2Shirt
9c1c8b90be
* Renamed d7_firefox_fix.py to post_d7.py * This will include all items that need to be run outside d7II
202 lines
7.2 KiB
Python
202 lines
7.2 KiB
Python
# Wizard Kit: Functions - Cleanup
|
|
|
|
from functions.common import *
|
|
|
|
def cleanup_adwcleaner():
|
|
"""Move AdwCleaner folders into the ClientDir."""
|
|
source_path = r'{SYSTEMDRIVE}\AdwCleaner'.format(**global_vars['Env'])
|
|
source_quarantine = r'{}\Quarantine'.format(source_path)
|
|
|
|
# Quarantine
|
|
if os.path.exists(source_quarantine):
|
|
os.makedirs(global_vars['QuarantineDir'], exist_ok=True)
|
|
dest_name = r'{QuarantineDir}\AdwCleaner_{Date-Time}'.format(
|
|
**global_vars)
|
|
dest_name = non_clobber_rename(dest_name)
|
|
shutil.move(source_quarantine, dest_name)
|
|
|
|
# Delete source folder if empty
|
|
try:
|
|
os.rmdir(source_path)
|
|
except OSError:
|
|
pass
|
|
|
|
# Main folder
|
|
if os.path.exists(source_path):
|
|
os.makedirs(global_vars['LogDir'], exist_ok=True)
|
|
dest_name = r'{LogDir}\{Date}\AdwCleaner'.format(
|
|
**global_vars)
|
|
dest_name = non_clobber_rename(dest_name)
|
|
shutil.move(source_path, dest_name)
|
|
|
|
def cleanup_cbs(dest_folder):
|
|
"""Safely cleanup a known CBS archive bug under Windows 7.
|
|
|
|
If a CbsPersist file is larger than 2 Gb then the auto archive feature
|
|
continually fails and will fill up the system drive with temp files.
|
|
|
|
This function moves the temp files and CbsPersist file to a temp folder,
|
|
compresses the CbsPersist files with 7-Zip, and then opens the temp folder
|
|
for the user to manually save the backup files and delete the temp files.
|
|
"""
|
|
backup_folder = r'{dest_folder}\CbsFix'.format(dest_folder=dest_folder)
|
|
temp_folder = r'{backup_folder}\Temp'.format(backup_folder=backup_folder)
|
|
os.makedirs(backup_folder, exist_ok=True)
|
|
os.makedirs(temp_folder, exist_ok=True)
|
|
|
|
# Move files into temp folder
|
|
cbs_path = r'{SYSTEMROOT}\Logs\CBS'.format(**global_vars['Env'])
|
|
for entry in os.scandir(cbs_path):
|
|
# CbsPersist files
|
|
if entry.name.lower().startswith('cbspersist'):
|
|
dest_name = r'{}\{}'.format(temp_folder, entry.name)
|
|
dest_name = non_clobber_rename(dest_name)
|
|
shutil.move(entry.path, dest_name)
|
|
temp_path = r'{SYSTEMROOT}\Temp'.format(**global_vars['Env'])
|
|
for entry in os.scandir(temp_path):
|
|
# cab_ files
|
|
if entry.name.lower().startswith('cab_'):
|
|
dest_name = r'{}\{}'.format(temp_folder, entry.name)
|
|
dest_name = non_clobber_rename(dest_name)
|
|
shutil.move(entry.path, dest_name)
|
|
|
|
# Compress CbsPersist files with 7-Zip
|
|
cmd = [
|
|
global_vars['Tools']['SevenZip'],
|
|
'a', '-t7z', '-mx=3', '-bso0', '-bse0',
|
|
r'{}\CbsPersists.7z'.format(backup_folder),
|
|
r'{}\CbsPersist*'.format(temp_folder)]
|
|
run_program(cmd)
|
|
|
|
def cleanup_d7ii():
|
|
"""Sort d7II logs and remove temp items."""
|
|
d7_path = r'{}\d7II'.format(global_vars['ClientDir'])
|
|
d7_reports = r'{}_Reports'.format(d7_path)
|
|
d7_temp = r'{}\Temp'.format(d7_path)
|
|
|
|
# Logs & Reports
|
|
if os.path.exists(d7_reports):
|
|
for entry in os.scandir(d7_reports):
|
|
r = re.match(r'(\d+)-(\d+)-(\d+)', entry.name)
|
|
d7_date = '{}-{:02d}-{:02d}'.format(
|
|
r.group(1), int(r.group(2)), int(r.group(3)))
|
|
d7_mlogs = r'{}\Malware Logs'.format(entry.path)
|
|
log_dest = r'{SYSTEMDRIVE}\{prefix}\Info\{date}'.format(
|
|
prefix=KIT_NAME_SHORT,
|
|
date=d7_date,
|
|
**global_vars['Env'])
|
|
|
|
# Remove empty folders
|
|
for f in ('Malware Logs', 'Screen Shots'):
|
|
try:
|
|
os.rmdir(r'{}\{}'.format(entry.path, f))
|
|
except FileNotFoundError:
|
|
pass
|
|
except OSError:
|
|
pass
|
|
|
|
# Malware Logs
|
|
if os.path.exists(d7_mlogs):
|
|
for m_entry in os.scandir(d7_mlogs):
|
|
prefix = ''
|
|
if m_entry.name == 'MalwareScan_Report.txt':
|
|
prefix = 'd7II_'
|
|
dest_path = r'{log_dest}\{prefix}{name}'.format(
|
|
log_dest=log_dest,
|
|
prefix=prefix,
|
|
name=m_entry.name)
|
|
dest_path = non_clobber_rename(dest_path)
|
|
shutil.move(entry.path, dest_path)
|
|
try:
|
|
os.rmdir(d7_mlogs)
|
|
except OSError:
|
|
pass
|
|
|
|
# Other items
|
|
for o_entry in os.scandir(entry.path):
|
|
dest_path = r'{log_dest}\d7II_{name}'.format(
|
|
log_dest=log_dest,
|
|
name=m_entry.name)
|
|
dest_path = non_clobber_rename(dest_path)
|
|
shutil.move(entry.path, dest_path)
|
|
|
|
# Remove folder if empty
|
|
try:
|
|
os.rmdir(entry.path)
|
|
except OSError:
|
|
pass
|
|
|
|
# Temp items
|
|
if os.path.exists(d7_path):
|
|
if os.path.exists(d7_temp):
|
|
shutil.rmtree(d7_temp)
|
|
try:
|
|
os.rmdir(d7_path)
|
|
except OSError:
|
|
pass
|
|
|
|
def cleanup_desktop():
|
|
"""Move known backup files and reports into the ClientDir."""
|
|
dest_folder = r'{ProgBackupDir}\{Date}\Desktop'.format(**global_vars)
|
|
os.makedirs(dest_folder, exist_ok=True)
|
|
|
|
desktop_path = r'{USERPROFILE}\Desktop'.format(**global_vars['Env'])
|
|
for entry in os.scandir(desktop_path):
|
|
# JRT, RKill, Shortcut cleaner
|
|
if re.search(r'^(JRT|RKill|sc-cleaner)', entry.name, re.IGNORECASE):
|
|
dest_name = r'{}\{}'.format(dest_folder, entry.name)
|
|
dest_name = non_clobber_rename(dest_name)
|
|
shutil.move(entry.path, dest_name)
|
|
|
|
# Remove dir if empty
|
|
try:
|
|
os.rmdir(dest_folder)
|
|
except OSError:
|
|
pass
|
|
|
|
def cleanup_emsisoft():
|
|
"""Remove EmsisoftCmd files from drive root."""
|
|
source_path = r'{}\EmsisoftCmd'.format(global_vars['Env']['SYSTEMDRIVE'])
|
|
source_quarantine = r'{}\Quarantine'.format(source_path)
|
|
|
|
# Quarantine
|
|
if os.path.exists(source_quarantine):
|
|
os.makedirs(global_vars['QuarantineDir'], exist_ok=True)
|
|
dest_name = r'{QuarantineDir}\Emsisoft_{Date-Time}'.format(
|
|
**global_vars)
|
|
dest_name = non_clobber_rename(dest_name)
|
|
shutil.move(source_quarantine, dest_name)
|
|
|
|
# Remove program
|
|
if os.path.exists(source_path):
|
|
shutil.rmtree(source_path)
|
|
|
|
def cleanup_regbackups():
|
|
"""Move d7ii regbackups into backup folder."""
|
|
source_path = r'{}\Support\RegBackups'.format(
|
|
global_vars['Env']['SYSTEMDRIVE'])
|
|
|
|
# Bail early
|
|
if not os.path.exists(source_path):
|
|
return
|
|
|
|
# Move to backup folder
|
|
for entry in os.scandir(source_path):
|
|
os.makedirs(global_vars['ProgBackupDir'], exist_ok=True)
|
|
dest_path = r'{ProgBackupDir}\{Date}\Registry\{name}'.format(
|
|
name=entry.name,
|
|
**global_vars)
|
|
dest_path = non_clobber_rename(dest_path)
|
|
shutil.move(entry.path, dest_path)
|
|
|
|
# Delete source folders if empty
|
|
try:
|
|
os.rmdir(source_path)
|
|
os.rmdir(r'{}\Support'.format(global_vars['Env']['SYSTEMDRIVE']))
|
|
except OSError:
|
|
pass
|
|
|
|
if __name__ == '__main__':
|
|
print("This file is not meant to be called directly.")
|
|
|
|
# vim: sts=4 sw=4 ts=4
|