anhviet Posted February 21, 2007 Share Posted February 21, 2007 Recently, my PC threated by a malicious program written by Autoit! I think it infected through USB Flash storage! I want to know is there any way i can write a program to detect all program which written in Autoit and determine where they are placed! Thank you! Everything has 2 faces Link to comment Share on other sites More sharing options...
Hasher Posted February 21, 2007 Share Posted February 21, 2007 (edited) How did you know it was written in Autoit ? how about some more details. I work part time in a computer shop removing virus and only heard but never seen a malware made in autoit . Personaly I think Autoit isn't suited to writing viruses and such crap but I believe idiots would try it as its so easy to code in. Edited February 21, 2007 by Hasher Firefox's secret is the same as Jessica Simpson's: its effortless, glamorous style is the result of shhh extensions! Link to comment Share on other sites More sharing options...
Moderators SmOke_N Posted February 21, 2007 Moderators Share Posted February 21, 2007 If you are wanting to search your whole hard drive, you'll need to do a recursive search.... which depending on the size of your hard drive it could take some time.I guess if I were to do this, I'd use my _FileListToArray() function, and then convert each individual file to hex (obviously I wouldn't just check .exe's because the extensions can be changed. Then look for this string (with StringInStr()):3C6465736372697074696F6E3E4175746F49742076333C2F6465736372697074696F6E3ESo...$aArray = _FileListToArray()For/NextIf StringInStr(Hex(BinaryString(FileRead($aArray[LoopNumber]))), "3C6465736372697074696F6E3E4175746F49742076333C2F6465736372697074696F6E3E") Then whatever Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer. Link to comment Share on other sites More sharing options...
anhviet Posted February 23, 2007 Author Share Posted February 23, 2007 How did you know it was written in Autoit ? how about some more details. I work part time in a computer shop removing virus and only heard but never seen a malware made in autoit . Personaly I think Autoit isn't suited to writing viruses and such crap but I believe idiots would try it as its so easy to code in.Thank you for your attention! I think it's a spyware rather than the virus! It causes the Folder Options in Tools menu of Window Explorer (Windows XP) disappear and frequently popup a message box which it title is "AutoIt" <--- this make me think it is written in AutoIt! Maybe it too weak to demonstrate it is written in AutoIt but i want someone give me a program to search whole my HDD to find out! Thank you! Link to comment Share on other sites More sharing options...
anhviet Posted February 23, 2007 Author Share Posted February 23, 2007 Thank you so much! If you don't mind please give me a small program which can search through entire the certain hdd - may be console program with parameter is the drive letter which we want to scan and then printout the path to the program that written in AutoIt to the console! Please Thank you! Of course if you don't mind! If you are wanting to search your whole hard drive, you'll need to do a recursive search.... which depending on the size of your hard drive it could take some time. I guess if I were to do this, I'd use my _FileListToArray() function, and then convert each individual file to hex (obviously I wouldn't just check .exe's because the extensions can be changed. Then look for this string (with StringInStr()): 3C6465736372697074696F6E3E4175746F49742076333C2F6465736372697074696F6E3E So... $aArray = _FileListToArray() For/Next If StringInStr(Hex(BinaryString(FileRead($aArray[LoopNumber]))), "3C6465736372697074696F6E3E4175746F49742076333C2F6465736372697074696F6E3E") Then whatever Link to comment Share on other sites More sharing options...
Moderators SmOke_N Posted February 23, 2007 Moderators Share Posted February 23, 2007 I did give you an example when I gave you the link to _FileListToArrayEx(). Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer. Link to comment Share on other sites More sharing options...
anhviet Posted February 24, 2007 Author Share Posted February 24, 2007 Oh i'm sorry! And thank you too I did give you an example when I gave you the link to _FileListToArrayEx(). Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now