Jump to content
Sign in to follow this  
Rizonetech

Rizone Malware Cleaner

Recommended Posts

Rizonetech

We developed a fully featured malware cleaner using AutoIT. If any portion of the code looks familiar, please let me know and I will give you full credit for it. I know the code is a little messy, and needs more work, but if you have suggestions, please post them. If you would like to help with the project, please let me know. Any good Anti-Malware solution needs many hands to be worth the download bandwith.

Screen:

Posted Image

Download: http://www.rizone3.com/doors/malware-cleaner

Source Download: http://www.rizone3.com/down/malclean/malclean-source.zip

#Region ;**** Directives created by AutoIt3Wrapper_GUI ****
#AutoIt3Wrapper_icon=Resources\malClean\malClean.ico
#AutoIt3Wrapper_Compression=4
#AutoIt3Wrapper_Res_Fileversion=1.8.9.1352
#AutoIt3Wrapper_Res_Fileversion_AutoIncrement=y
#AutoIt3Wrapper_Res_requestedExecutionLevel=requireAdministrator
#AutoIt3Wrapper_Res_Fileversion_AutoIncrement=y
#AutoIt3Wrapper_Res_LegalCopyright=Rizone Technologies
#AutoIt3Wrapper_Res_requestedExecutionLevel=highestAvailable
#AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\ScnPwr-00.ico
#AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\ScnPwr-01.ico
#AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\ScnPwr-02.ico
#AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\ScnPwr-03.ico
#AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\ScnPwr-04.ico
#AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\ScnPwr-05.ico
#AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\Infections.ico
#AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\Warnings.ico
#AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\0.ico
#AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\1.ico
#AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\2.ico
#AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\3.ico
#AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\4.ico
#AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\5.ico
#AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\6.ico
#AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\70.ico
#AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\71.ico
#AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\72.ico
#AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\73.ico
#AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\74.ico
#AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\75.ico
#AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\76.ico
#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****


Opt("TrayAutoPause", 0)
Opt("TrayMenuMode", 3)
Opt("TrayIconHide", 1)
Opt("GUICloseOnESC", 1)
Opt("GUIOnEventMode", 1)
Opt("MustDeclareVars", 1)


#include <WindowsConstants.au3>
#include <StaticConstants.au3>
#include <ButtonConstants.au3>
#include <GUIConstantsEx.au3>
#include <EditConstants.au3>
#Include <GuiImageList.au3>
#Include <GuiListView.au3>
#include <Process.au3>
#include <File.au3>
#Include <Date.au3>

#include <UDF\Hashing.au3>
#include <UDF\Win2000.au3>
#include <UDF\malCleanEx.au3>
#include <UDF\GuiListViewEx.au3>
#Include <UDF\WinAPIEx\WinAPIEx.au3>


HotKeySet('{Esc}', '_CloseMe')


;~ ----------------------------------------------------------------------------------------------------
;~ Settings
;~ ----------------------------------------------------------------------------------------------------
Global Const $title = "Rizone Malware Cleaner"
Global Const $version = FileGetVersion(@ScriptFullPath)
Global Const $SignaturesDb = @ScriptDir & "\db\Signatures.db3"
Global Const $TurboBase = @ScriptDir & "\db\TurboBase.db3"
Global Const $InFile = @ScriptDir & "\db\Infections.db3"
Global Const $WarnFile = @ScriptDir & "\db\Warnings.db3"
Global Const $lDir = @ScriptDir & "\logging\mClean"
Global Const $lFileName = "~R" & @YEAR & @MON & @MDAY & @HOUR & @MIN & @SEC & ".log"
;~ ----------------------------------------------------------------------------------------------------


Global $malGUI, $picStatus, $miScanner, $miStopScan, $BtnScanGo, $BtnStopScan
Global $ScanIco, $lblScnHead, $lblScnPower, $cbScnPower, $ScnPowerIcon, $ScanProgess, $eScan, $BtnInfections
Global $lblDrives, $ComboDrives, $oHFile, $Heuristics, $chkHeur
Global $infGUI, $BtnInfRemove, $BtnInfQuarantine, $BtnInfSelAll, $BtnInfSelNone, $lblInfHead, $lvInfections
Global $InfProgress, $InfFileProgress, $eInInfo, $delOnReboot = 0
Global $BtnWarnings, $warnGUI, $lblWarnHead, $lvWarnings, $WarnCount = 0, $lblWarnings
Global $lblSigCount, $lblInfections, $lblDuration, $lOScanned, $lFiPSec, $lTScanned
Global $CancelScan = True, $SigDbCount = 0, $driveUsed = 0, $statTimer = 0, $FPSCount = 0, $FileCount = 0
Global $Scnd = 0, $TotalScanned = 0, $StartHour = 0, $StartMin = 0, $StartSec = 0, $ePower = 3, $InfCount = 0, $BlinkOn
Global $sTurboDB, $sSigDb


AdlibRegister( "_Process", 500)

_CompileLogFile("                                            ./", False)
_CompileLogFile("                                          (o o)", False)
_CompileLogFile("--------------------------------------oOOo-(_)-oOOo--------------------------------------", False)
_CompileLogFile($title & " " & $version, False)
_CompileLogFile("Database version: 1", False)
_CompileLogFile("OS: " & @OSVersion & " Build " & @OSBuild & " " & @OSServicePack, False)
_CompileLogFile("Architecture: " & @OSArch, False)
_CompileLogFile("Language: " & @OSLang, False)
_CompileLogFile("", False)
_CompileLogFile("-----------------------------------------------------------------------------------------", False)
_CompileLogFile("", False)
_CompileLogFile("Stopping malware from shutting down your computer")


_StopShutdown()
_loadSettings()
_mainInterface()


Func _Process()
    ; Empty the working set
    _WinAPI_EmptyWorkingSet()
EndFunc


Func _mainInterface()

    Local $mFile, $mSupport, $BtnClose

    $malGUI = GUICreate($title & " : " &$version, 760, 500, -1, -1, -1, $WS_EX_COMPOSITED)
    GuiSetFont(8.5, -1, -1, "Tahoma", 5)
    GUISetBkColor(0xFFFFFF, $malGUI)

    $picStatus = GUICtrlCreatePic(@ScriptDir & "\Contents\1100.bmp", 0, 0, 50, 520)

    $mFile = GUICtrlCreateMenu("&File")
    GuiCtrlCreateMenuItem("", $mFile)
    $miScanner = GuiCtrlCreateMenuItem("&Scanner", $mFile)
    $miStopScan = GuiCtrlCreateMenuItem("&Stop Scanning", $mFile)
    GuiCtrlCreateMenuItem("", $mFile)
    GuiCtrlSetState($miStopScan, $GUI_DISABLE)
    $mSupport = GUICtrlCreateMenu("&Support")

    $ScanIco = GUICtrlCreateIcon(@ScriptFullPath, 99, 70, 20, 64, 64)
    $lblScnHead = GUICtrlCreateLabel("Welcome", 170, 60, 400, 30, -1, $WS_EX_TRANSPARENT)
    GUICtrlSetFont($lblScnHead, 12, 400, 0, "Tahoma", 5)
    $lblScnPower = GuiCtrlCreateLabel("Scanner Power :", 250, 32, 120, 20, $SS_RIGHT)
    GUICtrlSetFont($lblScnPower, 11, 400, 0, "Tahoma", 5)
    $cbScnPower = GuiCtrlCreateCombo("" , 380, 30, 130, 30)
    GUICtrlSetData($cbScnPower, "Low|Below Normal|Normal|Above Normal|High|Realtime", "Normal")
    GUICtrlSetFont($cbScnPower, 10, 400, 0, "Tahoma", 5)
    GuiCtrlSetState($cbScnPower, $GUI_DISABLE)
    $ScnPowerIcon = GUICtrlCreateIcon(@ScriptFullPath, 201, 655, 20, 48, 48)
    GUICtrlCreateLabel( "Scan for spyware, adware, trojans, keyloggers, bots, worms and other malware. Select the drive you would " & _
                        "like to scan and press 'Scan Now'. Click on the Infections label to view detected infections.", 120, 90, 400, 50)
    GUICtrlSetFont(-1, 9, 400, 0, "Tahoma", 5)
    $ScanProgess = GUICtrlCreateProgress(70, 150, 500, 30)
    $eScan = GUICtrlCreateEdit("", 70, 185, 500, 50, $ES_READONLY)
    GuiCtrlSetFont($eScan, 8.5, -1, -1, "Courier New")
    GUICtrlSetColor($eScan, 0x606870)
    GUICtrlSetBkColor($eScan, 0xFFFFFF)
    GUICtrlSetCursor($eScan, 2)

    $lblDrives = GuiCtrlCreateLabel("Select drive:", 70, 253, 80, 15)
    GUICtrlSetFont($lblDrives, 10, 400, 0, "Tahoma", 5)
    $ComboDrives = GUICtrlCreateCombo("", 155, 250, 100, 20)
    GUICtrlSetFont($ComboDrives, 10, 400, 0, "Tahoma", 5)
    _GetDrives()

    $chkHeur = GUICtrlCreateCheckbox("Activate Heuristics", 70, 290, 200, 20)
    GUICtrlSetFont($chkHeur, 9, 400, 0, "Tahoma", 5)

    GUICtrlCreateGroup("", 350, 250, 220, 200)

    GuiCtrlCreateLabel("Signatures:", 360, 260, 100, 20)
    GUICtrlSetFont(-1, 10, 400, 0, "Tahoma", 5)
    $lblSigCount = GuiCtrlCreateLabel(0, 460, 260, 100, 20, $SS_RIGHT)
    GUICtrlSetFont(-1, 10, 400, 0, "Tahoma", 5)
    GUICtrlSetColor(-1, 0x008827)
    GuiCtrlCreateLabel("", 360, 280, 200, 1)
    GUICtrlSetBkColor(-1, 0xC9C9C9)

    GuiCtrlCreateLabel("Infections:", 360, 282, 100, 20)
    GUICtrlSetFont(-1, 10, 400, 0, "Tahoma", 5)
    $lblInfections = GuiCtrlCreateLabel(0, 460, 282, 100, 20, $SS_RIGHT)
    GUICtrlSetFont($lblInfections, 10, 400, 0, "Tahoma", 5)
    GuiCtrlSetColor($lblInfections, 0x008827)
    GuiCtrlCreateLabel("", 360, 302, 200, 1)
    GUICtrlSetBkColor(-1, 0xC9C9C9)

    GuiCtrlCreateLabel("Warnings:", 360, 304, 100, 20)
    GUICtrlSetFont(-1, 10, 400, 0, "Tahoma", 5)
    $lblWarnings = GuiCtrlCreateLabel(0, 460, 304, 100, 20, $SS_RIGHT)
    GUICtrlSetFont($lblWarnings, 10, 400, 0, "Tahoma", 5)
    GuiCtrlSetColor($lblWarnings, 0x008827)
    GuiCtrlCreateLabel("", 360, 324, 200, 1)
    GUICtrlSetBkColor(-1, 0xC9C9C9)

    GuiCtrlCreateLabel("Duration:", 360, 326, 100, 15)
    GUICtrlSetFont(-1, 10, 400, 0, "Tahoma", 5)
    $lblDuration = GuiCtrlCreateLabel("00:00:00", 460, 326, 100, 15, $SS_RIGHT)
    GUICtrlSetFont(-1, 10, 400, 0, "Tahoma", 5)
    GuiCtrlCreateLabel("", 360, 346, 200, 1)
    GUICtrlSetBkColor(-1, 0xC9C9C9)

    GuiCtrlCreateLabel("Scanned:", 360, 348, 100, 15)
    GUICtrlSetFont(-1, 10, 400, 0, "Tahoma", 5)
    $lOScanned = GuiCtrlCreateLabel("0", 460, 348, 100, 15, $SS_RIGHT)
    GUICtrlSetBkColor($lOScanned, $GUI_BKCOLOR_TRANSPARENT)
    GUICtrlSetFont($lOScanned, 10, 400, 0, 'Tahoma')
    GUICtrlSetColor($lOScanned, 0x000090)
    GuiCtrlCreateLabel("", 360, 368, 200, 1)
    GUICtrlSetBkColor(-1, 0xC9C9C9)

    GuiCtrlCreateLabel("Errors:", 360, 370, 100, 15)
    GUICtrlSetFont(-1, 10, 400, 0, "Tahoma", 5)
    GuiCtrlCreateLabel("", 360, 390, 200, 1)
    GUICtrlSetBkColor(-1, 0xC9C9C9)

    GuiCtrlCreateLabel("Files / sec:", 360, 392, 100, 15)
    GUICtrlSetFont(-1, 10, 400, 0, "Tahoma", 5)
    $lFiPSec = GuiCtrlCreateLabel("0", 460, 392, 100, 15, $SS_RIGHT)
    GUICtrlSetFont(-1, 10, 400, 0, "Tahoma", 5)
    GuiCtrlCreateLabel("", 360, 412, 200, 1)
    GUICtrlSetBkColor(-1, 0xC9C9C9)

    GuiCtrlCreateLabel("Total Scanned:", 360, 414, 100, 15)
    GUICtrlSetFont(-1, 10, 400, 0, "Tahoma", 5)
    $lTScanned = GuiCtrlCreateLabel($TotalScanned, 460, 414, 100, 15, $SS_RIGHT)
    GUICtrlSetBkColor($lTScanned, $GUI_BKCOLOR_TRANSPARENT)
    GUICtrlSetFont($lTScanned, 10, 400, 0, "Tahoma", 5)
    GUICtrlSetColor($lTScanned, 0x008827)

    GUICtrlCreateGroup("", -99, -99, 1, 1)  ;close group

    $BtnScanGo = GUICtrlCreateButton("Scan Now", 70, 420, 130, 40, 0)
    GUICtrlSetFont($BtnScanGo, 11, 400, 0, "Tahoma", 5)
    GuiCtrlSetState($BtnScanGo, $GUI_DISABLE)
    $BtnStopScan = GUICtrlCreateButton("Stop", 200, 420, 130, 40, 0)
    GUICtrlSetFont($BtnStopScan, 11, 400, 0, "Tahoma", 5)
    GuiCtrlSetState($BtnStopScan, $GUI_DISABLE)

    $BtnInfections = GUICtrlCreateButton("Infections (0)", 590, 100, 150, 35)
    GUICtrlSetFont($BtnInfections, 10, 400, 0, "Tahoma", 5)
    GuiCtrlSetState($BtnInfections, $GUI_DISABLE)
    $BtnWarnings = GUICtrlCreateButton("Warnings (0)", 590, 140, 150, 35)
    GUICtrlSetFont($BtnWarnings, 10, 400, 0, "Tahoma", 5)
    GuiCtrlSetState($BtnWarnings, $GUI_DISABLE)
    $BtnClose = GUICtrlCreateButton("Close", 590, 420, 150, 35)
    GUICtrlSetFont($BtnClose, 10, 400, 0, "Tahoma", 5)

    ProcessSetPriority(@ScriptName, 4)
    _SetProcessInfo()

    GUICtrlSetOnEvent($cbScnPower, "_SetScannerPower")
    GUICtrlSetOnEvent($BtnScanGo, "_startScanning")
    GUICtrlSetOnEvent($BtnInfections, "_InfectionsInterface")
    GUICtrlSetOnEvent($BtnWarnings, "_WarningsInterface")
    GUICtrlSetOnEvent($BtnClose, "_CloseMe")

    GUISetOnEvent($GUI_EVENT_CLOSE, "_Minimize2Tray")

    GUIRegisterMsg($WM_COMMAND, "MY_WM_COMMAND")

    TraySetClick("8")
    Local $TmShow = TrayCreateItem("Show Window")
    TrayCreateItem("")
    Local $TmClose = TrayCreateItem("Close")
    TrayItemSetState($TmShow, $GUI_DEFBUTTON)

    GUISetState(@SW_SHOW, $malGUI)

    _startProcessing()
    _checkIntegrity()
    _endProcessing()

    While 1
        Local $TRMsg = TrayGetMsg()
        Switch $TRMsg
            Case $TmShow
                _ShowWindow()
            Case $TmClose
                _CloseMe()
        EndSwitch
    WEnd

EndFunc


Func MY_WM_COMMAND($hWnd, $iMsg, $wParam, $lParam)

    Switch BitAND($wParam, 0xFFFF) ;LoWord = IDFrom
        Case $BtnStopScan
            Switch BitShift($wParam, 16) ;HiWord = Code
                Case $BN_CLICKED
                    If Not IsDeclared("iMsgReturn") Then Local $iMsgReturn
                    $iMsgReturn = MsgBox(36, $title, "Are you sure you want to terminate scanning?")
                    Select
                        Case $iMsgReturn = 6 ;Yes
                            $CancelScan = True
                            _CompileLogFile("Scanning terminated by user")
                        Case $iMsgReturn = 7 ;No
                            $CancelScan = False
                    EndSelect
            EndSwitch
    EndSwitch
    Return $GUI_RUNDEFMSG
EndFunc;==>WM_COMMAND


#Region "Initializing"


Func _loadSettings()

    $TotalScanned = IniRead(@ScriptDir & "\malClean.ini", "Statistics", "TotalScanned", 0)

EndFunc


Func _checkIntegrity()

    Local Const $Err001 = "ERROR: Could not find the virus definitions database. Database should be located at '" & $SignaturesDb & "'."
    Local Const $Err002 = "ERROR: Could not find any signatures inside the database. Database should at least contain more than one signature."

    If Not FileExists($SignaturesDb) Then
        _CompileLogFile($Err001)
        MsgBox(16, "Database error!", $Err001)
        _CloseOnError()
    Else
        GUICtrlSetData($eScan, "Counting signatures")
        _CompileLogFile("Counting signatures")
        $SigDbCount = _FileCountLines($SignaturesDb)
        If Not $SigDbCount > 1 Then
            _CompileLogFile($Err002)
            MsgBox(16, "Database error!", $Err002)
            _CloseOnError()
        Else
            _CompileLogFile("Signatures: " & $SigDbCount)
        EndIf
    EndIf

    GuiCtrlSetData($lblSigCount, $SigDbCount)

    GUICtrlSetData($eScan, "Looking for turbo signatures database @ [" & $TurboBase & "]")
    _CompileLogFile("Loading the turbo database")
    If Not FileExists($TurboBase) Then
        _CompileLogFile("ERROR: Could not find the turbo database. Database should be @ [" & $TurboBase & "].")
        If Not IsDeclared("iMsgReturn") Then Local $iMsgReturn
        $iMsgReturn = MsgBox(52, "Database error!", "The turbo database seems to be corrupt or missing. However, you can " & _
                                                    "compile a new one from the virus definitions database. Would you like to " & _
                                                    "compile a new database now?")
        Select
            Case $iMsgReturn = 6 ;Yes
                _CompileLogFile("Compiling turbo database")
                _generateTurboBase()
            Case $iMsgReturn = 7 ;No
                _CloseOnError()
        EndSelect
    EndIf

    If FileExists($InFile) Then $InfCount = _FileCountLines($InFile)
    If FileExists($WarnFile) Then $WarnCount = _FileCountLines($WarnFile)

    _UpdateInfectionStatus()
    _UpdateInfectionStatusImage()
    _UpdateWarningStatus()

EndFunc


Func _generateTurboBase()

    _startProcessing(1)

    GuiCtrlSetData($eScan, "")

    Local $iCount = 0, $compilePerc = 0
    Local $oSigDb = FileOpen($SignaturesDb, 0)

    Local $oTuBase = FileOpen($TurboBase, 1)


    While 1
        Local $BaseLine = FileReadLine($oSigDb)
        If @error = -1 Then ExitLoop
        FileWriteLine($oTuBase, StringLeft($BaseLine, 7) & @CRLF)
        $iCount += 1
        $compilePerc = Round($iCount / $SigDbCount * 100)
        _SetStatistics("Compiling database (" & $compilePerc & "%)", $compilePerc)
    WEnd

    FileClose($oSigDb)
    FileClose($oTuBase)
    ;_Busy_Close()

    _endProcessing()

EndFunc


Func _SetScannerPower()

    Switch GuiCtrlRead($cbScnPower)
        Case "Low"
            $ePower = 0
        Case "Below Normal"
            $ePower = 1
        Case "Normal"
            $ePower = 2
        Case "Above Normal"
            $ePower = 3
        Case "High"
            $ePower = 4
        Case "Realtime"
            $ePower = 5
    EndSwitch
    ProcessSetPriority(@ScriptName, $ePower)
    _SetProcessInfo()

EndFunc


Func _SetProcessInfo($PrName = @ScriptName)

    Local $iPID = ProcessExists($PrName) ;~ Will return the PID or 0 if the process isn't found.
    Local $ScnPrl = _ProcessGetPriority($iPID)
    For $p = 0 To 5
        If $p = $ScnPrl Then
            GUICtrlSetImage($ScnPowerIcon, @ScriptFullPath, 201 + $p)
        EndIf
    Next
    Switch $ScnPrl
        Case 0
            GuiCtrlSetData($cbScnPower, "Low")
        Case 1
            GuiCtrlSetData($cbScnPower, "Below Normal")
        Case 2
            GuiCtrlSetData($cbScnPower, "Normal")
        Case 3
            GuiCtrlSetData($cbScnPower, "Above Normal")
        Case 4
            GuiCtrlSetData($cbScnPower, "High")
        Case 5
            GuiCtrlSetData($cbScnPower, "Realtime")
        Case Else
            GuiCtrlSetData($cbScnPower, "Error")
    EndSwitch

EndFunc


Func _GetDrives()

    Local $aDrives = DriveGetDrive("ALL")
    If Not @error Then
        If $aDrives[0] > 0 Then
            For $i = 1 to $aDrives[0]
                If DriveStatus($aDrives[$i]) = "READY" Then
                    GUICtrlSetData($ComboDrives, StringUpper($aDrives[$i]) & "|", @HomeDrive)
                EndIf
            Next
        EndIf
    EndIf

EndFunc


#EndRegion ==> "Initializing"


Func _startProcessing($Flag = 0)

    GuiCtrlSetState($cbScnPower, $GUI_DISABLE)
    GuiCtrlSetState($ComboDrives, $GUI_DISABLE)
    GuiCtrlSetState($BtnScanGo, $GUI_DISABLE)
    If $CancelScan = False Then GuiCtrlSetState($BtnStopScan, $GUI_ENABLE)
    GuiCtrlSetState($BtnInfections, $GUI_DISABLE)
    GuiCtrlSetState($BtnWarnings, $GUI_DISABLE)

    Switch $Flag
        Case 0
            GUICtrlSetImage($ScanIco, @ScriptFullPath, 99)
        Case 1
            If FileExists(@ScriptDir & "\Contents\1001.ani") Then GUICtrlSetImage($ScanIco, @ScriptDir & "\Contents\1001.ani")
        Case 2
            If FileExists(@ScriptDir & "\Contents\1002.ani") Then GUICtrlSetImage($ScanIco, @ScriptDir & "\Contents\1002.ani")
        Case 3
            If FileExists(@ScriptDir & "\Contents\1003.ani") Then GUICtrlSetImage($ScanIco, @ScriptDir & "\Contents\1003.ani")
    EndSwitch

EndFunc


Func _endProcessing()

    GuiCtrlSetState($cbScnPower, $GUI_ENABLE)
    GuiCtrlSetState($ComboDrives, $GUI_ENABLE)
    GuiCtrlSetState($BtnScanGo, $GUI_ENABLE)
    GuiCtrlSetState($BtnInfections, $GUI_ENABLE)
    GuiCtrlSetState($BtnWarnings, $GUI_ENABLE)
    GuiCtrlSetState($BtnStopScan, $GUI_DISABLE)

    GUICtrlSetImage($ScanIco, @ScriptFullPath, 99)

    GuiCtrlSetData($lblScnHead, "Welcome")
    GuiCtrlSetData($ScanProgess, 0)
    GuiCtrlSetData($eScan, "")

    GuiCtrlSetState($miScanner, $GUI_ENABLE)
    GuiCtrlSetState($miStopScan, $GUI_DISABLE)

    ;If $CancelScan = True Then

    $DriveUsed = 0
    $Scnd = 0
    $StartHour = 0
    $StartMin = 0
    $StartSec = 0
    $FileCount = 0
    $FPSCount = 0

    GuiCtrlSetData($lFiPSec, 0)
    GUICtrlSetData($lblDuration, "00:00:00")
    GuiCtrlSetData($lOScanned, $FileCount)
    GuiCtrlSetData($lTScanned, $TotalScanned)

    ;EndIf

EndFunc


Func _SetStatistics($sHeading, $iProgress)

    If TimerDiff($statTimer) >= 1000 Then

        If $CancelScan = False Then
            $FPSCount += 1
            GuiCtrlSetData($lFiPSec, Round($FileCount / $FPSCount))
            GUICtrlSetData($lblDuration, _SetDuration())
            GuiCtrlSetData($lOScanned, $FileCount)
            GuiCtrlSetData($lTScanned, $TotalScanned)
        EndIf

        GuiCtrlSetData($lblScnHead, $sHeading)
        GuiCtrlSetData($ScanProgess, $iProgress)
        ;GuiCtrlSetData($eScan, $eValue)

        $statTimer = TimerInit()

    EndIf

EndFunc


Func _SetDuration()

    Local $sHour, $sMin, $sSec

    $StartSec += 1

    If $StartSec = 59 Then
        $StartSec = 0
        $StartMin += 1
    ElseIf $StartMin = 59 Then
        $StartMin = 0
        $StartHour +=1
    EndIf

    If StringLen($StartHour) < 2 Then
        $sHour = "0" & $StartHour
    Else
        $sHour = $StartHour
    EndIf

    If StringLen($StartMin) < 2 Then
        $sMin = "0" & $StartMin
    Else
        $sMin = $StartMin
    EndIf

    If StringLen($StartSec) < 2 Then
        $sSec = "0" & $StartSec
    Else
        $sSec = $StartSec
    EndIf

    Return $sHour & ":" & $sMin & ":" & $sSec

EndFunc


Func _startScanning()

    $CancelScan = False

    _CompileLogFile("Loading turbo database")
    If FileExists($TurboBase) Then
        $sTurboDB = FileRead($TurboBase)
        If @error = 1 Then _CompileLogFile("ERROR: Could not load turbo database @ [" & $TurboBase & "]")
    Else
        _CompileLogFile("ERROR: Could not find turbo database @ [" & $TurboBase & "]")

    EndIf

    GUICtrlSetData($eScan, "Loading virus definitions database, please wait...")
    $sSigDb = FileRead($SignaturesDb)

    _ScanProcesses()
    _CompileLogFile("Scanning [" & GUICtrlRead($ComboDrives) & "] for malware")
    _ScanCommonStartups()
    _ScanDrive(GUICtrlRead($ComboDrives))

EndFunc


#include <Heuristics.au3>
Func _Heuristics($sFileName)

    $oHFile = FileOpen($sFileName, 16384)
    If $oHFile = -1 Then
        ;_FileOpenError($sFileName)
        Return
    EndIf
    Local $aFile = FileRead($oHFile, 1024)
    FileClose($oHFile)

    $Heuristics = _LoadHeuristics()
    Local $HeurSplit = StringSplit($Heuristics, "©")

    For $i = 1 To $HeurSplit[0]
        If @error Then ExitLoop
        If StringInStr($aFile, $HeurSplit[$i], 2) Then
            _RecordInfections("HEUR.Malware", $HeurSplit[$i], 0, $sFileName)
            ;MsgBox(0, "Heuristics", $HeurSplit[$i])
        EndIf
    Next


EndFunc


Func _ScanCommonStartups()

    _startProcessing(2)

    Local $HKEY, $KEY, $SKEY, $SUB, $Result, $valueName, $value, $eReg = 1, $SC = "\Software\Microsoft\Windows\CurrentVersion"
    Local $UPDir = StringLeft(@UserProfileDir, StringInStr(@UserProfileDir, '\', 0, -1) - 1)
    Local $cSDb = FileRead(@ScriptDir & "\db\CommonStartups.db3"), $RegScPerc = 0

    If @OSArch = 'X86' Then
        $HKEY = StringSplit('HKEY_USERS|HKEY_CURRENT_USER|HKEY_LOCAL_MACHINE', '|')
    Else
        $HKEY = StringSplit('HKEY_USERS64|HKEY_CURRENT_USER64|HKEY_LOCAL_MACHINE64', '|')
    EndIf

    For $x = 1 To $HKEY[0]
        If $x = 1 Then
            $KEY = RegEnumKey($HKEY[$x], $eReg)
            If @error <> 0 Then
                $x = 1
                ContinueLoop
            EndIf
            $KEY = $HKEY[$x] & "\" & $KEY & $SC
            $eReg += 1
            $x = 0
        Else
            $KEY = $HKEY[$x] & $SC
        EndIf
        For $i = 1 To 1000
            $SUB = RegEnumKey($KEY, $i)
            If @error <> 0 Then ExitLoop
            If Not StringInStr($SUB, "Run") Then ContinueLoop
            $SKEY = $KEY & "\" & $SUB
            For $c = 1 To 1000
                $valueName = RegEnumVal($SKEY, $c)
                If @error <> 0 Then ExitLoop

                $FileCount += 1
                $TotalScanned += 1

                $value = StringStripWS(StringReplace(RegRead($SKEY, $valueName), '"', ''), 3)
                Local $aCSRes = StringRegExp($cSDb, _GetRegExpLiterals($value) & ".*", 1)
                If UBound($aCSRes) > 0 Then
                    Local $rLine = StringSplit($aCSRes[0], ";")
                    If $rLine[0] >= 3 Then
                        Local $SS = $SKEY & " --> " & $valueName & " --> " & $value
                        _RecordInfections(_CleanString($rLine[3], 3), $SS, _CleanString($rLine[2], 3), $SKEY)
                    EndIf
                EndIf
                If StringInStr($value, $UPDir) Then
                    _RecordWarning("UserProfileDir Startup", $SKEY & " --> " & $valueName)
                EndIf
            Next
            $value = ""
        Next
        $RegScPerc = (Round(($x / $HKEY[0]) * 100))
        _SetStatistics("Scanning Registry (" & $RegScPerc & "%)", $RegScPerc)
        GuiCtrlSetData($eScan, $HKEY[$x])
    Next

    If $CancelScan Then _endProcessing()

EndFunc


Func _CleanString($s2Clean, $Flag)

    $s2Clean = StringStripWS($s2Clean, $Flag)
    $s2Clean = StringStripCR($s2Clean)
    Return $s2Clean

EndFunc


Func _ScanProcesses()

    _startProcessing(1)

    Local $hToken, $aProcsList = 0, $procsID, $procsPath, $procsPerc

    ; Enable SeDebugPrivilege privilege for obtain full access rights to another processes
    $hToken = _WinAPI_OpenProcessToken(BitOR($TOKEN_ADJUST_PRIVILEGES, $TOKEN_QUERY))
    _WinAPI_AdjustTokenPrivileges($hToken, $SE_DEBUG_NAME, 1)

    ; Retrieve command-line arguments for all processes the system
    If Not (@error Or @extended) Then
        $aProcsList = ProcessList()
        For $x = 1 To $aProcsList[0][0]

            If $CancelScan = True Then ExitLoop

            $procsID = ProcessExists($aProcsList[$x][0])
            $procsPath = _WinAPI_GetProcessFileName($procsID)

            If FileExists($procsPath) Then

                $FileCount += 1
                $TotalScanned += 1

                _ScanFile($procsPath)
                $procsPerc = (Round(($x / $aProcsList[0][0]) * 100) & "%")
                _SetStatistics("Scanning processes (" & $procsPerc & ")", $procsPerc)
                GuiCtrlSetData($eScan, $aProcsList[$x][0] & " - [" & BinaryToString($procsPath) & "]")

            EndIf

        Next
    EndIf

    _WinAPI_AdjustTokenPrivileges($hToken, $SE_DEBUG_NAME, 2)
    _WinAPI_CloseHandle($hToken)

    If $CancelScan Then _endProcessing()

EndFunc


Func _ScanDrive($sDrive)

    If $CancelScan = False Then

        _startProcessing(3)

        If StringRight($sDrive, 1) = "\" Then $sDrive = StringTrimRight($sDrive, 1)
        $driveUsed = (((DriveSpaceTotal($sDrive) - DriveSpaceFree($sDrive)) * 1024) * 1024)

        FileChangeDir($sDrive)
        Local $DirList = FileFindFirstFile($sDrive & "\*.*")

        If Not _Scanner($DirList, $sDrive) Then

            FileClose($DirList)
            $sSigDb = ""
            _endProcessing()

            ;ProcessSetPriority(@ScriptName, $ePower)
            ;_SetProcessInfo()
            ;_StopScanning()

            Return

        EndIf

    EndIf

EndFunc


Func _Scanner($DirList, $DirSearch)

    Local $sFile, $SecSearch, $sSPrc, $Return

    While $CancelScan = False

        $sFile = FileFindNextFile($DirList)
        If @error Then ExitLoop

        $Return &= $DirSearch & "\" & $sFile

        $FileCount += 1
        $TotalScanned += 1

        $Scnd += FileGetSize($Return)
        $sSPrc = (Round(($Scnd * 100) / $driveUsed) & "%")
        If $sSPrc > 98 Then
            $sSPrc = 99
        EndIf
        _SetStatistics("Scanning (" & $sSPrc  & ")", $sSPrc)

        If StringInStr(FileGetAttrib($DirSearch & "\" & $sFile), "D") Then
            $SecSearch = FileFindFirstFile($DirSearch & "\" & $sFile & "\*.*")
            $Return &= _Scanner($SecSearch, $DirSearch & "\" & $sFile)
            FileClose($SecSearch)
        Else

            GuiCtrlSetData($eScan, $Return)
            _ScanFile($Return)
            ;If $SearchLocation = @ScriptDir & "\Quarantine" Then
                ;Return $Return
            ;Else
                ;_ScanFile($Return)
            ;EndIf
        EndIf

        $Return = ""

    WEnd

    FileClose($sFile)
    Return $Return

EndFunc


Func _ScanFile($FiName)

;~  Local $sEx = StringInStr(   "386;ADE;ADP;ADT;APP;AU3;ASP;BAS;BAT;BIN;BTM;CBT;CHM;CLA;CLASS;CMD;COM;CPL;CRT;CSC;CSS;DLL;" & _
;~                              "DOC;DOT;DRV;EML;EMAIL;EXE;FON;EXE;EZT;HLP;HTA;HTM;HTML;INF;INI;INS;ISP;JS;JSE;LIB;LNK;M;MDB;" & _
;~                              "MDE;MHT;MHTM;MHTML;MP3;MSO;MSC;MSI;MSP;MST;OBJ;OCX;PCD;PGM;PIF;PPT;PRC;REG;RTF;SCR;SCT;" & _
;~                              "SHB;SHS;SMM;SYS;URL;VB;VBE;VBS;VXD;WSC;WSF;WSH;ZIP", StringUpper(StringRight($FiName, 3)), 2)
;~  If $sEx > 0 Then

    If FileGetSize($FiName) < (1048576 * 50) Then

        Local $MD5 = _MD5ForFile($FiName)
        ;Local $MD5 = _CalculateMD5($FiName)

        If GUICtrlRead($chkHeur) =  $GUI_CHECKED Then _Heuristics($FiName)

        If $MD5 <> "" Then

            Local $MD5b = StringLeft($MD5, 7)
            ;If StringRegExp($sTurboDB, "(?x)(?:" & $MD5b & ")", 0) Then
            Local $aTDBRes = StringRegExp($sTurboDB, "(?x)(?-i)" & $MD5b, 1)
            ;If @error = 0 Then $nO1 = @extended

            If UBound($aTDBRes) > 0 Then

                ;If StringLeft($MD5, 8) =  $aTDBRes[0] Then

                ;Local $sDB001 = FileRead($CoreBase)
                Local $nO = 1
                Local $aDBRes = StringRegExp($sSigDb, "(?x)(?-i)" & $MD5 & ".*", 1, $nO)
                If @error = 0 Then $nO = @extended

                If UBound($aDBRes) > 0 Then
                    ;MsgBox(0, "", $aDBRes[0])
                    Local $cResult = StringStripWS($aDBRes[0], 8)
                    Local $rLine = StringSplit($cResult, ";")
                    If $rLine[0] >= 3 Then
                        _RecordInfections($rLine[3], $rLine[1], $rLine[2], $FiName)
                    EndIf
                EndIf

                ;EndIf

            EndIf

        EndIf

    EndIf

;~  EndIf

EndFunc


Func _RecordInfections($vsName, $String, $l, $Source)

    FileSetAttrib($InFile, "-RS")
    Local $sInFile = FileRead($InFile)

    If Not StringRegExp($sInFile, _GetRegExpLiterals($Source), 0) Then
        Local $oInFile = FileOpen($InFile, 1)
        If $oInFile = -1 Then
            FileClose($oInFile)
        Else
            Local $dtCur = _Date_Time_GetSystemTime()
            FileWriteLine($oInFile, $vsName & "|" & $l & "|" & _Date_Time_SystemTimeToDateTimeStr($dtCur) & _
                                    "|" & $Source & "|" & $String & @CRLF)
            FileClose($oInFile)
            $InfCount += 1
        EndIf
    EndIf

    FileSetAttrib($InFile, "+RS")
    ;FileClose($sInFile)
    _UpdateInfectionStatus()
    _UpdateInfectionStatusImage()

EndFunc


Func _UpdateInfectionStatus()

    If $InfCount > 0 Then
        GUICtrlSetColor($lblInfections, 0xB70005)
        GUICtrlSetColor($lblInfHead, 0xB70005)
    Else
        GUICtrlSetColor($lblInfections, 0x008827)
        GUICtrlSetColor($lblInfHead, 0x008827)
    EndIf

    GuiCtrlSetData($lblInfections, $InfCount)
    GuiCtrlSetData($BtnInfections, "Infections (" & $InfCount & ")")
    GuiCtrlSetData($lblInfHead, $InfCount & " Infections")

EndFunc


Func _UpdateInfectionStatusImage()

    If $InfCount > 0 Then
        GUICtrlSetImage($picStatus, @ScriptDir & "\Contents\1101.bmp")
    Else
        GUICtrlSetImage($picStatus, @ScriptDir & "\Contents\1100.bmp")
    EndIf

EndFunc


Func _UpdateWarningStatus()

    If $WarnCount > 0 Then
        GUICtrlSetColor($lblWarnings, 0xDA6413)
        GUICtrlSetColor($lblWarnHead, 0xDA6413)
    Else
        GUICtrlSetColor($lblWarnings, 0x008827)
        GUICtrlSetColor($lblWarnHead, 0x008827)
    EndIf

    GuiCtrlSetData($lblWarnings, $WarnCount)
    GuiCtrlSetData($BtnWarnings, "Warnings (" & $WarnCount & ")")
    GuiCtrlSetData($lblWarnHead, $WarnCount & " Warnings")

EndFunc


Func _Minimize2Tray()

    Opt("TrayIconHide", 0)
    GUISetState(@SW_HIDE, $malGUI)

EndFunc


Func _CloseMe()
    If MsgBox(36, "Close Inoculate",    "Are you sure you want to close the best program ever? OK, maybe not the " & _
                                        "best. If you found a bug or something you don’t like, please email me " & _
                                        "and tell me about it. ") = 6 Then
        _CloseOnError()
    EndIf
EndFunc


Func _CloseOnError()

    _CompileLogFile("", False)
    _CompileLogFile("-----------------------------------------------------------------------------------------", False)

    TraySetState(2)
    Exit
    Local $inPID = ProcessExists(@ScriptName)
    If $inPID Then ProcessClose($inPID)

EndFunc


Func _ShowWindow()

    GUISetState(@SW_SHOW, $malGUI)
    Opt("TrayIconHide", 1)

EndFunc


Func _StopShutdown()
    If Not @OSVersion = "WIN_2000" Then
        ShellExecute("Shutdown", "-a", "", "", @SW_HIDE)
    EndIf
EndFunc


Func _InfectionsInterface()

    ;Opt("GUIOnEventMode", 0)

    Local $hImage
    Local $lviContextMenu, $lvicProperties, $lvicOpenConFolder, $lvicVirTotal, $lvicCopyMD5

    _startProcessing()

    $infGUI = GUICreate("Malware Infections", 650, 550, -1, -1)
    GUISetIcon(@ScriptFullPath, 207, $infGUI)
    GUICtrlCreateIcon(@ScriptFullPath, 207, 20, 25, 64, 64)
    $lblInfHead = GUICtrlCreateLabel($InfCount & " Infections", 120, 20, 600, 30)
    GUICtrlSetFont(-1, 12, 400, 0, "Tahoma", 5)
    GUICtrlCreateLabel( "View detected malware. Select the items you want to clean and press 'Remove'. Careful, there could be some " & _
                        "false positives between these detections. If you’re not sure of something, right-click on the item on " & _
                        "choose ‘Send to VirusTotal.com’ just to make sure.", 120, 50, 490, 55)
    GUICtrlSetFont(-1, 9, 400, 0, "Tahoma", 5)
    $BtnInfRemove = GUICtrlCreateButton("Remove", 20, 125, 120, 30)
    GuiCtrlSetFont($BtnInfRemove, 9, 400, 0, "Tahoma", 5)
    $BtnInfQuarantine = GUICtrlCreateButton("Quarantine", 140, 125, 120, 30)
    GuiCtrlSetFont($BtnInfQuarantine, 9, 400, 0, "Tahoma", 5)
    $BtnInfSelAll = GUICtrlCreateButton("Select all", 410, 125, 110, 30)
    GuiCtrlSetFont($BtnInfSelAll, 9, 400, 0, "Tahoma", 5)
    $BtnInfSelNone = GUICtrlCreateButton("Select none", 520, 125, 110, 30)
    GuiCtrlSetFont($BtnInfSelNone, 9, 400, 0, "Tahoma", 5)

    $lvInfections = GUICtrlCreateListView("Name | | Date | Source | String", 20, 160, 610, 210, -1)
    GuiCtrlSetFont($lvInfections, 9, 400, 0, "Tahoma", 5)
    _GUICtrlListView_SetExtendedListViewStyle($lvInfections,    BitOR($LVS_EX_GRIDLINES, $LVS_EX_FULLROWSELECT, _
                                                                $LVS_EX_SUBITEMIMAGES, $LVS_EX_DOUBLEBUFFER, _
                                                                $LVS_EX_CHECKBOXES))
    _GUICtrlListView_SetColumnWidth($lvInfections, 0, 180)
    _GUICtrlListView_SetColumnWidth($lvInfections, 1, 30)
    _GUICtrlListView_SetColumnWidth($lvInfections, 2, 100)
    _GUICtrlListView_SetColumnWidth($lvInfections, 3, 350)
    _GUICtrlListView_SetColumnWidth($lvInfections, 4, 250)

    $hImage = _GUIImageList_Create(16, 16, 5, 3)
    _GUIImageList_AddIcon($hImage, @ScriptFullPath, -209)
    _GUIImageList_AddIcon($hImage, @ScriptFullPath, -210)
    _GUIImageList_AddIcon($hImage, @ScriptFullPath, -211)
    _GUIImageList_AddIcon($hImage, @ScriptFullPath, -212)
    _GUIImageList_AddIcon($hImage, @ScriptFullPath, -213)
    _GUIImageList_AddIcon($hImage, @ScriptFullPath, -214)
    _GUIImageList_AddIcon($hImage, @ScriptFullPath, -215)
    _GUIImageList_AddIcon($hImage, @ScriptFullPath, -216)
    _GUIImageList_AddIcon($hImage, @ScriptFullPath, -217)
    _GUIImageList_AddIcon($hImage, @ScriptFullPath, -218)
    _GUIImageList_AddIcon($hImage, @ScriptFullPath, -219)
    _GUIImageList_AddIcon($hImage, @ScriptFullPath, -220)
    _GUIImageList_AddIcon($hImage, @ScriptFullPath, -221)
    _GUIImageList_AddIcon($hImage, @ScriptFullPath, -222)
    _GUICtrlListView_SetImageList($lvInfections, $hImage, 1)

    $eInInfo = GUICtrlCreateEdit("", 20, 420, 610, 100, BitOR($ES_READONLY, $WS_VSCROLL))
    GuiCtrlSetFont(-1, 9, -1, -1, "Courier New")

    $InfProgress = GUICtrlCreateProgress(20, 375, 610, 15)
    $InfFileProgress = GUICtrlCreateProgress(20, 395, 610, 10)

    $lviContextMenu = GUICtrlCreateContextMenu($lvInfections)
    $lvicOpenConFolder = GUICtrlCreateMenuItem("Open Containing Folder", $lviContextMenu)
    $lvicVirTotal = GUICtrlCreateMenuItem("Send to VirusTotal.com", $lviContextMenu)
    GUICtrlCreateMenuItem("", $lviContextMenu)
    $lvicCopyMD5 = GUICtrlCreateMenuItem("Copy MD5", $lviContextMenu)
    GUICtrlCreateMenuItem("", $lviContextMenu)
    $lvicProperties = GUICtrlCreateMenuItem("Properties", $lviContextMenu)


    _LoadInfections()

    GuiCtrlSetOnEvent($BtnInfRemove, "_CleanSelectedMalware")
    GuiCtrlSetOnEvent($BtnInfSelAll, "_SelectAllInfections")
    GuiCtrlSetOnEvent($BtnInfSelNone, "_SelectNoneInfections")

    GuiCtrlSetOnEvent($lvicOpenConFolder, "_OpenContainingFolder")
    GuiCtrlSetOnEvent($lvicVirTotal, "_SendToVirusTotal")
    GuiCtrlSetOnEvent($lvicCopyMD5, "_CopyMD5")

    GUISetOnEvent($GUI_EVENT_CLOSE, "_CloseInfectionsWindow")
    GUIRegisterMsg($WM_NOTIFY, "INFECTIONS_WM_NOTIFY")

    GuiSetState(@SW_SHOW, $infGUI)
    GUISwitch($infGUI)

EndFunc


Func _OpenContainingFolder()

    Local $sItem = _GUICtrlListView_GetSelectedItemString($lvInfections)
    If $sItem <> "" Then
        Local $sSplit = StringSplit($sItem, "|")
        ShellExecute(_WinAPI_PathRemoveFileSpec($sSplit[4]))
    EndIf

EndFunc


Func _SendToVirusTotal()

    Local $sItem = _GUICtrlListView_GetSelectedItemString($lvInfections)
    If $sItem <> "" Then
        Local $sSplit = StringSplit($sItem, "|")
        ShellExecute(@ScriptDir & "\Bin\VirusTotalUpload2.exe", """" & $sSplit[4] & """")
    EndIf

EndFunc


Func _CopyMD5()

    Local $sItem = _GUICtrlListView_GetSelectedItemString($lvInfections)
    If $sItem <> "" Then
        Local $sSplit = StringSplit($sItem, "|")
        ClipPut($sSplit[5])
    EndIf

EndFunc


Func _startInfProcess()

    GuiCtrlSetState($BtnInfRemove, $GUI_DISABLE)
    GuiCtrlSetState($BtnInfQuarantine, $GUI_DISABLE)
    GuiCtrlSetState($BtnInfSelAll, $GUI_DISABLE)
    GuiCtrlSetState($BtnInfSelNone, $GUI_DISABLE)

EndFunc


Func _endInfProcess()

    GuiCtrlSetState($BtnInfRemove, $GUI_ENABLE)
    GuiCtrlSetState($BtnInfQuarantine, $GUI_ENABLE)
    GuiCtrlSetState($BtnInfSelAll, $GUI_ENABLE)
    GuiCtrlSetState($BtnInfSelNone, $GUI_ENABLE)

EndFunc


Func _CloseInfectionsWindow()
    GUIDelete($infGUI)
    _endProcessing()
EndFunc


Func INFECTIONS_WM_NOTIFY($hWnd, $iMsg, $iwParam, $ilParam)
    #forceref $hWnd, $iMsg, $iwParam
    Local $hWndFrom, $iIDFrom, $iCode, $tNMHDR, $hWndListView, $tInfo
;~  Local $tBuffer
    $hWndListView = $lvInfections
    If Not IsHWnd($lvInfections) Then $hWndListView = GUICtrlGetHandle($lvInfections)

    $tNMHDR = DllStructCreate($tagNMHDR, $ilParam)
    $hWndFrom = HWnd(DllStructGetData($tNMHDR, "hWndFrom"))
    $iIDFrom = DllStructGetData($tNMHDR, "IDFrom")
    $iCode = DllStructGetData($tNMHDR, "Code")
    Switch $hWndFrom
        Case $hWndListView
            Switch $iCode
                Case $NM_CLICK ; Sent by a list-view control when the user clicks an item with the left mouse button
                    $tInfo = DllStructCreate($tagNMITEMACTIVATE, $ilParam)
                    _DisplayListViewItemInfo(DllStructGetData($tInfo, "Index"))
                Case $NM_DBLCLK ; Sent by a list-view control when the user double-clicks an item with the left mouse button
                Case $LVN_KEYDOWN ; A key has been pressed
                    Local $iSel = _GUICtrlListView_GetSelectedIndices($hWndListView, True)
                    If $iSel[0] > 0 Then _DisplayListViewItemInfo($iSel[1])
                Case $LVN_ITEMACTIVATE ; Sent by a list-view control when the user activates an item
                    ;_OpenContainingFolder()
                Case $LVN_DELETEITEM ; An item is about to be deleted
                    $InfCount -= 1
                    _UpdateInfectionStatus()
            EndSwitch
    EndSwitch
    Return $GUI_RUNDEFMSG
EndFunc   ;==>_REPORT_WM_NOTIFY


Func _DisplayListViewItemInfo($li = 0)

        Local $sItem = _GUICtrlListView_GetItemTextString($lvInfections, $li)

        GUICtrlSetData($eInInfo, "")

        Local $fInfo = ""



        If StringLen($sItem) > 5 Then
            Local $sSplit = StringSplit($sItem, "|")
            GuiCtrlSetData($eInInfo, "NAME: " & $sSplit[1] & @CRLF & @CRLF)
            If StringInStr($sSplit[1], "Rogue") Then
                GuiCtrlSetData($eInInfo, GUICtrlRead($eInInfo) & "Description:" & @TAB & _
                                            "Rogue security software (or rogueware) is a form of computer malware" & @CRLF & _
                                            "that deceives or misleads users into paying for the fake or" & @CRLF & _
                                            "simulated removal of malware, or that installs other malware. Rogue" & @CRLF & _
                                            "security software, in recent years, has become a growing and serious" & @CRLF & _
                                            "security threat in desktop computing.")
            ElseIf StringInStr($sSplit[1], "Malware") Then
                GuiCtrlSetData($eInInfo, GUICtrlRead($eInInfo) & "Malware, short for malicious software, is software designed " & _
                                            "to harm or secretly access a computer without the owner's informed consent. Software " & _
                                            "is considered to be malware based on the perceived intent of the creator rather " & _
                                            "than any particular features. Malware includes computer viruses, worms, trojan " & _
                                            "horses, spyware, dishonest adware, scareware, crimeware, most rootkits, and other " & _
                                            "malicious and unwanted software or program.")
            EndIf

        EndIf
EndFunc


Func _CleanSelectedMalware()

    _startInfProcess()

    Local $P = 0

    If _GUICtrlListView_GetItemCount($lvInfections) > 0 Then
        Local $iCount = _GUICtrlListView_GetItemCount($lvInfections)
        For $n = 0 To $iCount
            Local $cCount = _GUICtrlListView_GetItemChecked($lvInfections, $n)
            If $cCount = 1 Then
                Local $sItem = _GUICtrlListView_GetItemTextString($lvInfections, $n)
                Local $sSplit = StringSplit($sItem, "|")
                If @error Then ContinueLoop
                If _FileDeleteUnlock($sSplit[4]) Then
                    _GUICtrlListView_DeleteItem($lvInfections, $n)
                    $n = $n - 1
                    $P += 1
                    GuiCtrlSetData($InfProgress, ($P / $iCount) * 100)
                    ;_CompileLogFile("Removed '" & $sSplit[4] & "' - " & $sSplit[1])
                    ;$InfCount = _GUICtrlListView_GetItemCount($lvInfections)
                    ;_UpdateInfectionStatus()
                EndIf
            EndIf
        Next
        _SaveInfectionsList()
        GuiCtrlSetData($InfProgress, 0)
    EndIf

    If $delOnReboot <> 0 Then
        If MsgBox(52, $title, $delOnReboot & " Files could not be removed. We will attempt to remove these files " & _
                                "the next time you restart your computer. Would you like to restart Windows now? " & _
                                "Press ‘No’ to restart later.") = 6 Then
            _CloseOnError()
            Shutdown(18)
        EndIf
        $delOnReboot = 0
    EndIf

    _UpdateInfectionStatusImage()
    _UpdateInfectionImages()
    _endInfProcess()

EndFunc


Func _SelectAllInfections()
    _GUICtrlListView_SetItemsChecked($lvInfections)
EndFunc


Func _SelectNoneInfections()
    _GUICtrlListView_SetItemsChecked($lvInfections, False)
EndFunc


Func _SaveInfectionsList()

    GUICtrlSetData($eScan, "Saving infection list, Please wait...")
    FileSetAttrib(@ScriptDir & "\db\Infections.db3", "-RS")
    FileDelete($InFile)

    If _GUICtrlListView_GetItemCount($lvInfections) > 0 Then
        Local $Count = _GUICtrlListView_GetItemCount($lvInfections)
        If _FileCountLines($InFile) <> $Count Then
            ;If FileExists($InFile) Then
                For $i = 0 To $Count - 1
                    Local $sItem = _GUICtrlListView_GetItemTextString($lvInfections, $i)
                    Local $oInFile = FileOpen($InFile, 1)
                    If $oInFile = -1 Then
;~                      FileClose($osInFile)
                        ExitLoop
                    EndIf
                    FileWriteLine($oInFile, $sItem & @CRLF)
                    FileClose($oInFile)
                    GUICtrlSetData($InfProgress, ($i / $Count) * 100)
                Next
            ;EndIf
        EndIf
    EndIf

    FileSetAttrib($InFile, "+RS")
    GUICtrlSetData($InfProgress, 0)
    GUICtrlSetData($eScan, "")

EndFunc


Func _LoadInfections()

    $InfCount = 0

    Local $oInFile = FileOpen($InFile, 0)

    GUICtrlSetData($eScan, "Loading infections, please wait...")
    _CompileLogFile("Loading infections...")

    ; Check if file opened for reading OK
    If $oInFile = -1 Then
        If Not FileExists($InFile) Then
            _CompileLogFile("No infections found (0)")
        Else
            _CompileLogFile("ERROR: Could not load Infections. (" & $InFile & ")")
        EndIf
    Else
        _CompileLogFile("Infections: " & _FileCountLines($InFile))
        ; Read in lines of text until the EOF is reached
        While 1
            Local $iLine = FileReadLine($oInFile)
            If @error = -1 Then ExitLoop

            Local $inlTemp = StringSplit($iLine, "|")
            If $inlTemp[0] >= 5 Then
                If StringInStr($inlTemp[5], "HKEY_") Then
                    Local $KEYSpl = StringSplit($inlTemp[5], "-->", 1)
                    If $KEYSpl[0] >= 2 Then
                        If RegRead(_CleanString($KEYSpl[1], 3), _CleanString($KEYSpl[2], 3)) <> "" Then
                            $InfCount += 1
                            GUICtrlCreateListViewItem($iLine, $lvInfections)
                            ;$Count += 1
                        EndIf
                    EndIf
                ElseIf FileExists($inlTemp[4]) Then
                    GUICtrlCreateListViewItem($iLine, $lvInfections)
                    $InfCount += 1
                EndIf
            EndIf
        WEnd
    EndIf

    FileClose($oInFile)
    GUICtrlSetData($eScan, "")

    _UpdateInfectionStatus()
    _UpdateInfectionImages()
    _UpdateInfectionStatusImage()

EndFunc


Func _UpdateInfectionImages()

    If _GUICtrlListView_GetItemCount($lvInfections) > 0 Then
        Local $lvCount = _GUICtrlListView_GetItemCount($lvInfections)
        For $n = 0 To $lvCount
            Local $sItem = _GUICtrlListView_GetItemTextString($lvInfections, $n)
            Local $sSplit = StringSplit($sItem, "|")
            If StringInStr($sSplit[4], "HKEY_") Then
                _GUICtrlListView_SetItemImage($lvInfections, $n, 7 + $sSplit[2])
            Else
                _GUICtrlListView_SetItemImage($lvInfections, $n, $sSplit[2])
            EndIf
        Next
    EndIf

EndFunc


Func _WarningsInterface()

    Local $hWarnImg

    _startProcessing()

    $warnGUI = GUICreate("Malware Infections", 650, 550, -1, -1)
    GUISetIcon(@ScriptFullPath, 208, $warnGUI)
    GUICtrlCreateIcon(@ScriptFullPath, 208, 20, 25, 64, 64)
    $lblWarnHead = GUICtrlCreateLabel("0 Warnings", 120, 20, 600, 30)
    GUICtrlSetFont($lblWarnHead, 12, 400, 0, "Tahoma", 5)
    GUICtrlCreateLabel( "These warnings are not malware. Malware Cleaner will warn you if it finds an item that behaves like or have the characteristics of " & _
                        "malware. Note: This is not the same as heuristics, so these warnings should not be seen as malware, but could be.", 120, 50, 500, 55)
    GUICtrlSetFont(-1, 9, 400, 0, "Tahoma", 5)

    $lvWarnings = GUICtrlCreateListView("Name | Source | Description", 20, 140, 610, 210, -1)
    GuiCtrlSetFont($lvWarnings, 9, 400, 0, "Tahoma", 5)
    _GUICtrlListView_SetExtendedListViewStyle($lvWarnings,  BitOR(  $LVS_EX_GRIDLINES, $LVS_EX_FULLROWSELECT, _
                                                                    $LVS_EX_SUBITEMIMAGES, $LVS_EX_DOUBLEBUFFER))
    _GUICtrlListView_SetColumnWidth($lvWarnings, 0, 200)
    _GUICtrlListView_SetColumnWidth($lvWarnings, 1, 500)
    _GUICtrlListView_SetColumnWidth($lvWarnings, 2, 300)

    $hWarnImg = _GUIImageList_Create(16, 16, 5, 3)
    _GUIImageList_AddIcon($hWarnImg, @ScriptFullPath, -208)
    _GUICtrlListView_SetImageList($lvWarnings, $hWarnImg, 1)

    _LoadWarnings()

    GUISetOnEvent($GUI_EVENT_CLOSE, "_CloseWarningsWindow")

    GuiSetState(@SW_SHOW, $warnGUI)
    GUISwitch($warnGUI)

EndFunc


Func _CloseWarningsWindow()
    GUIDelete($warnGUI)
    _endProcessing()
EndFunc


Func _RecordWarning($sName, $sSource)

    FileSetAttrib($WarnFile, "-RS")
    Local $sWarnFile = FileRead($WarnFile)

    If Not StringRegExp($sWarnFile, _GetRegExpLiterals($sSource), 0) Then
        Local $oWarnFile = FileOpen($WarnFile, 1)
        If $oWarnFile = -1 Then
            FileClose($oWarnFile)
        Else
            FileWriteLine($oWarnFile, $sName & "|" & $sSource & "|" & _GetWarningDescription($sName) & @CRLF)
            FileClose($oWarnFile)
            $WarnCount += 1
        EndIf
    EndIf

    FileSetAttrib($WarnFile, "+RS")
    _UpdateWarningStatus()
    ;_UpdateWarningImages()

EndFunc


Func _LoadWarnings()

    $WarnCount = 0

    Local $oWarnFile = FileOpen($WarnFile, 0)

    GUICtrlSetData($eScan, "Loading Warnings, please wait...")

    ; Check if file opened for reading OK
    If $oWarnFile = -1 Then
        If Not FileExists($WarnFile) Then
            _CompileLogFile("No warnings found (0)")
        Else
            _CompileLogFile("ERROR: Could not load warnings. (" & $WarnFile & ")")
        EndIf
    Else
        _CompileLogFile("Warnings: " & _FileCountLines($WarnFile))
        ; Read in lines of text until the EOF is reached
        While 1
            Local $iLine = FileReadLine($oWarnFile)
            If @error = -1 Then ExitLoop

            Local $wsplTemp = StringSplit($iLine, "|")
            If StringInStr($wsplTemp[2], "HKEY_") Then
                Local $KEYSpl = StringSplit($wsplTemp[2], "-->", 1)
                If RegRead(_CleanString($KEYSpl[1], 3), _CleanString($KEYSpl[2], 3)) <> "" Then
                    $WarnCount += 1
                    GUICtrlCreateListViewItem($iLine, $lvWarnings)
                EndIf
            ElseIf FileExists($wsplTemp[2]) Then
                GUICtrlCreateListViewItem($iLine, $lvWarnings)
                $WarnCount += 1
            EndIf
        WEnd
    EndIf

    FileClose($oWarnFile)
    GUICtrlSetData($eScan, "")

    _UpdateWarningStatus()
    _UpdateWarningImages()

EndFunc


Func _UpdateWarningImages()

    If _GUICtrlListView_GetItemCount($lvWarnings) > 0 Then
        Local $Count = _GUICtrlListView_GetItemCount($lvWarnings)
        For $x = 0 To $Count
            _GUICtrlListView_SetItemImage($lvWarnings, $x, 0)
        Next
    EndIf

EndFunc

Func _GetWarningDescription($sName)

    Switch $sName
        Case "UserProfileDir Startup"
            Return "UserProfileDir"
    EndSwitch

EndFunc


Func _FileDeleteUnlock($Source)

    GuiCtrlSetData($InfFileProgress, 0)

    Sleep(100)
    GuiCtrlSetData($InfFileProgress, 10)
    If FileExists($Source) Then
        If Not FileDelete($Source) Then
            Sleep(100)
            ;_KillProcess(_SearchProcess($Source))
            GuiCtrlSetData($InfFileProgress, 20)
            Sleep(100)
            If FileExists($Source) Then
                If Not FileDelete($Source) Then
                    Sleep(100)
                    _CompileLogFile("ERROR: Could not remove '" & $Source & "'")
                    _CompileLogFile("The file will be deleted on the next reboot.")
                    _FileDeleteOnReboot($Source)
                    $delOnReboot += 1
                    GuiCtrlSetData($InfFileProgress, 60)
                    Sleep(250)
                EndIf
            EndIf
        EndIf
    EndIf

    GuiCtrlSetData($InfFileProgress, 0)

    If FileExists($Source) Then
        Return False
    Else
        Return True
    EndIf

EndFunc


Func _KillProcess($sProc)

    Local $Plist = ProcessList($sProc)
    For $i = 1 To $Plist[0][0]
        If ProcessExists($Plist[$i][0]) Then
            If _KillSingleProcess($Plist[$i][1]) = False Then
                ProcessClose($Plist[$i][0])
            EndIf
        EndIf
    Next

EndFunc


Func _KillSingleProcess($PID)

    If ProcessClose($PID) Then
        _CompileLogFile($PID & " Process Closed.")
        Return True
    Else
        Switch @error
            Case 1
                _CompileLogFile("ERROR: " & $PID & "(OpenProcess failed)")
            Case 2
                _CompileLogFile("ERROR: " & $PID & "(AdjustTokenPrivileges Failed)")
            Case 3
                _CompileLogFile("ERROR: " & $PID & "(TerminateProcess Failed)")
            Case 4
                _CompileLogFile("ERROR: " & $PID & "(Cannot verify if process exists)")
        EndSwitch
        Return False
    EndIf

EndFunc


Func _SearchProcess($sSource)
    Local $sProcess
    $sProcess = StringSplit($sSource, "\")
    Return $sProcess[$sProcess[0]]
EndFunc


Func _CompileLogFile($lMsg, $TP = True)

    Local $lFile, $Pre = ""

    If Not FileExists($lDir) Then DirCreate($lDir)
    $lFile = FileOpen($lDir & "\" & $lFileName, 1)

    If $lFile = -1 Then
        FileClose($lFile)
    EndIf

    If $TP Then $Pre = _TimePrefix()

    FileWriteLine($lFile, $Pre & $lMsg & @CRLF)
    FileClose($lFile)
    $Pre = ""

EndFunc
Edited by Rizonetech

Rizonesoft Open Source Home Scripts: Complete Internet Repair | Development: Rizonesoft SDK

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.