dustyfresh/lol_KeRanger.sh

## lol_KeRanger.sh
#!/bin/bash
#
# @dustyfresh
#
# March 2016
#

if [[ ! -e "/Applications/Transmission.app/Contents/Resources/General.rtf" || ! -e "/Volumes/Transmission/Transmission.app/Contents/Resources/General.rtf" ]]; then
	echo "Yay. This machine is not infected."
else
	echo "Infected :( We are going to need your password so we can remove KeRanger from your system."
	echo "Would you like to proceed with removing malware? (y/n)"
	read answer
	if [[ $answer == "y" ]]; then
		echo "Removing KeRanger....."
		sudo pkill -f 'kernel_service' &>/dev/null
		for f in /Users/Library/kernel_service /Applications/Transmission.app; do
			sudo rm -rf $f
		done
		for f in ~/Library/.kernel_pid ~/Library/.kernel_time ~/Library/.kernel_complete ~/.kernel_service; do
			rm -rf $f
		done
		echo "Removed. We recommend that you reboot. Would you like to reboot now?"
		read reboot_answer
		if [[ $reboot_answer == "y" ]]; then
			sudo reboot
		else
			exit 1
		fi
	else
		exit 1
	fi
fi
	#!/bin/bash
	#
	# @dustyfresh
	#
	# March 2016
	#

	if [[ ! -e "/Applications/Transmission.app/Contents/Resources/General.rtf" \|\| ! -e "/Volumes/Transmission/Transmission.app/Contents/Resources/General.rtf" ]]; then
	echo "Yay. This machine is not infected."
	else
	echo "Infected :( We are going to need your password so we can remove KeRanger from your system."
	echo "Would you like to proceed with removing malware? (y/n)"
	read answer
	if [[ $answer == "y" ]]; then
	echo "Removing KeRanger....."
	sudo pkill -f 'kernel_service' &>/dev/null
	for f in /Users/Library/kernel_service /Applications/Transmission.app; do
	sudo rm -rf $f
	done
	for f in ~/Library/.kernel_pid ~/Library/.kernel_time ~/Library/.kernel_complete ~/.kernel_service; do
	rm -rf $f
	done
	echo "Removed. We recommend that you reboot. Would you like to reboot now?"
	read reboot_answer
	if [[ $reboot_answer == "y" ]]; then
	sudo reboot
	else
	exit 1
	fi
	else
	exit 1
	fi
	fi