My father kept having a particular malware worm found on his pen drives and systems. I thought installing an anti-virus should resolve it but weirdly it has not. I later found that despite me removing the malware from all his computers they kept occuring because he would use the pen drive in other printshop computers for getting printouts.
The worm I found seems to recursively keep a copy of itself on each folder, but it's content payload is always consistent and hence has a fixed hash b6ba31cd20869f2fc59082c178f06ca5c0572b382b6efffaaa5c30254a68b954
. It appears that this particular worm that goes by WindowsFormsApplication5
or movies.exe
exists 81.9% in India and 18.1% in Bangladesh. So I wrote this script so that anytime he can give the pen drive to me to run (I run a mac so these are PE executables that can't really run and infect) and recursively remove the malware before he can use it on his own system. I believe a good anti-virus should be a better solution but I have to check and find why the one I did install (Windows Defender) is failing. So this is a temporary solution.