-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathscrapeFRST.bat
112 lines (104 loc) · 6.39 KB
/
scrapeFRST.bat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
:: Scrape FRST.txt and Addition.txt for pertinent data
:: Created by Furtivex
@ECHO OFF
@SETLOCAL
@PROMPT #
SET "downloads=C:\Users\d1savow3d\Downloads"
IF EXIST "%TEMP%\ClipboardFinal.txt" DEL /F/Q "%TEMP%\ClipboardFinal.txt" >NUL 2>&1
DIR /B/S/A:-D "%downloads%\FRST*.txt" 2>NUL>"%TEMP%\clipboard00"
DIR /B/S/A:-D "%downloads%\Addition*.txt" 2>NUL>>"%TEMP%\clipboard00"
DIR /B/S/A:-D "%downloads%\Fixlog*.txt" 2>NUL>>"%TEMP%\clipboard00"
DIR /B/S/A:-D "%downloads%\Fixlist*.txt" 2>NUL>>"%TEMP%\clipboard00"
IF EXIST "%TEMP%\ClipboardFinal.txt" DEL /F/Q "%TEMP%\ClipboardFinal.txt"
FOR /F "TOKENS=*" %%G IN ( %TEMP%\clipboard00 ) DO @(
TYPE "%%G">>"%TEMP%\Clipboard01"
)
GREP -Eis "detected!|\[X\]|== (ATTENTION|Cyrillic)|AlternateDataStreams|\\StartupApproved\\|\\MountPoints|\(?No File\)?|no ImagePath|ATTENTION:|zero byte File|not found" <"%TEMP%\Clipboard01" >"%TEMP%\Clipboard02"
GREP -Pis "(Page|URL) =\s+?$|grubx64\.efi|\{[A-F0-9]{8}-[A-F0-9]{4}-[A-F0-9]{4}-[A-F0-9]{4}-[A-F0-9]{12}\}] -\> $" <"%TEMP%\Clipboard01" >>"%TEMP%\Clipboard02"
GREP -Eis "\[File not signed\]|000000000 __SHD" <"%TEMP%\Clipboard01" >"%TEMP%\Clipboard05"
SORT_ -f -u <"%TEMP%\Clipboard02" >"%TEMP%\Clipboard03"
SORT_ -f -u <"%TEMP%\Clipboard05" >"%TEMP%\Clipboard06"
ECHO.Start::>"%TEMP%\ClipboardFinal.txt"
ECHO.SystemRestore: On>>"%TEMP%\ClipboardFinal.txt"
ECHO.CreateRestorePoint:>>"%TEMP%\ClipboardFinal.txt"
ECHO.>>"%TEMP%\ClipboardFinal.txt"
TYPE "%TEMP%\Clipboard03">>"%TEMP%\ClipboardFinal.txt"
ECHO.>>"%TEMP%\ClipboardFinal.txt"
ECHO.>>"%TEMP%\ClipboardFinal.txt"
ECHO.Removeproxy:>>"%TEMP%\ClipboardFinal.txt"
ECHO.Hosts:>>"%TEMP%\ClipboardFinal.txt"
ECHO.>>"%TEMP%\ClipboardFinal.txt"
ECHO.StartBatch:>>"%TEMP%\ClipboardFinal.txt"
ECHO.cd %ProgramFiles%\Windows Defender>>"%TEMP%\ClipboardFinal.txt"
ECHO.MpCmdRun.exe -removedefinitions -dynamicsignatures>>"%TEMP%\ClipboardFinal.txt"
ECHO.MpCmdRun.exe -SignatureUpdate>>"%TEMP%\ClipboardFinal.txt"
ECHO.EndBatch:>>"%TEMP%\ClipboardFinal.txt"
ECHO.>>"%TEMP%\ClipboardFinal.txt"
ECHO.>>"%TEMP%\ClipboardFinal.txt"
ECHO.CMD: netsh winsock reset catalog>>"%TEMP%\ClipboardFinal.txt"
ECHO.CMD: netsh int ip reset resetlog.txt>>"%TEMP%\ClipboardFinal.txt"
ECHO.CMD: reg export HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules C:\FirewallBackup.reg>>"%TEMP%\ClipboardFinal.txt"
ECHO.C:\FirewallBackup.reg>>"%TEMP%\ClipboardFinal.txt"
ECHO.CMD: netsh advfirewall reset>>"%TEMP%\ClipboardFinal.txt"
ECHO.CMD: netsh advfirewall set allprofiles state ON>>"%TEMP%\ClipboardFinal.txt"
ECHO.CMD: bitsadmin /reset /allusers>>"%TEMP%\ClipboardFinal.txt"
ECHO.CMD: ipconfig /flushdns>>"%TEMP%\ClipboardFinal.txt"
ECHO.>>"%TEMP%\ClipboardFinal.txt"
ECHO.>>"%TEMP%\ClipboardFinal.txt"
ECHO.StartPowerShell:>>"%TEMP%\ClipboardFinal.txt"
ECHO.Write-Output "PowerShell run 1">>"%TEMP%\ClipboardFinal.txt"
ECHO.# Function to create a new firewall rule if it does not exist. Credits AdvancedSetup>>"%TEMP%\ClipboardFinal.txt"
ECHO.$ruleNameTCP = "Block Inb TCP">>"%TEMP%\ClipboardFinal.txt"
ECHO.$ruleNameUDP = "Block Inb UDP">>"%TEMP%\ClipboardFinal.txt"
ECHO.$tcpPorts = "135-139","445","1234","3389","5555","9034" # TCP ports and ranges as an array>>"%TEMP%\ClipboardFinal.txt"
ECHO.$udpPorts = "135-139","445","1234","3389","5555","9034" # UDP ports and ranges as an array>>"%TEMP%\ClipboardFinal.txt"
ECHO.>>"%TEMP%\ClipboardFinal.txt"
ECHO.function Create-FirewallRule {>>"%TEMP%\ClipboardFinal.txt"
ECHO. param ^(>>"%TEMP%\ClipboardFinal.txt"
ECHO. [string]$ruleName,>>"%TEMP%\ClipboardFinal.txt"
ECHO. [string[]]$ports, # Accepts an array of ports>>"%TEMP%\ClipboardFinal.txt"
ECHO. [string]$protocol>>"%TEMP%\ClipboardFinal.txt"
ECHO. ^)>>"%TEMP%\ClipboardFinal.txt"
ECHO.>>"%TEMP%\ClipboardFinal.txt"
ECHO. # Check if the rule already exists>>"%TEMP%\ClipboardFinal.txt"
ECHO. if ^(-not ^(Get-NetFirewallRule -DisplayName $ruleName -ErrorAction SilentlyContinue^)^) {>>"%TEMP%\ClipboardFinal.txt"
ECHO. try {>>"%TEMP%\ClipboardFinal.txt"
ECHO. # Try to create the new firewall rule>>"%TEMP%\ClipboardFinal.txt"
ECHO. New-NetFirewallRule -DisplayName $ruleName -Direction Inbound -LocalPort $ports -Protocol $protocol -Action Block>>"%TEMP%\ClipboardFinal.txt"
ECHO. Write-Host "Created rule '$ruleName'.">>"%TEMP%\ClipboardFinal.txt"
ECHO. } catch {>>"%TEMP%\ClipboardFinal.txt"
ECHO. Write-Error "Failed to create rule '$ruleName': $_">>"%TEMP%\ClipboardFinal.txt"
ECHO. }>>"%TEMP%\ClipboardFinal.txt"
ECHO. } else {>>"%TEMP%\ClipboardFinal.txt"
ECHO. Write-Host "Rule '$ruleName' already exists.">>"%TEMP%\ClipboardFinal.txt"
ECHO. }>>"%TEMP%\ClipboardFinal.txt"
ECHO.}>>"%TEMP%\ClipboardFinal.txt"
ECHO.# Create the TCP firewall rule to add additional blocking>>"%TEMP%\ClipboardFinal.txt"
ECHO.Create-FirewallRule -ruleName $ruleNameTCP -ports $tcpPorts -protocol TCP>>"%TEMP%\ClipboardFinal.txt"
ECHO.# Create the UDP firewall rule to add additional blocking>>"%TEMP%\ClipboardFinal.txt"
ECHO.Create-FirewallRule -ruleName $ruleNameUDP -ports $udpPorts -protocol UDP>>"%TEMP%\ClipboardFinal.txt"
ECHO.Stop-Transcript>>"%TEMP%\ClipboardFinal.txt"
ECHO.EndPowerShell:>>"%TEMP%\ClipboardFinal.txt"
ECHO.>>"%TEMP%\ClipboardFinal.txt"
ECHO.>>"%TEMP%\ClipboardFinal.txt"
ECHO.EmptyEventLogs:>>"%TEMP%\ClipboardFinal.txt"
ECHO.CMD: DIR /B/S/A:-D ^<LOOK IN HERE^>>>"%TEMP%\ClipboardFinal.txt"
ECHO.CMD: DISM /Online /Cleanup-image /Restorehealth>>"%TEMP%\ClipboardFinal.txt"
ECHO.CMD: sfc /scannow>>"%TEMP%\ClipboardFinal.txt"
ECHO.CMD: ECHO Y^|chkdsk c: /f /r>>"%TEMP%\ClipboardFinal.txt"
ECHO.ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions>>"%TEMP%\ClipboardFinal.txt"
ECHO.StartPowershell:>>"%TEMP%\ClipboardFinal.txt"
ECHO.Remove-MpPreference -ExclusionPath "C:\ProgramData\WindowsTask\AMD.exe">>"%TEMP%\ClipboardFinal.txt"
ECHO.Remove-MpPreference -ExclusionPath "C:\ProgramData">>"%TEMP%\ClipboardFinal.txt"
ECHO.EndPowerShell:>>"%TEMP%\ClipboardFinal.txt"
ECHO.>>"%TEMP%\ClipboardFinal.txt"
ECHO.>>"%TEMP%\ClipboardFinal.txt"
ECHO.Emptytemp:>>"%TEMP%\ClipboardFinal.txt"
ECHO.End::>>"%TEMP%\ClipboardFinal.txt"
ECHO.>>"%TEMP%\ClipboardFinal.txt"
ECHO.>>"%TEMP%\ClipboardFinal.txt"
ECHO.>>"%TEMP%\ClipboardFinal.txt"
ECHO.>>"%TEMP%\ClipboardFinal.txt"
TYPE "%TEMP%\Clipboard06">>"%TEMP%\ClipboardFinal.txt"
"C:\Program Files\Notepad2\Notepad2.exe" "%TEMP%\ClipboardFinal.txt"
DEL /F/Q "%TEMP%\Clipboard0?" >NUL 2>&1