Jump to content
Sign in to follow this  
BlazerV60

Has anyone ever created a Virus Scanner with AutoIt?

Recommended Posts

BlazerV60

I searched through the forum but couldn't find any, then again I didn't search THAT deep.

Anyone know of any?

Would be pretty cool if someone created a virus scanner with AutoIt and continuously update it.

 

Share this post


Link to post
Share on other sites
guinness

Leave it to the experts methinks.

  • Like 1

UDF List:

 
_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_ArrayFilter/_ArrayReduce_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 22/04/2018

Share this post


Link to post
Share on other sites
iamtheky

The upkeep on that would be ridiculous.


,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Share this post


Link to post
Share on other sites
Bert

I searched through the forum but couldn't find any, then again I didn't search THAT deep.

Anyone know of any?

Would be pretty cool if someone created a virus scanner with AutoIt and continuously update it.

 

I love your enthusiasm, but this is an extremely BAD idea for a host of reasons

1. AutoIt is a simple scripting language. Antivirus software is something that has to get into the nooks an crannies of the OS. AutoIt can't do this.

2. Updating. The updates you get from the Antivirus companies is worked on by a team of people full time. They have labs where they set viruses loose so they can study them, disassemble then when possible, and figure out how they work so they can stop them from infecting your rig.

3. being bug free as QUICKLY as possible. This same host of engineers has to release code that is as bug free as possible and as fast as possible. In some cases in a matter of hours. This is a very stressful task.

I can keep going but you get the idea. Keep thinking of how to use AutoIt for you daily needs as well as for something fun.

  • Like 1

Share this post


Link to post
Share on other sites
willichan

I have used AutoIt for removing a specific virus/malware, but as MBALZESHARI points out, AutoIt is not a practical language for a virus scanner.

Before switching to Kaspersky, we used to wait days (sometimes weeks) after a zero-day infection to get signature files from Symantec.  Since waiting was not an option, we used AutoIt to create our own cleanup scripts for each specific infection.  I eventually several of them into one cleanup script, but once the list of malware I would handle got so long, the script was no longer able to respond quickly enough the stop the malware from respawning.

It is a nice practice if you want to learn some of the ways that malware/viruses infect your system, and how to remove them, but it would never replace a commercial product.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Similar Content

    • greichert
      By greichert
      I am running the following code:
      DirRemove("C:\Desktop\Install.zip",1) I don't receive an error but the folder is not deleted. If i run this same script on a non zipped folder it works fine. Does DirRemove not work for zipped files? If not is there a way to delete them?
    • Haselnuzz
      By Haselnuzz
      Hi and Hello from a Noob..:-)
      i have a very weird problem. I fill up a 2d array with a)numbers and b)letters from A-Z, so 2 columns. This works absolutely perfect. But as soon as i try to sort them (numbers ascending) the array ends up in some kind of "String-sortation". What exactly am i doin wrong? To make it easy, i post below the piece of code, which i am talking about. Hope that someone can help me out.
      Func Analyse()
          Local $BasisArray[0]
          Local $aFill = "A" & "|B" & "|C" & "|D" & "|E" & "|F" & "|G" & "|H" & "|I" & "|J" & "|K" & "|L" & "|M" & "|N" & "|O" & "|P" & "|Q" & "|R" & "|S" & "|T" & "|U" & "|V" & "|W" & "|X" & "|Y" & "|Z"
          _ArrayAdd ($BasisArray, $afill)
          Local $FreqArray[0][2]=[[]]
       
          $row = 0

          For $i = 0 to 25
       
              $fummel = _ArrayToString ($BasisArray, ":" , $row, $row)
              $readout = _GUICtrlRichEdit_GetText ($hRichEdit)
              $anzAs = stringreplace ($readout, $fummel, $fummel)
              $extended = @extended
              $FreqFill = $extended & "|" & $fummel
              _ArrayAdd($FreqArray, $FreqFill)
       
              $row = $row + 1
          Next
          _ArrayDisplay($FreqArray, "2D - Item delimited")
          _ArraySort($FreqArray)
          _ArrayDisplay($FreqArray, "bla")
       
       
      Thanks for helping me,
       
      Cheers,
       
      Patrick
    • greichert
      By greichert
      I am running an exe, that copies a seperate exe (test123.exe)from my computer and puts it onto a remote server "testserver". Everything  works fine up to this point. I need to run this copied exe (test123.exe) on "testserver" but it keeps running on my computer instead. The code I am using to run the exe is below. What am I doing wrong? How can I get this executable to run on the remote server and not my home computer?
      RunWait( "\\testserver.domain.com\c$\user1\greichert\Desktop\InstallEXE\InstallEXE\test123.exe","\\testserver.domain.com\c$\Users\user1\Desktop\InstallEXE\InstallEXE");run exe  
    • greichert
      By greichert
      I am trying to stop a windows service on a separate server than where my script is running. When I run the following script on the same server as the service I need to stop, it works fine. 
      RunWait(@ComSpec & " /c net stop FascetAgentfv2", @ScriptDir, @SW_HIDE);stop agent But when I change "@ScriptDir" to ""\\newserver\c$\Program Files\test\" and run it on my server nothing happens. I tried to error handle and all it was returning was "2". Any suggestions?
    • ufukreis1212
      By ufukreis1212
      Hello, I am new members. Help me please. I want vbs convert to au3 .
      This vbs code : 
      'deneme Set SystemSet = GetObject("winmgmts:").InstancesOf ("Win32_OperatingSystem") strOSArch = GetObject("winmgmts:root\cimv2:Win32_OperatingSystem=@").OSArchitecture Set objNetwork = CreateObject("Wscript.Network") Set wshShell = CreateObject( "WScript.Shell" ) strComputerName = wshShell.ExpandEnvironmentStrings( "%COMPUTERNAME%" ) Set oShell = WScript.CreateObject("WScript.Shell") proc_arch = oShell.ExpandEnvironmentStrings("%PROCESSOR_ARCHITECTURE%") Set oEnv = oShell.Environment("SYSTEM") strComputer = "." Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2") Set colMB = objWMIService.ExecQuery("Select * from Win32_BaseBoard") Set colCSes = objWMIService.ExecQuery("SELECT * FROM Win32_ComputerSystem") Set colProcessors = objWMIService.ExecQuery("Select * from Win32_Processor") Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2") Set colItemsx = objWMIService.ExecQuery( _ "SELECT * FROM Win32_VideoController",,48) '------------------------------------------------------------------- Set obj = GetObject("winmgmts:").InstancesOf("Win32_PhysicalMemory") i = 1 For Each obj2 In obj memTmp1 = obj2.capacity / 1024 / 1024 TotalRam = TotalRam + memTmp1 i = i +1 Next '-------------------------------------------------------------------- Dim objWMIService : Set objWMIService = GetObject("winmgmts:\\.\root\cimv2") Set colItems = objWMIService.ExecQuery("Select Architecture from Win32_Processor") For Each objItem in colItems if objItem.Architecture = 0 then strArchitecture = "x86" end if if objItem.Architecture = 9 then strArchitecture = "x64" end if next '-------------------------------------------------------------------- strComputer = "." ' Local computer strMemory = "" i = 1 set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2") set colItems = objWMIService.ExecQuery("Select * from Win32_PhysicalMemory") For Each objItem In colItems if strMemory <> "" then strMemory = strMemory & vbcrlf strMemory = strMemory & "Bank" & i & " : " & (objItem.Capacity /1024 /1024) & " Mb" i = i + 1 Next installedModules = i - 1 Set colItems = objWMIService.ExecQuery("Select * from Win32_PhysicalMemoryArray") For Each objItem in colItems totalSlots = objItem.MemoryDevices Next '---------------------------------------------------------------------- Set objWMISvc = GetObject( "winmgmts:\\.\root\cimv2" ) Set colItems = objWMISvc.ExecQuery( "Select * from Win32_ComputerSystem" ) For Each objItem in colItems strComputerDomain = objItem.Domain Next for each System in SystemSet For Each objItem in colItemsx For Each objProcessor in colProcessors For Each bbType In colMB MbVendor = bbType.Manufacturer MbModel = bbType.Product MsgBox "İşletim Sistemi : " & System.Caption & vbNewLine & _ "İşletim Sistemi Versionu : " & + System.Version & vbNewLine & _ "Windows Mimari Yapısı: " & strOSArch & vbNewLine & _ "Kullanıcı isminiz: " & objNetwork.UserName & vbNewLine & _ "Bilgisayar ismi: " & strComputerName & vbNewLine & _ "Çalışma Grubu: " & strComputerDomain & vbNewLine & _ "--------------------------------------" & vbNewLine & _ "Anakart: " & MbVendor & " " & "[" & MbModel & "]" & vbNewLine & _ "--------------------------------------" & vbNewLine & _ "Grafik Kartı: " & objItem.Caption & vbNewLine & _ "Driver Version: " & objItem.DriverVersion & vbNewLine & _ "--------------------------------------" & vbNewLine & _ "İşlemci Üreticisi: " & objProcessor.Manufacturer & vbNewLine & _ "İşlemci İsmi: " & objProcessor.Name & vbNewLine & _ "CPU Mimarisi: " & strArchitecture & vbNewLine & _ "İşlemci Çekirdek sayısı: " & oEnv("NUMBER_OF_PROCESSORS") & vbNewLine & _ "--------------------------------------" & vbNewLine & _ "Toplam RAM: " & TotalRam & " MB" & vbNewLine & _ "Toplam Slot: " & totalSlots & vbNewLine & _ "Boş Slot: " & (totalSlots - installedModules) & vbNewLine & _ "Ramlerin bulunduğu slotlar:" & vbcrlf & strMemory,0,"deneme" Next Next Next Next please help me , thanks.
×