This one of the first real(ish) projects I had ever done. I had just finished working through the How to Think Like a Computer Scientist in Python book and I wanted to try building that I would actually use. One problem I frequently faced as a former windows user, was malware infecting my USB drive after using them on computers in college. So one day while commuting home with a possibly infected USB, I thought up this program. To be clear this should not be used in real life scenarios in place of an antivirus sofware. This was just an interesting idea I had.
This program is meant to be used as a utility to quickly and safely check whether a particular computer is affected by a virus that infects storage drives that connect to it. To do this we will put some files like the ones included in this repository onto a USB drive along with this Malware Utility and run it on a computer we know to be safe(for example your home computer). We'll call this computer, computer A. When the utilility is run, it will generate a hashstore.enil file on the drive. To test whether a particular computer(computer B) will infect a USB drive with malware we simply insert the USB drive into computer B, perform some file transfers(like moving a file from the computer to the USB drive and back) and finally, run the utility on computer B. If any of our original files have been modified we know that computer B has a virus that infects USB's inserted into it
This utility is not particularly efficient. Like I said it was one of the first programs I wrote, and I haven't updated it much since I wrote it(besides a few bug fixes and readability improvements). If the storage drive contains a large number of files or many gigabytes of files, the program could take a long time to run.
Essentially, this utility when run, gets a list of all files and folders in the current directory and in sub-directories. Then, it generates a SHA256 hash on each file found, encrypts this hash and finally adds the hash and stores it in the file hashstore.enil in the current directory. Finally it generates what I call a master hash, i.e. it concatenates all the file hashes and hashes the resulting string. This master hash is then appended to the hashstore.enil file.
On subsequent runs of the utility, the file hashes and master hash are recalculated. Then the hashes from the hashstore.enil are decrypted. If the current master hash and the stored master hash match, then the files have not been modified. If the two master hashes are different, then newly generated hash list and the hash list from the hashstore.enil are compared, and the user in notified of which files have been modified and which files have been newly added. At this point the user can choose to exit or update the hashstore.enil
How to use
This program is meant to be used as a utility to quickly and safely check whether a particular computer is affected by a virus that infects storage drives that connect to it. To do this we will put some files like the ones included in this repository onto a USB drive along with this Malware Utility and run it on a computer we know to be safe(for example your home computer). We'll call this computer, computer A. When the utilility is run, it will generate a hashstore.enil file on the drive. To test whether a particular computer(computer B) will infect a USB drive with malware we simply insert the USB drive into computer B, perform some file transfers(like moving a file from the computer to the USB drive and back) and finally, run the utility on computer B. If any of our original files have been modified we know that computer B has a virus that infects USB's inserted into it
When to use
This utility is not particularly efficient. Like I said it was one of the first programs I wrote, and I haven't updated it much since I wrote it(besides a few bug fixes and readability improvements). If the storage drive contains a large number of files or many gigabytes of files, the program could take a long time to run.
How it works
Essentially, this utility when run, gets a list of all files and folders in the current directory and in sub-directories. Then, it generates a SHA256 hash on each file found, encrypts this hash and finally adds the hash and stores it in the file hashstore.enil in the current directory. Finally it generates what I call a master hash, i.e. it concatenates all the file hashes and hashes the resulting string. This master hash is then appended to the hashstore.enil file.
On subsequent runs of the utility, the file hashes and master hash are recalculated. Then the hashes from the hashstore.enil are decrypted. If the current master hash and the stored master hash match, then the files have not been modified. If the two master hashes are different, then newly generated hash list and the hash list from the hashstore.enil are compared, and the user in notified of which files have been modified and which files have been newly added. At this point the user can choose to exit or update the hashstore.enil