Jump to content

Locky/Petya


GoliatHD
 Share

Recommended Posts

Hi,

maby you know Locky or Petya. This are viruses that encode your whole files. I found a script what tells you wich files theoretically be encrypted. (Sorry for my bad english,but im 15 :) )

 

The script: 

 

@echo off
setlocal enabledelayedexpansion
set total=0
cls
for %%i in (a b c d e f  h i j k l m n o p q r s t u v w x y z) do (
  set DRIVE=%%i:\
  if exist !DRIVE! (
    call :lookup !DRIVE!
  )
)
echo Total of files potentially encrypted files: %total%
 
goto :eof
 
:lookup
set drive=%1
set subtotal=0
echo Scanning %drive%
for /r %drive% %%i in (*.m4u *.m3u *.mid *.wma *.flv *.3g2 *.mkv *.3gp *.mp4 *.mov *.avi *.asf *.mpeg *.vob *.mpg *.wmv *.fla *.swf *.wav *.mp3 *.qcow2 *.vdi *.vmdk *.vmx *.gpg *.aes *.ARC *.PAQ *.tar.bz2 *.tbk *.bak *.tar *.tgz *.rar *.zip *.djv *.djvu *.svg *.bmp c*.gif *.raw *.cgm *.jpeg *.jpg *.tif *.tiff *.NEF *.psd *.cmd *.bat *.class *.jar *.java *.asp *.brd *.sch *.dch *.dip *.vbs *.asm *.pas *.cpp *.php *.ldf *.mdf *.ibd *.MYI *.MYD *.frm *.odb *png *.dbf *.mdb *.sql *.SQLITEDB *.SQLITE3 *.asc *.lay6 *.lay *.ms11 *.sldm *.sldx *.ppsm *.ppsx *.ppam *.docb *.mml *.sxm *.otg *.odg *.uop *.potx *.potm *.pptx *.pptm *.std *.sxd *.pot *.pps *.sti *.sxi *.otp *.odp *.wb2 *.123 *.wks *.wk1 *.xltx *.xltm *.xlsx *.xlsm *.xlsb *.slk *.xlw *.xlt *.xlm *.xlc *.dif *.stc *.sxc *.ots *.ods *.hwp *.602 *.dotm *.dotx *.docm *.docx *.DOT *.3dm *.max *.3ds *.xml *.txt *.CSV *.uot *.RTF *.pdf *.XLS *.PPT *.stw *.sxw *.ott *.odt *.DOC *.pem *.p12 *.csr *.crt *.key) do (
  echo %%i
  set /a subtotal=subtotal + 1
  set /a total=total + 1
)
echo Detected files: %subtotal%
pause
goto :eof
 
 
You must write a .bat or .cmd behind your name of the Script. Then you go in CMD go to the file and write: [Filename].bat > [Filename].txt. 
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...