Powershell_MBRemoval

# This script is written for Windows 10 machines
Import-Module $env:SyncroModule

# Variables
# ---------
# Use Subdomain as a folder for logs
$subdomain = "yoursubdomain"
# Malwarebytes directory
$MBDir = "C:\Program Files\Malwarebytes"
#Name of Malwarebytes removal file
$MBRemovalFile = "mbuns.exe"

# Functions
# ---------
# Does the Malwarebytes removal file exist
Set-Location C:\
if (Get-Childitem -Path $MBDir -Recurse -Include $MBRemovalFile)
    {Set-Location $MBDir
    $ToolExists = "Tool Found"
    }
else
    {$ToolExists = "Tool not found"
     $LogDate = get-date -format 'MM-d-yy-HH'
     Start-Transcript -Path "C:\.$subdomain\$LogDate.log"
     write-output $ToolExists
     stop-transcript
     exit
     }

# Remove Malwarebytes
start-process "Anti-Malware\$MBRemovalFile" "/verysilent"
$MBRemovalStarted = "Removal Started"

# Wait 30 seconds for process to finish
Start-Sleep -s 30

Set-Location C:\

# Clean up by removing the Malwarebytes directory
Remove-Item $MBDir -recurse -force
$MBDirRemovalStarted = "Folder removal started"

# Wait 5 seconds for process to finish
Start-Sleep -s 5

# Does the Malwarebytes folder still exist
Set-Location C:\
if (Get-Childitem -Path $MBDir -Recurse)
    {$MBFolderExists = "MB folder still exists"
    $FilesInMBFolder = (Get-ChildItem $MBDir -Recurse -File | Measure-Object ).Count
    }
else
    {$MBFolderExists = "MB folder deleted"
     }

# Create Log File
$LogDate = get-date -format 'MM-d-yy-HH'
Start-Transcript -Path "C:\.$subdomain\$LogDate.log"
write-output $ToolExists
write-output $MBRemovalStarted
write-output $MBDirRemovalStarted
write-output $MBFolderExists
write-output "Files left in folder (Should be blank): "
write-output $FilesInMBFolder
stop-transcript

# Upload the log file to the asset
Upload-File -Subdomain $subdomain -FilePath "C:\.$subdomain\$LogDate.log"

exit