-1

I want to remove a part of this code: set hash=certutil -hashfile %%A MD5. I mean that I need to remove MD5 hash of cmd.exe: and CertUtil: -hashfile command completed successfully. from the output of this code.

my full code ( it is an antivirus but not complete yet... ):

For /f "tokens=*" %%A in ('dir /b /s') do (
      set hash=certutil -hashfile %%A MD5
      findstr %hash% C:\Users\Sepehr\Desktop\data.txt && (
      echo %%A is Infected!
      echo Deleting %%A
      del /f /q %%A
      ) || (
      echo %%A is Clean!
      )
)
pause

No idea how to remove those parts?

Sepehr Movasat
  • 49
  • 1
  • 10
  • 2
    It is not an antivirus! Also set `hash=certutil …` does not run, and even fixing to use the missing delayed expansion, `certutil`, `echo !hash:CertUtil: …` will print `certutil -hashfile C:\Some Directory\Sub Directory\filename.ext MD5`, `echo !hash:MD5 hash of %%A:=!` will print `certutil -hashfile C:\Some Directory\Sub Directory\filename.ext MD5`, and `findstr certutil -hashfile C:\Some Directory\Sub Directory\filename.ext MD5 C:\Users\Sepehr\Desktop\data.txt` if it runs at all, will never meet the `&&` condition. Have you turned `echo off` and run your script from the Command Prompt? – Compo May 17 '21 at 12:38
  • yes , the code is not complete yet... but if the problem is fixed , I will make it correct... – Sepehr Movasat May 17 '21 at 12:41
  • The entire thing will never work like that, so completing it is not what you need to do, rewriting it is! Are you wanting us to off topic rewrite it for you? Have you opened a Command Prompt window and read the output from `for /?`, `dir /?`, `certutil -hashfile -?`, `set /?`, `echo /?`, `findstr /?`, and `del /?`. Have you used the search facility at the top of the page, to read answers which use those commands and techniques? Do you know what delayed expansion is? Have you looked it up? – Compo May 17 '21 at 12:42
  • hmmm... It will work... I will thank you if you answer my question as well... – Sepehr Movasat May 17 '21 at 12:47
  • Not like that it will not, almost every command you have used is wrong, which means that you do not have a single issue with your code, your have many issues, which cannot be easily answered in an on topic simple responnse. To fix your code a responder would have to essentially write the entire thing for you, and code requests, of that type, are off topic on StackOverflow. What you need to do is to break down your task into multpile smaller parts, and get each part to work, before trying to get them all to work together at once. Please take a little more time researching, and trying things. – Compo May 17 '21 at 12:51
  • IF `data.txt` is a list of hashes, then you should be piping the output of `CERTUTIL` to the `FINDSTR` command and using the `/G` option of the `FINDSTR` command. – Squashman May 17 '21 at 13:23
  • You may want to consider using [HashSum.bat](https://www.dostips.com/forum/viewtopic.php?t=7592) – Squashman May 17 '21 at 13:30

1 Answers1

2

Both lines you want to remove contain a colon (language independent), so you can filter your hash with find /v ":". Then simply look that up in your data.txt with `findstr /g:"":

For /r "C:\" "delims=" %%A in (*) do (
  certutil -hashfile "%%A" MD5|find /v ":"|findstr /G:"C:\Users\Sepehr\Desktop\data.txt" && (
    echo hash is stored for %%A
  ) || (
    echo hash is unknown for %%A
  )
)

There certainly is room for improvement, but this is a working skeleton.

A word of advice: Don't delete "infected" files, at least not in the Windows and Program folders (and double-check in other locations as well)! You might make your system unusable (and remove any new or intentionally changed files).

Stephan
  • 53,940
  • 10
  • 58
  • 91