windowsScripts
This repository contains a few scripts that have helped me in my Windows environment.
Script 1 Find Cryptowall Infected Files
This program creates a txt for easy backup restoration of files infected with cryptowall. The program depends on the decrypt instrucitons left behind by cryptowall.
For example, if you have two folders on your desktop that contain the following files:
- folder1
- DECRYPT_INSTRUCITON.TXT
- DECRYPT_INSTRUCTION.lnk
- DECRYPT_INSTRUCTION.HTML
- myfile.txt
- myOtherFile.txt
- folder2
- DECRYPT_INSTRUCITON.TXT
- DECRYPT_INSTRUCTION.lnk
- DECRYPT_INSTRUCTION.HTML
- myThirdFile.txt
- myFourthFile.txt
The program will do the following:
- It will create a txt containing:
- folder1path\myfile.txt
- folder1path\myOtherFile.txt
- folder2path\myThirdFile.txt
- folder2path\myFourthFile.txt
- It will delete the following files:
- folder1\DECRYPT_INSTRUCTION.TXT
- folder1\DECRYPT_INSTRUCTION.lnk
- folder1\DECRYPT_INSTRUCTION.HTML
- folder2\DECRYPT_INSTRUCTION.TXT
- folder2\DECRYPT_INSTRUCTION.lnk
- folder2\DECRYPT_INSTRUCTION.HTML
Hopefully, having the txt produced by this program will help you easily restore files infected by cryptowall. The program was only written to search local hard drives (usb drives are included not network drives). It is advised to not run this on systems in which cryptowall is still encrypting files. Make sure the computer is clean (or running in safe mode) before running this program.
Script 2 SMB/NTFS Path Length
This program will create a csv with a list of files whose path exceeds 255 characters. The program scans local drives and should be run on the server not the client.