Fesooff

user defined scan via context menu

Recommended Posts

16 hours ago, GT500 said:

There is a problem with copying the paths out of the forums. It seems to be adding extra unicode characters that are otherwise not visible, however they are showing in the Command Prompt when I paste the command into Notepad++, edit it, and then paste it into the Command Prompt:

image.png
Download Image
Download Image

That's weird... not least because in my experiments I copied stuff from forum posts into a text editor that doesn't support unicode, then c&p edited versions of those lines into the command window.  And if I copy one of your examples into (ordinary) Notepad (which does support unicode) I still don't see any gaps like those arrowed above.

Incidentally, it's also weird that there's no closing double quote after your    cmd.exe   so it's hard to see what string Powershell is going to think is the argument to  -Filepath.

Share this post


Link to post
Share on other sites
7 hours ago, JeremyNicoll said:

That's weird... not least because in my experiments I copied stuff from forum posts into a text editor that doesn't support unicode, then c&p edited versions of those lines into the command window.

When I used Notepad++ to convert the characters from Unicode to ANSI, that seemed to fix the issue (although it left a random question mark in the middle of ".exe" in the path for a2cmd.exe), however since the command is going to need to support more than just ANSI characters simply converting everything to ANSI in Notepad++ might not be the best course of action.

 

7 hours ago, JeremyNicoll said:

And if I copy one of your examples into (ordinary) Notepad (which does support unicode) I still don't see any gaps like those arrowed above.

Notepad handles character encoding differently than Notepad++. It's also possible that our browsers handle it differently as well. I'm using a snapshot build of Vivaldi 1.16 which is based on Chromium 67 and is still a little buggy.

 

7 hours ago, JeremyNicoll said:

Incidentally, it's also weird that there's no closing double quote after your    cmd.exe   so it's hard to see what string Powershell is going to think is the argument to  -Filepath.

That screenshot was from one of the many failures at trying to get the command to work. I don't remember what happened to the closing quote, however I had copied the command from this post (if I remember right) and pasted it into Notepad++ to edit it. I may have been trying to enclose the parameters and the command to execute cmd.exe in quotes to see what happened.

Share this post


Link to post
Share on other sites

I've fixed it, however it seems to have no effect on the command and whether or not it's successful.

Share this post


Link to post
Share on other sites

The command looks correct.

Have you tried using Process Hacker to check and see what commands cmd.exe and a2cmd.exe are being launched with?

Process Hacker has a search field in the upper-right corner where you can enter "cmd" so that you can see only things with "cmd" in the name or file properties. When you hover the mouse over a process in the list, it will display a tooltip with info that includes the command the program was launched with, which you can see an example of in my screenshot in this post.

Share this post


Link to post
Share on other sites

The second and third screenshots don't show the command used to launch the processes, and those are the ones we'll need to see to be able to figure out why it's not working.

If you double-click on a process in Process Hacker, it will open a dialog with more information. Make sure you're on the General tab, and you'll find the command line about half-way down (you can copy it right out of the field and paste it here on the forums in a code box):

image.png
Download Image

Share this post


Link to post
Share on other sites

In the second of your screenshots above, it's the cmd.exe with process-id 3876 that is the 'parent' of the a2cmd.exe process.    Does it have a command-line parameter?

Share this post


Link to post
Share on other sites

In Process Hacker, click on Hacker in the upper-left (where the "File" menu would be in most programs), and then click Show details for all processes. This should relaunch Process Hacker with administrative rights, and might allow you to see the command line for these processes.

Alternately you could run Process Hacker by right-clicking on it and selecting Run as Administrator, and that will launch Process Hacker with administrative rights.

Share this post


Link to post
Share on other sites

That's the correct command. What's the command line for a2cmd.exe?

BTW: Does the file to be scanned exist? "E:\Daten\Ablage\Emsisoft mit PsExec.txt "

Share this post


Link to post
Share on other sites
Am 5.9.2018 um 04:45 schrieb GT500:

BTW: Does the file to be scanned exist? "E:\Daten\Ablage\Emsisoft mit PsExec.txt "

Thank you. This was the problem.

"E:\Daten\Ablage\Emsisoft mit PsExec.txt " was wrong.
"E:\Daten\Ablage\Emisoft mit PsExec.txt " is right.

-> It works now with cmd.

The next thing I tried out was, to become the same with a registry entry.
I entered the following code into the registry:
PowerShell.exe -Command Start-Process -FilePath "C:\Windows\System32\cmd.exe" -ArgumentList @('/K','\"\"C:\Program Files\Off-Time-Virenscanner\bin32\a2cmd.exe\" /f=\"%1\"\"') -Verb RunAs

PowerShell.exe -Comma.txt
 

Where did I made the entry:

1691141912_soistesinderRegistry.PNG.e3557a693e18877db8104ab4db123ef7.PNG
Download Image

-> The Scan seems to work. But I have to choose "Emisoft command line Scanner" to start it and cmd-window does not stay open at the end of the scan. It is closed immediately after the scan. And this was the thing I was hoping to get: That the cmd window keeps beeing open at the ende of the scan.

1026223201_StartausRegistry.gif.e460a134a916efd661c0564d16eccedf.gif
Download Image

Share this post


Link to post
Share on other sites

That's very odd; I've never seen an instance of someone having to choose the executable to use to open something, from a registry-defined command.    Do you get the exact same sequence of choices if you try to scan a file that is not a .txt one?       It's also odd that the final window just shuts, because the '/K' operand for cmd.exe is supposed to hold it open.

Share this post


Link to post
Share on other sites
9 hours ago, JeremyNicoll said:

... the '/K' operand for cmd.exe is supposed to hold it open.

Quite correct, that should keep the Command Prompt from closing when the command is done executing...

 

Try this instead:

PowerShell.exe -Command Start-Process -FilePath "C:\Windows\System32\cmd.exe" -ArgumentList @('/K','\"\"C:\Program Files\Off-Time-Virenscanner\bin32\a2cmd.exe\" /f=\"%1\" & PAUSE\"') -Verb RunAs


Or, if you don't want to see "Press any key to continue" after the output from a2cmd.exe, then you can try this:

PowerShell.exe -Command Start-Process -FilePath "C:\Windows\System32\cmd.exe" -ArgumentList @('/K','\"\"C:\Program Files\Off-Time-Virenscanner\bin32\a2cmd.exe\" /f=\"%1\" & PAUSE>nul\"') -Verb RunAs

 

And if you want a2cmd.exe to check for updates before scanning the file, then you can use this:

PowerShell.exe -Command Start-Process -FilePath "C:\Windows\System32\cmd.exe" -ArgumentList @('/K','\"\"C:\Program Files\Off-Time-Virenscanner\bin32\a2cmd.exe\" /u & CLS & \"C:\Program Files\Off-Time-Virenscanner\bin32\a2cmd.exe\" /f=\"%1\" & PAUSE\"') -Verb RunAs

This will slow down scanning of course, but you'll always have the latest available database when scanning a file. ;)

  • Thanks 1

Share this post


Link to post
Share on other sites

@GT500:

It does not matter which of your three new suggestion code I take:
It always looks exactly like my animation above.

For example with suggestion 3 it does not make an update:
1618116478_letzterBefehl.png.f7882b7973d52105177535b90d599582.png
Download Image

 

Am 11.9.2018 um 11:39 schrieb JeremyNicoll:

Do you get the exact same sequence of choices if you try to scan a file that is not a .txt one?

 

When I made a right click on a png-file it looks like this:

png.PNG.64af8329906227e868b90c95a74959ec.PNG
Download Image

 

The risen, why it shows emisoft to choose when I click on a txt-file is, because I have chosen this programme some day ago when I tried this the first time.

Share this post


Link to post
Share on other sites

You shouldn't be getting the  "choose which program to open the file with"  dialog at all.    Your earlier screenshot did show that you defined the Emsisoft shell command in what I'd think is the right place in the registry... but if you look at that screenshot you'll there's an earlier key named  HKCR\*\OpenWithList ... and I wonder if you've got an earlier experiment in there, named "Emsisoft" that might be confusing things?

 

Share this post


Link to post
Share on other sites

You may need to add the full path to PowerShell.exe at the beginning of the command:

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

 

  • Thanks 1

Share this post


Link to post
Share on other sites

Thank you!

This works:

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -Command Start-Process -FilePath "C:\Windows\System32\cmd.exe" -ArgumentList @('/K','\"\"C:\Program Files\Off-Time-Virenscanner\bin32\a2cmd.exe\" /u & CLS & \"C:\Program Files\Off-Time-Virenscanner\bin32\a2cmd.exe\" /f=\"%1\" & PAUSE>nul\"') -Verb RunAs

 

But when I add the Options "/h /q /r /n /a /pup", then it does not take account of them:

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -Command Start-Process -FilePath "C:\Windows\System32\cmd.exe" -ArgumentList @('/K','\"\"C:\Program Files\Off-Time-Virenscanner\bin32\a2cmd.exe\" /u & CLS & \"C:\Program Files\Off-Time-Virenscanner\bin32\a2cmd.exe\" /f=\"%1\" & PAUSE>nul\" /h /q /r /n /a /pup') -Verb RunAs

Optionen.PNG.414b8be7ef53b09d8ed9fa34b0f40d7b.PNG
Download Image

Share this post


Link to post
Share on other sites
6 hours ago, Fesooff said:

But when I add the Options "/h /q /r /n /a /pup", then it does not take account of them:

There's no /h or /r in the documentation.

As for the rest, only /a would be useful when scanning a single file. /pup and /n cause a2cmd.exe to scan other things on the system.

The reason none of them are working is due to their location in the command. Everything after & is considered another command, and won't be passed to a2cmd.exe. It's also outside of the trailing double-quote, and cmd.exe more than likely would not have processed it at all due to that.

  • Thanks 1

Share this post


Link to post
Share on other sites

Thank you.

This works now as wished:

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -Command Start-Process -FilePath "C:\Windows\System32\cmd.exe" -ArgumentList @('/K','\"\"C:\Program Files\Off-Time-Virenscanner\bin32\a2cmd.exe\" /u & CLS & \"C:\Program Files\Off-Time-Virenscanner\bin32\a2cmd.exe\" /a /f=\"%1\" & PAUSE>nul\"') -Verb RunAs

 

Question:
ADS-Scan: When I scan an "install.exe", and this option is active, doesn't then Emisoft look for ADS in this install.exe?

Share this post


Link to post
Share on other sites
9 hours ago, Fesooff said:

ADS-Scan: When I scan an "install.exe", and this option is active, doesn't then Emisoft look for ADS in this install.exe?

It may check ADS on more than that file, however I'll have to ask for confirmation.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.