#!perl.exe -w
use strict;
use Net::Ping;
use Win32::PerfLib;
use Win32::Process;
my $status = 2;
while ($status < 3) {
&ping;
sleep (60);
}
sub ping {
print "ping";
my $time;
my $ping = Net::Ping->new("icmp");
open(INPUT, "< ip-address.txt") or die "could not open address file";
my @ip = ;
close(INPUT);
open(OUTPUT, ">> output.txt") or die "could not open output file";
foreach my $host (@ip){
unless ($host =~ "^#") {
chop $host;
$time = localtime();
if ($host ne "" && $host ne "\n"){
if ($ping->ping($host)) {
print OUTPUT "$time /// $host is alive\n";
if ($status != 0) {
$status = 0;
&subone;
}
}
else {
print OUTPUT "$time /// $host is dead\n";
if ($status != 1) {
$status = 1;
&suball;
}
}
}
else {print OUTPUT "$time /// No Ip Entered\n";}
}
}
$ping->close();
close(OUTPUT);
}
sub killmware {
print "killmware";
my $server = "";
my %rtasks;
my %counter;
Win32::PerfLib::GetCounterNames($server, \%counter);
my %r_counter = map { $counter{$_} => $_ } keys %counter;
# retrieve the id for process object
my $process_obj = $r_counter{Process};
# retrieve the id for the process ID counter
my $process_id = $r_counter{'ID Process'};
# create connection to $server
my $perflib = new Win32::PerfLib($server);
my $proc_ref = {};
# get the performance data for the process object
$perflib->GetObjectList($process_obj, $proc_ref);
$perflib->Close();
my $instance_ref = $proc_ref->{Objects}->{$process_obj}->{Instances};
foreach my $p (sort keys %{$instance_ref}) {
my $counter_ref = $instance_ref->{$p}->{Counters};
foreach my $i (keys %{$counter_ref}) {
if($counter_ref->{$i}->{CounterNameTitleIndex} == $process_id) {
$rtasks{$counter_ref->{$i}->{Counter}} = $instance_ref->{$p}->{Name};
}
}
}
while ( (my $key, my $value) = each %rtasks ) {
if ($value eq "maincnc") {Win32::Process::KillProcess($key, 0)}
}
}
sub startup {
system ('maincnc.exe');
print "startup";
}
sub suball {
print "suball";
open (ALL, '< all_machines.ini') or die "ERROR! all_machines.ini missing!";
open (MAIN, '> maincnc.ini') or die "ERROR! Could not write to maincnc.ini";
while (){ print MAIN $_ }
close MAIN;
close ALL;
&killmware;
&startup;
}
sub subone {
print "subone";
open (ALL, '< oneline.ini') or die "ERROR! oneline.ini missing!";
open (MAIN, '> maincnc.ini') or die "ERROR! Could not write to maincnc.ini";
while (){ print MAIN $_ }
close MAIN;
close ALL;
&killmware;
&startup;
}
####
Tue Aug 17 15:11:49 2004 /// 53.236.33.28 is alive
Switching maincnc.ini to oneline.ini
Tue Aug 17 15:12:49 2004 /// 53.236.33.28 is alive
Tue Aug 17 15:13:50 2004 /// 53.236.33.28 is alive
Tue Aug 17 15:14:50 2004 /// 53.236.33.28 is alive
Tue Aug 17 15:15:50 2004 /// 53.236.33.28 is alive
Tue Aug 17 15:16:50 2004 /// 53.236.33.28 is alive
Tue Aug 17 15:17:50 2004 /// 53.236.49.40 is dead
Switching maincnc.ini to allmachines.ini
Tue Aug 17 15:18:57 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:18:56 2004 /// 53.236.49.40 is dead
Switching maincnc.ini to allmachines.ini
Tue Aug 17 15:20:02 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:20:02 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:20:02 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:22:57 2004 /// 53.236.49.40 is dead
Switching maincnc.ini to allmachines.ini
Tue Aug 17 15:24:03 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:25:08 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:26:13 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:27:18 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:28:23 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:29:28 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:30:33 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:31:38 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:32:43 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:33:48 2004 /// 53.236.33.28 is alive
Switching maincnc.ini to oneline.ini
Tue Aug 17 15:34:49 2004 /// 53.236.33.28 is alive
Tue Aug 17 15:34:49 2004 /// 53.236.33.28 is alive
Switching maincnc.ini to oneline.ini
Tue Aug 17 15:35:49 2004 /// 53.236.33.28 is alive
Tue Aug 17 15:35:49 2004 /// 53.236.33.28 is alive
Tue Aug 17 15:35:50 2004 /// 53.236.33.28 is alive
Tue Aug 17 15:36:49 2004 /// 53.236.33.28 is alive
Tue Aug 17 15:36:49 2004 /// 53.236.33.28 is alive
Tue Aug 17 15:36:50 2004 /// 53.236.33.28 is alive
Tue Aug 17 15:37:49 2004 /// 53.236.33.28 is alive
Tue Aug 17 15:37:49 2004 /// 53.236.33.28 is alive
Tue Aug 17 15:37:50 2004 /// 53.236.33.28 is alive
Tue Aug 17 15:38:49 2004 /// 53.236.49.41 is dead
Switching maincnc.ini to allmachines.ini
Tue Aug 17 15:38:49 2004 /// 53.236.49.41 is dead
Switching maincnc.ini to allmachines.ini
Tue Aug 17 15:38:50 2004 /// 53.236.49.41 is dead
Switching maincnc.ini to allmachines.ini
Tue Aug 17 15:39:55 2004 /// 53.236.49.41 is dead
Tue Aug 17 15:39:54 2004 /// 53.236.49.41 is dead
Switching maincnc.ini to allmachines.ini
Tue Aug 17 15:39:56 2004 /// 53.236.49.41 is dead
Tue Aug 17 15:40:05 2004 /// 53.236.49.41 is dead
Tue Aug 17 15:40:05 2004 /// 53.236.49.41 is dead
Tue Aug 17 15:40:06 2004 /// 53.236.49.41 is dead
Tue Aug 17 15:41:00 2004 /// 53.236.49.41 is dead
Tue Aug 17 15:41:00 2004 /// 53.236.49.41 is dead
Tue Aug 17 15:41:01 2004 /// 53.236.49.41 is dead
Tue Aug 17 15:41:01 2004 /// 53.236.49.41 is dead
Tue Aug 17 15:41:10 2004 /// 53.236.49.41 is dead
Tue Aug 17 15:41:10 2004 /// 53.236.49.41 is dead
Tue Aug 17 15:41:11 2004 /// 53.236.49.41 is dead
Tue Aug 17 15:42:05 2004 /// 53.236.49.41 is dead
Tue Aug 17 15:42:05 2004 /// 53.236.49.41 is dead
Tue Aug 17 15:42:06 2004 /// 53.236.49.41 is dead
Tue Aug 17 15:42:06 2004 /// 53.236.49.41 is dead
Tue Aug 17 15:42:15 2004 /// 53.236.49.41 is dead
Tue Aug 17 15:42:15 2004 /// 53.236.49.41 is dead
Tue Aug 17 15:42:16 2004 /// 53.236.49.41 is dead
Tue Aug 17 15:43:10 2004 /// 53.236.33.30 is alive
Switching maincnc.ini to oneline.ini
Tue Aug 17 15:43:10 2004 /// 53.236.33.30 is alive
Switching maincnc.ini to oneline.ini
Tue Aug 17 15:43:12 2004 /// 53.236.33.30 is alive
Switching maincnc.ini to oneline.ini
Tue Aug 17 15:43:11 2004 /// 53.236.33.30 is alive
Switching maincnc.ini to oneline.ini
Tue Aug 17 15:43:20 2004 /// 53.236.33.30 is alive
Switching maincnc.ini to oneline.ini
Tue Aug 17 15:43:20 2004 /// 53.236.33.30 is alive
Switching maincnc.ini to oneline.ini
Tue Aug 17 15:43:21 2004 /// 53.236.33.30 is alive
Switching maincnc.ini to oneline.ini
Tue Aug 17 15:44:10 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:44:10 2004 /// 53.236.33.30 is alive
Switching maincnc.ini to oneline.ini
Tue Aug 17 15:44:19 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:44:20 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:44:24 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:44:24 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:44:32 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:44:38 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:44:38 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:44:38 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:44:38 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:44:39 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:44:50 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:44:52 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:45:10 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:45:11 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:45:11 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:45:20 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:45:20 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:45:24 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:45:24 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:45:32 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:45:38 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:45:38 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:45:38 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:45:38 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:45:39 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:45:50 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:45:52 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:46:10 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:46:11 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:46:11 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:46:20 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:46:20 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:46:24 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:46:24 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:46:32 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:46:38 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:46:38 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:46:38 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:46:38 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:46:39 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:46:50 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:46:52 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:47:10 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:47:11 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:47:11 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:47:20 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:47:20 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:47:24 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:47:24 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:47:33 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:47:38 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:47:39 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:47:39 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:47:39 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:47:39 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:47:51 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:47:52 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:48:11 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:48:11 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:48:11 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:48:20 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:48:21 2004 /// 53.236.33.30 is alive
Tue Aug 17 15:48:24 2004 /// 53.236.49.40 is dead
Switching maincnc.ini to allmachines.ini
Tue Aug 17 15:48:24 2004 /// 53.236.49.40 is dead
Switching maincnc.ini to allmachines.ini
Tue Aug 17 15:48:33 2004 /// 53.236.49.40 is dead
Switching maincnc.ini to allmachines.ini
Tue Aug 17 15:48:39 2004 /// 53.236.49.40 is dead
Switching maincnc.ini to allmachines.ini
Tue Aug 17 15:48:39 2004 /// 53.236.49.40 is dead
Switching maincnc.ini to allmachines.ini
Tue Aug 17 15:48:39 2004 /// 53.236.49.40 is dead
Switching maincnc.ini to allmachines.ini
Tue Aug 17 15:48:39 2004 /// 53.236.49.40 is dead
Switching maincnc.ini to allmachines.ini
Tue Aug 17 15:48:51 2004 /// 53.236.49.40 is dead
Switching maincnc.ini to allmachines.ini
Tue Aug 17 15:48:39 2004 /// 53.236.49.40 is dead
Switching maincnc.ini to allmachines.ini
Tue Aug 17 15:49:31 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:49:30 2004 /// 53.236.49.40 is dead
Switching maincnc.ini to allmachines.ini
Tue Aug 17 15:49:30 2004 /// 53.236.49.40 is dead
Switching maincnc.ini to allmachines.ini
Tue Aug 17 15:49:30 2004 /// 53.236.49.40 is dead
Switching maincnc.ini to allmachines.ini
Tue Aug 17 15:49:30 2004 /// 53.236.49.40 is dead
Switching maincnc.ini to allmachines.ini
Tue Aug 17 15:49:30 2004 /// 53.236.49.40 is dead
Switching maincnc.ini to allmachines.ini
Tue Aug 17 15:49:37 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:49:37 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:49:30 2004 /// 53.236.49.40 is dead
Switching maincnc.ini to allmachines.ini
Tue Aug 17 15:49:43 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:49:44 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:50:00 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:51:02 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:51:02 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:51:06 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:51:06 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:51:04 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:51:12 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:51:06 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:51:13 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:51:21 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:51:16 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:51:26 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:51:26 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:51:27 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:51:28 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:51:36 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:52:46 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:52:46 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:52:46 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:53:00 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:53:03 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:53:05 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:53:05 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:53:06 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:53:15 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:53:14 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:53:38 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:54:12 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:54:12 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:54:12 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:54:12 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:54:12 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:54:12 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:54:15 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:54:11 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:54:47 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:54:53 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:55:00 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:55:29 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:55:28 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:55:29 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:55:29 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:55:29 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:55:47 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:55:47 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:55:53 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:55:53 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:55:53 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:55:53 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:55:53 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:55:54 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:56:58 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:56:59 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:57:29 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:57:29 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:57:29 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:57:29 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:57:29 2004 /// 53.236.49.40 is dead
Tue Aug 17 15:57:23 2004 /// 53.236.49.40 is dead
####
#!perl.exe -w
use strict;
use Net::Ping;
use Win32::PerfLib;
use Win32::Process;
my $status = 2;
my $command;
$SIG{CHLD} = 'IGNORE';
while ($status < 3) {
&ping;
sleep (60);
}
sub ping {
my $time;
my $ping = Net::Ping->new("icmp");
open(INPUT, "< ip-address.txt") or die "could not open address file";
my @ip = ;
close(INPUT);
open(OUTPUT, ">> output.txt") or die "could not open output file";
foreach my $host (@ip){
unless ($host =~ "^#") {
chop $host;
$time = localtime();
if ($host ne "" && $host ne "\n"){
if ($ping->ping($host)) {
print OUTPUT "$time /// $host is alive\n";
if ($status != 0) {
print OUTPUT "Switching maincnc.ini to oneline.ini\n";
$status = 0;
&subone();
}
}
else {
print OUTPUT "$time /// $host is dead\n";
if ($status != 1) {
print OUTPUT "Switching maincnc.ini to allmachines.ini\n";
$status = 1;
&suball();
}
}
}
else {print OUTPUT "$time /// No Ip Entered\n";}
}
}
$ping->close();
close(OUTPUT);
}
sub killmware {
my $server = "";
my %rtasks;
my %counter;
Win32::PerfLib::GetCounterNames($server, \%counter);
my %r_counter = map { $counter{$_} => $_ } keys %counter;
# retrieve the id for process object
my $process_obj = $r_counter{Process};
# retrieve the id for the process ID counter
my $process_id = $r_counter{'ID Process'};
# create connection to $server
my $perflib = new Win32::PerfLib($server);
my $proc_ref = {};
# get the performance data for the process object
$perflib->GetObjectList($process_obj, $proc_ref);
$perflib->Close();
my $instance_ref = $proc_ref->{Objects}->{$process_obj}->{Instances};
foreach my $p (sort keys %{$instance_ref}) {
my $counter_ref = $instance_ref->{$p}->{Counters};
foreach my $i (keys %{$counter_ref}) {
if($counter_ref->{$i}->{CounterNameTitleIndex} == $process_id) {
$rtasks{$counter_ref->{$i}->{Counter}} = $instance_ref->{$p}->{Name};
}
}
}
while ( (my $key, my $value) = each %rtasks ) {
if ($value eq "maincnc") {Win32::Process::KillProcess($key, 0)}
}
}
sub suball {
open (ALL, '< all_machines.ini') or die "ERROR! all_machines.ini missing!";
open (MAIN, '> maincnc.ini') or die "ERROR! Could not write to maincnc.ini";
while (){ print MAIN $_ }
close MAIN;
close ALL;
&killmware;
defined(my $pid = fork) or die "Cannot fork: $!";
unless ($pid) {
# Child process is here
system ('maincnc.exe');
exit;
}
# Parent process is here
}
sub subone {
open (ALL, '< oneline.ini') or die "ERROR! oneline.ini missing!";
open (MAIN, '> maincnc.ini') or die "ERROR! Could not write to maincnc.ini";
while (){ print MAIN $_ }
close MAIN;
close ALL;
&killmware;
defined(my $pid = fork) or die "Cannot fork: $!";
unless ($pid) {
# Child process is here
system ('maincnc.exe');
exit;
}
# Parent process is here
}