Created separate classes. Need to complete searchUtil class.
This commit is contained in:
@@ -1,89 +0,0 @@
|
||||
require 'win32ole'
|
||||
require 'FileUtils'
|
||||
|
||||
|
||||
def infectedFiles(decryptFile)
|
||||
infectedPath = File.dirname("#{decryptFile}")
|
||||
infectedFiles = Dir["#{infectedPath}/*.*"]
|
||||
return infectedFiles
|
||||
end
|
||||
|
||||
def infectedFileExpandedPath(file)
|
||||
infectedFileExpandedPath = File.expand_path(file.to_s)
|
||||
return infectedFileExpandedPath
|
||||
end
|
||||
|
||||
def decryptFiles(path)
|
||||
decryptFiles = Dir["#{path}/**/DECRYPT_INSTRUCTION.TXT"]
|
||||
return decryptFiles
|
||||
end
|
||||
|
||||
|
||||
def myFile
|
||||
myFile = File.new("files.txt","a")
|
||||
return myFile
|
||||
end
|
||||
|
||||
def openFile
|
||||
openFile = File.open("files.txt","a")
|
||||
return openFile
|
||||
end
|
||||
|
||||
def writeMyFile(whatToWrite)
|
||||
if !isDecryptInstructions(whatToWrite) && !isTorInstructions(whatToWrite)
|
||||
whatToWrite = infectedFileExpandedPath(whatToWrite)
|
||||
whatToWrite = whatToWrite.gsub("/","\\")
|
||||
openFile.puts(whatToWrite)
|
||||
openFile.close
|
||||
end
|
||||
end
|
||||
|
||||
def deleteInstructions(file)
|
||||
if isTorInstructions(file) or isDecryptInstructions(file)
|
||||
FileUtils.rm(File.expand_path(file.to_s))
|
||||
end
|
||||
end
|
||||
|
||||
def isTorInstructions(file)
|
||||
if file.include? "TOR"
|
||||
return true
|
||||
else
|
||||
return false
|
||||
end
|
||||
end
|
||||
|
||||
def isDecryptInstructions(file)
|
||||
if file.include? "DECRYPT"
|
||||
return true
|
||||
else
|
||||
return false
|
||||
end
|
||||
end
|
||||
|
||||
def findInfectedFiles(path)
|
||||
decryptFiles(path).each do |f|
|
||||
infectedFiles(f).each do |returnedFiles|
|
||||
writeMyFile(returnedFiles)
|
||||
deleteInstructions(returnedFiles)
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
|
||||
file_system = WIN32OLE.new("Scripting.FileSystemObject")
|
||||
drives = file_system.Drives
|
||||
drives.each do |drive|
|
||||
if drive.DriveType == 2
|
||||
findInfectedFiles(drive.Path)
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
68
source/cryptowallFinder.rb
Normal file
68
source/cryptowallFinder.rb
Normal file
@@ -0,0 +1,68 @@
|
||||
require 'FileUtils'
|
||||
require_relative 'searchUtil'
|
||||
|
||||
|
||||
class Cryptowallfinder
|
||||
|
||||
attr_accessor :outputFile, :path
|
||||
|
||||
@search = Searchutil.new
|
||||
|
||||
def infectedFiles(decryptFile)
|
||||
infectedPath = File.dirname("#{decryptFile}")
|
||||
infectedFiles = Dir["#{infectedPath}/*.*"]
|
||||
return infectedFiles
|
||||
end
|
||||
|
||||
def infectedFileExpandedPath(file)
|
||||
infectedFileExpandedPath = File.expand_path(file.to_s)
|
||||
return infectedFileExpandedPath
|
||||
end
|
||||
|
||||
def decryptFiles(path)
|
||||
decryptFiles = Dir["#{path}/**/DECRYPT_INSTRUCTION.TXT"]
|
||||
return decryptFiles
|
||||
end
|
||||
|
||||
def writeMyFile(whatToWrite)
|
||||
if !isDecryptInstructions(whatToWrite) && !isTorInstructions(whatToWrite)
|
||||
whatToWrite = infectedFileExpandedPath(whatToWrite)
|
||||
whatToWrite = whatToWrite.gsub("/","\\")
|
||||
@openFile = self.outputFile.open
|
||||
@openFile.puts(whatToWrite)
|
||||
@openFile.close
|
||||
end
|
||||
end
|
||||
|
||||
def deleteInstructions(file)
|
||||
if isTorInstructions(file) or isDecryptInstructions(file)
|
||||
FileUtils.rm(File.expand_path(file.to_s))
|
||||
end
|
||||
end
|
||||
|
||||
def isTorInstructions(file)
|
||||
if file.include? "TOR"
|
||||
return true
|
||||
else
|
||||
return false
|
||||
end
|
||||
end
|
||||
|
||||
def isDecryptInstructions(file)
|
||||
if file.include? "DECRYPT"
|
||||
return true
|
||||
else
|
||||
return false
|
||||
end
|
||||
end
|
||||
|
||||
def findInfectedFiles
|
||||
decryptFiles(self.path).each do |f|
|
||||
infectedFiles(f).each do |returnedFiles|
|
||||
writeMyFile(returnedFiles)
|
||||
deleteInstructions(returnedFiles)
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
15
source/filecreate.rb
Normal file
15
source/filecreate.rb
Normal file
@@ -0,0 +1,15 @@
|
||||
require 'FileUtils'
|
||||
|
||||
class Filecreate
|
||||
|
||||
attr_accessor :filename
|
||||
|
||||
def create
|
||||
myFile = File.new(self.filename,"a")
|
||||
end
|
||||
|
||||
def open
|
||||
openFile = File.open(self.filename,"a")
|
||||
return openFile
|
||||
end
|
||||
end
|
||||
27
source/find_cryptowall_infected_files.rb
Normal file
27
source/find_cryptowall_infected_files.rb
Normal file
@@ -0,0 +1,27 @@
|
||||
require_relative 'windowsFileSystem'
|
||||
require_relative 'cryptowallFinder'
|
||||
require_relative 'filecreate'
|
||||
|
||||
@outputFile = Filecreate.new
|
||||
@outputFile.filename = "files.txt"
|
||||
@outputFile.create
|
||||
@fileSystem = Windowsfilesystem.new
|
||||
@drives = @fileSystem.allDrives
|
||||
puts @drives
|
||||
@drives.each do |drive|
|
||||
if drive.DriveType == 2
|
||||
@find = Cryptowallfinder.new
|
||||
@find.outputFile = @outputFile
|
||||
@find.path = drive.Path
|
||||
@find.findInfectedFiles
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
5
source/searchUtil.rb
Normal file
5
source/searchUtil.rb
Normal file
@@ -0,0 +1,5 @@
|
||||
require 'FileUtils'
|
||||
|
||||
class Searchutil
|
||||
|
||||
end
|
||||
12
source/windowsFileSystem.rb
Normal file
12
source/windowsFileSystem.rb
Normal file
@@ -0,0 +1,12 @@
|
||||
require 'win32ole'
|
||||
|
||||
class Windowsfilesystem
|
||||
|
||||
def file_system
|
||||
return WIN32OLE.new("Scripting.FileSystemObject")
|
||||
end
|
||||
|
||||
def allDrives
|
||||
return file_system.Drives
|
||||
end
|
||||
end
|
||||
@@ -9,10 +9,12 @@ echo .
|
||||
echo .
|
||||
pause
|
||||
cls
|
||||
call ruby\bin\irb.bat find_cryptowall_infected_files.rb
|
||||
call ruby\bin\irb.bat source\find_cryptowall_infected_files.rb
|
||||
xcopy "files.txt" "%userprofile%\Desktop"
|
||||
cls
|
||||
echo The script has finished....
|
||||
echo You can find files.txt on your desktop. DO NOT LOSE THIS FILE!!
|
||||
echo All DECRYPT_INSTRUCTION files have been deleted.
|
||||
echo .
|
||||
pause
|
||||
exit
|
||||
|
||||
Reference in New Issue
Block a user