Two sides of the coin- automated script!

Hi malware fighters,

If you want to enroll an anti-spyware program on a couple of machines, the following can be a usefull script:
It was used to enroll MS antispyware on various machines.

----------------------------------------------------------


'MSAS Install Script - ryan@overdose.net

'ipFile = path to list of hosts
ipFile = "C:\scripts\installmsas\list.txt"

'execPath = path to executable file
execPath = "C:\scripts\installmsas\msantispy.msi"

'execCommand = command to execute, including path, switches, etc
execCommand = "msiexec.exe /i c:\msantispy.msi /qn INSTALLDIR=c:\MSAS\"
execCommand2 = "C:\msas\gcasDtServ.exe /regserver"

'fileName = filename of executable
fileName = "msantispy.msi"

'pathToLog = path to the logfile
pathToLog = "C:\scripts\installmsas\install_log.txt"

On Error Resume Next
Set oNet = CreateObject("WScript.Network")
Set oFS = CreateObject("Scripting.FileSystemObject")
Set oSvcLocal = GetObject("winmgmts:root\cimv2")
Set oIPFile = oFS.OpenTextFile(ipFile, 1, false)
Set oOutputFile = oFS.CreateTextFile(pathToLog, TRUE)


If (Err.Number <> 0) Then
     WScript.Echo "Cannot open " & ipFile
     WScript.Quit
End If


While Not oIPFile.atEndOfStream
     ip = oipFile.ReadLine()
     oOutputFile.WriteLine(vbCrLf & "Connecting to " & ip & "... ")
     WScript.Echo vbCrLf & "Connecting to " & ip & "... "

     Err.Clear
     Set oSvcRemote = GetObject("winmgmts:\\" & ip & "\root\cimv2")

     If (Err.Number <> 0) Then
          oOutputFile.WriteLine("Failed to connect to " & ip & ".")
          WScript.Echo "Failed to connect to " & ip & "."
     Else
          oNet.RemoveNetworkDrive "x:"
          oNet.MapNetworkDrive "x:", "\\" & ip & "\C$"

          ' copy msas file to remote pc
	  Set oSourceFile = oSvcLocal.Get("cim_datafile=""" & replace(execPath, "\", "\\") & """")
          returnCode = oSourceFile.Copy("x:\\" & fileName)

		If (returnCode <> 0 and returnCode <> 10) Then
			' Failure detected and failure was not "file already exists."
			oOutputFile.WriteLine("Failed copy " & fileName & " to " & ip & " - Error Code: " & returnCode)
			WScript.Echo "Failed copy " & fileName & " to " & ip & " - Error Code: " & returnCode
		        oNet.RemoveNetworkDrive "x:"
		Else
	 		oOutputFile.WriteLine(fileName & " copied to " & ip)
	                WScript.Echo fileName & " copied to " & ip
	       	        Set oProcess = oSvcRemote.Get("win32_process")
	              	returnCode = oProcess.Create(replace(execCommand, "\", "\\"))
                    	If (returnCode <> 0) Then
                        	oOutputFile.WriteLine("Failed to start install on " & ip & " Error Code: " & returnCode)
                        	WScript.Echo "Failed to start install on " & ip & " Error Code: " & returnCode
                        	oNet.RemoveNetworkDrive "x:"
                    	Else
                        	Set oDestFile = oSvcLocal.Get("cim_datafile=""x:\\" & fileName & """")
                        	'Wait for the installation to complete.
                         	For waitTime = 0 To 120   ' Lay and wait--up to two minutes for the installation to complete.
	                        	WScript.Sleep 10000     ' Sleep
                                	'Delete temporary file as soon as possible after it is freed.
                             		If (oDestFile.Delete() = 0) Then
                                  		Exit For
                              		End If
                         	Next ' Otherwise, loop again and keep waiting...
                         	oOutputFile.WriteLine("Installation successful on " & ip & ".")
                         	WScript.Echo "Installation successful on " & ip & "."

                    	End If     'Create process succeeded.
				
			'now register server
			returnCode = oProcess.Create(replace(execCommand2, "\", "\\"))
			If (returnCode <> 0) Then
                        	oOutputFile.WriteLine("Failed to register server on " & ip & " Error Code: " & returnCode)
                        	WScript.Echo "Failed to register server on " & ip & " Error Code: " & returnCode
			Else
                        	oOutputFile.WriteLine("Registration successful on " & ip & ".")
                        	WScript.Echo "Registration successful on " & ip & "."
                    	End If
           	End If
      End If
WEnd
oOutputFile.Close

If we analyse this script for what it is worth through for instance ScriptSentry it can also come in handy to enroll malicious code onto machines. Are you alerted now to the two-sidedness of the sword, called SCRIPT!,

polonus