cc global antivirus

1. -- Good AV+
2. -- 2023 No Rights Reserved
3. -- Please Don't Copy
4. -- Version 1
5. --Made By A, https://www.youtube.com/channel/UCKzfoGetJvmkkBuY8xmJxdg, and hecker
6. local safe = shell.getRunningProgram() -- av will delete itself because it detects the patterns listed within itself.
7. local detectedPatternsString = ""
8.  
9. local maliciousPatterns = {
10.     "%(shell%.getRunningProgram%(%), \"r\"%)",
11.     "payload",
12.     "os%.pullEvent = os%.pullEventRaw",  
13.     "in ipairs%(fs%.list%(directory%)%)",
14.     "[%a_][%w_]*:%s*byte%s*%(%s*%)%s*%+.-%%.-",
15.     "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890",
16.     'fs.open("startup", "w")',
17.     "fs.open('startup', 'w')",
18.     "shell.setAlias%("
19. }
20. local maliciousPatternsExplain = {
21.     "Self-Replicating ",
22.     "Interfering ",
23.     "Cannot Be Terminated ",  
24.     "Scanning for files ",
25.     "Encryption ",
26.     "Suspicious Activity ",
27.     "Suspicious Activity ",
28.     "Suspicious Activity ",
29.     "Changing Aliases "
30. }
31.  
32. local function typeofInfection(detectedPatterns)
33.  
34.     for _, pattern in ipairs(detectedPatterns) do
35.         if pattern == "Self-Replicating " then
36.             selfReplicating = true
37.         elseif pattern == "Scanning for files " then
38.             scanningForFiles = true
39.         elseif pattern == "Cannot Be Terminated " then
40.             cannotBeTerminated = true
41.         elseif pattern == "Interfering " then
42.             interfering = true
43.         elseif pattern == "Encryption " then
44.             Encryption = true
45.         elseif pattern == "Suspicious Activity  " then
46.             SuspiciousActivity = true
47.         elseif pattern == "Changing Aliases " then
48.             interfering = true
49.             nolua = true
50.         end
51.     end
52.     local endType = "Unknown"
53.  
54.     if selfReplicating and scanningForFiles then
55.         endType = "Quill"
56.         if nolua then endType = "Quill(Evading)" end
57.     elseif selfReplicating and interfering then
58.         endType = "Quill"
59.         if nolua then endType = "Quill(Evading)" end
60.     elseif cannotBeTerminated and interfering then
61.         endType = "Malware"
62.     elseif scanningForFiles then
63.         endType = "Spyware"
64.     elseif Encryption and cannotBeTerminated then
65.         endType = "Ransomware"
66.     elseif interfering and nolua then
67.         endType = "Ransomware"
68.     elseif selfReplicating and nolua then
69.         endType = "Quill(Evading)"
70.     elseif nolua then
71.         endType = "Malware"
72.     end
73.  
74.     return endType
75. end
76.  
77.  
78. local function isMalicious(contents)
79.     local matches = 0  -- Initialize a counter for matches
80.     local detectedPatterns = {} -- Initialize a table to store detected patterns
81.  
82.     for i, pattern in ipairs(maliciousPatterns) do
83.         if contents:find(pattern) then
84.             matches = matches + 1  -- Increment the counter for each match
85.             table.insert(detectedPatterns, maliciousPatternsExplain[i])  -- Add the explanation to the table
86.         end
87.     end
88.  
89.     if matches >= 3 then
90.         return true, detectedPatterns  -- Return true if at least three matches are found
91.     end
92.  
93.     return false, detectedPatterns
94. end
95.  
96. local function scanAndRemove(directory)
97.     for _, file in ipairs(fs.list(directory)) do
98.         local fullPath = fs.combine(directory, file)
99.         if not fs.isDir(fullPath) then
100.             local handle = fs.open(fullPath, "r")
101.             if handle then
102.                 local contents = handle.readAll()
103.                 handle.close()
104.                 local isMal, patterns = isMalicious(contents)
105.                 if isMal then
106.                     if fullPath ~= safe then  -- Check if the file is not the safe program
107.                         fs.delete(fullPath)
108.                         local fileName = fs.getName(fullPath)
109.                         print("Removed malicious file: " .. fileName)
110.                         print("Family Type: "..typeofInfection(patterns))
111.                         detectedPatternsString = detectedPatternsString .. "---=File Detected=---\n"
112.                         detectedPatternsString = detectedPatternsString .. "Removed malicious file: " .. fileName
113.                         detectedPatternsString = detectedPatternsString .. "\nFamily Type: "..typeofInfection(patterns)
114.                         if #patterns > 0 then
115.                             print("Detected Patterns:")
116.                             for _, pattern in ipairs(patterns) do
117.                                 print("- " .. pattern)
118.                             end
119.                             detectedPatternsString = detectedPatternsString .. "\nDetected Patterns:\n"
120.                             detectedPatternsString = detectedPatternsString .. table.concat(patterns, "\n")
121.                             file = fs.open(".avlog", "w")
122.                             file.write(detectedPatternsString)
123.                             file.close()
124.                         end
125.                     end
126.                 end
127.             end
128.         else
129.             if not fullPath:sub(1, 4) == "rom/" then
130.                 scanAndRemove(fullPath)
131.             end
132.         end
133.     end
134. end
135.  
136. -- Start scanning from the current directory
137. local currentDir = ""
138. scanAndRemove(currentDir)
139. print("All files logged into .avlog, use `edit .avlog` to see the full log.")