From 7f92619623181c01484a920e1d7ae57cafc294e9 Mon Sep 17 00:00:00 2001
From: Jacob Cody Wimer <jacob.wimer@gmail.com>
Date: Wed, 1 Apr 2015 07:52:32 -0400
Subject: [PATCH] Added a second script to find paths with above 260
 characters.

---
 README.md                                     | 11 +++++++---
 ....bat => find-cryptowall-infected-files.bat |  0
 network-path-length.bat                       | 19 ++++++++++++++++
 source/cryptowallFinder.rb                    |  5 +----
 source/filecreate.rb                          |  6 +++++
 source/filepath.rb                            | 22 +++++++++++++++++++
 6 files changed, 56 insertions(+), 7 deletions(-)
 rename start.bat => find-cryptowall-infected-files.bat (100%)
 create mode 100644 network-path-length.bat
 create mode 100644 source/filepath.rb

diff --git a/README.md b/README.md
index 74a3941..82f555b 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,8 @@
-# cryptowallFileFinder
+# windowScripts
+
+This repository contains a few scripts that have helped me in my Windows environment.
+
+**Script 1 Find Cryptowall Infected Files**
 This program creates a txt for easy backup restoration of files infected with cryptowall. The program depends on the decrypt instrucitons left behind by cryptowall.
 
 For example, if you have two folders on your desktop that contain the following files:
@@ -31,7 +35,8 @@ The program will do the following:
 	- folder2\DECRYPT_INSTRUCTION.lnk
 	- folder2\DECRYPT_INSTRUCTION.HTML
 
-Hopefully, having the txt produced by this program will help you easily restore files infected by cryptowall. The program was only written to search local hard drives (not usb or network drives). This functionality can be easily added if needed just ask me. It is advised to not run this on systems in which cryptowall is still encrypting files. Make sure the computer is clean (or running in safe mode) before running this program.
+Hopefully, having the txt produced by this program will help you easily restore files infected by cryptowall. The program was only written to search local hard drives (usb drives are included not network drives). It is advised to not run this on systems in which cryptowall is still encrypting files. Make sure the computer is clean (or running in safe mode) before running this program.
 
 
-Download the whole repository with the ruby source code. Clicking start.bat will scan all local drives and place a txt in this directory.
+**Script 2 SMB Path Length**
+This program will create a txt with a list of files whose path exceeds 260 characters. The program scans local drives and should be run on the server not the client.
\ No newline at end of file
diff --git a/start.bat b/find-cryptowall-infected-files.bat
similarity index 100%
rename from start.bat
rename to find-cryptowall-infected-files.bat
diff --git a/network-path-length.bat b/network-path-length.bat
new file mode 100644
index 0000000..890392b
--- /dev/null
+++ b/network-path-length.bat
@@ -0,0 +1,19 @@
+@echo off
+echo This script was created to find all files infected with cryptowall. 
+echo This script relies on the DECRYPT_INSTRUCTIONS files left by cryptowall.
+echo .
+echo .
+echo This also removes all files with DECRYPT or TOR in the title. 
+echo DO NOT LOSE THE TXT THIS SCRIPT CREATES!
+echo .
+echo .
+pause
+cls
+call ruby\bin\irb.bat source\filepath.rb
+xcopy "files.txt" "%userprofile%\Desktop"
+cls
+echo The script has finished....
+echo You can find files.txt on your desktop. 
+echo .
+pause
+exit
\ No newline at end of file
diff --git a/source/cryptowallFinder.rb b/source/cryptowallFinder.rb
index ea4297f..5f56417 100644
--- a/source/cryptowallFinder.rb
+++ b/source/cryptowallFinder.rb
@@ -26,10 +26,7 @@ class Cryptowallfinder
 	def writeMyFile(whatToWrite)
 		if !isDecryptInstructions(whatToWrite) && !isTorInstructions(whatToWrite)
 			whatToWrite = infectedFileExpandedPath(whatToWrite)
-			whatToWrite = whatToWrite.gsub("/","\\")
-			@openFile = self.outputFile.open
-			@openFile.puts(whatToWrite)
-			@openFile.close
+			self.outputFile.writeWindowsFilePath(whatToWrite)
 		end
 	end
 
diff --git a/source/filecreate.rb b/source/filecreate.rb
index a40c1d7..2586a67 100644
--- a/source/filecreate.rb
+++ b/source/filecreate.rb
@@ -12,4 +12,10 @@ class Filecreate
 		openFile = File.open(self.filename,"a")
 		return openFile
 	end
+
+	def writeWindowsFilePath(whatToWrite)
+		whatToWrite = whatToWrite.gsub("/","\\")
+		self.open.puts(whatToWrite)
+		self.open.close
+	end
 end
\ No newline at end of file
diff --git a/source/filepath.rb b/source/filepath.rb
new file mode 100644
index 0000000..6d6ecc6
--- /dev/null
+++ b/source/filepath.rb
@@ -0,0 +1,22 @@
+require_relative  'windowsFileSystem'
+require_relative 'filesUtil'
+require_relative  'filecreate'
+
+@outputFile = Filecreate.new
+@outputFile.filename = "files.txt"
+@outputFile.create
+@filesUtil = Filesutil.new
+@fileSystem = Windowsfilesystem.new
+@drives = @fileSystem.allDrives
+@drives.each do |drive|
+	#puts drive.DriveLetter
+	#puts drive.DriveType
+	if drive.DriveType == 2
+		@files = @filesUtil.findFilesByFileName(drive.Path,'*.*')
+		@filesTooLong = @files.select{|f| @filesUtil.getExpandedPathByFileName(f).length > 260}
+		@filesTooLong.each do |file|
+			@whatToWrite = @filesUtil.getExpandedPathByFileName(file)
+			@outputFile.writeWindowsFilePath(@whatToWrite)
+		end
+	end
+end
\ No newline at end of file