Sign in to follow this  
Followers 0
imani

How to find a file on the basis of a string

8 posts in this topic

Can anybody tell me the code to find a file on the basis of this string

shell\open\Command=RavMon.exe

Share this post


Link to post
Share on other sites



Can anybody tell me the code to find a file on the basis of this string

shell\open\Command=RavMon.exe

What's the context for that entry? There used to be a "Reliable AntiVirus (RAV)" from a Romanian company with that executable name, but it was embraced by Microsoft in 2003 and probably extinguished.

Then, there's the W32/Rjump.worm:

Method of Infection -

W32/Rjump.worm lists all mapped and removable storage drives on an infected system and drops the following files onto the root folder of the available drive:

* autorun.inf --> used to autorun the worm when the drive is accessed

* msvcr71.dll --> Clean Microsoft Visual Studio dll file

* ravmon.exe --> copy of the worm

The contents of the autorun.inf are as follows:

[AutoRun]

open=RavMonE.exe e

shellexecute=RavMonE.exe e

shell\Auto\command=RavMonE.exe e

shell=Auto

Infection occurs when a removable storage device or a mapped drive hosting a copy of W32/Rjump.worm is accessed and the user agrees to the auto run prompt for execution of the worm.

:)

Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post


Link to post
Share on other sites

Perhaps he has the worm and is trying to get rid of it?

In that case, it would have been more convincing if he had said "I have a worm and i want to delete it"

Share this post


Link to post
Share on other sites

Perhaps he has the worm and is trying to get rid of it?

In that case, it would have been more convincing if he had said "I have a worm and i want to delete it"

Yes I want to detect the autorun.inf file on the basis of this string to get rid of those virus files

Share this post


Link to post
Share on other sites

Yes I want to detect the autorun.inf file on the basis of this string to get rid of those virus files

Anybody can reply me

Share this post


Link to post
Share on other sites

Hi,

Maybe look in the registry, I'm only guessing at this though ...

$Def = RegRead("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\RavMon.exe\", "")
MsgBox(0,'', $Def)

Cheers

Share this post


Link to post
Share on other sites

Well, Windows has the ability to search for strings already. My question would be is it possible to create a faster search for strings in AutoIT?

Share this post


Link to post
Share on other sites

Well, Windows has the ability to search for strings already. My question would be is it possible to create a faster search for strings in AutoIT?

I have found the code

$file = FileOpen("autorun.inf",0)
While 1
    $line = FileReadLine($file)
    If @error = -1 Then ExitLoop
    ;MsgBox(0, "Line read:", $line)
    If $line = "shell\open\Command=RavMon.exe" Then 
        MsgBox(16,'','Virus Found in the file')
        ExitLoop
        EndIf
Wend

FileClose($file)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0