Created separate classes. Need to complete searchUtil class.

find_cryptowall_infected_files.rb

@@ -1,89 +0,0 @@
-require 'win32ole'
-require 'FileUtils'
-
-
-def infectedFiles(decryptFile)
-	infectedPath = File.dirname("#{decryptFile}")
-	infectedFiles = Dir["#{infectedPath}/*.*"]
-	return infectedFiles
-end
-
-def infectedFileExpandedPath(file)
-	infectedFileExpandedPath = File.expand_path(file.to_s)
-	return infectedFileExpandedPath
-end
-
-def decryptFiles(path)
-	decryptFiles = Dir["#{path}/**/DECRYPT_INSTRUCTION.TXT"]
-	return decryptFiles
-end
-
-
-def myFile
-	myFile = File.new("files.txt","a")
-	return myFile
-end
-
-def openFile
-	openFile = File.open("files.txt","a")
-	return openFile
-end
-
-def writeMyFile(whatToWrite)
-	if !isDecryptInstructions(whatToWrite) && !isTorInstructions(whatToWrite)
-		whatToWrite = infectedFileExpandedPath(whatToWrite)
-		whatToWrite = whatToWrite.gsub("/","\\")
-		openFile.puts(whatToWrite)
-		openFile.close
-	end
-end
-
-def deleteInstructions(file)
-	if isTorInstructions(file) or isDecryptInstructions(file)
-		FileUtils.rm(File.expand_path(file.to_s))
-	end
-end
-
-def isTorInstructions(file)
-	if file.include? "TOR"
-		return true
-	else
-		return false
-	end
-end
-
-def isDecryptInstructions(file)
-	if file.include? "DECRYPT"
-		return true
-	else 
-		return false
-	end
-end
-
-def findInfectedFiles(path)
-	decryptFiles(path).each do |f|
-		infectedFiles(f).each do |returnedFiles|
-			writeMyFile(returnedFiles)
-			deleteInstructions(returnedFiles)
-		end
-	end
-
-end
-
-
-file_system = WIN32OLE.new("Scripting.FileSystemObject")
-drives = file_system.Drives
-drives.each do |drive|
-	if drive.DriveType == 2
-		findInfectedFiles(drive.Path)
-	end
-end
-
-
-
-
-
-
-
-
-

source/cryptowallFinder.rb

@@ -0,0 +1,68 @@
+require 'FileUtils'
+require_relative 'searchUtil'
+
+
+class Cryptowallfinder	
+
+	attr_accessor :outputFile, :path
+
+	@search = Searchutil.new
+
+	def infectedFiles(decryptFile)
+		infectedPath = File.dirname("#{decryptFile}")
+		infectedFiles = Dir["#{infectedPath}/*.*"]
+		return infectedFiles
+	end
+
+	def infectedFileExpandedPath(file)
+		infectedFileExpandedPath = File.expand_path(file.to_s)
+		return infectedFileExpandedPath
+	end
+
+	def decryptFiles(path)
+		decryptFiles = Dir["#{path}/**/DECRYPT_INSTRUCTION.TXT"]
+		return decryptFiles
+	end
+
+	def writeMyFile(whatToWrite)
+		if !isDecryptInstructions(whatToWrite) && !isTorInstructions(whatToWrite)
+			whatToWrite = infectedFileExpandedPath(whatToWrite)
+			whatToWrite = whatToWrite.gsub("/","\\")
+			@openFile = self.outputFile.open
+			@openFile.puts(whatToWrite)
+			@openFile.close
+		end
+	end
+
+	def deleteInstructions(file)
+		if isTorInstructions(file) or isDecryptInstructions(file)
+			FileUtils.rm(File.expand_path(file.to_s))
+		end
+	end
+
+	def isTorInstructions(file)
+		if file.include? "TOR"
+			return true
+		else
+			return false
+		end
+	end
+
+	def isDecryptInstructions(file)
+		if file.include? "DECRYPT"
+			return true
+		else 
+			return false
+		end
+	end
+
+	def findInfectedFiles
+		decryptFiles(self.path).each do |f|
+			infectedFiles(f).each do |returnedFiles|
+				writeMyFile(returnedFiles)
+				deleteInstructions(returnedFiles)
+			end
+		end
+
+	end
+end

source/filecreate.rb

@@ -0,0 +1,15 @@
+require 'FileUtils'
+
+class Filecreate
+
+	attr_accessor :filename
+
+	def create
+		myFile = File.new(self.filename,"a")
+	end
+
+	def open
+		openFile = File.open(self.filename,"a")
+		return openFile
+	end
+end

source/find_cryptowall_infected_files.rb

@@ -0,0 +1,27 @@
+require_relative  'windowsFileSystem'
+require_relative  'cryptowallFinder'
+require_relative  'filecreate'
+
+@outputFile = Filecreate.new
+@outputFile.filename = "files.txt"
+@outputFile.create
+@fileSystem = Windowsfilesystem.new
+@drives = @fileSystem.allDrives
+puts @drives
+@drives.each do |drive|
+	if drive.DriveType == 2
+		@find = Cryptowallfinder.new
+		@find.outputFile = @outputFile
+		@find.path = drive.Path
+		@find.findInfectedFiles
+	end
+end
+
+
+
+
+
+
+
+
+

source/searchUtil.rb

@@ -0,0 +1,5 @@
+require 'FileUtils'
+
+class Searchutil
+
+end

source/windowsFileSystem.rb

@@ -0,0 +1,12 @@
+require 'win32ole'
+
+class Windowsfilesystem
+
+	def file_system
+		return WIN32OLE.new("Scripting.FileSystemObject")
+	end
+
+	def allDrives
+		return file_system.Drives
+	end
+end

start.bat

@@ -9,10 +9,12 @@ echo .
 echo .
 pause
 cls
-call ruby\bin\irb.bat find_cryptowall_infected_files.rb
+call ruby\bin\irb.bat source\find_cryptowall_infected_files.rb
 xcopy "files.txt" "%userprofile%\Desktop"
 cls
 echo The script has finished....
+echo You can find files.txt on your desktop. DO NOT LOSE THIS FILE!!
+echo All DECRYPT_INSTRUCTION files have been deleted.
 echo .
 pause
 exit