Steve Dodson's WebLog

A Premier Field Engineer supporting customers with security related topics.

Blogs

Command Line Options for Microsoft AntiSpyware (beta 1)

  • Comments 161
  • Likes

It has been a busy few months on the Anti-Spyware team, and I have learned a lot about the product while supporting millions of users in a newsgroup format. Here is a cool feature I ran into the other day…executing antispyware with switches through the command line!

 

To do this, open up a command prompt and change to the c:\program files\microsoft antispyware directory. Then use the switches below:

 

GIANTAntiSpywareMain.exe [-parameters] [-parameters]

 

-update : start an update check

-scan : scan [-optional scan parameters]

Optional scan parameters:   [-withMainUI]
                            [-schedule]
                            [-withUI]
                            [-withResultUI]

 

Here is an example: “GIANTAntiSpywareMain.exe -scan –withui -withresultsui -schedule

 

Feel free to play with the switches and let me know if it is beneficial to be able to do this.

Comments
  • *You typed: <br> <br>Optional scan parameters: [-withMainUI] <br> [-schedule] <br> [-withUI] <br> [-withResultUI] <br> <br>*And: <br> <br>Here is an example: “GIANTAntiSpywareMain.exe -scan –withui -withresultsui -schedule ” <br> <br> <br>----- <br> <br> <br>Is there a misspell? the first says -withresultui and the second says -withresultsui

  • Nothing of this is very useful when the current generation of malware is disabling the execution of GIANTAntiSpywareMain.exe, regedit.exe, notepad.exe msconfig.exe, and even taskmgr.exe, among others. I think they are working quickly on the other side. Look at this attack description (I have seen this happening with my own eyes): <br> <br><a rel="nofollow" target="_new" href="http://castlecops.com/t123441-Adware_and_Spyware_are_Killing_My_Soul_PLS_HELP_MEEE.html">http://castlecops.com/t123441-Adware_and_Spyware_are_Killing_My_Soul_PLS_HELP_MEEE.html</a> <br> <br>PS: by the way, I have found that I can run most of these utilities on a hijacked computer by making copies of the executables with different names.

  • Thanks for these updated arguments for MSAS! <br>I'm building a CD to remove spyware from Sales Force Laptops, will be offline and all MSAS install, scan and uninstall operations automated from CD. Almost there just can't get past the setup screens! <br> <br>With Builds 613 &amp; 614 silently installed and *never run* prior to the following silent CD issued arguments. Comet Cursor spyware installed. <br> <br> -&gt; GIANTAntiSpywareMain.exe -scan –withui -withresultsui -schedule <br>Scan UI sometimes shows, Results UI shows when finished but when clicked install setup screens display instead of the results. Schedule switch does as nothing related to scheduling. <br> <br> -&gt; GIANTAntiSpywareMain.exe -scan -withMainUI <br>Instantly launches setup screens <br> <br>If I manually MSAS one time after the silent install and get through the ssetup screens both of the above arguments fire automagically and run smoothly. <br> <br>I've tried copying ALL *.gcd files over to the host before running the arguments in an effort to kill the setup screens and get latest defs, but so far no luck... <br> <br>- g <br> <br> <br>

  • <p>&lt;a href= <a rel="nofollow" target="_new" href="http://index1.themounter.com">http://index1.themounter.com</a> &gt;sample resumes for human resource assistant&lt;/a&gt; </p>

  • <p>&lt;a href= <a rel="nofollow" target="_new" href="http://index1.asticguide.com">http://index1.asticguide.com</a> &gt;rate nude photos&lt;/a&gt; </p>

  • <p>&lt;a href= <a rel="nofollow" target="_new" href="http://index1.aswent.com">http://index1.aswent.com</a> &gt;cowboybebop nude&lt;/a&gt; </p>

  • <p>&lt;a href= <a rel="nofollow" target="_new" href="http://index1.thewentink.com">http://index1.thewentink.com</a> &gt;drunkporn&lt;/a&gt; </p>

  • <p>rivos lulosaba gykma</p> <p>&lt;a href=&quot;<a rel="nofollow" target="_new" href="http://ky614408.xava7q3.info/sitemap9.html">http://ky614408.xava7q3.info/sitemap9.html</a> &quot;&gt;fysu&lt;/a&gt; <a rel="nofollow" target="_new" href="http://ky614408.xava7q3.info/sitemap9.html">http://ky614408.xava7q3.info/sitemap9.html</a> [url=<a rel="nofollow" target="_new" href="http://ky614408.xava7q3.info/sitemap9.html">http://ky614408.xava7q3.info/sitemap9.html</a> ]pehi[/url] &nbsp;jizam</p>

  • <p>&lt;a href= <a rel="nofollow" target="_new" href="http://index1.tuffik.com">http://index1.tuffik.com</a> &gt;jewish beef brisket&lt;/a&gt; [url=<a rel="nofollow" target="_new" href="http://index1.tuffik.com">http://index1.tuffik.com</a>]jewish beef brisket[/url] </p>

  • <p>catos kycasano gokma</p> <p>&lt;a href=&quot;<a rel="nofollow" target="_new" href="http://xa506622.ivyz7is.info/sitemap21.html">http://xa506622.ivyz7is.info/sitemap21.html</a> &quot;&gt;myhu&lt;/a&gt; <a rel="nofollow" target="_new" href="http://xa506622.ivyz7is.info/sitemap21.html">http://xa506622.ivyz7is.info/sitemap21.html</a> [url=<a rel="nofollow" target="_new" href="http://xa506622.ivyz7is.info/sitemap21.html">http://xa506622.ivyz7is.info/sitemap21.html</a> ]cute[/url] &nbsp;gatep</p>

  • <p>&lt;a href= <a rel="nofollow" target="_new" href="http://index1.wentsite.com">http://index1.wentsite.com</a> &gt;girl hockey players&lt;/a&gt; </p>

  • <p>&lt;a href= <a rel="nofollow" target="_new" href="http://index1.turimu.com">http://index1.turimu.com</a> &gt;teacuppoodles in wilkes county&lt;/a&gt; [url=<a rel="nofollow" target="_new" href="http://index1.turimu.com">http://index1.turimu.com</a>]teacuppoodles in wilkes county[/url] </p>

  • <p>&lt;a href= <a rel="nofollow" target="_new" href="http://index1.dosmounter.com">http://index1.dosmounter.com</a> &gt;sexual addictions signs&lt;/a&gt; </p>

  • <p>sobos juxunuwo gekma</p> <p>&lt;a href=&quot;<a rel="nofollow" target="_new" href="http://py620606.lbbijih.info/sitemap21.html">http://py620606.lbbijih.info/sitemap21.html</a> &quot;&gt;fiwu&lt;/a&gt; <a rel="nofollow" target="_new" href="http://py620606.lbbijih.info/sitemap21.html">http://py620606.lbbijih.info/sitemap21.html</a> [url=<a rel="nofollow" target="_new" href="http://py620606.lbbijih.info/sitemap21.html">http://py620606.lbbijih.info/sitemap21.html</a> ]tyty[/url] &nbsp;terex</p>

  • <p>&lt;a href= <a rel="nofollow" target="_new" href="http://yritum.com">http://yritum.com</a> &gt;122 capital street suite 200&lt;/a&gt; </p>

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment