Designing a Bash Script to Remove Malware

Question

I work at a tech desk for my university. People are always coming in with globs of malware on their macbooks (I thought mac's couldn't get virus'?). The usual process is removing the bad applications and sorting through the system/library files to find associated plists or additional bad stuff. This process can take a hell of a long time so I thought I would try and create an automated script for removing files. I'm not super familiar with bash, but it would go something like this.

The issue is defining an arbitrary variable, not sure how to do this.

#!/bin/bash
TR = malware_quary
sudo find / -name malware_quary |
while read filename
do
    if(malware_quary = "*mackeeper*")
        read -p "Are you sure you want to remove " +malware_quary+"? " -n 1 -r
        echo
        if [[ ! $REPLY =~ ^[Yy]$ ]]
        then
            cat malware_quary < ~/Desktop/log.txt
        rm malware_quary
        fi
done

I will continue to add if conditions for various other malware (ie conduit, genieo, etc..) until I have built an extensive log file where I can just run all the results against it.

Answer 1

If you're not familiar with Bash, it's gonna be a pain. I'd personally recommend doing it in Python because of the lower learning curve and tons of modules available. You'll have more hair when it's all said and done, and it's more portable than bash.

To answer your question, though, you can define a variable like so (no spaces):

myvar="Some value";

echo "I just set myvar to $myvar";

A quick python script could work like so:

import os
files = ['file1', 'file2', 'file3']

for f in files:
    print "Searching for %s" % f
    if os.path.exists(os.path.abspath(f)):
        print "Found %s!" % f
        # Call function to remove (os.remove, os.rmdir, etc)
    else:
        print "File %s not found" % f