Crypto Alert v2.0
This software does not search for existing infections. It was created to monitor a windows computers for new infections by looking for any of the instruction files that the crypto virus creates as it infects. Right now it looks for any files created or modified with decrypt in the name. This crude logic could result in false positives and also may need to be updated if the software changes its file naming logic. While the software is running you can test it by creating a file anywhere in the monitored path with decrypt in the file name.
If a potential infection is discovered it will send an alert to the email address specified. Right now only open relay is supported so you'll need some type of local mail functionality.
The software also has silent operation and monitoring capabilities. Simply add an entry to your startup folder using the following switches.
The program excepts the following variables. All must be specified and separated by spaces. If done correctly the program will automatically start monitoring.
Variable 1: SMTP server, example above is 22.214.171.124
Variable 4: This is the path you want to monitor. Example above is C:\ but could be D:\ or a UNC path
Variable 5: This is the visibility switch
1 is normal visibility
2 will start the program minimized
3 will start the program minimized with no taskbar icon (can be accessed using alt+tab)
4 will start the program minimized, with no taskbar icon and no ability to navigate to it using alt+tab (can only see running process in task manager)
Variable 6: This is the shutdown switch
1 will alert and shut down the computer 30 seconds after an infection is found
2 will only alert and not shutdown the computer