Sign in to follow this  
Followers 0
legend

help with virus removal.

6 posts in this topic

Hello.

we need to remove a virus on some computers,

the virus is stored in the userprofiles %appdata%.

with a random of: svc-randomname.exe

So I got this : FileDelete(@scriptdir & "svc-*.exe*")

But I also need to get the process name, to kill it, does anyone know how I can get the process name, 

If I know it starts with : svc- and ends with .exe ?

Share this post


Link to post
Share on other sites



You could either check StringLeft(), StringRight for an easy solution.

Or get your head around with RegExp.


Minesweeper

A minesweeper game created in autoit, source available.

_Mouse_UDF

An UDF for registering functions to mouse events, made in pure autoit.

2D Hitbox Editor

A 2D hitbox editor for quick creation of 2D sphere and rectangle hitboxes.

Share this post


Link to post
Share on other sites

Hello.

we need to remove a virus on some computers,

the virus is stored in the userprofiles %appdata%.

with a random of: svc-randomname.exe

So I got this : FileDelete(@scriptdir & "svc-*.exe*")

But I also need to get the process name, to kill it, does anyone know how I can get the process name, 

If I know it starts with : svc- and ends with .exe ?

This is a support forum for AutoIt scripts, not virus removal. There are many websites that handle this sort of thing.

Look here: http://bit.ly/135YH3h

Share this post


Link to post
Share on other sites

Using the wildcard in FileDelete will not get you where you need to be because you won't get a return of the file names.

If you use _FileListToArray() - you could get a list of the users appdata files and anything with sys in it, you could delete.

Personally i'd go a step further and try to generate a hash off a known bad file and search all user files for that hash.

Share this post


Link to post
Share on other sites

#6 ·  Posted (edited)

#include <MsgBoxConstants.au3>

$hSearch =  FileFindFirstFile(@AppDataDir & "\svc-*.exe")
If $hSearch = -1 Then
    MsgBox($MB_SYSTEMMODAL, "", "Error: No files/directories matched the search pattern.")
    Exit
EndIf

$sFileName = FileFindNextFile($hSearch)
ProcessClose($sFileName)
Sleep(1000)
FileDelete(@AppDataDir & "\svc-*.exe")

So easy ... You may need @LocalAppDataDir instead of @AppDataDir.

Edited by Inverted

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0