sak Posted April 24, 2011 Posted April 24, 2011 (edited) My Script design: For checked virus process at Run in registry. expandcollapse popup#AutoIt3Wrapper_au3check_parameters=-d -w 1 -w 2 -w 3 -w 4 -w 5 -w 6 #NoTrayIcon #include <GuiEdit.au3> #include <ButtonConstants.au3> #include <EditConstants.au3> #include <GUIConstantsEx.au3> #include <WindowsConstants.au3> #Include <File.au3> Opt("MustDeclareVars", 1) Global $hForm, $hEdit, $Button1, $Button2, $title = 'RegVirScan [Hkey Run]' Global $nMsg, $i, $REV, $RR, $Button3, $PID, $starttitle = 'Scanning...', $endtitle = 'Scan completed.' Global $titlemessage = 'Scanning Again. Open log. See message file.log on the desktop.' Global $iconfile = @ScriptDir&'\scan.ico', $readreg, $Button_clear Global $hkeynum = 'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run' Global $hkeyread = 'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run' Global $chklog = 'Can not found File.log' Main() Func Main() $hForm = GUICreate($title, 510, 314, -1, -1) GUISetIcon($iconfile, -1, $hForm) $hEdit = GUICtrlCreateEdit("", 8, 8, 493, 257) $Button1 = GUICtrlCreateButton("Scan", 16, 280, 75, 25, $WS_GROUP) GUICtrlSetCursor(-1, 0) $Button2 = GUICtrlCreateButton("Open log", 405, 280, 75, 25, $WS_GROUP) GUICtrlSetCursor(-1, 0) $Button_clear = GUICtrlCreateButton("Clear", 320, 280, 75, 25, $WS_GROUP) GUICtrlSetCursor(-1, 0) GUICtrlCreateLabel("Design by:sak20102005", 150, 283, 118, 17) GUICtrlSetState(-1, $GUI_DISABLE) GUISetState(@SW_SHOW) _GUICtrlEdit_SetReadOnly($hEdit, True) While 1 $nMsg = GUIGetMsg() Switch $nMsg Case $GUI_EVENT_CLOSE If WinGetTitle($titlemessage) Then For $x = 255 To 0 Step -1 WinSetTrans($titlemessage, "", $x) Sleep(0.9) Next Exit Else ExitLoop EndIf Case $Button1 If GUICtrlRead($hEdit) <> '' Then WinSetTitle($titlemessage,"", $starttitle) $PID = ProcessExists("notepad.exe") If $PID Then ProcessClose($PID) WinSetTitle($title,"", $starttitle) If _GUICtrlEdit_GetText($hEdit) <> '' Then _GUICtrlEdit_SetText($hEdit, '') For $i = 1 to 100 $REV = RegEnumVal($hkeynum, $i) $RR = RegRead($hkeyread, $REV) If @error <> 0 Then ExitLoop _GUICtrlEdit_AppendText($hEdit, @CRLF & 'Value name:'& $REV&@CRLF &'Value data:' & $RR&@CRLF) Sleep(500) Next WinSetTitle($starttitle, "", $endtitle) _FileWriteLog(@DesktopDir & "\RegVirScan.log", _GUICtrlEdit_GetText($hEdit)) Sleep(2000) WinSetTitle($endtitle, "", $titlemessage) Case $Button2 If FileExists(@DesktopDir & "\RegVirScan.log") Then ShellExecute(@DesktopDir & "\RegVirScan.log") Else MsgBox(0, "", $chklog) EndIf Case $Button_clear If GUICtrlRead($hEdit) <> '' Then GUICtrlSetData($hEdit, "") EndSwitch WEnd EndFunc Edited April 24, 2011 by sak
JohnOne Posted April 24, 2011 Posted April 24, 2011 Havent you AutoIt Absolute Beginners Require a serial Pause Script Video Tutorials by Morthawt ipify Monkey's are, like, natures humans.
Manko Posted April 24, 2011 Posted April 24, 2011 Won't show you virus... just a list of whats in "localuserrun". Too limited... + Description invites "False Positives"...This is better attempt... Keep working! /Manko Yes i rush things! (I sorta do small bursts inbetween doing nothing.) Things I have rushed and reRushed:* ProDLLer - Process manager - Unload viri modules (dll) and moore...* _WinAPI_ProcessListOWNER_WTS() - Get Processes owner list...* _WinAPI_GetCommandLineFromPID() - Get commandline of target process...* _WinAPI_ThreadsnProcesses() Much info if expanded - optional Indented "Parent/Child"-style Processlist. Moore to come... eventually...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now