How to detect all autoit program current run in a PC?

anhviet · February 21, 2007

Recently, my PC threated by a malicious program written by Autoit! I think it infected through USB Flash storage! I want to know is there any way i can write a program to detect all program which written in Autoit and determine where they are placed! Thank you! Everything has 2 faces

Hasher · February 21, 2007

How did you know it was written in Autoit ? how about some more details. I work part time in a computer shop removing virus and only heard but never seen a malware made in autoit . Personaly I think Autoit isn't suited to writing viruses and such crap but I believe idiots would try it as its so easy to code in.

Edited February 21, 2007 by Hasher

SmOke_N · February 21, 2007

If you are wanting to search your whole hard drive, you'll need to do a recursive search.... which depending on the size of your hard drive it could take some time.

I guess if I were to do this, I'd use my _FileListToArray() function, and then convert each individual file to hex (obviously I wouldn't just check .exe's because the extensions can be changed. Then look for this string (with StringInStr()):

3C6465736372697074696F6E3E4175746F49742076333C2F6465736372697074696F6E3E

So...

$aArray = _FileListToArray()

For/Next

If StringInStr(Hex(BinaryString(FileRead($aArray[LoopNumber]))), "3C6465736372697074696F6E3E4175746F49742076333C2F6465736372697074696F6E3E") Then whatever

anhviet · February 23, 2007

Hasher said:
How did you know it was written in Autoit ? how about some more details. I work part time in a computer shop removing virus and only heard but never seen a malware made in autoit . Personaly I think Autoit isn't suited to writing viruses and such crap but I believe idiots would try it as its so easy to code in.

Thank you for your attention! I think it's a spyware rather than the virus! It causes the Folder Options in Tools menu of Window Explorer (Windows XP) disappear and frequently popup a message box which it title is "AutoIt" <--- this make me think it is written in AutoIt! Maybe it too weak to demonstrate it is written in AutoIt but i want someone give me a program to search whole my HDD to find out! Thank you!

anhviet · February 23, 2007

Thank you so much! If you don't mind please give me a small program which can search through entire the certain hdd - may be console program with parameter is the drive letter which we want to scan and then printout the path to the program that written in AutoIt to the console! Please Thank you! Of course if you don't mind!

SmOke_N said:
If you are wanting to search your whole hard drive, you'll need to do a recursive search.... which depending on the size of your hard drive it could take some time.

I guess if I were to do this, I'd use my _FileListToArray() function, and then convert each individual file to hex (obviously I wouldn't just check .exe's because the extensions can be changed. Then look for this string (with StringInStr()):
3C6465736372697074696F6E3E4175746F49742076333C2F6465736372697074696F6E3E

So...
$aArray = _FileListToArray()
For/Next
If StringInStr(Hex(BinaryString(FileRead($aArray[LoopNumber]))), "3C6465736372697074696F6E3E4175746F49742076333C2F6465736372697074696F6E3E") Then whatever

SmOke_N · February 23, 2007

I did give you an example when I gave you the link to _FileListToArrayEx().

anhviet · February 24, 2007

Oh i'm sorry! And thank you too

SmOke_N said:
I did give you an example when I gave you the link to _FileListToArrayEx().

Sign In

How to detect all autoit program current run in a PC?

Recommended Posts

anhviet

Hasher

SmOke_N

anhviet

anhviet

SmOke_N

anhviet

Create an account or sign in to comment

Create an account

Sign in

Recently Browsing 0 members

Browse

AutoIt Resources

Release

Beta