Search the Community
Showing results for tags 'malware'.
-
Hello, I've thousands of URLs to check them these are safe, malware infected or any other type of error, that's why I searched and found Google Safe browsing API with this we can send HTTP GET request so different code will return to make us clear is it our sent URL is safe or not. Please guide me how can i make this possible I know basics of Auotit but don't know how to use this API to fulfill above mentioned purpose. Your help will be much appreciated. Thanks Here is API URL; https://developers.google.com/safe-browsing/v3/lookup-guide
-
Know your system! Prod your system for unwanted code! (virus/malware) Please report bugs/requests/criticism or whatever! ProDLLer v0.503 Update: 23rd of October 2011 ProDLLer.rar Earlier versions downloaded: 2726 times. Most Recent changes... ; 0.503 ; Fixed: Don't leave icon in tray when leaving, XP/7. ; Fixed: Don't leave them after crash either. ; Added: Don't allow shutdown or standby while ProDLLing in XP, Thanks to Prog@ndy. Vista/7, dont alow shutdown. ; Added: Don't let ProDLLer be put to sleep by idletimers in xp/vista/7. ; Fixed: Lockup when returning from sleep in vista/7, . (if "Noprocs" running then disable "noprocs" and resume all procs.) ; Change: No suspending of "theme"-service in XP. On crash, just resume all processes... like we have to in vista/7... ; 0.502 ; Fixed: Gui-problem fixed by BeginPaint/endpaint... tested on win7 ; Fixed: "Crashnet" and SuspendAll. In the unlikely event that this happens. All procs will be resumed on vist and win7. ; Fixed: Fixed false positives in SSDTshadow on vista/win7. ; 0.501 ; Added: SSDTshadow - not complete, but fully functional. = lacking names. (Logic is painful; need to guard against faults...) ; Fixed: Lockup in crashnet if "Services.exe" and "System" is suspended. Just resume them... You can suspend again... ; Fixed: Further lockups, same, to do with themes and "lsass.exe"... ; 0.500 ; Added: Startup-killing... to take a load off the GUI... it will ask... ; Fixed: Slowdown because I accidentaly changed ProDLLer to itterate processes every second... ; Fixed: Process-CPU-utilization. Movement of abandoned children... I cheat. Just load up new list... ; Fixed: Got rid of the Adlib. There were too many possible problems... ; Fixed: CPU-load. Is again aligned... ; 0.499 ; Added: If over 16 procs start from 1 sec to another or if a total of 40 procs have started; "NoProcsAllowed" is activated. ; Added: Crash-recovery... Just start a new instance of ProDLLer... :) ; Change: No loading of moduleinfo at start. ; Added: Refresh moduleinfo when we need it. KINDA CLUNKY SINCE I ITERATE ALL OF THEM, RIGHT NOW.... ; Added: On start of app. Disallow new procs. "NoProcsAllowed" is activated. ; Fixed: A number of bugs that crash Prodller if insane amounts of processes start and stop... ; 0.498 ; Fixed: "KernelNot.". When disabling callbacks; adjacent CBs of same type would sometimes vanish. Famous anti-rootkit had same faulty behavior. ; 0.497 ; Fixed: Lockup when suspending some procs during modules-itteration. Context-menu disabled during itteration. ; Fixed: Lockup after thread-view due to excessive killing of already terminated security-threads... Now checking IF it needs killing... ; Fixed: Lockup when trying to change state of services while it is already working with your earlier request. Disable display.Thanks for functions: Thanks to "Smoke_N" for his "_ProcessListModules()"! Apparently i borrowed it a looooong time ago. Thanks to "Engine" for his GREAT "Windows Services UDF"!!! Thanks to JScript, Larry, SmOke_N, mrRevoked for _ProcessGetPath. I used this because I'm too lazy to do one myself. Special thanks to: Thanks to wraithdu for help and support! Thanks to Ascend4nt for support and friendship! Thanks to trancexx for good talks and friendship! Thanks also to this great community! I really feel empowered! /Manko [EDIT: New version.]
-
Hello Everyone! Now that I've decided to begin using AutoIt as my standard template "wrapper" for deploying software and automating changes on computers within my work environment, I want to ask the community whether you think I should deploy my software packages as compiled executables, or should I just include the main AutoIt executables (AutoIt3.exe & AutoIt3_x64.exe) and then call the software package in my software deployment solution via the command-line (for example: AutoIt3.exe Flash-11.6.au3)? The primary reason for this question is based on the AutoIt and Malware link on the AutoIt Wiki. While, AutoIt executables are not currently being flagged as false positives by our current Anti-Virus and Anti-Malware solution, I'm concerned about the potential scenario where a false positive occurring again at any time in the future (for any number of reasons) disabling all software deployments within our company because I've chose to use compiled AutoIt scripts for my standard deployment mechanism. What are your thoughts?
-
Malware Scanner Features: - Can detect over 500 malware's known fake processes. - Very small and easy to use. Note: 1. Some processes can be found as false positives. 2. Terminating a process may cause undesired results such as system's malfunction or shutdown. Please be careful! 3. This program is ONLY for advanced users! 4. Only tested on Windows 7 Home Premium, I need your testing result on other OS and machines! 5. This is only a tool just to check for fake processes by their name. Source Code: ;Malware Scanner ;1.0.0 ;3 Sep 2012 ;8:36 ;logmein ;AutoIT 3.3.8.1 #NoTrayIcon #include <ButtonConstants.au3> #include <EditConstants.au3> #include <GUIConstantsEx.au3> #include <WindowsConstants.au3> #include <Constants.au3> #include <ListViewConstants.au3> #include <GuiListView.au3> Global $TITLE = 'Malware Scanner', $VERSION = '1.0.0' #Region ### START Koda GUI section ### Form=C:Program Files (x86)AutoIt3SciTEKodaFormsForm1.kxf $formMain = GUICreate($TITLE & ' ' & $VERSION, 762, 376, Default, Default) GUISetFont(10, 400, 0, "Arial") $Label1 = GUICtrlCreateLabel("Scan your system for malware's processes:", 8, 8, 257, 20) $btnScan = GUICtrlCreateButton("&Scan", 8, 32, 83, 25) GUICtrlSetFont(-1, 10, 800, 0, "Arial") $btnAbout = GUICtrlCreateButton("&About", 96, 32, 75, 25) $Group1 = GUICtrlCreateGroup("Result", 8, 64, 745, 305, -1, $WS_EX_TRANSPARENT) $tabMain = GUICtrlCreateTab(16, 88, 729, 273) GUICtrlSetFont(-1, 10, 400, 0, "Arial") $tabProcess = GUICtrlCreateTabItem("&Process") $listProcess = GUICtrlCreateListView("Name|PID|Path", 24, 120, 714, 206) $hdlListProcess = GUICtrlGetHandle(-1) GUICtrlSendMsg(-1, $LVM_SETCOLUMNWIDTH, 0, 200) GUICtrlSendMsg(-1, $LVM_SETCOLUMNWIDTH, 1, 100) GUICtrlSendMsg(-1, $LVM_SETCOLUMNWIDTH, 2, 400) GUICtrlSetFont(-1, 10, 400, 0, "Arial") ;$btnKill = GUICtrlCreateButton("&Kill", 584, 328, 75, 25) GUICtrlSetFont(-1, 10, 400, 0, "Arial") $btnKill = GUICtrlCreateButton("&Kill", 664, 328, 75, 25) GUICtrlSetFont(-1, 10, 400, 0, "Arial") GUICtrlCreateTabItem("") GUICtrlCreateGroup("", -99, -99, 1, 1) GUISetState(@SW_SHOW) #EndRegion ### END Koda GUI section ### While 1 $nMsg = GUIGetMsg() Switch $nMsg Case $GUI_EVENT_CLOSE Exit Case $btnScan _Scan() Case $btnKill _EndProcess () Case $btnAbout MsgBox (64,'About',StringUpper($TITLE) & @CRLF & 'Version: ' & $VERSION & @CRLF & 'Author: logmein (AutoITScript.com)' & @crLf & 'Special Thanks to: PsaltyDS' & @CRLF &@CRLF &'To report any suspicious process or false positives, please contact me at: minhthanh.autoit@gmail.com. I appreciate your help!','',$formMain) EndSwitch WEnd Func _scan () _GUICtrlListView_DeleteAllItems ($hdlListProcess) If Not FileExists ('database.3db') Then MsgBox (32,$TITLE,'Database not found!','',$formMain) Return EndIf ProgressOn ($TITLE,'Scanning for suspicious processes...','',Default,Default,18) $processlist = _ProcessListProperties() $read = FileRead ('database.3db') $split = StringSplit ($read,@CRLF) If $processlist[0][0] <> 0 Then For $i = 1 To $processlist[0][0] ProgressSet (Int($i*100/$processlist[0][0]),$processlist[$i][0]) For $u =1 To $split[0] if $processlist[$i][0] = $split[$u] Then $index = _GUICtrlListView_AddItem($hdlListProcess, $processlist[$i][0]);name _GUICtrlListView_AddSubItem($hdlListProcess, $index, $processlist[$i][1], 1);pid _GUICtrlListView_AddSubItem($hdlListProcess, $index, $processlist[$i][5], 2);path EndIf Next Next ProgressOff () Else MsgBox(32, $TITLE, 'Can''t build process list!') EndIf EndFunc Func _EndProcess() $select = _GUICtrlListView_GetSelectedIndices($hdlListProcess, 'True');Retrieve indices of selected item (position) If $select[0] <> 0 Then $Msg = MsgBox(16 + 4, $TITLE, 'Are you sure to end this process? Ending a process will cause undesired result!', '', $formMain) If $Msg = 6 Then $GetItem = _GUICtrlListView_GetItem($hdlListProcess, $select[1], 1);retrieve process ID to be closed MsgBox (64,$GetItem[3],'') ProcessClose($GetItem[3]) If Not @error Then _GUICtrlListView_DeleteItem($hdlListProcess, $select[1]) MsgBox(64, $TITLE, 'Process ended!', '', $formMain) ;_log($GetItem[3], 5) Else MsgBox(16, $TITLE, 'Can not end this process!', '', $formMain) EndIf EndIf EndIf EndFunc ;==>_EndProcess ;=============================================================================== ; Function Name: _ProcessListProperties() ; Description: Get various properties of a process, or all processes ; Call With: _ProcessListProperties( [$Process [, $sComputer]] ) ; Parameter(s): (optional) $Process - PID or name of a process, default is "" (all) ; (optional) $sComputer - remote computer to Get list from, default is local ; Requirement(s): AutoIt v3.2.4.9+ ; Return Value(s): On Success - Returns a 2D array of processes, as in ProcessList() ; with additional columns added: ; [0][0] - Number of processes listed (can be 0 If no matches found) ; [1][0] - 1st process name ; [1][1] - 1st process PID ; [1][2] - 1st process Parent PID ; [1][3] - 1st process owner ; [1][4] - 1st process priority (0 = low, 31 = high) ; [1][5] - 1st process executable path ; [1][6] - 1st process CPU usage ; [1][7] - 1st process memory usage ; [1][8] - 1st process creation date/time = "MM/DD/YYY hh:mm:ss" (hh = 00 to 23) ; [1][9] - 1st process command line string ; ... ; [n][0] thru [n][9] - last process properties ; On Failure: Returns array with [0][0] = 0 and sets @Error to non-zero (see code below) ; Author(s): PsaltyDS at http://www.autoitscript.com/forum ; Date/Version: 12/01/2009 -- v2.0.4 ; Notes: If an integer PID or string process name is provided and no match is found, ; Then [0][0] = 0 and @error = 0 (not treated as an error, same as ProcessList) ; This function requires admin permissions to the target computer. ; All properties come from the Win32_Process class in WMI. ; To Get time-base properties (CPU and Memory usage), a 100ms SWbemRefresher is used. ;=============================================================================== Func _ProcessListProperties($Process = "", $sComputer = ".") Local $sUserName, $sMsg, $sUserDomain, $avProcs, $dtmDate Local $avProcs[1][2] = [[0, ""]], $n = 1 ; Convert PID If passed as string If StringIsInt($Process) Then $Process = Int($Process) ; Connect to WMI and Get process objects $oWMI = ObjGet("winmgmts:{impersonationLevel=impersonate,authenticationLevel=pktPrivacy, (Debug)}!" & $sComputer & "rootcimv2") If IsObj($oWMI) Then ; Get collection processes from Win32_Process If $Process == "" Then ; Get all $colProcs = $oWMI.ExecQuery("select * from win32_Process") ElseIf IsInt($Process) Then ; Get by PID $colProcs = $oWMI.ExecQuery("select * from win32_Process where ProcessId = " & $Process) Else ; Get by Name $colProcs = $oWMI.ExecQuery("select * from win32_Process where Name = '" & $Process & "'") EndIf If IsObj($colProcs) Then ; Return for no matches If $colProcs.count = 0 Then Return $avProcs ; Size the array ReDim $avProcs[$colProcs.count + 1][10] $avProcs[0][0] = UBound($avProcs) - 1 ; For each process... For $oProc In $colProcs ; [n][0] = process name $avProcs[$n][0] = $oProc.name ; [n][1] = process PID $avProcs[$n][1] = $oProc.ProcessId ; [n][2] = Parent PID $avProcs[$n][2] = $oProc.ParentProcessId ; [n][3] = owner ;If $oProc.GetOwner($sUserName, $sUserDomain) = 0 Then $avProcs[$n][3] = $sUserDomain & "" & $sUserName ; [n][4] = Priority $avProcs[$n][4] = $oProc.Priority ; [n][5] = Executable path $avProcs[$n][5] = $oProc.ExecutablePath ; [n][8] = Creation date/time $dtmDate = $oProc.CreationDate If $dtmDate <> "" Then ; Back referencing RegExp pattern from weaponx Local $sRegExpPatt = "A(d{4})(d{2})(d{2})(d{2})(d{2})(d{2})(?:.*)" $dtmDate = StringRegExpReplace($dtmDate, $sRegExpPatt, "$2/$3/$1 $4:$5:$6") EndIf $avProcs[$n][8] = $dtmDate ; [n][9] = Command line string $avProcs[$n][9] = $oProc.CommandLine ; increment index $n += 1 Next Else SetError(2); Error getting process collection from WMI EndIf ; release the collection object $colProcs = 0 ; Get collection of all processes from Win32_PerfFormattedData_PerfProc_Process ; Have to use an SWbemRefresher to pull the collection, or all Perf data will be zeros Local $oRefresher = ObjCreate("WbemScripting.SWbemRefresher") $colProcs = $oRefresher.AddEnum($oWMI, "Win32_PerfFormattedData_PerfProc_Process").objectSet $oRefresher.Refresh ; Time delay before calling refresher Local $iTime = TimerInit() Do Sleep(20) Until TimerDiff($iTime) >= 100 $oRefresher.Refresh ; Get PerfProc data For $oProc In $colProcs ; Find it in the array For $n = 1 To $avProcs[0][0] If $avProcs[$n][1] = $oProc.IDProcess Then ; [n][6] = CPU usage $avProcs[$n][6] = $oProc.PercentProcessorTime ; [n][7] = memory usage $avProcs[$n][7] = $oProc.WorkingSet ExitLoop EndIf Next Next Else SetError(1); Error connecting to WMI EndIf ; Return array Return $avProcs EndFunc ;==>_ProcessListProperties And the most important part: Database, see attached file. Download, extract and put it into your @ScriptDir. Thanks PsaltyDS for your useful script:) database.zip