I made my personal project with AMS that used for killing virus activities in memory manually. After that, I delete virus files manually, and then I repair my registry manually too :D

I include with my project an alternative tool of Windows Task Manager named IceSword to terminate virus activities in memory process
('coz Win Task Manager has been disabled by the virus, and any other tools which have similiar functions with it always minimized or closed
directly by the virus when I try to execute them, except IceSword).


Here my problems:

- I want to terminate IceSword when i close my program,
So i use lua script which contains few lines of codes to
terminate IceSword and i put it on On Click event (close button).

Everything works for other programs when i execute this script,
all of the programs which i include with my project, closed directly.

But nothing happened with IceSword :huh

- i try to terminate IceSword with Window.EnumerateProcesses and
Window.Close OR with System.EnumerateProcesses
and System.TerminateProcess (as few examples in AMS Help or
from this forum), but once more, nothing happened with IceSword.

- i could not use Window.EnumerateTitles because IceSword always
changes its window title randomly.


So... mmmpffh..... Any suggestions..? Thanks a lot to read and answer my post.

And sorry for my English... i hope you're all not confuse with my sentences ;)

Regards,
SiRAY

-------------------------------------------------------------------------------------------------------------

Note:
IceSword is a powerful tool to terminate everything in memory
even you're not logged on as an administrator. And many other functions
which u can use as an alternative tools of Windows Tools, such as Registry Editor, Win32 Services,
or to deleting and copying files.

-------------------------------------------------------------------------------------------------------------
I didn't included IceSword with my uploaded project below 'coz its about 2 mb. But you can try IceSword here:

http://pjf.blogcn.com
OR
http://mail.ustc.edu.cn/~jfpan/download/IceSword122en.zip

hiks....
anyone...?

please help... i need to solve this problem... gracias...

I really don't get why people are trying to make anything with AMS. This is a very nice tool - sure, but it isn't aimed to do just anything. For some things, it would be better to write the code in a software development environment and to have a very small and efficient executable as result, than to have to use plugins and additional overhead while trying to achieve the same thing using AutoPlay Media Studio.

Of course, it might be possible to make what you want. As you already stated, this IceSword software thingy changes the title of the application, and tries to obfuscate itself changing the class name of the main window as well on every run. So instead of searching for the main window or class, you will have to search for a matching child window, and once found, kill the parent.

The thing is, this application was written in Delphi, and you may end terminating other applications which run at the same time, making use of the same class "AfxMDIFrame42s" used for some child windows. So be advised that there may be collateral damage if you chose to close the parent of the window - it may not be Ice Sword at all. It might be even AMS itself. So you should include addional tests, once you found a matching window, to see if it satisfies some additional pattern you are looking for before closing it.

The application will find the parent window, and allow you to send a windows message to gracefully close the application. It will answer this request with a "Are you sure?" confirmation dialog, which will have to be dismissed before the application can close. Unfortunately, the application ignores the request to terminate completely, so have have to stick with this graceful shutdown.

So once you have found the application, and send the message to close gracefully, you will have to dismiss the confirmation dialog as well, sending a message to it to be closed as if the "Yes" button was clicked. Unfortunately, the current state of the WindowEx plugin doesn't allow to send specific messages to a window, so you can't simulate a keypress or a mouseclick through software yet. Maybe this will be done some day in the future, or some other plugin becomes available.

You find the application, up to the point described above, attached to this post. You can work from here, and make sure that you don't close the wrong windows.

Ulrich

finally.... :o

Thanks for your explanation, upeters / Ulrich. Great answer :yes:yes:yes
I already try another tools which have same functions with IceSword, but the virus can detect and then closed or minimized them directly.

So, i put IceSword and some codes in my ams project to kill virus processes because it cannot be closed or minimized by the virus, and so do I :D

The only thing that i can do now is close IceSword by procedural action, click "Exit Button":D or when i close my project, it will warn me that IceSword is still running, so i can close IceSword manually.

Gracias;)