The Avenger
Command Reference
Files to move:
The "Files to move:" command directive moves files from a source path to a destination path, backing up and then overwriting any existing destination files.
How do I use it?
The source and destination paths should be separated by a pipe | symbol. Whitespace is ignored. "Files to move:" can be used as a generic renaming routine.
When do I use it?
I see three main uses for this command:
When you want to move a malicious file to a specific location. This basically amounts to the same command as "Files to delete:", except that you can redirect the backup operation to a location of your choice. Not hugely useful, I admit.
When you want to overwrite a malicious file with a legitimate one. For example, you might want to replace a virus-infected copy of an important Windows file with a clean copy from the Windows installation folder.
When you want to rename a malicious file. This is sometimes useful when malware has chosen a reserved filename to prevent deletion by Windows.
Anything else I should know?
This command cannot be used to move files from one drive or volume to another (for example, from C:\ to D:\ ).
Any special notes on syntax?
The "Files to move:" command will interpret environmental variables (%systemdrive%, %windir%, etc.) correctly in both the source and destination paths.
Example Usage
Files to move:
C:\WINDOWS\System32\SomeBadFile.dll | C:\renamed.dll
%windir%\bad.exe | %systemdrive%\bad.exe.bak
c:\documents and settings\file.exe | c:\backup\bad.extension