#1 17 May 2017 13:21

corhsin
Member
Registered: 17 May 2017
Posts: 2

Please craft a script to find and move files with a certain extension.

Is someone willing to craft me a script?  The system is Win10 if Powershell or some other interface is easier.  A system that suffered a ransomware infection.  The files were decrypted (Nemucod).  The originals should not be deleted until it is verified the data copies that were created are correct.  There are too many to do in a short term.

The goal is to find all files with the crypted extension and transfer them to another partition while maintaining the directory structure.

E. G.
c:\file1.crypted
c:\stuff\file8.crypted
moved to
e:\file1.crypted
e:\stuff\file8.crypted .

Keeping the file attributes including security would be beneficial.  Robocopy may offer this functionality.  After multiple attempts I was unable to correctly utilize it.

Thanks in advance.

Offline

#2 17 May 2017 19:39

Simon Sheppard
Super Administrator
Registered: 27 Aug 2005
Posts: 889
Website

Re: Please craft a script to find and move files with a certain extension.

Theres a powershell script here I think you could adapt
https://ss64.org/viewtopic.php?id=453

Change the part that looks for 0 bytes to look instead for the file extension, you will probably also need to swap around what gets copied where, but I think the basic structure will get you started.

Offline

#3 18 May 2017 16:06

Hackoo
Member
Registered: 05 Feb 2015
Posts: 14

Re: Please craft a script to find and move files with a certain extension.

Hi  smile
You can give a try for this batch file :

@echo off 
Color 9E & Mode con cols=80 lines=3
Title Search and backup Crypted files by a Ransomware by Hackoo 2017
echo(
echo    Please wait ... Search and backup of your crypted files is in progress ...
set "LogSearch=%~dpn0.txt"
set Pattern="*.Crypted"
set "Backup_Crypted_Folder=E:\Backup_Crypted_Folder"
Where /R C:\ "%Pattern%" /F >"%LogSearch%" 2>&1
If "%ErrorLevel%" EQU "1" (
	Cls
	echo(
	echo       --------------------------------------------------------------------------
	@echo                         No file found with this Pattern
	echo       --------------------------------------------------------------------------
) else (
	@for /f "delims=" %%A in ('Type "%LogSearch%"') do (
		if not exist "%%~fA\*" (
			md "%Backup_Crypted_Folder%%%~pA">nul 2>&1
			@copy /Y /N "%%~fA" "%Backup_Crypted_Folder%%%~pnxA">nul 2>&1
		)	
	)	
)
Explorer "%Backup_Crypted_Folder%"

Last edited by Hackoo (18 May 2017 16:10)

Offline

#4 18 May 2017 16:19

corhsin
Member
Registered: 17 May 2017
Posts: 2

Re: Please craft a script to find and move files with a certain extension.

That is great.  I will give it a go in just a few hours.  I was looking over this (viewtopic.php?id=1538) in hopes it could be adapted.  I will let you know when it is up again.  Thank you!

Offline

Board footer

Powered by FluxBB