various/OneStart.ps1 at main · alexandruhera/various · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
# Define status codes
$STATUS_SUCCESS = 0
$STATUS_ERROR = 1
$STATUS_NOT_FOUND = 2

# Define status messages
function Get-StatusMessage($statusCode) {
    switch ($statusCode) {
        $STATUS_SUCCESS { "Operation completed successfully." }
        $STATUS_ERROR { "An unknown error occurred." }
        $STATUS_NOT_FOUND { "Not found." }
        default { "Unknown." }
    }
}

# Initialize the status code
$exitCode = $STATUS_SUCCESS

try {
    # Retrieve the username of the logged-in user
    $loggedInUser =Get-CimInstance -ClassName Win32_ComputerSystem
    $userAccount = ($loggedInUser).UserName.Split('\')[-1]
    # Retrieve the FullName and SID of the logged-in user by matching the exact property
    $loggedInUserFullName = (Get-CimInstance -ClassName Win32_UserAccount -Filter "Name='$userAccount'").FullName
    $loggedInUserSID = (Get-CimInstance -ClassName Win32_UserAccount -Filter "Name='$userAccount'").SID

    # Retrieve the logged-in user's profile
    $loggedInUserProfile = (Get-CimInstance -ClassName Win32_UserProfile -Filter "SID='$loggedInUserSID'").LocalPath

    if ($loggedInUserProfile) {
        Write-Output "Logged-in user information: "
        Write-Output "`t [+] UserName: $userAccount"
        Write-Output "`t [+] FullName: $loggedInUserFullName"
        Write-Output "`t [+] SID: $loggedInUserSID"
        $exitCode = $STATUS_SUCCESS
    } else {
        Write-Output "Profile not found for the logged-in user."
        $exitCode = $STATUS_NOT_FOUND
    }
} catch {
    Write-Error "[!] An error occurred: $($_.Exception.Message)"
    $exitCode = $STATUS_ERROR
}

# Check if the OneStart.ai folder exists in the AppData Local path
if ($exitCode -ne $STATUS_SUCCESS) {
    exit $exitCode
} else {
    # Construct the AppData Local path
    $appDataLocalPath = [System.IO.Path]::Combine($loggedInUserProfile, 'AppData\Local')
    $oneStartFolder = [System.IO.Path]::Combine($appDataLocalPath, 'OneStart.ai')

    try {
        if (Test-Path -Path $oneStartFolder) {
            Write-Output "[+] Folder found:"
            Write-Output "`t[+] Path: $oneStartFolder"
            $exitCode = $STATUS_SUCCESS
        } else {
            Write-Output "[-] OneStart.ai folder not found. Remediation not required."
            $exitCode = $STATUS_NOT_FOUND
        }
    } catch {
        Write-Error "[!] An error occurred while checking the folder: $($_.Exception.Message)"
        $exitCode = $STATUS_ERROR
    }
}

# Check if the setup file exists in the OneStart.ai folder
if ($exitCode -ne $STATUS_SUCCESS) {
    exit $exitCode
} else {
    $oneStartSetupFile = Get-ChildItem -Path $oneStartFolder -Recurse -Filter "setup.exe" | Where-Object { $_.FullName -match '\\OneStart\\Application\\.*\\Installer\\setup.exe$' }
    try {
        if ($oneStartSetupFile) {
            Write-Output "[+] Setup binary found:"
            Write-Output "`t[+] Path: $($oneStartSetupFile.FullName)"
            $exitCode = $STATUS_SUCCESS
        } else {
            Write-Output "[-] Setup binary not found."
            $exitCode = $STATUS_NOT_FOUND
        }
    } catch {
        Write-Error "[!] An error occurred while checking the folder: $($_.Exception.Message)"
        $exitCode = $STATUS_ERROR
    }
}

# Build the scheduled task required to uninstall OneStart.ai
if ($exitCode -ne $STATUS_SUCCESS) {
    exit $exitCode

} else {
    $schTaskName = "OneStart_Uninstall"
    try {
        # Check if the scheduled task exists
        $task = Get-ScheduledTask -TaskName $schTaskName -ErrorAction Stop
        Write-Output "[!] Scheduled task found:"
        Write-Output "`t[+] TaskName: $($task.TaskName)"
        $exitCode = $STATUS_SUCCESS
    } catch {
        Write-Output "[+] Attempting to register the uninstall task..."

        $action = New-ScheduledTaskAction -Execute "$($oneStartSetupFile.FullName)" -Argument "--uninstall --force-uninstall"
        $trigger = New-ScheduledTaskTrigger -Once -At (Get-Date)
        $principal = New-ScheduledTaskPrincipal -UserId $userAccount -LogonType Interactive -RunLevel Highest
        $settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries

        try {
            Register-ScheduledTask -Action $action -Trigger $trigger -Principal $principal -Settings $settings -TaskName $schTaskName -Description "OneStart.ai Uninstall"
            Write-Output "[+] Registered Scheduled Task"
            $exitCode = $STATUS_SUCCESS
        } catch {
            Write-Output "[!] An error occurred while attempting to create the scheduled task: $($_.Exception.Message)"
            $exitCode = $STATUS_ERROR
        }
    }

}

# Stop any running processes before executing the scheduled task
if ($exitCode -ne $STATUS_SUCCESS) {
    exit $exitCode
}

# Stop any running processes before executing the scheduled task
if ($exitCode -ne $STATUS_SUCCESS) {
    exit $exitCode
}

try {
    Write-Output "Attempting to stop running OneStart processes..."

    # Stop all processes running from the specified folder
    Get-Process | Where-Object { $_.Path -like "$oneStartFolder*" } | Stop-Process -Force

    # Sleep for 3 seconds to allow processes to terminate
    Start-Sleep -Seconds 3

    # Check if any process3es are still running
    if (-not (Get-Process | Where-Object { $_.Path -like "$oneStartFolder*" })) {
        Write-Output "`t[+] All OneStart processes stopped successfully."
        $exitCode = $STATUS_SUCCESS
    } else {
        Write-Output "`t[-] Some OneStart processes are still running."
        $exitCode = $STATUS_ERROR
    }
} catch {
    Write-Output "[!] An unexpected error occurred: $($_.Exception.Message)"
    $exitCode = $STATUS_ERROR
}
# Execute the scheduled task
if ($exitCode -ne $STATUS_SUCCESS) {
    exit $exitCode
} else {
    try {
        Write-Output "[+] Executing the scheduled task."
        Start-ScheduledTask -TaskName $schTaskName
        $exitCode = $STATUS_SUCCESS
    } catch {
        Write-Error "[!] An error occurred while executing the scheduled task: $($_.Exception.Message)"
        $exitCode = $STATUS_ERROR
    }
}
# If exitCode is SUCCESS, check the $oneStartFolder path and use negation logic
if ($exitCode -eq $STATUS_SUCCESS) {
    Start-Sleep -Seconds 12

    try {
        if (-not (Test-Path -Path $oneStartFolder)) {
            Write-Output "[+] Successful uninstallation of OneStart.ai."
            Write-Output "`t[+] $oneStartFolder no longer exists."
            Unregister-ScheduledTask -TaskName "OneStart*" -Confirm:$false
            $exitCode = $STATUS_SUCCESS
        } else {
            Write-Output "[!] Uninstallation of OneStart.ai failed."
            Write-Output "`t[+] $oneStartFolder is still there. Manual intervention required."
            $exitCode = $STATUS_ERROR
        }
    } catch {
        Write-Error "[!] An error occurred while checking the path: $($_.Exception.Message)"
        $exitCode = $STATUS_ERROR
    }
}
# Output the status message based on the exit code
Write-Output (Get-StatusMessage -statusCode $exitCode)

# Exit with the appropriate status code
exit $exitCode