Added a second script to find paths with above 260 characters.

README.md

@@ -1,4 +1,8 @@
-# cryptowallFileFinder
+# windowScripts
+
+This repository contains a few scripts that have helped me in my Windows environment.
+
+**Script 1 Find Cryptowall Infected Files**
 This program creates a txt for easy backup restoration of files infected with cryptowall. The program depends on the decrypt instrucitons left behind by cryptowall.
 
 For example, if you have two folders on your desktop that contain the following files:
@@ -31,7 +35,8 @@ The program will do the following:
 	- folder2\DECRYPT_INSTRUCTION.lnk
 	- folder2\DECRYPT_INSTRUCTION.HTML
 
-Hopefully, having the txt produced by this program will help you easily restore files infected by cryptowall. The program was only written to search local hard drives (not usb or network drives). This functionality can be easily added if needed just ask me. It is advised to not run this on systems in which cryptowall is still encrypting files. Make sure the computer is clean (or running in safe mode) before running this program.
+Hopefully, having the txt produced by this program will help you easily restore files infected by cryptowall. The program was only written to search local hard drives (usb drives are included not network drives). It is advised to not run this on systems in which cryptowall is still encrypting files. Make sure the computer is clean (or running in safe mode) before running this program.
 
 
-Download the whole repository with the ruby source code. Clicking start.bat will scan all local drives and place a txt in this directory.
+**Script 2 SMB Path Length**
+This program will create a txt with a list of files whose path exceeds 260 characters. The program scans local drives and should be run on the server not the client.

network-path-length.bat

@@ -0,0 +1,19 @@
+@echo off
+echo This script was created to find all files infected with cryptowall. 
+echo This script relies on the DECRYPT_INSTRUCTIONS files left by cryptowall.
+echo .
+echo .
+echo This also removes all files with DECRYPT or TOR in the title. 
+echo DO NOT LOSE THE TXT THIS SCRIPT CREATES!
+echo .
+echo .
+pause
+cls
+call ruby\bin\irb.bat source\filepath.rb
+xcopy "files.txt" "%userprofile%\Desktop"
+cls
+echo The script has finished....
+echo You can find files.txt on your desktop. 
+echo .
+pause
+exit

source/cryptowallFinder.rb

@@ -26,10 +26,7 @@ class Cryptowallfinder
 	def writeMyFile(whatToWrite)
 		if !isDecryptInstructions(whatToWrite) && !isTorInstructions(whatToWrite)
 			whatToWrite = infectedFileExpandedPath(whatToWrite)
-			whatToWrite = whatToWrite.gsub("/","\\")
-			@openFile = self.outputFile.open
-			@openFile.puts(whatToWrite)
-			@openFile.close
+			self.outputFile.writeWindowsFilePath(whatToWrite)
 		end
 	end
 

source/filecreate.rb

@@ -12,4 +12,10 @@ class Filecreate
 		openFile = File.open(self.filename,"a")
 		return openFile
 	end
+
+	def writeWindowsFilePath(whatToWrite)
+		whatToWrite = whatToWrite.gsub("/","\\")
+		self.open.puts(whatToWrite)
+		self.open.close
+	end
 end

source/filepath.rb

@@ -0,0 +1,22 @@
+require_relative  'windowsFileSystem'
+require_relative 'filesUtil'
+require_relative  'filecreate'
+
+@outputFile = Filecreate.new
+@outputFile.filename = "files.txt"
+@outputFile.create
+@filesUtil = Filesutil.new
+@fileSystem = Windowsfilesystem.new
+@drives = @fileSystem.allDrives
+@drives.each do |drive|
+	#puts drive.DriveLetter
+	#puts drive.DriveType
+	if drive.DriveType == 2
+		@files = @filesUtil.findFilesByFileName(drive.Path,'*.*')
+		@filesTooLong = @files.select{|f| @filesUtil.getExpandedPathByFileName(f).length > 260}
+		@filesTooLong.each do |file|
+			@whatToWrite = @filesUtil.getExpandedPathByFileName(file)
+			@outputFile.writeWindowsFilePath(@whatToWrite)
+		end
+	end
+end