' ---------------------------------------------------------
' 
'  checkBlackworm
'
'  Version 1.0
'
'  Walt Howd
'
'
'  This script will check to see if any of the known files
'  for the Blackworm/Nyxem worms are present on the machine.
'
'  If the files are found, then the script will exit with
'  a custom error level. This can be used in SMS reporting
'  to see systems that might be at risk.
'
' ---------------------------------------------------------

' ---------------------------------------------------------
' Initialize variables
' ---------------------------------------------------------
On Error Resume Next
dim objShell, filesys, windir, system32, blackworm_files

Set objShell 	= WScript.CreateObject("WScript.Shell") 
Set filesys 	= CreateObject("Scripting.FileSystemObject")

windir		= objShell.Environment("Process").Item("windir") & "\"
system32	= windir & "system32\"

' ---------------------------------------------------------
' Known Blackworm files
' ---------------------------------------------------------
blackworm_files	= Array("rundll16.exe", "scanregw.exe", "update.exe", "winzip.exe", "WINZIP_TMP.exe")

' ---------------------------------------------------------
' Check for files in WINDOWS and SYSTEM32 directories
' ---------------------------------------------------------
For Each file in blackworm_files

	If filesys.FileExists(windir & file) OR filesys.FileExists(system32 & file) Then
		wscript.quit(1000) 	
	End If

Next

' ---------------------------------------------------------
' If no files were found, quit with the normal errorlevel
' ---------------------------------------------------------
wscript.quit(0)