#!/bin/bash
echo "=== AGGRESSIVE MALWARE CLEANUP ==="

# 1. KILL SEMUA
echo "[1] Killing all malicious processes..."
for proc in gas.sh xmrig minerd cpuminer; do
    pkill -9 -f "$proc"
done

# 2. CLEAR CRONTAB COMPLETELY
echo "[2] Clearing all crontabs..."
crontab -r
echo "" > /etc/crontab
rm -f /var/spool/cron/* 2>/dev/null

# 3. DISABLE SUSPICIOUS SERVICES
echo "[3] Disabling suspicious services..."
systemctl list-units --type=service | grep -E "(miner|crypt|pool)" | awk '{print $1}' | xargs -I {} systemctl stop {} 2>/dev/null
systemctl daemon-reload

# 4. REMOVE ALL MALWARE FILES
echo "[4] Removing malware files..."
find / -type f \( -name "gas.sh" -o -name "*xmrig*" -o -name "*miner*" \) -exec rm -f {} \; 2>/dev/null
rm -rf /dev/shm/blog /tmp/.X11-unix /tmp/.ICE-unix 2>/dev/null

# 5. BLOCK MINING DOMAINS
echo "[5] Blocking mining domains..."
cat >> /etc/hosts << EOF
127.0.0.1 rx.unmineable.com
127.0.0.1 mine.pool.com
127.0.0.1 stratum+tcp
127.0.0.1 pastebin.com
127.0.0.1 raw.githubusercontent.com
EOF

# 6. INSTALL PROTECTION
echo "[6] Installing protection..."
apt-get update && apt-get install -y fail2ban rkhunter chkrootkit 2>/dev/null

echo "=== CLEANUP COMPLETE ==="