Automatic Virus Eradication & Removal Tool

Thanks for the information, Searching_ _ _

Dr. Web - This scanner can't be fully automated. It does accept command line arguments, but it requires interaction as well.

Norman Malware Scanner - Same as Dr. Web

Comodo - This is kind of what I've been saying in the beginning. Comodo is one of the many apps that support command line scanning, but must be installed to do so.

Bit Defender - I hadn't realized BD had a portable CLI. I'll look into it.

MSSE - Same has Comodo

McAfee - It's a paid for utility

I've actually spent a great deal of time researching scanners and testing them out extensively.

Thanks for the suggestions

 

I couldn't determine if Bitdefender's cli was a seperate thing or rolled together, my eyes lids were getting heavy.

Maybe prodding those like Comodo and Rising to make portable cli versions could be helpful.

 

@ weirddemon

Hi nice idea, and i like to try and help those who try and help others So here's some suggestions for you.

Quarantine is a MUST, otherwise it could cause even more problems

At 353MB and probably growing, it's a Very large file. Not everybody might want all that's included in it, therefore it's a waste of your bandwith/costs and ours. If you could provide the basic app as a DL, and the others as optional DL's and/or links to them, this would suit more people i believe Of course you could still offer the full version as a DL for those who choose that

The following are a selection of AV's which "might" be suitable to include ? I didn't check all the details on everything, but felt they where at least worth a look Sorry if some have already been mentioned.

*

Enables you to run a scan directly from the command line - http://www.avast.com/en-ca/free-antivirus-download#tab3

Free command line scanner - http://research.pandasecurity.com/free-commandline-scanner

SARC is also providing a free Command Line Scanner to detect and repair the viruses
for users without anti-virus software - http://searchg.symantec.com/search?...ntsp=a&oe=UTF-8&ie=UTF-8&ud=1&site=symc_en_US

VirusBuster command line scanners - http://www.virusbuster.hu/en/products/corporate-users/desktop

AVG - AVGSCAN.exe and it is a dos command line which appears to work with AVG
free - http://help.wugnet.com/security/AVG-command-line-switches-ftopict11814.html

Command line support for quick scanning - http://www.malwarebytes.org/mbam.php

F-Secure Anti-Virus for DOS (F-Prot) - http://support.f-secure.com/enu/home/virusproblem/howtoclean/howtousefprotfordos.shtml

Dr.Web console scanner for Windows - http://download.drweb.com/console_win/?lng=en

Switches to Norman Malware Cleaner - http://www.norman.com/support/support_tools/58732/en

Using the Command Line Scanner - http://www.norman.com/support/support_issue_archive/78069/en

? - http://www.escanav.com/english/content/products/MWAV/escan_mwav.asp

*

List of AV's - https://secure.wikimedia.org/wikipedia/en/wiki/List_of_antivirus_software

 

Searching,

Bitdefender has a command line scanner in its installation file, may be can use eScan AntiVirus Toolkit Utility (MWAV) to instead (It has a Bitdefender cls included in it package).




CloneRanger,

What I know is :
Symantec had not provided an new command line scanner anymore.
VirusBuster is a paid cls
AVG and Avast needs to install
F-Prot DOS version no longer supported

 

CloneRanger,

Please see post 26 for why I cannot use Dr. Web, Norman, and the same reason apply for MBAM and AVG. andylau pretty much answered for the rest. Mostly.

andylau, are you sure virus buster is paid for? I'm downloading the CLI now from their download page. It appears to be free. I'll look more into it.

But, the suggestions and feedback has been amazing so far. It looks like I'm going to add two more scanners, at least:

VBA32
MWAV

And, if Virus Buster is free, then that one too.

However, before I begin that, I have two things to do:

1. Ensure each scanner only quarantine files if cleaning does not succeed
2. Slim down the AVERT download and make each scanner downloadable to decrease the size of AVERT.

Thanks again. Give me some time and I'll post back with an update relatively soon

 

@ andylau

OK, wasn't sure about everything i posted, but posted just in case they might be some use

@ weirddemon

Please see above.

Well at least MWAV is on your list now

I suggest NOT to clean as a first option, but just to report what it/they find. Then people are free to decide for themselves how to proceed. If they choose to go ahead they can then opt for quarantine and/or clean. Also a System Restore point would be advisable before ANY scan.

Good

 

Cleaning doesn't affect the infected file. Some AVs, if they can't clean it, then they resolve to delete it. Which is what we don't want. So cleaning first is okay and then quarantine if it can't clean so it doesn't delete.

Besides, if I want to keep AVERT fully automated, I can't just have the scanners pause and wait for the user to decide what they want to do. And, I don't have a lot of control with them.

Basically what you're asking, is for AVERT just to do an analysis and really, nothing more. Since I don't have complete control over the scanners, they'd then have to run a second scan to clean them up, which would require a second set of arguments to clean, but even then, I couldn't tell them which files were okay and which weren't. And it'd take double the time, which beats the purpose.

So what I'm saying is:

Clean > All
Quarantine > Delete

 

weirddemon,

As for Dr.Web, you may use /MWM – move (by default, to the infected.!!! folder) - actions with all types of unsolicited programs

VirusBuster, if you do not have key, you need to wait 30 seconds before started scanning.


One thing to ask you, why you zipped the scanners and then extract to tmp dir? I think just put them unzipped into their dir and update to that dir will be better. Because I am afraid that when you move or quarantine the infected files will cause problem(maybe).

 

this irremediably would force A (for Automatic) VERT to change it's name to M (for Manual) VERT... the automated process is what makes this application more a "cleaner" than a "scanner"...

 

I'm a bit lost here, why do these have to be the CLI scanners?

Also it's probably best weirddemon that you can make Avert like a front end that isn't hardcoded to any particular AV apps and let the people download the ones they want to use and add into Avert. After all everyone has their favorites to use and for the more experienced it would be nice they can simply pick whatever one they want and use it...

A 300MB+ download is going to be the killer of this...

By the way here is another cli scanner;
https://www.wilderssecurity.com/showthread.php?t=283326

THANKS

 

The only way for me to automate the process, is for the scanners to be CLIs. There's really no way of going around that. I can allow the users to choose which scanners they want to use, but they still have to be command line scanners. I'll try to implement as many as possible, so that everyone has a choice.

I have to use command line scanners for four main reasons.

1. They're portable - self explanatory
2. Because they're portable, they don't have to be installed. As I illustrated in my first post, when a machine is already infected, getting the machine to install a scanner is time consuming and doesn't always work.
3. The scanner has to be able to accept arguments. Without that, I can't tell it how to scan, not to delete files and so on. They're are a lot GUI apps that also have CLIs when you install them, but they have to be installed.
4. If I used a GUI app, like Norman for instance, they generally take user interaction. That beats the whole point of AVERT.

Thanks for the scanner, but it's already included in AVERT. I have it named as Asquared because they didn't change the name until after I already implemented it. I'll fix it eventually.

As for the size of the AVERT package, I agree. Which is why I mentioned in post 30, that I'm going to slim down AVERT. When I'm done, you'll download a much smaller package and then from there, you can choose which scanners you want to download after the fact. The package will then be around 6MBs.

Does that help explain everything, DasFox?

 

True. So no user interaction is required at any point of the cleanup process, other than running the app of course. right?

Awesome!

 

Now, i do have one question, how will you be able to achieve minimizing the download size to only 6mb when VIPRE Rescue (command line) has to be downloaded every time you need it. there's no way to update it, you will always have to download ~80mb to get the latest def's avail... as far as i understand...

 

AVERT is meant to be portable. You'll download the initial package, load it up, and then install whichever scanners you want. Put all of this on a flash drive and move it around from PC to PC. Or on a disc.

You can then install more scanners or delete ones you don't need anymore. But, you'll only need to download them once.

 

Could you please upload it again, it seems to be deleted from the megaupload. Thanks!

 

Hm... I thinkk I may have accidentally deleted when I was testing out some things. I'm almost done with an updated version. I'll upload that once I am. Sorry

 

Ok, but in the case of VIPRE's command line scanner the user must download the full .exe in order to have the latest defs... and that's a ~80mb download. Or perhaps you mean I dwl'd AVERT and if I choose VIPRE then AVERT will dwl'd it's defs for me?

 

I'll make this as clear as possible. With VIPRE, it's a bit different, but I'll outline the general idea and explain the exception to VIPRE.

AVERT will be about 6MBs in size. When you download it, you'll obtain the AVERT executable and a few other essential files.

From there, if you bring up the AVERT Options window, you'll see this:

http://p1cture.me/images/12561539233953834007.jpg

The scanners highlighted in red have not been downloaded and cannot be used. But, if you notice, in this screenshot, Asquared is not highlight. Which means the user has downloaded Asquared and that scanner can be used.

If you want to download additional scanners, you can:

http://p1cture.me/images/47298129999500487040.jpg

This gives the user the illusion of instant gratification and the ability to choose which scanners they want to download and use. If you don't plan on paying for Avira's services, why download their scanner, right?

After you have the scanners you want, AVERT will download the appropriate signatures when scanning. It will only download the signatures for the scanners that you have chosen to use and will not download signatures for scanners that have not been downloaded, even if it has been selected for scanning.

Now, VIPRE is different. VIPRE does not provide a method to update signatures for their command line app. You have to re-downloaded the entire package to get the latest updates. Which, like you mentioned, is usually in the range of 80MBs. For now, there is no method in place to update signatures for VIPRE because of this. The only way around this, is to have AVERT download the package fresh each time. That, or have the user re-download the package.

In the past, I didn't want to have AVERT re-download the package each time. But, now that I think of it, I might end up doing that. This way, the newest signatures are always guaranteed, the user won't have to guess if the package has the latest updates and it's all automatic anyway. Just select the scanner and walk away. But, this also means that if an internet connection is not available, VIPRE won't work...

 

weirddemon, have you seen my post at #33?

If you pre-packed(zipped) the scanners, then some scanners that have incremental update function, for example, A2 and VBA32, they need to update the signatures - date between the pre-package and the time and start updating. It is another kind of re-download, right?
That why I suggest you to put them directly in the dir. For example, "\AVERT\Scanners\Asquared\a2cmd.exe" and its related files.
http://p1cture.me/images/81091245042019356685.png

 

I have them zipped and extracted for two main reasons:

1. Zipped files are significantly smaller.
2. Speed - AVERT is meant to be portable. If you put it on a flash drive or CD, running the scanners will be awfully slow AND you can't apply signature updates if you're running it from a CD because it's non writable.

As for the first part of your question, I don't know what you're talking about. All the scanners need signature updates. So when AVERT runs, it will update the signatures. If the scanners themselves need updating, then I'll either update them at a later point and re-upload their zip files, or in the case of A2, it updates not only it's signatures, but itself and related files when it needs it.

I can assure you, from a technical stand point, that I have done many hours of research and testing to make sure that I'm using the quickest and best possible methods I can. Unzipping the files is not the best method here and doing so could cause issues with AVERT. So, if you have done so and deleted the zip file, I would suggest you reverse that process in order to make sure AVERT functions properly.

 

You are right! I forgot many people still using CD/DVD, sorry for that.
The speed of my USB is OK, not too slow

I get your point, and now I know why you do so clearly!

Thanks for your explanation and sorry for my poor presentation.

 

Where can I get this?

 

Err... sorry. I'm devoting as much time as I can to finish up the next version so I can release it.

I'm having some trouble with file hosting =/

Thanks for the patience

 

Is ACERT bootable disk or it runs from Windows?

 

It's a portable tool. You can run it from a flash drive or a CD.