Rizonetech Posted May 3, 2011 Share Posted May 3, 2011 (edited) We developed a fully featured malware cleaner using AutoIT. If any portion of the code looks familiar, please let me know and I will give you full credit for it. I know the code is a little messy, and needs more work, but if you have suggestions, please post them. If you would like to help with the project, please let me know. Any good Anti-Malware solution needs many hands to be worth the download bandwith.Screen: Download: http://www.rizone3.com/doors/malware-cleanerSource Download: http://www.rizone3.com/down/malclean/malclean-source.zipexpandcollapse popup#Region ;**** Directives created by AutoIt3Wrapper_GUI **** #AutoIt3Wrapper_icon=Resources\malClean\malClean.ico #AutoIt3Wrapper_Compression=4 #AutoIt3Wrapper_Res_Fileversion=1.8.9.1352 #AutoIt3Wrapper_Res_Fileversion_AutoIncrement=y #AutoIt3Wrapper_Res_requestedExecutionLevel=requireAdministrator #AutoIt3Wrapper_Res_Fileversion_AutoIncrement=y #AutoIt3Wrapper_Res_LegalCopyright=Rizone Technologies #AutoIt3Wrapper_Res_requestedExecutionLevel=highestAvailable #AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\ScnPwr-00.ico #AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\ScnPwr-01.ico #AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\ScnPwr-02.ico #AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\ScnPwr-03.ico #AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\ScnPwr-04.ico #AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\ScnPwr-05.ico #AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\Infections.ico #AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\Warnings.ico #AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\0.ico #AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\1.ico #AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\2.ico #AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\3.ico #AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\4.ico #AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\5.ico #AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\6.ico #AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\70.ico #AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\71.ico #AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\72.ico #AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\73.ico #AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\74.ico #AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\75.ico #AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\76.ico #EndRegion ;**** Directives created by AutoIt3Wrapper_GUI **** Opt("TrayAutoPause", 0) Opt("TrayMenuMode", 3) Opt("TrayIconHide", 1) Opt("GUICloseOnESC", 1) Opt("GUIOnEventMode", 1) Opt("MustDeclareVars", 1) #include <WindowsConstants.au3> #include <StaticConstants.au3> #include <ButtonConstants.au3> #include <GUIConstantsEx.au3> #include <EditConstants.au3> #Include <GuiImageList.au3> #Include <GuiListView.au3> #include <Process.au3> #include <File.au3> #Include <Date.au3> #include <UDF\Hashing.au3> #include <UDF\Win2000.au3> #include <UDF\malCleanEx.au3> #include <UDF\GuiListViewEx.au3> #Include <UDF\WinAPIEx\WinAPIEx.au3> HotKeySet('{Esc}', '_CloseMe') ;~ ---------------------------------------------------------------------------------------------------- ;~ Settings ;~ ---------------------------------------------------------------------------------------------------- Global Const $title = "Rizone Malware Cleaner" Global Const $version = FileGetVersion(@ScriptFullPath) Global Const $SignaturesDb = @ScriptDir & "\db\Signatures.db3" Global Const $TurboBase = @ScriptDir & "\db\TurboBase.db3" Global Const $InFile = @ScriptDir & "\db\Infections.db3" Global Const $WarnFile = @ScriptDir & "\db\Warnings.db3" Global Const $lDir = @ScriptDir & "\logging\mClean" Global Const $lFileName = "~R" & @YEAR & @MON & @MDAY & @HOUR & @MIN & @SEC & ".log" ;~ ---------------------------------------------------------------------------------------------------- Global $malGUI, $picStatus, $miScanner, $miStopScan, $BtnScanGo, $BtnStopScan Global $ScanIco, $lblScnHead, $lblScnPower, $cbScnPower, $ScnPowerIcon, $ScanProgess, $eScan, $BtnInfections Global $lblDrives, $ComboDrives, $oHFile, $Heuristics, $chkHeur Global $infGUI, $BtnInfRemove, $BtnInfQuarantine, $BtnInfSelAll, $BtnInfSelNone, $lblInfHead, $lvInfections Global $InfProgress, $InfFileProgress, $eInInfo, $delOnReboot = 0 Global $BtnWarnings, $warnGUI, $lblWarnHead, $lvWarnings, $WarnCount = 0, $lblWarnings Global $lblSigCount, $lblInfections, $lblDuration, $lOScanned, $lFiPSec, $lTScanned Global $CancelScan = True, $SigDbCount = 0, $driveUsed = 0, $statTimer = 0, $FPSCount = 0, $FileCount = 0 Global $Scnd = 0, $TotalScanned = 0, $StartHour = 0, $StartMin = 0, $StartSec = 0, $ePower = 3, $InfCount = 0, $BlinkOn Global $sTurboDB, $sSigDb AdlibRegister( "_Process", 500) _CompileLogFile(" ./", False) _CompileLogFile(" (o o)", False) _CompileLogFile("--------------------------------------oOOo-(_)-oOOo--------------------------------------", False) _CompileLogFile($title & " " & $version, False) _CompileLogFile("Database version: 1", False) _CompileLogFile("OS: " & @OSVersion & " Build " & @OSBuild & " " & @OSServicePack, False) _CompileLogFile("Architecture: " & @OSArch, False) _CompileLogFile("Language: " & @OSLang, False) _CompileLogFile("", False) _CompileLogFile("-----------------------------------------------------------------------------------------", False) _CompileLogFile("", False) _CompileLogFile("Stopping malware from shutting down your computer") _StopShutdown() _loadSettings() _mainInterface() Func _Process() ; Empty the working set _WinAPI_EmptyWorkingSet() EndFunc Func _mainInterface() Local $mFile, $mSupport, $BtnClose $malGUI = GUICreate($title & " : " &$version, 760, 500, -1, -1, -1, $WS_EX_COMPOSITED) GuiSetFont(8.5, -1, -1, "Tahoma", 5) GUISetBkColor(0xFFFFFF, $malGUI) $picStatus = GUICtrlCreatePic(@ScriptDir & "\Contents\1100.bmp", 0, 0, 50, 520) $mFile = GUICtrlCreateMenu("&File") GuiCtrlCreateMenuItem("", $mFile) $miScanner = GuiCtrlCreateMenuItem("&Scanner", $mFile) $miStopScan = GuiCtrlCreateMenuItem("&Stop Scanning", $mFile) GuiCtrlCreateMenuItem("", $mFile) GuiCtrlSetState($miStopScan, $GUI_DISABLE) $mSupport = GUICtrlCreateMenu("&Support") $ScanIco = GUICtrlCreateIcon(@ScriptFullPath, 99, 70, 20, 64, 64) $lblScnHead = GUICtrlCreateLabel("Welcome", 170, 60, 400, 30, -1, $WS_EX_TRANSPARENT) GUICtrlSetFont($lblScnHead, 12, 400, 0, "Tahoma", 5) $lblScnPower = GuiCtrlCreateLabel("Scanner Power :", 250, 32, 120, 20, $SS_RIGHT) GUICtrlSetFont($lblScnPower, 11, 400, 0, "Tahoma", 5) $cbScnPower = GuiCtrlCreateCombo("" , 380, 30, 130, 30) GUICtrlSetData($cbScnPower, "Low|Below Normal|Normal|Above Normal|High|Realtime", "Normal") GUICtrlSetFont($cbScnPower, 10, 400, 0, "Tahoma", 5) GuiCtrlSetState($cbScnPower, $GUI_DISABLE) $ScnPowerIcon = GUICtrlCreateIcon(@ScriptFullPath, 201, 655, 20, 48, 48) GUICtrlCreateLabel( "Scan for spyware, adware, trojans, keyloggers, bots, worms and other malware. Select the drive you would " & _ "like to scan and press 'Scan Now'. Click on the Infections label to view detected infections.", 120, 90, 400, 50) GUICtrlSetFont(-1, 9, 400, 0, "Tahoma", 5) $ScanProgess = GUICtrlCreateProgress(70, 150, 500, 30) $eScan = GUICtrlCreateEdit("", 70, 185, 500, 50, $ES_READONLY) GuiCtrlSetFont($eScan, 8.5, -1, -1, "Courier New") GUICtrlSetColor($eScan, 0x606870) GUICtrlSetBkColor($eScan, 0xFFFFFF) GUICtrlSetCursor($eScan, 2) $lblDrives = GuiCtrlCreateLabel("Select drive:", 70, 253, 80, 15) GUICtrlSetFont($lblDrives, 10, 400, 0, "Tahoma", 5) $ComboDrives = GUICtrlCreateCombo("", 155, 250, 100, 20) GUICtrlSetFont($ComboDrives, 10, 400, 0, "Tahoma", 5) _GetDrives() $chkHeur = GUICtrlCreateCheckbox("Activate Heuristics", 70, 290, 200, 20) GUICtrlSetFont($chkHeur, 9, 400, 0, "Tahoma", 5) GUICtrlCreateGroup("", 350, 250, 220, 200) GuiCtrlCreateLabel("Signatures:", 360, 260, 100, 20) GUICtrlSetFont(-1, 10, 400, 0, "Tahoma", 5) $lblSigCount = GuiCtrlCreateLabel(0, 460, 260, 100, 20, $SS_RIGHT) GUICtrlSetFont(-1, 10, 400, 0, "Tahoma", 5) GUICtrlSetColor(-1, 0x008827) GuiCtrlCreateLabel("", 360, 280, 200, 1) GUICtrlSetBkColor(-1, 0xC9C9C9) GuiCtrlCreateLabel("Infections:", 360, 282, 100, 20) GUICtrlSetFont(-1, 10, 400, 0, "Tahoma", 5) $lblInfections = GuiCtrlCreateLabel(0, 460, 282, 100, 20, $SS_RIGHT) GUICtrlSetFont($lblInfections, 10, 400, 0, "Tahoma", 5) GuiCtrlSetColor($lblInfections, 0x008827) GuiCtrlCreateLabel("", 360, 302, 200, 1) GUICtrlSetBkColor(-1, 0xC9C9C9) GuiCtrlCreateLabel("Warnings:", 360, 304, 100, 20) GUICtrlSetFont(-1, 10, 400, 0, "Tahoma", 5) $lblWarnings = GuiCtrlCreateLabel(0, 460, 304, 100, 20, $SS_RIGHT) GUICtrlSetFont($lblWarnings, 10, 400, 0, "Tahoma", 5) GuiCtrlSetColor($lblWarnings, 0x008827) GuiCtrlCreateLabel("", 360, 324, 200, 1) GUICtrlSetBkColor(-1, 0xC9C9C9) GuiCtrlCreateLabel("Duration:", 360, 326, 100, 15) GUICtrlSetFont(-1, 10, 400, 0, "Tahoma", 5) $lblDuration = GuiCtrlCreateLabel("00:00:00", 460, 326, 100, 15, $SS_RIGHT) GUICtrlSetFont(-1, 10, 400, 0, "Tahoma", 5) GuiCtrlCreateLabel("", 360, 346, 200, 1) GUICtrlSetBkColor(-1, 0xC9C9C9) GuiCtrlCreateLabel("Scanned:", 360, 348, 100, 15) GUICtrlSetFont(-1, 10, 400, 0, "Tahoma", 5) $lOScanned = GuiCtrlCreateLabel("0", 460, 348, 100, 15, $SS_RIGHT) GUICtrlSetBkColor($lOScanned, $GUI_BKCOLOR_TRANSPARENT) GUICtrlSetFont($lOScanned, 10, 400, 0, 'Tahoma') GUICtrlSetColor($lOScanned, 0x000090) GuiCtrlCreateLabel("", 360, 368, 200, 1) GUICtrlSetBkColor(-1, 0xC9C9C9) GuiCtrlCreateLabel("Errors:", 360, 370, 100, 15) GUICtrlSetFont(-1, 10, 400, 0, "Tahoma", 5) GuiCtrlCreateLabel("", 360, 390, 200, 1) GUICtrlSetBkColor(-1, 0xC9C9C9) GuiCtrlCreateLabel("Files / sec:", 360, 392, 100, 15) GUICtrlSetFont(-1, 10, 400, 0, "Tahoma", 5) $lFiPSec = GuiCtrlCreateLabel("0", 460, 392, 100, 15, $SS_RIGHT) GUICtrlSetFont(-1, 10, 400, 0, "Tahoma", 5) GuiCtrlCreateLabel("", 360, 412, 200, 1) GUICtrlSetBkColor(-1, 0xC9C9C9) GuiCtrlCreateLabel("Total Scanned:", 360, 414, 100, 15) GUICtrlSetFont(-1, 10, 400, 0, "Tahoma", 5) $lTScanned = GuiCtrlCreateLabel($TotalScanned, 460, 414, 100, 15, $SS_RIGHT) GUICtrlSetBkColor($lTScanned, $GUI_BKCOLOR_TRANSPARENT) GUICtrlSetFont($lTScanned, 10, 400, 0, "Tahoma", 5) GUICtrlSetColor($lTScanned, 0x008827) GUICtrlCreateGroup("", -99, -99, 1, 1) ;close group $BtnScanGo = GUICtrlCreateButton("Scan Now", 70, 420, 130, 40, 0) GUICtrlSetFont($BtnScanGo, 11, 400, 0, "Tahoma", 5) GuiCtrlSetState($BtnScanGo, $GUI_DISABLE) $BtnStopScan = GUICtrlCreateButton("Stop", 200, 420, 130, 40, 0) GUICtrlSetFont($BtnStopScan, 11, 400, 0, "Tahoma", 5) GuiCtrlSetState($BtnStopScan, $GUI_DISABLE) $BtnInfections = GUICtrlCreateButton("Infections (0)", 590, 100, 150, 35) GUICtrlSetFont($BtnInfections, 10, 400, 0, "Tahoma", 5) GuiCtrlSetState($BtnInfections, $GUI_DISABLE) $BtnWarnings = GUICtrlCreateButton("Warnings (0)", 590, 140, 150, 35) GUICtrlSetFont($BtnWarnings, 10, 400, 0, "Tahoma", 5) GuiCtrlSetState($BtnWarnings, $GUI_DISABLE) $BtnClose = GUICtrlCreateButton("Close", 590, 420, 150, 35) GUICtrlSetFont($BtnClose, 10, 400, 0, "Tahoma", 5) ProcessSetPriority(@ScriptName, 4) _SetProcessInfo() GUICtrlSetOnEvent($cbScnPower, "_SetScannerPower") GUICtrlSetOnEvent($BtnScanGo, "_startScanning") GUICtrlSetOnEvent($BtnInfections, "_InfectionsInterface") GUICtrlSetOnEvent($BtnWarnings, "_WarningsInterface") GUICtrlSetOnEvent($BtnClose, "_CloseMe") GUISetOnEvent($GUI_EVENT_CLOSE, "_Minimize2Tray") GUIRegisterMsg($WM_COMMAND, "MY_WM_COMMAND") TraySetClick("8") Local $TmShow = TrayCreateItem("Show Window") TrayCreateItem("") Local $TmClose = TrayCreateItem("Close") TrayItemSetState($TmShow, $GUI_DEFBUTTON) GUISetState(@SW_SHOW, $malGUI) _startProcessing() _checkIntegrity() _endProcessing() While 1 Local $TRMsg = TrayGetMsg() Switch $TRMsg Case $TmShow _ShowWindow() Case $TmClose _CloseMe() EndSwitch WEnd EndFunc Func MY_WM_COMMAND($hWnd, $iMsg, $wParam, $lParam) Switch BitAND($wParam, 0xFFFF) ;LoWord = IDFrom Case $BtnStopScan Switch BitShift($wParam, 16) ;HiWord = Code Case $BN_CLICKED If Not IsDeclared("iMsgReturn") Then Local $iMsgReturn $iMsgReturn = MsgBox(36, $title, "Are you sure you want to terminate scanning?") Select Case $iMsgReturn = 6 ;Yes $CancelScan = True _CompileLogFile("Scanning terminated by user") Case $iMsgReturn = 7 ;No $CancelScan = False EndSelect EndSwitch EndSwitch Return $GUI_RUNDEFMSG EndFunc;==>WM_COMMAND #Region "Initializing" Func _loadSettings() $TotalScanned = IniRead(@ScriptDir & "\malClean.ini", "Statistics", "TotalScanned", 0) EndFunc Func _checkIntegrity() Local Const $Err001 = "ERROR: Could not find the virus definitions database. Database should be located at '" & $SignaturesDb & "'." Local Const $Err002 = "ERROR: Could not find any signatures inside the database. Database should at least contain more than one signature." If Not FileExists($SignaturesDb) Then _CompileLogFile($Err001) MsgBox(16, "Database error!", $Err001) _CloseOnError() Else GUICtrlSetData($eScan, "Counting signatures") _CompileLogFile("Counting signatures") $SigDbCount = _FileCountLines($SignaturesDb) If Not $SigDbCount > 1 Then _CompileLogFile($Err002) MsgBox(16, "Database error!", $Err002) _CloseOnError() Else _CompileLogFile("Signatures: " & $SigDbCount) EndIf EndIf GuiCtrlSetData($lblSigCount, $SigDbCount) GUICtrlSetData($eScan, "Looking for turbo signatures database @ [" & $TurboBase & "]") _CompileLogFile("Loading the turbo database") If Not FileExists($TurboBase) Then _CompileLogFile("ERROR: Could not find the turbo database. Database should be @ [" & $TurboBase & "].") If Not IsDeclared("iMsgReturn") Then Local $iMsgReturn $iMsgReturn = MsgBox(52, "Database error!", "The turbo database seems to be corrupt or missing. However, you can " & _ "compile a new one from the virus definitions database. Would you like to " & _ "compile a new database now?") Select Case $iMsgReturn = 6 ;Yes _CompileLogFile("Compiling turbo database") _generateTurboBase() Case $iMsgReturn = 7 ;No _CloseOnError() EndSelect EndIf If FileExists($InFile) Then $InfCount = _FileCountLines($InFile) If FileExists($WarnFile) Then $WarnCount = _FileCountLines($WarnFile) _UpdateInfectionStatus() _UpdateInfectionStatusImage() _UpdateWarningStatus() EndFunc Func _generateTurboBase() _startProcessing(1) GuiCtrlSetData($eScan, "") Local $iCount = 0, $compilePerc = 0 Local $oSigDb = FileOpen($SignaturesDb, 0) Local $oTuBase = FileOpen($TurboBase, 1) While 1 Local $BaseLine = FileReadLine($oSigDb) If @error = -1 Then ExitLoop FileWriteLine($oTuBase, StringLeft($BaseLine, 7) & @CRLF) $iCount += 1 $compilePerc = Round($iCount / $SigDbCount * 100) _SetStatistics("Compiling database (" & $compilePerc & "%)", $compilePerc) WEnd FileClose($oSigDb) FileClose($oTuBase) ;_Busy_Close() _endProcessing() EndFunc Func _SetScannerPower() Switch GuiCtrlRead($cbScnPower) Case "Low" $ePower = 0 Case "Below Normal" $ePower = 1 Case "Normal" $ePower = 2 Case "Above Normal" $ePower = 3 Case "High" $ePower = 4 Case "Realtime" $ePower = 5 EndSwitch ProcessSetPriority(@ScriptName, $ePower) _SetProcessInfo() EndFunc Func _SetProcessInfo($PrName = @ScriptName) Local $iPID = ProcessExists($PrName) ;~ Will return the PID or 0 if the process isn't found. Local $ScnPrl = _ProcessGetPriority($iPID) For $p = 0 To 5 If $p = $ScnPrl Then GUICtrlSetImage($ScnPowerIcon, @ScriptFullPath, 201 + $p) EndIf Next Switch $ScnPrl Case 0 GuiCtrlSetData($cbScnPower, "Low") Case 1 GuiCtrlSetData($cbScnPower, "Below Normal") Case 2 GuiCtrlSetData($cbScnPower, "Normal") Case 3 GuiCtrlSetData($cbScnPower, "Above Normal") Case 4 GuiCtrlSetData($cbScnPower, "High") Case 5 GuiCtrlSetData($cbScnPower, "Realtime") Case Else GuiCtrlSetData($cbScnPower, "Error") EndSwitch EndFunc Func _GetDrives() Local $aDrives = DriveGetDrive("ALL") If Not @error Then If $aDrives[0] > 0 Then For $i = 1 to $aDrives[0] If DriveStatus($aDrives[$i]) = "READY" Then GUICtrlSetData($ComboDrives, StringUpper($aDrives[$i]) & "|", @HomeDrive) EndIf Next EndIf EndIf EndFunc #EndRegion ==> "Initializing" Func _startProcessing($Flag = 0) GuiCtrlSetState($cbScnPower, $GUI_DISABLE) GuiCtrlSetState($ComboDrives, $GUI_DISABLE) GuiCtrlSetState($BtnScanGo, $GUI_DISABLE) If $CancelScan = False Then GuiCtrlSetState($BtnStopScan, $GUI_ENABLE) GuiCtrlSetState($BtnInfections, $GUI_DISABLE) GuiCtrlSetState($BtnWarnings, $GUI_DISABLE) Switch $Flag Case 0 GUICtrlSetImage($ScanIco, @ScriptFullPath, 99) Case 1 If FileExists(@ScriptDir & "\Contents\1001.ani") Then GUICtrlSetImage($ScanIco, @ScriptDir & "\Contents\1001.ani") Case 2 If FileExists(@ScriptDir & "\Contents\1002.ani") Then GUICtrlSetImage($ScanIco, @ScriptDir & "\Contents\1002.ani") Case 3 If FileExists(@ScriptDir & "\Contents\1003.ani") Then GUICtrlSetImage($ScanIco, @ScriptDir & "\Contents\1003.ani") EndSwitch EndFunc Func _endProcessing() GuiCtrlSetState($cbScnPower, $GUI_ENABLE) GuiCtrlSetState($ComboDrives, $GUI_ENABLE) GuiCtrlSetState($BtnScanGo, $GUI_ENABLE) GuiCtrlSetState($BtnInfections, $GUI_ENABLE) GuiCtrlSetState($BtnWarnings, $GUI_ENABLE) GuiCtrlSetState($BtnStopScan, $GUI_DISABLE) GUICtrlSetImage($ScanIco, @ScriptFullPath, 99) GuiCtrlSetData($lblScnHead, "Welcome") GuiCtrlSetData($ScanProgess, 0) GuiCtrlSetData($eScan, "") GuiCtrlSetState($miScanner, $GUI_ENABLE) GuiCtrlSetState($miStopScan, $GUI_DISABLE) ;If $CancelScan = True Then $DriveUsed = 0 $Scnd = 0 $StartHour = 0 $StartMin = 0 $StartSec = 0 $FileCount = 0 $FPSCount = 0 GuiCtrlSetData($lFiPSec, 0) GUICtrlSetData($lblDuration, "00:00:00") GuiCtrlSetData($lOScanned, $FileCount) GuiCtrlSetData($lTScanned, $TotalScanned) ;EndIf EndFunc Func _SetStatistics($sHeading, $iProgress) If TimerDiff($statTimer) >= 1000 Then If $CancelScan = False Then $FPSCount += 1 GuiCtrlSetData($lFiPSec, Round($FileCount / $FPSCount)) GUICtrlSetData($lblDuration, _SetDuration()) GuiCtrlSetData($lOScanned, $FileCount) GuiCtrlSetData($lTScanned, $TotalScanned) EndIf GuiCtrlSetData($lblScnHead, $sHeading) GuiCtrlSetData($ScanProgess, $iProgress) ;GuiCtrlSetData($eScan, $eValue) $statTimer = TimerInit() EndIf EndFunc Func _SetDuration() Local $sHour, $sMin, $sSec $StartSec += 1 If $StartSec = 59 Then $StartSec = 0 $StartMin += 1 ElseIf $StartMin = 59 Then $StartMin = 0 $StartHour +=1 EndIf If StringLen($StartHour) < 2 Then $sHour = "0" & $StartHour Else $sHour = $StartHour EndIf If StringLen($StartMin) < 2 Then $sMin = "0" & $StartMin Else $sMin = $StartMin EndIf If StringLen($StartSec) < 2 Then $sSec = "0" & $StartSec Else $sSec = $StartSec EndIf Return $sHour & ":" & $sMin & ":" & $sSec EndFunc Func _startScanning() $CancelScan = False _CompileLogFile("Loading turbo database") If FileExists($TurboBase) Then $sTurboDB = FileRead($TurboBase) If @error = 1 Then _CompileLogFile("ERROR: Could not load turbo database @ [" & $TurboBase & "]") Else _CompileLogFile("ERROR: Could not find turbo database @ [" & $TurboBase & "]") EndIf GUICtrlSetData($eScan, "Loading virus definitions database, please wait...") $sSigDb = FileRead($SignaturesDb) _ScanProcesses() _CompileLogFile("Scanning [" & GUICtrlRead($ComboDrives) & "] for malware") _ScanCommonStartups() _ScanDrive(GUICtrlRead($ComboDrives)) EndFunc #include <Heuristics.au3> Func _Heuristics($sFileName) $oHFile = FileOpen($sFileName, 16384) If $oHFile = -1 Then ;_FileOpenError($sFileName) Return EndIf Local $aFile = FileRead($oHFile, 1024) FileClose($oHFile) $Heuristics = _LoadHeuristics() Local $HeurSplit = StringSplit($Heuristics, "©") For $i = 1 To $HeurSplit[0] If @error Then ExitLoop If StringInStr($aFile, $HeurSplit[$i], 2) Then _RecordInfections("HEUR.Malware", $HeurSplit[$i], 0, $sFileName) ;MsgBox(0, "Heuristics", $HeurSplit[$i]) EndIf Next EndFunc Func _ScanCommonStartups() _startProcessing(2) Local $HKEY, $KEY, $SKEY, $SUB, $Result, $valueName, $value, $eReg = 1, $SC = "\Software\Microsoft\Windows\CurrentVersion" Local $UPDir = StringLeft(@UserProfileDir, StringInStr(@UserProfileDir, '\', 0, -1) - 1) Local $cSDb = FileRead(@ScriptDir & "\db\CommonStartups.db3"), $RegScPerc = 0 If @OSArch = 'X86' Then $HKEY = StringSplit('HKEY_USERS|HKEY_CURRENT_USER|HKEY_LOCAL_MACHINE', '|') Else $HKEY = StringSplit('HKEY_USERS64|HKEY_CURRENT_USER64|HKEY_LOCAL_MACHINE64', '|') EndIf For $x = 1 To $HKEY[0] If $x = 1 Then $KEY = RegEnumKey($HKEY[$x], $eReg) If @error <> 0 Then $x = 1 ContinueLoop EndIf $KEY = $HKEY[$x] & "\" & $KEY & $SC $eReg += 1 $x = 0 Else $KEY = $HKEY[$x] & $SC EndIf For $i = 1 To 1000 $SUB = RegEnumKey($KEY, $i) If @error <> 0 Then ExitLoop If Not StringInStr($SUB, "Run") Then ContinueLoop $SKEY = $KEY & "\" & $SUB For $c = 1 To 1000 $valueName = RegEnumVal($SKEY, $c) If @error <> 0 Then ExitLoop $FileCount += 1 $TotalScanned += 1 $value = StringStripWS(StringReplace(RegRead($SKEY, $valueName), '"', ''), 3) Local $aCSRes = StringRegExp($cSDb, _GetRegExpLiterals($value) & ".*", 1) If UBound($aCSRes) > 0 Then Local $rLine = StringSplit($aCSRes[0], ";") If $rLine[0] >= 3 Then Local $SS = $SKEY & " --> " & $valueName & " --> " & $value _RecordInfections(_CleanString($rLine[3], 3), $SS, _CleanString($rLine[2], 3), $SKEY) EndIf EndIf If StringInStr($value, $UPDir) Then _RecordWarning("UserProfileDir Startup", $SKEY & " --> " & $valueName) EndIf Next $value = "" Next $RegScPerc = (Round(($x / $HKEY[0]) * 100)) _SetStatistics("Scanning Registry (" & $RegScPerc & "%)", $RegScPerc) GuiCtrlSetData($eScan, $HKEY[$x]) Next If $CancelScan Then _endProcessing() EndFunc Func _CleanString($s2Clean, $Flag) $s2Clean = StringStripWS($s2Clean, $Flag) $s2Clean = StringStripCR($s2Clean) Return $s2Clean EndFunc Func _ScanProcesses() _startProcessing(1) Local $hToken, $aProcsList = 0, $procsID, $procsPath, $procsPerc ; Enable SeDebugPrivilege privilege for obtain full access rights to another processes $hToken = _WinAPI_OpenProcessToken(BitOR($TOKEN_ADJUST_PRIVILEGES, $TOKEN_QUERY)) _WinAPI_AdjustTokenPrivileges($hToken, $SE_DEBUG_NAME, 1) ; Retrieve command-line arguments for all processes the system If Not (@error Or @extended) Then $aProcsList = ProcessList() For $x = 1 To $aProcsList[0][0] If $CancelScan = True Then ExitLoop $procsID = ProcessExists($aProcsList[$x][0]) $procsPath = _WinAPI_GetProcessFileName($procsID) If FileExists($procsPath) Then $FileCount += 1 $TotalScanned += 1 _ScanFile($procsPath) $procsPerc = (Round(($x / $aProcsList[0][0]) * 100) & "%") _SetStatistics("Scanning processes (" & $procsPerc & ")", $procsPerc) GuiCtrlSetData($eScan, $aProcsList[$x][0] & " - [" & BinaryToString($procsPath) & "]") EndIf Next EndIf _WinAPI_AdjustTokenPrivileges($hToken, $SE_DEBUG_NAME, 2) _WinAPI_CloseHandle($hToken) If $CancelScan Then _endProcessing() EndFunc Func _ScanDrive($sDrive) If $CancelScan = False Then _startProcessing(3) If StringRight($sDrive, 1) = "\" Then $sDrive = StringTrimRight($sDrive, 1) $driveUsed = (((DriveSpaceTotal($sDrive) - DriveSpaceFree($sDrive)) * 1024) * 1024) FileChangeDir($sDrive) Local $DirList = FileFindFirstFile($sDrive & "\*.*") If Not _Scanner($DirList, $sDrive) Then FileClose($DirList) $sSigDb = "" _endProcessing() ;ProcessSetPriority(@ScriptName, $ePower) ;_SetProcessInfo() ;_StopScanning() Return EndIf EndIf EndFunc Func _Scanner($DirList, $DirSearch) Local $sFile, $SecSearch, $sSPrc, $Return While $CancelScan = False $sFile = FileFindNextFile($DirList) If @error Then ExitLoop $Return &= $DirSearch & "\" & $sFile $FileCount += 1 $TotalScanned += 1 $Scnd += FileGetSize($Return) $sSPrc = (Round(($Scnd * 100) / $driveUsed) & "%") If $sSPrc > 98 Then $sSPrc = 99 EndIf _SetStatistics("Scanning (" & $sSPrc & ")", $sSPrc) If StringInStr(FileGetAttrib($DirSearch & "\" & $sFile), "D") Then $SecSearch = FileFindFirstFile($DirSearch & "\" & $sFile & "\*.*") $Return &= _Scanner($SecSearch, $DirSearch & "\" & $sFile) FileClose($SecSearch) Else GuiCtrlSetData($eScan, $Return) _ScanFile($Return) ;If $SearchLocation = @ScriptDir & "\Quarantine" Then ;Return $Return ;Else ;_ScanFile($Return) ;EndIf EndIf $Return = "" WEnd FileClose($sFile) Return $Return EndFunc Func _ScanFile($FiName) ;~ Local $sEx = StringInStr( "386;ADE;ADP;ADT;APP;AU3;ASP;BAS;BAT;BIN;BTM;CBT;CHM;CLA;CLASS;CMD;COM;CPL;CRT;CSC;CSS;DLL;" & _ ;~ "DOC;DOT;DRV;EML;EMAIL;EXE;FON;EXE;EZT;HLP;HTA;HTM;HTML;INF;INI;INS;ISP;JS;JSE;LIB;LNK;M;MDB;" & _ ;~ "MDE;MHT;MHTM;MHTML;MP3;MSO;MSC;MSI;MSP;MST;OBJ;OCX;PCD;PGM;PIF;PPT;PRC;REG;RTF;SCR;SCT;" & _ ;~ "SHB;SHS;SMM;SYS;URL;VB;VBE;VBS;VXD;WSC;WSF;WSH;ZIP", StringUpper(StringRight($FiName, 3)), 2) ;~ If $sEx > 0 Then If FileGetSize($FiName) < (1048576 * 50) Then Local $MD5 = _MD5ForFile($FiName) ;Local $MD5 = _CalculateMD5($FiName) If GUICtrlRead($chkHeur) = $GUI_CHECKED Then _Heuristics($FiName) If $MD5 <> "" Then Local $MD5b = StringLeft($MD5, 7) ;If StringRegExp($sTurboDB, "(?x)(?:" & $MD5b & ")", 0) Then Local $aTDBRes = StringRegExp($sTurboDB, "(?x)(?-i)" & $MD5b, 1) ;If @error = 0 Then $nO1 = @extended If UBound($aTDBRes) > 0 Then ;If StringLeft($MD5, 8) = $aTDBRes[0] Then ;Local $sDB001 = FileRead($CoreBase) Local $nO = 1 Local $aDBRes = StringRegExp($sSigDb, "(?x)(?-i)" & $MD5 & ".*", 1, $nO) If @error = 0 Then $nO = @extended If UBound($aDBRes) > 0 Then ;MsgBox(0, "", $aDBRes[0]) Local $cResult = StringStripWS($aDBRes[0], 8) Local $rLine = StringSplit($cResult, ";") If $rLine[0] >= 3 Then _RecordInfections($rLine[3], $rLine[1], $rLine[2], $FiName) EndIf EndIf ;EndIf EndIf EndIf EndIf ;~ EndIf EndFunc Func _RecordInfections($vsName, $String, $l, $Source) FileSetAttrib($InFile, "-RS") Local $sInFile = FileRead($InFile) If Not StringRegExp($sInFile, _GetRegExpLiterals($Source), 0) Then Local $oInFile = FileOpen($InFile, 1) If $oInFile = -1 Then FileClose($oInFile) Else Local $dtCur = _Date_Time_GetSystemTime() FileWriteLine($oInFile, $vsName & "|" & $l & "|" & _Date_Time_SystemTimeToDateTimeStr($dtCur) & _ "|" & $Source & "|" & $String & @CRLF) FileClose($oInFile) $InfCount += 1 EndIf EndIf FileSetAttrib($InFile, "+RS") ;FileClose($sInFile) _UpdateInfectionStatus() _UpdateInfectionStatusImage() EndFunc Func _UpdateInfectionStatus() If $InfCount > 0 Then GUICtrlSetColor($lblInfections, 0xB70005) GUICtrlSetColor($lblInfHead, 0xB70005) Else GUICtrlSetColor($lblInfections, 0x008827) GUICtrlSetColor($lblInfHead, 0x008827) EndIf GuiCtrlSetData($lblInfections, $InfCount) GuiCtrlSetData($BtnInfections, "Infections (" & $InfCount & ")") GuiCtrlSetData($lblInfHead, $InfCount & " Infections") EndFunc Func _UpdateInfectionStatusImage() If $InfCount > 0 Then GUICtrlSetImage($picStatus, @ScriptDir & "\Contents\1101.bmp") Else GUICtrlSetImage($picStatus, @ScriptDir & "\Contents\1100.bmp") EndIf EndFunc Func _UpdateWarningStatus() If $WarnCount > 0 Then GUICtrlSetColor($lblWarnings, 0xDA6413) GUICtrlSetColor($lblWarnHead, 0xDA6413) Else GUICtrlSetColor($lblWarnings, 0x008827) GUICtrlSetColor($lblWarnHead, 0x008827) EndIf GuiCtrlSetData($lblWarnings, $WarnCount) GuiCtrlSetData($BtnWarnings, "Warnings (" & $WarnCount & ")") GuiCtrlSetData($lblWarnHead, $WarnCount & " Warnings") EndFunc Func _Minimize2Tray() Opt("TrayIconHide", 0) GUISetState(@SW_HIDE, $malGUI) EndFunc Func _CloseMe() If MsgBox(36, "Close Inoculate", "Are you sure you want to close the best program ever? OK, maybe not the " & _ "best. If you found a bug or something you don’t like, please email me " & _ "and tell me about it. ") = 6 Then _CloseOnError() EndIf EndFunc Func _CloseOnError() _CompileLogFile("", False) _CompileLogFile("-----------------------------------------------------------------------------------------", False) TraySetState(2) Exit Local $inPID = ProcessExists(@ScriptName) If $inPID Then ProcessClose($inPID) EndFunc Func _ShowWindow() GUISetState(@SW_SHOW, $malGUI) Opt("TrayIconHide", 1) EndFunc Func _StopShutdown() If Not @OSVersion = "WIN_2000" Then ShellExecute("Shutdown", "-a", "", "", @SW_HIDE) EndIf EndFunc Func _InfectionsInterface() ;Opt("GUIOnEventMode", 0) Local $hImage Local $lviContextMenu, $lvicProperties, $lvicOpenConFolder, $lvicVirTotal, $lvicCopyMD5 _startProcessing() $infGUI = GUICreate("Malware Infections", 650, 550, -1, -1) GUISetIcon(@ScriptFullPath, 207, $infGUI) GUICtrlCreateIcon(@ScriptFullPath, 207, 20, 25, 64, 64) $lblInfHead = GUICtrlCreateLabel($InfCount & " Infections", 120, 20, 600, 30) GUICtrlSetFont(-1, 12, 400, 0, "Tahoma", 5) GUICtrlCreateLabel( "View detected malware. Select the items you want to clean and press 'Remove'. Careful, there could be some " & _ "false positives between these detections. If you’re not sure of something, right-click on the item on " & _ "choose ‘Send to VirusTotal.com’ just to make sure.", 120, 50, 490, 55) GUICtrlSetFont(-1, 9, 400, 0, "Tahoma", 5) $BtnInfRemove = GUICtrlCreateButton("Remove", 20, 125, 120, 30) GuiCtrlSetFont($BtnInfRemove, 9, 400, 0, "Tahoma", 5) $BtnInfQuarantine = GUICtrlCreateButton("Quarantine", 140, 125, 120, 30) GuiCtrlSetFont($BtnInfQuarantine, 9, 400, 0, "Tahoma", 5) $BtnInfSelAll = GUICtrlCreateButton("Select all", 410, 125, 110, 30) GuiCtrlSetFont($BtnInfSelAll, 9, 400, 0, "Tahoma", 5) $BtnInfSelNone = GUICtrlCreateButton("Select none", 520, 125, 110, 30) GuiCtrlSetFont($BtnInfSelNone, 9, 400, 0, "Tahoma", 5) $lvInfections = GUICtrlCreateListView("Name | | Date | Source | String", 20, 160, 610, 210, -1) GuiCtrlSetFont($lvInfections, 9, 400, 0, "Tahoma", 5) _GUICtrlListView_SetExtendedListViewStyle($lvInfections, BitOR($LVS_EX_GRIDLINES, $LVS_EX_FULLROWSELECT, _ $LVS_EX_SUBITEMIMAGES, $LVS_EX_DOUBLEBUFFER, _ $LVS_EX_CHECKBOXES)) _GUICtrlListView_SetColumnWidth($lvInfections, 0, 180) _GUICtrlListView_SetColumnWidth($lvInfections, 1, 30) _GUICtrlListView_SetColumnWidth($lvInfections, 2, 100) _GUICtrlListView_SetColumnWidth($lvInfections, 3, 350) _GUICtrlListView_SetColumnWidth($lvInfections, 4, 250) $hImage = _GUIImageList_Create(16, 16, 5, 3) _GUIImageList_AddIcon($hImage, @ScriptFullPath, -209) _GUIImageList_AddIcon($hImage, @ScriptFullPath, -210) _GUIImageList_AddIcon($hImage, @ScriptFullPath, -211) _GUIImageList_AddIcon($hImage, @ScriptFullPath, -212) _GUIImageList_AddIcon($hImage, @ScriptFullPath, -213) _GUIImageList_AddIcon($hImage, @ScriptFullPath, -214) _GUIImageList_AddIcon($hImage, @ScriptFullPath, -215) _GUIImageList_AddIcon($hImage, @ScriptFullPath, -216) _GUIImageList_AddIcon($hImage, @ScriptFullPath, -217) _GUIImageList_AddIcon($hImage, @ScriptFullPath, -218) _GUIImageList_AddIcon($hImage, @ScriptFullPath, -219) _GUIImageList_AddIcon($hImage, @ScriptFullPath, -220) _GUIImageList_AddIcon($hImage, @ScriptFullPath, -221) _GUIImageList_AddIcon($hImage, @ScriptFullPath, -222) _GUICtrlListView_SetImageList($lvInfections, $hImage, 1) $eInInfo = GUICtrlCreateEdit("", 20, 420, 610, 100, BitOR($ES_READONLY, $WS_VSCROLL)) GuiCtrlSetFont(-1, 9, -1, -1, "Courier New") $InfProgress = GUICtrlCreateProgress(20, 375, 610, 15) $InfFileProgress = GUICtrlCreateProgress(20, 395, 610, 10) $lviContextMenu = GUICtrlCreateContextMenu($lvInfections) $lvicOpenConFolder = GUICtrlCreateMenuItem("Open Containing Folder", $lviContextMenu) $lvicVirTotal = GUICtrlCreateMenuItem("Send to VirusTotal.com", $lviContextMenu) GUICtrlCreateMenuItem("", $lviContextMenu) $lvicCopyMD5 = GUICtrlCreateMenuItem("Copy MD5", $lviContextMenu) GUICtrlCreateMenuItem("", $lviContextMenu) $lvicProperties = GUICtrlCreateMenuItem("Properties", $lviContextMenu) _LoadInfections() GuiCtrlSetOnEvent($BtnInfRemove, "_CleanSelectedMalware") GuiCtrlSetOnEvent($BtnInfSelAll, "_SelectAllInfections") GuiCtrlSetOnEvent($BtnInfSelNone, "_SelectNoneInfections") GuiCtrlSetOnEvent($lvicOpenConFolder, "_OpenContainingFolder") GuiCtrlSetOnEvent($lvicVirTotal, "_SendToVirusTotal") GuiCtrlSetOnEvent($lvicCopyMD5, "_CopyMD5") GUISetOnEvent($GUI_EVENT_CLOSE, "_CloseInfectionsWindow") GUIRegisterMsg($WM_NOTIFY, "INFECTIONS_WM_NOTIFY") GuiSetState(@SW_SHOW, $infGUI) GUISwitch($infGUI) EndFunc Func _OpenContainingFolder() Local $sItem = _GUICtrlListView_GetSelectedItemString($lvInfections) If $sItem <> "" Then Local $sSplit = StringSplit($sItem, "|") ShellExecute(_WinAPI_PathRemoveFileSpec($sSplit[4])) EndIf EndFunc Func _SendToVirusTotal() Local $sItem = _GUICtrlListView_GetSelectedItemString($lvInfections) If $sItem <> "" Then Local $sSplit = StringSplit($sItem, "|") ShellExecute(@ScriptDir & "\Bin\VirusTotalUpload2.exe", """" & $sSplit[4] & """") EndIf EndFunc Func _CopyMD5() Local $sItem = _GUICtrlListView_GetSelectedItemString($lvInfections) If $sItem <> "" Then Local $sSplit = StringSplit($sItem, "|") ClipPut($sSplit[5]) EndIf EndFunc Func _startInfProcess() GuiCtrlSetState($BtnInfRemove, $GUI_DISABLE) GuiCtrlSetState($BtnInfQuarantine, $GUI_DISABLE) GuiCtrlSetState($BtnInfSelAll, $GUI_DISABLE) GuiCtrlSetState($BtnInfSelNone, $GUI_DISABLE) EndFunc Func _endInfProcess() GuiCtrlSetState($BtnInfRemove, $GUI_ENABLE) GuiCtrlSetState($BtnInfQuarantine, $GUI_ENABLE) GuiCtrlSetState($BtnInfSelAll, $GUI_ENABLE) GuiCtrlSetState($BtnInfSelNone, $GUI_ENABLE) EndFunc Func _CloseInfectionsWindow() GUIDelete($infGUI) _endProcessing() EndFunc Func INFECTIONS_WM_NOTIFY($hWnd, $iMsg, $iwParam, $ilParam) #forceref $hWnd, $iMsg, $iwParam Local $hWndFrom, $iIDFrom, $iCode, $tNMHDR, $hWndListView, $tInfo ;~ Local $tBuffer $hWndListView = $lvInfections If Not IsHWnd($lvInfections) Then $hWndListView = GUICtrlGetHandle($lvInfections) $tNMHDR = DllStructCreate($tagNMHDR, $ilParam) $hWndFrom = HWnd(DllStructGetData($tNMHDR, "hWndFrom")) $iIDFrom = DllStructGetData($tNMHDR, "IDFrom") $iCode = DllStructGetData($tNMHDR, "Code") Switch $hWndFrom Case $hWndListView Switch $iCode Case $NM_CLICK ; Sent by a list-view control when the user clicks an item with the left mouse button $tInfo = DllStructCreate($tagNMITEMACTIVATE, $ilParam) _DisplayListViewItemInfo(DllStructGetData($tInfo, "Index")) Case $NM_DBLCLK ; Sent by a list-view control when the user double-clicks an item with the left mouse button Case $LVN_KEYDOWN ; A key has been pressed Local $iSel = _GUICtrlListView_GetSelectedIndices($hWndListView, True) If $iSel[0] > 0 Then _DisplayListViewItemInfo($iSel[1]) Case $LVN_ITEMACTIVATE ; Sent by a list-view control when the user activates an item ;_OpenContainingFolder() Case $LVN_DELETEITEM ; An item is about to be deleted $InfCount -= 1 _UpdateInfectionStatus() EndSwitch EndSwitch Return $GUI_RUNDEFMSG EndFunc ;==>_REPORT_WM_NOTIFY Func _DisplayListViewItemInfo($li = 0) Local $sItem = _GUICtrlListView_GetItemTextString($lvInfections, $li) GUICtrlSetData($eInInfo, "") Local $fInfo = "" If StringLen($sItem) > 5 Then Local $sSplit = StringSplit($sItem, "|") GuiCtrlSetData($eInInfo, "NAME: " & $sSplit[1] & @CRLF & @CRLF) If StringInStr($sSplit[1], "Rogue") Then GuiCtrlSetData($eInInfo, GUICtrlRead($eInInfo) & "Description:" & @TAB & _ "Rogue security software (or rogueware) is a form of computer malware" & @CRLF & _ "that deceives or misleads users into paying for the fake or" & @CRLF & _ "simulated removal of malware, or that installs other malware. Rogue" & @CRLF & _ "security software, in recent years, has become a growing and serious" & @CRLF & _ "security threat in desktop computing.") ElseIf StringInStr($sSplit[1], "Malware") Then GuiCtrlSetData($eInInfo, GUICtrlRead($eInInfo) & "Malware, short for malicious software, is software designed " & _ "to harm or secretly access a computer without the owner's informed consent. Software " & _ "is considered to be malware based on the perceived intent of the creator rather " & _ "than any particular features. Malware includes computer viruses, worms, trojan " & _ "horses, spyware, dishonest adware, scareware, crimeware, most rootkits, and other " & _ "malicious and unwanted software or program.") EndIf EndIf EndFunc Func _CleanSelectedMalware() _startInfProcess() Local $P = 0 If _GUICtrlListView_GetItemCount($lvInfections) > 0 Then Local $iCount = _GUICtrlListView_GetItemCount($lvInfections) For $n = 0 To $iCount Local $cCount = _GUICtrlListView_GetItemChecked($lvInfections, $n) If $cCount = 1 Then Local $sItem = _GUICtrlListView_GetItemTextString($lvInfections, $n) Local $sSplit = StringSplit($sItem, "|") If @error Then ContinueLoop If _FileDeleteUnlock($sSplit[4]) Then _GUICtrlListView_DeleteItem($lvInfections, $n) $n = $n - 1 $P += 1 GuiCtrlSetData($InfProgress, ($P / $iCount) * 100) ;_CompileLogFile("Removed '" & $sSplit[4] & "' - " & $sSplit[1]) ;$InfCount = _GUICtrlListView_GetItemCount($lvInfections) ;_UpdateInfectionStatus() EndIf EndIf Next _SaveInfectionsList() GuiCtrlSetData($InfProgress, 0) EndIf If $delOnReboot <> 0 Then If MsgBox(52, $title, $delOnReboot & " Files could not be removed. We will attempt to remove these files " & _ "the next time you restart your computer. Would you like to restart Windows now? " & _ "Press ‘No’ to restart later.") = 6 Then _CloseOnError() Shutdown(18) EndIf $delOnReboot = 0 EndIf _UpdateInfectionStatusImage() _UpdateInfectionImages() _endInfProcess() EndFunc Func _SelectAllInfections() _GUICtrlListView_SetItemsChecked($lvInfections) EndFunc Func _SelectNoneInfections() _GUICtrlListView_SetItemsChecked($lvInfections, False) EndFunc Func _SaveInfectionsList() GUICtrlSetData($eScan, "Saving infection list, Please wait...") FileSetAttrib(@ScriptDir & "\db\Infections.db3", "-RS") FileDelete($InFile) If _GUICtrlListView_GetItemCount($lvInfections) > 0 Then Local $Count = _GUICtrlListView_GetItemCount($lvInfections) If _FileCountLines($InFile) <> $Count Then ;If FileExists($InFile) Then For $i = 0 To $Count - 1 Local $sItem = _GUICtrlListView_GetItemTextString($lvInfections, $i) Local $oInFile = FileOpen($InFile, 1) If $oInFile = -1 Then ;~ FileClose($osInFile) ExitLoop EndIf FileWriteLine($oInFile, $sItem & @CRLF) FileClose($oInFile) GUICtrlSetData($InfProgress, ($i / $Count) * 100) Next ;EndIf EndIf EndIf FileSetAttrib($InFile, "+RS") GUICtrlSetData($InfProgress, 0) GUICtrlSetData($eScan, "") EndFunc Func _LoadInfections() $InfCount = 0 Local $oInFile = FileOpen($InFile, 0) GUICtrlSetData($eScan, "Loading infections, please wait...") _CompileLogFile("Loading infections...") ; Check if file opened for reading OK If $oInFile = -1 Then If Not FileExists($InFile) Then _CompileLogFile("No infections found (0)") Else _CompileLogFile("ERROR: Could not load Infections. (" & $InFile & ")") EndIf Else _CompileLogFile("Infections: " & _FileCountLines($InFile)) ; Read in lines of text until the EOF is reached While 1 Local $iLine = FileReadLine($oInFile) If @error = -1 Then ExitLoop Local $inlTemp = StringSplit($iLine, "|") If $inlTemp[0] >= 5 Then If StringInStr($inlTemp[5], "HKEY_") Then Local $KEYSpl = StringSplit($inlTemp[5], "-->", 1) If $KEYSpl[0] >= 2 Then If RegRead(_CleanString($KEYSpl[1], 3), _CleanString($KEYSpl[2], 3)) <> "" Then $InfCount += 1 GUICtrlCreateListViewItem($iLine, $lvInfections) ;$Count += 1 EndIf EndIf ElseIf FileExists($inlTemp[4]) Then GUICtrlCreateListViewItem($iLine, $lvInfections) $InfCount += 1 EndIf EndIf WEnd EndIf FileClose($oInFile) GUICtrlSetData($eScan, "") _UpdateInfectionStatus() _UpdateInfectionImages() _UpdateInfectionStatusImage() EndFunc Func _UpdateInfectionImages() If _GUICtrlListView_GetItemCount($lvInfections) > 0 Then Local $lvCount = _GUICtrlListView_GetItemCount($lvInfections) For $n = 0 To $lvCount Local $sItem = _GUICtrlListView_GetItemTextString($lvInfections, $n) Local $sSplit = StringSplit($sItem, "|") If StringInStr($sSplit[4], "HKEY_") Then _GUICtrlListView_SetItemImage($lvInfections, $n, 7 + $sSplit[2]) Else _GUICtrlListView_SetItemImage($lvInfections, $n, $sSplit[2]) EndIf Next EndIf EndFunc Func _WarningsInterface() Local $hWarnImg _startProcessing() $warnGUI = GUICreate("Malware Infections", 650, 550, -1, -1) GUISetIcon(@ScriptFullPath, 208, $warnGUI) GUICtrlCreateIcon(@ScriptFullPath, 208, 20, 25, 64, 64) $lblWarnHead = GUICtrlCreateLabel("0 Warnings", 120, 20, 600, 30) GUICtrlSetFont($lblWarnHead, 12, 400, 0, "Tahoma", 5) GUICtrlCreateLabel( "These warnings are not malware. Malware Cleaner will warn you if it finds an item that behaves like or have the characteristics of " & _ "malware. Note: This is not the same as heuristics, so these warnings should not be seen as malware, but could be.", 120, 50, 500, 55) GUICtrlSetFont(-1, 9, 400, 0, "Tahoma", 5) $lvWarnings = GUICtrlCreateListView("Name | Source | Description", 20, 140, 610, 210, -1) GuiCtrlSetFont($lvWarnings, 9, 400, 0, "Tahoma", 5) _GUICtrlListView_SetExtendedListViewStyle($lvWarnings, BitOR( $LVS_EX_GRIDLINES, $LVS_EX_FULLROWSELECT, _ $LVS_EX_SUBITEMIMAGES, $LVS_EX_DOUBLEBUFFER)) _GUICtrlListView_SetColumnWidth($lvWarnings, 0, 200) _GUICtrlListView_SetColumnWidth($lvWarnings, 1, 500) _GUICtrlListView_SetColumnWidth($lvWarnings, 2, 300) $hWarnImg = _GUIImageList_Create(16, 16, 5, 3) _GUIImageList_AddIcon($hWarnImg, @ScriptFullPath, -208) _GUICtrlListView_SetImageList($lvWarnings, $hWarnImg, 1) _LoadWarnings() GUISetOnEvent($GUI_EVENT_CLOSE, "_CloseWarningsWindow") GuiSetState(@SW_SHOW, $warnGUI) GUISwitch($warnGUI) EndFunc Func _CloseWarningsWindow() GUIDelete($warnGUI) _endProcessing() EndFunc Func _RecordWarning($sName, $sSource) FileSetAttrib($WarnFile, "-RS") Local $sWarnFile = FileRead($WarnFile) If Not StringRegExp($sWarnFile, _GetRegExpLiterals($sSource), 0) Then Local $oWarnFile = FileOpen($WarnFile, 1) If $oWarnFile = -1 Then FileClose($oWarnFile) Else FileWriteLine($oWarnFile, $sName & "|" & $sSource & "|" & _GetWarningDescription($sName) & @CRLF) FileClose($oWarnFile) $WarnCount += 1 EndIf EndIf FileSetAttrib($WarnFile, "+RS") _UpdateWarningStatus() ;_UpdateWarningImages() EndFunc Func _LoadWarnings() $WarnCount = 0 Local $oWarnFile = FileOpen($WarnFile, 0) GUICtrlSetData($eScan, "Loading Warnings, please wait...") ; Check if file opened for reading OK If $oWarnFile = -1 Then If Not FileExists($WarnFile) Then _CompileLogFile("No warnings found (0)") Else _CompileLogFile("ERROR: Could not load warnings. (" & $WarnFile & ")") EndIf Else _CompileLogFile("Warnings: " & _FileCountLines($WarnFile)) ; Read in lines of text until the EOF is reached While 1 Local $iLine = FileReadLine($oWarnFile) If @error = -1 Then ExitLoop Local $wsplTemp = StringSplit($iLine, "|") If StringInStr($wsplTemp[2], "HKEY_") Then Local $KEYSpl = StringSplit($wsplTemp[2], "-->", 1) If RegRead(_CleanString($KEYSpl[1], 3), _CleanString($KEYSpl[2], 3)) <> "" Then $WarnCount += 1 GUICtrlCreateListViewItem($iLine, $lvWarnings) EndIf ElseIf FileExists($wsplTemp[2]) Then GUICtrlCreateListViewItem($iLine, $lvWarnings) $WarnCount += 1 EndIf WEnd EndIf FileClose($oWarnFile) GUICtrlSetData($eScan, "") _UpdateWarningStatus() _UpdateWarningImages() EndFunc Func _UpdateWarningImages() If _GUICtrlListView_GetItemCount($lvWarnings) > 0 Then Local $Count = _GUICtrlListView_GetItemCount($lvWarnings) For $x = 0 To $Count _GUICtrlListView_SetItemImage($lvWarnings, $x, 0) Next EndIf EndFunc Func _GetWarningDescription($sName) Switch $sName Case "UserProfileDir Startup" Return "UserProfileDir" EndSwitch EndFunc Func _FileDeleteUnlock($Source) GuiCtrlSetData($InfFileProgress, 0) Sleep(100) GuiCtrlSetData($InfFileProgress, 10) If FileExists($Source) Then If Not FileDelete($Source) Then Sleep(100) ;_KillProcess(_SearchProcess($Source)) GuiCtrlSetData($InfFileProgress, 20) Sleep(100) If FileExists($Source) Then If Not FileDelete($Source) Then Sleep(100) _CompileLogFile("ERROR: Could not remove '" & $Source & "'") _CompileLogFile("The file will be deleted on the next reboot.") _FileDeleteOnReboot($Source) $delOnReboot += 1 GuiCtrlSetData($InfFileProgress, 60) Sleep(250) EndIf EndIf EndIf EndIf GuiCtrlSetData($InfFileProgress, 0) If FileExists($Source) Then Return False Else Return True EndIf EndFunc Func _KillProcess($sProc) Local $Plist = ProcessList($sProc) For $i = 1 To $Plist[0][0] If ProcessExists($Plist[$i][0]) Then If _KillSingleProcess($Plist[$i][1]) = False Then ProcessClose($Plist[$i][0]) EndIf EndIf Next EndFunc Func _KillSingleProcess($PID) If ProcessClose($PID) Then _CompileLogFile($PID & " Process Closed.") Return True Else Switch @error Case 1 _CompileLogFile("ERROR: " & $PID & "(OpenProcess failed)") Case 2 _CompileLogFile("ERROR: " & $PID & "(AdjustTokenPrivileges Failed)") Case 3 _CompileLogFile("ERROR: " & $PID & "(TerminateProcess Failed)") Case 4 _CompileLogFile("ERROR: " & $PID & "(Cannot verify if process exists)") EndSwitch Return False EndIf EndFunc Func _SearchProcess($sSource) Local $sProcess $sProcess = StringSplit($sSource, "\") Return $sProcess[$sProcess[0]] EndFunc Func _CompileLogFile($lMsg, $TP = True) Local $lFile, $Pre = "" If Not FileExists($lDir) Then DirCreate($lDir) $lFile = FileOpen($lDir & "\" & $lFileName, 1) If $lFile = -1 Then FileClose($lFile) EndIf If $TP Then $Pre = _TimePrefix() FileWriteLine($lFile, $Pre & $lMsg & @CRLF) FileClose($lFile) $Pre = "" EndFunc Edited May 4, 2011 by Rizonetech Rizonesoft Open Source Home Scripts: Complete Internet Repair | Development: Rizonesoft SDK Link to comment Share on other sites More sharing options...
JScript Posted May 4, 2011 Share Posted May 4, 2011 Looks good! I'll try... http://forum.autoitbrasil.com/ (AutoIt v3 Brazil!!!) Somewhere Out ThereJames Ingram Download Dropbox - Simplify your life!Your virtual HD wherever you go, anywhere! Link to comment Share on other sites More sharing options...
Rizonetech Posted May 4, 2011 Author Share Posted May 4, 2011 Let me know what you think. Rizonesoft Open Source Home Scripts: Complete Internet Repair | Development: Rizonesoft SDK Link to comment Share on other sites More sharing options...
Vinh Posted May 5, 2011 Share Posted May 5, 2011 Are you check MD5's file? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now