[/center] Link to comment Share on other sites More sharing options...
Basicz Posted May 23, 2008 Share Posted May 23, 2008 @JamesBrooks uhm... did you mean that i create a remove program and set it startup.. and when windows boots then remove the virus... did i understand it correct??? [right]Sorry for my poor english(dictionary beside)[/right][center]Search before ask will helping the community of AutoIt.[/center][center]...seeking in the search forum and help-file's, with all the most answer's that i need. Hope for you too.[/center] Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now