safe boot mandatory

master
VollRagm 4 years ago
parent e3346b67e1
commit f80e8adc91

@ -9,18 +9,21 @@ namespace TJprojMain_remover
{ {
class Program class Program
{ {
private const string AUTOSTART_REGKEY = @"HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run"; private const string AUTOSTART_REGKEY = @"SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run";
private const string AUTOSTART_REGKEY2 = @"SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce";
static void Main(string[] args) static void Main(string[] args)
{ {
Log.Info("TJprojMain-remover by VollRagm", ConsoleColor.Blue); Log.Info("TJprojMain-remover by VollRagm", ConsoleColor.Blue);
CheckSafeBoot(); Console.WriteLine();
CheckSafeBoot();
DisableAutostart(); DisableAutostart();
RemoveFiles(); RemoveFiles();
Log.Info("Done."); Log.Info("Done.");
Console.ReadLine();
} }
static void CheckSafeBoot() static void CheckSafeBoot()
@ -28,41 +31,55 @@ namespace TJprojMain_remover
var safeBoot = Utils.IsSafeMode(); var safeBoot = Utils.IsSafeMode();
if (!safeBoot) if (!safeBoot)
{ {
var proceed = Log.QueryYesNo("You did not boot into safe mode, which means that the process is running and cannot be deleted. Do you wish to try anyways? (y/n): "); Log.Critical("You did not boot into safe mode, which means that the processes cannot be deleted.");
if (!proceed) Log.Info("Here is how to boot into safe mode: https://www.digitalcitizen.life/4-ways-boot-safe-mode-windows-10/");
{ Console.ReadLine();
Log.Info("Here is how to boot into safe mode: https://www.digitalcitizen.life/4-ways-boot-safe-mode-windows-10/"); Environment.Exit(0);
Console.ReadLine();
Environment.Exit(0);
}
} }
} }
static void DisableAutostart() static bool DisableAutostart()
{ {
Log.Info("Disabling Autostart..."); Log.Info("Removing autostart registry keys...");
Console.WriteLine();
bool success = false;
try try
{ {
Utils.RegRemoveIfExists(AUTOSTART_REGKEY, "svchost");
Utils.RegRemoveIfExists(AUTOSTART_REGKEY, "Explorer"); success |= Utils.RegRemoveIfExists(AUTOSTART_REGKEY, "svchost");
success |= Utils.RegRemoveIfExists(AUTOSTART_REGKEY, "Explorer");
success |= Utils.RegRemoveIfExists(AUTOSTART_REGKEY2, "svchost");
success |= Utils.RegRemoveIfExists(AUTOSTART_REGKEY2, "Explorer");
Console.WriteLine(); Console.WriteLine();
} }
catch (Exception ex) catch (Exception ex)
{ {
Log.Error("Failed to remove autostart keys: " + ex.Message); Log.Error("Failed to remove autostart keys: " + ex.Message);
} }
if (success)
{
Log.Info("Removed Autostart keys successfully!");
}
return success;
} }
static void RemoveFiles() static void RemoveFiles()
{ {
Console.WriteLine();
try try
{ {
Utils.FRemoveIfExists(@"C:\Windows\Resources\svchost.exe", true); Utils.Unhide(@"C:\Windows\Resources\*.*");
Utils.FRemoveIfExists(@"C:\Windows\Resources\spoolsv.exe", true); Utils.Unhide(@"C:\Windows\Resources\Themes\*.*");
Utils.FRemoveIfExists(@"C:\Windows\Resources\explorer.exe", true);
Utils.FRemoveIfExists(@"C:\Windows\Resources\Themes\icsys.icn.exe", true);
Utils.FRemoveIfExists(@"C:\Windows\Resources\Themes\icsys.icn", false); Utils.FRemoveIfExists(@"C:\Windows\Resources\svchost.exe");
Utils.FRemoveIfExists(@"C:\Windows\Resources\Themes\tjcm.cmn", true); Utils.FRemoveIfExists(@"C:\Windows\Resources\spoolsv.exe");
Utils.FRemoveIfExists(@"C:\Windows\Resources\Themes\explorer.exe");
Utils.FRemoveIfExists(@"C:\Windows\Resources\Themes\icsys.icn.exe");
Utils.FRemoveIfExists(@"C:\Windows\Resources\Themes\icsys.icn");
Utils.FRemoveIfExists(@"C:\Windows\Resources\Themes\tjcm.cmn");
Console.WriteLine(); Console.WriteLine();
}catch(Exception ex) }catch(Exception ex)

@ -22,22 +22,29 @@ namespace TJprojMain_remover
return GetSystemMetrics(SM_CLEANBOOT) != 0; return GetSystemMetrics(SM_CLEANBOOT) != 0;
} }
public static void RegRemoveIfExists(string key, string name) public static bool RegRemoveIfExists(string key, string name)
{ {
using (RegistryKey regKey = Registry.CurrentUser.OpenSubKey(key, writable: true)) using (RegistryKey regKey = Registry.LocalMachine.OpenSubKey(key, writable: true))
{ {
if (regKey != null) if (regKey != null)
{ {
if (regKey.GetValue(name) != null) if (regKey.GetValue(name) != null)
{ {
regKey.DeleteValue(name); regKey.DeleteValue(name);
Log.Critical($"Registry key {name} found and removed!"); Log.Critical($"Registry key {name} found and autostart entry removed!");
return true;
} }
else else
{ {
Log.Error($"Registry key {name} not found!"); Log.Error($"Registry key {name} not found, searching elsewhere...");
return false;
} }
} }
else
{
Log.Error("Registry Key not found!");
return false;
}
} }
} }
@ -47,21 +54,12 @@ namespace TJprojMain_remover
Process.Start("attrib", $"-r -a -s -h \"{path}\""); Process.Start("attrib", $"-r -a -s -h \"{path}\"");
} }
public static void FRemoveIfExists(string path, bool processCheck = false) public static void FRemoveIfExists(string path)
{ {
try try
{ {
if (File.Exists(path)) if (File.Exists(path))
{ {
if (processCheck)
{
try
{
var processes = Process.GetProcessesByName(new FileInfo(path).Name);
processes.Where(x => new FileInfo(x.MainModule.FileName).FullName == new FileInfo(path).FullName).FirstOrDefault().Kill();
}
catch { }
}
File.Delete(path); File.Delete(path);
Log.Critical($"Removed {path} successfully!"); Log.Critical($"Removed {path} successfully!");
} }

Loading…
Cancel
Save