Jump to content

How to detect all autoit program current run in a PC?

anhviet

By anhviet,
in AutoIt General Help and Support

 Share

Recommended Posts

anhviet Seeker

anhviet

Posted
Posted

Recently, my PC threated by a malicious program written by Autoit! I think it infected through USB Flash storage! I want to know is there any way i can write a program to detect all program which written in Autoit and determine where they are placed! Thank you! Everything has 2 faces :whistle:

Link to comment
Share on other sites
Hasher Prodigy

Hasher

Posted
Posted (edited)

How did you know it was written in Autoit ? how about some more details. I work part time in a computer shop removing virus and only heard but never seen a malware made in autoit . Personaly I think Autoit isn't suited to writing viruses and such crap but I believe idiots would try it as its so easy to code in.

Edited by Hasher

Firefox's secret is the same as Jessica Simpson's: its effortless, glamorous style is the result of — shhh — extensions!

Link to comment
Share on other sites
  • Moderators
SmOke_N Universalist

SmOke_N

Posted
  • Moderators
Posted

If you are wanting to search your whole hard drive, you'll need to do a recursive search.... which depending on the size of your hard drive it could take some time.

I guess if I were to do this, I'd use my _FileListToArray() function, and then convert each individual file to hex (obviously I wouldn't just check .exe's because the extensions can be changed. Then look for this string (with StringInStr()):

3C6465736372697074696F6E3E4175746F49742076333C2F6465736372697074696F6E3E

So...

$aArray = _FileListToArray()

For/Next

If StringInStr(Hex(BinaryString(FileRead($aArray[LoopNumber]))), "3C6465736372697074696F6E3E4175746F49742076333C2F6465736372697074696F6E3E") Then whatever

Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Link to comment
Share on other sites
anhviet Seeker

anhviet

Posted
  • Author
Posted

How did you know it was written in Autoit ? how about some more details. I work part time in a computer shop removing virus and only heard but never seen a malware made in autoit . Personaly I think Autoit isn't suited to writing viruses and such crap but I believe idiots would try it as its so easy to code in.

Thank you for your attention! I think it's a spyware rather than the virus! It causes the Folder Options in Tools menu of Window Explorer (Windows XP) disappear and frequently popup a message box which it title is "AutoIt" <--- this make me think it is written in AutoIt! Maybe it too weak to demonstrate it is written in AutoIt but i want someone give me a program to search whole my HDD to find out! Thank you!

Link to comment
Share on other sites
anhviet Seeker

anhviet

Posted
  • Author
Posted

Thank you so much! If you don't mind please give me a small program which can search through entire the certain hdd - may be console program with parameter is the drive letter which we want to scan and then printout the path to the program that written in AutoIt to the console! Please :whistle: Thank you! Of course if you don't mind!

If you are wanting to search your whole hard drive, you'll need to do a recursive search.... which depending on the size of your hard drive it could take some time.

I guess if I were to do this, I'd use my _FileListToArray() function, and then convert each individual file to hex (obviously I wouldn't just check .exe's because the extensions can be changed. Then look for this string (with StringInStr()):

3C6465736372697074696F6E3E4175746F49742076333C2F6465736372697074696F6E3E

So...

$aArray = _FileListToArray()

For/Next

If StringInStr(Hex(BinaryString(FileRead($aArray[LoopNumber]))), "3C6465736372697074696F6E3E4175746F49742076333C2F6465736372697074696F6E3E") Then whatever

Link to comment
Share on other sites
  • Moderators
SmOke_N Universalist

SmOke_N

Posted
  • Moderators
Posted

I did give you an example when I gave you the link to _FileListToArrayEx().

Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...