def find_06():
if utils.reg_exists(
'L',
'Software\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer\\Run\\ipmontr'
):
return True
if utils.reg_exists(
'L', 'Software\\Microsoft\\WinKernel\\Explorer\\Run\\ipmontr'):
return True
return False
def find_12():
if utils.file_exists(
('%s\\All Users\\Application Data' % datastore.PROFILE_PATH),
'Network'):
return True
if utils.reg_exists('L', 'Software\\Microsoft\\MSFix'):
return True
for key in datastore.HKEY_USERS_DATA:
if utils.reg_exists('U', ('%s\\Software\\Microsoft\\MSFix' % key)):
return True
return False
def find_32():
if utils.reg_exists(
'L',
'Software\\Microsoft\\Active Setup\\Installed Components\\{FB083534-2709-3378-0000-F0FCD03BA387}'
):
return True
if utils.reg_exists(
'L',
'Software\\Microsoft\\Active Setup\\Installed Components\\{FB083534-2709-3378-0001-F0FCD03BA387}'
):
return True
return False
def find_01():
result = utils.reg_exists(
'L', 'software\\microsoft\\windows\\currentversion\\StrtdCfg', None,
True)
if result:
return True
for key in datastore.HKEY_USERS_DATA:
result = utils.reg_exists(
'U',
('%s\\software\\microsoft\\windows\\currentversion\\StrtdCfg' %
key), None, True)
if result:
return True
return False
def find_43():
filesinsys32 = ['cryptapi32.dll']
otherfiles = ['%appdata%\\Help\\system32\\cryptapi32.dll']
regentries = [('L', 'SYSTEM\\CurrentControlSet\\Control', 'DType0')]
results = []
for f in filesinsys32:
results.append((f in datastore.SYSPATH_FILE_SET))
for f in otherfiles:
results.append(file_exists(*os.path.split(f)))
for reg in regentries:
results.append(reg_exists(*reg))
return any(results)
def find_17():
search_set = set(
('ADWM.DLL', 'ASFIPC.DLL', 'BROWUI.DLL', 'CAPESPN.DLL', 'CFGKRNL3.DLL',
'CRYPTKRN.DLL', 'DESKKRNE.DLL', 'DSKMGR.DLL', 'EXPLORED.DLL',
'FMEM.DLL', 'HDDBACK4.DLL', 'HWMAP.DLL', 'ipnetd.dll', 'IPNETD.DLL',
'KNRLADD.DLL', 'MAILAPIC.DLL', 'MSGRTHLP.DLL', 'MSIAXCPL.DLL',
'MSID32.DLL', 'MSRECV40.DLL', 'NCFG.DLL', 'PARALEUI.DLL',
'secur16.dll', 'SECUR16.DLL', 'SOUNDLOC.DLL', 'WINF.DLL',
'WMCRT.DLL'))
if (not datastore.SYSTEMROOT_FILE_SET.isdisjoint(search_set)):
return True
if utils.reg_exists('R', 'Lnkfile\\shellex\\IconHandler', 'OptionFlags'):
return True
return False
def find_26():
if utils.reg_exists('L', 'Software\\Adobe\\Fix'):
return True
search_set = set(('result.dat', 'data.dat', 'Acrobat.dll', 'first.tmp'))
for ud in datastore.USER_DIRS_LIST:
(cmdStatus, cmdId) = dsz.cmd.RunEx(
('dir -mask * -path "%s\\%s\\Local Settings\\Temp"' %
(datastore.PROFILE_PATH, ud)), dsz.RUN_FLAG_RECORD)
if cmdStatus:
try:
names = set(
dsz.cmd.data.Get('DirItem::FileItem::name',
dsz.TYPE_STRING, cmdId))
except RuntimeError:
names = None
if ((names is not None) and (not names.isdisjoint(search_set))):
return True
return False
def find_07():
return utils.reg_exists(
'L',
'Software\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer\\Run\\Internet32'
)
def find_40():
return utils.reg_exists(
'L',
'Software\\Microsoft\\Windows\\CurrentVersion\\ShellServiceObjectDelayLoad',
'NetIDS')
def find_39():
if utils.reg_exists('L', 'Software\\Microsoft\\MS QAG\\U11'):
return True
if utils.reg_exists('L', 'Software\\Microsoft\\MS QAG\\U12'):
return True
return False
def find_34():
return utils.reg_exists(
'L',
'System\\CurrentControlSet\\Services\\Windows Installer Management')
def find_23():
for key in datastore.HKEY_USERS_DATA:
if utils.reg_exists('U', ('%s\\software\\microsoft\\NetWin' % key)):
return True
return False
def find_02():
result = utils.reg_exists(
'L', 'System\\CurrentControlSet\\Control\\CrashImage', None, True)
if result:
return True
return False
