Wrote this to get rid of an extortion virus. Might expand it more in the future. https://www.virustotal.com/file/7dcf381565eeb4b7ac6b20fd3911a44580aa9e1a0b9b6d078e2d7819ac837e2b/analysis/

remove.py

import os
import datetime

appdata = os.environ['APPDATA']
log_dir = appdata + '\\dclogs\\'
local_dir = appdata + '\\..\\Local\\'

exes = [local_dir + 'Java.exe', local_dir + 'wmpnet32.exe', local_dir + 'Microsoft\\Windows\\Start Menu\\Programs\\Startup\\WinUpdate.exe']
found = false
print startup

for exe in exes:
	if (os.path.exists(exe)):
		found = true
		print 'Found a dangerous executable file! %s' % exe

if !found:
	print 'Did not find any dangerous executables... Continuing search with log files.'

if os.path.exists(log_dir):
	print 'Key logs on your system for dates:'
	files = os.listdir(log_dir)
	found = true

	for f in files:
		print datetime.datetime.fromtimestamp(os.stat(log_dir + f).st_ctime).strftime("%m/%d/%Y")
		os.unlink(log_dir + f)

	print 'Deleted %i files' % len(files)
	print 'Deleting logs directory'
	os.rmdir(log_dir)
else:
	print 'No log files existed'

if found:
	print 'Removed as much of the extortion virus that is currently known about! Thanks for using my tool.'
	print 'Visit https://kylestevenson.me/github for more projects.'
else:
	print 'This script did not find any evidence of the extortion virus on your computer. This does not, however, mean that your computer is free of viruses! Please run a full virus scan with a tool such as Malwarebytes Anti-Malware'