I want to remove a part of this code: set hash=certutil -hashfile %%A MD5. I mean that I need to remove MD5 hash of cmd.exe: and CertUtil: -hashfile command completed successfully. from the
output of this code.
my full code ( it is an antivirus but not complete yet... ):
For /f "tokens=*" %%A in ('dir /b /s') do (
set hash=certutil -hashfile %%A MD5
findstr %hash% C:\Users\Sepehr\Desktop\data.txt && (
echo %%A is Infected!
echo Deleting %%A
del /f /q %%A
) || (
echo %%A is Clean!
)
)
pause
No idea how to remove those parts?
Both lines you want to remove contain a colon (language independent), so you can filter your hash with find /v ":". Then simply look that up in your data.txt with `findstr /g:"":
For /r "C:\" "delims=" %%A in (*) do (
certutil -hashfile "%%A" MD5|find /v ":"|findstr /G:"C:\Users\Sepehr\Desktop\data.txt" && (
echo hash is stored for %%A
) || (
echo hash is unknown for %%A
)
)
There certainly is room for improvement, but this is a working skeleton.
A word of advice: Don't delete "infected" files, at least not in the Windows and Program folders (and double-check in other locations as well)! You might make your system unusable (and remove any new or intentionally changed files).