查看启动项
/Library/LaunchDaemons
查看下载进度
/tmp/ok
查看文件执行路径
code .zshrc
查看配置文件
~/Library/Preferences
污染了浏览器启动项 和 zsh 配置
#!/bin/bash
# ============================================
# 恶意代码扫描脚本
# ============================================
echo "🔍 开始扫描所有 Xcode 项目..."
# 恶意代码特征
MALICIOUS_PATTERNS=(
"xxd -p -r"
"base64 -D.*base64 -D"
"base64 --decode"
">/dev/null"
"/tmp/"
)
# 扫描结果
INFECTED_FILES=()
# 查找所有 project.pbxproj 文件
echo "📂 搜索项目文件..."
PROJECT_FILES=$(find ~/ -name "project.pbxproj" 2>/dev/null)
TOTAL=$(echo "$PROJECT_FILES" | wc -l)
CURRENT=0
echo "📊 找到 $TOTAL 个项目文件,开始扫描..."
for file in $PROJECT_FILES; do
CURRENT=$((CURRENT + 1))
echo -ne "进度: $CURRENT/$TOTAL - 检查: $(basename $(dirname $file))...\r"
# 检查每个恶意特征
for pattern in "${MALICIOUS_PATTERNS[@]}"; do
if grep -q "$pattern" "$file" 2>/dev/null; then
echo ""
echo "❌ 发现感染: $file"
echo " 特征: $pattern"
INFECTED_FILES+=("$file")
break
fi
done
done
echo ""
echo ""
echo "============================================"
echo "📊 扫描完成"
echo "============================================"
if [ ${#INFECTED_FILES[@]} -eq 0 ]; then
echo "✅ 所有项目文件干净!"
else
echo "🚨 发现 ${#INFECTED_FILES[@]} 个被感染的文件:"
echo ""
for file in "${INFECTED_FILES[@]}"; do
echo "open $file"
# open $file
done
echo ""
echo "⚠️ 建议操作:"
echo " 1. 备份这些项目"
echo " 2. 从 Git 恢复干净版本"
echo " 3. 或手动删除恶意代码"
fi
echo ""
echo "============================================"
#!/bin/bash
# ============================================
# 恶意代码扫描脚本
# ============================================
echo "🔍 开始扫描所有 Xcode 项目..."
# 恶意代码特征
MALICIOUS_PATTERNS=(
"xxd -p -r"
"base64 -D.*base64 -D"
"base64 --decode"
">/dev/null"
"/tmp/"
"A45ED5A"
)
# 扫描结果
INFECTED_FILES=()
# 查找所有 project.pbxproj 文件
echo "📂 搜索项目文件..."
PROJECT_FILES=$(find ~/ -name "pre-commit" 2>/dev/null)
TOTAL=$(echo "$PROJECT_FILES" | wc -l)
CURRENT=0
echo "📊 找到 $TOTAL 个项目文件,开始扫描..."
for file in $PROJECT_FILES; do
CURRENT=$((CURRENT + 1))
echo -ne "进度: $CURRENT/$TOTAL - 检查: $(basename $(dirname $file))...\r"
# 检查每个恶意特征
for pattern in "${MALICIOUS_PATTERNS[@]}"; do
if grep -q "$pattern" "$file" 2>/dev/null; then
echo ""
echo "❌ 发现感染: $file"
echo " 特征: $pattern"
INFECTED_FILES+=("$file")
break
fi
done
done
echo ""
echo ""
echo "============================================"
echo "📊 扫描完成"
echo "============================================"
if [ ${#INFECTED_FILES[@]} -eq 0 ]; then
echo "✅ 所有项目文件干净!"
else
echo "🚨 发现 ${#INFECTED_FILES[@]} 个被感染的文件:"
echo ""
for file in "${INFECTED_FILES[@]}"; do
echo "open $file"
code $file
done
echo ""
echo "⚠️ 建议操作:"
echo " 1. 备份这些项目"
echo " 2. 从 Git 恢复干净版本"
echo " 3. 或手动删除恶意代码"
fi
echo ""
echo "============================================"
#!/bin/bash
current_user=$(whoami)
cat /Users/$current_user/.zshrc
open /Library/LaunchDaemons
# open /Users/$current_user/Library/Preferences/
# 获取 /Library/LaunchDaemons 目录下的所有文件名
echo ""
for file in /Users/$current_user/Library/Preferences/*; do
# 获取文件名(不包括路径)
filename=$(basename "$file")
# 检查文件名长度是否小于10个字符
if [ ${#filename} -lt 10 ]; then
echo "$filename"
fi
done
echo ""
for file in /Library/LaunchDaemons/*; do
# 获取文件名(不包括路径)
filename=$(basename "$file")
# 检查文件名是否包含Google
if [[ $filename == *"google"* ]]; then
echo "$filename"
fi
done
