Sign in to follow this  
Followers 0
anhviet

How to detect all autoit program current run in a PC?

7 posts in this topic

Recently, my PC threated by a malicious program written by Autoit! I think it infected through USB Flash storage! I want to know is there any way i can write a program to detect all program which written in Autoit and determine where they are placed! Thank you! Everything has 2 faces :whistle:

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

How did you know it was written in Autoit ? how about some more details. I work part time in a computer shop removing virus and only heard but never seen a malware made in autoit . Personaly I think Autoit isn't suited to writing viruses and such crap but I believe idiots would try it as its so easy to code in.

Edited by Hasher

Firefox's secret is the same as Jessica Simpson's: its effortless, glamorous style is the result of — shhh — extensions!

Share this post


Link to post
Share on other sites

If you are wanting to search your whole hard drive, you'll need to do a recursive search.... which depending on the size of your hard drive it could take some time.

I guess if I were to do this, I'd use my _FileListToArray() function, and then convert each individual file to hex (obviously I wouldn't just check .exe's because the extensions can be changed. Then look for this string (with StringInStr()):

3C6465736372697074696F6E3E4175746F49742076333C2F6465736372697074696F6E3E

So...

$aArray = _FileListToArray()

For/Next

If StringInStr(Hex(BinaryString(FileRead($aArray[LoopNumber]))), "3C6465736372697074696F6E3E4175746F49742076333C2F6465736372697074696F6E3E") Then whatever


[center]Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.[/center]

Share this post


Link to post
Share on other sites

How did you know it was written in Autoit ? how about some more details. I work part time in a computer shop removing virus and only heard but never seen a malware made in autoit . Personaly I think Autoit isn't suited to writing viruses and such crap but I believe idiots would try it as its so easy to code in.

Thank you for your attention! I think it's a spyware rather than the virus! It causes the Folder Options in Tools menu of Window Explorer (Windows XP) disappear and frequently popup a message box which it title is "AutoIt" <--- this make me think it is written in AutoIt! Maybe it too weak to demonstrate it is written in AutoIt but i want someone give me a program to search whole my HDD to find out! Thank you!

Share this post


Link to post
Share on other sites

Thank you so much! If you don't mind please give me a small program which can search through entire the certain hdd - may be console program with parameter is the drive letter which we want to scan and then printout the path to the program that written in AutoIt to the console! Please :whistle: Thank you! Of course if you don't mind!

If you are wanting to search your whole hard drive, you'll need to do a recursive search.... which depending on the size of your hard drive it could take some time.

I guess if I were to do this, I'd use my _FileListToArray() function, and then convert each individual file to hex (obviously I wouldn't just check .exe's because the extensions can be changed. Then look for this string (with StringInStr()):

3C6465736372697074696F6E3E4175746F49742076333C2F6465736372697074696F6E3E

So...

$aArray = _FileListToArray()

For/Next

If StringInStr(Hex(BinaryString(FileRead($aArray[LoopNumber]))), "3C6465736372697074696F6E3E4175746F49742076333C2F6465736372697074696F6E3E") Then whatever

Share this post


Link to post
Share on other sites

I did give you an example when I gave you the link to _FileListToArrayEx().


[center]Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.[/center]

Share this post


Link to post
Share on other sites

Oh i'm sorry! And thank you too :whistle:

I did give you an example when I gave you the link to _FileListToArrayEx().

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0