Defeating a live virus/trojan infection with AM

By Max Ranzau

 

From the Crush, Kill & Destroy Dept. This is an aricle about using RES Automation Manager to defeat a live virus infection and cleaning up the colatteral damage afterwards, in case you’re dealing with many computers. With the help of others, I’ve put together a solution, as well as providing some valuable generic takeaways, like how to change special permissions in the registry and how to use the Windows PendingFileRenameOperations queue from within Automation Manager.

doc-icon2<<< Click here to read the article.

 

2 Comments

  • By Credomane, September 5, 2012 @ 18:56

    I feel somewhat ashamed of myself. Can not believe that I've not heard of neither RES nor SetACL. Individually they are amazing but together…I don't even know it is.

    Everything you have in that magic building-block I could have used just 6-8 hours ago. I practically followed everything Chanh did on the "Do It Scared!" link without knowing it even existed. Only I exported "hives" from the working system rather than "reg" files. Hives contain the proper permissions but are tricky to import (they lack the information on where the data is to go in the registry). Import even slightly wrong and you WILL be kissing a chunk of the registry good bye and probably reinstalling windows. SetACL will save me from this potential disaster.
     

    Never had a tool that could automate tasks in a large environment that didn't explicitly require AD (we still use Novell [rather not talk about it]. It was once better than AD but those days were so long ago) and RES looks like just that tool.

    I've been using a tool somewhat similar to what SetACL can do but for the file system only. Been sorely in need of one that can work with the registry too. FileACL by Guillaume Bordier for the curious.

    I found this blog post very informative and showed me two very important tools that I don't think I'll soon be able to live without. I haven't even really used begun them either.

Other Links to this Post

  1. RES Workspace Manager Recommended for Preventing Virus Outbreaks | RES Software Blog — May 6, 2014 @ 05:42

RSS feed for comments on this post. TrackBack URI

Leave a comment

Comments are welcome as always. Just do the math below. * Time limit is exhausted. Please reload the CAPTCHA.