15 replies to this topic

[homes32]

File Name: VIPRERescue
File Submitter: homes32
File Submitted: 15 Aug 2011
File Updated: 29 Oct 2012
File Category: App scripts

The VIPRE Rescue Program is a command-line utility that will scan and clean an infected computer that is so infected that programs cannot be easily run. Scanning features rootkit detection, deep scan, and can log events.

I have written a lightweight portable GUI for handling scanning and downloading of updates. Please take note that this is a very large program (200+ MB). Pay special attention to the warnings in the script interface.

Click here to download this file

[neyrial]

it didn t work for me with default options

[homes32]

you need to be more specific when reporting problems or I may have no Idea what you are talking about. There is a global shortage of crystal balls here on reboot and the one we do share between developers has been broken for years now!

it looks like sunbelt changed their download URL's again. I'll see if I can get it sorted out in the next day or so.

regards,
Homes32

[linuxbaby]

The Download is not available but thanks a lot for sharing the script.

404 Not Found

The server can not find the requested page homes32.winbuilder.net/scripts/VIPRERescue.script (port 80)

Please forward this error screen to homes32.winbuilder.net's [email="nunobrito.azores@gmail.com?subject=Error%20message%20[404]%20404%20Not%20Found%20for%20homes32.winbuilder.net/scripts/VIPRERescue.script%20port%2080%20on%20Monday,%2016-Apr-2012%2021:05:19%20CEST"] WebMaster[/email].

[homes32]

my subdomain is in the process of being migrated over to the new server/system.
All scripts will be restored once this is complete.

[homes32]

download issues fixed! v5 on server.

[Mikka]

download issues fixed! v5 on server.

I checked that version, but VRL.exe /GetWBDownloadURL results in the error

VIPRE Rescue Launcher
---------------------------
Failed parsing html!
---------------------------
[ OK ]

[homes32]

That usually means they changed the download page. I'll look later tonight when I have a real computer


Edit: Fixed - v6 ready for download.

[Etatheta]

It broke again. "failed parsing html! The download URL could not be found" Then at least for me it fails with Unable to Unmount WIM files when it tries to install it but i assume that goes along with the unable to get the download.

[homes32]

It broke again. "failed parsing html! The download URL could not be found" Then at least for me it fails with Unable to Unmount WIM files when it tries to install it but i assume that goes along with the unable to get the download.

looks like they changed the webpage again. I'll post a fix this weekend.
regards,
Homes32

[homes32]

fixed. v7

[Etatheta]

Now when im building the system i get the following stop error on vipre

RegWrite - Type: [0x4] Section [HKLMwb-hiveControlSet001ServicesSBRE] Key [Type]: 1

any ideas?

[homes32]

Now when im building the system i get the following stop error on vipre

RegWrite - Type: [0x4] Section [HKLMwb-hiveControlSet001ServicesSBRE] Key [Type]: 1

any ideas?

you need to build from the big blue play button not the small green play button in the script interface. otherwise the registry hives don't get mounted and all regwrites will fail.

[Etatheta]

I am doing a complete build using "the big blue play button" still get that error

[homes32]

I am doing a complete build using "the big blue play button" still get that error

then you will need to post your full build log so we can get an idea what is going on.

[Mikka]

Now when im building the system i get the following stop error on vipre

RegWrite - Type: [0x4] Section [HKLMwb-hiveControlSet001ServicesSBRE] Key [Type]: 1

any ideas?

 

Just a guess: Change the lines 62 - 66 to

RegWrite,HKLM,0x4,"Tmp_Software\ControlSet001\Services\SBRE","Type",1
RegWrite,HKLM,0x4,"Tmp_Software\ControlSet001\Services\SBRE","ErrorControl",1
RegWrite,HKLM,0x4,"Tmp_Software\ControlSet001\Services\SBRE","Start",3
RegWrite,HKLM,0x2,"Tmp_Software\ControlSet001\Services\SBRE","ImagePath","system32\drivers\SBREdrv.sys"
RegWrite,HKLM,0x2,"Tmp_Software\ControlSet001\Services\SBRE","Group","Base"

and see if that helps.

 

@homes32:

I did tests with a new up to date desktop system here. Unfortunately there were several errors.

 

#1:

Whenever I launch the app like this

this will happen:

Simple workaround: Not choosing this very option.

 

#2:

If I choose Scan for Rootkits, VIPRERescue runs on x:\ (ramdisk) and, after 7 seconds or so a BSOD shows up.

The usual stuff there: STOP: 0x00000024 ... Ntfs.sys - Address 8BE28D1B base at 8BE13000, and so forth.

 

#2's a bummer. Any idea what might cause the BSOD?

 

 

Addendum:

I noticed that BSOD (always Ntfs.sys) also occurs running McAfee Stinger (executable out-of-box) just 2 seconds after the first "Scanning for rootkits" line is logged.
AVZ Toolkit and Emsisoft Emergency Kit both run without problems (i.e. no BSOD yet).

 

McAfee Stinger runs without RunScanner, as Emsisoft Emergency Kit does.

AVZ Toolkit and VIPRERescue rely on RunScanner (latest version 1.0.0.26).

So my first idea ("some RunScanner quirks") was wrong...