Good day
i have stumbled upon this forum and browsed some of its threads and found them really interesting.
I am starting to code my own batchfile, much like it kills some pesky exe's and removes some malware generated registry entries.

My problem is "How can i search and delete a certain exe/dll/file which are located in different directories in a span of drives?"
Its much like "search and destroy" thingy ... ive googled all day and havent found any ...

hope you can help
thanks and best regards to all

Depending on what you are trying to delete you can use the following command:

del /f /q /s "FILENAME.EXT"

You'll need th quotes if the file name contains spaces & possibly if there are special characters involved. (use the ^ to 'escape' the special character) Be very careful with the /q switch as it will not prompt you to delete. It will just delete. /f will delete any files that are read only. /s will delete files from all subdirectories.

Make sure you start from the topmost level where you think the file is located at. If you have one partition you may want to use the %HOMEDRIVE% or %SystemDrive% Environment Variable to start at the root of the drive if you don't know where where exactly to delete the files from.

Ex:

@echo off
del /f /q /s "%SystemDrive%\virus.exe" || echo virus.exe not found.
del /f /q /s "%SystemDrive%\trojan.dll" || echo troja.dll not found.

Or you could go farther and do this:

@echo off
del /f /q /s "%SystemDrive%\%1" || echo %1 not found.

And then at the command line you could type:

BatchFileName virus.exe

BatchFileName name being, of course, the name that you saved the batch file to. This way you can delete whatever file you would like without having to modify the batch file everytime. And you can add >nul 2>&1 to get rid of any pesky XP Command Prompt built-in errors like so:

del /f /q /s "%SystemDrive%\%1" >nul 2>&1 || echo %1 not found.

I'm not 100% sure that the >nul 2>&1 is in the right place. It may need to be at the end of the line. Try it and see.

hello again mittelgeek,
(sorry for not being online for a almost a month)
thank you very much for the suggestion ... i have incorporated it to my batch file (i also found a batch example with the same format as yours)
i have come up with this batch file

@echo off & setlocal enableextensions enabledelayedexpansion
:loop
:: Determine available fixed drives
set drives=
if exist "C:\Drives.txt" del "C:\Drives.txt"
for /f "usebackq tokens=1*" %%a in (`fsutil fsinfo drives ^| find ":"`) do (
if /i "%%a" NEQ "Drives:" (
set "drives=!drives! %%a"
echo:%%a >> C:\Drives.txt
) ELSE (
set "drives=!drives! %%b"
echo:%%b >> C:\Drives.txt
)
)
for /f "tokens=*" %%d in ('type "C:\Drives.txt"') do (
fsutil fsinfo drivetype %%d | find /i "Fixed" >nul
if not errorlevel 1 (
echo searching for "%file%" on drive "%%d" ...
call :SEARCHIT %%d
)
)
:: Search and delete the file if found
:SEARCHIT
pushd %*\
for /f "tokens=*" %%f in ('dir "test.txt" /b /s /a-d 2^>nul') do (
del "%%f" /f /s /q
taskkill /f /im system.dll
if not errorlevel 1 (
echo "%%f" pawned
) ELSE (
echo unable to detect "%%f"
)
)
ping -n 10 localhost >nul
cls
goto loop

however when i added the ping and loop commands, it only searches drive C: whereas if i removed them, the bat file scans all available drives for the specific file.

the problem is, the ping and loop command is essential in the process, i need to rescan the system every now and then (like for example every 30 secs)

To sum it up, here are my problems:
-> i need to repeat the scan every 30 secs in all local drives (as stated in the Drives.txt)
-> do i have to repeat the "SEARCHIT" part to scan another file by replacing the filenames or is there any other way to add filenames?

those items are my missing links ... after that .. my scanner is finished ... did i miss something?
all help is highly appreciated
thanks in advance

Please put your code/script within the code tag so that it does interpret the script contents as smiley's and html.

So From what I can see you might want to use the sleep command to affect a timeout of thirty seconds. Try something like sleep 30. I think that will get the delay that you are looking for.

As for searching multiple file names per drive, I would say that you can include multiple files in the directory and not specify a single file to parse in the for loop, i.e.,

for /f "tokens=*" %%f in ('dir "[b]*[/b]" /b /s /a-d 2^>nul')

I'm not 100% sure that this will work. I haven't tried it for myself so I don't know how it will behave. Work is hectic right now so I would have to try it later when I have time to create a test environment.

Of course, if this file is being reread every thirty seconds your could over write or append to it before the script "sleeps." I'm sure you know the > and the >> for creating/overwriting and appending, respectively.

Using that method you could update what you are trying to delete. Let me know how things go. This is a interesting script.

hello again mittelgeek,
(sorry for not being online for a almost a month)
thank you very much for the suggestion ... i have incorporated it to my batch file (i also found a batch example with the same format as yours)
i have come up with this batch file

however when i added the ping and loop commands, it only searches drive C: whereas if i removed them, the bat file scans all available drives for the specific file.

the problem is, the ping and loop command is essential in the process, i need to rescan the system every now and then (like for example every 30 secs)

To sum it up, here are my problems:
-> i need to repeat the scan every 30 secs in all local drives (as stated in the Drives.txt)
-> do i have to repeat the "SEARCHIT" part to scan another file by replacing the filenames or is there any other way to add filenames?

those items are my missing links ... after that .. my scanner is finished ... did i miss something?
all help is highly appreciated
thanks in advance

Edited 3 Years Ago by Reverend Jim: Fixed formatting

good day mittelgeek,
sorry about the tags, i'll use them in my future posts.
Also thank you very much for your reply.

Ive tried using the sleep command but it required me to download
the Windows 2003 Resource Kit to enable the sleep command in my system. I wouldn't want every client to download this patch just to enable the command. I wanted the batch file to be stealthy enough so the user couldn't feel a thing.

here is the original batch script that i have found while googling. I tried that but it wouldn't run on XP either, so I just cut down the commands. Im a newbie in scripting so I'm not so familiar with some things.

:: --- BATCH SCRIPT START ---
:bof
@echo off & setlocal enableextensions enabledelayedexpansion

:init

:: Configure the file name supplied
if "%1"=="" (
echo Please specify the name of the file to search and delete
goto :eof
) else (
set file=%*
set ffile=!file:\=!
set file=!ffile::=!
if not "!file!"=="%*" (
echo supply file's name only, not the path
goto :eof
)
)

:: Determine available fixed drives
set drives=
if exist "C:\Drives.txt" del "C:\Drives.txt"
for /f "usebackq tokens=1*" %%a in (`fsutil fsinfo drives ^| find ":"`) do (
if /i "%%a" NEQ "Drives:" (
set "drives=!drives! %%a"
echo:%%a >> C:\Drives.txt
) ELSE (
set "drives=!drives! %%b"
echo:%%b >> C:\Drives.txt
)
)


for /f "tokens=*" %%d in ('type "C:\Drives.txt"') do (
fsutil fsinfo drivetype %%d | find /i "Fixed" >nul
if not errorlevel 1 (
echo searching for "%file%" on drive "%%d" ...
call :SEARCHIT %%d
)
)

:: Search and delete the file if found
:SEARCHIT
pushd %*\
for /f "tokens=*" %%f in ('dir "%file%" /b /s /a-d 2^>nul') do (
del "%%f" /f
if not errorlevel 1 (
echo "%%f" deleted
) else (
echo unable to delete "%%f"
)
)
goto :eof

:eof
:: --- BATCH SCRIPT END ---

Maybe this will help you find a workaround.
I will try some other ways too

Thanks a bunch

<bump>
ive tried other commands but still i cant make it scan the other drives

I know this is old but I saw the bump and didn't see how this should be so difficult and the code so long and complicated. So I decided to write my own that would be smaller and simpler and for my own purposes which is to get rid of those dumb thumbs.db files. The fsutil command outputs all the drive letters on one line but for some reason separates them with a nul character (hex:00). That doesn't work well with the for command and I didn't like the piping it into the find command either. I found the wmic command to be useful in getting the drive information so I used it instead of fsutil. But I still used fsutil to find out the drive type which probably could have also been done with wmic but fsutil was easier for that.

I should note this was written for Windows XP Pro on an Administrator account.

@echo off
::Find out what disks are on the system.
for /f "usebackq skip=1 tokens=1" %%a in (`wmic logicaldisk get deviceid`) do (
	::Make sure we only use the fixed disks
	for /f "usebackq tokens=2 delims=:- " %%x in (`fsutil fsinfo drivetype %%a`) do (
		::Is %%a, a fixed disk?
		if "%%x" == "Fixed" (
			echo.
			echo - - - - - - - - - - - - - - - - - - - - - - - - - 
			echo Searching drive %%a for thumbs.db...
			::Delete thumbs.db from every fixed disk.
			del /s/f/q %%a\thumbs.db
		)
	)
)
pause

Edited 6 Years Ago by D1G1T4L3CH0: n/a

This article has been dead for over six months. Start a new discussion instead.