Running Scripts

Vba32 AntiRootkit can run scripts. So, the following operations are available: deleting infected/suspicious files, copying infected/suspicious files to the quarantine, etc. To do this, select the File – Run Script menu item.

Vba32 AntiRootkit run script Running Scripts
 Run Script window

A user can access the following procedures:

  • Brs_Start() – enables the technique of low-level file access;
  • Brs_QtnFile() – copies the specified file to the quarantine, it’ll be performed after rebooting;
  • Brs_DelFile() – deletes the specified file, it’ll be performed after rebooting;
  • RebootSystem() reboots the system;
  • CollectState() – collects information on the system and saves it to vba32arkit.log file.

Example:
Brs_Start();
Brs_QtnFile("c:x.exe");
Brs_DelFile("c:x.exe");
RebootSystem();

The script will copy the c:x.exe file to the quarantine, delete the c:x.exe file and reboot the system.

A script will be executed after the Run script button is pressed. To check the syntax, press the Check script button. A script can be saved to a file (Save script) and loaded (Load script).

Also, scripts can be executed from command line of Vba32 AntiRootkit. To do this, a user should save script body to UNICODE text file and run the following:

Vba32arkit.exe /rs "file name"

As soon as the program is launched, the script from the specified file will be run.

 

Running Scripts