Use MRT to Disinfect and report on all your Computers

I rolled my own version of the script here,http://support.microsoft.com/?kbid=891716#4, for my own purposes and thought I'd share:


@echo off
:: RUN Malicious Software Removal Tool remotely -bob
::NOTE you need qgrep, obtain from "Windows Resource Kits"
:: Also psexec from Sysinternals from microsoft
:: You may need to restart a machine if MRT reports you need to restart
:: and if thats the case cmd with sysinternals psshutdown \\host /r
Echo GET'EM...

:: Download latest MRT from Microsoft
:: http://www.microsoft.com/security/malwareremove/default.mspx
SET MRTAPP=\\LocalHost\C$\MRT\windows-kb890830-v2.9.exe
SET COPYLOG=\\LocalHost\C$\MRT\Logs
SET PSEXEC=C:\SysinternalsSuite\psexec.exe


call:RUNONHOST YourComputerName
call:RUNONHOST AnotherComutername



GOTO :EOF

:RUNONHOST
SET HOST=%1
SET DESTLOG=%COPYLOG%\%1.log
SET FOUNDLOG=%COPYLOG%\%1_FOUND.log
SET HOSTLOG=\\%HOST%\C$\debug\mrt.log

::Clear any log
del /Q \\%HOST%\c$\windows\debug\mrt.log

:: Run it
%PSEXEC% -c \\%HOST% "%MRTAPP%" arguments /q

::grab the log
xcopy /Y /I \\%HOST%\c$\windows\debug\mrt.log %DESTLOG%

::convert from UNICODE to ANSI
type %DESTLOG% > %DESTLOG%.txt

qgrep -z "Found" %DESTLOG%.txt > %FOUNDLOG%
qgrep -z "restarted" %DESTLOG%.txt >> %FOUNDLOG%
del /Q %DESTLOG%.txt
del /Q %DESTLOG%

ECHO HOST: %HOST% Complete!

GOTO :EOF

Comments :

0 comments to “Use MRT to Disinfect and report on all your Computers”