- Taranırken, taranamayan dosyaları kullanıcıya gösterin.
- Sistem linklerini taramaya dahil etmeyin. Yönlendirdiği yer elbet diski tararken karşınıza çıkar.
C# Tam tarama yaparken C:\Documents ve Settings yoluna erişim engellendi hatası
- Konuyu başlatan Turkıye anlasması
- Başlangıç Tarihi
- Mesaj 52
- Görüntüleme 3.138
-
- Etiketler
- hydra dragon antivirüs
- Katılım
- 12 Mayıs 2016
- Mesajlar
- 1.555
- Çözümler
- 5
Tamam işte bunu yapmaya çalışıyorum olmuyor. Mecbur dil mi değiştirmem lazım.
Dillik bir durum yok. Kod bir kilometre olduğundan inceleyemem maalesef. Diskte taranacak dosyayı alıp, tarayan fonksiyona yönlendiren kısmını kırpıp atabilir misiniz?
- Katılım
- 12 Mayıs 2016
- Mesajlar
- 1.555
- Çözümler
- 5
C#:
private async void button2_Click(object sender, EventArgs e)
{
listView1.Items.Clear();
listView2.Items.Clear();
textBox5.Text = "";
textBox6.Text = "";
textBox3.Text = "";
textBox4.Text = "";
textBox7.Text = "";
textBox1.Text = "";
textBox2.Text = "";
label4.Text = "Viruses";
label5.Text = "Clean files";
IblStatus.Text = "Status N/A";
IblStatus.ForeColor = Color.Black;
using (var folderDialog = new FolderBrowserDialog())
{
if (folderDialog.ShowDialog() != DialogResult.OK)
{
return;
}
var files = Directory.GetFiles(folderDialog.SelectedPath, "*", SearchOption.AllDirectories);
progressBar1.Maximum = files.Length;
progressBar1.Value = 0;
// Animation variables
string[] scanningFrames = { ".", "..", "..." };
int currentFrameIndex = 0;
label10.Visible = true;
Dictionary<string, string> infectedWithFileNameList = new Dictionary<string, string>();
Dictionary<string, string> cleanWithFileNameList = new Dictionary<string, string>();
// Start the animation and progress percentage
label10.Text = $"Scanning (0%)";
currentFrameIndex = (currentFrameIndex + 1) % scanningFrames.Length;
timer.Start();
await Task.Run(async () =>
{
int batchSize = 100; // Number of files to process in a batch
int filesProcessed = 0;
while (filesProcessed < files.Length)
{
var batchFiles = files.Skip(filesProcessed).Take(batchSize).ToArray();
await Task.WhenAll(batchFiles.Select(filePath => ProcessFileAsync(filePath)));
filesProcessed += batchFiles.Length;
// Update the animation
label10.Invoke(new Action(() => label10.Text += scanningFrames[currentFrameIndex]));
currentFrameIndex = (currentFrameIndex + 1) % scanningFrames.Length;
}
});
async Task ProcessFileAsync(string filePath)
{
bool isInfected;
string md5HashString;
using (var md5 = MD5.Create())
{
using (var fileStream = File.OpenRead(filePath))
{
var md5Hash = await Task.Run(() => md5.ComputeHash(fileStream));
md5HashString = BitConverter.ToString(md5Hash).Replace("-", "").ToLowerInvariant();
isInfected = IsFileInfected(md5HashString);
}
}
var item = new ListViewItem(new[] { filePath, isInfected ? "Infected!" : "Clean!" });
if (isInfected)
{
item.ForeColor = Color.Red;
infectedWithFileNameList[filePath] = md5HashString;
// Check if the file is locked by another process
bool isFileLocked = IsFileLocked(filePath);
if (isFileLocked)
{
string processName = GetProcessNameOfFile(filePath);
if (!string.IsNullOrEmpty(processName))
{
KillProcessUsingTaskkill(processName);
}
}
}
else
{
item.ForeColor = Color.Green;
cleanWithFileNameList[filePath] = md5HashString;
}
progressBar1.Invoke(new Action(() => progressBar1.Increment(1)));
int progressPercentage = (int)(((double)progressBar1.Value / progressBar1.Maximum) * 100);
label10.Invoke(new Action(() => label10.Text = $"Scanning ({progressPercentage}%)"));
}
foreach (var kvp in infectedWithFileNameList)
{
listView1.Items.Add(new ListViewItem(new[] { kvp.Key, kvp.Value })).ForeColor = Color.Red;
}
foreach (var kvp in cleanWithFileNameList)
{
listView2.Items.Add(new ListViewItem(new[] { kvp.Key, kvp.Value })).ForeColor = Color.Green;
}
textBox5.Text = string.Join(Environment.NewLine, infectedWithFileNameList.Select(kvp => kvp.Value + " " + kvp.Key));
textBox6.Text = string.Join(Environment.NewLine, cleanWithFileNameList.Select(kvp => kvp.Value + " " + kvp.Key));
textBox3.Text = string.Join(Environment.NewLine, infectedWithFileNameList.Values);
textBox4.Text = string.Join(Environment.NewLine, cleanWithFileNameList.Values);
textBox7.Text = CalculateCombinedSHA256(infectedWithFileNameList.Keys.Concat(cleanWithFileNameList.Keys));
textBox1.Text = string.Join(Environment.NewLine, infectedWithFileNameList.Values);
textBox2.Text = string.Join(Environment.NewLine, infectedWithFileNameList.Keys.Concat(cleanWithFileNameList.Keys));
label10.Text = "Scan complete.";
if (infectedWithFileNameList.Count > 0)
{
IblStatus.Text = "Infected!";
IblStatus.ForeColor = Color.Red;
await AnimateInfectedLabel();
}
else
{
IblStatus.Text = "Clean!";
IblStatus.ForeColor = Color.Green;
}
}
}Koda sembolik link kontrol fonksiyonu ekleyin.
stackoverflow.com
Ardından dosyayı taramadan önce bu fonksiyon ile dosyayı kontrol edin. Eğer fonksiyon True dönerse dosyayı es geçin.
Ufak değişiklikler olabilir, ama mantık bu şekilde.
Kod:
private bool IsSymbolic(string path)
{
FileInfo pathInfo = new FileInfo(path);
return pathInfo.Attributes.HasFlag(FileAttributes.ReparsePoint);
}Check if a file is real or a symbolic link
Is there a way to tell using C# if a file is real or a symbolic link? I've dug through the MSDN W32 docs, and can't find anything for checking this. I'm using CreateSymbolicLink from here, and it's
stackoverflow.com
Ardından dosyayı taramadan önce bu fonksiyon ile dosyayı kontrol edin. Eğer fonksiyon True dönerse dosyayı es geçin.
Boşluklardan kodu kopyalamıyorum. Bu fonksiyonun başına yazacaksınız.
Kod:
if (IsSymbolic(FilePath)); { return 0; }Ufak değişiklikler olabilir, ama mantık bu şekilde.
- Katılım
- 12 Mayıs 2016
- Mesajlar
- 1.555
- Çözümler
- 5
Kod:
::BAV_:git@github.com:anic17/Batch-Antivirus.git
@echo off
setlocal EnableDelayedExpansion
title Batch Antivirus Scanner
if /i "%~1"=="--help" goto help
call "%~dp0BAVStatus.bat" --skip || exit /b
set admin=1
set scanned_files=0
set threats=0
if /i "%~1"=="--reg-scan" goto reg_scan
if /i "%~2"=="--skip-update" (
goto skipupdate
)
net session > nul 2>&1 || set admin=0
if !admin!==0 (
echo Looks like you are running Batch Antivirus without administrator permissions...
echo.
echo This can make difficult to remove some malware.
echo It is recommended to run the scan as administrator.
echo.
echo.Would you like to run scan as administrator? ^(y/n^)
choice /c:YN /n
if !errorlevel!==1 goto runas
)
call "%~dp0BAVUpdate.bat"
:skipupdate
if "%~1"=="" (
cd \
) else (
cd /d "%~1" > nul 2>&1
)
echo.
echo Scanning '%CD%' for threats...
echo.
call :reg_scan
for /r %%A in (*) do call :scan "%%~A" 2>nul
:finished
echo Scan finished.
echo.
call :settitle
echo Result: !scanned_files! files scanned and !threats! threat(s) found
echo.
echo Press any key to quit...
pause>nul
exit /B %errorlevel%
:scan
set "filescan=%~1"
call :settitle
for /f %%A in ('sha256.exe "!filescan!" 2^>nul') do call :hashed %%A
set /a scanned_files+=1
goto :EOF
:hashed
set "hash=%~1"
set "hash=!hash:\=!"
findstr /c:"!hash!" "%~dp0VirusDataBaseHash.bav" > nul || goto :EOF
for /f "tokens=1* delims=:" %%a in ('findstr /c:"!hash!" "%~dp0VirusDataBaseHash.bav"') do (call :detection "%%~a" "%%~b")
goto :EOF
:detection
if "%~1" neq "!hash!" goto :EOF
start /b powershell [Reflection.Assembly]::LoadWithPartialName("""System.Windows.Forms""");$obj=New-Object Windows.Forms.NotifyIcon;$obj.Icon = [drawing.icon]::ExtractAssociatedIcon($PSHOME + """\powershell.exe""");$obj.Visible = $True;$obj.ShowBalloonTip(100000, """Batch Antivirus""","""Threats found: %~2""",2)>nul
echo Malware found: !filescan! ^| %~2
md "%~dp0Data\Quarantine\!hash!" > nul 2>&1
icacls "!filescan!" /setowner %username% > nul 2>&1
icacls "!filescan!" /grant %username%:(F,MA,WA,RA,WEA,REA,WDAC,DE) > nul 2>&1
move "!filescan!" "%~dp0Data\Quarantine\!hash!\!hash!" /y > nul 2>&1
icacls "%~dp0Data\Quarantine\!hash!\!hash!" /deny %username%:(RX,W,R,M,RD,WEA,REA,X,RA,WA) > nul 2>&1
set /a threats+=1
if not exist "!filescan!" (echo Malware successfully quarantined) else call :delete
goto :EOF
:delete
echo.
echo Failed to quarantine malware^^!
set /p "delmalware=Delete malware? (y/n): "
icacls "!filescan!" /setowner %username% > nul 2>&1
icacls "!filescan!" /grant %username%:(F,MA,WA,RA,WEA,REA,WDAC,DE) > nul 2>&1
if /i "%delmalware%"=="y" del !filescan! /s /q /f > nul
echo.
goto :EOF
:help
echo.
echo Batch Antivirus - Scanner
echo.
echo Syntax:
echo.
echo BAV [[folder] ^| --reg-scan ^| --help] [--skip-update]
echo.
echo Examples:
echo.
echo BAV
echo Will scan all the current drive. This may take some a lot of time depending
echo on the number of files and the computer performance.
echo.
echo BAV "%USERPROFILE%"
echo Will scan the folder "%USERPROFILE%" and all its subdirectories
echo It is recommended for a more precise and faster scan.
echo.
echo BAV --reg-scan
echo Only scan the autorun registry keys.
echo.
echo.BAV --skip-update
echo.Skip update checking and directly run scan.
echo.
echo BAV --help
echo Displays this help message.
echo.
echo Batch Antivirus will check at every startup new database updates to ensure you
echo have always the latest database.
echo.You can also manually check for updates by running 'BAVUpdate.bat' file.
echo.
echo Official GitHub repository:
echo https://github.com/anic17/Batch-Antivirus
echo.
echo If you accidentally downloaded some malware or PUP, contact batch.antivirus@gmail.com
echo and send the potentially malicious file via Mega, Dropbox, Google Drive, Mediafire or OneDrive.
echo.
echo Copyright (c) 2022 anic17 Software
endlocal
exit /B 0
:runas
powershell -ExecutionPolicy Bypass -Command Start-Process -FilePath """%~0""" -verb RunAs
exit /b
:reg_scan
:: Run keys
for %%A in (HKEY_LOCAL_MACHINE HKEY_CURRENT_USER) do (
rem Run and RunOnce
for /f "tokens=3* delims= " %%A in ('reg query "%%A\Software\Microsoft\Windows\CurrentVersion\Run"') do call :scan "%%~A"
for /f "tokens=3* delims= " %%A in ('reg query "%%A\Software\Microsoft\Windows\CurrentVersion\RunOnce"') do call :scan "%%~A"
)
:: Run WOW6432Node
for /f "tokens=3* delims= " %%A in ('reg query "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run"') do call :scan "%%~A"
for /f "tokens=3* delims= " %%A in ('reg query "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce"') do call :scan "%%~A"
:: Shell and userinit keys
for /f "tokens=3* delims= " %%A in ('reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Userinit') do (
for /f "tokens=1 delims=," %%X in ("%%~A") do call :scan "%%~X"
)
for /f "tokens=3* delims= " %%A in ('reg query "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Userinit') do (
for /f "tokens=1 delims=," %%X in ("%%~A") do call :scan "%%~X"
)
goto :EOF
:settitle
title Scanning now: !filescan! ; !scanned_files! scanned, !threats! threat(s) foundBu da son örnek. Verdiğin yanıta bakacağım birazdan ama bunlara da bak derim.
Windows Defender'in bat şubesi sanırım. Pek de incelemedim.
#15'inci mesajımda bir güncelleme olursa etiletlersin.
- Katılım
- 12 Mayıs 2016
- Mesajlar
- 1.555
- Çözümler
- 5
İşe yaramadı.
C#:
private bool IsSymbolic(string path)
{
FileInfo pathInfo = new FileInfo(path);
return pathInfo.Attributes.HasFlag(FileAttributes.ReparsePoint);
}
private async void button2_Click(object sender, EventArgs e)
{
listView1.Items.Clear();
listView2.Items.Clear();
textBox5.Text = "";
textBox6.Text = "";
textBox3.Text = "";
textBox4.Text = "";
textBox7.Text = "";
textBox1.Text = "";
textBox2.Text = "";
label4.Text = "Viruses";
label5.Text = "Clean files";
IblStatus.Text = "Status N/A";
IblStatus.ForeColor = Color.Black;
using (var folderDialog = new FolderBrowserDialog())
{
if (folderDialog.ShowDialog() != DialogResult.OK)
{
return;
}
var files = Directory.GetFiles(folderDialog.SelectedPath, "*", SearchOption.AllDirectories);
progressBar1.Maximum = files.Length;
progressBar1.Value = 0;
// Animation variables
string[] scanningFrames = { ".", "..", "..." };
int currentFrameIndex = 0;
label10.Visible = true;
Dictionary<string, string> infectedWithFileNameList = new Dictionary<string, string>();
Dictionary<string, string> cleanWithFileNameList = new Dictionary<string, string>();
// Start the animation and progress percentage
label10.Text = $"Scanning (0%)";
currentFrameIndex = (currentFrameIndex + 1) % scanningFrames.Length;
timer.Start();
await Task.Run(async () =>
{
int batchSize = 100; // Number of files to process in a batch
int filesProcessed = 0;
while (filesProcessed < files.Length)
{
var batchFiles = files.Skip(filesProcessed).Take(batchSize).ToArray();
foreach (var filePath in batchFiles)
{
// Check if the file is a symbolic link and skip it if it is
if (IsSymbolic(filePath))
{
MessageBox.Show("Symbolic link founded");
continue;
}
await ProcessFileAsync(filePath);
}
filesProcessed += batchFiles.Length;
// Update the animation
label10.Invoke(new Action(() => label10.Text += scanningFrames[currentFrameIndex]));
currentFrameIndex = (currentFrameIndex + 1) % scanningFrames.Length;
}
});
async Task ProcessFileAsync(string filePath)
{
bool isInfected;
string md5HashString;
using (var md5 = MD5.Create())
{
using (var fileStream = File.OpenRead(filePath))
{
var md5Hash = await Task.Run(() => md5.ComputeHash(fileStream));
md5HashString = BitConverter.ToString(md5Hash).Replace("-", "").ToLowerInvariant();
isInfected = IsFileInfected(md5HashString);
}
}
var item = new ListViewItem(new[] { filePath, isInfected ? "Infected!" : "Clean!" });
if (isInfected)
{
item.ForeColor = Color.Red;
infectedWithFileNameList[filePath] = md5HashString;
// Check if the file is locked by another process
bool isFileLocked = IsFileLocked(filePath);
if (isFileLocked)
{
string processName = GetProcessNameOfFile(filePath);
if (!string.IsNullOrEmpty(processName))
{
KillProcessUsingTaskkill(processName);
}
}
}
else
{
item.ForeColor = Color.Green;
cleanWithFileNameList[filePath] = md5HashString;
}
progressBar1.Invoke(new Action(() => progressBar1.Increment(1)));
int progressPercentage = (int)(((double)progressBar1.Value / progressBar1.Maximum) * 100);
label10.Invoke(new Action(() => label10.Text = $"Scanning ({progressPercentage}%)"));
}
foreach (var kvp in infectedWithFileNameList)
{
listView1.Items.Add(new ListViewItem(new[] { kvp.Key, kvp.Value })).ForeColor = Color.Red;
}
foreach (var kvp in cleanWithFileNameList)
{
listView2.Items.Add(new ListViewItem(new[] { kvp.Key, kvp.Value })).ForeColor = Color.Green;
}
textBox5.Text = string.Join(Environment.NewLine, infectedWithFileNameList.Select(kvp => kvp.Value + " " + kvp.Key));
textBox6.Text = string.Join(Environment.NewLine, cleanWithFileNameList.Select(kvp => kvp.Value + " " + kvp.Key));
textBox3.Text = string.Join(Environment.NewLine, infectedWithFileNameList.Values);
textBox4.Text = string.Join(Environment.NewLine, cleanWithFileNameList.Values);
textBox7.Text = CalculateCombinedSHA256(infectedWithFileNameList.Keys.Concat(cleanWithFileNameList.Keys));
textBox1.Text = string.Join(Environment.NewLine, infectedWithFileNameList.Values);
textBox2.Text = string.Join(Environment.NewLine, infectedWithFileNameList.Keys.Concat(cleanWithFileNameList.Keys));
label10.Text = "Scan complete.";
if (infectedWithFileNameList.Count > 0)
{
IblStatus.Text = "Infected!";
IblStatus.ForeColor = Color.Red;
await AnimateInfectedLabel();
}
else
{
IblStatus.Text = "Clean!";
IblStatus.ForeColor = Color.Green;
}
}
}
Dil seçiminden kaynaklanan bir şey yok. Seninle alakalı bir durum. Shortcutları atlamanın yolu var. ".lnk" uzantısı varsa dosya yolunda, dosyayı taramamayı seçebilirsin. Yada gerekli yetkileri devralmayı öğrenebilirsin. Sonuçta her lnk uzantılı dosya gerçekten virüs olmayacak değil. Dosyanın adını static olarak işaretleyebilirsin özellikle taranmaması için. Yetkinin yetmediği dosyaları taramayı atlayabilirsin exception handling yaparak. Yani bilyon tane yol var. Sadece sen bilmiyorsun.
- Katılım
- 12 Mayıs 2016
- Mesajlar
- 1.555
- Çözümler
- 5
Tamam örnek kod ver bakayım.
