codec folder exe virus:any postscript to detect and remove?

Come up with a useful post-processing script? Share it here!
Post Reply
domerdel
Newbie
Newbie
Posts: 7
Joined: March 13th, 2008, 12:22 am

codec folder exe virus:any postscript to detect and remove?

Post by domerdel »

There's been people uploading movies with fake IMDB id's and then adding a codec folder that's infected. It tricks users to run it after they receive an error trying to play the movie, suggesting "run this codec exe" ... Is there a post script to detect, remove and report as a red error in the history section of sab?
User avatar
sander
Release Testers
Release Testers
Posts: 9070
Joined: January 22nd, 2008, 2:22 pm

Re: codec folder exe virus:any postscript to detect and remo

Post by sander »

Suggestions:

Remove .exe files with Config -> General -> Cleanup List: "List of file extensions that should be deleted after download. For example: nfo or nfo, sfv": fill out .exe

Run one of the anti-virus post-processing scripts as posted here on the forum
yojeff
Newbie
Newbie
Posts: 2
Joined: December 31st, 2013, 6:00 pm

Re: codec folder exe virus:any postscript to detect and remo

Post by yojeff »

That would do the job, unless you are downloading apps. I will have it clean the .exe for my movie downloads , but need to remember to take it out when doing other stuff.

Thanks, YJ
agentclark
Newbie
Newbie
Posts: 3
Joined: January 30th, 2013, 8:36 am

Re: codec folder exe virus:any postscript to detect and remo

Post by agentclark »

If you exclude .exe files in your config, you wont get the virus, but you still have a crab release.

So you need a post progressing script which scans every release for a folder "codec" and if this folder is present, delete the whole release.

Code: Select all

#!/bin/bash
dir=$1
name=$3
if [ -d "${dir}/Codec" ]; then
        rm -R "$dir"
        echo "Deleted \"${name}\" for crab release"
fi
I've no idea how the windows version should look like. It's just a real simple script for Linux to delete those crab releases.
domerdel
Newbie
Newbie
Posts: 7
Joined: March 13th, 2008, 12:22 am

Re: codec folder exe virus:any postscript to detect and remo

Post by domerdel »

agentclark wrote:If you exclude .exe files in your config, you wont get the virus, but you still have a crab release.

So you need a post progressing script which scans every release for a folder "codec" and if this folder is present, delete the whole release.

Code: Select all

#!/bin/bash
dir=$1
name=$3
if [ -d "${dir}/Codec" ]; then
        rm -R "$dir"
        echo "Deleted \"${name}\" for crab release"
fi
I've no idea how the windows version should look like. It's just a real simple script for Linux to delete those crab releases.
I'm on a mac, but this didn't work, here's what I tried
created a post processing script in the main scripts folder. named it

Code: Select all

checkCodec.py
, copied and pasted your code in there. In the config file, i created a category called 'movies' and for post-processing I pointed it to "checkCodec.py" it didn't work, basic error "Exit, cannot run script". Is there a proper syntax that's needed for python or should I try another extension?
agentclark
Newbie
Newbie
Posts: 3
Joined: January 30th, 2013, 8:36 am

Re: codec folder exe virus:any postscript to detect and remo

Post by agentclark »

Sorry for the late reply.

This is no Python code, it is a shell script.
Maybe it will work on mac too, i've no idea.
You can try to name the script

Code: Select all

checkcodec.sh
and make it executable.

Hope this helps.
Agent
sab12397
Full Member
Full Member
Posts: 117
Joined: August 8th, 2008, 1:09 pm

Re: codec folder exe virus:any postscript to detect and remo

Post by sab12397 »

Not what you are asking but this type of check is in the current version on Git in the 0.7 branch.

It seems a bit inconsistent with other features as it does not save periods or commas in the list of extensions you give it (so it may not be working correctly) unlike the remove extensions option but seems to work on a test file I tried with just exe in the list of extensions.

The new settings can be found in the Switches - Queue section. They are called Action when unwanted extension detected and Unwanted extensions.

More information at http://forums.sabnzbd.org/viewtopic.php?f=4&t=17337

Usual caveats.
Post Reply