Sign in to follow this  
Followers 0
Rizonetech

Rizone Malware Cleaner

4 posts in this topic

#1 ·  Posted (edited)

We developed a fully featured malware cleaner using AutoIT. If any portion of the code looks familiar, please let me know and I will give you full credit for it. I know the code is a little messy, and needs more work, but if you have suggestions, please post them. If you would like to help with the project, please let me know. Any good Anti-Malware solution needs many hands to be worth the download bandwith.

Screen:

Posted Image

Download: http://www.rizone3.com/doors/malware-cleaner

Source Download: http://www.rizone3.com/down/malclean/malclean-source.zip

#Region ;**** Directives created by AutoIt3Wrapper_GUI ****
#AutoIt3Wrapper_icon=Resources\malClean\malClean.ico
#AutoIt3Wrapper_Compression=4
#AutoIt3Wrapper_Res_Fileversion=1.8.9.1352
#AutoIt3Wrapper_Res_Fileversion_AutoIncrement=y
#AutoIt3Wrapper_Res_requestedExecutionLevel=requireAdministrator
#AutoIt3Wrapper_Res_Fileversion_AutoIncrement=y
#AutoIt3Wrapper_Res_LegalCopyright=Rizone Technologies
#AutoIt3Wrapper_Res_requestedExecutionLevel=highestAvailable
#AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\ScnPwr-00.ico
#AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\ScnPwr-01.ico
#AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\ScnPwr-02.ico
#AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\ScnPwr-03.ico
#AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\ScnPwr-04.ico
#AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\ScnPwr-05.ico
#AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\Infections.ico
#AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\Warnings.ico
#AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\0.ico
#AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\1.ico
#AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\2.ico
#AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\3.ico
#AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\4.ico
#AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\5.ico
#AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\6.ico
#AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\70.ico
#AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\71.ico
#AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\72.ico
#AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\73.ico
#AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\74.ico
#AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\75.ico
#AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\76.ico
#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****


Opt("TrayAutoPause", 0)
Opt("TrayMenuMode", 3)
Opt("TrayIconHide", 1)
Opt("GUICloseOnESC", 1)
Opt("GUIOnEventMode", 1)
Opt("MustDeclareVars", 1)


#include <WindowsConstants.au3>
#include <StaticConstants.au3>
#include <ButtonConstants.au3>
#include <GUIConstantsEx.au3>
#include <EditConstants.au3>
#Include <GuiImageList.au3>
#Include <GuiListView.au3>
#include <Process.au3>
#include <File.au3>
#Include <Date.au3>

#include <UDF\Hashing.au3>
#include <UDF\Win2000.au3>
#include <UDF\malCleanEx.au3>
#include <UDF\GuiListViewEx.au3>
#Include <UDF\WinAPIEx\WinAPIEx.au3>


HotKeySet('{Esc}', '_CloseMe')


;~ ----------------------------------------------------------------------------------------------------
;~ Settings
;~ ----------------------------------------------------------------------------------------------------
Global Const $title = "Rizone Malware Cleaner"
Global Const $version = FileGetVersion(@ScriptFullPath)
Global Const $SignaturesDb = @ScriptDir & "\db\Signatures.db3"
Global Const $TurboBase = @ScriptDir & "\db\TurboBase.db3"
Global Const $InFile = @ScriptDir & "\db\Infections.db3"
Global Const $WarnFile = @ScriptDir & "\db\Warnings.db3"
Global Const $lDir = @ScriptDir & "\logging\mClean"
Global Const $lFileName = "~R" & @YEAR & @MON & @MDAY & @HOUR & @MIN & @SEC & ".log"
;~ ----------------------------------------------------------------------------------------------------


Global $malGUI, $picStatus, $miScanner, $miStopScan, $BtnScanGo, $BtnStopScan
Global $ScanIco, $lblScnHead, $lblScnPower, $cbScnPower, $ScnPowerIcon, $ScanProgess, $eScan, $BtnInfections
Global $lblDrives, $ComboDrives, $oHFile, $Heuristics, $chkHeur
Global $infGUI, $BtnInfRemove, $BtnInfQuarantine, $BtnInfSelAll, $BtnInfSelNone, $lblInfHead, $lvInfections
Global $InfProgress, $InfFileProgress, $eInInfo, $delOnReboot = 0
Global $BtnWarnings, $warnGUI, $lblWarnHead, $lvWarnings, $WarnCount = 0, $lblWarnings
Global $lblSigCount, $lblInfections, $lblDuration, $lOScanned, $lFiPSec, $lTScanned
Global $CancelScan = True, $SigDbCount = 0, $driveUsed = 0, $statTimer = 0, $FPSCount = 0, $FileCount = 0
Global $Scnd = 0, $TotalScanned = 0, $StartHour = 0, $StartMin = 0, $StartSec = 0, $ePower = 3, $InfCount = 0, $BlinkOn
Global $sTurboDB, $sSigDb


AdlibRegister( "_Process", 500)

_CompileLogFile("                                            ./", False)
_CompileLogFile("                                          (o o)", False)
_CompileLogFile("--------------------------------------oOOo-(_)-oOOo--------------------------------------", False)
_CompileLogFile($title & " " & $version, False)
_CompileLogFile("Database version: 1", False)
_CompileLogFile("OS: " & @OSVersion & " Build " & @OSBuild & " " & @OSServicePack, False)
_CompileLogFile("Architecture: " & @OSArch, False)
_CompileLogFile("Language: " & @OSLang, False)
_CompileLogFile("", False)
_CompileLogFile("-----------------------------------------------------------------------------------------", False)
_CompileLogFile("", False)
_CompileLogFile("Stopping malware from shutting down your computer")


_StopShutdown()
_loadSettings()
_mainInterface()


Func _Process()
    ; Empty the working set
    _WinAPI_EmptyWorkingSet()
EndFunc


Func _mainInterface()

    Local $mFile, $mSupport, $BtnClose

    $malGUI = GUICreate($title & " : " &$version, 760, 500, -1, -1, -1, $WS_EX_COMPOSITED)
    GuiSetFont(8.5, -1, -1, "Tahoma", 5)
    GUISetBkColor(0xFFFFFF, $malGUI)

    $picStatus = GUICtrlCreatePic(@ScriptDir & "\Contents\1100.bmp", 0, 0, 50, 520)

    $mFile = GUICtrlCreateMenu("&File")
    GuiCtrlCreateMenuItem("", $mFile)
    $miScanner = GuiCtrlCreateMenuItem("&Scanner", $mFile)
    $miStopScan = GuiCtrlCreateMenuItem("&Stop Scanning", $mFile)
    GuiCtrlCreateMenuItem("", $mFile)
    GuiCtrlSetState($miStopScan, $GUI_DISABLE)
    $mSupport = GUICtrlCreateMenu("&Support")

    $ScanIco = GUICtrlCreateIcon(@ScriptFullPath, 99, 70, 20, 64, 64)
    $lblScnHead = GUICtrlCreateLabel("Welcome", 170, 60, 400, 30, -1, $WS_EX_TRANSPARENT)
    GUICtrlSetFont($lblScnHead, 12, 400, 0, "Tahoma", 5)
    $lblScnPower = GuiCtrlCreateLabel("Scanner Power :", 250, 32, 120, 20, $SS_RIGHT)
    GUICtrlSetFont($lblScnPower, 11, 400, 0, "Tahoma", 5)
    $cbScnPower = GuiCtrlCreateCombo("" , 380, 30, 130, 30)
    GUICtrlSetData($cbScnPower, "Low|Below Normal|Normal|Above Normal|High|Realtime", "Normal")
    GUICtrlSetFont($cbScnPower, 10, 400, 0, "Tahoma", 5)
    GuiCtrlSetState($cbScnPower, $GUI_DISABLE)
    $ScnPowerIcon = GUICtrlCreateIcon(@ScriptFullPath, 201, 655, 20, 48, 48)
    GUICtrlCreateLabel( "Scan for spyware, adware, trojans, keyloggers, bots, worms and other malware. Select the drive you would " & _
                        "like to scan and press 'Scan Now'. Click on the Infections label to view detected infections.", 120, 90, 400, 50)
    GUICtrlSetFont(-1, 9, 400, 0, "Tahoma", 5)
    $ScanProgess = GUICtrlCreateProgress(70, 150, 500, 30)
    $eScan = GUICtrlCreateEdit("", 70, 185, 500, 50, $ES_READONLY)
    GuiCtrlSetFont($eScan, 8.5, -1, -1, "Courier New")
    GUICtrlSetColor($eScan, 0x606870)
    GUICtrlSetBkColor($eScan, 0xFFFFFF)
    GUICtrlSetCursor($eScan, 2)

    $lblDrives = GuiCtrlCreateLabel("Select drive:", 70, 253, 80, 15)
    GUICtrlSetFont($lblDrives, 10, 400, 0, "Tahoma", 5)
    $ComboDrives = GUICtrlCreateCombo("", 155, 250, 100, 20)
    GUICtrlSetFont($ComboDrives, 10, 400, 0, "Tahoma", 5)
    _GetDrives()

    $chkHeur = GUICtrlCreateCheckbox("Activate Heuristics", 70, 290, 200, 20)
    GUICtrlSetFont($chkHeur, 9, 400, 0, "Tahoma", 5)

    GUICtrlCreateGroup("", 350, 250, 220, 200)

    GuiCtrlCreateLabel("Signatures:", 360, 260, 100, 20)
    GUICtrlSetFont(-1, 10, 400, 0, "Tahoma", 5)
    $lblSigCount = GuiCtrlCreateLabel(0, 460, 260, 100, 20, $SS_RIGHT)
    GUICtrlSetFont(-1, 10, 400, 0, "Tahoma", 5)
    GUICtrlSetColor(-1, 0x008827)
    GuiCtrlCreateLabel("", 360, 280, 200, 1)
    GUICtrlSetBkColor(-1, 0xC9C9C9)

    GuiCtrlCreateLabel("Infections:", 360, 282, 100, 20)
    GUICtrlSetFont(-1, 10, 400, 0, "Tahoma", 5)
    $lblInfections = GuiCtrlCreateLabel(0, 460, 282, 100, 20, $SS_RIGHT)
    GUICtrlSetFont($lblInfections, 10, 400, 0, "Tahoma", 5)
    GuiCtrlSetColor($lblInfections, 0x008827)
    GuiCtrlCreateLabel("", 360, 302, 200, 1)
    GUICtrlSetBkColor(-1, 0xC9C9C9)

    GuiCtrlCreateLabel("Warnings:", 360, 304, 100, 20)
    GUICtrlSetFont(-1, 10, 400, 0, "Tahoma", 5)
    $lblWarnings = GuiCtrlCreateLabel(0, 460, 304, 100, 20, $SS_RIGHT)
    GUICtrlSetFont($lblWarnings, 10, 400, 0, "Tahoma", 5)
    GuiCtrlSetColor($lblWarnings, 0x008827)
    GuiCtrlCreateLabel("", 360, 324, 200, 1)
    GUICtrlSetBkColor(-1, 0xC9C9C9)

    GuiCtrlCreateLabel("Duration:", 360, 326, 100, 15)
    GUICtrlSetFont(-1, 10, 400, 0, "Tahoma", 5)
    $lblDuration = GuiCtrlCreateLabel("00:00:00", 460, 326, 100, 15, $SS_RIGHT)
    GUICtrlSetFont(-1, 10, 400, 0, "Tahoma", 5)
    GuiCtrlCreateLabel("", 360, 346, 200, 1)
    GUICtrlSetBkColor(-1, 0xC9C9C9)

    GuiCtrlCreateLabel("Scanned:", 360, 348, 100, 15)
    GUICtrlSetFont(-1, 10, 400, 0, "Tahoma", 5)
    $lOScanned = GuiCtrlCreateLabel("0", 460, 348, 100, 15, $SS_RIGHT)
    GUICtrlSetBkColor($lOScanned, $GUI_BKCOLOR_TRANSPARENT)
    GUICtrlSetFont($lOScanned, 10, 400, 0, 'Tahoma')
    GUICtrlSetColor($lOScanned, 0x000090)
    GuiCtrlCreateLabel("", 360, 368, 200, 1)
    GUICtrlSetBkColor(-1, 0xC9C9C9)

    GuiCtrlCreateLabel("Errors:", 360, 370, 100, 15)
    GUICtrlSetFont(-1, 10, 400, 0, "Tahoma", 5)
    GuiCtrlCreateLabel("", 360, 390, 200, 1)
    GUICtrlSetBkColor(-1, 0xC9C9C9)

    GuiCtrlCreateLabel("Files / sec:", 360, 392, 100, 15)
    GUICtrlSetFont(-1, 10, 400, 0, "Tahoma", 5)
    $lFiPSec = GuiCtrlCreateLabel("0", 460, 392, 100, 15, $SS_RIGHT)
    GUICtrlSetFont(-1, 10, 400, 0, "Tahoma", 5)
    GuiCtrlCreateLabel("", 360, 412, 200, 1)
    GUICtrlSetBkColor(-1, 0xC9C9C9)

    GuiCtrlCreateLabel("Total Scanned:", 360, 414, 100, 15)
    GUICtrlSetFont(-1, 10, 400, 0, "Tahoma", 5)
    $lTScanned = GuiCtrlCreateLabel($TotalScanned, 460, 414, 100, 15, $SS_RIGHT)
    GUICtrlSetBkColor($lTScanned, $GUI_BKCOLOR_TRANSPARENT)
    GUICtrlSetFont($lTScanned, 10, 400, 0, "Tahoma", 5)
    GUICtrlSetColor($lTScanned, 0x008827)

    GUICtrlCreateGroup("", -99, -99, 1, 1)  ;close group

    $BtnScanGo = GUICtrlCreateButton("Scan Now", 70, 420, 130, 40, 0)
    GUICtrlSetFont($BtnScanGo, 11, 400, 0, "Tahoma", 5)
    GuiCtrlSetState($BtnScanGo, $GUI_DISABLE)
    $BtnStopScan = GUICtrlCreateButton("Stop", 200, 420, 130, 40, 0)
    GUICtrlSetFont($BtnStopScan, 11, 400, 0, "Tahoma", 5)
    GuiCtrlSetState($BtnStopScan, $GUI_DISABLE)

    $BtnInfections = GUICtrlCreateButton("Infections (0)", 590, 100, 150, 35)
    GUICtrlSetFont($BtnInfections, 10, 400, 0, "Tahoma", 5)
    GuiCtrlSetState($BtnInfections, $GUI_DISABLE)
    $BtnWarnings = GUICtrlCreateButton("Warnings (0)", 590, 140, 150, 35)
    GUICtrlSetFont($BtnWarnings, 10, 400, 0, "Tahoma", 5)
    GuiCtrlSetState($BtnWarnings, $GUI_DISABLE)
    $BtnClose = GUICtrlCreateButton("Close", 590, 420, 150, 35)
    GUICtrlSetFont($BtnClose, 10, 400, 0, "Tahoma", 5)

    ProcessSetPriority(@ScriptName, 4)
    _SetProcessInfo()

    GUICtrlSetOnEvent($cbScnPower, "_SetScannerPower")
    GUICtrlSetOnEvent($BtnScanGo, "_startScanning")
    GUICtrlSetOnEvent($BtnInfections, "_InfectionsInterface")
    GUICtrlSetOnEvent($BtnWarnings, "_WarningsInterface")
    GUICtrlSetOnEvent($BtnClose, "_CloseMe")

    GUISetOnEvent($GUI_EVENT_CLOSE, "_Minimize2Tray")

    GUIRegisterMsg($WM_COMMAND, "MY_WM_COMMAND")

    TraySetClick("8")
    Local $TmShow = TrayCreateItem("Show Window")
    TrayCreateItem("")
    Local $TmClose = TrayCreateItem("Close")
    TrayItemSetState($TmShow, $GUI_DEFBUTTON)

    GUISetState(@SW_SHOW, $malGUI)

    _startProcessing()
    _checkIntegrity()
    _endProcessing()

    While 1
        Local $TRMsg = TrayGetMsg()
        Switch $TRMsg
            Case $TmShow
                _ShowWindow()
            Case $TmClose
                _CloseMe()
        EndSwitch
    WEnd

EndFunc


Func MY_WM_COMMAND($hWnd, $iMsg, $wParam, $lParam)

    Switch BitAND($wParam, 0xFFFF) ;LoWord = IDFrom
        Case $BtnStopScan
            Switch BitShift($wParam, 16) ;HiWord = Code
                Case $BN_CLICKED
                    If Not IsDeclared("iMsgReturn") Then Local $iMsgReturn
                    $iMsgReturn = MsgBox(36, $title, "Are you sure you want to terminate scanning?")
                    Select
                        Case $iMsgReturn = 6 ;Yes
                            $CancelScan = True
                            _CompileLogFile("Scanning terminated by user")
                        Case $iMsgReturn = 7 ;No
                            $CancelScan = False
                    EndSelect
            EndSwitch
    EndSwitch
    Return $GUI_RUNDEFMSG
EndFunc;==>WM_COMMAND


#Region "Initializing"


Func _loadSettings()

    $TotalScanned = IniRead(@ScriptDir & "\malClean.ini", "Statistics", "TotalScanned", 0)

EndFunc


Func _checkIntegrity()

    Local Const $Err001 = "ERROR: Could not find the virus definitions database. Database should be located at '" & $SignaturesDb & "'."
    Local Const $Err002 = "ERROR: Could not find any signatures inside the database. Database should at least contain more than one signature."

    If Not FileExists($SignaturesDb) Then
        _CompileLogFile($Err001)
        MsgBox(16, "Database error!", $Err001)
        _CloseOnError()
    Else
        GUICtrlSetData($eScan, "Counting signatures")
        _CompileLogFile("Counting signatures")
        $SigDbCount = _FileCountLines($SignaturesDb)
        If Not $SigDbCount > 1 Then
            _CompileLogFile($Err002)
            MsgBox(16, "Database error!", $Err002)
            _CloseOnError()
        Else
            _CompileLogFile("Signatures: " & $SigDbCount)
        EndIf
    EndIf

    GuiCtrlSetData($lblSigCount, $SigDbCount)

    GUICtrlSetData($eScan, "Looking for turbo signatures database @ [" & $TurboBase & "]")
    _CompileLogFile("Loading the turbo database")
    If Not FileExists($TurboBase) Then
        _CompileLogFile("ERROR: Could not find the turbo database. Database should be @ [" & $TurboBase & "].")
        If Not IsDeclared("iMsgReturn") Then Local $iMsgReturn
        $iMsgReturn = MsgBox(52, "Database error!", "The turbo database seems to be corrupt or missing. However, you can " & _
                                                    "compile a new one from the virus definitions database. Would you like to " & _
                                                    "compile a new database now?")
        Select
            Case $iMsgReturn = 6 ;Yes
                _CompileLogFile("Compiling turbo database")
                _generateTurboBase()
            Case $iMsgReturn = 7 ;No
                _CloseOnError()
        EndSelect
    EndIf

    If FileExists($InFile) Then $InfCount = _FileCountLines($InFile)
    If FileExists($WarnFile) Then $WarnCount = _FileCountLines($WarnFile)

    _UpdateInfectionStatus()
    _UpdateInfectionStatusImage()
    _UpdateWarningStatus()

EndFunc


Func _generateTurboBase()

    _startProcessing(1)

    GuiCtrlSetData($eScan, "")

    Local $iCount = 0, $compilePerc = 0
    Local $oSigDb = FileOpen($SignaturesDb, 0)

    Local $oTuBase = FileOpen($TurboBase, 1)


    While 1
        Local $BaseLine = FileReadLine($oSigDb)
        If @error = -1 Then ExitLoop
        FileWriteLine($oTuBase, StringLeft($BaseLine, 7) & @CRLF)
        $iCount += 1
        $compilePerc = Round($iCount / $SigDbCount * 100)
        _SetStatistics("Compiling database (" & $compilePerc & "%)", $compilePerc)
    WEnd

    FileClose($oSigDb)
    FileClose($oTuBase)
    ;_Busy_Close()

    _endProcessing()

EndFunc


Func _SetScannerPower()

    Switch GuiCtrlRead($cbScnPower)
        Case "Low"
            $ePower = 0
        Case "Below Normal"
            $ePower = 1
        Case "Normal"
            $ePower = 2
        Case "Above Normal"
            $ePower = 3
        Case "High"
            $ePower = 4
        Case "Realtime"
            $ePower = 5
    EndSwitch
    ProcessSetPriority(@ScriptName, $ePower)
    _SetProcessInfo()

EndFunc


Func _SetProcessInfo($PrName = @ScriptName)

    Local $iPID = ProcessExists($PrName) ;~ Will return the PID or 0 if the process isn't found.
    Local $ScnPrl = _ProcessGetPriority($iPID)
    For $p = 0 To 5
        If $p = $ScnPrl Then
            GUICtrlSetImage($ScnPowerIcon, @ScriptFullPath, 201 + $p)
        EndIf
    Next
    Switch $ScnPrl
        Case 0
            GuiCtrlSetData($cbScnPower, "Low")
        Case 1
            GuiCtrlSetData($cbScnPower, "Below Normal")
        Case 2
            GuiCtrlSetData($cbScnPower, "Normal")
        Case 3
            GuiCtrlSetData($cbScnPower, "Above Normal")
        Case 4
            GuiCtrlSetData($cbScnPower, "High")
        Case 5
            GuiCtrlSetData($cbScnPower, "Realtime")
        Case Else
            GuiCtrlSetData($cbScnPower, "Error")
    EndSwitch

EndFunc


Func _GetDrives()

    Local $aDrives = DriveGetDrive("ALL")
    If Not @error Then
        If $aDrives[0] > 0 Then
            For $i = 1 to $aDrives[0]
                If DriveStatus($aDrives[$i]) = "READY" Then
                    GUICtrlSetData($ComboDrives, StringUpper($aDrives[$i]) & "|", @HomeDrive)
                EndIf
            Next
        EndIf
    EndIf

EndFunc


#EndRegion ==> "Initializing"


Func _startProcessing($Flag = 0)

    GuiCtrlSetState($cbScnPower, $GUI_DISABLE)
    GuiCtrlSetState($ComboDrives, $GUI_DISABLE)
    GuiCtrlSetState($BtnScanGo, $GUI_DISABLE)
    If $CancelScan = False Then GuiCtrlSetState($BtnStopScan, $GUI_ENABLE)
    GuiCtrlSetState($BtnInfections, $GUI_DISABLE)
    GuiCtrlSetState($BtnWarnings, $GUI_DISABLE)

    Switch $Flag
        Case 0
            GUICtrlSetImage($ScanIco, @ScriptFullPath, 99)
        Case 1
            If FileExists(@ScriptDir & "\Contents\1001.ani") Then GUICtrlSetImage($ScanIco, @ScriptDir & "\Contents\1001.ani")
        Case 2
            If FileExists(@ScriptDir & "\Contents\1002.ani") Then GUICtrlSetImage($ScanIco, @ScriptDir & "\Contents\1002.ani")
        Case 3
            If FileExists(@ScriptDir & "\Contents\1003.ani") Then GUICtrlSetImage($ScanIco, @ScriptDir & "\Contents\1003.ani")
    EndSwitch

EndFunc


Func _endProcessing()

    GuiCtrlSetState($cbScnPower, $GUI_ENABLE)
    GuiCtrlSetState($ComboDrives, $GUI_ENABLE)
    GuiCtrlSetState($BtnScanGo, $GUI_ENABLE)
    GuiCtrlSetState($BtnInfections, $GUI_ENABLE)
    GuiCtrlSetState($BtnWarnings, $GUI_ENABLE)
    GuiCtrlSetState($BtnStopScan, $GUI_DISABLE)

    GUICtrlSetImage($ScanIco, @ScriptFullPath, 99)

    GuiCtrlSetData($lblScnHead, "Welcome")
    GuiCtrlSetData($ScanProgess, 0)
    GuiCtrlSetData($eScan, "")

    GuiCtrlSetState($miScanner, $GUI_ENABLE)
    GuiCtrlSetState($miStopScan, $GUI_DISABLE)

    ;If $CancelScan = True Then

    $DriveUsed = 0
    $Scnd = 0
    $StartHour = 0
    $StartMin = 0
    $StartSec = 0
    $FileCount = 0
    $FPSCount = 0

    GuiCtrlSetData($lFiPSec, 0)
    GUICtrlSetData($lblDuration, "00:00:00")
    GuiCtrlSetData($lOScanned, $FileCount)
    GuiCtrlSetData($lTScanned, $TotalScanned)

    ;EndIf

EndFunc


Func _SetStatistics($sHeading, $iProgress)

    If TimerDiff($statTimer) >= 1000 Then

        If $CancelScan = False Then
            $FPSCount += 1
            GuiCtrlSetData($lFiPSec, Round($FileCount / $FPSCount))
            GUICtrlSetData($lblDuration, _SetDuration())
            GuiCtrlSetData($lOScanned, $FileCount)
            GuiCtrlSetData($lTScanned, $TotalScanned)
        EndIf

        GuiCtrlSetData($lblScnHead, $sHeading)
        GuiCtrlSetData($ScanProgess, $iProgress)
        ;GuiCtrlSetData($eScan, $eValue)

        $statTimer = TimerInit()

    EndIf

EndFunc


Func _SetDuration()

    Local $sHour, $sMin, $sSec

    $StartSec += 1

    If $StartSec = 59 Then
        $StartSec = 0
        $StartMin += 1
    ElseIf $StartMin = 59 Then
        $StartMin = 0
        $StartHour +=1
    EndIf

    If StringLen($StartHour) < 2 Then
        $sHour = "0" & $StartHour
    Else
        $sHour = $StartHour
    EndIf

    If StringLen($StartMin) < 2 Then
        $sMin = "0" & $StartMin
    Else
        $sMin = $StartMin
    EndIf

    If StringLen($StartSec) < 2 Then
        $sSec = "0" & $StartSec
    Else
        $sSec = $StartSec
    EndIf

    Return $sHour & ":" & $sMin & ":" & $sSec

EndFunc


Func _startScanning()

    $CancelScan = False

    _CompileLogFile("Loading turbo database")
    If FileExists($TurboBase) Then
        $sTurboDB = FileRead($TurboBase)
        If @error = 1 Then _CompileLogFile("ERROR: Could not load turbo database @ [" & $TurboBase & "]")
    Else
        _CompileLogFile("ERROR: Could not find turbo database @ [" & $TurboBase & "]")

    EndIf

    GUICtrlSetData($eScan, "Loading virus definitions database, please wait...")
    $sSigDb = FileRead($SignaturesDb)

    _ScanProcesses()
    _CompileLogFile("Scanning [" & GUICtrlRead($ComboDrives) & "] for malware")
    _ScanCommonStartups()
    _ScanDrive(GUICtrlRead($ComboDrives))

EndFunc


#include <Heuristics.au3>
Func _Heuristics($sFileName)

    $oHFile = FileOpen($sFileName, 16384)
    If $oHFile = -1 Then
        ;_FileOpenError($sFileName)
        Return
    EndIf
    Local $aFile = FileRead($oHFile, 1024)
    FileClose($oHFile)

    $Heuristics = _LoadHeuristics()
    Local $HeurSplit = StringSplit($Heuristics, "©")

    For $i = 1 To $HeurSplit[0]
        If @error Then ExitLoop
        If StringInStr($aFile, $HeurSplit[$i], 2) Then
            _RecordInfections("HEUR.Malware", $HeurSplit[$i], 0, $sFileName)
            ;MsgBox(0, "Heuristics", $HeurSplit[$i])
        EndIf
    Next


EndFunc


Func _ScanCommonStartups()

    _startProcessing(2)

    Local $HKEY, $KEY, $SKEY, $SUB, $Result, $valueName, $value, $eReg = 1, $SC = "\Software\Microsoft\Windows\CurrentVersion"
    Local $UPDir = StringLeft(@UserProfileDir, StringInStr(@UserProfileDir, '\', 0, -1) - 1)
    Local $cSDb = FileRead(@ScriptDir & "\db\CommonStartups.db3"), $RegScPerc = 0

    If @OSArch = 'X86' Then
        $HKEY = StringSplit('HKEY_USERS|HKEY_CURRENT_USER|HKEY_LOCAL_MACHINE', '|')
    Else
        $HKEY = StringSplit('HKEY_USERS64|HKEY_CURRENT_USER64|HKEY_LOCAL_MACHINE64', '|')
    EndIf

    For $x = 1 To $HKEY[0]
        If $x = 1 Then
            $KEY = RegEnumKey($HKEY[$x], $eReg)
            If @error <> 0 Then
                $x = 1
                ContinueLoop
            EndIf
            $KEY = $HKEY[$x] & "\" & $KEY & $SC
            $eReg += 1
            $x = 0
        Else
            $KEY = $HKEY[$x] & $SC
        EndIf
        For $i = 1 To 1000
            $SUB = RegEnumKey($KEY, $i)
            If @error <> 0 Then ExitLoop
            If Not StringInStr($SUB, "Run") Then ContinueLoop
            $SKEY = $KEY & "\" & $SUB
            For $c = 1 To 1000
                $valueName = RegEnumVal($SKEY, $c)
                If @error <> 0 Then ExitLoop

                $FileCount += 1
                $TotalScanned += 1

                $value = StringStripWS(StringReplace(RegRead($SKEY, $valueName), '"', ''), 3)
                Local $aCSRes = StringRegExp($cSDb, _GetRegExpLiterals($value) & ".*", 1)
                If UBound($aCSRes) > 0 Then
                    Local $rLine = StringSplit($aCSRes[0], ";")
                    If $rLine[0] >= 3 Then
                        Local $SS = $SKEY & " --> " & $valueName & " --> " & $value
                        _RecordInfections(_CleanString($rLine[3], 3), $SS, _CleanString($rLine[2], 3), $SKEY)
                    EndIf
                EndIf
                If StringInStr($value, $UPDir) Then
                    _RecordWarning("UserProfileDir Startup", $SKEY & " --> " & $valueName)
                EndIf
            Next
            $value = ""
        Next
        $RegScPerc = (Round(($x / $HKEY[0]) * 100))
        _SetStatistics("Scanning Registry (" & $RegScPerc & "%)", $RegScPerc)
        GuiCtrlSetData($eScan, $HKEY[$x])
    Next

    If $CancelScan Then _endProcessing()

EndFunc


Func _CleanString($s2Clean, $Flag)

    $s2Clean = StringStripWS($s2Clean, $Flag)
    $s2Clean = StringStripCR($s2Clean)
    Return $s2Clean

EndFunc


Func _ScanProcesses()

    _startProcessing(1)

    Local $hToken, $aProcsList = 0, $procsID, $procsPath, $procsPerc

    ; Enable SeDebugPrivilege privilege for obtain full access rights to another processes
    $hToken = _WinAPI_OpenProcessToken(BitOR($TOKEN_ADJUST_PRIVILEGES, $TOKEN_QUERY))
    _WinAPI_AdjustTokenPrivileges($hToken, $SE_DEBUG_NAME, 1)

    ; Retrieve command-line arguments for all processes the system
    If Not (@error Or @extended) Then
        $aProcsList = ProcessList()
        For $x = 1 To $aProcsList[0][0]

            If $CancelScan = True Then ExitLoop

            $procsID = ProcessExists($aProcsList[$x][0])
            $procsPath = _WinAPI_GetProcessFileName($procsID)

            If FileExists($procsPath) Then

                $FileCount += 1
                $TotalScanned += 1

                _ScanFile($procsPath)
                $procsPerc = (Round(($x / $aProcsList[0][0]) * 100) & "%")
                _SetStatistics("Scanning processes (" & $procsPerc & ")", $procsPerc)
                GuiCtrlSetData($eScan, $aProcsList[$x][0] & " - [" & BinaryToString($procsPath) & "]")

            EndIf

        Next
    EndIf

    _WinAPI_AdjustTokenPrivileges($hToken, $SE_DEBUG_NAME, 2)
    _WinAPI_CloseHandle($hToken)

    If $CancelScan Then _endProcessing()

EndFunc


Func _ScanDrive($sDrive)

    If $CancelScan = False Then

        _startProcessing(3)

        If StringRight($sDrive, 1) = "\" Then $sDrive = StringTrimRight($sDrive, 1)
        $driveUsed = (((DriveSpaceTotal($sDrive) - DriveSpaceFree($sDrive)) * 1024) * 1024)

        FileChangeDir($sDrive)
        Local $DirList = FileFindFirstFile($sDrive & "\*.*")

        If Not _Scanner($DirList, $sDrive) Then

            FileClose($DirList)
            $sSigDb = ""
            _endProcessing()

            ;ProcessSetPriority(@ScriptName, $ePower)
            ;_SetProcessInfo()
            ;_StopScanning()

            Return

        EndIf

    EndIf

EndFunc


Func _Scanner($DirList, $DirSearch)

    Local $sFile, $SecSearch, $sSPrc, $Return

    While $CancelScan = False

        $sFile = FileFindNextFile($DirList)
        If @error Then ExitLoop

        $Return &= $DirSearch & "\" & $sFile

        $FileCount += 1
        $TotalScanned += 1

        $Scnd += FileGetSize($Return)
        $sSPrc = (Round(($Scnd * 100) / $driveUsed) & "%")
        If $sSPrc > 98 Then
            $sSPrc = 99
        EndIf
        _SetStatistics("Scanning (" & $sSPrc  & ")", $sSPrc)

        If StringInStr(FileGetAttrib($DirSearch & "\" & $sFile), "D") Then
            $SecSearch = FileFindFirstFile($DirSearch & "\" & $sFile & "\*.*")
            $Return &= _Scanner($SecSearch, $DirSearch & "\" & $sFile)
            FileClose($SecSearch)
        Else

            GuiCtrlSetData($eScan, $Return)
            _ScanFile($Return)
            ;If $SearchLocation = @ScriptDir & "\Quarantine" Then
                ;Return $Return
            ;Else
                ;_ScanFile($Return)
            ;EndIf
        EndIf

        $Return = ""

    WEnd

    FileClose($sFile)
    Return $Return

EndFunc


Func _ScanFile($FiName)

;~  Local $sEx = StringInStr(   "386;ADE;ADP;ADT;APP;AU3;ASP;BAS;BAT;BIN;BTM;CBT;CHM;CLA;CLASS;CMD;COM;CPL;CRT;CSC;CSS;DLL;" & _
;~                              "DOC;DOT;DRV;EML;EMAIL;EXE;FON;EXE;EZT;HLP;HTA;HTM;HTML;INF;INI;INS;ISP;JS;JSE;LIB;LNK;M;MDB;" & _
;~                              "MDE;MHT;MHTM;MHTML;MP3;MSO;MSC;MSI;MSP;MST;OBJ;OCX;PCD;PGM;PIF;PPT;PRC;REG;RTF;SCR;SCT;" & _
;~                              "SHB;SHS;SMM;SYS;URL;VB;VBE;VBS;VXD;WSC;WSF;WSH;ZIP", StringUpper(StringRight($FiName, 3)), 2)
;~  If $sEx > 0 Then

    If FileGetSize($FiName) < (1048576 * 50) Then

        Local $MD5 = _MD5ForFile($FiName)
        ;Local $MD5 = _CalculateMD5($FiName)

        If GUICtrlRead($chkHeur) =  $GUI_CHECKED Then _Heuristics($FiName)

        If $MD5 <> "" Then

            Local $MD5b = StringLeft($MD5, 7)
            ;If StringRegExp($sTurboDB, "(?x)(?:" & $MD5b & ")", 0) Then
            Local $aTDBRes = StringRegExp($sTurboDB, "(?x)(?-i)" & $MD5b, 1)
            ;If @error = 0 Then $nO1 = @extended

            If UBound($aTDBRes) > 0 Then

                ;If StringLeft($MD5, 8) =  $aTDBRes[0] Then

                ;Local $sDB001 = FileRead($CoreBase)
                Local $nO = 1
                Local $aDBRes = StringRegExp($sSigDb, "(?x)(?-i)" & $MD5 & ".*", 1, $nO)
                If @error = 0 Then $nO = @extended

                If UBound($aDBRes) > 0 Then
                    ;MsgBox(0, "", $aDBRes[0])
                    Local $cResult = StringStripWS($aDBRes[0], 8)
                    Local $rLine = StringSplit($cResult, ";")
                    If $rLine[0] >= 3 Then
                        _RecordInfections($rLine[3], $rLine[1], $rLine[2], $FiName)
                    EndIf
                EndIf

                ;EndIf

            EndIf

        EndIf

    EndIf

;~  EndIf

EndFunc


Func _RecordInfections($vsName, $String, $l, $Source)

    FileSetAttrib($InFile, "-RS")
    Local $sInFile = FileRead($InFile)

    If Not StringRegExp($sInFile, _GetRegExpLiterals($Source), 0) Then
        Local $oInFile = FileOpen($InFile, 1)
        If $oInFile = -1 Then
            FileClose($oInFile)
        Else
            Local $dtCur = _Date_Time_GetSystemTime()
            FileWriteLine($oInFile, $vsName & "|" & $l & "|" & _Date_Time_SystemTimeToDateTimeStr($dtCur) & _
                                    "|" & $Source & "|" & $String & @CRLF)
            FileClose($oInFile)
            $InfCount += 1
        EndIf
    EndIf

    FileSetAttrib($InFile, "+RS")
    ;FileClose($sInFile)
    _UpdateInfectionStatus()
    _UpdateInfectionStatusImage()

EndFunc


Func _UpdateInfectionStatus()

    If $InfCount > 0 Then
        GUICtrlSetColor($lblInfections, 0xB70005)
        GUICtrlSetColor($lblInfHead, 0xB70005)
    Else
        GUICtrlSetColor($lblInfections, 0x008827)
        GUICtrlSetColor($lblInfHead, 0x008827)
    EndIf

    GuiCtrlSetData($lblInfections, $InfCount)
    GuiCtrlSetData($BtnInfections, "Infections (" & $InfCount & ")")
    GuiCtrlSetData($lblInfHead, $InfCount & " Infections")

EndFunc


Func _UpdateInfectionStatusImage()

    If $InfCount > 0 Then
        GUICtrlSetImage($picStatus, @ScriptDir & "\Contents\1101.bmp")
    Else
        GUICtrlSetImage($picStatus, @ScriptDir & "\Contents\1100.bmp")
    EndIf

EndFunc


Func _UpdateWarningStatus()

    If $WarnCount > 0 Then
        GUICtrlSetColor($lblWarnings, 0xDA6413)
        GUICtrlSetColor($lblWarnHead, 0xDA6413)
    Else
        GUICtrlSetColor($lblWarnings, 0x008827)
        GUICtrlSetColor($lblWarnHead, 0x008827)
    EndIf

    GuiCtrlSetData($lblWarnings, $WarnCount)
    GuiCtrlSetData($BtnWarnings, "Warnings (" & $WarnCount & ")")
    GuiCtrlSetData($lblWarnHead, $WarnCount & " Warnings")

EndFunc


Func _Minimize2Tray()

    Opt("TrayIconHide", 0)
    GUISetState(@SW_HIDE, $malGUI)

EndFunc


Func _CloseMe()
    If MsgBox(36, "Close Inoculate",    "Are you sure you want to close the best program ever? OK, maybe not the " & _
                                        "best. If you found a bug or something you don’t like, please email me " & _
                                        "and tell me about it. ") = 6 Then
        _CloseOnError()
    EndIf
EndFunc


Func _CloseOnError()

    _CompileLogFile("", False)
    _CompileLogFile("-----------------------------------------------------------------------------------------", False)

    TraySetState(2)
    Exit
    Local $inPID = ProcessExists(@ScriptName)
    If $inPID Then ProcessClose($inPID)

EndFunc


Func _ShowWindow()

    GUISetState(@SW_SHOW, $malGUI)
    Opt("TrayIconHide", 1)

EndFunc


Func _StopShutdown()
    If Not @OSVersion = "WIN_2000" Then
        ShellExecute("Shutdown", "-a", "", "", @SW_HIDE)
    EndIf
EndFunc


Func _InfectionsInterface()

    ;Opt("GUIOnEventMode", 0)

    Local $hImage
    Local $lviContextMenu, $lvicProperties, $lvicOpenConFolder, $lvicVirTotal, $lvicCopyMD5

    _startProcessing()

    $infGUI = GUICreate("Malware Infections", 650, 550, -1, -1)
    GUISetIcon(@ScriptFullPath, 207, $infGUI)
    GUICtrlCreateIcon(@ScriptFullPath, 207, 20, 25, 64, 64)
    $lblInfHead = GUICtrlCreateLabel($InfCount & " Infections", 120, 20, 600, 30)
    GUICtrlSetFont(-1, 12, 400, 0, "Tahoma", 5)
    GUICtrlCreateLabel( "View detected malware. Select the items you want to clean and press 'Remove'. Careful, there could be some " & _
                        "false positives between these detections. If you’re not sure of something, right-click on the item on " & _
                        "choose ‘Send to VirusTotal.com’ just to make sure.", 120, 50, 490, 55)
    GUICtrlSetFont(-1, 9, 400, 0, "Tahoma", 5)
    $BtnInfRemove = GUICtrlCreateButton("Remove", 20, 125, 120, 30)
    GuiCtrlSetFont($BtnInfRemove, 9, 400, 0, "Tahoma", 5)
    $BtnInfQuarantine = GUICtrlCreateButton("Quarantine", 140, 125, 120, 30)
    GuiCtrlSetFont($BtnInfQuarantine, 9, 400, 0, "Tahoma", 5)
    $BtnInfSelAll = GUICtrlCreateButton("Select all", 410, 125, 110, 30)
    GuiCtrlSetFont($BtnInfSelAll, 9, 400, 0, "Tahoma", 5)
    $BtnInfSelNone = GUICtrlCreateButton("Select none", 520, 125, 110, 30)
    GuiCtrlSetFont($BtnInfSelNone, 9, 400, 0, "Tahoma", 5)

    $lvInfections = GUICtrlCreateListView("Name | | Date | Source | String", 20, 160, 610, 210, -1)
    GuiCtrlSetFont($lvInfections, 9, 400, 0, "Tahoma", 5)
    _GUICtrlListView_SetExtendedListViewStyle($lvInfections,    BitOR($LVS_EX_GRIDLINES, $LVS_EX_FULLROWSELECT, _
                                                                $LVS_EX_SUBITEMIMAGES, $LVS_EX_DOUBLEBUFFER, _
                                                                $LVS_EX_CHECKBOXES))
    _GUICtrlListView_SetColumnWidth($lvInfections, 0, 180)
    _GUICtrlListView_SetColumnWidth($lvInfections, 1, 30)
    _GUICtrlListView_SetColumnWidth($lvInfections, 2, 100)
    _GUICtrlListView_SetColumnWidth($lvInfections, 3, 350)
    _GUICtrlListView_SetColumnWidth($lvInfections, 4, 250)

    $hImage = _GUIImageList_Create(16, 16, 5, 3)
    _GUIImageList_AddIcon($hImage, @ScriptFullPath, -209)
    _GUIImageList_AddIcon($hImage, @ScriptFullPath, -210)
    _GUIImageList_AddIcon($hImage, @ScriptFullPath, -211)
    _GUIImageList_AddIcon($hImage, @ScriptFullPath, -212)
    _GUIImageList_AddIcon($hImage, @ScriptFullPath, -213)
    _GUIImageList_AddIcon($hImage, @ScriptFullPath, -214)
    _GUIImageList_AddIcon($hImage, @ScriptFullPath, -215)
    _GUIImageList_AddIcon($hImage, @ScriptFullPath, -216)
    _GUIImageList_AddIcon($hImage, @ScriptFullPath, -217)
    _GUIImageList_AddIcon($hImage, @ScriptFullPath, -218)
    _GUIImageList_AddIcon($hImage, @ScriptFullPath, -219)
    _GUIImageList_AddIcon($hImage, @ScriptFullPath, -220)
    _GUIImageList_AddIcon($hImage, @ScriptFullPath, -221)
    _GUIImageList_AddIcon($hImage, @ScriptFullPath, -222)
    _GUICtrlListView_SetImageList($lvInfections, $hImage, 1)

    $eInInfo = GUICtrlCreateEdit("", 20, 420, 610, 100, BitOR($ES_READONLY, $WS_VSCROLL))
    GuiCtrlSetFont(-1, 9, -1, -1, "Courier New")

    $InfProgress = GUICtrlCreateProgress(20, 375, 610, 15)
    $InfFileProgress = GUICtrlCreateProgress(20, 395, 610, 10)

    $lviContextMenu = GUICtrlCreateContextMenu($lvInfections)
    $lvicOpenConFolder = GUICtrlCreateMenuItem("Open Containing Folder", $lviContextMenu)
    $lvicVirTotal = GUICtrlCreateMenuItem("Send to VirusTotal.com", $lviContextMenu)
    GUICtrlCreateMenuItem("", $lviContextMenu)
    $lvicCopyMD5 = GUICtrlCreateMenuItem("Copy MD5", $lviContextMenu)
    GUICtrlCreateMenuItem("", $lviContextMenu)
    $lvicProperties = GUICtrlCreateMenuItem("Properties", $lviContextMenu)


    _LoadInfections()

    GuiCtrlSetOnEvent($BtnInfRemove, "_CleanSelectedMalware")
    GuiCtrlSetOnEvent($BtnInfSelAll, "_SelectAllInfections")
    GuiCtrlSetOnEvent($BtnInfSelNone, "_SelectNoneInfections")

    GuiCtrlSetOnEvent($lvicOpenConFolder, "_OpenContainingFolder")
    GuiCtrlSetOnEvent($lvicVirTotal, "_SendToVirusTotal")
    GuiCtrlSetOnEvent($lvicCopyMD5, "_CopyMD5")

    GUISetOnEvent($GUI_EVENT_CLOSE, "_CloseInfectionsWindow")
    GUIRegisterMsg($WM_NOTIFY, "INFECTIONS_WM_NOTIFY")

    GuiSetState(@SW_SHOW, $infGUI)
    GUISwitch($infGUI)

EndFunc


Func _OpenContainingFolder()

    Local $sItem = _GUICtrlListView_GetSelectedItemString($lvInfections)
    If $sItem <> "" Then
        Local $sSplit = StringSplit($sItem, "|")
        ShellExecute(_WinAPI_PathRemoveFileSpec($sSplit[4]))
    EndIf

EndFunc


Func _SendToVirusTotal()

    Local $sItem = _GUICtrlListView_GetSelectedItemString($lvInfections)
    If $sItem <> "" Then
        Local $sSplit = StringSplit($sItem, "|")
        ShellExecute(@ScriptDir & "\Bin\VirusTotalUpload2.exe", """" & $sSplit[4] & """")
    EndIf

EndFunc


Func _CopyMD5()

    Local $sItem = _GUICtrlListView_GetSelectedItemString($lvInfections)
    If $sItem <> "" Then
        Local $sSplit = StringSplit($sItem, "|")
        ClipPut($sSplit[5])
    EndIf

EndFunc


Func _startInfProcess()

    GuiCtrlSetState($BtnInfRemove, $GUI_DISABLE)
    GuiCtrlSetState($BtnInfQuarantine, $GUI_DISABLE)
    GuiCtrlSetState($BtnInfSelAll, $GUI_DISABLE)
    GuiCtrlSetState($BtnInfSelNone, $GUI_DISABLE)

EndFunc


Func _endInfProcess()

    GuiCtrlSetState($BtnInfRemove, $GUI_ENABLE)
    GuiCtrlSetState($BtnInfQuarantine, $GUI_ENABLE)
    GuiCtrlSetState($BtnInfSelAll, $GUI_ENABLE)
    GuiCtrlSetState($BtnInfSelNone, $GUI_ENABLE)

EndFunc


Func _CloseInfectionsWindow()
    GUIDelete($infGUI)
    _endProcessing()
EndFunc


Func INFECTIONS_WM_NOTIFY($hWnd, $iMsg, $iwParam, $ilParam)
    #forceref $hWnd, $iMsg, $iwParam
    Local $hWndFrom, $iIDFrom, $iCode, $tNMHDR, $hWndListView, $tInfo
;~  Local $tBuffer
    $hWndListView = $lvInfections
    If Not IsHWnd($lvInfections) Then $hWndListView = GUICtrlGetHandle($lvInfections)

    $tNMHDR = DllStructCreate($tagNMHDR, $ilParam)
    $hWndFrom = HWnd(DllStructGetData($tNMHDR, "hWndFrom"))
    $iIDFrom = DllStructGetData($tNMHDR, "IDFrom")
    $iCode = DllStructGetData($tNMHDR, "Code")
    Switch $hWndFrom
        Case $hWndListView
            Switch $iCode
                Case $NM_CLICK ; Sent by a list-view control when the user clicks an item with the left mouse button
                    $tInfo = DllStructCreate($tagNMITEMACTIVATE, $ilParam)
                    _DisplayListViewItemInfo(DllStructGetData($tInfo, "Index"))
                Case $NM_DBLCLK ; Sent by a list-view control when the user double-clicks an item with the left mouse button
                Case $LVN_KEYDOWN ; A key has been pressed
                    Local $iSel = _GUICtrlListView_GetSelectedIndices($hWndListView, True)
                    If $iSel[0] > 0 Then _DisplayListViewItemInfo($iSel[1])
                Case $LVN_ITEMACTIVATE ; Sent by a list-view control when the user activates an item
                    ;_OpenContainingFolder()
                Case $LVN_DELETEITEM ; An item is about to be deleted
                    $InfCount -= 1
                    _UpdateInfectionStatus()
            EndSwitch
    EndSwitch
    Return $GUI_RUNDEFMSG
EndFunc   ;==>_REPORT_WM_NOTIFY


Func _DisplayListViewItemInfo($li = 0)

        Local $sItem = _GUICtrlListView_GetItemTextString($lvInfections, $li)

        GUICtrlSetData($eInInfo, "")

        Local $fInfo = ""



        If StringLen($sItem) > 5 Then
            Local $sSplit = StringSplit($sItem, "|")
            GuiCtrlSetData($eInInfo, "NAME: " & $sSplit[1] & @CRLF & @CRLF)
            If StringInStr($sSplit[1], "Rogue") Then
                GuiCtrlSetData($eInInfo, GUICtrlRead($eInInfo) & "Description:" & @TAB & _
                                            "Rogue security software (or rogueware) is a form of computer malware" & @CRLF & _
                                            "that deceives or misleads users into paying for the fake or" & @CRLF & _
                                            "simulated removal of malware, or that installs other malware. Rogue" & @CRLF & _
                                            "security software, in recent years, has become a growing and serious" & @CRLF & _
                                            "security threat in desktop computing.")
            ElseIf StringInStr($sSplit[1], "Malware") Then
                GuiCtrlSetData($eInInfo, GUICtrlRead($eInInfo) & "Malware, short for malicious software, is software designed " & _
                                            "to harm or secretly access a computer without the owner's informed consent. Software " & _
                                            "is considered to be malware based on the perceived intent of the creator rather " & _
                                            "than any particular features. Malware includes computer viruses, worms, trojan " & _
                                            "horses, spyware, dishonest adware, scareware, crimeware, most rootkits, and other " & _
                                            "malicious and unwanted software or program.")
            EndIf

        EndIf
EndFunc


Func _CleanSelectedMalware()

    _startInfProcess()

    Local $P = 0

    If _GUICtrlListView_GetItemCount($lvInfections) > 0 Then
        Local $iCount = _GUICtrlListView_GetItemCount($lvInfections)
        For $n = 0 To $iCount
            Local $cCount = _GUICtrlListView_GetItemChecked($lvInfections, $n)
            If $cCount = 1 Then
                Local $sItem = _GUICtrlListView_GetItemTextString($lvInfections, $n)
                Local $sSplit = StringSplit($sItem, "|")
                If @error Then ContinueLoop
                If _FileDeleteUnlock($sSplit[4]) Then
                    _GUICtrlListView_DeleteItem($lvInfections, $n)
                    $n = $n - 1
                    $P += 1
                    GuiCtrlSetData($InfProgress, ($P / $iCount) * 100)
                    ;_CompileLogFile("Removed '" & $sSplit[4] & "' - " & $sSplit[1])
                    ;$InfCount = _GUICtrlListView_GetItemCount($lvInfections)
                    ;_UpdateInfectionStatus()
                EndIf
            EndIf
        Next
        _SaveInfectionsList()
        GuiCtrlSetData($InfProgress, 0)
    EndIf

    If $delOnReboot <> 0 Then
        If MsgBox(52, $title, $delOnReboot & " Files could not be removed. We will attempt to remove these files " & _
                                "the next time you restart your computer. Would you like to restart Windows now? " & _
                                "Press ‘No’ to restart later.") = 6 Then
            _CloseOnError()
            Shutdown(18)
        EndIf
        $delOnReboot = 0
    EndIf

    _UpdateInfectionStatusImage()
    _UpdateInfectionImages()
    _endInfProcess()

EndFunc


Func _SelectAllInfections()
    _GUICtrlListView_SetItemsChecked($lvInfections)
EndFunc


Func _SelectNoneInfections()
    _GUICtrlListView_SetItemsChecked($lvInfections, False)
EndFunc


Func _SaveInfectionsList()

    GUICtrlSetData($eScan, "Saving infection list, Please wait...")
    FileSetAttrib(@ScriptDir & "\db\Infections.db3", "-RS")
    FileDelete($InFile)

    If _GUICtrlListView_GetItemCount($lvInfections) > 0 Then
        Local $Count = _GUICtrlListView_GetItemCount($lvInfections)
        If _FileCountLines($InFile) <> $Count Then
            ;If FileExists($InFile) Then
                For $i = 0 To $Count - 1
                    Local $sItem = _GUICtrlListView_GetItemTextString($lvInfections, $i)
                    Local $oInFile = FileOpen($InFile, 1)
                    If $oInFile = -1 Then
;~                      FileClose($osInFile)
                        ExitLoop
                    EndIf
                    FileWriteLine($oInFile, $sItem & @CRLF)
                    FileClose($oInFile)
                    GUICtrlSetData($InfProgress, ($i / $Count) * 100)
                Next
            ;EndIf
        EndIf
    EndIf

    FileSetAttrib($InFile, "+RS")
    GUICtrlSetData($InfProgress, 0)
    GUICtrlSetData($eScan, "")

EndFunc


Func _LoadInfections()

    $InfCount = 0

    Local $oInFile = FileOpen($InFile, 0)

    GUICtrlSetData($eScan, "Loading infections, please wait...")
    _CompileLogFile("Loading infections...")

    ; Check if file opened for reading OK
    If $oInFile = -1 Then
        If Not FileExists($InFile) Then
            _CompileLogFile("No infections found (0)")
        Else
            _CompileLogFile("ERROR: Could not load Infections. (" & $InFile & ")")
        EndIf
    Else
        _CompileLogFile("Infections: " & _FileCountLines($InFile))
        ; Read in lines of text until the EOF is reached
        While 1
            Local $iLine = FileReadLine($oInFile)
            If @error = -1 Then ExitLoop

            Local $inlTemp = StringSplit($iLine, "|")
            If $inlTemp[0] >= 5 Then
                If StringInStr($inlTemp[5], "HKEY_") Then
                    Local $KEYSpl = StringSplit($inlTemp[5], "-->", 1)
                    If $KEYSpl[0] >= 2 Then
                        If RegRead(_CleanString($KEYSpl[1], 3), _CleanString($KEYSpl[2], 3)) <> "" Then
                            $InfCount += 1
                            GUICtrlCreateListViewItem($iLine, $lvInfections)
                            ;$Count += 1
                        EndIf
                    EndIf
                ElseIf FileExists($inlTemp[4]) Then
                    GUICtrlCreateListViewItem($iLine, $lvInfections)
                    $InfCount += 1
                EndIf
            EndIf
        WEnd
    EndIf

    FileClose($oInFile)
    GUICtrlSetData($eScan, "")

    _UpdateInfectionStatus()
    _UpdateInfectionImages()
    _UpdateInfectionStatusImage()

EndFunc


Func _UpdateInfectionImages()

    If _GUICtrlListView_GetItemCount($lvInfections) > 0 Then
        Local $lvCount = _GUICtrlListView_GetItemCount($lvInfections)
        For $n = 0 To $lvCount
            Local $sItem = _GUICtrlListView_GetItemTextString($lvInfections, $n)
            Local $sSplit = StringSplit($sItem, "|")
            If StringInStr($sSplit[4], "HKEY_") Then
                _GUICtrlListView_SetItemImage($lvInfections, $n, 7 + $sSplit[2])
            Else
                _GUICtrlListView_SetItemImage($lvInfections, $n, $sSplit[2])
            EndIf
        Next
    EndIf

EndFunc


Func _WarningsInterface()

    Local $hWarnImg

    _startProcessing()

    $warnGUI = GUICreate("Malware Infections", 650, 550, -1, -1)
    GUISetIcon(@ScriptFullPath, 208, $warnGUI)
    GUICtrlCreateIcon(@ScriptFullPath, 208, 20, 25, 64, 64)
    $lblWarnHead = GUICtrlCreateLabel("0 Warnings", 120, 20, 600, 30)
    GUICtrlSetFont($lblWarnHead, 12, 400, 0, "Tahoma", 5)
    GUICtrlCreateLabel( "These warnings are not malware. Malware Cleaner will warn you if it finds an item that behaves like or have the characteristics of " & _
                        "malware. Note: This is not the same as heuristics, so these warnings should not be seen as malware, but could be.", 120, 50, 500, 55)
    GUICtrlSetFont(-1, 9, 400, 0, "Tahoma", 5)

    $lvWarnings = GUICtrlCreateListView("Name | Source | Description", 20, 140, 610, 210, -1)
    GuiCtrlSetFont($lvWarnings, 9, 400, 0, "Tahoma", 5)
    _GUICtrlListView_SetExtendedListViewStyle($lvWarnings,  BitOR(  $LVS_EX_GRIDLINES, $LVS_EX_FULLROWSELECT, _
                                                                    $LVS_EX_SUBITEMIMAGES, $LVS_EX_DOUBLEBUFFER))
    _GUICtrlListView_SetColumnWidth($lvWarnings, 0, 200)
    _GUICtrlListView_SetColumnWidth($lvWarnings, 1, 500)
    _GUICtrlListView_SetColumnWidth($lvWarnings, 2, 300)

    $hWarnImg = _GUIImageList_Create(16, 16, 5, 3)
    _GUIImageList_AddIcon($hWarnImg, @ScriptFullPath, -208)
    _GUICtrlListView_SetImageList($lvWarnings, $hWarnImg, 1)

    _LoadWarnings()

    GUISetOnEvent($GUI_EVENT_CLOSE, "_CloseWarningsWindow")

    GuiSetState(@SW_SHOW, $warnGUI)
    GUISwitch($warnGUI)

EndFunc


Func _CloseWarningsWindow()
    GUIDelete($warnGUI)
    _endProcessing()
EndFunc


Func _RecordWarning($sName, $sSource)

    FileSetAttrib($WarnFile, "-RS")
    Local $sWarnFile = FileRead($WarnFile)

    If Not StringRegExp($sWarnFile, _GetRegExpLiterals($sSource), 0) Then
        Local $oWarnFile = FileOpen($WarnFile, 1)
        If $oWarnFile = -1 Then
            FileClose($oWarnFile)
        Else
            FileWriteLine($oWarnFile, $sName & "|" & $sSource & "|" & _GetWarningDescription($sName) & @CRLF)
            FileClose($oWarnFile)
            $WarnCount += 1
        EndIf
    EndIf

    FileSetAttrib($WarnFile, "+RS")
    _UpdateWarningStatus()
    ;_UpdateWarningImages()

EndFunc


Func _LoadWarnings()

    $WarnCount = 0

    Local $oWarnFile = FileOpen($WarnFile, 0)

    GUICtrlSetData($eScan, "Loading Warnings, please wait...")

    ; Check if file opened for reading OK
    If $oWarnFile = -1 Then
        If Not FileExists($WarnFile) Then
            _CompileLogFile("No warnings found (0)")
        Else
            _CompileLogFile("ERROR: Could not load warnings. (" & $WarnFile & ")")
        EndIf
    Else
        _CompileLogFile("Warnings: " & _FileCountLines($WarnFile))
        ; Read in lines of text until the EOF is reached
        While 1
            Local $iLine = FileReadLine($oWarnFile)
            If @error = -1 Then ExitLoop

            Local $wsplTemp = StringSplit($iLine, "|")
            If StringInStr($wsplTemp[2], "HKEY_") Then
                Local $KEYSpl = StringSplit($wsplTemp[2], "-->", 1)
                If RegRead(_CleanString($KEYSpl[1], 3), _CleanString($KEYSpl[2], 3)) <> "" Then
                    $WarnCount += 1
                    GUICtrlCreateListViewItem($iLine, $lvWarnings)
                EndIf
            ElseIf FileExists($wsplTemp[2]) Then
                GUICtrlCreateListViewItem($iLine, $lvWarnings)
                $WarnCount += 1
            EndIf
        WEnd
    EndIf

    FileClose($oWarnFile)
    GUICtrlSetData($eScan, "")

    _UpdateWarningStatus()
    _UpdateWarningImages()

EndFunc


Func _UpdateWarningImages()

    If _GUICtrlListView_GetItemCount($lvWarnings) > 0 Then
        Local $Count = _GUICtrlListView_GetItemCount($lvWarnings)
        For $x = 0 To $Count
            _GUICtrlListView_SetItemImage($lvWarnings, $x, 0)
        Next
    EndIf

EndFunc

Func _GetWarningDescription($sName)

    Switch $sName
        Case "UserProfileDir Startup"
            Return "UserProfileDir"
    EndSwitch

EndFunc


Func _FileDeleteUnlock($Source)

    GuiCtrlSetData($InfFileProgress, 0)

    Sleep(100)
    GuiCtrlSetData($InfFileProgress, 10)
    If FileExists($Source) Then
        If Not FileDelete($Source) Then
            Sleep(100)
            ;_KillProcess(_SearchProcess($Source))
            GuiCtrlSetData($InfFileProgress, 20)
            Sleep(100)
            If FileExists($Source) Then
                If Not FileDelete($Source) Then
                    Sleep(100)
                    _CompileLogFile("ERROR: Could not remove '" & $Source & "'")
                    _CompileLogFile("The file will be deleted on the next reboot.")
                    _FileDeleteOnReboot($Source)
                    $delOnReboot += 1
                    GuiCtrlSetData($InfFileProgress, 60)
                    Sleep(250)
                EndIf
            EndIf
        EndIf
    EndIf

    GuiCtrlSetData($InfFileProgress, 0)

    If FileExists($Source) Then
        Return False
    Else
        Return True
    EndIf

EndFunc


Func _KillProcess($sProc)

    Local $Plist = ProcessList($sProc)
    For $i = 1 To $Plist[0][0]
        If ProcessExists($Plist[$i][0]) Then
            If _KillSingleProcess($Plist[$i][1]) = False Then
                ProcessClose($Plist[$i][0])
            EndIf
        EndIf
    Next

EndFunc


Func _KillSingleProcess($PID)

    If ProcessClose($PID) Then
        _CompileLogFile($PID & " Process Closed.")
        Return True
    Else
        Switch @error
            Case 1
                _CompileLogFile("ERROR: " & $PID & "(OpenProcess failed)")
            Case 2
                _CompileLogFile("ERROR: " & $PID & "(AdjustTokenPrivileges Failed)")
            Case 3
                _CompileLogFile("ERROR: " & $PID & "(TerminateProcess Failed)")
            Case 4
                _CompileLogFile("ERROR: " & $PID & "(Cannot verify if process exists)")
        EndSwitch
        Return False
    EndIf

EndFunc


Func _SearchProcess($sSource)
    Local $sProcess
    $sProcess = StringSplit($sSource, "\")
    Return $sProcess[$sProcess[0]]
EndFunc


Func _CompileLogFile($lMsg, $TP = True)

    Local $lFile, $Pre = ""

    If Not FileExists($lDir) Then DirCreate($lDir)
    $lFile = FileOpen($lDir & "\" & $lFileName, 1)

    If $lFile = -1 Then
        FileClose($lFile)
    EndIf

    If $TP Then $Pre = _TimePrefix()

    FileWriteLine($lFile, $Pre & $lMsg & @CRLF)
    FileClose($lFile)
    $Pre = ""

EndFunc
Edited by Rizonetech

Rizonesoft Open Source Home Scripts: Complete Internet Repair | Development: Rizonesoft SDK

Share this post


Link to post
Share on other sites



Are you check MD5's file?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0