Solved batch file to read inside autorun.inf

March 29, 2013 at 21:23:34
Specs: Windows
I am trying to create a batch file to open autorun.inf found any drive letter besides c drive

What I am looking for is to open autorun.inf find a line with the following strings:

Open=*.*
Shellexecute=*.*

The batch file will then find that file found and then copy the file in a folder to quarantine it.

Next once it places a copy in the quarantine folder it deletes the original file.

Finally it opens a text file to show a report of what was found and placed in the quarantine folder.


See More: batch file to read inside autorun.inf

Report •

✔ Best Answer
April 13, 2013 at 20:41:16
Ok by deleting "delims= " i got it to work.

It opens the found autorun.inf so the user can see what is inside the autorun.inf file. It is the best i can figure out so i will just go with this for now.

Thanks everyone for the help.

My newest code is below this line......

For %%i in (A B D E F G H I J K L M N O P Q R S T U V W X Y Z) do call :start %%i
goto end

:start

attrib %1:\autorun.inf -s -h -r

%1:
IF EXIST "%1:\autorun.inf" XCOPY "%1:\autorun.inf" "%1:\UC_Quarantine\*"

@echo off
@setLocal enabledelayedexpansion
for /f "tokens=*" %%a in ('%1:\autorun.inf' ) do (
find "Open=" < %%a > nul
if errorlevel 0 echo move %%a "%1:\UC_Quarantine\*"
if errorlevel 1 echo move %%a "%1:\UC_Quarantine\*"
)

%1:
IF EXIST "%1:\autorun.inf" DEL "%1:\autorun.inf"
goto :sub

:sub
echo Checking %1: ...
if not exist %1:\nul goto notfound
if exist %1:\autorun.inf\nul goto already
if exist %1:\autorun.inf goto clean
goto done

:clean
echo removing File %1:\autorun.inf ...
attrib +r +a +s +h %1:\autorun.inf
del %1:\autorun.inf

:done
echo Making directory '%1:\autorun.inf' ...
mkdir %1:\autorun.inf

:already
echo Attributing directory '%1:\autorun.inf' ...
attrib +r +a +s +h %1:\autorun.inf
goto end

:notfound
echo Skipping %1: ...

:end
CLS
ECHO Cleaning next drive .......



#1
March 30, 2013 at 18:45:31
This is what I have so far but still not right


@echo off
FOR %%a IN (%%i:\autorun.inf) DO CALL :read %%~na
TREE /f >> uc-found.txt
@GOTO :EOF

:read
@set FILE=%1
FOR /f "tokens=1,2" %%i IN (%FILE%.inf) DO CALL :makeDir %%b %%c
@GOTO :EOF

:makeDir
@set UC-Quaantine=%1
@set autorun2=%2
mkdir %UC-Quarantine%
@echo Made directory for %UC-Quarantine% >> results.txt
CALL :move
@GOTO :EOF

:move
MOVE %FILE%.inf %UC-Quarantine%
@echo %FILE% moved to %
REN %UC-Quarantine%\%FILE%.inf %autorun2%.inf
@echo %ACCOUNT%\%FILE% renamed %autorun2% >> results.txt
DEL %FILE%.inf
@echo %FILE% deleted. >> results.txt
@GOTO :EOF


Report •

#2
April 11, 2013 at 10:34:28
Hey herg62123, what do the @ signs do?

Report •

#3
April 11, 2013 at 11:31:51
:: ===== script starts here ===============
::
:: quar.bat 2013-03-30 14:49:20.57
@echo off & setLocal enableDELAYedeXpansioN

for /f "tokens=* delims= " %%a in ('dir/b/s D:\autorun.inf' ) do (
find "Open=" < %%a > nul
if not errorlevel 1 echo move %%a D:\QUAR
)
::====== script ends here =================

=====================
M2 Golden-Triangle


Report •

Related Solutions

#4
April 11, 2013 at 17:49:44
Ok something still does not work right when trying to move the files found in the autorun.inf file

Here is my code so far with the new code posted above included:


for %%i in (A B D E F G H I J K L M N O P Q R S T U V W X Y Z) do call :start %%i
goto end

:start
attrib %1:\autorun.inf -s -h -r

@echo off & setLocal enableDELAYedeXpansioN
for /f "tokens=* delims= " %%i in ('dir/b/s %1:\autorun.inf' ) do (
find "Open=" < %%i > nul
if not errorlevel 1 echo move %%i %1:\UC_Quarantine\*
)

%1:
IF EXIST "%1:\autorun.inf" XCOPY "%1:\autorun.inf" "%1:\UC_Quarantine\*"

%1:
IF EXIST "%1:\autorun.inf" DEL "%1:\autorun.inf"
goto :sub

:sub
echo Checking %1: ...
if not exist %1:\nul goto notfound
if exist %1:\autorun.inf\nul goto already
if exist %1:\autorun.inf goto clean
goto done

:clean
echo removing File %1:\autorun.inf ...
attrib -r -a -s -h %1:\autorun.inf
del %1:\autorun.inf

:done
echo Making directory '%1:\autorun.inf' ...
mkdir %1:\autorun.inf

:already
echo Attributing directory '%1:\autorun.inf' ...
attrib +r +a +s +h %1:\autorun.inf
goto end

:notfound
echo Skipping %1: ...

:end
CLS
ECHO Cleaning next drive .......


Report •

#5
April 12, 2013 at 06:18:23
The @ makes it so the command window doesn't echo the line.

:: mike


Report •

#6
April 12, 2013 at 06:44:20
I'm lost, but you can get the drive letters with this:

wmic logicaldisk get caption

=====================
M2 Golden-Triangle


Report •

#7
April 13, 2013 at 20:41:16
✔ Best Answer
Ok by deleting "delims= " i got it to work.

It opens the found autorun.inf so the user can see what is inside the autorun.inf file. It is the best i can figure out so i will just go with this for now.

Thanks everyone for the help.

My newest code is below this line......

For %%i in (A B D E F G H I J K L M N O P Q R S T U V W X Y Z) do call :start %%i
goto end

:start

attrib %1:\autorun.inf -s -h -r

%1:
IF EXIST "%1:\autorun.inf" XCOPY "%1:\autorun.inf" "%1:\UC_Quarantine\*"

@echo off
@setLocal enabledelayedexpansion
for /f "tokens=*" %%a in ('%1:\autorun.inf' ) do (
find "Open=" < %%a > nul
if errorlevel 0 echo move %%a "%1:\UC_Quarantine\*"
if errorlevel 1 echo move %%a "%1:\UC_Quarantine\*"
)

%1:
IF EXIST "%1:\autorun.inf" DEL "%1:\autorun.inf"
goto :sub

:sub
echo Checking %1: ...
if not exist %1:\nul goto notfound
if exist %1:\autorun.inf\nul goto already
if exist %1:\autorun.inf goto clean
goto done

:clean
echo removing File %1:\autorun.inf ...
attrib +r +a +s +h %1:\autorun.inf
del %1:\autorun.inf

:done
echo Making directory '%1:\autorun.inf' ...
mkdir %1:\autorun.inf

:already
echo Attributing directory '%1:\autorun.inf' ...
attrib +r +a +s +h %1:\autorun.inf
goto end

:notfound
echo Skipping %1: ...

:end
CLS
ECHO Cleaning next drive .......


Report •

Ask Question