1. 首頁
  2. 問答
  3. CryptoLocker - 使用Python腳本恢復驅動器文件版本

CryptoLocker - 使用Python腳本恢復驅動器文件版本

2017-02-22 75 views
1

長話短說,我受到了CryptoLocker病毒的感染。我的「正常」本地文件不是問題,因爲我備份這些文件。但我使用的是Google Drive Sync客戶端,所有我的雲端硬盤文件都已加密。我沒有備份它們,因爲我認爲Google Drive是保存的,我的數據存儲在世界各地(我知道我的錯)。CryptoLocker - 使用Python腳本恢復驅動器文件版本

現在我可以看到Google Drive提供版本控制。這意味着我的舊版上傳仍在服務器上。我可以通過文件恢復以前的版本文件,但通過幾千個文件,祝你好運。 我聯繫了Google G Suite支持團隊(我正在使用Google G Suite進行業務),並詢問他們是否可以在一個批量操作中恢復最新版本。答案是「不是你必須按檔案做文件」。因此,我正在檢查腳本,工具等互聯網。

我發現了一個Python腳本「bitbucket.org/snippets/cyclick/EBbEG」,它應該允許我恢復預覽工作版本。

  1. 安裝python「python.org/ftp/python/2.7.12/python-2.7.12.msi」。

  2. 運行「CMD」。

  3. 下載pip模塊「bootstrap.pypa.io/get-pip.py」。

  4. 將其複製到「腳本」文件夾中。

  5. 通過CMD「python get-pip.py」運行腳本。

  6. 打開驅動器API和生成OAuth用戶端ID:developers.google.com/drive/v3/web/quickstart/python

  7. 下載JSON文件,把它在「.credentials」文件夾並將其重命名爲「client_secret.json」。 (如第28行中提到的)

  8. 在CMD下安裝Google庫「pip install --upgrade google-api-python-client」。

  9. 之後我複製了腳本並將其保存爲「cleanup.py」。

# This script removes the file revision created by the Zepto Ransomware and 
 
# renames the file back to what it was before infection. 
 
# This file CHANGES the drive. USE IT AT YOUR OWN RISK. I'M NOT RESPONSIBLE FOR ANY LOSE. 
 
# 
 
# Requirements : 
 
# * Avoid encoding problem by setting the python encoding before running the script 
 
# $ export PYTHONIOENCODING=utf8 
 
# * Turn on the Drive API and generate a OAuth client ID : https://developers.google.com/drive/v3/web/quickstart/python 
 

 
from __future__ import print_function 
 
import httplib2 
 
import os 
 
import json 
 

 
from apiclient import discovery 
 
import oauth2client 
 
from oauth2client import client 
 
from oauth2client import tools 
 

 
try: 
 
    import argparse 
 
    flags = argparse.ArgumentParser(parents=[tools.argparser]).parse_args() 
 
except ImportError: 
 
    flags = None 
 

 
# If modifying these scopes, delete your previously saved credentials at ~/.credentials/drive-python-quickstart.json 
 
SCOPES = 'https://www.googleapis.com/auth/drive' 
 
CLIENT_SECRET_FILE = 'client_secret.json' 
 
APPLICATION_NAME = 'Drive API Python Quickstart' 
 

 
def get_credentials(): 
 
    """ 
 
    Gets valid user credentials from storage. 
 

 
    If nothing has been stored, or if the stored credentials are invalid, 
 
    the OAuth2 flow is completed to obtain the new credentials. 
 

 
    Returns: 
 
     Credentials, the obtained credential. 
 
    """ 
 
    home_dir = os.path.expanduser('~') 
 
    credential_dir = os.path.join(home_dir, '.credentials') 
 
    if not os.path.exists(credential_dir): 
 
     os.makedirs(credential_dir) 
 
    credential_path = os.path.join(credential_dir, 'drive-python-quickstart.json') 
 

 
    store = oauth2client.file.Storage(credential_path) 
 
    credentials = store.get() 
 
    if not credentials or credentials.invalid: 
 
     flow = client.flow_from_clientsecrets(CLIENT_SECRET_FILE, SCOPES) 
 
     flow.user_agent = APPLICATION_NAME 
 
     if flags: 
 
     credentials = tools.run_flow(flow, store, flags) 
 
     else: 
 
     # Needed only for compatibility with Python 2.6 
 
     credentials = tools.run(flow, store) 
 
     print('Storing credentials to ' + credential_path) 
 
    return credentials 
 

 
def deleteFilesWithSuffix(suffix, service): 
 
    results = service.files().list(
 
     corpus="domain", 
 
     spaces="drive", 
 
     pageSize=1000, 
 
     orderBy="folder,modifiedTime desc,name", 
 
     q="name contains '" + suffix + "'", 
 
     fields="nextPageToken, files(id, name)" 
 
     ).execute() 
 
    items = results.get('files', []) 
 
    if not items: 
 
    print('No files found.') 
 
    else: 
 
    for item in items: 
 
     if item['name'].endswith(suffix): 
 
     try: 
 
      deleteFile = service.files().delete(fileId=item['id']).execute() 
 
      print("Deleted file : " + item['name']) 
 
     except Exception as e: 
 
      print("Could not delete file : " + item['name'] + ". Details : " + str(e)) 
 

 
def renameFile(fileId, originalFilename, service): 
 
    try: 
 
    print("Renaming file " + fileId + " to " + originalFilename) 
 
    service.files().update(fileId=fileId, body={'name': originalFilename}, fields='name').execute() 
 
    except Exception as e: 
 
    print("Could not rename file " + fileId + "/Details : " + str(e)) 
 

 
def revertFiles(suffix, service): 
 
    results = service.files().list(
 
     corpus="domain", 
 
     spaces="drive", 
 
     pageSize=1000, 
 
     orderBy="folder,modifiedTime desc,name", 
 
     #q="modifiedTime > '2016-09-04T12:00:00'", 
 
     q= "name contains '" + suffix + "'", 
 
     fields="nextPageToken, files(id, name)" 
 
    ).execute() 
 
    items = results.get('files', []) 
 
    if not items: 
 
    print('No files found.') 
 
    else: 
 
     for item in items: 
 
     details = service.files().get(fileId=item['id'], fields="lastModifyingUser,name").execute() 
 
     if details['name'].endswith(suffix): 
 
      print("About to handle file " + details['name'] + " having id " + item['id']) 
 
      revs = service.revisions().list(fileId=item['id'], fields="kind,revisions").execute() 
 
      allrev = revs['revisions'] 
 
      lastRev = allrev[-1] 
 
      if not lastRev['originalFilename'].endswith(suffix): 
 
       # there was a rename problem during previous run -> fix it 
 
       originalFilename = lastRev['originalFilename'] 
 
       renameFile(item['id'], originalFilename, service) 
 
      elif len(allrev) > 1: 
 
       origRev = allrev[-2] 
 
       if lastRev['originalFilename'].endswith(suffix): 
 
        try: 
 
        print("Removing last revision of file " + details['name']) 
 
        revDel = service.revisions().delete(fileId=item['id'], revisionId=lastRev['id']).execute() 
 
        originalFilename = origRev['originalFilename'] 
 
        renameFile(item['id'], originalFilename, service) 
 
        except Exception as e: 
 
        print("Could not process file : " + details['name'] + "/Details : " + str(e)) 
 

 
def main(): 
 
    credentials = get_credentials() 
 
    http = credentials.authorize(httplib2.Http()) 
 
    service = discovery.build('drive', 'v3', http=http) 
 

 
    deleteFilesWithSuffix('_HELP_instructions.html', service) 
 
    revertFiles('zepto', service) 
 

 
if __name__ == '__main__': 
 
    main()

  • 我跑經由CMD「蟒cleanup.py」的腳本。

    • 我收到一條錯誤消息:

    C:\Python27\Scripts>python cleanup.py 
 
Traceback (most recent call last): 
 
    File "cleanup.py", line 133, in <module> 
 
    main() 
 
    File "cleanup.py", line 125, in main 
 
    credentials = get_credentials() 
 
    File "cleanup.py", line 48, in get_credentials 
 
    credentials = store.get() 
 
    File "C:\Python27\lib\site-packages\oauth2client\client.py", line 407, in get 
 
    return self.locked_get() 
 
    File "C:\Python27\lib\site-packages\oauth2client\file.py", line 54, in locked_get 
 
    credentials = client.Credentials.new_from_json(content) 
 
    File "C:\Python27\lib\site-packages\oauth2client\client.py", line 302, in new_from_json 
 
    module_name = data['_module'] 
 
KeyError: '_module'

    我做了什麼錯?憑據/ jason文件可能有問題嗎?

    現在我在這裏,並要求你的幫助。也許我們可以運行這個腳本,以便我可以恢復我的文件的最新工作版本。

    我真的很感謝您能提供任何幫助。

    來源

    2017-02-22 x0100

    回答

    0

    看看這個頁面? Https://github.com/hut6/google-drive-restore

    您是否檢查了第1步?

    您必須將Google Admin SDK和Google Drive API添加到Google Developers Console的 中的客戶端。下載JSON證書文件,然後 將它作爲credentials.json添加到根目錄中。

    來源

    2017-02-23 13:41:17 OblongMedulla

    +1

    我啓用了「Google Admin SDK」和「Google Drive API」,但仍然出現相同的錯誤消息。錯誤是否可能與憑據(json文件)有關?我將JSON文件放在C:根目錄下,也放在了C:的文件夾「.credentials」和我的用戶文件夾中的相同步驟中。不用找了。任何想法? – x0100

    相關問題

     相關問題