Deploying a MS Hotfix VIA RM APPAGENT

[Jamo]

We have recently been hit by a fairly minor USB stick virus which turned out to be SHeuR2.MHX. I have created a batch file for the virus removal and I have been able to run it on the affected machines. The problem now is that our AV RM Virus Protect 4 (or to normal people Symantec Corp) doesn't pick it up, either on the USB stick or on the host machine, this means reinfection from a USB stick is highly likely and we will be back to square 1 very quickly.

I have come across KB971029 which disables the autorun functionality on all but optical media meaning that even an infected USB cannot be used to infect the networked machines. The hotfix comes as an exe file which I haven't ever packaged up before.

Code:

[General]
Name=KB971029
Version=v1.0.0.0
 
[Package]
Description=Windows XP SP2 Security Update KB925486
Version=1.0.0.0
OS=5.1.2WS
ExeFile=KB971029.exe
UninstallExeFile=c:\windows\$NTUninstallKB971029$\Spuninst\spuninst.exe
Addcommand= /passive /quiet /norestart
UninstallCommand= /passive /quiet /norestart
reboots=1

Do I need anything else in the .ini file the accompanies the exe file? Also can you add custom packages to the tools folder rather than the applications? Apologies if these are silly questions!

Many Thanks

[ajs]

Looks OK to me, although shouldn't the description entry say KB971029 rather than KB925486?

Other than that, copy the folder into Tools, update Package List and you should be able to assign it :-)

[Jamo]

O dear! Yes it should it has been copied and pasted from another package and I edited it! Obviously unsuccessfully!!

Thanks for your help

[Arthur]

I did the same thing a while ago and my INI file looks like this...

Code:

[Package]
Description=Windows XP Security Update KB971029
Version=1.0.0.0
OS=5.1.2WS,5.1.3WS
ExeFile=WindowsXP-KB971029-x86-ENU.exe
UninstallExeFile=C:\Windows\$NTUninstallKB971029$\Spuninst\spuninst.exe
Addcommand= /passive /quiet /norestart
UninstallCommand= /passive /quiet /norestart
reboots=1

Like you, we had an autorun-style virus that RMVP4 didn't detect, so I logged a call with RM and they submitted it to Symantec on our behalf, since they have an enterprise support agreement with them. A day or so after we did this, I found VP4 detected the virus.