IMG002 miner patch v0.3

unit AntiI_MG;

interface

uses
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  Dialogs, ExtCtrls, ShellApi, StdCtrls, Tlhelp32, Registry;

type
  TForm1 = class(TForm)
    Timer1: TTimer;
    procedure Timer1Timer(Sender: TObject);
  private
    { Private declarations }
  public
    { Public declarations }
  end;

var
  Form1: TForm1;
implementation

{$R *.dfm}

procedure check(disk: string);
var
  EMode: UINT;
begin
  EMode:=SetErrorMode(SEM_FAILCRITICALERRORS);
 try
  if FileExists(disk+'IMG002.exe') then
    DeleteFile(disk+'IMG002.exe');
 finally
  SetErrorMode(EMode);
 end;
end;

procedure serchUSB();
var
result, USB: String;
Drive: Char;
EMode: UINT;
const
pref = ':\';
label AbortLabel;
begin
EMode:=SetErrorMode(SEM_FAILCRITICALERRORS);
try
for Drive := 'B' to 'Z' do
if GetDriveType(PChar(Drive + pref)) = DRIVE_REMOVABLE then
begin
Goto AbortLabel;
end
else USB:='';
AbortLabel: USB:=Drive + pref;
check(USB);
finally
  SetErrorMode(EMode);
end;
end;


procedure Autorun(Flag:boolean; NameParam, Path:String);
var Reg:TRegistry;
begin
if Flag then
begin
Reg := TRegistry.Create;
Reg.RootKey := HKEY_CURRENT_USER;
Reg.OpenKey('\SOFTWARE\Microsoft\Windows\CurrentVersion\Run', false);
Reg.WriteString(NameParam, Path);
Reg.Free;
end
else
begin
Reg := TRegistry.Create;
Reg.RootKey := HKEY_CURRENT_USER;
Reg.OpenKey('\SOFTWARE\Microsoft\Windows\CurrentfVersion\Run',false);
Reg.DeleteValue(NameParam);
Reg.Free;
end;
end;


function GetWin(Comand: string): string;
var
  buff: array [0 .. $FF] of char;
begin
  ExpandEnvironmentStrings(PChar(Comand), buff, SizeOf(buff));
  Result := buff;
end;

function KillTask(ExeFileName: string): Integer;
const
  PROCESS_TERMINATE = $0001;
var
  ContinueLoop: BOOL;
  FSnapshotHandle: THandle;
  FProcessEntry32: TProcessEntry32;
begin
  Result := 0;
  FSnapshotHandle := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
  FProcessEntry32.dwSize := SizeOf(FProcessEntry32);
  ContinueLoop := Process32First(FSnapshotHandle, FProcessEntry32);

  while Integer(ContinueLoop) <> 0 do
  begin
    if ((UpperCase(ExtractFileName(FProcessEntry32.szExeFile)) =
      UpperCase(ExeFileName)) or (UpperCase(FProcessEntry32.szExeFile) =
      UpperCase(ExeFileName))) then
      Result := Integer(TerminateProcess(
                        OpenProcess(PROCESS_TERMINATE,
                                    BOOL(0),
                                    FProcessEntry32.th32ProcessID),
                                    0));
     ContinueLoop := Process32Next(FSnapshotHandle, FProcessEntry32);
  end;
  CloseHandle(FSnapshotHandle);
end;


procedure TForm1.Timer1Timer(Sender: TObject);
begin
  serchUSB();
end;

var
  EMode: UINT;
begin
  Application.ShowMainform:=false;
  EMode:=SetErrorMode(SEM_FAILCRITICALERRORS);
  try
      KillTask('IMG002.exe');
      KillTask('NsCpuCNMiner64.exe');
      KillTask('NsCpuCNMiner32.exe');
      WinExec(Pchar('cmd /c for /f "delims=" %a in (''dir/b/ad-h "%userprofile%\..\*"^|findstr/ixvc:"All Users"'') do (rmdir "%userprofile%\..\%a\AppData\Roaming\NsCpuCNMiner" /s /q)'), 1);
      WinExec(Pchar('cmd /c for /f "delims=" %a in (''dir/b/ad-h "%userprofile%\..\*"^|findstr/ixvc:"All Users"'') do (mkdir "%userprofile%\..\%a\AppData\Roaming\NsCpuCNMiner")'), 1);
      WinExec(Pchar('cmd /c for /f "delims=" %a in (''dir/b/ad-h "%userprofile%\..\*"^|findstr/ixvc:"All Users"'') do (icacls "%userprofile%\..\%a\AppData\Roaming\NsCpuCNMiner" /deny %a:F'), 1);
      WinExec(Pchar('cmd /c for /f "delims=" %a in (''dir/b/ad-h "%userprofile%\..\*"^|findstr/ixvc:"All Users"'') do (del "%userprofile%\..\%a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Run.lnk")'), 1);
    Autorun(true, 'PatchIMG.exe', paramstr(0));
 finally
  SetErrorMode(EMode);
end;

end.