sak Posted April 24, 2011 Share Posted April 24, 2011 (edited) My Script design: For checked virus process at Run in registry. expandcollapse popup#AutoIt3Wrapper_au3check_parameters=-d -w 1 -w 2 -w 3 -w 4 -w 5 -w 6 #NoTrayIcon #include <GuiEdit.au3> #include <ButtonConstants.au3> #include <EditConstants.au3> #include <GUIConstantsEx.au3> #include <WindowsConstants.au3> #Include <File.au3> Opt("MustDeclareVars", 1) Global $hForm, $hEdit, $Button1, $Button2, $title = 'RegVirScan [Hkey Run]' Global $nMsg, $i, $REV, $RR, $Button3, $PID, $starttitle = 'Scanning...', $endtitle = 'Scan completed.' Global $titlemessage = 'Scanning Again. Open log. See message file.log on the desktop.' Global $iconfile = @ScriptDir&'\scan.ico', $readreg, $Button_clear Global $hkeynum = 'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run' Global $hkeyread = 'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run' Global $chklog = 'Can not found File.log' Main() Func Main() $hForm = GUICreate($title, 510, 314, -1, -1) GUISetIcon($iconfile, -1, $hForm) $hEdit = GUICtrlCreateEdit("", 8, 8, 493, 257) $Button1 = GUICtrlCreateButton("Scan", 16, 280, 75, 25, $WS_GROUP) GUICtrlSetCursor(-1, 0) $Button2 = GUICtrlCreateButton("Open log", 405, 280, 75, 25, $WS_GROUP) GUICtrlSetCursor(-1, 0) $Button_clear = GUICtrlCreateButton("Clear", 320, 280, 75, 25, $WS_GROUP) GUICtrlSetCursor(-1, 0) GUICtrlCreateLabel("Design by:sak20102005", 150, 283, 118, 17) GUICtrlSetState(-1, $GUI_DISABLE) GUISetState(@SW_SHOW) _GUICtrlEdit_SetReadOnly($hEdit, True) While 1 $nMsg = GUIGetMsg() Switch $nMsg Case $GUI_EVENT_CLOSE If WinGetTitle($titlemessage) Then For $x = 255 To 0 Step -1 WinSetTrans($titlemessage, "", $x) Sleep(0.9) Next Exit Else ExitLoop EndIf Case $Button1 If GUICtrlRead($hEdit) <> '' Then WinSetTitle($titlemessage,"", $starttitle) $PID = ProcessExists("notepad.exe") If $PID Then ProcessClose($PID) WinSetTitle($title,"", $starttitle) If _GUICtrlEdit_GetText($hEdit) <> '' Then _GUICtrlEdit_SetText($hEdit, '') For $i = 1 to 100 $REV = RegEnumVal($hkeynum, $i) $RR = RegRead($hkeyread, $REV) If @error <> 0 Then ExitLoop _GUICtrlEdit_AppendText($hEdit, @CRLF & 'Value name:'& $REV&@CRLF &'Value data:' & $RR&@CRLF) Sleep(500) Next WinSetTitle($starttitle, "", $endtitle) _FileWriteLog(@DesktopDir & "\RegVirScan.log", _GUICtrlEdit_GetText($hEdit)) Sleep(2000) WinSetTitle($endtitle, "", $titlemessage) Case $Button2 If FileExists(@DesktopDir & "\RegVirScan.log") Then ShellExecute(@DesktopDir & "\RegVirScan.log") Else MsgBox(0, "", $chklog) EndIf Case $Button_clear If GUICtrlRead($hEdit) <> '' Then GUICtrlSetData($hEdit, "") EndSwitch WEnd EndFunc Edited April 24, 2011 by sak Link to comment Share on other sites More sharing options...
JohnOne Posted April 24, 2011 Share Posted April 24, 2011 Havent you AutoIt Absolute Beginners Require a serial Pause Script Video Tutorials by Morthawt ipify Monkey's are, like, natures humans. Link to comment Share on other sites More sharing options...
Manko Posted April 24, 2011 Share Posted April 24, 2011 Won't show you virus... just a list of whats in "localuserrun". Too limited... + Description invites "False Positives"...This is better attempt... Keep working! /Manko Yes i rush things! (I sorta do small bursts inbetween doing nothing.) Things I have rushed and reRushed:* ProDLLer - Process manager - Unload viri modules (dll) and moore...* _WinAPI_ProcessListOWNER_WTS() - Get Processes owner list...* _WinAPI_GetCommandLineFromPID() - Get commandline of target process...* _WinAPI_ThreadsnProcesses() Much info if expanded - optional Indented "Parent/Child"-style Processlist. Moore to come... eventually... Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now