Jump to content
Sign in to follow this  
utaeladil

Need help making a script to check strings in a REGISTRY key and execute commands if matches are found

Recommended Posts

utaeladil

I am trying to help develop some kind of script to fight spyware for my company's tech support area. We are seeing a variant that creates a key in the registry that renders CMD.exe and REGEDIT.exe useless until it is removed.

I am fairly new to AutoIT and have only had limited experience with the REGREAD and REGWRITE commands...

Can someone give me an example of what I would need to do the following:

Look at a specific KEY and evaluate all STRINGS within it. If a certain value is found (it is either "\..\filename.ext" or "\\..\\filename.ext") and if the value is there, run a few commands. One command will probably be to re-write that key (or delete it) and the other commands will be performed on the filename.ext, like deleting the file for example.

The FILENAME.EXT part of this variant appears to change every time, but we can find it by the "\\..\\" before the filename, so something that could account for changing filenames would be great.

I am not really sure where to start on the registry portion to look for a string value inside of a key, but once it is found, as long as its clear in the script where the commands are being run on them once they are located, I should be able to work with in getting all programs to run on them that we need.

If the script could capture the matching registry string as a script variable, and possibly the FILENAME.EXT portion of that string as a seperate script variable, I could probably figure out how to manipulate it further from there.

Any help is greatly appreciated. Thanks in advance!

Edited by utaeladil

Share this post


Link to post
Share on other sites
PsaltyDS

I am trying to help develop some kind of script to fight spyware for my company's tech support area. We are seeing a variant that creates a key in the registry that renders CMD.exe and REGEDIT.exe useless until it is removed.

I am fairly new to AutoIT and have only had limited experience with the REGREAD and REGWRITE commands...

Can someone give me an example of what I would need to do the following:

Look at a specific KEY and evaluate all STRINGS within it. If a certain value is found (it is either "\..\filename.ext" or "\\..\\filename.ext") and if the value is there, run a few commands. One command will probably be to re-write that key (or delete it) and the other commands will be performed on the filename.ext, like deleting the file for example.

The FILENAME.EXT part of this variant appears to change every time, but we can find it by the "\\..\\" before the filename, so something that could account for changing filenames would be great.

I am not really sure where to start on the registry portion to look for a string value inside of a key, but once it is found, as long as its clear in the script where the commands are being run on them once they are located, I should be able to work with in getting all programs to run on them that we need.

If the script could capture the matching registry string as a script variable, and possibly the FILENAME.EXT portion of that string as a seperate script variable, I could probably figure out how to manipulate it further from there.

Any help is greatly appreciated. Thanks in advance!

Check the Reg* functions in the file. Like RegEnum(), RegRead(), etc.

For a recursive registry search, this is an oldie but a goodie: _RegSearch()

:D


Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.