90 lines
1.5 KiB
Ruby
90 lines
1.5 KiB
Ruby
require 'win32ole'
|
|
require 'FileUtils'
|
|
|
|
|
|
def infectedFiles(decryptFile)
|
|
infectedPath = File.dirname("#{decryptFile}")
|
|
infectedFiles = Dir["#{infectedPath}/*.*"]
|
|
return infectedFiles
|
|
end
|
|
|
|
def infectedFileExpandedPath(file)
|
|
infectedFileExpandedPath = File.expand_path(file.to_s)
|
|
return infectedFileExpandedPath
|
|
end
|
|
|
|
def decryptFiles(path)
|
|
decryptFiles = Dir["#{path}/**/DECRYPT_INSTRUCTION.TXT"]
|
|
return decryptFiles
|
|
end
|
|
|
|
|
|
def myFile
|
|
myFile = File.new("files.txt","a")
|
|
return myFile
|
|
end
|
|
|
|
def openFile
|
|
openFile = File.open("files.txt","a")
|
|
return openFile
|
|
end
|
|
|
|
def writeMyFile(whatToWrite)
|
|
if !isDecryptInstructions(whatToWrite) && !isTorInstructions(whatToWrite)
|
|
whatToWrite = infectedFileExpandedPath(whatToWrite)
|
|
whatToWrite = whatToWrite.gsub("/","\\")
|
|
openFile.puts(whatToWrite)
|
|
openFile.close
|
|
end
|
|
end
|
|
|
|
def deleteInstructions(file)
|
|
if isTorInstructions(file) or isDecryptInstructions(file)
|
|
FileUtils.rm(File.expand_path(file.to_s))
|
|
end
|
|
end
|
|
|
|
def isTorInstructions(file)
|
|
if file.include? "TOR"
|
|
return true
|
|
else
|
|
return false
|
|
end
|
|
end
|
|
|
|
def isDecryptInstructions(file)
|
|
if file.include? "DECRYPT"
|
|
return true
|
|
else
|
|
return false
|
|
end
|
|
end
|
|
|
|
def findInfectedFiles(path)
|
|
decryptFiles(path).each do |f|
|
|
infectedFiles(f).each do |returnedFiles|
|
|
writeMyFile(returnedFiles)
|
|
deleteInstructions(returnedFiles)
|
|
end
|
|
end
|
|
|
|
end
|
|
|
|
|
|
file_system = WIN32OLE.new("Scripting.FileSystemObject")
|
|
drives = file_system.Drives
|
|
drives.each do |drive|
|
|
if drive.DriveType == 2
|
|
findInfectedFiles(drive.Path)
|
|
end
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|