Page 1 of 1

How to show properly a balloontip ?

Posted: Thu Apr 21, 2016 4:01 pm
by hackoo
I'm writing a cleaner for some known virus key like ( "vbs" ,"vbe" ,"wsf", "a3x", "VBScript.Encode" ) from the registry.

I want to add a BalloonTip in powershell with this script but, there is something wrong !

I don't know how to remove the icon from the taskbar to show the progress scan ?

This is a draft. It is not yet optimized !
  1. @echo off
  2. Title Hackoo Virus Cleaner to delete virus key from registry by Hackoo 2016
  3. Color 1A & Mode con cols=80 lines=8
  4. Set Pattern="\.vbs"^
  5. ^ "\.vbe"^
  6. ^ "\.wsf"^
  7. ^ "\.a3x"^
  8. ^ "VBScript.Encode"^
  9. ^ "\winlogon\.bat"
  10.  
  11. Set Key="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"^
  12. ^ "HKCU\Software\Microsoft\Windows\CurrentVersion\Run"^
  13. ^ "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"^
  14. ^ "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options"
  15.  
  16. For %%P in (%Pattern%) Do (
  17.         For %%K in (%Key%) Do (    
  18.             Cls
  19.             echo(
  20.             echo(
  21.             Echo         ***************************** Scan *****************************
  22.             echo             %%K
  23.             Echo         ****************************************************************
  24.             Call :PS_Sub 'Warning' 10 '" Please wait... "' "' Scan is in progress.... %%K'" 'Warning'
  25.             Call :Delete_Virus_Key %%K %%P "%TmpLogFile%"
  26.         )
  27. )
  28. exit /b
  29. ::*************************************************************************
  30. :Delete_Virus_Key <Key> <Pattern> <LogFile>
  31. Setlocal enabledelayedexpansion
  32. for /f "delims=REG_SZ" %%I in (
  33.     'reg query "%~1" /s^|findstr /ic:"%~2"'
  34.     )   Do  (
  35.                 If %ErrorLevel% NEQ 1 (
  36.                     Set KeyName="%%~I"
  37.                     (
  38.                         Call:Trim !keyName!
  39.                         Title Deleting Run key: !keyName!
  40.                         echo Deleting Run key: !keyName!
  41.                         echo reg delete "%~1" /v !keyName! /f
  42.                         echo(
  43.                         echo *****************************
  44.                         echo reg delete "%~1" /v "!keyName!" /f
  45.                         echo *****************************
  46.                         echo(
  47.                     )>>"%~3"
  48.                    rem Call :PS_Sub 'Warning' 100 '"!KeyName!"' "'Delete !KeyName!'" 'Warning'
  49.                 ) else (
  50.                     Set KeyName="%%~I"
  51.                     Call:Trim !keyName!
  52.                     Title Deleting Run key: !keyName!
  53.                     echo Deleting Run key: !keyName!
  54.                     echo reg delete "%~1" /v !keyName! /f
  55.                     echo(
  56.                     echo *****************************
  57.                     echo reg delete "%~1" /v "!keyName!" /f
  58.                     echo *****************************
  59.                     echo(
  60.                 )>>"%~3"
  61.             )      
  62. )
  63. EndLocal
  64. Exit /b
  65. ::*************************************************************************
  66. :Trim <String>
  67. (
  68.     echo Wscript.echo Trim("%~1"^)
  69. )>"%tmp%\%~n0.vbs"
  70. for /f "delims=" %%a in ('Cscript /nologo "%tmp%\%~n0.vbs"') do (
  71.     set "KeyName=%%a"
  72. )
  73. exit /b
  74. ::**************************************************************************
  75. :PS_Sub $notifyicon $time $title $text $icon
  76. PowerShell  ^
  77.   [reflection.assembly]::loadwithpartialname('System.Windows.Forms') ^| Out-Null; ^
  78.   [reflection.assembly]::loadwithpartialname('System.Drawing') ^| Out-Null; ^
  79.   $notify = new-object system.windows.forms.notifyicon; ^
  80.   $notify.icon = [System.Drawing.SystemIcons]::%1; ^
  81.   $notify.visible = $true; ^
  82.   $notify.showballoontip(%2,%3,%4,%5)
  83. %End PowerShell%
  84. exit /B
  85. ::*************************************************************************
So to simplify my issue, we focus just on this function :

What should i add here to get rid the notifyicon from the taskbar ?
  1. ::**************************************************************************
  2. :PS_Sub $notifyicon $time $title $text $icon
  3. PowerShell  ^
  4.   [reflection.assembly]::loadwithpartialname('System.Windows.Forms') ^| Out-Null; ^
  5.   [reflection.assembly]::loadwithpartialname('System.Drawing') ^| Out-Null; ^
  6.   $notify = new-object system.windows.forms.notifyicon; ^
  7.   $notify.icon = [System.Drawing.SystemIcons]::%1; ^
  8.   $notify.visible = $true; ^
  9.   $notify.showballoontip(%2,%3,%4,%5)
  10. %End PowerShell%
  11. exit /B
  12. ::*************************************************************************

Re: How to show properly a balloontip ?

Posted: Thu Apr 21, 2016 4:11 pm
by jvierra
When PowerShell exits the icon will be removed.

Re: How to show properly a balloontip ?

Posted: Thu Apr 21, 2016 4:22 pm
by hackoo
jvierra wrote:When PowerShell exits the icon will be removed.
I saw this http://stackoverflow.com/questions/2179 ... powershell
so how to add this method .Dispose() in my code ?

Re: How to show properly a balloontip ?

Posted: Thu Apr 21, 2016 4:53 pm
by jvierra
When PowerShell exits the balloon tip will be disposed.

Re: How to show properly a balloontip ?

Posted: Thu Apr 21, 2016 5:04 pm
by jvierra
If you are just looking to turn it on and off then just set the "Visible" property to false.

Re: How to show properly a balloontip ?

Posted: Thu Apr 21, 2016 5:09 pm
by jvierra
Do the following at a prompt to see how it works:

.
  1. Add-Type -Assembly System.Windows.Forms
  2. $notify = new-object system.windows.forms.notifyicon
  3. $notify.icon = [System.Drawing.SystemIcons]::Exclamation
  4. $notify.visible = $true
  5.  
  6. # now just type the following
  7. #  $notify.visible = $false

Re: How to show properly a balloontip ?

Posted: Thu Apr 21, 2016 5:18 pm
by hackoo
I think i need to pause for a while and use the method .Dispose like that :
  1. ::**************************************************************************
  2. :PS_Sub $notifyicon $time $title $text $icon
  3. PowerShell  ^
  4.   [reflection.assembly]::loadwithpartialname('System.Windows.Forms') ^| Out-Null; ^
  5.   [reflection.assembly]::loadwithpartialname('System.Drawing') ^| Out-Null; ^
  6.   $notify = new-object system.windows.forms.notifyicon; ^
  7.   $notify.icon = [System.Drawing.SystemIcons]::%1; ^
  8.   $notify.visible = $true; ^
  9.   $notify.showballoontip(%2,%3,%4,%5); ^
  10.   Start-Sleep -s 5; ^
  11.   $notify.Dispose()
  12. %End PowerShell%
  13. exit /B
  14. ::*************************************************************************
So what do you think ?