13 replies to this topic

[homes32]

Description from the product Homepage
"The VIPRE Rescue Program is a command-line utility that will scan and clean an infected computer that is so infected that programs cannot be easily run."

I have written a lightweight portable GUI for handling scanning and downloading of updates.
Please take note that this is a very large program (200+ MB). Pay special attention to the warnings in the script interface.

Testing and feedback are greatly appreciated!

Download Here: VIPRERescue

Changes in v3

• Some code updates and optimizations.
• Interface tweaks.
• updated runscanner and 7za.exe
• Vipre Rescue Launcher (VRL.exe) updated to version 1.1.0
• - fixed flickering on download status
• - changes required free space from 400MB to 200 MB
• - fixed option switches for new version of vipre
• - rewrote download to work with newer autoit versions.
• - added button to view scanlog after scan finishes if logging is enabled
• - added cancel button and activity indicator to scan progress
• - better error handling
• - delete archive after download to free up space

full version history

[JonF]

Looks interesting! Thanks. I wish it werent't so freakin' big.

Sunbelt puts out some good stuff. This isn't perfect, I tried it out recently on a Virtumonde infection and it failed, where Malwarebytes Anti-Malware succeeded (once I managed to start it by booting into safe mode with command prompt). Of course that wasn't booting from a CD.

A thought on the original download. My philosophy is that storage is free, time is not. So I'd cache the downloaded file in a common area Alas, VistaPE doesn't recognize that common area, but that can be handled:

If,NotExistDir,%GlobalTemplates%\%ProgramFolder%,DirMake,%GlobalTemplates%\%ProgramFolder%ShellExecute,Open,%Tools%\wget.exe,"-N hxttp://live.sunbeltsoftware.com/Download/VIPRERescue.exe",%GlobalTemplates%\%ProgramFolder%

Hum, interesting forum SW bug, it makes the URL inside the codebox live. So I wrote "hxttp" to fool it.

ETA: If you want comments on your AutoIT code, it would help if you included your AutoIT code. You don't need to extract it.

[Lancelot]

waiting for v2 for further comments,

I like vipre as an optional av being free, and was waiting homes32 , thank you homes32 for the start



@JonF
yep, last month i had a success story where all failed but Malwarebytes Anti-Malware succeed

[JonF]

RunfromRAM is not necessary if FBWF is enabled.

[amalux]

Thank you homes32 for the nice VIPRE GUI

Your program can easily be setup as a ppA to run from a UFD/USB-HD instead of from the system RAM. This keeps the download/archived files from monopolizing limited resources and slowing down boot/load times. Check it out here under 'Portable Apps in LiveXP'.

[maanu]

thanks for the gui mate , joshua also made its gui few months ago .

well anyways , in my personal opinion , if u have dr,web cureit and avira 9 , u DONT need any other utility to clean a system in pe mood.

[homes32]

Thanks for the feedback!

@JonF and maanu
I agree this av product isn't perfect or necessarily the best one out there, or the most practical for a PE environment! but there were a few requests and I thought it would be fun. I wish they would get the definition sizes down to about 40MB or so though.

@JonF
thanks for the tip about the caching downloads. It never crossed my mind to use wget instead of the built in webget. I'll get in in the next version. hopefully sometime tomorrow.

as for the RunFromRam, it seems that in VistaPE that is the only way to get it work as the system drive is the only one I can write to. not the CD. Unless I am missing a setting or something...I would like very much not to use RunFromRam.

@maanu
Joshua has a very nice GUI. but I was having problems getting it to work in VistaPE...I didn't do much testing in liveXP with it so I'm not sure how well it works there. anyway I wanted to learn autoit anyway and it was a good opportunity.

@amalux
you can use the GUI like this already. just put VRL.exe and 7za.exe in a folder on a HD/USB drive together. there are no registry settings or anything like that to worry about. check out the download on demand option in my script it basically only makes sense for HD/USB installations because if you are using Read only media like a CD/DVD it takes ridiculous amounts of RAM to download and extract the program.

[amalux]

@amalux
you can use the GUI like this already. just put VRL.exe and 7za.exe in a folder on a HD/USB drive together. there are no registry settings or anything like that to worry about. check out the download on demand option in my script it basically only makes sense for HD/USB installations because if you are using Read only media like a CD/DVD it takes ridiculous amounts of RAM to download and extract the program.

Sorry, reading your post, it seemed you expected us to have (at least) 200-300MB allocated/free RAM which is silly of course; it would take the CD or UFD disk forever to load and leave room for little else. You're right, you could just browse to the UFD/USB-HD and run the program but there's something really nice about having it as a shortcut in your Start menu; just my preference I guess

[JonF]

thanks for the tip about the caching downloads. It never crossed my mind to use wget instead of the built in webget. I'll get in in the next version. hopefully sometime tomorrow.

On further investigation, this is difficult because they made the version part of the filename and it's an HTTP request. Still do-able but more complex. Probably not worth it if the server is lively. For severs like Mcafee that are famously sluggish, it's worth it.

as for the RunFromRam, it seems that in VistaPE that is the only way to get it work as the system drive is the only one I can write to. not the CD. Unless I am missing a setting or something...I would like very much not to use RunFromRam.

In VistaPE RunFromRam is required. In LiveXP with CreateISO.script and FBWF it is not needed. In LiveXP with BootSDI.script I don't know yet.

I handle this by putting in a Run from RAM checkbox and a note that a writable directory is required,

[homes32]

In VistaPE RunFromRam is required. In LiveXP with CreateISO.script and FBWF it is not needed. In LiveXP with BootSDI.script I don't know yet.

I handle this by putting in a Run from RAM checkbox and a note that a writable directory is required,

good idea. done.

On further investigation, this is difficult because they made the version part of the filename and it's an HTTP request. Still do-able but more complex. Probably not worth it if the server is lively. For severs like Mcafee that are famously sluggish, it's worth it.

Sunbelts server seems pretty speed to me. currently I just hand webget the web directory and it just gropes around until it finds the .exe so I'm not exactly sure how to have the script look around on the server and hand me the file name for doing a comparison. I can't check for a newer version because of this. wget's timestamp option is a possible solution but is there a way to make wget use winbuilder's progress bar? I really don't think much of extra windows popping up and on such a large download I really think there needs to be some indication that something is still going on.

I included the au3 source for you to look at as well. thanks.
-homes32

[homes32]

well its been a long time coming but I finally updated this script and got it into this decade!
works good with win7pe_SE. see 1st post for details and download link.

regards,

Homes32

[immortuus]

The Link in the first Post is dead....

[homes32]

The Link in the first Post is dead....

you can use this mirror until I get this one back up again.

regards,
Homes32

[wes]

I am running into an issue with the new build of WIN7PESE builds the VIPRE rescue errors out with this message
error writting registry key
RegWrite - Type: [0x4] Section [HKLMwb-hiveControlSet001ServicesSBRE] Key [Type]: 1
no sure if something changed in the new build but some of the other older scripts had to be fixed to work with this newer build of the project.