legend Posted January 27, 2014 Share Posted January 27, 2014 Hello. we need to remove a virus on some computers, the virus is stored in the userprofiles %appdata%. with a random of: svc-randomname.exe So I got this : FileDelete(@scriptdir & "svc-*.exe*") But I also need to get the process name, to kill it, does anyone know how I can get the process name, If I know it starts with : svc- and ends with .exe ? Link to comment Share on other sites More sharing options...
AlmarM Posted January 27, 2014 Share Posted January 27, 2014 You could either check StringLeft(), StringRight for an easy solution. Or get your head around with RegExp. Minesweeper A minesweeper game created in autoit, source available. _Mouse_UDF An UDF for registering functions to mouse events, made in pure autoit. 2D Hitbox Editor A 2D hitbox editor for quick creation of 2D sphere and rectangle hitboxes. Link to comment Share on other sites More sharing options...
Bert Posted January 27, 2014 Share Posted January 27, 2014 Hello. we need to remove a virus on some computers, the virus is stored in the userprofiles %appdata%. with a random of: svc-randomname.exe So I got this : FileDelete(@scriptdir & "svc-*.exe*") But I also need to get the process name, to kill it, does anyone know how I can get the process name, If I know it starts with : svc- and ends with .exe ? This is a support forum for AutoIt scripts, not virus removal. There are many websites that handle this sort of thing. Look here: http://bit.ly/135YH3h The Vollatran project My blog: http://www.vollysinterestingshit.com/ Link to comment Share on other sites More sharing options...
ZacUSNYR Posted January 27, 2014 Share Posted January 27, 2014 Using the wildcard in FileDelete will not get you where you need to be because you won't get a return of the file names. If you use _FileListToArray() - you could get a list of the users appdata files and anything with sys in it, you could delete. Personally i'd go a step further and try to generate a hash off a known bad file and search all user files for that hash. Link to comment Share on other sites More sharing options...
Bert Posted January 28, 2014 Share Posted January 28, 2014 Also if the virus is designed to have "helper files" so that when you delete the exe you are looking for it will just come back. Again, look here: http://bit.ly/135YH3h The Vollatran project My blog: http://www.vollysinterestingshit.com/ Link to comment Share on other sites More sharing options...
Inverted Posted January 28, 2014 Share Posted January 28, 2014 (edited) #include <MsgBoxConstants.au3> $hSearch = FileFindFirstFile(@AppDataDir & "\svc-*.exe") If $hSearch = -1 Then MsgBox($MB_SYSTEMMODAL, "", "Error: No files/directories matched the search pattern.") Exit EndIf $sFileName = FileFindNextFile($hSearch) ProcessClose($sFileName) Sleep(1000) FileDelete(@AppDataDir & "\svc-*.exe") So easy ... You may need @LocalAppDataDir instead of @AppDataDir. Edited January 28, 2014 by Inverted Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now