--- /dev/null
+<#\r
+.SYNOPSIS\r
+ Shows recursively searched directories according to some regex and optionally deletes files\r
+.DESCRIPTION\r
+ .\r
+.PARAMETER adir\r
+ Specifies a path to a location, typically a partition. No characters are interpreted \r
+ as wildcards. If the path includes escape characters, enclose it in single\r
+ quotation marks. Single quotation marks tell Windows PowerShell not to \r
+ interpret any characters as escape sequences.\r
+.EXAMPLE\r
+ massdel.ps1 -adir 'C:\Users>'\r
+#>\r
+\r
+#\r
+# massdel.ps1 is a tool to clear directories affected by Maze/ChaCha ransomware.\r
+#\r
+# Copyright (C) 2020 Yordan Manolov\r
+#\r
+# This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.\r
+#\r
+# This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.\r
+#\r
+# You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.\r
+#\r
+\r
+param (\r
+ [Parameter(Mandatory=$true)][string]$adir = "V:\",\r
+ [string] $pathregex = "*LES.txt", \r
+ [string]$fileregex = "*\.(jpg|pdf|doc|docx|png|xls|xlsx|eml|jpeg|8\[a-z]{2,}|.adm|advs|apln|ascs|bdf|compositefont|dlm|dsc|dwt|ebx|epf|eps|epsf|exif|exr|f4v|fl|fla|gif|gif|grd|idml|ifd|incp|imp|indesignplugin|indt|inix|inms|inx|iros|isa|jsf|jsfl|jsx|kfg|lbi|meh|mfx|mno|mpv|mulib|mxp|p3m|p3r|ps2|ps3|psq|ptl|pwl|raw|rfr|sbst|sbx|ses|shc|sta|std|ste|swb|swd|swtag|tds|tpl|tty|vce|vtv|wfx|workspace|xfd|xfl|xyze|zxp)\.\w{3,}", #todo\r
+ [switch]$delall = $false\r
+ )\r
+\r
+\r
+Get-ChildItem $Path -Recurse | \r
+ # only directories which contain the ransom message (txt) are affected\r
+ Where{ $_.Name -Match [regex]::escape($pathregex) } | \r
+ Where{ $_.Name -Match [regex]::escape($fileregex) } | \r
+ # note: this does not remove the ransom message, for debugging reasons\r
+ if($delall) { Remove-Item -Force }\r
+ else { Remove-Item -Confirm }\r