This is a simple COMMAND file that cleans all temp files on a remote PC. I have used this numerous times to clean up infected PC's (It cleans APP DATA where most infections sit)
I wrapped the CMD in a EXE that prompts for the IP address or PC name.
Always run unknown programs on a test machine before using on live PC's. Test this on a stand along PC or private test network. For stand alone PC you can type "localhost" to test the local pc if you want.
_________________________________________________________________________________________________________________________
Program Details:
The program extract to %temp% so you can look at the contents there if you want. There will be two files PSEXEC.exe + alltempclean.cmd + Remote_AllUsersTemp_Clean.cmd
Remote_AllUsersTemp_Clean.cmd - Copies "alltempclean.cmd" to the "c:\windows\temp" on the machine you specified. It then runs that cmd using PSEXEC which does a cleanup of all temps files on the PC.
Goal:
Initially this was just to clean up older machines but I found this actually helped in virus removal as it cleared out temp locations when the little bugs hide. Not saying this will do a virus cleaning but it has worked for me in getting rid of infected files. Still use a AV to verify its clean.
_________________________________________________________________________________________________________________________
*** I did not pay for code signing ($179 per year) so your AV will complain this is a "Unknown Publisher" ***
ALSO FIND BELOW THE SOURCE CODE ALONG WITH FILES REQUIRED TO COMPLETE EXE.
(FOR THOSE WHO ARE WORRIED ABOUT IT)
Download: Remote Temp File Cleaner
I wrapped the CMD in a EXE that prompts for the IP address or PC name.
Always run unknown programs on a test machine before using on live PC's. Test this on a stand along PC or private test network. For stand alone PC you can type "localhost" to test the local pc if you want.
_________________________________________________________________________________________________________________________
Program Details:
The program extract to %temp% so you can look at the contents there if you want. There will be two files PSEXEC.exe + alltempclean.cmd + Remote_AllUsersTemp_Clean.cmd
Remote_AllUsersTemp_Clean.cmd - Copies "alltempclean.cmd" to the "c:\windows\temp" on the machine you specified. It then runs that cmd using PSEXEC which does a cleanup of all temps files on the PC.
Goal:
Initially this was just to clean up older machines but I found this actually helped in virus removal as it cleared out temp locations when the little bugs hide. Not saying this will do a virus cleaning but it has worked for me in getting rid of infected files. Still use a AV to verify its clean.
_________________________________________________________________________________________________________________________
*** I did not pay for code signing ($179 per year) so your AV will complain this is a "Unknown Publisher" ***
ALSO FIND BELOW THE SOURCE CODE ALONG WITH FILES REQUIRED TO COMPLETE EXE.
(FOR THOSE WHO ARE WORRIED ABOUT IT)
Download: Remote Temp File Cleaner
ALLUSERS TEMP CLEANER: SOURCE CODE (FILES LINK)
@echo off
title All Users Temp Cleaner 2.1
For %%I IN (A B C D E F G H I J K L M N O P Q R S T U V W X Y Z) DO for /f "tokens=4,6*" %%k in ('vol %%I: 2^>nul^|find "drive"') do echo %%k - %%l %%m
echo.
SET DRVL=C
echo c | set /p DRVL=Enter a Drive Letter Only ( Example. C ):
set confd=n
set confdl=
echo n | set /p confd=Confirm Before Delete? (y/n)
if /i "%confd%"=="y" echo y&set conffile=/p
if /i "%confd%"=="n" set confdir=/q
set UFLD=Documents and Settings
if exist "%DRVL%:\Users" set UFLD=Users
if /i not "%systemdrive%"=="%DRVL%:" goto a
if not exist %Windir%\System32\wevtutil.exe goto sp
if /i "%confd%"=="y" set /p evend=Clear Event logs? (y/n):
if /i "%confd%"=="y" if /i not "%evend%"=="y" goto sp
:sp
if /i "%confd%"=="y" set /p spbk=Clear Service pack backup files? (y/n):
if /i "%confd%"=="y" if /i not "%spbk%"=="y" goto a
if exist %Windir%\System32\vsp1cln.exe vsp1cln.exe /quiet
if exist %Windir%\System32\compcln.exe compcln.exe /quiet
if exist %Windir%\System32\dism.exe dism.exe /online /cleanup-image /spsuperseded /hidesp
:a
(
echo %DRVL%:\pagefile.sys
echo %DRVL%:\hiberfil.sys
echo %DRVL%:\Windows\WindowsUpdate.log
)>%systemdrive%\$tmplistf.txt
(
dir /b /s "%DRVL%:\Windows\inf\setupapi*.log"
dir /b /s "%DRVL%:\Windows\Microsoft.NET\Framework\*.log"
)>>%systemdrive%\$tmplistf.txt
(
echo %DRVL%:\$Recycle.Bin
echo %DRVL%:\Recycler
echo %DRVL%:\Recycled
echo %DRVL%:\System Volume Information
echo %DRVL%:\Temp
echo %DRVL%:\ProgramData\Microsoft\Windows\WER
echo %DRVL%:\ProgramData\Microsoft\Windows Defender\Scans\History\Results
echo %DRVL%:\Windows\Prefetch
echo %DRVL%:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player\Art Cache
echo %DRVL%:\Windows\SoftwareDistribution\Download
echo %DRVL%:\Windows\SoftwareDistribution\DataStore\Logs
echo %DRVL%:\Windows\System32\spool\Printers
echo %DRVL%:\Windows\Temp
echo %DRVL%:\Windows\Logs
echo %DRVL%:\Windows\Debug
echo %DRVL%:\Windows\MiniDump
echo %DRVL%:\Windows\Security\Logs
echo %DRVL%:\Windows\System32\Wbem\Logs
)>%systemdrive%\$tmplistd.txt
for /F "tokens=* delims=" %%w in ('dir "%DRVL%:\Windows\$n*$" /A:D /b 2^>nul') do (
echo %DRVL%:\Windows\%%w>>%systemdrive%\$tmplistd.txt
)
for /F "tokens=* delims=" %%i in ('dir "%DRVL%:\%UFLD%" /A:D-H /b 2^>nul') do (
(
echo %DRVL%:\%UFLD%\%%i\AppData\Roaming\Adobe\Flash Player\AssetCache
echo %DRVL%:\%UFLD%\%%i\AppData\Roaming\Macromedia\Flash Player
echo %DRVL%:\%UFLD%\%%i\AppData\Roaming\Microsoft\Windows\Cookies
echo %DRVL%:\%UFLD%\%%i\AppData\Roaming\Microsoft\Windows\Recent
echo %DRVL%:\%UFLD%\%%i\AppData\LocalLow\Microsoft\CryptnetUrlCache
echo %DRVL%:\%UFLD%\%%i\AppData\LocalLow\Sun\Java\Deployment\cache
echo %DRVL%:\%UFLD%\%%i\AppData\LocalLow\Sun\Java\Deployment\SystemCache
echo %DRVL%:\%UFLD%\%%i\AppData\LocalLow\Sun\Java\Deployment\javaws\cache
echo %DRVL%:\%UFLD%\%%i\AppData\Local\Downloaded Installations
echo %DRVL%:\%UFLD%\%%i\AppData\Local\Google\Chrome\User Data\Default\Cache
echo %DRVL%:\%UFLD%\%%i\AppData\Local\Microsoft\Media Player
echo %DRVL%:\%UFLD%\%%i\AppData\Local\Microsoft\Messenger
echo %DRVL%:\%UFLD%\%%i\AppData\Local\Microsoft\Windows Live Contacts
echo %DRVL%:\%UFLD%\%%i\AppData\Local\Microsoft\Windows\Explorer
echo %DRVL%:\%UFLD%\%%i\AppData\Local\Microsoft\Windows\Temporary Internet Files
echo %DRVL%:\%UFLD%\%%i\AppData\Local\Mozilla\Firefox\Profiles
echo %DRVL%:\%UFLD%\%%i\AppData\Local\Temp
echo %DRVL%:\%UFLD%\%%i\AppData\Local\Microsoft\Windows\Burn
echo %DRVL%:\%UFLD%\%%i\Application Data\Sun\Java\Deployment\cache
echo %DRVL%:\%UFLD%\%%i\Application Data\Sun\Java\Deployment\SystemCache
echo %DRVL%:\%UFLD%\%%i\Application Data\Sun\Java\Deployment\javaws\cache
echo %DRVL%:\%UFLD%\%%i\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache
echo %DRVL%:\%UFLD%\%%i\Local Settings\Application Data\Mozilla\Firefox\Profiles
echo %DRVL%:\%UFLD%\%%i\Local Settings\Temp
echo %DRVL%:\%UFLD%\%%i\Local Settings\Temporary Internet Files
echo %DRVL%:\%UFLD%\%%i\Local Settings\Temp\History
echo %DRVL%:\%UFLD%\%%i\Local Settings\Temp\Temporary Internet Files
)>>%systemdrive%\$tmplistd.txt
(
dir /b /s "%DRVL%:\%UFLD%\%%i\AppData\Local\Microsoft\Windows Mail\edb*.log"
dir /b /s "%DRVL%:\%UFLD%\%%i\AppData\Local\Microsoft\Windows Mail\edb*.jrs"
echo "%DRVL%:\%UFLD%\%%i\AppData\Local\IconCache.db"
)>>%systemdrive%\$tmplistf.txt
)
echo.
echo Delete Confirmation
for /F "tokens=* delims=" %%j in (%systemdrive%\$tmplistf.txt) do (
if exist "%%j" echo Removing %%j &del /f /a %conffile% "%%j"
)
del %systemdrive%\$tmplistf.txt
for /F "tokens=* delims=" %%j in (%systemdrive%\$tmplistd.txt) do (
if exist "%%j" echo Removing Directory %%j &rmdir /s %confdir% "%%j"
)
del %systemdrive%\$tmplistd.txt
:y
echo.
echo Done.
pause>nul