Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\dn.exe','');
QuarantineFile('C:\WINDOWS\system32\84.exe','');
QuarantineFile('C:\WINDOWS\system32\62.exe','');
QuarantineFile('C:\WINDOWS\system32\35.exe','');
QuarantineFile('C:\WINDOWS\system32\25.exe','');
QuarantineFile('C:\WINDOWS\system32\24.exe','');
QuarantineFile('C:\WINDOWS\system32\23.exe','');
QuarantineFile('C:\WINDOWS\system32\21.exe','');
QuarantineFile('C:\WINDOWS\system32\18.exe','');
QuarantineFile('C:\WINDOWS\system32\15.exe','');
QuarantineFile('C:\WINDOWS\system32\13.exe','');
QuarantineFile('C:\WINDOWS\system32\01.exe','');
QuarantineFile('C:\WINDOWS\winlogin.exe','');
QuarantineFile('C:\WINDOWS\system32\msvmiode.exe','');
QuarantineFile('C:\WINDOWS\system32\dn.exe','');
QuarantineFile('C:\WINDOWS\TEMP\WinDefender.exe','');
QuarantineFile('C:\WINDOWS\system32\drivers\cdaudio.sys','');
QuarantineFile('C:\Documents and Settings\and\Application Data\oekx.exe,C:\RECYCLER\S-1-5-21-7456921868-3999655110-903948826-1758\winmap.exe,explorer.exe,C:\Documents and Settings\and\Application Data\ltzqai.exe','');
QuarantineFile('C:\Documents and Settings\and\Application Data\oekx.exe','');
QuarantineFile('C:\DOCUME~1\9335~1\LOCALS~1\Temp\28347.exe','');
DeleteFile('C:\DOCUME~1\9335~1\LOCALS~1\Temp\28347.exe');
DeleteFile('C:\Documents and Settings\and\Application Data\oekx.exe');
DeleteFile('C:\Documents and Settings\and\Application Data\oekx.exe,C:\RECYCLER\S-1-5-21-7456921868-3999655110-903948826-1758\winmap.exe,explorer.exe,C:\Documents and Settings\and\Application Data\ltzqai.exe');
DeleteFile('C:\WINDOWS\TEMP\WinDefender.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','WinDefender');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','WinDefender');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','WinDefender');
DeleteFile('C:\WINDOWS\system32\dn.exe');
DeleteFile('C:\WINDOWS\system32\msvmiode.exe');
DeleteFile('C:\WINDOWS\winlogin.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Windows Data Serivce');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','MSODESNV7');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Windows');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run','Windows');
DeleteFile('C:\WINDOWS\system32\01.exe');
DeleteFile('C:\WINDOWS\system32\13.exe');
DeleteFile('C:\WINDOWS\system32\15.exe');
DeleteFile('C:\WINDOWS\system32\18.exe');
DeleteFile('C:\WINDOWS\system32\21.exe');
DeleteFile('C:\WINDOWS\system32\23.exe');
DeleteFile('C:\WINDOWS\system32\24.exe');
DeleteFile('C:\WINDOWS\system32\25.exe');
DeleteFile('C:\WINDOWS\system32\35.exe');
DeleteFile('C:\WINDOWS\system32\62.exe');
DeleteFile('C:\WINDOWS\system32\84.exe');
DeleteFile('C:\WINDOWS\dn.exe');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows NT\CurrentVersion\Winlogon','Taskman');
RebootWindows(true);
end.
Компьютер перезагрузится.