2

I've obtained a batch file from the internet:

@for /f "tokens=5 delims= " %%i in ('netstat -ano -p tcp ^| find "127.0.0.1"') do Taskkill /F /PID %%i

This kills the Ultrasurf process, however, what I would like to do is have it check for this same process and then shutdown if present.

I have tried the following:

@for /f "tokens=5 delims= " %%i in ('netstat -ano -p tcp ^| find "127.0.0.1"') do shutdown /s

This issues a shutdown command whether the process is running or not. I need it to execute only if present. Any help would be appreciated.

Nate Hekman
  • 6,121
  • 24
  • 30
user2296353
  • 21
  • 2

1 Answers1

1

Your batch file does not kill Ultrasurf, it kills all processes on the local host which have open tcp ports.

If you run resource monitor you will see that a lot of services have open tcp ports for RPC Servers. Hence the modified script executes a immediate shutdown since the for command finds at-least 1 match.

Modifying one of the answers to this question

tasklist /FI "IMAGENAME eq ultrasurf.exe" 2>NUL | find /I /N "ultrasurf.exe">NUL
if "%ERRORLEVEL%"=="0" shutdown /s /f

Warning: untested code

Community
  • 1
  • 1
indeterminately sequenced
  • 606
  • 6
  • 17
  • Thanks for the suggestion. This does work, however, the process name for Ultrasurf changes with each version (u1207.exe, u1210.exe, etc.) Furthermore, anyone clever enough to simply rename the EXE would also be able to circumvent this code. – user2296353 Apr 19 '13 at 13:39
  • If the process name is guaranteed to have some fixed prefix or suffix you could try to match using that substring. As far as renaming the exe is concerned I am afraid you can't do anything about it. Measures against renaming exe's will be along the lines of: 1> Do not give users administrative privileges. 2> Set up restrictive group policies etc. Neither of them can stop determined users, especially software engineers :-|. – indeterminately sequenced Apr 19 '13 at 19:16