Count Deleted Files in Folders

Mateus_Terra · April 7, 2017

Sorry Sorry!!!

Was it something like that?

TraySetToolTip("Number of Viruses.exe Deleted: "&$ideleteexe0+$ideleteexe1+$ideleteexe2+$ideleteexe3+$ideleteexe4 &Chr(13)& "Number of Viruses.vbs Deleted: "&$iDeletevbs0+$iDeletevbs1+$iDeletevbs2+$iDeletevbs3+$iDeletevbs4)

Belini · April 7, 2017

You could create directory with the same file extension because windows does not allow more than one file with the same name and extension in the same folder, in this way the virus would be created and deleted only once!

#include <File.au3>

Global $count_vbs = 0, $count_exe = 0, $dir = FileSelectFolder("Search.", "")

AdlibRegister("Delete_virus", 200); Calls the function every 200 milliseconds

While 1
    Sleep(1000)
WEnd

Func Delete_virus()
    Local $files = _FileListToArray($dir, "*.*", 1); Searches only for files and ignores folders
    If Not @error Then; Only runs if you find files
        For $i = 1 To $files[0]
            $ext = StringTrimLeft($files[$i], StringInStr($files[$i], ".", 2, -1) - 1); Extract the extension
            If $ext = ".vbs" Or $ext = ".exe" Then; Verifies whether it is .vbs or .exe
                FileDelete($dir & "\" & $files[$i]); Delete file
                DirCreate($dir & "\" & $files[$i]); Creates a directory with the same file extension
                If $ext = ".vbs" Then
                    $count_vbs += 1; How many .vbs were deleted
                Else
                    $count_exe += 1; How many .exe were deleted
                EndIf
                TraySetToolTip(".vbs deleted: " & $count_vbs & @crlf & ".exe deleted: " & $count_exe); Shows information when hovering the mouse pointer
            EndIf
        Next
    EndIf
EndFunc   ;==>Delete_virus

Edited April 7, 2017 by Belini

Mateus_Terra · April 7, 2017

Ualllll, Excellent, perfect!
Thank you very much!

Mateus_Terra · April 7, 2017

I'm trying now to generate a kind of log in a txt to know the date and time the file was deleted and so I can monitor the attacks!

Melba23 · April 7, 2017

Mateus_Terra,

Then instead of simply adding to the count each time a file is deleted you will need to do something like this (untested):

; Check if a file has been deleted
If FileDelete("C:\Totvs\jboss-4.2.3.GA\bin\" & $arquivovbs) Then
    ; Add to the counter
    $iDeletevbs0 += 1
    ; Write to the log file
    ; Your log writing code goes here <<<<<<<<<<<<<<<<<
EndIf

As to writing to the log file, look at _FileWriteLog in the help file.

M23

Mateus_Terra · April 7, 2017

Shooooow ... UHUL!

Func Delete_virus()
Local $files = _FileListToArray($dir, "*.*", 1); Searches only for files and ignores folders
If Not @error Then; Only runs if you find files
For $i = 1 To $files[0]
$ext = StringTrimLeft($files[$i], StringInStr($files[$i], ".", 2, -1) - 1); Extract the extension
If $ext = ".vbs" Or $ext = ".exe" Then; Verifies whether it is .vbs or .exe
FileDelete($dir & "\" & $files[$i]); Delete file
               if $ext = ".vbs" Then
               FileWrite($LOCALDADOS1,"Virus.vbs detectado e Deletado as: "&_NowTime()&" do dia "&_NowDate())
   FileWriteLine($LOCALDADOS1,"")
Else
       FileWrite($LOCALDADOS1,"Virus.exe detectado e Deletado as: "&_NowTime()&" do dia "&_NowDate())
   FileWriteLine($LOCALDADOS1,"")
   EndIf
;~ DirCreate($dir & "\" & $files[$i]); Creates a directory with the same file extension
If $ext = ".vbs" Then
$count_vbs += 1; How many .vbs were deleted
Else
$count_exe += 1; How many .exe were deleted
EndIf
TraySetToolTip(".vbs deleted: " & $count_vbs & @crlf & ".exe deleted: " & $count_exe); Shows information when hovering the mouse pointer
EndIf
Next
EndIf
EndFunc

Belini · April 7, 2017

You can use FileWrite () and time macros to generate the log

#include <File.au3>
#include <Date.au3>

Global $count_vbs = 0, $count_exe = 0, $dir = FileSelectFolder("Search.", "")

AdlibRegister("Delete_virus", 200); Calls the function every 200 milliseconds

While 1
    Sleep(1000)
WEnd

Func Delete_virus()
    Local $files = _FileListToArray($dir, "*.*", 1); Searches only for files and ignores folders
    If Not @error Then; Only runs if you find files
        For $i = 1 To $files[0]
            $ext = StringTrimLeft($files[$i], StringInStr($files[$i], ".", 2, -1) - 1); Extract the extension
            If $ext = ".vbs" Or $ext = ".exe" Then; Verifies whether it is .vbs or .exe
                FileDelete($dir & "\" & $files[$i]); Delete file
                DirCreate($dir & "\" & $files[$i]); Creates a directory with the same file extension
                If $ext = ".vbs" Then
                    $count_vbs += 1; How many .vbs were deleted
                Else
                    $count_exe += 1; How many .exe were deleted
                EndIf
                TraySetToolTip(".vbs deleted: " & $count_vbs & @crlf & ".exe deleted: " & $count_exe); Shows information when hovering the mouse pointer
                ;FileWrite(@ScriptDir & "\Log's.txt", $files[$i] & " file deleted on " & @MDAY & "/" & @MON & "/"& @YEAR & " at " & @HOUR & ":" & @MIN & ":"& @SEC & @crlf); Write a log
                FileWrite(@ScriptDir & "\Log's.txt", $files[$i] & " file deleted on " & _NowDate() & " at " & _NowTime(5) & @crlf); Write a log
            EndIf
        Next
    EndIf
EndFunc   ;==>Delete_virus

Note: If folder creation is able to prevent the virus from creating new files then it will only be written to the log once and if you want to know how many attacks occurred, remove the DirCreate line ($ dir & "\" & $ files [$ i]) And the extension folders that were created!

Edited April 7, 2017 by Belini

Mateus_Terra · April 7, 2017

I'm trying a problem with FileSelectFolder ("Search.", "") Because in my application I would need it to search within several folders. This way it searches only in the marked folder and not in the subfolders

Mateus_Terra · April 7, 2017

Uhulll I got it with

_FileListToArrayRec($dir, "*.*", 1,1)

Belini · April 7, 2017

To list files in sub directories I use this way

#include <Date.au3>

Global $count_vbs = 0, $count_exe = 0

$dir = FileSelectFolder("Search.", "")

While 1
    list($dir, 0)
    Sleep(500)
WEnd

Func list($path = "", $counter = 0)
    $counter = 0
    $path &= '\'
    Local $list_files = '', $files, $file, $ext, $demand_file = FileFindFirstFile($path & '*')
    If $demand_file = -1 Then Return ''
    While 1
        $file = FileFindNextFile($demand_file)
        If @error Then ExitLoop
        If @extended Then
            If $counter >= 10 Then ContinueLoop
            list($path & $file, $counter + 1)
        Else
            $files = StringTrimLeft($path & $file, StringInStr($path & $file, "\", 2, -1))
            $ext = StringTrimLeft($files, StringInStr($files, ".", 2, -1) - 1); Extract the extension
            If $ext = ".vbs" Or $ext = ".exe" Then; Verifies whether it is .vbs or .exe
                FileDelete($path & $file); Delete file
                DirCreate($path & $file); Creates a directory with the same file extension
                If $ext = ".vbs" Then
                    $count_vbs += 1; How many .vbs were deleted
                Else
                    $count_exe += 1; How many .exe were deleted
                EndIf
                TraySetToolTip(".vbs deleted: " & $count_vbs & @CRLF & ".exe deleted: " & $count_exe); Shows information when hovering the mouse pointer
                FileWrite(@ScriptDir & "\Log's.txt", $files & " file deleted on " & _NowDate() & " at " & _NowTime(5) & @CRLF); Write a log
            EndIf
        EndIf
    WEnd
    FileClose($demand_file)
EndFunc   ;==>list

My question is if all executable files found are really viruses?

Edited April 7, 2017 by Belini

Mateus_Terra · April 7, 2017

He is finding several exe that I did not even know existed but I can not find the directory where he is being excluded.
How would I include the folder where I was excluded to include in the LOG? Difficult now in kkkkkk

Belini · April 7, 2017

$Path & $file contains the full path of the file.

FileWrite(@ScriptDir & "\Log's.txt", $path & $file & " file deleted on " & _NowDate() & " at " & _NowTime(5) & @CRLF); Write a log

Creating the folder with the same file name and extension prevented the virus from creating new files?

Edited April 7, 2017 by Belini

Mateus_Terra · April 7, 2017

Show show .... very good!
It's perfect now!
Now it's working to find a solution and block that ransomware.

Belini · April 8, 2017

I'm glad to have helped you!

Mateus_Terra · April 19, 2017

On 08/04/2017 at 9:26 AM, Belini said:

I'm glad to have helped you!

Belini Good morning, the application was perfect. But I wanted to implement a rule of not deleting a particular .EXE until I was able to do an IF but in the subfolders it is deleted. The rule is only valid in the $ dir directory

Global $count_vbs = 0, $count_exe = 0, $count_jpg = 0, $LOCALDADOS1 = "C:\Totvs\log_virus_Deletado.txt", $dir = FileSelectFolder("Escolha pasta a ser monitorada.", "")


AdlibRegister("Delete_virus", 200); Calls the function every 200 milliseconds

;~ jbosssvc.exe

While 1
    Sleep(1000)
WEnd

Func Delete_virus()
    Local $files = _FileListToArrayRec($dir, "*.*", 1,1); Searches only for files and ignores folders
        If Not @error Then; Only runs if you find files
                For $i = 1 To $files[0]
            $ext = StringTrimLeft($files[$i], StringInStr($files[$i], ".", 2, -1) - 1); Extract the extension
            If $files[$i] = "jbosssvc.exe" Then

               ElseIF $ext = ".vbs" Or $ext = ".exe" Or $ext = ".jpg" THEN ; Verifies whether it is .vbs or .exe

                  FileDelete($dir & "\" & $files[$i]); Delete file

                if $ext = ".vbs" Then
                FileWrite($LOCALDADOS1,".VBS Deletado as: "&_NowTime()&" do dia "&_NowDate()&", na pasta "&$dir & "\" & $files[$i])
      FileWriteLine($LOCALDADOS1,"")

   elseIf $ext = ".jpg" Then
                    FileWrite($LOCALDADOS1,".JPG Deletado as: "&_NowTime()&" do dia "&_NowDate()&", na pasta "&$dir & "\" & $files[$i])
      FileWriteLine($LOCALDADOS1,"")


   Elseif $files[$i] <> "jbosssvc.exe" then
        FileWrite($LOCALDADOS1,".EXE Deletado as: "&_NowTime()&" do dia "&_NowDate()&", na pasta "&$dir & "\" & $files[$i])
      FileWriteLine($LOCALDADOS1,"")



      EndIf
;~                 DirCreate($dir & "\" & $files[$i]); Creates a directory with the same file extension
                If $ext = ".vbs" Then
                    $count_vbs += 1; How many .vbs were deleted

                 ElseIf $ext = ".jpg" Then
                    $count_jpg += 1; How many .jpg were deleted

                Elseif $files[$i] <> "jbosssvc.exe" then
                    $count_exe += 1; How many .exe were deleted
                EndIf
                TraySetToolTip("Arquivos Deletados:"& @crlf &"EXE: " & $count_exe & @crlf & "JPG: " & $count_JPG & @crlf & "VBS: " & $count_vbs & @crlf & "Total:" & $count_vbs + $count_jpg + $count_exe & @crlf & @crlf & "Monitorando pasta:" & @crlf & $dir); Shows information when hovering the mouse pointer
            
            EndIf
        Next
    EndIf
EndFunc

Edited April 19, 2017 by Mateus_Terra

Melba23 · April 19, 2017

Mateus_Terra,

More than 2 weeks on and you are still having the same "virus" problem? Let me know the name of the company for which you work - I wish to avoid having anything to do with them.

M23

Mateus_Terra · April 19, 2017

Kkkkkk true .. I work in a health plan company that depends on a jboss application of Totvs, do you know? What happens is that Totvs needs to update this vulnerability, it does not depend on us! While we are testing other blocking solutions like pfsense, however, some services of this jboss application are being incompatible with pfsense. This way with autoit eu and 3 more of our companies are using this solution successfully! Did you understand our drama? What ever indication to totvs will take a while to sort this out!

Melba23 · April 19, 2017

Mateus_Terra,

Going a bit OT, but are your legal people on the case? It seems to me that your company is suffering damage here and they should be liable.

M23

Mateus_Terra · April 19, 2017

We suffered damages before autoit deleting .. still well we have backup and restore everything that was contaminated. The "virus" causes an .exe and .vbs to pop up in a particular jboss folder if it stays there it auto-executes generating the contamination. Deleting it immediately has no problem, so I can live with it without standing still!

Belini · April 19, 2017

I think that creating a variable always starting at zero and changing it to 1 whenever it can delete solves the problem

Global $count_vbs = 0, $count_exe = 0, $count_jpg = 0, $LOCALDADOS1 = "C:\Totvs\log_virus_Deletado.txt", $dir = FileSelectFolder("Escolha pasta a ser monitorada.", "")


AdlibRegister("Delete_virus", 200); Calls the function every 200 milliseconds

;~ jbosssvc.exe

While 1
    Sleep(1000)
WEnd

Func Delete_virus()
    Local $delete = 0, $files = _FileListToArrayRec($dir, "*.*", 1, 1); Searches only for files and ignores folders
    If Not @error Then; Only runs if you find files
        For $i = 1 To $files[0]
            $ext = StringTrimLeft($files[$i], StringInStr($files[$i], ".", 2, -1) - 1); Extract the extension
            If $files[$i] = "jbosssvc.exe" Then

            ElseIf $ext = ".vbs" Or $ext = ".exe" Or $ext = ".jpg" Then ; Verifies whether it is .vbs or .exe
                $delete = 0
                If $ext = ".vbs" Then
                    FileWrite($LOCALDADOS1, ".VBS Deletado as: " & _NowTime() & " do dia " & _NowDate() & ", na pasta " & $dir & "\" & $files[$i])
                    FileWriteLine($LOCALDADOS1, "")
                    $delete = 1
                ElseIf $ext = ".jpg" Then
                    FileWrite($LOCALDADOS1, ".JPG Deletado as: " & _NowTime() & " do dia " & _NowDate() & ", na pasta " & $dir & "\" & $files[$i])
                    FileWriteLine($LOCALDADOS1, "")
                    $delete = 1

                ElseIf $files[$i] <> "jbosssvc.exe" Then
                    FileWrite($LOCALDADOS1, ".EXE Deletado as: " & _NowTime() & " do dia " & _NowDate() & ", na pasta " & $dir & "\" & $files[$i])
                    FileWriteLine($LOCALDADOS1, "")
                    $delete = 1
                EndIf
;~                 DirCreate($dir & "\" & $files[$i]); Creates a directory with the same file extension
                If $ext = ".vbs" Then
                    $count_vbs += 1; How many .vbs were deleted

                ElseIf $ext = ".jpg" Then
                    $count_jpg += 1; How many .jpg were deleted

                ElseIf $files[$i] <> "jbosssvc.exe" Then
                    $count_exe += 1; How many .exe were deleted
                EndIf
                TraySetToolTip("Arquivos Deletados:" & @CRLF & "EXE: " & $count_exe & @CRLF & "JPG: " & $count_jpg & @CRLF & "VBS: " & $count_vbs & @CRLF & "Total:" & $count_vbs + $count_jpg + $count_exe & @CRLF & @CRLF & "Monitorando pasta:" & @CRLF & $dir); Shows information when hovering the mouse pointer

                If $delete = 1 Then FileDelete($dir & "\" & $files[$i]); Delete file
            EndIf
        Next
    EndIf
EndFunc   ;==>Delete_virus

Sign In

Count Deleted Files in Folders

Recommended Posts

Mateus_Terra

Belini

Mateus_Terra

Mateus_Terra

Melba23

Mateus_Terra

Belini

Mateus_Terra

Mateus_Terra

Belini

Mateus_Terra

Belini

Mateus_Terra

Belini

Mateus_Terra

Melba23

Mateus_Terra

Melba23

Mateus_Terra

Belini

Create an account or sign in to comment

Create an account

Sign in

Recently Browsing 0 members

Browse

AutoIt Resources

Release

Beta