The Avenger

Command Reference

Files to move:

The "Files to move:" command directive moves files from a source path to a destination path, backing up and then overwriting any existing destination files.

How do I use it?

The source and destination paths should be separated by a pipe | symbol. Whitespace is ignored. "Files to move:" can be used as a generic renaming routine.

When do I use it?

I see three main uses for this command:

  1. When you want to move a malicious file to a specific location. This basically amounts to the same command as "Files to delete:", except that you can redirect the backup operation to a location of your choice. Not hugely useful, I admit.

  2. When you want to overwrite a malicious file with a legitimate one. For example, you might want to replace a virus-infected copy of an important Windows file with a clean copy from the Windows installation folder.

  3. When you want to rename a malicious file. This is sometimes useful when malware has chosen a reserved filename to prevent deletion by Windows.

Anything else I should know?

This command cannot be used to move files from one drive or volume to another (for example, from C:\ to D:\ ).

Any special notes on syntax?

  • The "Files to move:" command will interpret environmental variables (%systemdrive%, %windir%, etc.) correctly in both the source and destination paths.

Example Usage

Files to move:
C:\WINDOWS\System32\SomeBadFile.dll | C:\renamed.dll
%windir%\bad.exe | %systemdrive%\bad.exe.bak
c:\documents and settings\file.exe | c:\backup\bad.extension

FarCry - Mollio