Last active
October 5, 2015 19:08
-
-
Save kylestev/2860475 to your computer and use it in GitHub Desktop.
Wrote this to get rid of an extortion virus. Might expand it more in the future. https://www.virustotal.com/file/7dcf381565eeb4b7ac6b20fd3911a44580aa9e1a0b9b6d078e2d7819ac837e2b/analysis/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import os | |
import datetime | |
appdata = os.environ['APPDATA'] | |
log_dir = appdata + '\\dclogs\\' | |
local_dir = appdata + '\\..\\Local\\' | |
exes = [local_dir + 'Java.exe', local_dir + 'wmpnet32.exe', local_dir + 'Microsoft\\Windows\\Start Menu\\Programs\\Startup\\WinUpdate.exe'] | |
found = false | |
print startup | |
for exe in exes: | |
if (os.path.exists(exe)): | |
found = true | |
print 'Found a dangerous executable file! %s' % exe | |
if !found: | |
print 'Did not find any dangerous executables... Continuing search with log files.' | |
if os.path.exists(log_dir): | |
print 'Key logs on your system for dates:' | |
files = os.listdir(log_dir) | |
found = true | |
for f in files: | |
print datetime.datetime.fromtimestamp(os.stat(log_dir + f).st_ctime).strftime("%m/%d/%Y") | |
os.unlink(log_dir + f) | |
print 'Deleted %i files' % len(files) | |
print 'Deleting logs directory' | |
os.rmdir(log_dir) | |
else: | |
print 'No log files existed' | |
if found: | |
print 'Removed as much of the extortion virus that is currently known about! Thanks for using my tool.' | |
print 'Visit https://kylestevenson.me/github for more projects.' | |
else: | |
print 'This script did not find any evidence of the extortion virus on your computer. This does not, however, mean that your computer is free of viruses! Please run a full virus scan with a tool such as Malwarebytes Anti-Malware' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment