Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Batch File And The Hklm\~\run Key


  • Please log in to reply
5 replies to this topic

#1 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:52 PM

Posted 26 June 2008 - 03:19 PM

Hello.

I am using a batch file with the following code:
copy Z:\run2.bat C:\run2.bat
echo Windows Registry Editor Version 5.00 > C:\temp.reg
echo. >> C:\temp.reg
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] >> C:\temp.reg
echo "testing"="c:\\run2.bat" >> C:\temp.reg
REGEDIT.EXE /s C:\temp.reg
shutdown /t 00 /f /r
When I reboot, instead of launching C:\run2.bat, I get nothing. I can verify that the key is imported to the registry correctly. But it doesn't start. Any ideas?

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:52 AM

Posted 26 June 2008 - 04:19 PM

Hello Billy.

This is very strange. It's only for the RunOnce key that it doesn't work. I also tried:
cmd /c "c:\run2.bat"
from the runonce without success.

When I put the exact same value into the Run key, it works fine :thumbsup: .

I guess you could accomplish the same thing by adding
reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce /v testing /f
to the end of the batch script. Other than that I'm all out of ideas (for now anyways).

I'll go and test this some more and get back to you if I find anything.

With Regards,
The Panda

#3 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:52 AM

Posted 26 June 2008 - 04:35 PM

Got it... kinda.

When I used:
cmd /k run2.bat
The cmd opened and ran the batch file.

However, I think there is a problem with what the particular batch file can do.

The test batch file I used was:

@ECHO OFF
ECHO hi
ECHO I rule>>test.txt
pause

On the command prompt window that opened, the was "hi" as expected, but the "I rule" didn't get directed into a file.

Don't know what to make of this.

With Regards,
The Panda

#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:52 AM

Posted 26 June 2008 - 04:59 PM

Hi,
I don't know the answer to this promblem but I just wanted to say something.

On the command prompt window that opened, the was "hi" as expected, but the "I rule" didn't get directed into a file.

The "I rule" did get directed to the .txt file when command prompt window opened when I did it...

Regards,
Extremeboy

Edited by extremeboy, 26 June 2008 - 05:00 PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:52 AM

Posted 26 June 2008 - 05:08 PM

Hello extremeboy.

Did you run the batch file with the /k in RunOnce?

Maybe it's just a permissions problem because I use IUtweak to autolog onto a non-admin account. When I suppress the autologon, it may still be trying to run the script as the non-admin.

With Regards,
The Panda

#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer

  • Topic Starter

  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:10:52 PM

Posted 26 June 2008 - 07:03 PM

Well.. I haven't tried it out completely, but I think I solved it. I used the RunOnceEx key.... seems to be working.

Thanks!

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users