first commit

src/TJprojMain-remover/TJprojMain-remover.sln

@@ -0,0 +1,25 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio Version 16
+VisualStudioVersion = 16.0.30204.135
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "TJprojMain-remover", "TJprojMain-remover\TJprojMain-remover.csproj", "{94078440-EE7C-414E-A691-39E14AB240E2}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Release|Any CPU = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{94078440-EE7C-414E-A691-39E14AB240E2}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{94078440-EE7C-414E-A691-39E14AB240E2}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{94078440-EE7C-414E-A691-39E14AB240E2}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{94078440-EE7C-414E-A691-39E14AB240E2}.Release|Any CPU.Build.0 = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+	GlobalSection(ExtensibilityGlobals) = postSolution
+		SolutionGuid = {A52767E5-7079-4921-9891-996F642D0716}
+	EndGlobalSection
+EndGlobal

src/TJprojMain-remover/TJprojMain-remover/App.config

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<configuration>
+    <startup> 
+        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.8" />
+    </startup>
+</configuration>

src/TJprojMain-remover/TJprojMain-remover/Log.cs

@@ -0,0 +1,54 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+public static class Log
+{
+    public static void Critical(object value)
+    {
+        Color(ConsoleColor.Magenta);
+        Console.WriteLine("[!] " + value.ToString());
+        Color();
+    }
+
+    public static void Info(object value)
+    {
+        Color(ConsoleColor.Cyan);
+        Console.WriteLine("[+] " + value.ToString());
+    }
+
+    public static bool QueryYesNo(string question)
+    {
+        var input = QueryString(question);
+        if (input.ToLower().StartsWith("y")) return true;
+        else return false;
+    }
+
+    public static string QueryString(string question)
+    {
+        Color(ConsoleColor.Yellow);
+        Console.Write("[?] " + question);
+        Color();
+        return Console.ReadLine();
+    }
+
+    public static void Info(object value, ConsoleColor color)
+    {
+        Color(color);
+        Console.WriteLine("[+] " + value.ToString());
+    }
+
+    public static void Error(object value)
+    {
+        Color(ConsoleColor.Red);
+        Console.WriteLine("[-] " + value.ToString());
+        Color();
+    }
+
+    private static void Color(ConsoleColor color = ConsoleColor.White)
+    {
+        Console.ForegroundColor = color;
+    }
+}

src/TJprojMain-remover/TJprojMain-remover/Program.cs

@@ -0,0 +1,76 @@
+using Microsoft.Win32;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace TJprojMain_remover
+{
+    class Program
+    {
+        private const string AUTOSTART_REGKEY = @"HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run";
+
+
+        static void Main(string[] args)
+        {
+            Log.Info("TJprojMain-remover by VollRagm", ConsoleColor.Blue);
+            CheckSafeBoot();
+
+            DisableAutostart();
+            RemoveFiles();
+
+            Log.Info("Done.");
+        }
+
+        static void CheckSafeBoot()
+        {
+            var safeBoot = Utils.IsSafeMode();
+            if (!safeBoot)
+            {
+                var proceed = Log.QueryYesNo("You did not boot into safe mode, which means that the process is running and cannot be deleted. Do you wish to try anyways? (y/n): ");
+                if (!proceed)
+                {
+                    Log.Info("Here is how to boot into safe mode: https://www.digitalcitizen.life/4-ways-boot-safe-mode-windows-10/");
+                    Console.ReadLine();
+                    Environment.Exit(0);
+                }
+            }
+        }
+
+        static void DisableAutostart()
+        {
+            Log.Info("Disabling Autostart...");
+            try
+            {
+                Utils.RegRemoveIfExists(AUTOSTART_REGKEY, "svchost");
+                Utils.RegRemoveIfExists(AUTOSTART_REGKEY, "Explorer");
+                Console.WriteLine();
+            }
+            catch (Exception ex)
+            {
+                Log.Error("Failed to remove autostart keys: " + ex.Message);
+            }
+        }
+
+        static void RemoveFiles()
+        {
+            try
+            {
+                Utils.FRemoveIfExists(@"C:\Windows\Resources\svchost.exe", true);
+                Utils.FRemoveIfExists(@"C:\Windows\Resources\spoolsv.exe", true);
+                Utils.FRemoveIfExists(@"C:\Windows\Resources\explorer.exe", true);
+                Utils.FRemoveIfExists(@"C:\Windows\Resources\Themes\icsys.icn.exe", true);
+                Utils.FRemoveIfExists(@"C:\Windows\Resources\Themes\icsys.icn", false);
+                Utils.FRemoveIfExists(@"C:\Windows\Resources\Themes\tjcm.cmn", true);
+                Console.WriteLine();
+
+            }catch(Exception ex)
+            {
+                Log.Error("Could not remove files: " + ex.Message);
+            }
+        }
+
+
+    }
+}

src/TJprojMain-remover/TJprojMain-remover/Properties/AssemblyInfo.cs

@@ -0,0 +1,36 @@
+using System.Reflection;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+// General Information about an assembly is controlled through the following
+// set of attributes. Change these attribute values to modify the information
+// associated with an assembly.
+[assembly: AssemblyTitle("TJprojMain-remover")]
+[assembly: AssemblyDescription("")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("")]
+[assembly: AssemblyProduct("TJprojMain-remover")]
+[assembly: AssemblyCopyright("Copyright ©  2021")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+// Setting ComVisible to false makes the types in this assembly not visible
+// to COM components.  If you need to access a type in this assembly from
+// COM, set the ComVisible attribute to true on that type.
+[assembly: ComVisible(false)]
+
+// The following GUID is for the ID of the typelib if this project is exposed to COM
+[assembly: Guid("94078440-ee7c-414e-a691-39e14ab240e2")]
+
+// Version information for an assembly consists of the following four values:
+//
+//      Major Version
+//      Minor Version
+//      Build Number
+//      Revision
+//
+// You can specify all the values or you can default the Build and Revision Numbers
+// by using the '*' as shown below:
+// [assembly: AssemblyVersion("1.0.*")]
+[assembly: AssemblyVersion("1.0.0.0")]
+[assembly: AssemblyFileVersion("1.0.0.0")]

src/TJprojMain-remover/TJprojMain-remover/TJprojMain-remover.csproj

@@ -0,0 +1,55 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
+  <PropertyGroup>
+    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
+    <ProjectGuid>{94078440-EE7C-414E-A691-39E14AB240E2}</ProjectGuid>
+    <OutputType>Exe</OutputType>
+    <RootNamespace>TJprojMain_remover</RootNamespace>
+    <AssemblyName>TJprojMain-remover</AssemblyName>
+    <TargetFrameworkVersion>v4.8</TargetFrameworkVersion>
+    <FileAlignment>512</FileAlignment>
+    <AutoGenerateBindingRedirects>true</AutoGenerateBindingRedirects>
+    <Deterministic>true</Deterministic>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
+    <PlatformTarget>AnyCPU</PlatformTarget>
+    <DebugSymbols>true</DebugSymbols>
+    <DebugType>full</DebugType>
+    <Optimize>false</Optimize>
+    <OutputPath>bin\Debug\</OutputPath>
+    <DefineConstants>DEBUG;TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
+    <PlatformTarget>AnyCPU</PlatformTarget>
+    <DebugType>pdbonly</DebugType>
+    <Optimize>true</Optimize>
+    <OutputPath>bin\Release\</OutputPath>
+    <DefineConstants>TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <ItemGroup>
+    <Reference Include="System" />
+    <Reference Include="System.Core" />
+    <Reference Include="System.Xml.Linq" />
+    <Reference Include="System.Data.DataSetExtensions" />
+    <Reference Include="Microsoft.CSharp" />
+    <Reference Include="System.Data" />
+    <Reference Include="System.Net.Http" />
+    <Reference Include="System.Xml" />
+  </ItemGroup>
+  <ItemGroup>
+    <Compile Include="Log.cs" />
+    <Compile Include="Program.cs" />
+    <Compile Include="Properties\AssemblyInfo.cs" />
+    <Compile Include="Utils.cs" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="App.config" />
+  </ItemGroup>
+  <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
+</Project>

src/TJprojMain-remover/TJprojMain-remover/Utils.cs

@@ -0,0 +1,78 @@
+using Microsoft.Win32;
+using System;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.IO;
+using System.Linq;
+using System.Runtime.InteropServices;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace TJprojMain_remover
+{
+    public class Utils
+    {
+        private const int SM_CLEANBOOT = 67;
+
+        [DllImport("user32.dll")]
+        private static extern int GetSystemMetrics(int smIndex);
+
+        public static bool IsSafeMode()
+        {
+            return GetSystemMetrics(SM_CLEANBOOT) != 0;
+        }
+
+        public static void RegRemoveIfExists(string key, string name)
+        {
+            using (RegistryKey regKey = Registry.CurrentUser.OpenSubKey(key, writable: true))
+            {
+                if (regKey != null)
+                {
+                    if (regKey.GetValue(name) != null)
+                    {
+                        regKey.DeleteValue(name);
+                        Log.Critical($"Registry key {name} found and removed!");
+                    }
+                    else
+                    {
+                        Log.Error($"Registry key {name} not found!");
+                    }
+                }
+            }
+
+        }
+
+        public static void Unhide(string path)
+        {
+            Process.Start("attrib", $"-r -a -s -h \"{path}\"");
+        }
+
+        public static void FRemoveIfExists(string path, bool processCheck = false)
+        {
+            try
+            {
+                if (File.Exists(path))
+                {
+                    if (processCheck)
+                    {
+                        try
+                        {
+                            var processes = Process.GetProcessesByName(new FileInfo(path).Name);
+                            processes.Where(x => new FileInfo(x.MainModule.FileName).FullName == new FileInfo(path).FullName).FirstOrDefault().Kill();
+                        }
+                        catch { }
+                    }
+                    File.Delete(path);
+                    Log.Critical($"Removed {path} successfully!");
+                }
+                else
+                {
+                    Log.Error($"File {path} not found!");
+                }
+            }catch(Exception ex)
+            {
+                Log.Error($"Could not delete file {path}: {ex.Message}");
+            }
+        }
+    }
+}