Script to confirm threats has been removed using malwarebytes

Download JSON Download Python

Ratings

Release Time

09/01/2022

Downloads

598 times

Update Time

06/14/2025

Views

377 times

Share-it:

Tags

NUMsp

Description :

This script read the json scan file and reports whether threats has been removed or not by confirming the object path.

Note:

1.Run as Local System User

Procedure's Instructions

import os
from subprocess import PIPE,Popen
import ctypes
import glob
import re
location="C:/ProgramData/Malwarebytes/MBAMService/ScanResults"
os.chdir(location)
print os.getcwd()
list_of_files = glob.glob(location+'/*.json') # * means all if need specific format then *.csv
latest_file = max(list_of_files, key=os.path.getctime)

latest_file=latest_file.split("\\")[1]
print "Lastest File: %s"%latest_file
empty_string=""
with open(latest_file,'r') as f:
    for i in f:
        empty_string=empty_string+i
d=(", ").join(i for i in  empty_string.split(",")[1:])
threatsDetected=re.findall('''"threatsDetected"\s+\:\s\d+''',d)
#print threatsDetected[0]
value=int(threatsDetected[0].split()[-1])
if value==0:
    print "No Threats Found"
else:
    print threatsDetected[0]
    t_id=re.findall('''"threatID"\s+:\s+\d+''',d)
    t_name=re.findall('''"threatName"\s+\:\s+\".*"''',d)
    t_path=re.findall('''"objectPath"\s+:\s+\".*"''',d)
    t_size=re.findall('''"objectSize"\s+:\s\d+''',d)
    t_del=re.findall('''"fileDelete" : true''',d)

for i in zip(t_id,t_name,t_path,t_size,t_del):
        print "\n%s"%i[0]
        print "%s"%i[1]
        print "%s"%i[2]
        print "%s"%i[3]
        print "%s"%i[4]
        path=":".join(j for j in i[2].split(":")[1:])
        if not os.path.exists(path):
            print "!!!Virus Deleted Confirmed!!!"
        else:
            print "!!!Virus Still Exist!!!"

 
import os
from subprocess import PIPE,Popen
import ctypes
import glob
import re
location="C:/ProgramData/Malwarebytes/MBAMService/ScanResults"
os.chdir(location)
print os.getcwd()
list_of_files = glob.glob(location+'/*.json') # * means all if need specific format then *.csv
latest_file = max(list_of_files, key=os.path.getctime)
​
latest_file=latest_file.split("\\")[1]
print "Lastest File: %s"%latest_file
empty_string=""
with open(latest_file,'r') as f:
    for i in f:
        empty_string=empty_string+i
d=(", ").join(i for i in  empty_string.split(",")[1:])
threatsDetected=re.findall('''"threatsDetected"\s+\:\s\d+''',d)
#print threatsDetected[0]
value=int(threatsDetected[0].split()[-1])
if value==0:
    print "No Threats Found"
else:
    print threatsDetected[0]
    t_id=re.findall('''"threatID"\s+:\s+\d+''',d)
    t_name=re.findall('''"threatName"\s+\:\s+\".*"''',d)
    t_path=re.findall('''"objectPath"\s+:\s+\".*"''',d)
    t_size=re.findall('''"objectSize"\s+:\s\d+''',d)
    t_del=re.findall('''"fileDelete" : true''',d) 
​
    for i in zip(t_id,t_name,t_path,t_size,t_del):
        print "\n%s"%i[0]
        print "%s"%i[1]
        print "%s"%i[2]
        print "%s"%i[3]
        print "%s"%i[4]
        path=":".join(j for j in i[2].split(":")[1:])
        if not os.path.exists(path):
            print "!!!Virus Deleted Confirmed!!!"
        else:
            print "!!!Virus Still Exist!!!"

Comments

No Comments.

Script to confirm threats has been removed using malwarebytes

Comments

Leave a Comment