Jump to content

Stop adware and spyware in its tracks


Recommended Posts

Here it is.

; AutoIt Version: 3.0
; Language:       English
; Platform:       Win98 2nd edition, Win XP and May work on other windows
;In order to work under Windows NT 4.0, requires the file 
;PSAPI.DLL (included in the AutoIt installation directory).
; Author:         Quick_sliver007
; Script Name: Process Blocker
; version: 1.0
; Script Function:
;   To Block unwanted processes like spyware and adware
; Known Bugs : After $msg = $Button_Block, The user is no
;longer about to enteract with the script, but it does what it is suppose to do.
#include <GuiConstants.au3>

$GUI = GuiCreate("Process Blocker", 565, 409,(@DesktopWidth-565)/2, (@DesktopHeight-409)/2 , $WS_OVERLAPPEDWINDOW + $WS_VISIBLE + $WS_CLIPSIBLINGS)
$Block_List_view = GUICtrlCreateListView("Block", 340, 30, 220, 370)
$Label_Process = GuiCtrlCreateLabel("Process List", 10, 10, 220, 20)
$Label_Block = GuiCtrlCreateLabel("Block List", 340, 10, 220, 20)
$Label_Add = GuiCtrlCreateLabel("Add To Block List", 240, 30, 90, 20)
$Button_Add = GuiCtrlCreateButton("-------->", 240, 50, 90, 30)
$Button_Delete = GuiCtrlCreateButton("<--------", 240, 130, 90, 30)
$Label_Delete = GuiCtrlCreateLabel("Delete From List", 240, 110, 90, 20)
$Button_Reset = GuiCtrlCreateButton("Reset", 240, 270, 90, 50)
$Button_Block= GuiCtrlCreateButton("Block", 240, 190, 90, 50)
$Button_Exit = GuiCtrlCreateButton("Exit", 240, 350, 90, 50)
;---------------------------------------


$Process_List_View = GUICtrlCreateListView ("Processes", 1, 30, 220, 370)
func _processlist()
$Process= ProcessList ()
For $i= 1 to $Process[0][0]
$items= GUICtrlCreateListViewItem ($Process[$i][0], $Process_List_View)
next
EndFunc
_processlist()
;------------------

GUISetState()
While 1
    Dim $msg = GuiGetMsg()
    Select
    Case $msg = $GUI_EVENT_CLOSE
        ExitLoop
    Case $msg = $Button_Add
        GUICtrlCreateListViewItem (GUICtrlRead(GUICtrlRead($Process_List_View)),$Block_List_view)
        Dim $LVM_DELETEITEM, $b,$ItemCount2
        $LVM_DELETEITEM = 0x1008
        $ItemCount2 = ControlListView("Process Blocker","",$Process_List_View,"GetItemCount")
        For $b = 0 To $ItemCount2 - 1
        If ControlListView("Process Blocker","",$Process_List_View,"IsSelected",$b) Then 
        GuiCtrlSendMsg($Process_List_View, $LVM_DELETEITEM,$b,0)
        $b = $b - 1
        EndIf
        Next
         
        
        
        
    Case $msg = $button_Delete
        GUICtrlCreateListViewItem (GUICtrlRead(GUICtrlRead($Block_List_view)),$Process_List_View)
        Dim $LVM_DELETEITEM, $b,$ItemCount
        $LVM_DELETEITEM = 0x1008
        $ItemCount = ControlListView("Process Blocker","",$Block_List_view,"GetItemCount")
        For $b = 0 To $ItemCount - 1
        If ControlListView("Process Blocker","",$Block_List_view,"IsSelected",$b) Then 
        GuiCtrlSendMsg($Block_List_view, $LVM_DELETEITEM,$b,0)
        $b = $b - 1
        EndIf
        Next
    Case $msg = $Button_Block
        GUISetState(@SW_HIDE,$GUI)
        Dim $count_items, $Get_text, $b
       While 1
       Dim $count_items, $Get_text, $b
       
            $count_items = ControlListView("Process Blocker","",$Block_List_view,"GetItemCount")
            For $b = 0 To $count_items - 1
            $Get_text = ControlListView("Process Blocker","",$Block_List_view,"GetText",$b)
            ProcessClose($Get_text)
            Next
        WEnd
        
    Case $msg = $button_Reset
        Do
        Dim $LVM_DELETEITEM, $b,$ItemCount2
        $LVM_DELETEITEM = 0x1008
        $ItemCount2 = ControlListView("Process Blocker","",$Process_List_View,"GetItemCount")
        For $b = 0 To $ItemCount2 - 1
            GuiCtrlSendMsg($Process_List_View, $LVM_DELETEITEM,$b,0)
        Next
        Until $ItemCount2 = 0
        _processlist()
  ;;;;;;;;;;;;;;;;;;;;;
        Do
        Dim $LVM_DELETEITEM, $b,$ItemCount
        $LVM_DELETEITEM = 0x1008
        $ItemCount = ControlListView("Process Blocker","",$Block_List_view,"GetItemCount")
        For $b = 0 To $ItemCount - 1
        GuiCtrlSendMsg($Block_List_view, $LVM_DELETEITEM,$b,0)
        Next
        Until $ItemCount = 0
    Case $msg = $button_Exit
        Exit
        
        
    EndSelect
WEnd
Exit

I still got to figure out how to make it break this loop

Case $msg = $Button_Block
        GUISetState(@SW_HIDE,$GUI)
        Dim $count_items, $Get_text, $b
       While 1
       Dim $count_items, $Get_text, $b
       
            $count_items = ControlListView("Process Blocker","",$Block_List_view,"GetItemCount")
            For $b = 0 To $count_items - 1
            $Get_text = ControlListView("Process Blocker","",$Block_List_view,"GetText",$b)
            ProcessClose($Get_text)
            Next
        WEnd

Other then that it works just fine. Give it a spin, open notepad, calculator and what other programs you want to test it on. You will see that you will not be able to open those programs at all if they are one the block list. I was trying to use a HotKeySet to break that loop and GUISetState(@SW_SHOW,$GUI). Feel to write back your thoughts.

**EDIT** SCROLL DOWN FOR VERSION 1.1

**EDIT** SCROLL DOWN FOR VERSION 1.2

**EDIT** SCROLL DOWN FOR VERSION 1.3

Edited by quick_sliver007

.

Link to comment
Share on other sites

Hm I think you hve coe across something new for sure here.

I jsut tired this against a virus scanner that is known to be completely resistant to being shut down. Even the guys that make trojan hunter cant shut it down with thier super process killer testing toolkit.

Well your script here will kill the virus scanner.

Not sure how but it really does a job on it.

This does give me a good idea though for known spyware. I wonder how big of a lsit this could be used with before it would seriously effect system performance?

Link to comment
Share on other sites

Hm I think you hve coe across something new for sure here.

I jsut tired this against a virus scanner that is known to be completely resistant to being shut down. Even the guys that make trojan hunter cant shut it down with thier super process killer testing toolkit.

Well your script here will kill the virus scanner.

Not sure how but it really does a job on it.

This does give me a good idea though for known spyware. I wonder how big of a lsit this could be used with before it would seriously effect system performance?

<{POST_SNAPBACK}>

I used a loop that closes the processes on the block list again and again and so on.

I guess I did a better job then I thought with my first program worth note. Thank you for the High remarks. I just wish I could figure out a way to break out of that loop useing a hot key, so as to be able to stop the program with out closeing it from the tray.

As for how many processes can it block at on time before it slows down the system to much; I don't think anyone would be able to open the script on a system that needs that many processes to be blocked.

Thank you for the reply.

Edited by quick_sliver007

.

Link to comment
Share on other sites

This will let you exit the loop with escape key:

; AutoIt Version: 3.0
; Language:    English
; Platform:    Win98 2nd edition, Win XP and May work on other windows
;In order to work under Windows NT 4.0, requires the file 
;PSAPI.DLL (included in the AutoIt installation directory).
; Author:        Quick_sliver007
; Script Name: Process Blocker
; version: 1.0
; Script Function:
;   To Block unwanted processes like spyware and adware
; Known Bugs : After $msg = $Button_Block, The user is no
;longer about to enteract with the script, but it does what it is suppose to do.
#include <GuiConstants.au3>

$GUI = GuiCreate("Process Blocker", 565, 409,(@DesktopWidth-565)/2, (@DesktopHeight-409)/2 , $WS_OVERLAPPEDWINDOW + $WS_VISIBLE + $WS_CLIPSIBLINGS)
$Block_List_view = GUICtrlCreateListView("Block", 340, 30, 220, 370)
$Label_Process = GuiCtrlCreateLabel("Process List", 10, 10, 220, 20)
$Label_Block = GuiCtrlCreateLabel("Block List", 340, 10, 220, 20)
$Label_Add = GuiCtrlCreateLabel("Add To Block List", 240, 30, 90, 20)
$Button_Add = GuiCtrlCreateButton("-------->", 240, 50, 90, 30)
$Button_Delete = GuiCtrlCreateButton("<--------", 240, 130, 90, 30)
$Label_Delete = GuiCtrlCreateLabel("Delete From List", 240, 110, 90, 20)
$Button_Reset = GuiCtrlCreateButton("Reset", 240, 270, 90, 50)
$Button_Block= GuiCtrlCreateButton("Block", 240, 190, 90, 50)
$Button_Exit = GuiCtrlCreateButton("Exit", 240, 350, 90, 50)
Global $break = 0
;---------------------------------------


$Process_List_View = GUICtrlCreateListView ("Processes", 1, 30, 220, 370)
func _processlist()
$Process= ProcessList ()
For $i= 1 to $Process[0][0]
$items= GUICtrlCreateListViewItem ($Process[$i][0], $Process_List_View)
next
EndFunc

Func _break()
  $break = 1
EndFunc

_processlist()
;------------------

GUISetState()
While 1
    Dim $msg = GuiGetMsg()
    Select
    Case $msg = $GUI_EVENT_CLOSE
        ExitLoop
    Case $msg = $Button_Add
        GUICtrlCreateListViewItem (GUICtrlRead(GUICtrlRead($Process_List_View)),$Block_List_view)
        Dim $LVM_DELETEITEM, $b,$ItemCount2
        $LVM_DELETEITEM = 0x1008
        $ItemCount2 = ControlListView("Process Blocker","",$Process_List_View,"GetItemCount")
        For $b = 0 To $ItemCount2 - 1
        If ControlListView("Process Blocker","",$Process_List_View,"IsSelected",$b) Then 
        GuiCtrlSendMsg($Process_List_View, $LVM_DELETEITEM,$b,0)
        $b = $b - 1
        EndIf
        Next
         
        
        
        
    Case $msg = $button_Delete
        GUICtrlCreateListViewItem (GUICtrlRead(GUICtrlRead($Block_List_view)),$Process_List_View)
        Dim $LVM_DELETEITEM, $b,$ItemCount
        $LVM_DELETEITEM = 0x1008
        $ItemCount = ControlListView("Process Blocker","",$Block_List_view,"GetItemCount")
        For $b = 0 To $ItemCount - 1
        If ControlListView("Process Blocker","",$Block_List_view,"IsSelected",$b) Then 
        GuiCtrlSendMsg($Block_List_view, $LVM_DELETEITEM,$b,0)
        $b = $b - 1
        EndIf
        Next
    Case $msg = $Button_Block
        GUISetState(@SW_HIDE,$GUI)
        Dim $count_items, $Get_text, $b
       HotkeySet("{ESC}", "_break")
       While 1
       Dim $count_items, $Get_text, $b
       
            $count_items = ControlListView("Process Blocker","",$Block_List_view,"GetItemCount")
            For $b = 0 To $count_items - 1
            $Get_text = ControlListView("Process Blocker","",$Block_List_view,"GetText",$b)
            ProcessClose($Get_text)
            Next
        If $break = 1 Then
          HotkeySet("{ESC}")
          $break = 0
          GUISetState(@SW_SHOW,$GUI)
          ExitLoop
        EndIf
        WEnd
        
    Case $msg = $button_Reset
        Do
        Dim $LVM_DELETEITEM, $b,$ItemCount2
        $LVM_DELETEITEM = 0x1008
        $ItemCount2 = ControlListView("Process Blocker","",$Process_List_View,"GetItemCount")
        For $b = 0 To $ItemCount2 - 1
            GuiCtrlSendMsg($Process_List_View, $LVM_DELETEITEM,$b,0)
        Next
        Until $ItemCount2 = 0
        _processlist()
  ;;;;;;;;;;;;;;;;;;;;;
        Do
        Dim $LVM_DELETEITEM, $b,$ItemCount
        $LVM_DELETEITEM = 0x1008
        $ItemCount = ControlListView("Process Blocker","",$Block_List_view,"GetItemCount")
        For $b = 0 To $ItemCount - 1
        GuiCtrlSendMsg($Block_List_view, $LVM_DELETEITEM,$b,0)
        Next
        Until $ItemCount = 0
    Case $msg = $button_Exit
        Exit
        
        
    EndSelect
WEnd
Exit
Link to comment
Share on other sites

This will let you exit the loop with escape key:

Thank you so much, works like a champ. Here is the v1.1 for download. I plan on adding a menu and a save list so that you don't have to select the programs every time you open the script. I may add a delete program funtion for those programs that have to be disabled and have its launcher(s) disabled inorder to be deleted.

**EDIT**

Scroll to Version 1.2 for download

Edited by quick_sliver007

.

Link to comment
Share on other sites

sweeeet program.

i have a little advise.

make it save the block list into a ini file or what ever.

and make it load again at the start

also add a kill button, to shutdown a process.

p.s. nice icon would be cool :)

*If u thought life couldn't get worse, u meet me *<guy> What would you give my little sister to unzip ?<friend> 10 bucks<guy> No, i mean like Winzip...
Link to comment
Share on other sites

sweeeet program.

i have a little advise.

make it save the block list into a ini file or what ever.

and make it load again at the start

also add a kill button, to shutdown a process.

p.s. nice icon would be cool :)

<{POST_SNAPBACK}>

Thank you for the high remark. I am planning on add the save part and the load save list at start up. A kill button sounds like it maybe a good ideal for people that want to do testing on a system. I am thinking of adding a run at startup up option in menu. That icon sounds like something I am will do last but a must do. Thank you for replying and hope this program goes to good use.

.

Link to comment
Share on other sites

sweeeet program.

i have a little advise.

make it save the block list into a ini file or what ever.

and make it load again at the start

also add a kill button, to shutdown a process.

p.s. nice icon would be cool :D

<{POST_SNAPBACK}>

*did i hear anyone talk about an icon?*

Tell me what you need, and i'll serve you, mastah :)

~WhOOt

Link to comment
Share on other sites

*did i hear anyone talk about an icon?*

Tell me what you need, and i'll serve you, mastah  :)

~WhOOt

<{POST_SNAPBACK}>

How about the words "Process Blocker" wrapped around a circle. Or anything else you would find suiting for this program as long as it is not copyrighted because I plan on putting it on download.com.

.

Link to comment
Share on other sites

Cool...maybe someone can implement my code into this also. I previously made a script that notifies the user when a stray process is running. It reads in an .ini file if it exists. Try it out.

#include <GUIConstants.au3>
#include <Array.au3>

GUICreate("ProcessChecker1.1", 250,60, @DesktopWidth/2-160, @DesktopHeight/2, -1)
$label = GUICtrlCreateLabel ("",  10, 5,200,15)
$kill = GUICtrlCreateButton ("Kill", 10,  30, 50, 20)
$add = GUICtrlCreateButton ("Add", 90,  30, 50, 20)
$ignore = GUICtrlCreateButton ("Ignore", 170,  30, 50, 20)

dim $proc_array[1]
$file = FileOpen("ProcessChecker.ini", 0)

; Check if file opened for reading OK
If $file = -1 Then
    MsgBox(0, "Error", "Creating new ProcessChecker.ini file.")
    $proc_array[0]="Checker1.1.exe"
    IniWrite ( "ProcessChecker.ini", "TIME", "delay", 5000 )
    $time=5000
EndIf

; Read in lines of text until the EOF is reached
If $file <> -1 Then
    $count=0
    While 1
        $line = FileReadLine($file)
        If @error = -1 Then ExitLoop
        If $count>0 Then
            $split_string=StringSplit ( $line, "=" )
            redim $proc_array[$count]
            $proc_array[$count-1] = $split_string[1]
        EndIf
        $count=$count + 1
    Wend
    FileClose($file)
    $time=IniRead ( "ProcessChecker.ini", "TIME", "delay", 5000 )

EndIf

_ArraySort($proc_array)
$previous_win_title = "ProcessChecker1.1"

While 1
    $processes = ProcessList()
    Sleep(1)
    For $i = 1 To $processes[0][0]
        $result = _ArrayBinarySearch($proc_array,$processes[$i][0])
        Sleep(1)
        If $result == "" Then
            GUICtrlSetData($label,"stray PID = " & $processes[$i][1])
            WinSetTitle($previous_win_title,"",$processes[$i][0])
            $previous_win_title = $processes[$i][0]
            GuiSetState()
            $msg=0
            While $msg <> 1
                $msg = GUIGetMsg()
                Select
                    Case $msg = $kill
                        ProcessClose ( $processes[$i][1] )
                        $msg=1
                    Case $msg = $add
                        IniWrite("ProcessChecker.ini","ALLOW",$processes[$i][0],$processes[$i][0])
                          redim $proc_array[UBound($proc_array)+1]
                        $proc_array[UBound($proc_array)-1] = $processes[$i][0]
                        _ArraySort($proc_array)
                        $msg=1
                    Case $msg = $ignore
                        redim $proc_array[UBound($proc_array)+1]
                        $proc_array[UBound($proc_array)-1] = $processes[$i][0]
                        _ArraySort($proc_array)
                        $msg=1
                EndSelect
            Wend
            GUISetState(@SW_HIDE)
            ExitLoop
        EndIf
    Next
    Sleep($time)
Wend
Link to comment
Share on other sites

Cool...maybe someone can implement my code into this also.  I previously made a script that notifies the user when a stray process is running.  It reads in an .ini file if it exists.  Try it out.

#include <GUIConstants.au3>
#include <Array.au3>

GUICreate("ProcessChecker1.1", 250,60, @DesktopWidth/2-160, @DesktopHeight/2, -1)
$label = GUICtrlCreateLabel ("",  10, 5,200,15)
$kill = GUICtrlCreateButton ("Kill", 10,  30, 50, 20)
$add = GUICtrlCreateButton ("Add", 90,  30, 50, 20)
$ignore = GUICtrlCreateButton ("Ignore", 170,  30, 50, 20)

dim $proc_array[1]
$file = FileOpen("ProcessChecker.ini", 0)

; Check if file opened for reading OK
If $file = -1 Then
    MsgBox(0, "Error", "Creating new ProcessChecker.ini file.")
    $proc_array[0]="Checker1.1.exe"
    IniWrite ( "ProcessChecker.ini", "TIME", "delay", 5000 )
    $time=5000
EndIf

; Read in lines of text until the EOF is reached
If $file <> -1 Then
    $count=0
    While 1
        $line = FileReadLine($file)
        If @error = -1 Then ExitLoop
        If $count>0 Then
            $split_string=StringSplit ( $line, "=" )
            redim $proc_array[$count]
            $proc_array[$count-1] = $split_string[1]
        EndIf
        $count=$count + 1
    Wend
    FileClose($file)
    $time=IniRead ( "ProcessChecker.ini", "TIME", "delay", 5000 )

EndIf

_ArraySort($proc_array)
$previous_win_title = "ProcessChecker1.1"

While 1
    $processes = ProcessList()
    Sleep(1)
    For $i = 1 To $processes[0][0]
        $result = _ArrayBinarySearch($proc_array,$processes[$i][0])
        Sleep(1)
        If $result == "" Then
            GUICtrlSetData($label,"stray PID = " & $processes[$i][1])
            WinSetTitle($previous_win_title,"",$processes[$i][0])
            $previous_win_title = $processes[$i][0]
               GuiSetState()
               $msg=0
               While $msg <> 1
                   $msg = GUIGetMsg()
                   Select
                       Case $msg = $kill
                           ProcessClose ( $processes[$i][1] )
                           $msg=1
                       Case $msg = $add
                           IniWrite("ProcessChecker.ini","ALLOW",$processes[$i][0],$processes[$i][0])
                           redim $proc_array[UBound($proc_array)+1]
                           $proc_array[UBound($proc_array)-1] = $processes[$i][0]
                           _ArraySort($proc_array)
                        $msg=1
                       Case $msg = $ignore
                              redim $proc_array[UBound($proc_array)+1]
                           $proc_array[UBound($proc_array)-1] = $processes[$i][0]
                           _ArraySort($proc_array)
                        $msg=1
                EndSelect
               Wend
               GUISetState(@SW_HIDE)
               ExitLoop
        EndIf
    Next
    Sleep($time)
Wend

<{POST_SNAPBACK}>

Thank you for the reply and the script. I looked at it and I have a question about it. How do you know if the stray pid is unwanted. I have not messed around with your script but I think there might be a way to get the name of the program name with $processes[0][$i] instead of $processes[$i][0] and line it up with the pid . The only thing I am not to sure about is how fast the pids change or if that even matters.

.

Link to comment
Share on other sites

We should create a database of known spyware process names and have it autodetect some spyware

[font="Times"] If anyone remembers me, I am back. Maybe to stay, maybe not.----------------------------------------------------------------------------------------------------------[/font][font="Times"]Things I am proud of: Pong! in AutoIt | SearchbarMy website: F.R.I.E.S.A little website that is trying to get started: http://thepiratelounge.net/ (not mine)[/font][font="Times"] ----------------------------------------------------------------------------------------------------------[/font][font="Arial"]The newbies need to stop stealing avatars!!! It is confusing!![/font]

Link to comment
Share on other sites

For my script, you don't know if the stray process is unwanted.  You would have to look it up on google or figure out if should be running by some other means.  It is mainly just a script that flags new processes.

<{POST_SNAPBACK}>

In that case I believe it would be better used as a trigger.

.

Link to comment
Share on other sites

We should create a database of known spyware process names and have it autodetect some spyware

<{POST_SNAPBACK}>

I had that thought before, I just never followed though on it. I believe that a list could be found, maybe on google or in the system files of adware removers and virus scanners. I have not done much work on the script the past few days due to lack of sleep. And now I am moving, so I don't know how long until I get to add this in if I do. I am content with the script as it is except that it need to be cleaned up. I do how ever want to add ;a preset list of known viruses, a preset list of known adware, a preset list of known spy ware, options to use these lists, a save list, a load list, an icon, a set priority level selector to process blocker, a block process then delete process and a few more things

.

Link to comment
Share on other sites

Script updated to V1.2

Added menu

Added save function in menu

Added load function in menu

Added donate button that takes you to my Paypal (Thank you Ejoc

for that function) Feel Free To Donate, Evey Dollar Counts

Cleaned up script

**EDIT**

GO TO VERSION 1.3

Edited by quick_sliver007

.

Link to comment
Share on other sites

Here is version 1.3

<{POST_SNAPBACK}>

Suggestions:

- add a TrayTip when a blocked item is blocked / killed

- use something other than ESC method to get back to the GUI, because that interferes with other programs

- accept a command line load parameter (for the block list) so someone can put a shortcut to Process_Blocker.exe into their startup group (i.e. no GUI interaction, just start blocking)

- allow block list load from HTTP / FTP (which would allow centralized list of disapproved apps to block for a company, for example)

- optionally disallow changing block list if list is centrally managed

Keep up the good work.

Cheers.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...