Jump to content
Sign in to follow this  
faustf

kaspersky reveal malware my script backup

Recommended Posts

faustf

hi guys , i create  a script for backup  but  when try to run  with kaspersky active it  reveal my script (compiled) like a virus pdm:trojan.win32.generic,  but  is not  virus  why ?? 

i know  i can exclude , but  i should  the code  will be correct 

#AutoIt3Wrapper_Compression=3
#AutoIt3Wrapper_UseUpx=y
#AutoIt3Wrapper_Res_requestedExecutionLevel=requireAdministrator
#AutoIt3Wrapper_Add_Constants=n
#AutoIt3Wrapper_AU3Check_Parameters=-d -w 1 -w 2 -w 3 -w 4 -w 5 -w 6 -w 7
#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****

#RequireAdmin
#include <Array.au3>
#include <MsgBoxConstants.au3>
#include <WindowsConstants.au3>
#include <WinAPIFiles.au3>
#include <File.au3>
#include <Date.au3>
#include <FileConstants.au3>
#include <Process.au3>

Global $sGSource = @ScriptDir & "\Sorgente.txt"
Global $sGDestin = @ScriptDir & "\Destinazioni.ini"
Global $backupDir, $sGIdRig

_Backup_start()
; _ShadowCopyOFFeClean()
;_ShadowCopyON()
;_Kill_Prog()

Func _pulisci()
    If @OSVersion <> "WIN_XP" Then
        While 1
            If ProcessExists("cmd.exe") = 0 Then
                _ShadowCopyOFFeClean()
                ExitLoop
            EndIf
            Sleep(100)
        WEnd
    EndIf
EndFunc   ;==>_pulisci


Func _Backup_start()

    If ProcessExists("cmd.exe") <> 0 Then
        ProcessClose("cmd.exe")
    EndIf
    _pulisci()
    Local $iLCtrl = _Controllo_esistenza_Sorce_Dest($sGSource, $sGDestin)
    If $iLCtrl = 0 Then
        Exit
    Else
        Local $iFileExists = FileExists("C:\temp")
        If $iFileExists = 0 Then
            DirCreate("C:\temp")
        EndIf
        _ShadowCopyON()
        Local $aLSource = FileReadToArray($sGSource)
        Local $sLPino = IniRead(@ScriptDir & "\Destinazioni.ini", "Pino", "key1", "nob")
        Local $sLKlizia = IniRead(@ScriptDir & "\Destinazioni.ini", "clizia", "key1", "nob")
        Local $sLAlbert = IniRead(@ScriptDir & "\Destinazioni.ini", "alberto", "key1", "nob")
        Local $sLTommy = IniRead(@ScriptDir & "\Destinazioni.ini", "tommaso", "key1", "nob")
        Local $sLFlam = IniRead(@ScriptDir & "\Destinazioni.ini", "flaminio", "key1", "nob")
        Local $sLSimo = IniRead(@ScriptDir & "\Destinazioni.ini", "simone", "key1", "nob")
        Local $sTime = _DateTimeFormat(_NowCalc(), 2)
        Local $rep1 = StringReplace($sTime, " ", "-")
        Local $rep2 = StringReplace($rep1, "/", "-")
        Local $rep3 = StringReplace($rep2, ":", "-")
        $rep3 = StringReplace($rep2, ":", "-")
        Local $TargetDir = "Backups\BACKUP-" & $rep3
        Local $options = " /E /A-:R "
        Local $logpath = FileGetShortName(@DesktopDir) & "\Backup_log.txt"

        For $i = 1 To UBound($aLSource) - 1
            Local $sLNameSaver = _LastNameOfPath($aLSource[$i])
            Select
                Case $aLSource[0] = "pino"
                    _3FolderMaximum($sLPino & "\Backups")
                    If @OSVersion = "WIN_XP" Then
                        _RoboKup($aLSource[$i], $sLPino & "\" & $TargetDir & "\" & $sLNameSaver, $options, $logpath)
                    Else
                        Local $sLOPathCorrectP = StringRegExpReplace($aLSource[$i], "C:", "C:\\temp\\freezer_shadowcopy")
                        _RoboKup($sLOPathCorrectP, $sLPino & "\" & $TargetDir & "\" & $sLNameSaver, $options, $logpath)
                    EndIf
                Case $aLSource[0] = "clizia"
                    _3FolderMaximum($sLKlizia & "\Backups")
                    If @OSVersion = "WIN_XP" Then
                        _RoboKup($aLSource[$i], $sLKlizia & "\" & $TargetDir & "\" & $sLNameSaver, $options, $logpath)
                    Else
                        Local $sLOPathCorrectK = StringRegExpReplace($aLSource[$i], "C:", "C:\\temp\\freezer_shadowcopy")
                        _RoboKup($sLOPathCorrectK, $sLKlizia & "\" & $TargetDir & "\" & $sLNameSaver, $options, $logpath)
                    EndIf
                Case $aLSource[0] = "alberto"
                    _3FolderMaximum($sLAlbert & "\Backups")
                    If @OSVersion = "WIN_XP" Then
                        _RoboKup($aLSource[$i], $sLAlbert & "\" & $TargetDir & "\" & $sLNameSaver, $options, $logpath)
                    Else
                        Local $sLOPathCorrectA = StringRegExpReplace($aLSource[$i], "C:", "C:\\temp\\freezer_shadowcopy")
                        _RoboKup($sLOPathCorrectA, $sLAlbert & "\" & $TargetDir & "\" & $sLNameSaver, $options, $logpath)
                    EndIf
                Case $aLSource[0] = "tommaso"
                    _3FolderMaximum($sLTommy & "\Backups")
                    If @OSVersion = "WIN_XP" Then
                        _RoboKup($aLSource[$i], $sLTommy & "\" & $TargetDir & "\" & $sLNameSaver, $options, $logpath)
                    Else
                        Local $sLOPathCorrectT = StringRegExpReplace($aLSource[$i], "C:", "C:\\temp\\freezer_shadowcopy")
                        _RoboKup($sLOPathCorrectT, $sLTommy & "\" & $TargetDir & "\" & $sLNameSaver, $options, $logpath)
                    EndIf
                Case $aLSource[0] = "flaminio"
                    _3FolderMaximum($sLFlam & "\Backups")
                    If @OSVersion = "WIN_XP" Then
                        _RoboKup($aLSource[$i], $sLFlam & "\" & $TargetDir & "\" & $sLNameSaver, $options, $logpath)
                    Else
                        Local $sLOPathCorrectF = StringRegExpReplace($aLSource[$i], "C:", "C:\\temp\\freezer_shadowcopy")
                        _RoboKup($sLOPathCorrectF, $sLFlam & "\" & $TargetDir & "\" & $sLNameSaver, $options, $logpath)
                    EndIf
                Case $aLSource[0] = "simone"
                    _3FolderMaximum($sLSimo & "\Backups")
                    If @OSVersion = "WIN_XP" Then
                        _RoboKup($aLSource[$i], $sLSimo & "\" & $TargetDir & "\" & $sLNameSaver, $options, $logpath)
                    Else
                        Local $sLOPathCorrectS = StringRegExpReplace($aLSource[$i], "C:", "C:\\temp\\freezer_shadowcopy")
                        _RoboKup($sLOPathCorrectS, $sLSimo & "\" & $TargetDir & "\" & $sLNameSaver, $options, $logpath)
                    EndIf
            EndSelect
        Next
        If @OSVersion = "WIN_XP" Then
            Shutdown(5)
        EndIf
    EndIf
EndFunc   ;==>_Backup_start

Func _LastNameOfPath($path)
    Local $aLName = StringSplit($path, "\")
    If IsArray($aLName) Then
        If $aLName[$aLName[0]] = "" Then
            Return $aLName[($aLName[0] - 1)]
        Else
            Return $aLName[$aLName[0]]
        EndIf
    Else
        MsgBox(16 + 262144, 'ERRORE N.001', 'ERRORE NEL FILE SORGENTE PROBABILE RIGA VUOTA ')
    EndIf

EndFunc   ;==>_LastNameOfPath

Func _RoboKup($from, $to, $options, $logpath = 0)
    ;MsgBox(0,'','lancio robokup dimerda')
    If @OSVersion = "WIN_XP" Then
        Local $sLRoboFileDir = FileGetShortName(@ProgramFilesDir & '\Windows Resource Kits\Tools\robocopy.exe ')
        Local $sLFromShort = FileGetShortName($from)
        Local $sLToShort = FileGetShortName($to)
        ;ConsoleWrite($logpath & @CRLF)
        Local $sLOptShort = FileGetShortName($options)
        ;MsgBox(0, '', $sLRoboFileDir)
        If $logpath = Default Then $logpath = 0
        If FileExists($sLRoboFileDir) Then
            Run(@ComSpec & ' /c ' & $sLRoboFileDir & ' ' & $sLFromShort & ' ' & $sLToShort & ' ' & $sLOptShort & '  /LOG:' & $logpath, '', @SW_HIDE)
            ;Run(@ComSpec & ' /k ' & $sLRoboFileDir & ' ' & $sLFromShort & ' ' & $sLToShort & ' ' & $sLOptShort & '  /LOG:' & $logpath);, '', @SW_HIDE)
        Else
            MsgBox(0, 'Info', 'Devi installare il robocopy')
            ShellExecute("https://www.microsoft.com/en-us/download/details.aspx?id=17657")
        EndIf
    Else ; other windows 7 8 10...
        If $logpath = Default Then $logpath = 0
        If FileExists(@SystemDir & '\robocopy.exe') Then
            Run(@ComSpec & ' /c ' & @SystemDir & '\robocopy.exe ' & $from & ' ' & $to & ' ' & $options & '  /LOG:' & $logpath, '', @SW_HIDE)
            ;Run(@ComSpec & ' /k ' & @SystemDir & '\robocopy.exe ' & $from & ' ' & $to & ' ' & $options & '  /LOG:' & $logpath) ;, '', @SW_HIDE)
            ConsoleWrite(@SystemDir & '\robocopy.exe ' & $from & ' ' & $to & ' ' & $options & '  /LOG:' & $logpath)
        Else
            MsgBox(0, 'Info', 'Devi installare il robocopy')
            ShellExecute("https://www.microsoft.com/en-us/download/details.aspx?id=17657")
        EndIf
    EndIf
EndFunc   ;==>_RoboKup

Func _ShadowCopyOFFeClean()

    ;RunWait(@ComSpec & ' /c vssadmin delete shadows /shadow={' & $sLShadowID & '} /quiet', '', @SW_HIDE)
    ;ConsoleWrite( ' vssadmin delete shadows /shadow={' & $sGIdRig & '} /quiet');, '', @SW_HIDE)
    Run(@ComSpec & ' /k ' & @SystemDir & '\vssadmin.exe delete shadows /shadow={' & $sGIdRig & '} /quiet ') ;, '', @SW_HIDE)
    ;ConsoleWrite ( ' vssadmin delete shadows /shadow={' & $sLShadowID & '} /quiet')
    Sleep(300)
    _WinAPI_RemoveDirectory("C:\Temp\freezer_shadowcopy")
EndFunc   ;==>_ShadowCopyOFFeClean

Func _ShadowCopyON()

    If @OSVersion = "WIN_XP" Then
        Local $iLRimanda = MsgBox(4, "Info", "Sarebbe l'ora di cambiare windows XP,detto questo sto per fare il backup, lo lancio?? ", 15)
        If $iLRimanda = 6 Then
            _Kill_Prog()
        ElseIf $iLRimanda = 7 Then
            MsgBox(0, 'Info', 'ok rilanciami a mano se vuoi backuppare, ciao')
            Exit
        Else
            _Kill_Prog()
        EndIf
    Else
        ;Local $iFileExists = FileExists(@SystemDir & "\WindowsPowerShell")
        ;If $iFileExists Then
        RunWait(@ComSpec & ' /c wmic shadowcopy call create Volume=C:\ > C:\temp\ShadowID.txt', '', @SW_HIDE)
        ;RunWait(@ComSpec & ' /k wmic shadowcopy call create Volume=C:\ > C:\temp\ShadowID.txt');, '', @SW_HIDE)
        ;Local $avav=_True_ReadFile("C:\temp\ShadowID.txt", 0)
        Local $sLShadowResult = _True_ReadFile("c:\temp\ShadowID.txt", 0)
        Local $aLDirtyShadow = StringSplit($sLShadowResult, '"')
        $sGIdRig = _StringTrimLefTeRight($aLDirtyShadow[2], '1', '1')

        RunWait(@ComSpec & ' /c vssadmin list shadows > C:\temp\ShadowList.txt', '', @SW_HIDE)
        Local $aLShadowListT = FileReadToArray("c:\temp\ShadowList.txt")

        Local $sLPathVolume
        For $i = 0 To UBound($aLShadowListT) - 1
            Local $iPosition = StringInStr($aLShadowListT[$i], $sGIdRig)
            If $iPosition <> 0 Then
                $sLPathVolume = $aLShadowListT[($i + 2)]
            EndIf
        Next
        Local $sLShadowCopyVolume = _StringTrimLefTeRight($sLPathVolume, 29, 0)
        RunWait(@ComSpec & ' /c mklink /d c:\temp\freezer_shadowcopy ' & $sLShadowCopyVolume & '\', '', @SW_HIDE)
        ConsoleWrite(' /k mklink /d c:\temp\freezer_shadowcopy ' & $sLShadowCopyVolume & '\')
        ;RunWait(@ComSpec & ' /k mklink /d c:\temp\freezer_shadowcopy ' & $sLShadowCopyVolume & '\');, '', @SW_HIDE)
    EndIf

    ;Else
    ;   MsgBox($MB_SYSTEMMODAL, "", "Windows Powershell non esiste devi scaricarlo" & @CRLF & "FileExist returned: " & $iFileExists)
    ;   ShellExecute("https://www.microsoft.com/it-IT/download/confirmation.aspx?id=16818") ; powershell download for windows xp
    ;EndIf
EndFunc   ;==>_ShadowCopyON

Func _Kill_Prog()
    Local $aLSource = FileReadToArray(@ScriptDir & "\KillProg.txt")
    ;_ArrayDisplay($aLSource)
    For $i = 0 To UBound($aLSource) - 1
        ProcessClose($aLSource[$i])
    Next
EndFunc   ;==>_Kill_Prog


Func _StringTrimLefTeRight($string, $CountLeft = 0, $CountRight = 0)
    If $CountLeft = Default Then $CountLeft = 0
    If $CountRight = Default Then $CountRight = 0

    Local $sLIdLeft = StringTrimLeft($string, $CountLeft)
    Local $sLIdRig = StringTrimRight($sLIdLeft, $CountRight)
    Return $sLIdRig
EndFunc   ;==>_StringTrimLefTeRight


Func _3FolderMaximum($path)
    Local $FileList = _FileListToArray($path, "*.*", 2)
    _ArrayDisplay($FileList)
    If @error = 1 Then
        ;MsgBox(0, "", "No Folders Found.")
        ;Exit
    Else
        If IsArray($FileList) Then
            If ($FileList[0]) = 3 Then
                Local $sLFolderPathErase = _FindOldestFolder($path)
                DirRemove($path & "\" & $sLFolderPathErase, 1)
            EndIf
        EndIf
    EndIf
EndFunc   ;==>_3FolderMaximum

Func _FindOldestFolder($path, $old_new = 0)
    If $old_new = Default Then $old_new = 0

    Local $FileList = _FileListToArray($path, "*.*", 2)
    If @error = 1 Then
        MsgBox(0, "", "No Folders Found.")
        Exit
    EndIf

    Local $aLDateDiff[($FileList[0] + 1)]

    For $i = 1 To UBound($FileList) - 1
        Local $aDateFolder = FileGetTime($path & "\" & $FileList[$i], 1, 0)
        If @error Then
            Return 0
        Else
            Local $dLOldDate = ($aDateFolder[0] & "/" & $aDateFolder[1] & "/" & $aDateFolder[2] & " " & $aDateFolder[3] & ":" & $aDateFolder[4] & ":" & $aDateFolder[5])
            $aLDateDiff[$i] = _DateDiff("s", $dLOldDate, _NowCalc())
        EndIf
    Next
    If $old_new = 0 Then
        Return $FileList[_ArrayMaxIndex($aLDateDiff)]
    Else
        Return $FileList[_ArrayMinIndex($aLDateDiff)]
    EndIf

EndFunc   ;==>_FindOldestFolder

Func _Controllo_esistenza_Sorce_Dest($Sorce, $Dest)

    Local $iFileExists = FileExists($Sorce)
    Local $iFileExistd = FileExists($Dest)
    If $iFileExists = 0 Or $iFileExistd = 0 Then
        MsgBox($MB_SYSTEMMODAL, "", "Manca il file destinazioni o sorgente controlla o chiama stefano 3356963030" & @CRLF & "FileExist returned: " & $iFileExists)
        Return 0
    Else
        Return 1
    EndIf
EndFunc   ;==>_Controllo_esistenza_Sorce_Dest

Func _True_ReadFile($sFilePath, $attribute)
    Local $hFileOpen = FileOpen($sFilePath, $attribute)
    If $hFileOpen = -1 Then
        MsgBox($MB_SYSTEMMODAL, "", "An error occurred when reading the file.")
        Return False
    EndIf
    Local $sFileRead = FileRead($hFileOpen)
    FileClose($hFileOpen)
    Return $sFileRead
EndFunc   ;==>_True_ReadFile

thnkz 

 

Share this post


Link to post
Share on other sites
Andreik

 


When the words fail... music speaks

Share this post


Link to post
Share on other sites
JLogan3o13

Something that has been discussed numerous times.


√-1 2^3 ∑ π, and it was delicious!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×