ntakouris · January 25, 2019 01:14
diff --git a/gistfile1.txt b/gistfile1.txt
 # This file CHANGES the drive. USE IT AT YOUR OWN RISK. I'M NOT RESPONSIBLE FOR ANY LOSE.
 # It removes the revisions of cerber2 encrpted files
 # It also renames the file back to what it was before the adobe infection
 # You will probably have to run it multiple times because it only removes one rev each time.
 # Good luck! Hope you get back to a state you were before the infection.
 #

 from __future__ import print_function
 import httplib2
 import os
 import json

 import dateutil.parser as dp

 from apiclient import discovery
 import oauth2client
 from oauth2client import client
 from oauth2client import file 
 from oauth2client import tools

 try:
    import argparse
    flags = argparse.ArgumentParser(parents=[tools.argparser]).parse_args()
 except ImportError:
    flags = None

 # If modifying these scopes, delete your previously saved credentials
 # at ~/.credentials/drive-python-quickstart.json
 #SCOPES = 'https://www.googleapis.com/auth/drive.metadata.readonly'
 SCOPES = 'https://www.googleapis.com/auth/drive'
 CLIENT_SECRET_FILE = 'creds.json'
 APPLICATION_NAME = 'Drive API Python Quickstart'


 def get_credentials():
    """Gets valid user credentials from storage.

    If nothing has been stored, or if the stored credentials are invalid,
    the OAuth2 flow is completed to obtain the new credentials.

    Returns:
        Credentials, the obtained credential.
    """
    home_dir = os.path.expanduser('~')
    credential_dir = os.path.join(home_dir, '.credentials')
    if not os.path.exists(credential_dir):
        os.makedirs(credential_dir)
    credential_path = os.path.join(credential_dir,
                                   'drive-python-quickstart.json')

    store = oauth2client.file.Storage(credential_path)
    credentials = store.get()
    if not credentials or credentials.invalid:
        flow = client.flow_from_clientsecrets(CLIENT_SECRET_FILE, SCOPES)
        flow.user_agent = APPLICATION_NAME
        if flags:
            credentials = tools.run_flow(flow, store, flags)
        else: # Needed only for compatibility with Python 2.6
            credentials = tools.run(flow, store)
        print('Storing credentials to ' + credential_path)
    return credentials

 def main():
    """Shows basic usage of the Google Drive API.

    Creates a Google Drive API service object and outputs the names and IDs
    for up to 10 files.
    """
    credentials = get_credentials()
    http = credentials.authorize(httplib2.Http())
    service = discovery.build('drive', 'v3', http=http)

    target_date = dp.parse('2019-01-24T07:00:00.000Z')

    results = service.files().list(
      spaces="drive",
      q="name contains '.adobe' and '[email protected]' in owners",
      fields="files(id, name),nextPageToken"  
        ).execute()

    affected_files = []

    items = results.get('files', [])

    if not items:
        print('No files found.')
    else:
        print('Files:')
        for item in items:
            print('{0} -> {1}'.format(item['id'], item['name']))
            affected_files.append((item['id'], item['name']))
    
    token = results.get('nextPageToken', "")
    while(token != ""):
        #print(token)
        results = service.files().list(
      spaces="drive",
      pageToken=token,
      q="name contains '.adobe' and '[email protected]' in owners",
      fields="files(id, name),nextPageToken"  
        ).execute()

        token = results.get('nextPageToken', "")
        items = results.get('files', [])

        if not items:
            print('No files found.')
        else:
            print('Files:')
            for item in items:
                print('{0} -> {1}'.format(item['id'], item['name']))
                affected_files.append((item['id'], item['name']))

    print('Collected {0} files'.format(len(affected_files)))

    print(affected_files)

    for file in affected_files:
        id=file[0]
        name=file[1]

        print('Doing file ' + id + " | " + name)

        results = service.revisions().list(fileId=id).execute()

        revisions = results.get('revisions', [])

        revl = list(map(lambda x: (x['id'], x['modifiedTime']), revisions))
        revl.reverse() 

        if(len(revl) == 1):
            continue

        for i in revl:
            parsed = dp.parse(i[1])
            if(parsed > target_date):
                results = service.revisions().delete(
                    fileId=id,
                    revisionId=i[0]
                ).execute()

                results = service.files().update(
                fileId=id,
                body={'name':  name.strip('.adobe')},
                ).execute()



 if __name__ == '__main__':
    main()
	# This file CHANGES the drive. USE IT AT YOUR OWN RISK. I'M NOT RESPONSIBLE FOR ANY LOSE.
	# It removes the revisions of cerber2 encrpted files
	# It also renames the file back to what it was before the adobe infection
	# You will probably have to run it multiple times because it only removes one rev each time.
	# Good luck! Hope you get back to a state you were before the infection.
	#

	from __future__ import print_function
	import httplib2
	import os
	import json

	import dateutil.parser as dp

	from apiclient import discovery
	import oauth2client
	from oauth2client import client
	from oauth2client import file
	from oauth2client import tools

	try:
	import argparse
	flags = argparse.ArgumentParser(parents=[tools.argparser]).parse_args()
	except ImportError:
	flags = None

	# If modifying these scopes, delete your previously saved credentials
	# at ~/.credentials/drive-python-quickstart.json
	#SCOPES = 'https://www.googleapis.com/auth/drive.metadata.readonly'
	SCOPES = 'https://www.googleapis.com/auth/drive'
	CLIENT_SECRET_FILE = 'creds.json'
	APPLICATION_NAME = 'Drive API Python Quickstart'


	def get_credentials():
	"""Gets valid user credentials from storage.

	If nothing has been stored, or if the stored credentials are invalid,
	the OAuth2 flow is completed to obtain the new credentials.

	Returns:
	Credentials, the obtained credential.
	"""
	home_dir = os.path.expanduser('~')
	credential_dir = os.path.join(home_dir, '.credentials')
	if not os.path.exists(credential_dir):
	os.makedirs(credential_dir)
	credential_path = os.path.join(credential_dir,
	'drive-python-quickstart.json')

	store = oauth2client.file.Storage(credential_path)
	credentials = store.get()
	if not credentials or credentials.invalid:
	flow = client.flow_from_clientsecrets(CLIENT_SECRET_FILE, SCOPES)
	flow.user_agent = APPLICATION_NAME
	if flags:
	credentials = tools.run_flow(flow, store, flags)
	else: # Needed only for compatibility with Python 2.6
	credentials = tools.run(flow, store)
	print('Storing credentials to ' + credential_path)
	return credentials

	def main():
	"""Shows basic usage of the Google Drive API.

	Creates a Google Drive API service object and outputs the names and IDs
	for up to 10 files.
	"""
	credentials = get_credentials()
	http = credentials.authorize(httplib2.Http())
	service = discovery.build('drive', 'v3', http=http)

	target_date = dp.parse('2019-01-24T07:00:00.000Z')

	results = service.files().list(
	spaces="drive",
	q="name contains '.adobe' and '[email protected]' in owners",
	fields="files(id, name),nextPageToken"
	).execute()

	affected_files = []

	items = results.get('files', [])

	if not items:
	print('No files found.')
	else:
	print('Files:')
	for item in items:
	print('{0} -> {1}'.format(item['id'], item['name']))
	affected_files.append((item['id'], item['name']))

	token = results.get('nextPageToken', "")
	while(token != ""):
	#print(token)
	results = service.files().list(
	spaces="drive",
	pageToken=token,
	q="name contains '.adobe' and '[email protected]' in owners",
	fields="files(id, name),nextPageToken"
	).execute()

	token = results.get('nextPageToken', "")
	items = results.get('files', [])

	if not items:
	print('No files found.')
	else:
	print('Files:')
	for item in items:
	print('{0} -> {1}'.format(item['id'], item['name']))
	affected_files.append((item['id'], item['name']))

	print('Collected {0} files'.format(len(affected_files)))

	print(affected_files)

	for file in affected_files:
	id=file[0]
	name=file[1]

	print('Doing file ' + id + " \| " + name)

	results = service.revisions().list(fileId=id).execute()

	revisions = results.get('revisions', [])

	revl = list(map(lambda x: (x['id'], x['modifiedTime']), revisions))
	revl.reverse()

	if(len(revl) == 1):
	continue

	for i in revl:
	parsed = dp.parse(i[1])
	if(parsed > target_date):
	results = service.revisions().delete(
	fileId=id,
	revisionId=i[0]
	).execute()

	results = service.files().update(
	fileId=id,
	body={'name': name.strip('.adobe')},
	).execute()



	if __name__ == '__main__':
	main()