Skip to content

Instantly share code, notes, and snippets.

@Pome-ro
Last active September 18, 2017 22:11
Show Gist options
  • Save Pome-ro/7fc4fca1a1ee8336d785635264c7679a to your computer and use it in GitHub Desktop.
Save Pome-ro/7fc4fca1a1ee8336d785635264c7679a to your computer and use it in GitHub Desktop.
Find if computers on your network have the CCleaner Malware.
# Finds Regkey for CCleaner Malware in v5.33. 2017-09-18
# Read More Here: http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html
$Computers = Get-AdComputer -filter #Put your filter here.
$cred = Get-Credential
$logpath = $env:USERPROFILE+"\desktop\ccleaner-malware.csv"
foreach ($Computer in $Computers) {
if($(Test-NetConnection $computer.name).PingSucceeded){
$WinRM = Get-Service -Name WinRM -ComputerName $computer.name
if ($WinRM.Status -eq 'Stopped') {
write-host "WinRM Service off. Starting WinRM service on $($computer.name)"
Set-Service -Name WinRM -ComputerName $Computer.name -Status Running
}
$WinRM = Get-Service -Name WinRM -ComputerName $computer.name
if ($WinRM.status -eq 'Running') {
$Results = Invoke-Command -ComputerName $($Computer.Name) -Credential $cred -ArgumentList $Computer -ScriptBlock {
$payload = test-path HKLM:\SOFTWARE\Piriform\Agomo
return $payload
}
if ($results) {
write-host "$($computer.name) is affected" -ForegroundColor Red
add-content -Path $logpath "$($computer.name), affected"
} else {
write-host "$($computer.name) is not affected" -ForegroundColor Green
add-content -Path $logpath "$($computer.name), not affected"
}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment