From e4410b1258cccf9c46e755c586d265539f28bbe6 Mon Sep 17 00:00:00 2001 From: 2Shirt <1923621+2Shirt@users.noreply.github.com> Date: Wed, 3 Oct 2018 16:19:42 -0600 Subject: [PATCH] Expanded Post-D7II Cleanup * Fixes issue #4 --- .bin/Scripts/functions/cleanup.py | 75 ++++++++++++++++++++++++------ .bin/Scripts/functions/common.py | 3 +- .bin/Scripts/functions/setup.py | 4 +- .bin/Scripts/post_d7.py | 2 +- .bin/Scripts/settings/launchers.py | 6 +++ 5 files changed, 73 insertions(+), 17 deletions(-) diff --git a/.bin/Scripts/functions/cleanup.py b/.bin/Scripts/functions/cleanup.py index f2986571..11c940aa 100644 --- a/.bin/Scripts/functions/cleanup.py +++ b/.bin/Scripts/functions/cleanup.py @@ -2,11 +2,29 @@ from functions.common import * +# STATIC VARIABLES +D7_HKCR_CLEANUP = { + r'batfile\shell\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}': {'Recurse': True}, + r'cmdfile\shell\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}': {'Recurse': True}, + r'exefile\shell\ResourceHacker': {'Recurse': True}, + r'regfile\shell\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}': {'Recurse': True}, + } +D7_HKCU_CLEANUP = { + r'Software\Malwarebytes': {'Recurse': False}, + } +D7_HKLM_CLEANUP = { + r'Software\Emsisoft': {'Recurse': False}, + } +HKU = winreg.HKEY_USERS +HKCR = winreg.HKEY_CLASSES_ROOT +HKCU = winreg.HKEY_CURRENT_USER +HKLM = winreg.HKEY_LOCAL_MACHINE + def cleanup_adwcleaner(): """Move AdwCleaner folders into the ClientDir.""" source_path = r'{SYSTEMDRIVE}\AdwCleaner'.format(**global_vars['Env']) source_quarantine = r'{}\Quarantine'.format(source_path) - + # Quarantine if os.path.exists(source_quarantine): os.makedirs(global_vars['QuarantineDir'], exist_ok=True) @@ -14,13 +32,13 @@ def cleanup_adwcleaner(): **global_vars) dest_name = non_clobber_rename(dest_name) shutil.move(source_quarantine, dest_name) - + # Delete source folder if empty try: os.rmdir(source_path) except OSError: pass - + # Main folder if os.path.exists(source_path): os.makedirs(global_vars['LogDir'], exist_ok=True) @@ -31,10 +49,10 @@ def cleanup_adwcleaner(): def cleanup_cbs(dest_folder): """Safely cleanup a known CBS archive bug under Windows 7. - + If a CbsPersist file is larger than 2 Gb then the auto archive feature continually fails and will fill up the system drive with temp files. - + This function moves the temp files and CbsPersist file to a temp folder, compresses the CbsPersist files with 7-Zip, and then opens the temp folder for the user to manually save the backup files and delete the temp files. @@ -43,7 +61,7 @@ def cleanup_cbs(dest_folder): temp_folder = r'{backup_folder}\Temp'.format(backup_folder=backup_folder) os.makedirs(backup_folder, exist_ok=True) os.makedirs(temp_folder, exist_ok=True) - + # Move files into temp folder cbs_path = r'{SYSTEMROOT}\Logs\CBS'.format(**global_vars['Env']) for entry in os.scandir(cbs_path): @@ -59,7 +77,7 @@ def cleanup_cbs(dest_folder): dest_name = r'{}\{}'.format(temp_folder, entry.name) dest_name = non_clobber_rename(dest_name) shutil.move(entry.path, dest_name) - + # Compress CbsPersist files with 7-Zip cmd = [ global_vars['Tools']['SevenZip'], @@ -73,7 +91,7 @@ def cleanup_d7ii(): d7_path = r'{}\d7II'.format(global_vars['ClientDir']) d7_reports = r'{}_Reports'.format(d7_path) d7_temp = r'{}\Temp'.format(d7_path) - + # Logs & Reports if os.path.exists(d7_reports): for entry in os.scandir(d7_reports): @@ -94,7 +112,7 @@ def cleanup_d7ii(): pass except OSError: pass - + # Malware Logs if os.path.exists(d7_mlogs): for m_entry in os.scandir(d7_mlogs): @@ -126,6 +144,14 @@ def cleanup_d7ii(): except OSError: pass + # Registry Items + for key, settings in D7_HKCR_CLEANUP.items(): + delete_registry_key(HKCR, key, recurse=settings['Recurse']) + for key, settings in D7_HKCU_CLEANUP.items(): + delete_registry_key(HKCU, key, recurse=settings['Recurse']) + for key, settings in D7_HKLM_CLEANUP.items(): + delete_registry_key(HKLM, key, recurse=settings['Recurse']) + # Temp items if os.path.exists(d7_path): if os.path.exists(d7_temp): @@ -139,7 +165,7 @@ def cleanup_desktop(): """Move known backup files and reports into the ClientDir.""" dest_folder = r'{ProgBackupDir}\{Date}\Desktop'.format(**global_vars) os.makedirs(dest_folder, exist_ok=True) - + desktop_path = r'{USERPROFILE}\Desktop'.format(**global_vars['Env']) for entry in os.scandir(desktop_path): # JRT, RKill, Shortcut cleaner @@ -147,7 +173,7 @@ def cleanup_desktop(): dest_name = r'{}\{}'.format(dest_folder, entry.name) dest_name = non_clobber_rename(dest_name) shutil.move(entry.path, dest_name) - + # Remove dir if empty try: os.rmdir(dest_folder) @@ -166,7 +192,7 @@ def cleanup_emsisoft(): **global_vars) dest_name = non_clobber_rename(dest_name) shutil.move(source_quarantine, dest_name) - + # Remove program if os.path.exists(source_path): shutil.rmtree(source_path) @@ -179,7 +205,7 @@ def cleanup_regbackups(): # Bail early if not os.path.exists(source_path): return - + # Move to backup folder for entry in os.scandir(source_path): os.makedirs(global_vars['ProgBackupDir'], exist_ok=True) @@ -188,7 +214,7 @@ def cleanup_regbackups(): **global_vars) dest_path = non_clobber_rename(dest_path) shutil.move(entry.path, dest_path) - + # Delete source folders if empty try: os.rmdir(source_path) @@ -196,6 +222,27 @@ def cleanup_regbackups(): except OSError: pass +def delete_registry_key(hive, key, recurse=False): + """Delete a registry key and all it's subkeys.""" + access = winreg.KEY_ALL_ACCESS + + if recurse: + # Delete all subkeys first + with winreg.OpenKeyEx(hive, key, 0, access) as k: + key_info = winreg.QueryInfoKey(k) + for x in range(key_info[0]): + subkey = r'{}\{}'.format(key, winreg.EnumKey(k, 0)) + delete_registry_key(hive, subkey) + + # Delete key + winreg.DeleteKey(hive, key) + +def delete_registry_value(hive, key, value): + """Delete a registry value.""" + access = winreg.KEY_ALL_ACCESS + with winreg.OpenKeyEx(hive, key, 0, access) as k: + winreg.DeleteValue(k, value) + if __name__ == '__main__': print("This file is not meant to be called directly.") diff --git a/.bin/Scripts/functions/common.py b/.bin/Scripts/functions/common.py index 66a5f727..e3c7ac97 100644 --- a/.bin/Scripts/functions/common.py +++ b/.bin/Scripts/functions/common.py @@ -32,7 +32,8 @@ COLORS = { 'BLUE': '\033[34m' } try: - HKU = winreg.HKEY_USERS + HKU = winreg.HKEY_USERS + HKCR = winreg.HKEY_CLASSES_ROOT HKCU = winreg.HKEY_CURRENT_USER HKLM = winreg.HKEY_LOCAL_MACHINE except NameError: diff --git a/.bin/Scripts/functions/setup.py b/.bin/Scripts/functions/setup.py index f2fee467..a33672d9 100644 --- a/.bin/Scripts/functions/setup.py +++ b/.bin/Scripts/functions/setup.py @@ -5,6 +5,8 @@ from functions.update import * from settings.sources import * # STATIC VARIABLES +HKU = winreg.HKEY_USERS +HKCR = winreg.HKEY_CLASSES_ROOT HKCU = winreg.HKEY_CURRENT_USER HKLM = winreg.HKEY_LOCAL_MACHINE MOZILLA_FIREFOX_UBO_PATH = r'{}\{}\ublock_origin.xpi'.format( @@ -208,7 +210,7 @@ def enable_system_restore(): '-Command', 'Enable-ComputerRestore', '-Drive', '{}\\'.format(global_vars['Env']['SYSTEMDRIVE'])] run_program(cmd) - + # Set disk usage cmd = [ r'{}\System32\vssadmin.exe'.format(global_vars['Env']['SYSTEMROOT']), diff --git a/.bin/Scripts/post_d7.py b/.bin/Scripts/post_d7.py index 1bdfc4f3..5f47cee7 100644 --- a/.bin/Scripts/post_d7.py +++ b/.bin/Scripts/post_d7.py @@ -11,7 +11,7 @@ from functions.cleanup import * from functions.setup import * init_global_vars() os.system('title {}: Post-d7II Work'.format(KIT_NAME_FULL)) -global_vars['LogFile'] = r'{LogDir}\User Checklist ({USERNAME}).log'.format( +global_vars['LogFile'] = r'{LogDir}\Post-d7II Work.log'.format( **global_vars, **global_vars['Env']) if __name__ == '__main__': diff --git a/.bin/Scripts/settings/launchers.py b/.bin/Scripts/settings/launchers.py index c43eb674..ddb3f132 100644 --- a/.bin/Scripts/settings/launchers.py +++ b/.bin/Scripts/settings/launchers.py @@ -19,6 +19,12 @@ LAUNCHERS = { 'L_ITEM': 'install_eset_nod32_av.py', 'L_ELEV': 'True', }, + 'Post-d7II Work': { + 'L_TYPE': 'PyScript', + 'L_PATH': 'Scripts', + 'L_ITEM': 'post_d7.py', + 'L_ELEV': 'True', + }, 'System Checklist': { 'L_TYPE': 'PyScript', 'L_PATH': 'Scripts',