Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 3f5682c

Browse filesBrowse files
x4nth055x4nth055
committed
add removing persistent malware tutorial
1 parent 72dc592 commit 3f5682c
Copy full SHA for 3f5682c

File tree

Expand file treeCollapse file tree

3 files changed

+120
-0
lines changed
Filter options
Expand file treeCollapse file tree

3 files changed

+120
-0
lines changed

‎README.md

Copy file name to clipboardExpand all lines: README.md
+1Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -67,6 +67,7 @@ This is a repository of all the tutorials of [The Python Code](https://www.thepy
6767
- [How to Build Spyware in Python](https://thepythoncode.com/article/how-to-build-spyware-in-python). ([code](ethical-hacking/spyware))
6868
- [How to Exploit Command Injection Vulnerabilities in Python](https://thepythoncode.com/article/how-to-exploit-command-injection-vulnerabilities-in-python). ([code](ethical-hacking/exploit-command-injection))
6969
- [How to Make Malware Persistent in Python](https://thepythoncode.com/article/how-to-create-malware-persistent-in-python). ([code](ethical-hacking/persistent-malware))
70+
- [How to Remove Persistent Malware in Python](https://thepythoncode.com/article/removingg-persistent-malware-in-python). ([code](ethical-hacking/remove-persistent-malware))
7071

7172
- ### [Machine Learning](https://www.thepythoncode.com/topic/machine-learning)
7273
- ### [Natural Language Processing](https://www.thepythoncode.com/topic/nlp)

‎ethical-hacking/remove-persistent-malware/README.md

Copy file name to clipboard
+1Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
# [How to Remove Persistent Malware in Python](https://thepythoncode.com/article/removingg-persistent-malware-in-python)

‎ethical-hacking/remove-persistent-malware/remove_persistent_malware.py

Copy file name to clipboard
+118Lines changed: 118 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,118 @@
1+
import os
2+
import platform
3+
import subprocess
4+
import tempfile
5+
6+
# Windows-specific imports
7+
if platform.system() == "Windows":
8+
import winreg
9+
10+
# Get Windows start-up entries and display
11+
def list_windows_startup_entries():
12+
key = winreg.OpenKey(winreg.HKEY_CURRENT_USER, r"Software\Microsoft\Windows\CurrentVersion\Run")
13+
entries = []
14+
try:
15+
i = 0
16+
while True:
17+
entry_name, entry_value, entry_type = winreg.EnumValue(key, i)
18+
entries.append((i + 1, entry_name, entry_value))
19+
i += 1
20+
except OSError:
21+
pass
22+
winreg.CloseKey(key)
23+
return entries
24+
25+
# Remove Windows start-up entries
26+
def remove_windows_startup_entry(index, entries):
27+
key = winreg.OpenKey(winreg.HKEY_CURRENT_USER, r"Software\Microsoft\Windows\CurrentVersion\Run", 0, winreg.KEY_SET_VALUE)
28+
try:
29+
entry_name, entry_value = entries[index - 1][1], entries[index - 1][2]
30+
winreg.DeleteValue(key, entry_name)
31+
print(f"[+] Entry {entry_name} has been removed successfully.")
32+
33+
if os.path.isfile(entry_value):
34+
os.remove(entry_value)
35+
print(f"[+] File '{entry_value}' has been deleted successfully.")
36+
else:
37+
print(f"[-] File '{entry_value}' not found or unable to delete.")
38+
except IndexError:
39+
print("[-] Invalid entry index.")
40+
except OSError as e:
41+
print(f"[-] Error removing entry: {e}")
42+
finally:
43+
winreg.CloseKey(key)
44+
45+
# Get the cron tab entries
46+
def list_linux_crontab_entries():
47+
try:
48+
output = subprocess.check_output(["crontab", "-l"], stderr=subprocess.STDOUT).decode('utf-8').strip()
49+
if output:
50+
entries = output.split("\n")
51+
return [(i + 1, entry) for i, entry in enumerate(entries)]
52+
else:
53+
return []
54+
except subprocess.CalledProcessError as e:
55+
if "no crontab" in e.output.decode('utf-8'):
56+
return []
57+
else:
58+
raise
59+
60+
def remove_linux_crontab_entry(index, entries):
61+
try:
62+
entry = entries[index - 1][1]
63+
all_entries = [e[1] for e in entries if e[1] != entry]
64+
65+
with tempfile.NamedTemporaryFile(delete=False) as tmp_file:
66+
tmp_file.write("\n".join(all_entries).encode('utf-8'))
67+
tmp_file.write(b"\n")
68+
tmp_file_path = tmp_file.name
69+
70+
subprocess.check_output(["crontab", tmp_file_path], stderr=subprocess.STDOUT)
71+
os.unlink(tmp_file_path)
72+
print(f"[+] Entry '{entry}' has been removed successfully.")
73+
except IndexError:
74+
print("[-] Invalid entry index.")
75+
except Exception as e:
76+
print(f"[-] Error removing crontab entry: {e}")
77+
78+
def main():
79+
os_name = platform.system()
80+
if os_name == "Windows":
81+
entries = list_windows_startup_entries()
82+
if not entries:
83+
print("[-] No startup entries found.")
84+
else:
85+
print("[+] Startup entries:")
86+
for index, name, value in entries:
87+
print(f"{index}. {name}: {value}")
88+
89+
print("\n")
90+
choice = int(input("[!] Enter the number of the entry you want to remove (0 to exit): "))
91+
if choice == 0:
92+
return
93+
elif 0 < choice <= len(entries):
94+
remove_windows_startup_entry(choice, entries)
95+
else:
96+
print("[-] Invalid choice.")
97+
elif os_name == "Linux":
98+
entries = list_linux_crontab_entries()
99+
if not entries:
100+
print("[-] No crontab entries found.")
101+
else:
102+
print("[+] Crontab entries:")
103+
for index, entry in entries:
104+
print(f"{index}. {entry}")
105+
106+
print("\n")
107+
choice = int(input("[!] Enter the number of the entry you want to remove (0 to exit): "))
108+
if choice == 0:
109+
return
110+
elif 0 < choice <= len(entries):
111+
remove_linux_crontab_entry(choice, entries)
112+
else:
113+
print("[-] Invalid choice.")
114+
else:
115+
print(f"[-] Unsupported operating system: {os_name}")
116+
117+
if __name__ == "__main__":
118+
main()

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.