Auto Download File From FTP – then rename

A little while ago my friend asked me to help him with some Windows commandline scripting. Basically he was waiting for ages for the development team in his company to sort this simple task out and asked me how he can every day automatically download a file from FTP, then rename it with the current date.

I don’t do Windows very much and Linux is just much better for exactly these things, but this seemed like an easy enough challenge.

In the end I didn’t manage to do everything in one file, but I think that two should work just as well when you add them to the Windows task scheduler…

Here are the files with some explanation:


@ftp -i -s:”%~f0″&GOTO:EOF
!:— FTP commands below here —
mget “*.*”

The first line starts the windows command line FTP client and the parameters essentially say that everything else in the file should be ignored by the command line itself, but be parsed to the FTP client.
Line two opens the connection and line three and four will send the authentication details. Line six gets all files in the current directory. You could really do here anything you want on the remote and local server, eg: change the local directory path (lcd …), the remote one (cd …) send files (put) or even delete them (rm). At the end, I simply disconnect.

for /f “tokens=1-5 delims=/ ” %%d in (“%date%”) do rename “SomeFileName.txt” SomeFileName_%%f-%%e-%%d.txt

In one line: I’m starting a for-loop and I use a tokeniser to delimit the following string into 5 (1-5) sections. %%d specifies the beginning character used for the token (d) and all that follow will be e,f,g…
then I use the %date% (in (“%date%”) function to get the current date. Now, In the do part, I will rename the file from SomeFileName.txt to SomeFileName_yyyy-MM-dd.txt
I hope this makes sense and helps a few people. Best of luck…

Removing the Koobface Worm (WORM/Koobface.bgn)

I came across this facebook worm for the first time today… It’s seems that more and more facebook users get their account hacked and then somebody posts links to malicious sites on the walls of their friends.

Unsuspecting friends then install updates to the ‘Flash Player’ or what-have-you and BANG!

In this instance the removal seems easy enough:

  1. Get a list of suspicious processes (HiJackThis can help). In this instance we have:
    And lots of files in:
    C:Documents and Settings[USER]Local SettingsTemp
  2. I got myself a Linux Live CD (ubuntu) and booted into this live version
  3. I started deleting the files above
  4. I rebooted into save mode (press f8 just after BIOS message)
  5. When Windoze started, I went into the registry (press WinKey + r and enter ‘regedit’) and deleted the referring keys in:
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrent VersionRun

Restarted and prayed 🙂

But it seems to have worked, cause I don’t see any suspicious process in HiJackThis anymore.

Malware removal: PersonalAV

A friend of mine contacted me today with this issue:
PersonalAV – a malware programme she accidentally installed and can’t get rid of.

Here are some instructions to get rid of the programme, but I don’t know if it comes with any additional Trojans or something…

Step 1: Kill the running processes.

Go to the Task Manager:
right click on free space in the windows panel OR:
Press Ctrl + Alt + Del to get into a menu and choose the Task Manager

End the following processes:

Step 2: Remove registry keys:

Start > Run > ‘regedit’ > Enter.
Search for the following keys and remove them:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallPersonal Antivirus_is1
HKEY_CURRENT_USERSoftwareMicrosoftInternet Explorer “PrS”
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “Personal Antivirus”

Step 3: Remove the programme files:

I have written two scripts that will do this work for you. Use either Windoze XP or Windoze Vista

You can also manually delete them:
c:Documents and SettingsAll UsersDesktopPersonal Antivirus.lnk
c:Documents and SettingsAll UsersStart MenuProgramsPersonal Antivirus
c:Documents and SettingsAll UsersStart MenuProgramsPersonal AntivirusPersonal Antivirus Home Page.lnk
c:Documents and SettingsAll UsersStart MenuProgramsPersonal AntivirusPersonal Antivirus.lnk
c:Documents and SettingsAll UsersStart MenuProgramsPersonal AntivirusPurchase License.lnk
%UserProfile%Application DataMicrosoftInternet ExplorerQuick LaunchPersonal Antivirus.lnk
%UserProfile%Application DataPersonal Antivirus
%UserProfile%Application DataPersonal Antivirussettings.ini
%UserProfile%Application DataPersonal Antivirusuill.ini
%UserProfile%Application DataPersonal Antivirusunins000.exe
%UserProfile%Application DataPersonal AntivirusUninstall Personal Antivirus.lnk
%UserProfile%Application DataPersonal Antivirusdb
%UserProfile%Application DataPersonal Antivirusdbconfig.cfg
%UserProfile%Application DataPersonal AntivirusdbTimeout.inf
%UserProfile%Application DataPersonal AntivirusdbUrls.inf
%UserProfile%Local SettingsApplication DataMicrosoftWindowslog.txt
%UserProfile%Local SettingsApplication DataMicrosoftWindowspguard.ini
%UserProfile%Local SettingsApplication DataMicrosoftWindowsservices.exe
c:Program FilesPersonal Antivirus
c:Program FilesPersonal Antivirusactivate.ico
c:Program FilesPersonal AntivirusExplorer.ico
c:Program FilesPersonal AntivirusPerAvir.exe
c:Program FilesPersonal Antivirusunins000.dat
c:Program FilesPersonal Antivirusuninstall.ico
c:Program FilesPersonal Antivirusworking.log
c:Program FilesPersonal Antivirusdb
c:Program FilesPersonal AntivirusdbDBInfo.ver
c:Program FilesPersonal Antivirusdbia080614.db
c:Program FilesPersonal Antivirusdbia080618x.db
c:Program FilesPersonal AntivirusLanguages
c:Program FilesPersonal AntivirusLanguagesIAEs.lng
c:Program FilesPersonal AntivirusLanguagesIAFr.lng
c:Program FilesPersonal AntivirusLanguagesIAGer.lng
c:Program FilesPersonal AntivirusLanguagesIAIt.lng
%UserProfile%Application DataMicrosoftWindowswinlogon.exe
%UserProfile%Local SettingsApplication DataMicrosoftInternet ExploreriGSh.png
%UserProfile%Local SettingsApplication DataMicrosoftInternet ExploreriMSh.png
%UserProfile%Local SettingsApplication DataMicrosoftInternet ExploreriPSh.png
%UserProfile%Local SettingsApplication DataMicrosoftInternet Exploreriv.exe
%UserProfile%Local SettingsApplication DataMicrosoftWindowslog.txt
%UserProfile%Local SettingsApplication DataMicrosoftWindowspguard.ini
%UserProfile%Local SettingsApplication DataMicrosoftWindowsservices.exe

Good luck!

However, if you don’t want to do all this and are contemplating reinstalling Windows anyways, make the right decision and install a different OS altogether…