So, over the last two years, I have written some scripts or apps that were ultimately used at work. One was a response to the malware family called ransomware which gets onto a computer, encrypts the user’s files and then gives them instructions on how to pay to have them unencrypted.
DocWatch
Our antivirus software, at the time, did not prevent this type of activity and we had a couple of attacks and a lot of files encrypted. Fortunately, we have good backups, so the files were relatively easy to restore.
I found a directory watcher routine that miraculously would notify me of changes to any number of files and folders on both local and network shared folders. It was written in AutoHotkey, which I was unfamiliar with. But, I put on my thinking cap and created my first app in that language and called it DocWatch. It basically lets users add folders to a watch list and only looks at business documents for either rapid changes or certain filenames. Most crypto malware or ransomware programs use specific filenames and are easy to detect after they start their damaging encryption. DocWatch alerts on both activity levels and filenames, both of which are configurable. It will email an administrator and, if running on the infected computer, it can shut it down automatically. Below are a couple of screen shots.
The PDF Manual is here DocWatch Manual.
For those who are interested in this feel free to contact me.
PC Dashboard
Another application we use frequently brings a lot of separate PC utilities under a single program. We regularly work with lots of computers, installing software, troubleshooting issues, inventorying, etc. So, I embedded many small applications into a common interface shown below. Again, if anyone is interested in adapting the program to their network, please contact me. The PDF Manual is here PC Dashboard 2
