Patch IMG miner v0.4

1. unit AntiI_MG;
2.  
3. interface
4.  
5. uses
6.   Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
7.   Dialogs, ExtCtrls, ShellApi, StdCtrls, Tlhelp32, Registry;
8.  
9. type
10.   TForm1 = class(TForm)
11.     Timer1: TTimer;
12.     Timer2: TTimer;
13.     procedure Timer1Timer(Sender: TObject);
14.     procedure Timer2Timer(Sender: TObject);
15.   private
16.     { Private declarations }
17.   public
18.     { Public declarations }
19.   end;
20.  
21. var
22.   Form1: TForm1;
23. implementation
24.  
25. {$R *.dfm}
26.  
27. procedure check(disk: string);
28. var
29.   EMode: UINT;
30. begin
31.   EMode:=SetErrorMode(SEM_FAILCRITICALERRORS);
32.  try
33.   if FileExists(disk+'IMG002.exe') then
34.     DeleteFile(disk+'IMG002.exe');
35.  finally
36.   SetErrorMode(EMode);
37.  end;
38. end;
39.  
40. procedure serchUSB();
41. var
42. result, USB: String;
43. Drive: Char;
44. EMode: UINT;
45. const
46. pref = ':\';
47. label AbortLabel;
48. begin
49. EMode:=SetErrorMode(SEM_FAILCRITICALERRORS);
50. try
51. for Drive := 'B' to 'Z' do
52. if GetDriveType(PChar(Drive + pref)) = DRIVE_REMOVABLE then
53. begin
54. Goto AbortLabel;
55. end
56. else USB:='';
57. AbortLabel: USB:=Drive + pref;
58. check(USB);
59. finally
60.   SetErrorMode(EMode);
61. end;
62. end;
63.  
64.  
65. procedure Autorun(Flag:boolean; NameParam, Path:String);
66. var Reg:TRegistry;
67. begin
68. if Flag then
69. begin
70. Reg := TRegistry.Create;
71. Reg.RootKey := HKEY_CURRENT_USER;
72. Reg.OpenKey('\SOFTWARE\Microsoft\Windows\CurrentVersion\Run', false);
73. Reg.WriteString(NameParam, Path);
74. Reg.Free;
75. end
76. else
77. begin
78. Reg := TRegistry.Create;
79. Reg.RootKey := HKEY_CURRENT_USER;
80. Reg.OpenKey('\SOFTWARE\Microsoft\Windows\CurrentfVersion\Run',false);
81. Reg.DeleteValue(NameParam);
82. Reg.Free;
83. end;
84. end;
85.  
86.  
87. function GetWin(Comand: string): string;
88. var
89.   buff: array [0 .. $FF] of char;
90. begin
91.   ExpandEnvironmentStrings(PChar(Comand), buff, SizeOf(buff));
92.   Result := buff;
93. end;
94.  
95. function KillTask(ExeFileName: string): Integer;
96. const
97.   PROCESS_TERMINATE = $0001;
98. var
99.   ContinueLoop: BOOL;
100.   FSnapshotHandle: THandle;
101.   FProcessEntry32: TProcessEntry32;
102. begin
103.   Result := 0;
104.   FSnapshotHandle := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
105.   FProcessEntry32.dwSize := SizeOf(FProcessEntry32);
106.   ContinueLoop := Process32First(FSnapshotHandle, FProcessEntry32);
107.  
108.   while Integer(ContinueLoop) <> 0 do
109.   begin
110.     if ((UpperCase(ExtractFileName(FProcessEntry32.szExeFile)) =
111.       UpperCase(ExeFileName)) or (UpperCase(FProcessEntry32.szExeFile) =
112.       UpperCase(ExeFileName))) then
113.       Result := Integer(TerminateProcess(
114.                         OpenProcess(PROCESS_TERMINATE,
115.                                     BOOL(0),
116.                                     FProcessEntry32.th32ProcessID),
117.                                     0));
118.      ContinueLoop := Process32Next(FSnapshotHandle, FProcessEntry32);
119.   end;
120.   CloseHandle(FSnapshotHandle);
121. end;
122.  
123. function FindTask(ExeFileName: string): boolean;
124.  var
125.   ContinueLoop: BOOL;
126.   FSnapshotHandle: THandle;
127.   FProcessEntry32: TProcessEntry32;
128.  begin
129.   result := false;
130.   FSnapshotHandle := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
131.   FProcessEntry32.dwSize := Sizeof(FProcessEntry32);
132.   ContinueLoop := Process32First(FSnapshotHandle, FProcessEntry32);
133.   while integer(ContinueLoop) <> 0 do
134.    begin
135.     if ((UpperCase(ExtractFileName(FProcessEntry32.szExeFile)) = UpperCase(ExeFileName))
136.      or (UpperCase(FProcessEntry32.szExeFile) = UpperCase(ExeFileName)))
137.       then Result := true;
138.     ContinueLoop := Process32Next(FSnapshotHandle, FProcessEntry32);
139.    end;
140.   CloseHandle(FSnapshotHandle);
141.  end;
142.  
143. procedure Patch();
144. begin
145.       KillTask('IMG002.exe');
146.       KillTask('NsCpuCNMiner64.exe');
147.       KillTask('NsCpuCNMiner32.exe');
148.       WinExec(Pchar('cmd /c for /f "delims=" %a in (''dir/b/ad-h "%userprofile%\..\*"^|findstr/ixvc:"All Users"'') do (rmdir "%userprofile%\..\%a\AppData\Roaming\NsCpuCNMiner" /s /q)'), 0);
149.       WinExec(Pchar('cmd /c for /f "delims=" %a in (''dir/b/ad-h "%userprofile%\..\*"^|findstr/ixvc:"All Users"'') do (mkdir "%userprofile%\..\%a\AppData\Roaming\NsCpuCNMiner")'), 0);
150.       WinExec(Pchar('cmd /c for /f "delims=" %a in (''dir/b/ad-h "%userprofile%\..\*"^|findstr/ixvc:"All Users"'') do (icacls "%userprofile%\..\%a\AppData\Roaming\NsCpuCNMiner" /deny %a:F)'), 0);
151.       WinExec(Pchar('cmd /c for /f "delims=" %a in (''dir/b/ad-h "%userprofile%\..\*"^|findstr/ixvc:"All Users"'') do (del "%userprofile%\..\%a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Run.lnk")'), 0);
152. end;
153.  
154. procedure TForm1.Timer2Timer(Sender: TObject);
155. begin
156.   if FindTask('IMG002.exe') then
157.     Patch();
158. end;
159.  
160. procedure TForm1.Timer1Timer(Sender: TObject);
161. begin
162.   serchUSB();
163. end;
164.  
165.  
166.  
167. var
168.   EMode: UINT;
169. begin
170.   Application.ShowMainform:=false;
171.   EMode:=SetErrorMode(SEM_FAILCRITICALERRORS);
172.   try
173.       Patch();
174.       Autorun(true, 'PtchIMG.exe', paramstr(0));
175.  finally
176.   SetErrorMode(EMode);
177. end;
178.  
179.  
180.  
181.  
182.  
183. end.