Jump to content

Recommended Posts

Posted

How to create with a simple script a Malicious Software Removal Tool True Addon (windows XP/2003/Vista/7/8/...):

Open Notepad and copy/paste following text:


@echo Off
CD "%~p0"
SET MRTVersion=84C44DD1-20C8-4542-A1AF-C3BA2A191E25
SET MRTGUIIDx86=B1C1D799-343E-4E7B-AE3C-DA89162F2074
SET MRTGUIIDx64=01114C6C-1A24-4C2E-BAD5-E6F45B82EB3A

MD OnePiece_Malicious_Software_Removal_Tool_True_AddOn_INTL
MOVE /Y "windows-kb890830-x64-v*.exe" windows-kb890830-x64.exe
MOVE /Y "windows-kb890830-v*.exe" windows-kb890830-x86.exe

RD /S /Q "windows-kb890830"
windows-kb890830-x64.exe -x:"windows-kb890830" /Q
MOVE /Y windows-kb890830\MRT.exe OnePiece_Malicious_Software_Removal_Tool_True_AddOn_INTL\MRTx64.exe
RD /S /Q "windows-kb890830"

windows-kb890830-x86.exe -x:"windows-kb890830" /Q
MOVE /Y windows-kb890830\MRT.exe OnePiece_Malicious_Software_Removal_Tool_True_AddOn_INTL\MRT.exe
RD /S /Q "windows-kb890830"

IF /I NOT EXIST OnePiece_Malicious_Software_Removal_Tool_True_AddOn_INTL\MRTx64.exe IF /I NOT EXIST OnePiece_Malicious_Software_Removal_Tool_True_AddOn_INTL\MRT.exe Goto _EXIT

CD /D "OnePiece_Malicious_Software_Removal_Tool_True_AddOn_INTL"
ECHO ;OnePiece > "MRT.inf"
ECHO ;>> "MRT.inf"
ECHO ; MRT INF>> "MRT.inf"
ECHO ;>> "MRT.inf"
ECHO.>> "MRT.inf"
ECHO [Version]>> "MRT.inf"
ECHO signature="$Windows NT$">> "MRT.inf"
ECHO ClassGUID={00000000-0000-0000-0000-000000000000}>> "MRT.inf"
ECHO SetupClass=Base>> "MRT.inf"
ECHO LayoutFile=layout.inf>> "MRT.inf"
ECHO DriverVer=07/01/2001,5.1.2600.5512 >> "MRT.inf"
ECHO.>> "MRT.inf"
ECHO.>> "MRT.inf"
ECHO [Optional Components]>> "MRT.inf"
ECHO MRT>> "MRT.inf"
ECHO.>> "MRT.inf"
ECHO [MRT]>> "MRT.inf"
ECHO OptionDesc ="Malicious Software Removal Tools">> "MRT.inf"
ECHO Tip ="%%NAME%%">> "MRT.inf"
ECHO Uninstall = MRT.Remove>> "MRT.inf"
ECHO IconIndex = *, ..\MRT.exe, 130 >> "MRT.inf"
ECHO SizeApproximation=60000000 >> "MRT.inf"
ECHO Modes = 0,1,2,3 >> "MRT.inf"
ECHO CopyFiles = MRT.Files>> "MRT.inf"
ECHO AddReg = MRT.Option.Reg, MRT.Option.MarkInstalled, KB890830.AddReg>> "MRT.inf"
ECHO.>> "MRT.inf"
ECHO.>> "MRT.inf"
ECHO [MRT.Files]>> "MRT.inf"
ECHO MRT.exe, , ,32 >> "MRT.inf"
ECHO.>> "MRT.inf"
ECHO.>> "MRT.inf"
ECHO [DestinationDirs]>> "MRT.inf"
ECHO MRT.Files=11 >> "MRT.inf"
ECHO DefaultDestDir = 17 >> "MRT.inf"
ECHO.>> "MRT.inf"
ECHO.>> "MRT.inf"
ECHO [SourceDisksNames]>> "MRT.inf"
ECHO 1="MRT Files","WIN51",,"i386">> "MRT.inf"
ECHO.>> "MRT.inf"
ECHO.>> "MRT.inf"
ECHO [SourceDisksFiles]>> "MRT.inf"
ECHO MRT.exe=1,,>> "MRT.inf"
ECHO.>> "MRT.inf"
ECHO.>> "MRT.inf"
ECHO [MRT.Option.Reg]>> "MRT.inf"
ECHO ; Used during install>> "MRT.inf"
ECHO HKLM,"%%KEY_OPTIONAL%%","MRT",,"MRT">> "MRT.inf"
ECHO HKLM,"%%KEY_OPTIONAL%%\MRT",INF,,"MRT.inf">> "MRT.inf"
ECHO HKLM,"%%KEY_OPTIONAL%%\MRT",Section,,"MRT">> "MRT.inf"
ECHO HKLM,"%%KEY_OPTIONAL%%\MRT",Installed,,"0">> "MRT.inf"
ECHO.>> "MRT.inf"
ECHO.>> "MRT.inf"
ECHO [MRT.Option.MarkInstalled]>> "MRT.inf"
ECHO HKLM,"%%KEY_OPTIONAL%%\MRT",Installed,,"1">> "MRT.inf"
ECHO.>> "MRT.inf"
ECHO.>> "MRT.inf"
ECHO [MRT.Option.MarkRemoved]>> "MRT.inf"
ECHO HKLM,"%%KEY_OPTIONAL%%\MRT",Installed,,"0">> "MRT.inf"
ECHO.>> "MRT.inf"
ECHO.>> "MRT.inf"
ECHO [KB890830.AddReg]>> "MRT.inf"
ECHO HKLM, "SOFTWARE\Microsoft\RemovalTools\MRT", "EULA2", %%REG_DWORD%%,"1">> "MRT.inf"
ECHO HKLM, "SOFTWARE\Microsoft\RemovalTools\MRT", "Version", %%REG_SZ%%, "%%MRT_Version%%">> "MRT.inf"
ECHO.>> "MRT.inf"
ECHO HKCR, "CLSID\%%MRT_GUID%%", , %%REG_SZ%%, "@%%11%%\MRT.exe,-101">> "MRT.inf"
ECHO HKCR, "CLSID\%%MRT_GUID%%", "System.Software.MRT", %%REG_SZ%%, "Internal">> "MRT.inf"
ECHO HKCR, "CLSID\%%MRT_GUID%%", "InfoTip", %%REG_EXPAND_SZ%%, "@%%11%%\MRT.exe,-109">> "MRT.inf"
ECHO HKCR, "CLSID\%%MRT_GUID%%", "{305CA226-D286-468e-B848-2B2E8E697B74} 2", %%REG_DWORD%%, "5">> "MRT.inf"
ECHO HKCR, "CLSID\%%MRT_GUID%%", "LocalizedString", %%REG_EXPAND_SZ%%, "@%%11%%\MRT.exe,-101">> "MRT.inf"
ECHO HKCR, "CLSID\%%MRT_GUID%%", "System.ApplicationName", %%REG_SZ%%, "Malicrous.Removal.Tool">> "MRT.inf"
ECHO HKCR, "CLSID\%%MRT_GUID%%\DefaultIcon", , %%REG_EXPAND_SZ%%, "%%11%%\MRT.exe,-0">> "MRT.inf"
ECHO HKCR, "CLSID\%%MRT_GUID%%\Shell\Open\Command", , %%REG_EXPAND_SZ%%, "%%11%%\MRT.exe">> "MRT.inf"
ECHO HKLM, "%%KEY_WIN_CURVER%%\explorer\ControlPanel\NameSpace\%%MRT_GUID%%", , %%REG_SZ%%, "@%%11%%\MRT.exe,-101">> "MRT.inf"
ECHO.>> "MRT.inf"
ECHO.>> "MRT.inf"
ECHO [MRT.DelReg]>> "MRT.inf"
ECHO HKLM, "SOFTWARE\Microsoft\RemovalTools\MRT">> "MRT.inf"
ECHO HKCR, "CLSID\%%MRT_GUID%%">> "MRT.inf"
ECHO HKLM, "%%KEY_WIN_CURVER%%\explorer\ControlPanel\NameSpace\%%MRT_GUID%%">> "MRT.inf"
ECHO.>> "MRT.inf"
ECHO.>> "MRT.inf"
ECHO [MRT.Remove]>> "MRT.inf"
ECHO AddReg = MRT.Option.MarkRemoved>> "MRT.inf"
ECHO UnregisterDlls = Stop.MRT>> "MRT.inf"
ECHO DelFiles = MRT.Files>> "MRT.inf"
ECHO DelReg = MRT.DelReg>> "MRT.inf"
ECHO.>> "MRT.inf"
ECHO.>> "MRT.inf"
ECHO [MRT.CleanUp]>> "MRT.inf"
ECHO ;AddReg = MRT.Option.MarkRemoved>> "MRT.inf"
ECHO RunPreSetupCommands = Stop_MRT:1 >> "MRT.inf"
ECHO DelFiles = MRT.Files>> "MRT.inf"
ECHO DelReg = MRT.DelReg, MRT.Reg.Delete.Keys>> "MRT.inf"
ECHO UpdateInis = MRT.SYSOC.CleanUp>> "MRT.inf"
ECHO CleanUp = 1 >> "MRT.inf"
ECHO.>> "MRT.inf"
ECHO.>> "MRT.inf"
ECHO [MRT.Reg.Delete.Keys]>> "MRT.inf"
ECHO HKLM,"%%KEY_OPTIONAL%%","MRT">> "MRT.inf"
ECHO HKLM,"%%KEY_OPTIONAL%%\MRT">> "MRT.inf"
ECHO.>> "MRT.inf"
ECHO ;;;;;;;;;;;;>> "MRT.inf"
ECHO HKLM,"%%KEY_WIN_CURVER%%\Setup\Oc Manager\Subcomponents","MRT">> "MRT.inf"
ECHO.>> "MRT.inf"
ECHO.>> "MRT.inf"
ECHO [Stop.MRT]>> "MRT.inf"
ECHO 11,,tskill.exe,,,"MRT">> "MRT.inf"
ECHO.>> "MRT.inf"
ECHO.>> "MRT.inf"
ECHO [Stop_MRT]>> "MRT.inf"
ECHO TASKKILL /F /IM MRT.exe>> "MRT.inf"
ECHO.>> "MRT.inf"
ECHO.>> "MRT.inf"
ECHO [MRT.SHOW]>> "MRT.inf"
ECHO UpdateInis = MRT_SHOW>> "MRT.inf"
ECHO RunPostSetupCommands = MRT.State:1 >> "MRT.inf"
ECHO.>> "MRT.inf"
ECHO.>> "MRT.inf"
ECHO [MRT.State]>> "MRT.inf"
ECHO "%%11%%\cmd.exe /c REG QUERY ""HKLM\%%KEY_WIN_CURVER%%\Setup\Oc Manager\Subcomponents"" /v MRT || REG ADD ""HKLM\%%KEY_WIN_CURVER%%\Setup\Oc Manager\Subcomponents"" /v MRT /t REG_DWORD /d 0 /f">> "MRT.inf"
ECHO.>> "MRT.inf"
ECHO.>> "MRT.inf"
ECHO [MRT_SHOW]>> "MRT.inf"
ECHO %%17%%\SYSOC.inf,"Components",,"MRT=ocgen.dll,OcEntry,MRT.inf,,7">> "MRT.inf"
ECHO.>> "MRT.inf"
ECHO.>> "MRT.inf"
ECHO [MRT.HIDE]>> "MRT.inf"
ECHO UpdateInis = MRT_HIDE>> "MRT.inf"
ECHO.>> "MRT.inf"
ECHO.>> "MRT.inf"
ECHO [MRT_HIDE]>> "MRT.inf"
ECHO %%17%%\SYSOC.inf,"Components",,"MRT=ocgen.dll,OcEntry,MRT.inf,HIDE,7">> "MRT.inf"
ECHO.>> "MRT.inf"
ECHO.>> "MRT.inf"
ECHO [MRT.SYSOC.CleanUp]>> "MRT.inf"
ECHO %%17%%\SYSOC.inf,Components,MRT=*>> "MRT.inf"
ECHO.>> "MRT.inf"
ECHO.>> "MRT.inf"
ECHO [Strings]>> "MRT.inf"
ECHO NAME = "OnePiece's Malicious Software Removal Tool AddOn">> "MRT.inf"
ECHO VERSION = "2012">> "MRT.inf"
ECHO MRT_GUID = "{72A2A18F-FC2B-4F74-92DA-7091EF4584E8}">> "MRT.inf"
ECHO MRT_Version = "%MRTVersion%">> "MRT.inf"
ECHO.>> "MRT.inf"
ECHO REG_EXPAND_SZ=0x00020000 >> "MRT.inf"
ECHO REG_SZ=0x00000000 >> "MRT.inf"
ECHO REG_DWORD=0x00010001 >> "MRT.inf"
ECHO REG_BINARY=0x00000001 >> "MRT.inf"
ECHO REG_MULTI_SZ = 0x00010000 >> "MRT.inf"
ECHO REG_DWORD_NOCLOBBER = 0x00010003 >> "MRT.inf"
ECHO Reg_SZ_NOCLOBBER = 0x00000002 >> "MRT.inf"
ECHO REG_BINARY_NOCLOBBER = 0x00000003 >> "MRT.inf"
ECHO REG_MULTI_SZ_APPEND = 0x0001000A >> "MRT.inf"
ECHO REG_MULTI_SZ_NOCLOBBER = 0x00010002 >> "MRT.inf"
ECHO REG_MULTI_SZ_DELVAL = 0x00010006 >> "MRT.inf"
ECHO REG_ADDREG_APPEND = 0x00010008 >> "MRT.inf"
ECHO REG_EXPAND_SZ_NOCLOBBER = 0x00020002 >> "MRT.inf"
ECHO REG_NONE = 0x00020001 >> "MRT.inf"
ECHO VALUE_NOT_SET = 0x00000010 >> "MRT.inf"
ECHO VALUE_NOT_SET_NOCLOBBER = 0x00000012 >> "MRT.inf"
ECHO.>> "MRT.inf"
ECHO ; Customized by ONEPIECE>> "MRT.inf"
ECHO ;by OnePiece>> "entries_MRT.ini"
ECHO ;###################################################################################################################>> "entries_MRT.ini"
ECHO ;This section contains version information to nLite - RyanVM Integrator - WinNT6.x True Integrator Entries_MRT.ini>> "entries_MRT.ini"
ECHO ;# SPECIAL THANKS TO NONNO FABIO>> "entries_MRT.ini"
ECHO ;# Huge thanks voidseesaw (http://voidseesaw.com) and N1K (http://www.WinCert.net) host this AddOn>> "entries_MRT.ini"
ECHO ;# a huge thanks to all Italian guys and all guys of WinCert Forum and Eng2ITA Forum and RyanVM Forum>> "entries_MRT.ini"
ECHO ;# This file contains a list of all necessary entries to add in the various installation>> "entries_MRT.ini"
ECHO ;# files of Windows for the integration of Malicious Software Removal Tool (by Microsoft) AddOn.>> "entries_MRT.ini"
ECHO ;###################################################################################################################>> "entries_MRT.ini"
ECHO.>> "entries_MRT.ini"
ECHO ;This section contains version info for RyanVM Integrator - nLite - WinNT6.x True Integrator>> "entries_MRT.ini"
ECHO [general]>> "entries_MRT.ini"
ECHO builddate=2012-03-16T11:44:11Z>> "entries_MRT.ini"
ECHO description=%%MRTTip%%>> "entries_MRT.ini"
ECHO language=%%LANGUAGE%%>> "entries_MRT.ini"
ECHO title=Malicious Software Removal Tool>> "entries_MRT.ini"
ECHO version=2012 >> "entries_MRT.ini"
ECHO website=http://www.microsoft.com/security/pc-security/malware-removal.aspx>> "entries_MRT.ini"
ECHO Windows=ALL>> "entries_MRT.ini"
ECHO.>> "entries_MRT.ini"
ECHO ;;WinNT6.x True Integrator Optional info>> "entries_MRT.ini"
ECHO ;processorArchitecture=x86 >> "entries_MRT.ini"
ECHO ReleaseType=True AddOn>> "entries_MRT.ini"
ECHO Customizedby=OnePiece>> "entries_MRT.ini"
ECHO Copyright=Microsoft>> "entries_MRT.ini"
ECHO Company=Microsoft>> "entries_MRT.ini"
ECHO ;;InstallPackageName=MRT.inf>> "entries_MRT.ini"
ECHO LastUpdateTime=2012-03-16T11:44:11Z>> "entries_MRT.ini"
ECHO.>> "entries_MRT.ini"
ECHO ;;;; ;This section contains entries that need to go into the [Components] section of the OCSysPrep.inf file. >> "entries_MRT.ini"
ECHO ;;;; [SysPrepOC]>> "entries_MRT.ini"
ECHO ;;;; MRT=advpack.dll,LaunchINFSection,MRT.inf,MRT>> "entries_MRT.ini"
ECHO.>> "entries_MRT.ini"
ECHO ;This section contains entries that need to go into the [Components] section of the Sysoc.inf file.>> "entries_MRT.ini"
ECHO [sysoc]>> "entries_MRT.ini"
ECHO MRT = ocgen.dll,OcEntry,MRT.inf,,7 >> "entries_MRT.ini"
ECHO.>> "entries_MRT.ini"
ECHO ;This section contains entries that need to go into the [Files] section of dosnet.inf>> "entries_MRT.ini"
ECHO [dosnet_files]>> "entries_MRT.ini"
ECHO d1,MRT.exe>> "entries_MRT.ini"
ECHO d1,MRT.inf>> "entries_MRT.ini"
ECHO.>> "entries_MRT.ini"
ECHO ;This section contains entries that need to go into the [SourceDisksFiles] section of txtsetup.sif>> "entries_MRT.ini"
ECHO [txtsetup_files]>> "entries_MRT.ini"
ECHO MRT.exe = 1,,,,,,,,3,3 >> "entries_MRT.ini"
ECHO MRT.inf = 1,,,,,,,20,0,0 >> "entries_MRT.ini"
ECHO.>> "entries_MRT.ini"
ECHO ;Removes files from i386 which are no longer necessary>> "entries_MRT.ini"
ECHO [obsolete_files]>> "entries_MRT.ini"
ECHO MRTx64.exe>> "entries_MRT.ini"
ECHO.>> "entries_MRT.ini"
ECHO ;This section contains a list of files in i386 which should be compressed at the very>> "entries_MRT.ini"
ECHO ;beginning of the integration process>> "entries_MRT.ini"
ECHO [i386_compress]>> "entries_MRT.ini"
ECHO rvmtemp\extracted\MRT.inf>> "entries_MRT.ini"
ECHO.>> "entries_MRT.ini"
ECHO [GlobalOffLineChanges.Install.ntx86]>> "entries_MRT.ini"
ECHO CopyFiles = MRT.x86.Files>> "entries_MRT.ini"
ECHO AddReg = MRT.x86.AddReg>> "entries_MRT.ini"
ECHO.>> "entries_MRT.ini"
ECHO [GlobalOffLineChanges.Install.ntamd64]>> "entries_MRT.ini"
ECHO CopyFiles = MRT.x64.Files>> "entries_MRT.ini"
ECHO AddReg = MRT.x64.AddReg>> "entries_MRT.ini"
ECHO.>> "entries_MRT.ini"
ECHO [GlobalOffLineChanges.Uninstall]>> "entries_MRT.ini"
ECHO DelFiles = MRT.x86.Files, MRT.x64.Files>> "entries_MRT.ini"
ECHO DelReg = MRT.DelReg>> "entries_MRT.ini"
ECHO.>> "entries_MRT.ini"
ECHO [DestinationDirs]>> "entries_MRT.ini"
ECHO MRT.x86.Files = 11 >> "entries_MRT.ini"
ECHO MRT.x64.Files = 11 >> "entries_MRT.ini"
ECHO.>> "entries_MRT.ini"
ECHO [SourceDisksNames]>> "entries_MRT.ini"
ECHO 1="MRT Files","",,"">> "entries_MRT.ini"
ECHO.>> "entries_MRT.ini"
ECHO [SourceDisksFiles]>> "entries_MRT.ini"
ECHO MRT.exe=1 >> "entries_MRT.ini"
ECHO MRTx64.exe=1 >> "entries_MRT.ini"
ECHO.>> "entries_MRT.ini"
ECHO [MRT.x86.Files]>> "entries_MRT.ini"
ECHO MRT.exe,,,32 >> "entries_MRT.ini"
ECHO.>> "entries_MRT.ini"
ECHO [MRT.x64.Files]>> "entries_MRT.ini"
ECHO MRT.exe, MRTx64.exe,,32 >> "entries_MRT.ini"
ECHO.>> "entries_MRT.ini"
ECHO [MRT.x86.AddReg]>> "entries_MRT.ini"
ECHO HKLM, "SOFTWARE\Microsoft\RemovalTools\MRT", "EULA2", 0x10001, "1">> "entries_MRT.ini"
ECHO HKLM, "SOFTWARE\Microsoft\RemovalTools\MRT", "Version", ,"%MRTVersion%">> "entries_MRT.ini"
ECHO HKLM, "SOFTWARE\Microsoft\RemovalTools\MRT", "GUID", ,"%MRTGUIIDx86%">> "entries_MRT.ini"
ECHO.>> "entries_MRT.ini"
ECHO [MRT.x64.AddReg]>> "entries_MRT.ini"
ECHO HKLM, "SOFTWARE\Microsoft\RemovalTools\MRT", "GUID", ,"%MRTGUIIDx64%">> "entries_MRT.ini"
ECHO HKLM, "SOFTWARE\Microsoft\RemovalTools\MRT", "Version", ,"%MRTVersion%">> "entries_MRT.ini"
ECHO.>> "entries_MRT.ini"
ECHO [MRT.DelReg]>> "entries_MRT.ini"
ECHO HKLM, "SOFTWARE\Microsoft\RemovalTools\MRT">> "entries_MRT.ini"
ECHO.>> "entries_MRT.ini"
ECHO [Strings]>> "entries_MRT.ini"
ECHO LANGUAGE = "INTL">> "entries_MRT.ini"
ECHO MRTTip = "Microsoft Windows Malicious Software Removal Too" ;;; Strumento di rimozione malware di Microsoft Windows>> "entries_MRT.ini"
ECHO.>> "entries_MRT.ini"

>"MTR.dif" ECHO .option explicit
>>"MTR.dif" ECHO .set DiskDirectoryTemplate=.
>>"MTR.dif" ECHO .set CabinetNameTemplate="..\OnePiece_Malicious_Software_Removal_Tool_x86-x64_True_AddOn_INTL.cab"
>>"MTR.dif" ECHO .set SourceDir=.\
>>"MTR.dif" ECHO .set RptFileName=nul
>>"MTR.dif" ECHO .set InfFileName=nul
>>"MTR.dif" ECHO .set MaxDiskSize=999948288
>>"MTR.dif" ECHO .set Compress=on
>>"MTR.dif" ECHO .set Cabinet=on
>>"MTR.dif" ECHO .set CompressionType=LZX
>>"MTR.dif" ECHO .set CompressionMemory=21
>>"MTR.dif" ECHO.
>>"MTR.dif" ECHO "entries_MRT.ini"
>>"MTR.dif" ECHO "MRT.INF"
IF /I EXIST "MRT.exe" ECHO "MRT.exe">>"MTR.dif"
IF /I EXIST "MRTx64.exe" ECHO "MRTx64.exe">>"MTR.dif"
"%SystemRoot%\System32\MAKECAB.exe" /f "MTR.dif"
CD /D "%~p0"
RD /S /Q "OnePiece_Malicious_Software_Removal_Tool_True_AddOn_INTL"
Exit

:_EXIT
RD /S /Q "OnePiece_Malicious_Software_Removal_Tool_True_AddOn_INTL"
Exit

Search in text variable MRTVersion=xxxxxxxx and change the xxxxxxxx with the version string. Every MS MRT release has its own code: after installed you can get it from Windows registry in "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemovalTools\MRT"

mrta.png

Save and name it "Create_OnePiece_Malicious_Software_Removal_Tool_True_AddOn.cmd"

Run it in same directory of MRT setup file (windows-kb890830-v%Version%.exe and/or windows-kb890830-x64-v%Version%.exe: if both are present, a multiplatform addon is created

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...