After malware and other registry corruption issues, CMD and control panel items and other things stop working. Use the following as a .REG file to fix it:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
Kaspersky is giving us all an excellent rootkit expunger, called TDSSKiller:
http://support.kaspersky.com/faq/?qid=208283363
Here is an excellent reference of “file signatures”, data bytes at the beginning of files to use for identification. Under Unix these are called “magic numbers”.
http://www.garykessler.net/library/file_sigs.html
Some firewall on-the-fly antivirus systems can use these to decide which files to scan.
Sometimes VIPRE’s standalone upgrade will fail, giving a message saying something about a script. In this case, you will need to remove the update installer and try again. The location of the update installer under Windows 7 is:
c:\ProgramData\Application Data\Sunbelt\AntiMalware\Downloads
Under XP, it’s:
C:\Documents and Settings\All Users\Application Data\Sunbelt\AntiMalware\Downloads
This morning for the first time, I found that AVG exceptions for StorageCraft files are required. I’m excepting *.spi, *.spf, and *.spk.
Let’s say we want to run a series of commands on a set of machines. A good example is a VIPRE Enterprise client refresh, where we want to remove the agents and reinstall them, perhaps after a server crash. We can do it using this .CMD script:
set list=pclist.txt
for /F %%x in (%list%) do (
echo Removing old...
psexec \\%%x msiexec /x {9D544611-F437-4153-913E-91CE036583CC} /qn
psexec \\%%x msiexec /x {DB7CF8FB-8638-484E-A6C1-37F5AC21DCB2} /qn
Echo Installing new...
copy SBVEA_EN-Workstation.msi \\%%x\C$
psexec \\%%x msiexec /i C:\SBVEA_EN-Workstation.msi /qn
)
Just put the list of machines in “pclist.txt”, one per line, and put pclist.txt in the same folder as the script. The two IDs were found using regedit (search for “sunbelt” or maybe “vipre”); they will change as versions change. Any application installed via MSI can be removed like this, unless the vendor has really munged the MSI.
There is one exception to the above, gratefully found reported here:
http://blog.crankybit.com/why-that-batch-for-loop-isnt-working/
It occurs when there is a separate variable to be set inside the FOR loop. In these cases, one must add the following line as the first line in the script:
<a href="http://www.ss64.com/nt/setlocal.html">setlocal</a> EnableDelayedExpansion
Sometimes the services have to be restarted, especially immediately after Windows firewall exceptions have been put in.
The name of the agent service: SBAMSVC
The name of the server service: VIPRE Enterprise Service
Doug Knox has an excellent collection of fixes:
http://www.dougknox.com/xp/file_assoc.htm