Home > Security Tips > Threat Monitor > How to remove the Blaster registry key through scripting
Security Tips:
EMAIL THIS
 TIPS & NEWSLETTERS TOPICS 

THREAT MONITOR

How to remove the Blaster registry key through scripting


Joel Johnson, SearchSecurity.com Expert
08.18.2003
Rating: -4.55- (out of 5)


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


This handy WMI script can be called from your login scripts to clean up the Blaster registry key. Of course, you may want to add a Reg backup line to backup the registry first.

The basics behind this script are pretty simple. The first five lines lay out the standard Windows registry tree. The next five lines define what we are looking for. The "." stands for local computer. If you want to target a single computer you can add that computer name instead of the ".". The "SMethod" means we are using the "Delete Value" command. The next two lines lay out the location of the value we are looking for. And finally the "SValue" is the value that nasty Blaster added to user registries. The rest of the script calls the variables we just defined.

You can run this within netlogon and save yourself valuable cleanup time. 

Const HKEY_CLASSES_ROOT  = &H80000000
Const HKEY_CURRENT_USER  = &H80000001
Const HKEY_Local_Machine  = &H80000002
Const HKEY_Users   = &H80000003
Const HKEY_Current_Config  = &H80000005

sComputer  = "."
sMethod  = "DeleteValue"
hTree   = HKEY_Local_Machine
sKey   = "SoftwareMicrosoftWindowsCurrentVersionRun"
sValueName  = "windows auto update"

Set oRegistry  = GetObject("winmgmts:{impersonationLevel=impersonate}//" & _
   sComputer & "/root/default:StdRegProv")

Set oMethod  = oRegistry.Methods_(sMethod)
Set oInParam  = oMethod.inParameters.SpawnInstance_()

oInParam.hDefKey = hTree
oInParam.sSubKeyName = sKey
oInParam.sValueName = sValueName

Set oOutParam = oRegistry.ExecMethod_(sMethod, oInParam)

Rate this Tip
To rate tips, you must be a member of SearchSecurity.com.
Register now to start rating these tips. Log in if you are already a member.




BROWSE BY TAG
Tech Tips,   Threat Monitor,   Common Vulnerabilities and Prevention Tips,   Malware (Trojan horses, viruses & worms),   Malware, Viruses, Trojans and Spyware,   VIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



RELATED CONTENT
Tech Tips
Video: The foundation of an email security strategy
The 5 A's of functional SAN security
Effective storage security policies
Smart options for safeguarding stored data
Outfox SOX: How to make regulations work for you
Roberta Bragg's 10 Windows hardening tips in 10 minutes
Using free network intrusion detection and prevention tools to stop hacks
Hacker techniques and exploits: Prevent system fingerprinting, probing
How to stop hacker theft: Employee awareness, risk assessment policies
Information Security Decisions Fall 2004: Speaker presentations

Threat Monitor
How to prevent phishing attacks with social engineering tests
An enterprise strategy for Web application security threats
How SSL-encrypted Web connections are intercepted
How a corporate Twitter policy can combat social network threats
Cyberwarfare and the enterprise: Is the threat real?
Software security threats and employee awareness training
Newest malware threats
How to defend against rogue DHCP server malware
When BIOS updates become malware attacks
Mac OS memory flaws pose challenges for enterprise endpoint protection

Common Vulnerabilities and Prevention Tips
What's your infosec IQ?
IE update clears up spoofing issue
Countdown begins for Mydoom DDoS attacks
Microsoft to disable spoofing syntax in IE
Mydoom variant targets security features, Microsoft
IE flaw could fool users in illicit downloads
Hackers scanning for ports opened by Mydoom
Dangerous, familiar application vulnerabilities top list
Potent Mydoom worm flooding inboxes
Worm opens two backdoors, logs keystrokes

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary

DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.



Research Solutions for Network Security, Access Control and Security Threats
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts