require 'win32ole'
require 'FileUtils'


def infectedFiles(decryptFile)
	infectedPath = File.dirname("#{decryptFile}")
	infectedFiles = Dir["#{infectedPath}/*.*"]
	return infectedFiles
end

def infectedFileExpandedPath(file)
	infectedFileExpandedPath = File.expand_path(file.to_s)
	return infectedFileExpandedPath
end

def decryptFiles(path)
	decryptFiles = Dir["#{path}/**/DECRYPT_INSTRUCTION.TXT"]
	return decryptFiles
end


def myFile
	myFile = File.new("files.txt","a")
	return myFile
end

def openFile
	openFile = File.open("files.txt","a")
	return openFile
end

def writeMyFile(whatToWrite)
	if !isDecryptInstructions(whatToWrite) && !isTorInstructions(whatToWrite)
		whatToWrite = infectedFileExpandedPath(whatToWrite)
		whatToWrite = whatToWrite.gsub("/","\\")
		openFile.puts(whatToWrite)
		openFile.close
	end
end

def deleteInstructions(file)
	if isTorInstructions(file) or isDecryptInstructions(file)
		FileUtils.rm(File.expand_path(file.to_s))
	end
end

def isTorInstructions(file)
	if file.include? "TOR"
		return true
	else
		return false
	end
end

def isDecryptInstructions(file)
	if file.include? "DECRYPT"
		return true
	else 
		return false
	end
end

def findInfectedFiles(path)
	decryptFiles(path).each do |f|
		infectedFiles(f).each do |returnedFiles|
			writeMyFile(returnedFiles)
			deleteInstructions(returnedFiles)
		end
	end

end


file_system = WIN32OLE.new("Scripting.FileSystemObject")
drives = file_system.Drives
drives.each do |drive|
	if drive.DriveType == 2
		findInfectedFiles(drive.Path)
	end
end