From d5c0abc9facfc4d851613af7e5872d533250d683 Mon Sep 17 00:00:00 2001
From: b33f <ru.boonen@gmail.com>
Date: Sat, 22 Jul 2017 16:51:30 +0100
Subject: Fix for profile cleanup

When removing the persistence, the profile is not cleaned up. This is a temporary fix for that which should leave any legitemate profile content in tact. This psm may need a rework though.

Related to:
https://github.com/PowerShellMafia/PowerSploit/issues/165
---
 Persistence/Persistence.psm1 | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/Persistence/Persistence.psm1 b/Persistence/Persistence.psm1
index 7e4bbb9..80aa5a2 100644
--- a/Persistence/Persistence.psm1
+++ b/Persistence/Persistence.psm1
@@ -740,8 +740,10 @@ else
 $PersistenceRemoval = @"
 # Execute the following to remove the elevated persistent payload
 $ElevatedTriggerRemoval
+(gc `$PROFILE.AllUsersAllHosts) -replace '[\s]{600}.+',''| Out-File `$PROFILE.AllUsersAllHosts -Fo
 # Execute the following to remove the user-level persistent payload
 $UserTriggerRemoval
+(gc `$PROFILE.CurrentUserAllHosts) -replace '[\s]{600}.+',''| Out-File `$PROFILE.CurrentUserAllHosts -Fo
 "@
 
 
-- 
cgit v1.2.3