如何修复此 md5 扫描程序不删除受感染的恶意软件文件?
How to fix this md5 scanner not removing infected malware files?
我正在使用 Hyper-V VM 运行 Windows 对我完成的 md5 恶意软件扫描程序进行质量控制检查 Windows 10. 扫描程序没有删除 [=13] 提供的恶意软件样本=] 哪些散列包含在扫描仪数据库中并且是最新的。
我已经尝试恢复到原来的状态 ,但没有成功。可能是某处环境变量设置不当造成的。
:MD5
cls
color 1c
title MD5 scanner
echo.
echo Warning!
echo.
echo This feature is undergoing multiple test-runs.
echo.
echo This moldule will auto remove malware when scanning.
echo.
echo This moldule could delete system or private files without any intent to do it.
echo.
echo We are not responsible for any damage to your computer or your files by using this moldule.
echo.
echo You have been WARNED!
echo.
pause
:dbpatch
cls
color B5
title MD5 scanner - Database Updates [0/4]
cd /d "%~dp0\wget-1.11.4-1-bin\bin"
wget --timeout=30 --timestamping --continue --no-check-certificate https://media.githubusercontent.com/media/Richienb/virusshare-hashes/master/virushashes.txt
pause
goto :Asksect
:Asksect
cls
title MD5 scanner - Database Updates [0/4]
echo Do you want to retry the update?
echo.
echo Y/N
echo.
set /p chc45=
if %chc45%==y goto :dbpatch
if %chc45%==Y goto :dbpatch
if %chc45%==n goto :scan
if %chc45%==N goto :scan
goto :Asksect
:scan
cd /d "%~dp0"
cls
title MD5 scanner - Database Updates [0/4]
echo Checked for Database Updates! Proceeding to Scan Engine...
echo.
pause
cls
title MD5 scanner - Scan Path [0/4]
REM Copyright 2014 BatchProg
echo please specify path to scan down here
echo example C:\Users
echo AND PLEASE DONT ENTER SOMETHING THAT ISNT A COMPUTER PATH
echo IF YOU ENTER SOMETHING THAT ISNT A COMPUTER PATH THE PROGRAM WILL CRASH
set /p pathscan2=path:
cls
title MD5 scanner - Setting up necessary things [1/4]
del /f /q %~dp0\output.txt
REM for /r %%x in (*) do set /a fcount=%fcount%+1
REM set /a totsecscan=%fcount%*15
REM set /a totminscan=%totsecscan%/60
REM if %totminscan%==0 set /a etascan=%totsecscan% seconds && goto :md5hash
REM set /a tothourscan=%totminscan%/60
REM if %tothourscan%==0 set /a etascan=%totminscan% minutes && goto :md5hash
REM set /a totdayscan=%tothourscan%/24
REM if %totdayscan%==0 set /a etascan=%tothourscan% hours && goto :md5hash
REM set /a etascan=%totdayscan% days
goto :md5hash
:md5hash
cls
title MD5 scanner - Hashing [2/4]
set "$base=%~dp0\wget-1.11.4-1-bin\bin\virushashes.txt"
for /r %%f in (%pathscan2%) do %~dp0\md5.exe "%%f " >> %~dp0\output.txt
cd /d "%~dp0"
title MD5 scanner - Comparing Hashes with known malware hashes [3/4]
cls
%pathscan2% echo ETA of scan:%etascan%
echo.
echo Uses a lot of CPU power to process but this is real scanner.
echo It does find real malware but the ability to remove it-
echo is related with the environment it is run on.
echo Run on Safe mode with networking for best results.
for /f "tokens=1* delims= " %%a in (%~dp0\output.txt) do find "%%a" "%$base%" >nul && del /p /f /s "%%b "
title MD5 scanner - Deleting Temporary Files [4/4]
del /f /q %~dp0\output.txt
cls
title MD5 scanner - Completed
echo Scan and Delete completed
echo.
pause
goto :menu
我希望
for /f "tokens=1* delims= " %%a in (%~dp0\output.txt) do find "%%a" "%$base%" >nul && del /p /f /s "%%b "
将 output.txt 中的哈希与恶意软件哈希库进行比较,并删除任何恶意文件(如果可能会提示用户),但代码根本不会删除任何文件。
附加信息;
示例 output.txt
D3041FF4F3B76CC0353064D1133BFEDE D:\EvaxHybrid\backup\.tmp.drivedownload91564.driveupload
6756458290BE387639F0068C706E8881 D:\EvaxHybrid\backup\.tmp.drivedownload59364.driveupload
9A66042E5A3619A7B49633752044FCEA D:\EvaxHybrid\backup\.tmp.drivedownload77560.driveupload
9E44B511DD344F2D35FA513EEA0D54E4 D:\EvaxHybrid\backup\.tmp.drivedownload10290.driveupload
A845071F7C4B4E67EF64BFB4BF5C3FB5 D:\EvaxHybrid\backup\.tmp.drivedownload23965.driveupload
C49B5CD76F60FCD284209384E2E4EB55 D:\EvaxHybrid\backup\.tmp.drivedownload24089.driveupload
6B7484B3ADCE8141A4E7411C7F66A9D7 D:\EvaxHybrid\backup\.tmp.drivedownload48269.driveupload
5A48A1B8A70B5A3A39D5EBC9B370BE4D D:\EvaxHybrid\backup\.tmp.drivedownload95701.driveupload
58B19F4875C82A846AD6DE62096D5F19 D:\EvaxHybrid\backup\.tmp.drivedownload88031.driveupload
C7E363D722920967E737747DB0C79EDE D:\EvaxHybrid\backup\.tmp.drivedownload60857.driveupload
DBC938D49B09BE7E0FC1E7BEB74F487D D:\EvaxHybrid\backup\.tmp.drivedownload73375.driveupload
6068C7836BFF997EDBE52C6EC0AE7DF3 D:\EvaxHybrid\backup\.tmp.drivedownload33639.driveupload
CD86C81B193594F8320832D34294CFA0 D:\EvaxHybrid\backup\.tmp.drivedownload32442.driveupload
91D6210AA04AA666E2F32FF64B996E7E D:\EvaxHybrid\backup\.tmp.drivedownload55809.driveupload
7941801B8AF887E45B5021ED2466D4F8 D:\EvaxHybrid\backup\.tmp.drivedownload66678.driveupload
for /f "tokens=1* delims= " %%a in (%~dp0\output.txt) do find "%%a" "%$base%" >nul && del /p /f /s "%%b "
for /f "tokens=1* delims= " %%a in (%~dp0\output.txt) do find /I "%%a" "%$base%" >nul && del /p /f /s "%%b "
已将 find "%%a" "%$base%" >nul 更改为 find /I " %%a" "%$base%" >nul 由于 DB 和哈希算法输出中的字母大小写不同 (output.txt)。
我正在使用 Hyper-V VM 运行 Windows 对我完成的 md5 恶意软件扫描程序进行质量控制检查 Windows 10. 扫描程序没有删除 [=13] 提供的恶意软件样本=] 哪些散列包含在扫描仪数据库中并且是最新的。
我已经尝试恢复到原来的状态
:MD5
cls
color 1c
title MD5 scanner
echo.
echo Warning!
echo.
echo This feature is undergoing multiple test-runs.
echo.
echo This moldule will auto remove malware when scanning.
echo.
echo This moldule could delete system or private files without any intent to do it.
echo.
echo We are not responsible for any damage to your computer or your files by using this moldule.
echo.
echo You have been WARNED!
echo.
pause
:dbpatch
cls
color B5
title MD5 scanner - Database Updates [0/4]
cd /d "%~dp0\wget-1.11.4-1-bin\bin"
wget --timeout=30 --timestamping --continue --no-check-certificate https://media.githubusercontent.com/media/Richienb/virusshare-hashes/master/virushashes.txt
pause
goto :Asksect
:Asksect
cls
title MD5 scanner - Database Updates [0/4]
echo Do you want to retry the update?
echo.
echo Y/N
echo.
set /p chc45=
if %chc45%==y goto :dbpatch
if %chc45%==Y goto :dbpatch
if %chc45%==n goto :scan
if %chc45%==N goto :scan
goto :Asksect
:scan
cd /d "%~dp0"
cls
title MD5 scanner - Database Updates [0/4]
echo Checked for Database Updates! Proceeding to Scan Engine...
echo.
pause
cls
title MD5 scanner - Scan Path [0/4]
REM Copyright 2014 BatchProg
echo please specify path to scan down here
echo example C:\Users
echo AND PLEASE DONT ENTER SOMETHING THAT ISNT A COMPUTER PATH
echo IF YOU ENTER SOMETHING THAT ISNT A COMPUTER PATH THE PROGRAM WILL CRASH
set /p pathscan2=path:
cls
title MD5 scanner - Setting up necessary things [1/4]
del /f /q %~dp0\output.txt
REM for /r %%x in (*) do set /a fcount=%fcount%+1
REM set /a totsecscan=%fcount%*15
REM set /a totminscan=%totsecscan%/60
REM if %totminscan%==0 set /a etascan=%totsecscan% seconds && goto :md5hash
REM set /a tothourscan=%totminscan%/60
REM if %tothourscan%==0 set /a etascan=%totminscan% minutes && goto :md5hash
REM set /a totdayscan=%tothourscan%/24
REM if %totdayscan%==0 set /a etascan=%tothourscan% hours && goto :md5hash
REM set /a etascan=%totdayscan% days
goto :md5hash
:md5hash
cls
title MD5 scanner - Hashing [2/4]
set "$base=%~dp0\wget-1.11.4-1-bin\bin\virushashes.txt"
for /r %%f in (%pathscan2%) do %~dp0\md5.exe "%%f " >> %~dp0\output.txt
cd /d "%~dp0"
title MD5 scanner - Comparing Hashes with known malware hashes [3/4]
cls
%pathscan2% echo ETA of scan:%etascan%
echo.
echo Uses a lot of CPU power to process but this is real scanner.
echo It does find real malware but the ability to remove it-
echo is related with the environment it is run on.
echo Run on Safe mode with networking for best results.
for /f "tokens=1* delims= " %%a in (%~dp0\output.txt) do find "%%a" "%$base%" >nul && del /p /f /s "%%b "
title MD5 scanner - Deleting Temporary Files [4/4]
del /f /q %~dp0\output.txt
cls
title MD5 scanner - Completed
echo Scan and Delete completed
echo.
pause
goto :menu
我希望
for /f "tokens=1* delims= " %%a in (%~dp0\output.txt) do find "%%a" "%$base%" >nul && del /p /f /s "%%b "
将 output.txt 中的哈希与恶意软件哈希库进行比较,并删除任何恶意文件(如果可能会提示用户),但代码根本不会删除任何文件。
附加信息; 示例 output.txt
D3041FF4F3B76CC0353064D1133BFEDE D:\EvaxHybrid\backup\.tmp.drivedownload91564.driveupload
6756458290BE387639F0068C706E8881 D:\EvaxHybrid\backup\.tmp.drivedownload59364.driveupload
9A66042E5A3619A7B49633752044FCEA D:\EvaxHybrid\backup\.tmp.drivedownload77560.driveupload
9E44B511DD344F2D35FA513EEA0D54E4 D:\EvaxHybrid\backup\.tmp.drivedownload10290.driveupload
A845071F7C4B4E67EF64BFB4BF5C3FB5 D:\EvaxHybrid\backup\.tmp.drivedownload23965.driveupload
C49B5CD76F60FCD284209384E2E4EB55 D:\EvaxHybrid\backup\.tmp.drivedownload24089.driveupload
6B7484B3ADCE8141A4E7411C7F66A9D7 D:\EvaxHybrid\backup\.tmp.drivedownload48269.driveupload
5A48A1B8A70B5A3A39D5EBC9B370BE4D D:\EvaxHybrid\backup\.tmp.drivedownload95701.driveupload
58B19F4875C82A846AD6DE62096D5F19 D:\EvaxHybrid\backup\.tmp.drivedownload88031.driveupload
C7E363D722920967E737747DB0C79EDE D:\EvaxHybrid\backup\.tmp.drivedownload60857.driveupload
DBC938D49B09BE7E0FC1E7BEB74F487D D:\EvaxHybrid\backup\.tmp.drivedownload73375.driveupload
6068C7836BFF997EDBE52C6EC0AE7DF3 D:\EvaxHybrid\backup\.tmp.drivedownload33639.driveupload
CD86C81B193594F8320832D34294CFA0 D:\EvaxHybrid\backup\.tmp.drivedownload32442.driveupload
91D6210AA04AA666E2F32FF64B996E7E D:\EvaxHybrid\backup\.tmp.drivedownload55809.driveupload
7941801B8AF887E45B5021ED2466D4F8 D:\EvaxHybrid\backup\.tmp.drivedownload66678.driveupload
for /f "tokens=1* delims= " %%a in (%~dp0\output.txt) do find "%%a" "%$base%" >nul && del /p /f /s "%%b "
for /f "tokens=1* delims= " %%a in (%~dp0\output.txt) do find /I "%%a" "%$base%" >nul && del /p /f /s "%%b "
已将 find "%%a" "%$base%" >nul 更改为 find /I " %%a" "%$base%" >nul 由于 DB 和哈希算法输出中的字母大小写不同 (output.txt)。