Guys,
I read a thread here (from 2006) about usb removal scripts.
I just wrote my own 2 scripts. I think they're worth checking out.
The first is a standard script that copies devcon.exe and then removes the usb. it does NOT leave any cmd.exe processes. no windows are shown.
The seconds is kinda special. It actually CREATES devcon.exe so the only file needed is the script itself! it's not size efficient (the script size is 10 times larger than devcon.exe itself) but the idea is nice, i think.
Script1 link :
http://rapidshare.com/files/110143764/Script1.zip.html
Script2 link :
http://rapidshare.com/files/110143594/Script2.zip.html
Take a look and tell me what you think.
Thanks!
Visit the Community page
Join our forums
Subscribe to our email newsletter
Subscribe with RSS
Follow us on BlueSky
Follow us on Facebook
Follow us on LinkedIn
Follow us on Mastodon
Follow us on Twitter
From Virus Total:
Remove_Without_Devcon.vbs received on 04.24.2008 23:43:15 (CET)
From Script2.zip
Panda 9.0.0.4 2008.04.24 Suspicious file
Rising 20.41.32.00 2008.04.24 Unknown Script Virus
others clear
Tim
-
Things have got to get better, they can't get worse, or can they?
Heuristics. Script2 generates an .exe from scratch and then runs it. That alone will set off the heuristics, because then it looks like it's generating a virus on-demand to prevent early detection (a form of obfuscation). So the safe thing to do? Flag the script itself.