FindInfected.vbs

' Author: Michael Stevenson
' Desc  : Uses a list of files, and attempts to find files infected with Bluetooth.exe
Set objFSO = CreateObject("Scripting.FileSystemObject")

Dim oldName

Set secondShell = WScript.CreateObject("WScript.Shell")
Set objShell = WScript.CreateObject("WScript.Shell")
Set logFile = objFSO.CreateTextFile("U:\VirusCleanup\infected_files.txt", True)
Set checkedFiles = objFSO.CreateTextFile("U:\VirusCleanup\checked_files.txt", True)

'secondShell.Run("cmd /c ECHO.  > C:\VirusCleanup\infected_files.txt")
'secondShell.Run("cmd /c ECHO.  > C:\VirusCleanup\checked_file.txt")

'Set secondShell = WScript.CreateObject("WScript.Shell")

Dim file_to_check, skipped_name, errored_name

If WScript.Arguments.Count < 3 Then
	WScript.Echo "Missing Parameters"
	WScript.Quit
End If

file_to_check = WScript.Arguments(0)
skipped_name = WScript.Arguments(1)
errored_name = WScript.Arguments(2)

Set listFile = objFSO.OpenTextFile(file_to_check)
Set missedFile = objFSO.CreateTextFile(skipped_name, True)

Set errorFile = objFSO.CreateTextFile(errored_name, True)

Dim counter
counter = 0

Dim strText

Do While Not listFile.AtEndOfStream
	strText = listFile.ReadLine()

	On Error Resume Next
	Set fileToCheck = objFSO.GetFile(strText)
	
	If Err.Number <> 0 Then
		'There was an error finding the file
		WScript.Echo "Error opening " & strText & "..."
		errorFile.WriteLine strText
		Err.Clear
	Else
	
		WScript.Echo "7z l " & chr(34) & objFSO.getAbsolutePathName(fileToCheck) & chr(34)
		Set objExecObject = objShell.Exec("7z l " & chr(34) & objFSO.getAbsolutePathName(fileToCheck) & chr(34))
	
		'Do Until objExecObject.Status
		'	Wscript.Sleep 250
		'	WScript.Echo "TEST"
		'Loop
	
		WScript.Echo "CHECKING: " & objFSO.getAbsolutePathName(fileToCheck)
	
		Do Until objExecObject.Status
			If counter = 20 Then
				Exit Do
			End If
			WScript.Sleep 250
			counter = counter + 1
		Loop
	
		If counter = 20 Then
			WScript.Echo "Skipping " & fileToCheck.Name
			missedFile.WriteLine( objFSO.getAbsolutePathName( fileToCheck))
		Else
			Do While Not objExecObject.StdOut.AtEndOfStream
		
		
				If Not objExecObject.StdErr.AtEndOfStream Then
					missedFile.WriteLine(objFSO.getAbsolutPathName(fileToCheck))
					objExecObject.StdErr.ReadLine
				End If
		
				strText = objExecObject.StdOut.ReadLine()
				'WScript.Echo strText
				If InStr(strText, "Bluetooth.exe") > 0 Then
					logFile.WriteLine(objFSO.getAbsolutePathName(fileToCheck))
					'Set secondExecObj = secondShell.Exec("cmd /c ECHO " & objFSO.getAbsolutePathName(fileToCheck) & " >> C:\VirusCleanup\infected_files.txt")
					WScript.Echo objFSO.getAbsolutePathName(fileToCheck) & " - Infected"
			
					'Do Until secondExecObj.Status
					'	WScript.Sleep 250
					'Loop
			
					Exit Do
				End If
		
				If Not objExecObject.StdErr.AtEndOfStream Then
					WScript.Echo objExecObject.StdErr.ReadLine
				End If
			Loop
	
			'Set secondExecObj = secondShell.Exec("cmd /c ECHO " & objFSO.getAbsolutePathName(fileToCheck) & " >> C:\VirusCleanup\checked_files.txt")
	
			'Do Until secondExecObj.Status
			'	WScript.Sleep 250
			'Loop
			checkedFiles.WriteLine(objFSO.getAbsolutePathName(fileToCheck))
		End If
	
		counter = 0
	End If
Loop

listFile.Close()
logFile.Close()