2Shirt/WizardKit
2Shirt/WizardKit
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases 26 Packages Wiki Activity Actions
WizardKit/.bin/Scripts/functions/cleanup.py
2Shirt f1b3ffb483 Updated d7II cleanup for Windows 7
2018-10-07 14:31:01 -06:00

257 lines
9.2 KiB
Python
Raw Blame History

# Wizard Kit: Functions - Cleanup
from functions.common import *
# STATIC VARIABLES
D7_HKCR_CLEANUP = {
r'batfile\shell\!!RunWithParms': {'Recurse': True},
r'batfile\shell\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}': {'Recurse': True},
r'cmdfile\shell\!!RunWithParms': {'Recurse': True},
r'cmdfile\shell\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}': {'Recurse': True},
r'exefile\shell\!!RunWithParms': {'Recurse': True},
r'exefile\shell\ResourceHacker': {'Recurse': True},
r'regfile\shell\!!RunWithParms': {'Recurse': True},
r'regfile\shell\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}': {'Recurse': True},
}
D7_HKCU_CLEANUP = {
r'Software\Malwarebytes': {'Recurse': False},
}
D7_HKLM_CLEANUP = {
r'Software\Emsisoft': {'Recurse': False},
}
HKU = winreg.HKEY_USERS
HKCR = winreg.HKEY_CLASSES_ROOT
HKCU = winreg.HKEY_CURRENT_USER
HKLM = winreg.HKEY_LOCAL_MACHINE
def cleanup_adwcleaner():
"""Move AdwCleaner folders into the ClientDir."""
source_path = r'{SYSTEMDRIVE}\AdwCleaner'.format(**global_vars['Env'])
source_quarantine = r'{}\Quarantine'.format(source_path)
# Quarantine
if os.path.exists(source_quarantine):
os.makedirs(global_vars['QuarantineDir'], exist_ok=True)
dest_name = r'{QuarantineDir}\AdwCleaner_{Date-Time}'.format(
**global_vars)
dest_name = non_clobber_rename(dest_name)
shutil.move(source_quarantine, dest_name)
# Delete source folder if empty
try:
os.rmdir(source_path)
except OSError:
pass
# Main folder
if os.path.exists(source_path):
os.makedirs(global_vars['LogDir'], exist_ok=True)
dest_name = r'{LogDir}\{Date}\AdwCleaner'.format(
**global_vars)
dest_name = non_clobber_rename(dest_name)
shutil.move(source_path, dest_name)
def cleanup_cbs(dest_folder):
"""Safely cleanup a known CBS archive bug under Windows 7.
If a CbsPersist file is larger than 2 Gb then the auto archive feature
continually fails and will fill up the system drive with temp files.
This function moves the temp files and CbsPersist file to a temp folder,
compresses the CbsPersist files with 7-Zip, and then opens the temp folder
for the user to manually save the backup files and delete the temp files.
"""
backup_folder = r'{dest_folder}\CbsFix'.format(dest_folder=dest_folder)
temp_folder = r'{backup_folder}\Temp'.format(backup_folder=backup_folder)
os.makedirs(backup_folder, exist_ok=True)
os.makedirs(temp_folder, exist_ok=True)
# Move files into temp folder
cbs_path = r'{SYSTEMROOT}\Logs\CBS'.format(**global_vars['Env'])
for entry in os.scandir(cbs_path):
# CbsPersist files
if entry.name.lower().startswith('cbspersist'):
dest_name = r'{}\{}'.format(temp_folder, entry.name)
dest_name = non_clobber_rename(dest_name)
shutil.move(entry.path, dest_name)
temp_path = r'{SYSTEMROOT}\Temp'.format(**global_vars['Env'])
for entry in os.scandir(temp_path):
# cab_ files
if entry.name.lower().startswith('cab_'):
dest_name = r'{}\{}'.format(temp_folder, entry.name)
dest_name = non_clobber_rename(dest_name)
shutil.move(entry.path, dest_name)
# Compress CbsPersist files with 7-Zip
cmd = [
global_vars['Tools']['SevenZip'],
'a', '-t7z', '-mx=3', '-bso0', '-bse0',
r'{}\CbsPersists.7z'.format(backup_folder),
r'{}\CbsPersist*'.format(temp_folder)]
run_program(cmd)
def cleanup_d7ii():
"""Sort d7II logs and remove temp items."""
d7_path = r'{}\d7II'.format(global_vars['ClientDir'])
d7_reports = r'{}_Reports'.format(d7_path)
d7_temp = r'{}\Temp'.format(d7_path)
# Logs & Reports
if os.path.exists(d7_reports):
for entry in os.scandir(d7_reports):
r = re.match(r'(\d+)-(\d+)-(\d+)', entry.name)
d7_date = '{}-{:02d}-{:02d}'.format(
r.group(1), int(r.group(2)), int(r.group(3)))
d7_mlogs = r'{}\Malware Logs'.format(entry.path)
log_dest = r'{SYSTEMDRIVE}\{prefix}\Info\{date}'.format(
prefix=KIT_NAME_SHORT,
date=d7_date,
**global_vars['Env'])
# Remove empty folders
for f in ('Malware Logs', 'Screen Shots'):
try:
os.rmdir(r'{}\{}'.format(entry.path, f))
except FileNotFoundError:
pass
except OSError:
pass
# Malware Logs
if os.path.exists(d7_mlogs):
for m_entry in os.scandir(d7_mlogs):
prefix = ''
if m_entry.name == 'MalwareScan_Report.txt':
prefix = 'd7II_'
dest_path = r'{log_dest}\{prefix}{name}'.format(
log_dest=log_dest,
prefix=prefix,
name=m_entry.name)
dest_path = non_clobber_rename(dest_path)
shutil.move(entry.path, dest_path)
try:
os.rmdir(d7_mlogs)
except OSError:
pass
# Other items
for o_entry in os.scandir(entry.path):
dest_path = r'{log_dest}\d7II_{name}'.format(
log_dest=log_dest,
name=m_entry.name)
dest_path = non_clobber_rename(dest_path)
shutil.move(entry.path, dest_path)
# Remove folder if empty
try:
os.rmdir(entry.path)
except OSError:
pass
# Registry Items
for key, settings in D7_HKCR_CLEANUP.items():
delete_registry_key(HKCR, key, recurse=settings['Recurse'])
for key, settings in D7_HKCU_CLEANUP.items():
delete_registry_key(HKCU, key, recurse=settings['Recurse'])
for key, settings in D7_HKLM_CLEANUP.items():
delete_registry_key(HKLM, key, recurse=settings['Recurse'])
# Temp items
if os.path.exists(d7_path):
if os.path.exists(d7_temp):
shutil.rmtree(d7_temp)
try:
os.rmdir(d7_path)
except OSError:
pass
def cleanup_desktop():
"""Move known backup files and reports into the ClientDir."""
dest_folder = r'{ProgBackupDir}\{Date}\Desktop'.format(**global_vars)
os.makedirs(dest_folder, exist_ok=True)
desktop_path = r'{USERPROFILE}\Desktop'.format(**global_vars['Env'])
for entry in os.scandir(desktop_path):
# JRT, RKill, Shortcut cleaner
if re.search(r'^(JRT|RKill|sc-cleaner)', entry.name, re.IGNORECASE):
dest_name = r'{}\{}'.format(dest_folder, entry.name)
dest_name = non_clobber_rename(dest_name)
shutil.move(entry.path, dest_name)
# Remove dir if empty
try:
os.rmdir(dest_folder)
except OSError:
pass
def cleanup_emsisoft():
"""Remove EmsisoftCmd files from drive root."""
source_path = r'{}\EmsisoftCmd'.format(global_vars['Env']['SYSTEMDRIVE'])
source_quarantine = r'{}\Quarantine'.format(source_path)
# Quarantine
if os.path.exists(source_quarantine):
os.makedirs(global_vars['QuarantineDir'], exist_ok=True)
dest_name = r'{QuarantineDir}\Emsisoft_{Date-Time}'.format(
**global_vars)
dest_name = non_clobber_rename(dest_name)
shutil.move(source_quarantine, dest_name)
# Remove program
if os.path.exists(source_path):
shutil.rmtree(source_path)
def cleanup_regbackups():
"""Move d7ii regbackups into backup folder."""
source_path = r'{}\Support\RegBackups'.format(
global_vars['Env']['SYSTEMDRIVE'])
# Bail early
if not os.path.exists(source_path):
return
# Move to backup folder
for entry in os.scandir(source_path):
os.makedirs(global_vars['ProgBackupDir'], exist_ok=True)
dest_path = r'{ProgBackupDir}\{Date}\Registry\{name}'.format(
name=entry.name,
**global_vars)
dest_path = non_clobber_rename(dest_path)
shutil.move(entry.path, dest_path)
# Delete source folders if empty
try:
os.rmdir(source_path)
os.rmdir(r'{}\Support'.format(global_vars['Env']['SYSTEMDRIVE']))
except OSError:
pass
def delete_registry_key(hive, key, recurse=False):
"""Delete a registry key and all it's subkeys."""
access = winreg.KEY_ALL_ACCESS
try:
if recurse:
# Delete all subkeys first
with winreg.OpenKeyEx(hive, key, 0, access) as k:
key_info = winreg.QueryInfoKey(k)
for x in range(key_info[0]):
subkey = r'{}\{}'.format(key, winreg.EnumKey(k, 0))
delete_registry_key(hive, subkey)
# Delete key
winreg.DeleteKey(hive, key)
except FileNotFoundError:
# Ignore
pass
def delete_registry_value(hive, key, value):
"""Delete a registry value."""
access = winreg.KEY_ALL_ACCESS
with winreg.OpenKeyEx(hive, key, 0, access) as k:
winreg.DeleteValue(k, value)
if __name__ == '__main__':
print("This file is not meant to be called directly.")
# vim: sts=4 sw=4 ts=4
Reference in a new issue View git blame Copy permalink