Skip to content

A POC of Windows Antivirus Tool written in python to detect ransomware , viruses , backdoors , payloads and completely removes it from system .

License

Notifications You must be signed in to change notification settings

Whitecat18/Mavoc-Antivirus

Repository files navigation

Mavoc Antivirus


An opensource antivirus tool that scans, analyse and removes malwares, Torjans, payloads ,botnets,Ransomewere etc
Created in QT and python by @Smukx .



⚠️ The tool is in its early developmental stage. The Heuristic method is still under development. It will come with a new feature in the next update.

Working Methodology


Flowchart for working methodology

Scans files using Hashing algorithms with latest database collections such as sha256 and md5 hashes (MOST REQUESTED).

Uses Heuristic Method to Scan 1st Set of Lines (MOST REQUESTED)

Scans files using malicious extensions over 900+ popular malicious extensions (MOST REQUESTED)

Saves all the results in an seperate log files (MOST REQUESTED)

Can used to Delete malicious file with your Permission only (analyse (MOST REQUESTED FOR ANALYSING)

Network Protection Restricts Malicious websites over 42000 Websites

Types of Scans

There are 6 Types of Scans

Quick Scan

There are 2 types of Scans, Quick Recursive and Non-Recursive Scan.

Quick Recursive Scan will scan all files recursively in the common paths, even inside temporary files and folders within the common directory path.

Quick Non-Recursive scan will simply look for common places where malware, payloads, etc., may be stored.

Schedule Scan

To initiate a Schedule Scan with Mavoc Antivirus, you need to start the Mavoc Antivirus application mavoc.ps1 instead of staring the framework.py by.

By Default the summary scan will download and install modules

Schedule Scan will scan and completely removes malicious files on common path every 1 minute by default, but you can adjust the timing in the mavoc.ps1 script.

Full Scan

There are Two Types of Scans: Full Scan and Partition Scan.

Full Scan will comprehensively scan your entire system, which may take hours, so please be patient when using this option.

Partition Scan allows you to select a particular partition or folder to scan files recursively, making it the fastest scanning method.

Network

Network Protection contains a list of more than 42,000 malicious sites. When enabled, it blocks access to these sites. You can reset it to the default settings by choosing to disable network blocker.

Cloud Firm Scan

This scan utilizes the VIRUS TOTAL API to scan a specific file.

Important Note: If you are using the free VIRUS TOTAL API, limit your scans to a minimum of 3 files per minute.

Clean System

Clean System is used to remove unwanted files from common directory paths, such as temporary and registry paths. It automatically deletes these files to optimize system performance and enhance security.

FEATURES

Log Viewer

You can view log files on the menu bar

Log Viewer is used to view the logs of recent Scans and the results of scans like malicious files detected and the files that are removed from the system after the approval from the user

Add Database

You can create your own databases . by default it has over 350000 New, Popular Databases Till 24 SEP 2023

To add your custom database , the hash files are located in the /hashes directory. or you can add the database through the File options avaiable on the menu_bar

Installation

Install the requirements. pip3 install -r requirements.txt .

NOTE :: Execute the program on Administrator .

**Methods ~**

wget https://github.com/Whitecat18/Mavoc-Antivirus/releases/download/v1.1.0/Mavoc-Antivirus-main.zip
cd Mavoc-Antivirus
pip3 install -r requirements.txt
start-process powershell.exe -Verb RunAs
cd C:\\<MAVOC-DIRECTORY>\ # GO TO MAVOC-ANTIVIRUS DIRECTORY 
python3 mavoc.py

Password : mavoc

RUN THE mavoc.py to start implementing all Functions.

REPLACE your api key for virus total , cloud scans , search api_key on framework.py and replace it with your virustotal API

To set custom hashes for scanning . visit the release to download required hashes for your needs !

Warning ⚠️ Schedule scan will delete all the files without asking permission from the user. so be careful when you operate the schedule scan . By Default i have added the safer , malicous paths alone .

Customization

Setting up HASH for Scanning

I have Collected Popular Databases from various popular sources in Dark Web, VX-Undergrond Group etc ..

At this date over 700 K Popular SHA256 and MD5 Hashes of virus database has been added.

I Have an Two Files , the fast_md5 and fast_sha256 hashes has been added in the hashes folder. By Default 350K Popular hashes has been added


Setting Path for Quick Scanning

On Line 1828 or Search `DIRECTORY PATH FOR QUICK SCAN` on the framework.py. you can add your own directory for scanning .

Custom BlackList Configuration

You can custom your own black list program to block sites By default it has over 42000 Malicious and scamming sites.

Setting Path for Schedule Scan

You can customize the path for the schedule scan . edit the schedule-scanning.py , search `# PATH FOR SCHEDULE SCANNING` in the directories_to_scan = [] add the following path for your needs.

UPDATES ..,

Updates are on the way , The Update Option will be avaiable when releaes new version on it .

  • Mavoc Beta -> 1.0.0
  • Mavoc Installer ( Will Be Released within this week )
  • Heuristic Advance Logic Implementatition
  • Additional features to Network Protection

Contribution

Everyone can contribute to this software , i will verify , test and merge it .

Special thanks to Phoenix for helping me in the Design Layouts 🍀

About

A POC of Windows Antivirus Tool written in python to detect ransomware , viruses , backdoors , payloads and completely removes it from system .

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •