diff --git a/src/TJprojMain-remover/TJprojMain-remover/Program.cs b/src/TJprojMain-remover/TJprojMain-remover/Program.cs index 80a11e2..9a1b372 100644 --- a/src/TJprojMain-remover/TJprojMain-remover/Program.cs +++ b/src/TJprojMain-remover/TJprojMain-remover/Program.cs @@ -9,18 +9,21 @@ namespace TJprojMain_remover { class Program { - private const string AUTOSTART_REGKEY = @"HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run"; - + private const string AUTOSTART_REGKEY = @"SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run"; + private const string AUTOSTART_REGKEY2 = @"SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce"; static void Main(string[] args) { Log.Info("TJprojMain-remover by VollRagm", ConsoleColor.Blue); - CheckSafeBoot(); + Console.WriteLine(); + CheckSafeBoot(); DisableAutostart(); + RemoveFiles(); Log.Info("Done."); + Console.ReadLine(); } static void CheckSafeBoot() @@ -28,41 +31,55 @@ namespace TJprojMain_remover var safeBoot = Utils.IsSafeMode(); if (!safeBoot) { - var proceed = Log.QueryYesNo("You did not boot into safe mode, which means that the process is running and cannot be deleted. Do you wish to try anyways? (y/n): "); - if (!proceed) - { - Log.Info("Here is how to boot into safe mode: https://www.digitalcitizen.life/4-ways-boot-safe-mode-windows-10/"); - Console.ReadLine(); - Environment.Exit(0); - } + Log.Critical("You did not boot into safe mode, which means that the processes cannot be deleted."); + Log.Info("Here is how to boot into safe mode: https://www.digitalcitizen.life/4-ways-boot-safe-mode-windows-10/"); + Console.ReadLine(); + Environment.Exit(0); } } - static void DisableAutostart() + static bool DisableAutostart() { - Log.Info("Disabling Autostart..."); + Log.Info("Removing autostart registry keys..."); + Console.WriteLine(); + bool success = false; try { - Utils.RegRemoveIfExists(AUTOSTART_REGKEY, "svchost"); - Utils.RegRemoveIfExists(AUTOSTART_REGKEY, "Explorer"); + + success |= Utils.RegRemoveIfExists(AUTOSTART_REGKEY, "svchost"); + success |= Utils.RegRemoveIfExists(AUTOSTART_REGKEY, "Explorer"); + + success |= Utils.RegRemoveIfExists(AUTOSTART_REGKEY2, "svchost"); + success |= Utils.RegRemoveIfExists(AUTOSTART_REGKEY2, "Explorer"); Console.WriteLine(); + } catch (Exception ex) { Log.Error("Failed to remove autostart keys: " + ex.Message); } + if (success) + { + Log.Info("Removed Autostart keys successfully!"); + } + return success; } static void RemoveFiles() { + Console.WriteLine(); try { - Utils.FRemoveIfExists(@"C:\Windows\Resources\svchost.exe", true); - Utils.FRemoveIfExists(@"C:\Windows\Resources\spoolsv.exe", true); - Utils.FRemoveIfExists(@"C:\Windows\Resources\explorer.exe", true); - Utils.FRemoveIfExists(@"C:\Windows\Resources\Themes\icsys.icn.exe", true); - Utils.FRemoveIfExists(@"C:\Windows\Resources\Themes\icsys.icn", false); - Utils.FRemoveIfExists(@"C:\Windows\Resources\Themes\tjcm.cmn", true); + Utils.Unhide(@"C:\Windows\Resources\*.*"); + Utils.Unhide(@"C:\Windows\Resources\Themes\*.*"); + + + Utils.FRemoveIfExists(@"C:\Windows\Resources\svchost.exe"); + Utils.FRemoveIfExists(@"C:\Windows\Resources\spoolsv.exe"); + Utils.FRemoveIfExists(@"C:\Windows\Resources\Themes\explorer.exe"); + Utils.FRemoveIfExists(@"C:\Windows\Resources\Themes\icsys.icn.exe"); + Utils.FRemoveIfExists(@"C:\Windows\Resources\Themes\icsys.icn"); + Utils.FRemoveIfExists(@"C:\Windows\Resources\Themes\tjcm.cmn"); Console.WriteLine(); }catch(Exception ex) diff --git a/src/TJprojMain-remover/TJprojMain-remover/Utils.cs b/src/TJprojMain-remover/TJprojMain-remover/Utils.cs index 120cfa9..f2764a0 100644 --- a/src/TJprojMain-remover/TJprojMain-remover/Utils.cs +++ b/src/TJprojMain-remover/TJprojMain-remover/Utils.cs @@ -22,22 +22,29 @@ namespace TJprojMain_remover return GetSystemMetrics(SM_CLEANBOOT) != 0; } - public static void RegRemoveIfExists(string key, string name) + public static bool RegRemoveIfExists(string key, string name) { - using (RegistryKey regKey = Registry.CurrentUser.OpenSubKey(key, writable: true)) + using (RegistryKey regKey = Registry.LocalMachine.OpenSubKey(key, writable: true)) { if (regKey != null) { if (regKey.GetValue(name) != null) { regKey.DeleteValue(name); - Log.Critical($"Registry key {name} found and removed!"); + Log.Critical($"Registry key {name} found and autostart entry removed!"); + return true; } else { - Log.Error($"Registry key {name} not found!"); + Log.Error($"Registry key {name} not found, searching elsewhere..."); + return false; } } + else + { + Log.Error("Registry Key not found!"); + return false; + } } } @@ -47,21 +54,12 @@ namespace TJprojMain_remover Process.Start("attrib", $"-r -a -s -h \"{path}\""); } - public static void FRemoveIfExists(string path, bool processCheck = false) + public static void FRemoveIfExists(string path) { try { if (File.Exists(path)) { - if (processCheck) - { - try - { - var processes = Process.GetProcessesByName(new FileInfo(path).Name); - processes.Where(x => new FileInfo(x.MainModule.FileName).FullName == new FileInfo(path).FullName).FirstOrDefault().Kill(); - } - catch { } - } File.Delete(path); Log.Critical($"Removed {path} successfully!"); }