rootkit problem

Here's the vbs code for the basic script. Temp1.txt should be a 'dir /s > temp1.txt' command from C:\> on the infected computer. Temp2.txt is similar, but ran from a clean computer on the infected drive.

Code: 
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objShell = CreateObject("Wscript.Shell")

Const ForReading = 1
Const ForWriting = 2
inputfile1 = "C:\scripts\temp1.txt"
inputfile2 = "C:\scripts\temp2.txt"
outputfile = "C:\scripts\temp3.txt"

Set objInpFile1 = objFSO.OpenTextFile(inputfile1, ForReading)
Set objInpFile2 = objFSO.OpenTextFile(inputfile2, ForReading)


DIM arrayFile1()
DIM arrayFile2()

	
i = 0

Do Until objInpFile1.AtEndOfStream
	REDIM PRESERVE arrayFile1(i)
	arrayFile1(i) = objInpFile1.ReadLine
	i = i + 1
Loop

objInpFile1.close
Set objInpFile1 = NOTHING	

i = 0

Do Until objInpFile2.AtEndOfStream
	REDIM PRESERVE arrayFile2(i)
	arrayFile2(i) = objInpFile2.ReadLine
	i = i + 1
Loop

objInpFile2.close
Set objInpFile2 = NOTHING

Set objOutFile = objFSO.CreateTextFile(outputfile, ForWriting)

FOR x = 0 to Ubound(arrayFile2)
	inBoth = FALSE
	FOR y = 0 to Ubound(arrayFile1)
		IF arrayFile1(y) = arrayFile2(x) THEN
			inBoth = TRUE
		END IF
	NEXT
	
	IF inBoth = FALSE THEN
		objOutFile.Write arrayFile2(x) & vbCrLf
	END IF
NEXT

objOutFile.close
 
You must log in or register to reply here.

Similar threads

nlinecomputers
Mac External Drive weirdness or bad drive?
Replies
8
Views
2K
brandonkick
B
D
Can't connect to ANY websites, Can ping just fine, strangest problem I've ever seen!
2 3
Replies
42
Views
9K
nextechinc
N
A
Windows 10 no network adapter
Replies
5
Views
789
alexsmith2709
A
RetiredGuy1000
Interesting article on the changing role of the computer repairman
2
Replies
31
Views
6K
Sky-Knight
Sky-Knight
cyde_ePhex
Dell Optiplex 960 update issue - please help
Replies
1
Views
1K
johnrobert
johnrobert
Back
Top