-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
15 changed files
with
151,389 additions
and
454 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,194 +1,161 @@ | ||
| ::BAV_:[email protected]:anic17/Batch-Antivirus.git | ||
| @echo off | ||
| setlocal EnableDelayedExpansion | ||
| set dir=%CD% | ||
| path=%PATH%;%CD% | ||
| set ver=0.1.0 | ||
| title Batch Antivirus | ||
| set ver=3.0.0 | ||
| title Batch Antivirus Scanner | ||
| if /i "%~1"=="--help" goto help | ||
| set elements=files | ||
|
|
||
| color 07 | ||
| set admin=1 | ||
|
|
||
| mode con: cols=120 lines=30 | ||
| set scanned_files=0 | ||
| set threats=0 | ||
| if /i "%~1"=="--prompt-scan" goto prompt_scan | ||
| if /i "%~1"=="--reg-scan" goto reg_scan | ||
| if /i "%~2"=="--skip-update" ( | ||
| call :scan "%~f1" | ||
| exit /b | ||
| goto skipupdate | ||
| ) | ||
|
|
||
| :database_check | ||
| ::echo Checking for database updates... | ||
|
|
||
|
|
||
|
|
||
| ::md "%TMP%\Batch-Antivirus" 2>nul 1>nul | ||
|
|
||
| ::takeown /f "%TMP%\Batch-Antivirus" 2>nul 1>nul | ||
| ::icacls "%TMP%\Batch-Antivirus" /setowner "%username%" 2>nul 1>nul | ||
|
|
||
| ::icacls "%TMP%\Batch-Antivirus" /grant "%username%":(F,MA) /t 2>nul 1>nul | ||
|
|
||
| ::powershell -Command Invoke-WebRequest -Uri "https://raw.githubusercontent.com/anic17/Batch-Antivirus/master/VirusDataBaseHash.bav" -OutFile "%TMP%\Batch-Antivirus\VirusDataBaseHash.bav" | ||
| rem for /f %%H in ('sha256 "%TMP%\Batch-Antivirus\VirusDataBaseHash.bav"') do (set "hashnewdatabase=%%H") | ||
| rem for /f %%H in ('sha256 "VirusDataBaseHash.bav"') do (set "hasolddatabase=%%h") | ||
|
|
||
| rem if /i "%hashnewdatabase%" neq "%hasolddatabase%" ( | ||
| rem echo Update found: Installing... | ||
| rem move "%~dp0VirusDataBaseHash.bav" "%~dp0VirusDataBaseHash.bav.old" /y 2>nul 1>nul | ||
| rem ) else ( | ||
| rem echo No update found | ||
| rem ) | ||
|
|
||
| net session > nul 2>&1 || set admin=0 | ||
| if !admin!==0 ( | ||
| echo Looks like you are running Antivirus without administrator permissions... | ||
| echo Looks like you are running Batch Antivirus without administrator permissions... | ||
| echo. | ||
| echo This can make difficult to remove some malware. | ||
| echo We recommend running it as administrator | ||
| echo It is recommended to run the scan as administrator. | ||
| echo. | ||
| set /p "runasdmin_ask=Would you like to run scan as administrator? (y/n): " | ||
| if /i not !runasdmin_ask!==n goto runas | ||
| echo.Would you like to run scan as administrator? ^(y/n^) | ||
| choice /c:YN /n | ||
| if !errorlevel!==1 goto runas | ||
| ) | ||
|
|
||
| call "%~dp0BAVUpdate.bat" | ||
| :skipupdate | ||
|
|
||
| if "%~1"=="" ( | ||
| cd \ | ||
| ) else ( | ||
| cd /d "%~1" > nul 2>&1 | ||
| ) | ||
| echo. | ||
| echo Scanning system for threats... | ||
| echo Scanning '%CD%' for threats... | ||
| echo. | ||
| set "current_dir=%CD%" | ||
| cd/ | ||
| if "%~1" neq "" cd /d "%~1" | ||
| if /i "%~1"=="--current-dir" cd /d "%current_dir%" | ||
|
|
||
| call :reg_scan | ||
| for /f "delims=" %%A in ('dir /s /b /ad') do call :scan "%%~a" 2>nul | ||
| for /r %%A in (*) do call :scan "%%~A" 2>nul | ||
|
|
||
| for /d %%a in (*.*) do call :scan "%%~a" 2> nul | ||
| :finished | ||
| echo Scan finished. | ||
| echo. | ||
| echo Result: !scanned_files! scanned %elements% and !threats! threat(s) found | ||
| call :settitle | ||
| echo Result: !scanned_files! files scanned and !threats! threat(s) found | ||
| echo. | ||
| echo Press any key to quit... | ||
| pause>nul | ||
| exit /B %errorlevel% | ||
|
|
||
| :scan | ||
| title Scanning now: %* ; !scanned_files! scanned %elements%, !threats! threat(s) found | ||
| set filescan=%* | ||
| for /f %%A in ('sha256.exe "%~1\" 2^>nul') do (call :hashed %%A) | ||
| rem set /a scanned_files+=1 | ||
| set "filescan=%~1" | ||
| call :settitle | ||
| for /f %%A in ('sha256.exe "!filescan!" 2^>nul') do call :hashed %%A | ||
| set /a scanned_files+=1 | ||
| goto :EOF | ||
|
|
||
| :hashed | ||
|
|
||
| set "hash=%~1" | ||
| set "hash=%hash:~1%" | ||
| set "hash=!hash:\=!" | ||
|
|
||
| findstr /c:"%hash%" "%~dp0VirusDataBaseHash.bav" > nul || exit /B | ||
| findstr /c:"!hash!" "%~dp0VirusDataBaseHash.bav" > nul || goto :EOF | ||
|
|
||
| for /f "tokens=1,2* delims=:" %%a in ('findstr /c:"%hash%" "%~dp0VirusDataBaseHash.bav"') do (call :detection "%%~a" "%%~b") | ||
| for /f "tokens=1* delims=:" %%a in ('findstr /c:"!hash!" "%~dp0VirusDataBaseHash.bav"') do (call :detection "%%~a" "%%~b") | ||
| goto :EOF | ||
|
|
||
| :detection | ||
| if "%~1" neq "%hash%" goto :EOF | ||
| if "%~1" neq "!hash!" goto :EOF | ||
|
|
||
| start /b powershell [Reflection.Assembly]::LoadWithPartialName("""System.Windows.Forms""");$obj=New-Object Windows.Forms.NotifyIcon;$obj.Icon = [drawing.icon]::ExtractAssociatedIcon($PSHOME + """\powershell.exe""");$obj.Visible = $True;$obj.ShowBalloonTip(100000, """Batch Antivirus""","""Threats found: %~2""",2)>nul | ||
| if "%~1"=="%hash%" (echo Malware found: !filescan! ^| %~2) || goto :EOF | ||
| md "%DIR%\Data\Quarantine\!hash!" 2>nul 1>nul | ||
| icacls %filescan% /setowner %username% 2>nul 1>nul | ||
| icacls %filescan% /grant %username%:(F,MA,WA,RA,WEA,REA,WDAC,DE) 2>nul 1>nul | ||
| echo Malware found: !filescan! ^| %~2 | ||
| md "%~dp0Data\Quarantine\!hash!" > nul 2>&1 | ||
| icacls "!filescan!" /setowner %username% > nul 2>&1 | ||
| icacls "!filescan!" /grant %username%:(F,MA,WA,RA,WEA,REA,WDAC,DE) > nul 2>&1 | ||
|
|
||
| move %filescan% "%DIR%\Data\Quarantine\!hash!\!hash!" /y 2>nul 1>nul | ||
| icacls "%DIR%\Data\Quarantine\!hash!\!hash!" /deny %username%:(RX,W,R,M,RD,WEA,REA,X,RA,WA) 2>nul 1>nul | ||
| move "!filescan!" "%~dp0Data\Quarantine\!hash!\!hash!" /y > nul 2>&1 | ||
| icacls "%~dp0Data\Quarantine\!hash!\!hash!" /deny %username%:(RX,W,R,M,RD,WEA,REA,X,RA,WA) > nul 2>&1 | ||
| set /a threats+=1 | ||
| if not exist %filescan% (echo Malware successfully quarantined) else (call :delete) | ||
| if not exist "!filescan!" (echo Malware successfully quarantined) else call :delete | ||
| goto :EOF | ||
|
|
||
| :delete | ||
| echo. | ||
| echo Failed to quarantine malware^^! | ||
| set /p "delmalware=Delete malware? (y/n): " | ||
| icacls %filescan% /setowner %username% 2>nul 1>nul | ||
| icacls %filescan% /grant %username%:(F,MA,WA,RA,WEA,REA,WDAC,DE) 2>nul 1>nul | ||
| if /i "%delmalware%"=="y" del !filescan! /s /q > nul | ||
| icacls "!filescan!" /setowner %username% > nul 2>&1 | ||
| icacls "!filescan!" /grant %username%:(F,MA,WA,RA,WEA,REA,WDAC,DE) > nul 2>&1 | ||
| if /i "%delmalware%"=="y" del !filescan! /s /q /f > nul | ||
| echo. | ||
| goto :EOF | ||
|
|
||
| :help | ||
| echo. | ||
| echo Batch AntiVirus %ver% - Help menu | ||
| echo Batch Antivirus - Scanner | ||
| echo. | ||
| echo Syntax: | ||
| echo. | ||
| echo BAV "[folder]" | ||
| echo BAV ^<switch^> | ||
| echo BAV [[folder] ^| --reg-scan ^| --help] [--skip-update] | ||
| echo. | ||
| echo Examples: | ||
| echo. | ||
| echo BAV | ||
| echo Will do an scan in all current drive. This may take some time depending | ||
| echo of the number of files and the speed of your computer. | ||
| echo Will scan all the current drive. This may take some a lot of time depending | ||
| echo on the number of files and the computer performance. | ||
| echo. | ||
| echo BAV "%USERPROFILE%" | ||
| echo Will scan the folder "%USERPROFILE%" and all it's subdirectories | ||
| echo It is recommended for more precise scan | ||
| echo Will scan the folder "%USERPROFILE%" and all its subdirectories | ||
| echo It is recommended for a more precise and faster scan. | ||
| echo. | ||
| echo BAV --reg-scan | ||
| echo Will only scan the registry looking for threats | ||
| echo Only scan the autorun registry keys. | ||
| echo. | ||
| echo BAV --prompt-scan | ||
| echo Will make a scan of current directory while you can use CMD, | ||
| echo running in background but seeing results. Useful if you want to continue working | ||
| echo while a scan is running | ||
| echo.BAV --skip-update | ||
| echo.Skip update checking and directly run scan. | ||
| echo. | ||
| echo BAV --help | ||
| echo Will show this message | ||
| echo Displays this help message. | ||
| echo. | ||
| echo. | ||
| echo BatchAntivirus will check at every startup new database updates to guarantee | ||
| echo that you have always the most updated database | ||
| echo Batch Antivirus will check at every startup new database updates to ensure you | ||
| echo have always the latest database. | ||
| echo.You can also manually check for updates by running 'BAVUpdate.bat' file. | ||
| echo. | ||
| echo Official GitHub repository: | ||
| echo https://github.com/anic17/Batch-Antivirus | ||
| echo. | ||
| echo If you accidentally downloaded some malware or PUP, contact [email protected] | ||
| echo and send the potentially malicious file via Mega, Dropbox, Google Drive, Mediafire or OneDrive. | ||
| echo. | ||
| echo. | ||
| echo Copyright (c) 2020 anic17 Software | ||
| echo Copyright (c) 2022 anic17 Software | ||
| endlocal | ||
| exit /B 0 | ||
|
|
||
|
|
||
|
|
||
| :prompt_scan | ||
| start /b "" cmd.exe /c "%~0" --current-dir & cd /d "%CD%" & exit 0 | ||
|
|
||
| :runas | ||
| echo CreateObject("Shell.Application").ShellExecute ""%~nx0 %*"",,,"RunAs",1 > "%TMP%\BAV-RunAs.vbs" | ||
| cscript.exe //nologo "%TMP%\BAV-RunAs.vbs" //B & exit /B %errorlevel% | ||
| powershell -ExecutionPolicy Bypass -Command Start-Process -FilePath """%~0""" -verb RunAs | ||
| exit /b | ||
|
|
||
| :reg_scan | ||
| set elements=elements | ||
| :: Run keys | ||
|
|
||
| for /f "tokens=3* delims= " %%A in ('reg query "HKLM\Software\Microsoft\Windows\CurrentVersion\Run"') do (call :scan %%A %%B) | ||
| for /f "tokens=3* delims= " %%A in ('reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Run"') do (call :scan %%A %%B) | ||
|
|
||
| :: RunOnce keys | ||
| for /f "tokens=3* delims= " %%A in ('reg query "HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce"') do (call :scan %%A %%B) | ||
| for /f "tokens=3* delims= " %%A in ('reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce"') do (call :scan %%A %%B) | ||
|
|
||
| for %%A in (HKEY_LOCAL_MACHINE HKEY_CURRENT_USER) do ( | ||
| rem Run and RunOnce | ||
| for /f "tokens=3* delims= " %%A in ('reg query "%%A\Software\Microsoft\Windows\CurrentVersion\Run"') do call :scan "%%~A" | ||
| for /f "tokens=3* delims= " %%A in ('reg query "%%A\Software\Microsoft\Windows\CurrentVersion\RunOnce"') do call :scan "%%~A" | ||
| ) | ||
| :: Run WOW6432Node | ||
| for /f "tokens=3* delims= " %%A in ('reg query "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run"') do (call :scan %%A %%B) | ||
| for /f "tokens=3* delims= " %%A in ('reg query "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce"') do (call :scan %%A %%B) | ||
| for /f "tokens=3* delims= " %%A in ('reg query "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run"') do call :scan "%%~A" | ||
| for /f "tokens=3* delims= " %%A in ('reg query "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce"') do call :scan "%%~A" | ||
|
|
||
| :: Shell and userinit keys | ||
| for /f "tokens=3* delims= " %%A in ('reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"') do (call :scan %%A %%B) | ||
| for /f "tokens=3* delims= " %%A in ('reg query "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon"') do (call :scan %%A %%B) | ||
|
|
||
| for /f "tokens=3* delims= " %%A in ('reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Userinit') do ( | ||
| for /f "tokens=1 delims=," %%X in ("%%~A") do call :scan "%%~X" | ||
| ) | ||
| for /f "tokens=3* delims= " %%A in ('reg query "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Userinit') do ( | ||
| for /f "tokens=1 delims=," %%X in ("%%~A") do call :scan "%%~X" | ||
| ) | ||
| goto :EOF | ||
|
|
||
| :settitle | ||
| title Scanning now: !filescan! ; !scanned_files! scanned, !threats! threat(s) found |
Oops, something went wrong.