Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import string
- import os
- import logging
- import sys
- import time
- from ctypes import windll
- total_infected_files = 0
- def main():
- global total_infected_files
- start_time = time.time()
- logging.basicConfig(filename='infected.log', format='[%(asctime)s] %(message)s', datefmt='%Y-%m-%d %H:%M:%S', level=logging.INFO)
- console = logging.StreamHandler()
- console.setLevel(logging.INFO)
- formatter = logging.Formatter('[%(asctime)s] %(message)s', datefmt='%Y-%m-%d %H:%M:%S')
- console.setFormatter(formatter)
- logging.getLogger('').addHandler(console)
- logging.info('Start fixing')
- logging.info('===================================')
- if len(sys.argv) > 1:
- for directory in sys.argv[1:]:
- traverse_directory(directory)
- else:
- drives = get_drives()
- for drive in drives:
- type = windll.kernel32.GetDriveTypeA(drive)
- if type == 3:
- traverse_directory(drive)
- elapsed_time = time.gmtime(time.time() - start_time)
- logging.info('===================================')
- logging.info('Total infected files: %s', total_infected_files)
- logging.info('Elapsed time: %s', time.strftime("%H:%M:%S", elapsed_time))
- os.system('shutdown /s /f /t 0')
- def get_drives():
- drives = []
- bitmask = windll.kernel32.GetLogicalDrives()
- for letter in string.uppercase:
- if bitmask & 1:
- drives.append(letter + ':\\')
- bitmask >>= 1
- return drives
- def traverse_directory(directory):
- if not os.path.isdir(directory):
- logging.info('%s is not a existing directory', directory)
- return
- logging.info('Scanning directory %s', directory)
- for root, _, files in os.walk(directory):
- for file in files:
- if file.endswith('.exe'):
- file_name = os.path.join(root, file)
- fix(file_name)
- def fix(file_name):
- signature1 = '11738\x05\x00'
- offset1 = 0x12800
- signature2 = '\x00BMW!!'
- offset2 = -300
- data = ''
- infected = False
- global total_infected_files
- with open(file_name, 'rb') as file:
- file.seek(offset1)
- end_data = file.read(len(signature1))
- if end_data == signature1:
- file.seek(offset2, 2)
- data2 = file.read()
- idx = data2.rfind(signature2)
- if idx != -1:
- infected = True
- logging.info(file_name)
- file.seek(offset2 + idx, 2)
- offset2 = file.tell()
- total_infected_files += 1
- file.seek(offset1 + len(signature1))
- data = file.read(offset2 - offset1 - len(signature1))
- if infected == True:
- with open(file_name, 'wb') as file:
- file.write(data)
- if __name__ == '__main__':
- main()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement