Rizonetech Posted May 3, 2011 Posted May 3, 2011 (edited) We developed a fully featured malware cleaner using AutoIT. If any portion of the code looks familiar, please let me know and I will give you full credit for it. I know the code is a little messy, and needs more work, but if you have suggestions, please post them. If you would like to help with the project, please let me know. Any good Anti-Malware solution needs many hands to be worth the download bandwith.Screen: Download: http://www.rizone3.com/doors/malware-cleanerSource Download: http://www.rizone3.com/down/malclean/malclean-source.zipexpandcollapse popup#Region ;**** Directives created by AutoIt3Wrapper_GUI **** #AutoIt3Wrapper_icon=Resources\malClean\malClean.ico #AutoIt3Wrapper_Compression=4 #AutoIt3Wrapper_Res_Fileversion=1.8.9.1352 #AutoIt3Wrapper_Res_Fileversion_AutoIncrement=y #AutoIt3Wrapper_Res_requestedExecutionLevel=requireAdministrator #AutoIt3Wrapper_Res_Fileversion_AutoIncrement=y #AutoIt3Wrapper_Res_LegalCopyright=Rizone Technologies #AutoIt3Wrapper_Res_requestedExecutionLevel=highestAvailable #AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\ScnPwr-00.ico #AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\ScnPwr-01.ico #AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\ScnPwr-02.ico #AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\ScnPwr-03.ico #AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\ScnPwr-04.ico #AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\ScnPwr-05.ico #AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\Infections.ico #AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\Warnings.ico #AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\0.ico #AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\1.ico #AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\2.ico #AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\3.ico #AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\4.ico #AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\5.ico #AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\6.ico #AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\70.ico #AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\71.ico #AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\72.ico #AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\73.ico #AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\74.ico #AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\75.ico #AutoIt3Wrapper_Res_Icon_Add=Resources\malClean\76.ico #EndRegion ;**** Directives created by AutoIt3Wrapper_GUI **** Opt("TrayAutoPause", 0) Opt("TrayMenuMode", 3) Opt("TrayIconHide", 1) Opt("GUICloseOnESC", 1) Opt("GUIOnEventMode", 1) Opt("MustDeclareVars", 1) #include <WindowsConstants.au3> #include <StaticConstants.au3> #include <ButtonConstants.au3> #include <GUIConstantsEx.au3> #include <EditConstants.au3> #Include <GuiImageList.au3> #Include <GuiListView.au3> #include <Process.au3> #include <File.au3> #Include <Date.au3> #include <UDF\Hashing.au3> #include <UDF\Win2000.au3> #include <UDF\malCleanEx.au3> #include <UDF\GuiListViewEx.au3> #Include <UDF\WinAPIEx\WinAPIEx.au3> HotKeySet('{Esc}', '_CloseMe') ;~ ---------------------------------------------------------------------------------------------------- ;~ Settings ;~ ---------------------------------------------------------------------------------------------------- Global Const $title = "Rizone Malware Cleaner" Global Const $version = FileGetVersion(@ScriptFullPath) Global Const $SignaturesDb = @ScriptDir & "\db\Signatures.db3" Global Const $TurboBase = @ScriptDir & "\db\TurboBase.db3" Global Const $InFile = @ScriptDir & "\db\Infections.db3" Global Const $WarnFile = @ScriptDir & "\db\Warnings.db3" Global Const $lDir = @ScriptDir & "\logging\mClean" Global Const $lFileName = "~R" & @YEAR & @MON & @MDAY & @HOUR & @MIN & @SEC & ".log" ;~ ---------------------------------------------------------------------------------------------------- Global $malGUI, $picStatus, $miScanner, $miStopScan, $BtnScanGo, $BtnStopScan Global $ScanIco, $lblScnHead, $lblScnPower, $cbScnPower, $ScnPowerIcon, $ScanProgess, $eScan, $BtnInfections Global $lblDrives, $ComboDrives, $oHFile, $Heuristics, $chkHeur Global $infGUI, $BtnInfRemove, $BtnInfQuarantine, $BtnInfSelAll, $BtnInfSelNone, $lblInfHead, $lvInfections Global $InfProgress, $InfFileProgress, $eInInfo, $delOnReboot = 0 Global $BtnWarnings, $warnGUI, $lblWarnHead, $lvWarnings, $WarnCount = 0, $lblWarnings Global $lblSigCount, $lblInfections, $lblDuration, $lOScanned, $lFiPSec, $lTScanned Global $CancelScan = True, $SigDbCount = 0, $driveUsed = 0, $statTimer = 0, $FPSCount = 0, $FileCount = 0 Global $Scnd = 0, $TotalScanned = 0, $StartHour = 0, $StartMin = 0, $StartSec = 0, $ePower = 3, $InfCount = 0, $BlinkOn Global $sTurboDB, $sSigDb AdlibRegister( "_Process", 500) _CompileLogFile(" ./", False) _CompileLogFile(" (o o)", False) _CompileLogFile("--------------------------------------oOOo-(_)-oOOo--------------------------------------", False) _CompileLogFile($title & " " & $version, False) _CompileLogFile("Database version: 1", False) _CompileLogFile("OS: " & @OSVersion & " Build " & @OSBuild & " " & @OSServicePack, False) _CompileLogFile("Architecture: " & @OSArch, False) _CompileLogFile("Language: " & @OSLang, False) _CompileLogFile("", False) _CompileLogFile("-----------------------------------------------------------------------------------------", False) _CompileLogFile("", False) _CompileLogFile("Stopping malware from shutting down your computer") _StopShutdown() _loadSettings() _mainInterface() Func _Process() ; Empty the working set _WinAPI_EmptyWorkingSet() EndFunc Func _mainInterface() Local $mFile, $mSupport, $BtnClose $malGUI = GUICreate($title & " : " &$version, 760, 500, -1, -1, -1, $WS_EX_COMPOSITED) GuiSetFont(8.5, -1, -1, "Tahoma", 5) GUISetBkColor(0xFFFFFF, $malGUI) $picStatus = GUICtrlCreatePic(@ScriptDir & "\Contents\1100.bmp", 0, 0, 50, 520) $mFile = GUICtrlCreateMenu("&File") GuiCtrlCreateMenuItem("", $mFile) $miScanner = GuiCtrlCreateMenuItem("&Scanner", $mFile) $miStopScan = GuiCtrlCreateMenuItem("&Stop Scanning", $mFile) GuiCtrlCreateMenuItem("", $mFile) GuiCtrlSetState($miStopScan, $GUI_DISABLE) $mSupport = GUICtrlCreateMenu("&Support") $ScanIco = GUICtrlCreateIcon(@ScriptFullPath, 99, 70, 20, 64, 64) $lblScnHead = GUICtrlCreateLabel("Welcome", 170, 60, 400, 30, -1, $WS_EX_TRANSPARENT) GUICtrlSetFont($lblScnHead, 12, 400, 0, "Tahoma", 5) $lblScnPower = GuiCtrlCreateLabel("Scanner Power :", 250, 32, 120, 20, $SS_RIGHT) GUICtrlSetFont($lblScnPower, 11, 400, 0, "Tahoma", 5) $cbScnPower = GuiCtrlCreateCombo("" , 380, 30, 130, 30) GUICtrlSetData($cbScnPower, "Low|Below Normal|Normal|Above Normal|High|Realtime", "Normal") GUICtrlSetFont($cbScnPower, 10, 400, 0, "Tahoma", 5) GuiCtrlSetState($cbScnPower, $GUI_DISABLE) $ScnPowerIcon = GUICtrlCreateIcon(@ScriptFullPath, 201, 655, 20, 48, 48) GUICtrlCreateLabel( "Scan for spyware, adware, trojans, keyloggers, bots, worms and other malware. Select the drive you would " & _ "like to scan and press 'Scan Now'. Click on the Infections label to view detected infections.", 120, 90, 400, 50) GUICtrlSetFont(-1, 9, 400, 0, "Tahoma", 5) $ScanProgess = GUICtrlCreateProgress(70, 150, 500, 30) $eScan = GUICtrlCreateEdit("", 70, 185, 500, 50, $ES_READONLY) GuiCtrlSetFont($eScan, 8.5, -1, -1, "Courier New") GUICtrlSetColor($eScan, 0x606870) GUICtrlSetBkColor($eScan, 0xFFFFFF) GUICtrlSetCursor($eScan, 2) $lblDrives = GuiCtrlCreateLabel("Select drive:", 70, 253, 80, 15) GUICtrlSetFont($lblDrives, 10, 400, 0, "Tahoma", 5) $ComboDrives = GUICtrlCreateCombo("", 155, 250, 100, 20) GUICtrlSetFont($ComboDrives, 10, 400, 0, "Tahoma", 5) _GetDrives() $chkHeur = GUICtrlCreateCheckbox("Activate Heuristics", 70, 290, 200, 20) GUICtrlSetFont($chkHeur, 9, 400, 0, "Tahoma", 5) GUICtrlCreateGroup("", 350, 250, 220, 200) GuiCtrlCreateLabel("Signatures:", 360, 260, 100, 20) GUICtrlSetFont(-1, 10, 400, 0, "Tahoma", 5) $lblSigCount = GuiCtrlCreateLabel(0, 460, 260, 100, 20, $SS_RIGHT) GUICtrlSetFont(-1, 10, 400, 0, "Tahoma", 5) GUICtrlSetColor(-1, 0x008827) GuiCtrlCreateLabel("", 360, 280, 200, 1) GUICtrlSetBkColor(-1, 0xC9C9C9) GuiCtrlCreateLabel("Infections:", 360, 282, 100, 20) GUICtrlSetFont(-1, 10, 400, 0, "Tahoma", 5) $lblInfections = GuiCtrlCreateLabel(0, 460, 282, 100, 20, $SS_RIGHT) GUICtrlSetFont($lblInfections, 10, 400, 0, "Tahoma", 5) GuiCtrlSetColor($lblInfections, 0x008827) GuiCtrlCreateLabel("", 360, 302, 200, 1) GUICtrlSetBkColor(-1, 0xC9C9C9) GuiCtrlCreateLabel("Warnings:", 360, 304, 100, 20) GUICtrlSetFont(-1, 10, 400, 0, "Tahoma", 5) $lblWarnings = GuiCtrlCreateLabel(0, 460, 304, 100, 20, $SS_RIGHT) GUICtrlSetFont($lblWarnings, 10, 400, 0, "Tahoma", 5) GuiCtrlSetColor($lblWarnings, 0x008827) GuiCtrlCreateLabel("", 360, 324, 200, 1) GUICtrlSetBkColor(-1, 0xC9C9C9) GuiCtrlCreateLabel("Duration:", 360, 326, 100, 15) GUICtrlSetFont(-1, 10, 400, 0, "Tahoma", 5) $lblDuration = GuiCtrlCreateLabel("00:00:00", 460, 326, 100, 15, $SS_RIGHT) GUICtrlSetFont(-1, 10, 400, 0, "Tahoma", 5) GuiCtrlCreateLabel("", 360, 346, 200, 1) GUICtrlSetBkColor(-1, 0xC9C9C9) GuiCtrlCreateLabel("Scanned:", 360, 348, 100, 15) GUICtrlSetFont(-1, 10, 400, 0, "Tahoma", 5) $lOScanned = GuiCtrlCreateLabel("0", 460, 348, 100, 15, $SS_RIGHT) GUICtrlSetBkColor($lOScanned, $GUI_BKCOLOR_TRANSPARENT) GUICtrlSetFont($lOScanned, 10, 400, 0, 'Tahoma') GUICtrlSetColor($lOScanned, 0x000090) GuiCtrlCreateLabel("", 360, 368, 200, 1) GUICtrlSetBkColor(-1, 0xC9C9C9) GuiCtrlCreateLabel("Errors:", 360, 370, 100, 15) GUICtrlSetFont(-1, 10, 400, 0, "Tahoma", 5) GuiCtrlCreateLabel("", 360, 390, 200, 1) GUICtrlSetBkColor(-1, 0xC9C9C9) GuiCtrlCreateLabel("Files / sec:", 360, 392, 100, 15) GUICtrlSetFont(-1, 10, 400, 0, "Tahoma", 5) $lFiPSec = GuiCtrlCreateLabel("0", 460, 392, 100, 15, $SS_RIGHT) GUICtrlSetFont(-1, 10, 400, 0, "Tahoma", 5) GuiCtrlCreateLabel("", 360, 412, 200, 1) GUICtrlSetBkColor(-1, 0xC9C9C9) GuiCtrlCreateLabel("Total Scanned:", 360, 414, 100, 15) GUICtrlSetFont(-1, 10, 400, 0, "Tahoma", 5) $lTScanned = GuiCtrlCreateLabel($TotalScanned, 460, 414, 100, 15, $SS_RIGHT) GUICtrlSetBkColor($lTScanned, $GUI_BKCOLOR_TRANSPARENT) GUICtrlSetFont($lTScanned, 10, 400, 0, "Tahoma", 5) GUICtrlSetColor($lTScanned, 0x008827) GUICtrlCreateGroup("", -99, -99, 1, 1) ;close group $BtnScanGo = GUICtrlCreateButton("Scan Now", 70, 420, 130, 40, 0) GUICtrlSetFont($BtnScanGo, 11, 400, 0, "Tahoma", 5) GuiCtrlSetState($BtnScanGo, $GUI_DISABLE) $BtnStopScan = GUICtrlCreateButton("Stop", 200, 420, 130, 40, 0) GUICtrlSetFont($BtnStopScan, 11, 400, 0, "Tahoma", 5) GuiCtrlSetState($BtnStopScan, $GUI_DISABLE) $BtnInfections = GUICtrlCreateButton("Infections (0)", 590, 100, 150, 35) GUICtrlSetFont($BtnInfections, 10, 400, 0, "Tahoma", 5) GuiCtrlSetState($BtnInfections, $GUI_DISABLE) $BtnWarnings = GUICtrlCreateButton("Warnings (0)", 590, 140, 150, 35) GUICtrlSetFont($BtnWarnings, 10, 400, 0, "Tahoma", 5) GuiCtrlSetState($BtnWarnings, $GUI_DISABLE) $BtnClose = GUICtrlCreateButton("Close", 590, 420, 150, 35) GUICtrlSetFont($BtnClose, 10, 400, 0, "Tahoma", 5) ProcessSetPriority(@ScriptName, 4) _SetProcessInfo() GUICtrlSetOnEvent($cbScnPower, "_SetScannerPower") GUICtrlSetOnEvent($BtnScanGo, "_startScanning") GUICtrlSetOnEvent($BtnInfections, "_InfectionsInterface") GUICtrlSetOnEvent($BtnWarnings, "_WarningsInterface") GUICtrlSetOnEvent($BtnClose, "_CloseMe") GUISetOnEvent($GUI_EVENT_CLOSE, "_Minimize2Tray") GUIRegisterMsg($WM_COMMAND, "MY_WM_COMMAND") TraySetClick("8") Local $TmShow = TrayCreateItem("Show Window") TrayCreateItem("") Local $TmClose = TrayCreateItem("Close") TrayItemSetState($TmShow, $GUI_DEFBUTTON) GUISetState(@SW_SHOW, $malGUI) _startProcessing() _checkIntegrity() _endProcessing() While 1 Local $TRMsg = TrayGetMsg() Switch $TRMsg Case $TmShow _ShowWindow() Case $TmClose _CloseMe() EndSwitch WEnd EndFunc Func MY_WM_COMMAND($hWnd, $iMsg, $wParam, $lParam) Switch BitAND($wParam, 0xFFFF) ;LoWord = IDFrom Case $BtnStopScan Switch BitShift($wParam, 16) ;HiWord = Code Case $BN_CLICKED If Not IsDeclared("iMsgReturn") Then Local $iMsgReturn $iMsgReturn = MsgBox(36, $title, "Are you sure you want to terminate scanning?") Select Case $iMsgReturn = 6 ;Yes $CancelScan = True _CompileLogFile("Scanning terminated by user") Case $iMsgReturn = 7 ;No $CancelScan = False EndSelect EndSwitch EndSwitch Return $GUI_RUNDEFMSG EndFunc;==>WM_COMMAND #Region "Initializing" Func _loadSettings() $TotalScanned = IniRead(@ScriptDir & "\malClean.ini", "Statistics", "TotalScanned", 0) EndFunc Func _checkIntegrity() Local Const $Err001 = "ERROR: Could not find the virus definitions database. Database should be located at '" & $SignaturesDb & "'." Local Const $Err002 = "ERROR: Could not find any signatures inside the database. Database should at least contain more than one signature." If Not FileExists($SignaturesDb) Then _CompileLogFile($Err001) MsgBox(16, "Database error!", $Err001) _CloseOnError() Else GUICtrlSetData($eScan, "Counting signatures") _CompileLogFile("Counting signatures") $SigDbCount = _FileCountLines($SignaturesDb) If Not $SigDbCount > 1 Then _CompileLogFile($Err002) MsgBox(16, "Database error!", $Err002) _CloseOnError() Else _CompileLogFile("Signatures: " & $SigDbCount) EndIf EndIf GuiCtrlSetData($lblSigCount, $SigDbCount) GUICtrlSetData($eScan, "Looking for turbo signatures database @ [" & $TurboBase & "]") _CompileLogFile("Loading the turbo database") If Not FileExists($TurboBase) Then _CompileLogFile("ERROR: Could not find the turbo database. Database should be @ [" & $TurboBase & "].") If Not IsDeclared("iMsgReturn") Then Local $iMsgReturn $iMsgReturn = MsgBox(52, "Database error!", "The turbo database seems to be corrupt or missing. However, you can " & _ "compile a new one from the virus definitions database. Would you like to " & _ "compile a new database now?") Select Case $iMsgReturn = 6 ;Yes _CompileLogFile("Compiling turbo database") _generateTurboBase() Case $iMsgReturn = 7 ;No _CloseOnError() EndSelect EndIf If FileExists($InFile) Then $InfCount = _FileCountLines($InFile) If FileExists($WarnFile) Then $WarnCount = _FileCountLines($WarnFile) _UpdateInfectionStatus() _UpdateInfectionStatusImage() _UpdateWarningStatus() EndFunc Func _generateTurboBase() _startProcessing(1) GuiCtrlSetData($eScan, "") Local $iCount = 0, $compilePerc = 0 Local $oSigDb = FileOpen($SignaturesDb, 0) Local $oTuBase = FileOpen($TurboBase, 1) While 1 Local $BaseLine = FileReadLine($oSigDb) If @error = -1 Then ExitLoop FileWriteLine($oTuBase, StringLeft($BaseLine, 7) & @CRLF) $iCount += 1 $compilePerc = Round($iCount / $SigDbCount * 100) _SetStatistics("Compiling database (" & $compilePerc & "%)", $compilePerc) WEnd FileClose($oSigDb) FileClose($oTuBase) ;_Busy_Close() _endProcessing() EndFunc Func _SetScannerPower() Switch GuiCtrlRead($cbScnPower) Case "Low" $ePower = 0 Case "Below Normal" $ePower = 1 Case "Normal" $ePower = 2 Case "Above Normal" $ePower = 3 Case "High" $ePower = 4 Case "Realtime" $ePower = 5 EndSwitch ProcessSetPriority(@ScriptName, $ePower) _SetProcessInfo() EndFunc Func _SetProcessInfo($PrName = @ScriptName) Local $iPID = ProcessExists($PrName) ;~ Will return the PID or 0 if the process isn't found. Local $ScnPrl = _ProcessGetPriority($iPID) For $p = 0 To 5 If $p = $ScnPrl Then GUICtrlSetImage($ScnPowerIcon, @ScriptFullPath, 201 + $p) EndIf Next Switch $ScnPrl Case 0 GuiCtrlSetData($cbScnPower, "Low") Case 1 GuiCtrlSetData($cbScnPower, "Below Normal") Case 2 GuiCtrlSetData($cbScnPower, "Normal") Case 3 GuiCtrlSetData($cbScnPower, "Above Normal") Case 4 GuiCtrlSetData($cbScnPower, "High") Case 5 GuiCtrlSetData($cbScnPower, "Realtime") Case Else GuiCtrlSetData($cbScnPower, "Error") EndSwitch EndFunc Func _GetDrives() Local $aDrives = DriveGetDrive("ALL") If Not @error Then If $aDrives[0] > 0 Then For $i = 1 to $aDrives[0] If DriveStatus($aDrives[$i]) = "READY" Then GUICtrlSetData($ComboDrives, StringUpper($aDrives[$i]) & "|", @HomeDrive) EndIf Next EndIf EndIf EndFunc #EndRegion ==> "Initializing" Func _startProcessing($Flag = 0) GuiCtrlSetState($cbScnPower, $GUI_DISABLE) GuiCtrlSetState($ComboDrives, $GUI_DISABLE) GuiCtrlSetState($BtnScanGo, $GUI_DISABLE) If $CancelScan = False Then GuiCtrlSetState($BtnStopScan, $GUI_ENABLE) GuiCtrlSetState($BtnInfections, $GUI_DISABLE) GuiCtrlSetState($BtnWarnings, $GUI_DISABLE) Switch $Flag Case 0 GUICtrlSetImage($ScanIco, @ScriptFullPath, 99) Case 1 If FileExists(@ScriptDir & "\Contents\1001.ani") Then GUICtrlSetImage($ScanIco, @ScriptDir & "\Contents\1001.ani") Case 2 If FileExists(@ScriptDir & "\Contents\1002.ani") Then GUICtrlSetImage($ScanIco, @ScriptDir & "\Contents\1002.ani") Case 3 If FileExists(@ScriptDir & "\Contents\1003.ani") Then GUICtrlSetImage($ScanIco, @ScriptDir & "\Contents\1003.ani") EndSwitch EndFunc Func _endProcessing() GuiCtrlSetState($cbScnPower, $GUI_ENABLE) GuiCtrlSetState($ComboDrives, $GUI_ENABLE) GuiCtrlSetState($BtnScanGo, $GUI_ENABLE) GuiCtrlSetState($BtnInfections, $GUI_ENABLE) GuiCtrlSetState($BtnWarnings, $GUI_ENABLE) GuiCtrlSetState($BtnStopScan, $GUI_DISABLE) GUICtrlSetImage($ScanIco, @ScriptFullPath, 99) GuiCtrlSetData($lblScnHead, "Welcome") GuiCtrlSetData($ScanProgess, 0) GuiCtrlSetData($eScan, "") GuiCtrlSetState($miScanner, $GUI_ENABLE) GuiCtrlSetState($miStopScan, $GUI_DISABLE) ;If $CancelScan = True Then $DriveUsed = 0 $Scnd = 0 $StartHour = 0 $StartMin = 0 $StartSec = 0 $FileCount = 0 $FPSCount = 0 GuiCtrlSetData($lFiPSec, 0) GUICtrlSetData($lblDuration, "00:00:00") GuiCtrlSetData($lOScanned, $FileCount) GuiCtrlSetData($lTScanned, $TotalScanned) ;EndIf EndFunc Func _SetStatistics($sHeading, $iProgress) If TimerDiff($statTimer) >= 1000 Then If $CancelScan = False Then $FPSCount += 1 GuiCtrlSetData($lFiPSec, Round($FileCount / $FPSCount)) GUICtrlSetData($lblDuration, _SetDuration()) GuiCtrlSetData($lOScanned, $FileCount) GuiCtrlSetData($lTScanned, $TotalScanned) EndIf GuiCtrlSetData($lblScnHead, $sHeading) GuiCtrlSetData($ScanProgess, $iProgress) ;GuiCtrlSetData($eScan, $eValue) $statTimer = TimerInit() EndIf EndFunc Func _SetDuration() Local $sHour, $sMin, $sSec $StartSec += 1 If $StartSec = 59 Then $StartSec = 0 $StartMin += 1 ElseIf $StartMin = 59 Then $StartMin = 0 $StartHour +=1 EndIf If StringLen($StartHour) < 2 Then $sHour = "0" & $StartHour Else $sHour = $StartHour EndIf If StringLen($StartMin) < 2 Then $sMin = "0" & $StartMin Else $sMin = $StartMin EndIf If StringLen($StartSec) < 2 Then $sSec = "0" & $StartSec Else $sSec = $StartSec EndIf Return $sHour & ":" & $sMin & ":" & $sSec EndFunc Func _startScanning() $CancelScan = False _CompileLogFile("Loading turbo database") If FileExists($TurboBase) Then $sTurboDB = FileRead($TurboBase) If @error = 1 Then _CompileLogFile("ERROR: Could not load turbo database @ [" & $TurboBase & "]") Else _CompileLogFile("ERROR: Could not find turbo database @ [" & $TurboBase & "]") EndIf GUICtrlSetData($eScan, "Loading virus definitions database, please wait...") $sSigDb = FileRead($SignaturesDb) _ScanProcesses() _CompileLogFile("Scanning [" & GUICtrlRead($ComboDrives) & "] for malware") _ScanCommonStartups() _ScanDrive(GUICtrlRead($ComboDrives)) EndFunc #include <Heuristics.au3> Func _Heuristics($sFileName) $oHFile = FileOpen($sFileName, 16384) If $oHFile = -1 Then ;_FileOpenError($sFileName) Return EndIf Local $aFile = FileRead($oHFile, 1024) FileClose($oHFile) $Heuristics = _LoadHeuristics() Local $HeurSplit = StringSplit($Heuristics, "©") For $i = 1 To $HeurSplit[0] If @error Then ExitLoop If StringInStr($aFile, $HeurSplit[$i], 2) Then _RecordInfections("HEUR.Malware", $HeurSplit[$i], 0, $sFileName) ;MsgBox(0, "Heuristics", $HeurSplit[$i]) EndIf Next EndFunc Func _ScanCommonStartups() _startProcessing(2) Local $HKEY, $KEY, $SKEY, $SUB, $Result, $valueName, $value, $eReg = 1, $SC = "\Software\Microsoft\Windows\CurrentVersion" Local $UPDir = StringLeft(@UserProfileDir, StringInStr(@UserProfileDir, '\', 0, -1) - 1) Local $cSDb = FileRead(@ScriptDir & "\db\CommonStartups.db3"), $RegScPerc = 0 If @OSArch = 'X86' Then $HKEY = StringSplit('HKEY_USERS|HKEY_CURRENT_USER|HKEY_LOCAL_MACHINE', '|') Else $HKEY = StringSplit('HKEY_USERS64|HKEY_CURRENT_USER64|HKEY_LOCAL_MACHINE64', '|') EndIf For $x = 1 To $HKEY[0] If $x = 1 Then $KEY = RegEnumKey($HKEY[$x], $eReg) If @error <> 0 Then $x = 1 ContinueLoop EndIf $KEY = $HKEY[$x] & "\" & $KEY & $SC $eReg += 1 $x = 0 Else $KEY = $HKEY[$x] & $SC EndIf For $i = 1 To 1000 $SUB = RegEnumKey($KEY, $i) If @error <> 0 Then ExitLoop If Not StringInStr($SUB, "Run") Then ContinueLoop $SKEY = $KEY & "\" & $SUB For $c = 1 To 1000 $valueName = RegEnumVal($SKEY, $c) If @error <> 0 Then ExitLoop $FileCount += 1 $TotalScanned += 1 $value = StringStripWS(StringReplace(RegRead($SKEY, $valueName), '"', ''), 3) Local $aCSRes = StringRegExp($cSDb, _GetRegExpLiterals($value) & ".*", 1) If UBound($aCSRes) > 0 Then Local $rLine = StringSplit($aCSRes[0], ";") If $rLine[0] >= 3 Then Local $SS = $SKEY & " --> " & $valueName & " --> " & $value _RecordInfections(_CleanString($rLine[3], 3), $SS, _CleanString($rLine[2], 3), $SKEY) EndIf EndIf If StringInStr($value, $UPDir) Then _RecordWarning("UserProfileDir Startup", $SKEY & " --> " & $valueName) EndIf Next $value = "" Next $RegScPerc = (Round(($x / $HKEY[0]) * 100)) _SetStatistics("Scanning Registry (" & $RegScPerc & "%)", $RegScPerc) GuiCtrlSetData($eScan, $HKEY[$x]) Next If $CancelScan Then _endProcessing() EndFunc Func _CleanString($s2Clean, $Flag) $s2Clean = StringStripWS($s2Clean, $Flag) $s2Clean = StringStripCR($s2Clean) Return $s2Clean EndFunc Func _ScanProcesses() _startProcessing(1) Local $hToken, $aProcsList = 0, $procsID, $procsPath, $procsPerc ; Enable SeDebugPrivilege privilege for obtain full access rights to another processes $hToken = _WinAPI_OpenProcessToken(BitOR($TOKEN_ADJUST_PRIVILEGES, $TOKEN_QUERY)) _WinAPI_AdjustTokenPrivileges($hToken, $SE_DEBUG_NAME, 1) ; Retrieve command-line arguments for all processes the system If Not (@error Or @extended) Then $aProcsList = ProcessList() For $x = 1 To $aProcsList[0][0] If $CancelScan = True Then ExitLoop $procsID = ProcessExists($aProcsList[$x][0]) $procsPath = _WinAPI_GetProcessFileName($procsID) If FileExists($procsPath) Then $FileCount += 1 $TotalScanned += 1 _ScanFile($procsPath) $procsPerc = (Round(($x / $aProcsList[0][0]) * 100) & "%") _SetStatistics("Scanning processes (" & $procsPerc & ")", $procsPerc) GuiCtrlSetData($eScan, $aProcsList[$x][0] & " - [" & BinaryToString($procsPath) & "]") EndIf Next EndIf _WinAPI_AdjustTokenPrivileges($hToken, $SE_DEBUG_NAME, 2) _WinAPI_CloseHandle($hToken) If $CancelScan Then _endProcessing() EndFunc Func _ScanDrive($sDrive) If $CancelScan = False Then _startProcessing(3) If StringRight($sDrive, 1) = "\" Then $sDrive = StringTrimRight($sDrive, 1) $driveUsed = (((DriveSpaceTotal($sDrive) - DriveSpaceFree($sDrive)) * 1024) * 1024) FileChangeDir($sDrive) Local $DirList = FileFindFirstFile($sDrive & "\*.*") If Not _Scanner($DirList, $sDrive) Then FileClose($DirList) $sSigDb = "" _endProcessing() ;ProcessSetPriority(@ScriptName, $ePower) ;_SetProcessInfo() ;_StopScanning() Return EndIf EndIf EndFunc Func _Scanner($DirList, $DirSearch) Local $sFile, $SecSearch, $sSPrc, $Return While $CancelScan = False $sFile = FileFindNextFile($DirList) If @error Then ExitLoop $Return &= $DirSearch & "\" & $sFile $FileCount += 1 $TotalScanned += 1 $Scnd += FileGetSize($Return) $sSPrc = (Round(($Scnd * 100) / $driveUsed) & "%") If $sSPrc > 98 Then $sSPrc = 99 EndIf _SetStatistics("Scanning (" & $sSPrc & ")", $sSPrc) If StringInStr(FileGetAttrib($DirSearch & "\" & $sFile), "D") Then $SecSearch = FileFindFirstFile($DirSearch & "\" & $sFile & "\*.*") $Return &= _Scanner($SecSearch, $DirSearch & "\" & $sFile) FileClose($SecSearch) Else GuiCtrlSetData($eScan, $Return) _ScanFile($Return) ;If $SearchLocation = @ScriptDir & "\Quarantine" Then ;Return $Return ;Else ;_ScanFile($Return) ;EndIf EndIf $Return = "" WEnd FileClose($sFile) Return $Return EndFunc Func _ScanFile($FiName) ;~ Local $sEx = StringInStr( "386;ADE;ADP;ADT;APP;AU3;ASP;BAS;BAT;BIN;BTM;CBT;CHM;CLA;CLASS;CMD;COM;CPL;CRT;CSC;CSS;DLL;" & _ ;~ "DOC;DOT;DRV;EML;EMAIL;EXE;FON;EXE;EZT;HLP;HTA;HTM;HTML;INF;INI;INS;ISP;JS;JSE;LIB;LNK;M;MDB;" & _ ;~ "MDE;MHT;MHTM;MHTML;MP3;MSO;MSC;MSI;MSP;MST;OBJ;OCX;PCD;PGM;PIF;PPT;PRC;REG;RTF;SCR;SCT;" & _ ;~ "SHB;SHS;SMM;SYS;URL;VB;VBE;VBS;VXD;WSC;WSF;WSH;ZIP", StringUpper(StringRight($FiName, 3)), 2) ;~ If $sEx > 0 Then If FileGetSize($FiName) < (1048576 * 50) Then Local $MD5 = _MD5ForFile($FiName) ;Local $MD5 = _CalculateMD5($FiName) If GUICtrlRead($chkHeur) = $GUI_CHECKED Then _Heuristics($FiName) If $MD5 <> "" Then Local $MD5b = StringLeft($MD5, 7) ;If StringRegExp($sTurboDB, "(?x)(?:" & $MD5b & ")", 0) Then Local $aTDBRes = StringRegExp($sTurboDB, "(?x)(?-i)" & $MD5b, 1) ;If @error = 0 Then $nO1 = @extended If UBound($aTDBRes) > 0 Then ;If StringLeft($MD5, 8) = $aTDBRes[0] Then ;Local $sDB001 = FileRead($CoreBase) Local $nO = 1 Local $aDBRes = StringRegExp($sSigDb, "(?x)(?-i)" & $MD5 & ".*", 1, $nO) If @error = 0 Then $nO = @extended If UBound($aDBRes) > 0 Then ;MsgBox(0, "", $aDBRes[0]) Local $cResult = StringStripWS($aDBRes[0], 8) Local $rLine = StringSplit($cResult, ";") If $rLine[0] >= 3 Then _RecordInfections($rLine[3], $rLine[1], $rLine[2], $FiName) EndIf EndIf ;EndIf EndIf EndIf EndIf ;~ EndIf EndFunc Func _RecordInfections($vsName, $String, $l, $Source) FileSetAttrib($InFile, "-RS") Local $sInFile = FileRead($InFile) If Not StringRegExp($sInFile, _GetRegExpLiterals($Source), 0) Then Local $oInFile = FileOpen($InFile, 1) If $oInFile = -1 Then FileClose($oInFile) Else Local $dtCur = _Date_Time_GetSystemTime() FileWriteLine($oInFile, $vsName & "|" & $l & "|" & _Date_Time_SystemTimeToDateTimeStr($dtCur) & _ "|" & $Source & "|" & $String & @CRLF) FileClose($oInFile) $InfCount += 1 EndIf EndIf FileSetAttrib($InFile, "+RS") ;FileClose($sInFile) _UpdateInfectionStatus() _UpdateInfectionStatusImage() EndFunc Func _UpdateInfectionStatus() If $InfCount > 0 Then GUICtrlSetColor($lblInfections, 0xB70005) GUICtrlSetColor($lblInfHead, 0xB70005) Else GUICtrlSetColor($lblInfections, 0x008827) GUICtrlSetColor($lblInfHead, 0x008827) EndIf GuiCtrlSetData($lblInfections, $InfCount) GuiCtrlSetData($BtnInfections, "Infections (" & $InfCount & ")") GuiCtrlSetData($lblInfHead, $InfCount & " Infections") EndFunc Func _UpdateInfectionStatusImage() If $InfCount > 0 Then GUICtrlSetImage($picStatus, @ScriptDir & "\Contents\1101.bmp") Else GUICtrlSetImage($picStatus, @ScriptDir & "\Contents\1100.bmp") EndIf EndFunc Func _UpdateWarningStatus() If $WarnCount > 0 Then GUICtrlSetColor($lblWarnings, 0xDA6413) GUICtrlSetColor($lblWarnHead, 0xDA6413) Else GUICtrlSetColor($lblWarnings, 0x008827) GUICtrlSetColor($lblWarnHead, 0x008827) EndIf GuiCtrlSetData($lblWarnings, $WarnCount) GuiCtrlSetData($BtnWarnings, "Warnings (" & $WarnCount & ")") GuiCtrlSetData($lblWarnHead, $WarnCount & " Warnings") EndFunc Func _Minimize2Tray() Opt("TrayIconHide", 0) GUISetState(@SW_HIDE, $malGUI) EndFunc Func _CloseMe() If MsgBox(36, "Close Inoculate", "Are you sure you want to close the best program ever? OK, maybe not the " & _ "best. If you found a bug or something you don’t like, please email me " & _ "and tell me about it. ") = 6 Then _CloseOnError() EndIf EndFunc Func _CloseOnError() _CompileLogFile("", False) _CompileLogFile("-----------------------------------------------------------------------------------------", False) TraySetState(2) Exit Local $inPID = ProcessExists(@ScriptName) If $inPID Then ProcessClose($inPID) EndFunc Func _ShowWindow() GUISetState(@SW_SHOW, $malGUI) Opt("TrayIconHide", 1) EndFunc Func _StopShutdown() If Not @OSVersion = "WIN_2000" Then ShellExecute("Shutdown", "-a", "", "", @SW_HIDE) EndIf EndFunc Func _InfectionsInterface() ;Opt("GUIOnEventMode", 0) Local $hImage Local $lviContextMenu, $lvicProperties, $lvicOpenConFolder, $lvicVirTotal, $lvicCopyMD5 _startProcessing() $infGUI = GUICreate("Malware Infections", 650, 550, -1, -1) GUISetIcon(@ScriptFullPath, 207, $infGUI) GUICtrlCreateIcon(@ScriptFullPath, 207, 20, 25, 64, 64) $lblInfHead = GUICtrlCreateLabel($InfCount & " Infections", 120, 20, 600, 30) GUICtrlSetFont(-1, 12, 400, 0, "Tahoma", 5) GUICtrlCreateLabel( "View detected malware. Select the items you want to clean and press 'Remove'. Careful, there could be some " & _ "false positives between these detections. If you’re not sure of something, right-click on the item on " & _ "choose ‘Send to VirusTotal.com’ just to make sure.", 120, 50, 490, 55) GUICtrlSetFont(-1, 9, 400, 0, "Tahoma", 5) $BtnInfRemove = GUICtrlCreateButton("Remove", 20, 125, 120, 30) GuiCtrlSetFont($BtnInfRemove, 9, 400, 0, "Tahoma", 5) $BtnInfQuarantine = GUICtrlCreateButton("Quarantine", 140, 125, 120, 30) GuiCtrlSetFont($BtnInfQuarantine, 9, 400, 0, "Tahoma", 5) $BtnInfSelAll = GUICtrlCreateButton("Select all", 410, 125, 110, 30) GuiCtrlSetFont($BtnInfSelAll, 9, 400, 0, "Tahoma", 5) $BtnInfSelNone = GUICtrlCreateButton("Select none", 520, 125, 110, 30) GuiCtrlSetFont($BtnInfSelNone, 9, 400, 0, "Tahoma", 5) $lvInfections = GUICtrlCreateListView("Name | | Date | Source | String", 20, 160, 610, 210, -1) GuiCtrlSetFont($lvInfections, 9, 400, 0, "Tahoma", 5) _GUICtrlListView_SetExtendedListViewStyle($lvInfections, BitOR($LVS_EX_GRIDLINES, $LVS_EX_FULLROWSELECT, _ $LVS_EX_SUBITEMIMAGES, $LVS_EX_DOUBLEBUFFER, _ $LVS_EX_CHECKBOXES)) _GUICtrlListView_SetColumnWidth($lvInfections, 0, 180) _GUICtrlListView_SetColumnWidth($lvInfections, 1, 30) _GUICtrlListView_SetColumnWidth($lvInfections, 2, 100) _GUICtrlListView_SetColumnWidth($lvInfections, 3, 350) _GUICtrlListView_SetColumnWidth($lvInfections, 4, 250) $hImage = _GUIImageList_Create(16, 16, 5, 3) _GUIImageList_AddIcon($hImage, @ScriptFullPath, -209) _GUIImageList_AddIcon($hImage, @ScriptFullPath, -210) _GUIImageList_AddIcon($hImage, @ScriptFullPath, -211) _GUIImageList_AddIcon($hImage, @ScriptFullPath, -212) _GUIImageList_AddIcon($hImage, @ScriptFullPath, -213) _GUIImageList_AddIcon($hImage, @ScriptFullPath, -214) _GUIImageList_AddIcon($hImage, @ScriptFullPath, -215) _GUIImageList_AddIcon($hImage, @ScriptFullPath, -216) _GUIImageList_AddIcon($hImage, @ScriptFullPath, -217) _GUIImageList_AddIcon($hImage, @ScriptFullPath, -218) _GUIImageList_AddIcon($hImage, @ScriptFullPath, -219) _GUIImageList_AddIcon($hImage, @ScriptFullPath, -220) _GUIImageList_AddIcon($hImage, @ScriptFullPath, -221) _GUIImageList_AddIcon($hImage, @ScriptFullPath, -222) _GUICtrlListView_SetImageList($lvInfections, $hImage, 1) $eInInfo = GUICtrlCreateEdit("", 20, 420, 610, 100, BitOR($ES_READONLY, $WS_VSCROLL)) GuiCtrlSetFont(-1, 9, -1, -1, "Courier New") $InfProgress = GUICtrlCreateProgress(20, 375, 610, 15) $InfFileProgress = GUICtrlCreateProgress(20, 395, 610, 10) $lviContextMenu = GUICtrlCreateContextMenu($lvInfections) $lvicOpenConFolder = GUICtrlCreateMenuItem("Open Containing Folder", $lviContextMenu) $lvicVirTotal = GUICtrlCreateMenuItem("Send to VirusTotal.com", $lviContextMenu) GUICtrlCreateMenuItem("", $lviContextMenu) $lvicCopyMD5 = GUICtrlCreateMenuItem("Copy MD5", $lviContextMenu) GUICtrlCreateMenuItem("", $lviContextMenu) $lvicProperties = GUICtrlCreateMenuItem("Properties", $lviContextMenu) _LoadInfections() GuiCtrlSetOnEvent($BtnInfRemove, "_CleanSelectedMalware") GuiCtrlSetOnEvent($BtnInfSelAll, "_SelectAllInfections") GuiCtrlSetOnEvent($BtnInfSelNone, "_SelectNoneInfections") GuiCtrlSetOnEvent($lvicOpenConFolder, "_OpenContainingFolder") GuiCtrlSetOnEvent($lvicVirTotal, "_SendToVirusTotal") GuiCtrlSetOnEvent($lvicCopyMD5, "_CopyMD5") GUISetOnEvent($GUI_EVENT_CLOSE, "_CloseInfectionsWindow") GUIRegisterMsg($WM_NOTIFY, "INFECTIONS_WM_NOTIFY") GuiSetState(@SW_SHOW, $infGUI) GUISwitch($infGUI) EndFunc Func _OpenContainingFolder() Local $sItem = _GUICtrlListView_GetSelectedItemString($lvInfections) If $sItem <> "" Then Local $sSplit = StringSplit($sItem, "|") ShellExecute(_WinAPI_PathRemoveFileSpec($sSplit[4])) EndIf EndFunc Func _SendToVirusTotal() Local $sItem = _GUICtrlListView_GetSelectedItemString($lvInfections) If $sItem <> "" Then Local $sSplit = StringSplit($sItem, "|") ShellExecute(@ScriptDir & "\Bin\VirusTotalUpload2.exe", """" & $sSplit[4] & """") EndIf EndFunc Func _CopyMD5() Local $sItem = _GUICtrlListView_GetSelectedItemString($lvInfections) If $sItem <> "" Then Local $sSplit = StringSplit($sItem, "|") ClipPut($sSplit[5]) EndIf EndFunc Func _startInfProcess() GuiCtrlSetState($BtnInfRemove, $GUI_DISABLE) GuiCtrlSetState($BtnInfQuarantine, $GUI_DISABLE) GuiCtrlSetState($BtnInfSelAll, $GUI_DISABLE) GuiCtrlSetState($BtnInfSelNone, $GUI_DISABLE) EndFunc Func _endInfProcess() GuiCtrlSetState($BtnInfRemove, $GUI_ENABLE) GuiCtrlSetState($BtnInfQuarantine, $GUI_ENABLE) GuiCtrlSetState($BtnInfSelAll, $GUI_ENABLE) GuiCtrlSetState($BtnInfSelNone, $GUI_ENABLE) EndFunc Func _CloseInfectionsWindow() GUIDelete($infGUI) _endProcessing() EndFunc Func INFECTIONS_WM_NOTIFY($hWnd, $iMsg, $iwParam, $ilParam) #forceref $hWnd, $iMsg, $iwParam Local $hWndFrom, $iIDFrom, $iCode, $tNMHDR, $hWndListView, $tInfo ;~ Local $tBuffer $hWndListView = $lvInfections If Not IsHWnd($lvInfections) Then $hWndListView = GUICtrlGetHandle($lvInfections) $tNMHDR = DllStructCreate($tagNMHDR, $ilParam) $hWndFrom = HWnd(DllStructGetData($tNMHDR, "hWndFrom")) $iIDFrom = DllStructGetData($tNMHDR, "IDFrom") $iCode = DllStructGetData($tNMHDR, "Code") Switch $hWndFrom Case $hWndListView Switch $iCode Case $NM_CLICK ; Sent by a list-view control when the user clicks an item with the left mouse button $tInfo = DllStructCreate($tagNMITEMACTIVATE, $ilParam) _DisplayListViewItemInfo(DllStructGetData($tInfo, "Index")) Case $NM_DBLCLK ; Sent by a list-view control when the user double-clicks an item with the left mouse button Case $LVN_KEYDOWN ; A key has been pressed Local $iSel = _GUICtrlListView_GetSelectedIndices($hWndListView, True) If $iSel[0] > 0 Then _DisplayListViewItemInfo($iSel[1]) Case $LVN_ITEMACTIVATE ; Sent by a list-view control when the user activates an item ;_OpenContainingFolder() Case $LVN_DELETEITEM ; An item is about to be deleted $InfCount -= 1 _UpdateInfectionStatus() EndSwitch EndSwitch Return $GUI_RUNDEFMSG EndFunc ;==>_REPORT_WM_NOTIFY Func _DisplayListViewItemInfo($li = 0) Local $sItem = _GUICtrlListView_GetItemTextString($lvInfections, $li) GUICtrlSetData($eInInfo, "") Local $fInfo = "" If StringLen($sItem) > 5 Then Local $sSplit = StringSplit($sItem, "|") GuiCtrlSetData($eInInfo, "NAME: " & $sSplit[1] & @CRLF & @CRLF) If StringInStr($sSplit[1], "Rogue") Then GuiCtrlSetData($eInInfo, GUICtrlRead($eInInfo) & "Description:" & @TAB & _ "Rogue security software (or rogueware) is a form of computer malware" & @CRLF & _ "that deceives or misleads users into paying for the fake or" & @CRLF & _ "simulated removal of malware, or that installs other malware. Rogue" & @CRLF & _ "security software, in recent years, has become a growing and serious" & @CRLF & _ "security threat in desktop computing.") ElseIf StringInStr($sSplit[1], "Malware") Then GuiCtrlSetData($eInInfo, GUICtrlRead($eInInfo) & "Malware, short for malicious software, is software designed " & _ "to harm or secretly access a computer without the owner's informed consent. Software " & _ "is considered to be malware based on the perceived intent of the creator rather " & _ "than any particular features. Malware includes computer viruses, worms, trojan " & _ "horses, spyware, dishonest adware, scareware, crimeware, most rootkits, and other " & _ "malicious and unwanted software or program.") EndIf EndIf EndFunc Func _CleanSelectedMalware() _startInfProcess() Local $P = 0 If _GUICtrlListView_GetItemCount($lvInfections) > 0 Then Local $iCount = _GUICtrlListView_GetItemCount($lvInfections) For $n = 0 To $iCount Local $cCount = _GUICtrlListView_GetItemChecked($lvInfections, $n) If $cCount = 1 Then Local $sItem = _GUICtrlListView_GetItemTextString($lvInfections, $n) Local $sSplit = StringSplit($sItem, "|") If @error Then ContinueLoop If _FileDeleteUnlock($sSplit[4]) Then _GUICtrlListView_DeleteItem($lvInfections, $n) $n = $n - 1 $P += 1 GuiCtrlSetData($InfProgress, ($P / $iCount) * 100) ;_CompileLogFile("Removed '" & $sSplit[4] & "' - " & $sSplit[1]) ;$InfCount = _GUICtrlListView_GetItemCount($lvInfections) ;_UpdateInfectionStatus() EndIf EndIf Next _SaveInfectionsList() GuiCtrlSetData($InfProgress, 0) EndIf If $delOnReboot <> 0 Then If MsgBox(52, $title, $delOnReboot & " Files could not be removed. We will attempt to remove these files " & _ "the next time you restart your computer. Would you like to restart Windows now? " & _ "Press ‘No’ to restart later.") = 6 Then _CloseOnError() Shutdown(18) EndIf $delOnReboot = 0 EndIf _UpdateInfectionStatusImage() _UpdateInfectionImages() _endInfProcess() EndFunc Func _SelectAllInfections() _GUICtrlListView_SetItemsChecked($lvInfections) EndFunc Func _SelectNoneInfections() _GUICtrlListView_SetItemsChecked($lvInfections, False) EndFunc Func _SaveInfectionsList() GUICtrlSetData($eScan, "Saving infection list, Please wait...") FileSetAttrib(@ScriptDir & "\db\Infections.db3", "-RS") FileDelete($InFile) If _GUICtrlListView_GetItemCount($lvInfections) > 0 Then Local $Count = _GUICtrlListView_GetItemCount($lvInfections) If _FileCountLines($InFile) <> $Count Then ;If FileExists($InFile) Then For $i = 0 To $Count - 1 Local $sItem = _GUICtrlListView_GetItemTextString($lvInfections, $i) Local $oInFile = FileOpen($InFile, 1) If $oInFile = -1 Then ;~ FileClose($osInFile) ExitLoop EndIf FileWriteLine($oInFile, $sItem & @CRLF) FileClose($oInFile) GUICtrlSetData($InfProgress, ($i / $Count) * 100) Next ;EndIf EndIf EndIf FileSetAttrib($InFile, "+RS") GUICtrlSetData($InfProgress, 0) GUICtrlSetData($eScan, "") EndFunc Func _LoadInfections() $InfCount = 0 Local $oInFile = FileOpen($InFile, 0) GUICtrlSetData($eScan, "Loading infections, please wait...") _CompileLogFile("Loading infections...") ; Check if file opened for reading OK If $oInFile = -1 Then If Not FileExists($InFile) Then _CompileLogFile("No infections found (0)") Else _CompileLogFile("ERROR: Could not load Infections. (" & $InFile & ")") EndIf Else _CompileLogFile("Infections: " & _FileCountLines($InFile)) ; Read in lines of text until the EOF is reached While 1 Local $iLine = FileReadLine($oInFile) If @error = -1 Then ExitLoop Local $inlTemp = StringSplit($iLine, "|") If $inlTemp[0] >= 5 Then If StringInStr($inlTemp[5], "HKEY_") Then Local $KEYSpl = StringSplit($inlTemp[5], "-->", 1) If $KEYSpl[0] >= 2 Then If RegRead(_CleanString($KEYSpl[1], 3), _CleanString($KEYSpl[2], 3)) <> "" Then $InfCount += 1 GUICtrlCreateListViewItem($iLine, $lvInfections) ;$Count += 1 EndIf EndIf ElseIf FileExists($inlTemp[4]) Then GUICtrlCreateListViewItem($iLine, $lvInfections) $InfCount += 1 EndIf EndIf WEnd EndIf FileClose($oInFile) GUICtrlSetData($eScan, "") _UpdateInfectionStatus() _UpdateInfectionImages() _UpdateInfectionStatusImage() EndFunc Func _UpdateInfectionImages() If _GUICtrlListView_GetItemCount($lvInfections) > 0 Then Local $lvCount = _GUICtrlListView_GetItemCount($lvInfections) For $n = 0 To $lvCount Local $sItem = _GUICtrlListView_GetItemTextString($lvInfections, $n) Local $sSplit = StringSplit($sItem, "|") If StringInStr($sSplit[4], "HKEY_") Then _GUICtrlListView_SetItemImage($lvInfections, $n, 7 + $sSplit[2]) Else _GUICtrlListView_SetItemImage($lvInfections, $n, $sSplit[2]) EndIf Next EndIf EndFunc Func _WarningsInterface() Local $hWarnImg _startProcessing() $warnGUI = GUICreate("Malware Infections", 650, 550, -1, -1) GUISetIcon(@ScriptFullPath, 208, $warnGUI) GUICtrlCreateIcon(@ScriptFullPath, 208, 20, 25, 64, 64) $lblWarnHead = GUICtrlCreateLabel("0 Warnings", 120, 20, 600, 30) GUICtrlSetFont($lblWarnHead, 12, 400, 0, "Tahoma", 5) GUICtrlCreateLabel( "These warnings are not malware. Malware Cleaner will warn you if it finds an item that behaves like or have the characteristics of " & _ "malware. Note: This is not the same as heuristics, so these warnings should not be seen as malware, but could be.", 120, 50, 500, 55) GUICtrlSetFont(-1, 9, 400, 0, "Tahoma", 5) $lvWarnings = GUICtrlCreateListView("Name | Source | Description", 20, 140, 610, 210, -1) GuiCtrlSetFont($lvWarnings, 9, 400, 0, "Tahoma", 5) _GUICtrlListView_SetExtendedListViewStyle($lvWarnings, BitOR( $LVS_EX_GRIDLINES, $LVS_EX_FULLROWSELECT, _ $LVS_EX_SUBITEMIMAGES, $LVS_EX_DOUBLEBUFFER)) _GUICtrlListView_SetColumnWidth($lvWarnings, 0, 200) _GUICtrlListView_SetColumnWidth($lvWarnings, 1, 500) _GUICtrlListView_SetColumnWidth($lvWarnings, 2, 300) $hWarnImg = _GUIImageList_Create(16, 16, 5, 3) _GUIImageList_AddIcon($hWarnImg, @ScriptFullPath, -208) _GUICtrlListView_SetImageList($lvWarnings, $hWarnImg, 1) _LoadWarnings() GUISetOnEvent($GUI_EVENT_CLOSE, "_CloseWarningsWindow") GuiSetState(@SW_SHOW, $warnGUI) GUISwitch($warnGUI) EndFunc Func _CloseWarningsWindow() GUIDelete($warnGUI) _endProcessing() EndFunc Func _RecordWarning($sName, $sSource) FileSetAttrib($WarnFile, "-RS") Local $sWarnFile = FileRead($WarnFile) If Not StringRegExp($sWarnFile, _GetRegExpLiterals($sSource), 0) Then Local $oWarnFile = FileOpen($WarnFile, 1) If $oWarnFile = -1 Then FileClose($oWarnFile) Else FileWriteLine($oWarnFile, $sName & "|" & $sSource & "|" & _GetWarningDescription($sName) & @CRLF) FileClose($oWarnFile) $WarnCount += 1 EndIf EndIf FileSetAttrib($WarnFile, "+RS") _UpdateWarningStatus() ;_UpdateWarningImages() EndFunc Func _LoadWarnings() $WarnCount = 0 Local $oWarnFile = FileOpen($WarnFile, 0) GUICtrlSetData($eScan, "Loading Warnings, please wait...") ; Check if file opened for reading OK If $oWarnFile = -1 Then If Not FileExists($WarnFile) Then _CompileLogFile("No warnings found (0)") Else _CompileLogFile("ERROR: Could not load warnings. (" & $WarnFile & ")") EndIf Else _CompileLogFile("Warnings: " & _FileCountLines($WarnFile)) ; Read in lines of text until the EOF is reached While 1 Local $iLine = FileReadLine($oWarnFile) If @error = -1 Then ExitLoop Local $wsplTemp = StringSplit($iLine, "|") If StringInStr($wsplTemp[2], "HKEY_") Then Local $KEYSpl = StringSplit($wsplTemp[2], "-->", 1) If RegRead(_CleanString($KEYSpl[1], 3), _CleanString($KEYSpl[2], 3)) <> "" Then $WarnCount += 1 GUICtrlCreateListViewItem($iLine, $lvWarnings) EndIf ElseIf FileExists($wsplTemp[2]) Then GUICtrlCreateListViewItem($iLine, $lvWarnings) $WarnCount += 1 EndIf WEnd EndIf FileClose($oWarnFile) GUICtrlSetData($eScan, "") _UpdateWarningStatus() _UpdateWarningImages() EndFunc Func _UpdateWarningImages() If _GUICtrlListView_GetItemCount($lvWarnings) > 0 Then Local $Count = _GUICtrlListView_GetItemCount($lvWarnings) For $x = 0 To $Count _GUICtrlListView_SetItemImage($lvWarnings, $x, 0) Next EndIf EndFunc Func _GetWarningDescription($sName) Switch $sName Case "UserProfileDir Startup" Return "UserProfileDir" EndSwitch EndFunc Func _FileDeleteUnlock($Source) GuiCtrlSetData($InfFileProgress, 0) Sleep(100) GuiCtrlSetData($InfFileProgress, 10) If FileExists($Source) Then If Not FileDelete($Source) Then Sleep(100) ;_KillProcess(_SearchProcess($Source)) GuiCtrlSetData($InfFileProgress, 20) Sleep(100) If FileExists($Source) Then If Not FileDelete($Source) Then Sleep(100) _CompileLogFile("ERROR: Could not remove '" & $Source & "'") _CompileLogFile("The file will be deleted on the next reboot.") _FileDeleteOnReboot($Source) $delOnReboot += 1 GuiCtrlSetData($InfFileProgress, 60) Sleep(250) EndIf EndIf EndIf EndIf GuiCtrlSetData($InfFileProgress, 0) If FileExists($Source) Then Return False Else Return True EndIf EndFunc Func _KillProcess($sProc) Local $Plist = ProcessList($sProc) For $i = 1 To $Plist[0][0] If ProcessExists($Plist[$i][0]) Then If _KillSingleProcess($Plist[$i][1]) = False Then ProcessClose($Plist[$i][0]) EndIf EndIf Next EndFunc Func _KillSingleProcess($PID) If ProcessClose($PID) Then _CompileLogFile($PID & " Process Closed.") Return True Else Switch @error Case 1 _CompileLogFile("ERROR: " & $PID & "(OpenProcess failed)") Case 2 _CompileLogFile("ERROR: " & $PID & "(AdjustTokenPrivileges Failed)") Case 3 _CompileLogFile("ERROR: " & $PID & "(TerminateProcess Failed)") Case 4 _CompileLogFile("ERROR: " & $PID & "(Cannot verify if process exists)") EndSwitch Return False EndIf EndFunc Func _SearchProcess($sSource) Local $sProcess $sProcess = StringSplit($sSource, "\") Return $sProcess[$sProcess[0]] EndFunc Func _CompileLogFile($lMsg, $TP = True) Local $lFile, $Pre = "" If Not FileExists($lDir) Then DirCreate($lDir) $lFile = FileOpen($lDir & "\" & $lFileName, 1) If $lFile = -1 Then FileClose($lFile) EndIf If $TP Then $Pre = _TimePrefix() FileWriteLine($lFile, $Pre & $lMsg & @CRLF) FileClose($lFile) $Pre = "" EndFunc Edited May 4, 2011 by Rizonetech Rizonesoft Open Source Home Scripts: Complete Internet Repair | Development: Rizonesoft SDK
JScript Posted May 4, 2011 Posted May 4, 2011 Looks good! I'll try... http://forum.autoitbrasil.com/ (AutoIt v3 Brazil!!!) Somewhere Out ThereJames Ingram Download Dropbox - Simplify your life!Your virtual HD wherever you go, anywhere!
Rizonetech Posted May 4, 2011 Author Posted May 4, 2011 Let me know what you think. Rizonesoft Open Source Home Scripts: Complete Internet Repair | Development: Rizonesoft SDK
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now