Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
TerminateProcessByName('c:\users\admin\appdata\local\winnerdm\wdm.bin');
QuarantineFile('C:\Windows\system32\mjcm\5132\nsib.dll', '');
QuarantineFile('C:\Windows\system32\mjcm\5123\nsib.dll', '');
QuarantineFile('C:\Windows\system32\mjcm\5113\nsib.dll', '');
QuarantineFile('C:\Windows\system32\mjcm\dnkt.exe', '');
QuarantineFile('C:\Windows\system32\jmdp\stij.exe', '');
QuarantineFile('C:\Windows\system32\jmdp\lmrn.dll', '');
QuarantineFile('C:\Users\Admin\AppData\Roaming\YX.exe', '');
QuarantineFile('C:\Users\Admin\AppData\Roaming\BYHXAAXX.exe', '');
QuarantineFile('C:\Program Files\CinePlus-1.2V23.10\8cf73878-2373-49bf-b1c9-a10eb4f9ad3a-7.exe', '');
QuarantineFile('C:\Program Files\CinePlus-1.2V23.10\8cf73878-2373-49bf-b1c9-a10eb4f9ad3a-5.exe', '');
QuarantineFile('C:\Program Files\CinePlus-1.2V23.10\8cf73878-2373-49bf-b1c9-a10eb4f9ad3a-3.exe', '');
QuarantineFile('C:\Program Files\CinePlus-1.2V23.10\8cf73878-2373-49bf-b1c9-a10eb4f9ad3a-2.exe', '');
QuarantineFile('C:\Program Files\CinePlus-1.2V23.10\8cf73878-2373-49bf-b1c9-a10eb4f9ad3a-11.exe', '');
QuarantineFile('C:\Program Files\CinePlus-1.2V23.10\CinePlus-1.2V23.10-codedownloader.exe', '');
QuarantineFile('c:\users\admin\appdata\local\winnerdm\wdm.bin', '');
DeleteFile('c:\users\admin\appdata\local\winnerdm\wdm.bin', '32');
DeleteFile('C:\Program Files\CinePlus-1.2V23.10\CinePlus-1.2V23.10-codedownloader.exe', '32');
DeleteFile('C:\Program Files\CinePlus-1.2V23.10\8cf73878-2373-49bf-b1c9-a10eb4f9ad3a-11.exe', '32');
DeleteFile('C:\Program Files\CinePlus-1.2V23.10\8cf73878-2373-49bf-b1c9-a10eb4f9ad3a-2.exe', '32');
DeleteFile('C:\Program Files\CinePlus-1.2V23.10\8cf73878-2373-49bf-b1c9-a10eb4f9ad3a-3.exe', '32');
DeleteFile('C:\Program Files\CinePlus-1.2V23.10\8cf73878-2373-49bf-b1c9-a10eb4f9ad3a-5.exe', '32');
DeleteFile('C:\Program Files\CinePlus-1.2V23.10\8cf73878-2373-49bf-b1c9-a10eb4f9ad3a-7.exe', '32');
DeleteFile('C:\Users\Admin\AppData\Roaming\BYHXAAXX.exe', '32');
DeleteFile('C:\Users\Admin\AppData\Roaming\YX.exe', '32');
DeleteFile('C:\Windows\Tasks\8cf73878-2373-49bf-b1c9-a10eb4f9ad3a-1.job', '32');
DeleteFile('C:\Windows\Tasks\8cf73878-2373-49bf-b1c9-a10eb4f9ad3a-11.job', '32');
DeleteFile('C:\Windows\Tasks\8cf73878-2373-49bf-b1c9-a10eb4f9ad3a-2.job', '32');
DeleteFile('C:\Windows\Tasks\8cf73878-2373-49bf-b1c9-a10eb4f9ad3a-3.job', '32');
DeleteFile('C:\Windows\Tasks\8cf73878-2373-49bf-b1c9-a10eb4f9ad3a-5_user.job', '32');
DeleteFile('C:\Windows\Tasks\8cf73878-2373-49bf-b1c9-a10eb4f9ad3a-7.job', '32');
DeleteFile('C:\Windows\Tasks\BYHXAAXX.job', '32');
DeleteFile('C:\Windows\Tasks\YX.job', '32');
DeleteFile('C:\Windows\system32\Tasks\8cf73878-2373-49bf-b1c9-a10eb4f9ad3a-11', '32');
DeleteFile('C:\Windows\system32\Tasks\8cf73878-2373-49bf-b1c9-a10eb4f9ad3a-2', '32');
DeleteFile('C:\Windows\system32\Tasks\8cf73878-2373-49bf-b1c9-a10eb4f9ad3a-3', '32');
DeleteFile('C:\Windows\system32\Tasks\8cf73878-2373-49bf-b1c9-a10eb4f9ad3a-7', '32');
DeleteFile('C:\Windows\system32\jmdp\lmrn.dll', '32');
DeleteFile('C:\Windows\system32\jmdp\stij.exe', '32');
DeleteFile('C:\Windows\system32\mjcm\dnkt.exe', '32');
DeleteFile('C:\Windows\system32\mjcm\5113\nsib.dll', '32');
DeleteFile('C:\Windows\system32\mjcm\5123\nsib.dll', '32');
DeleteFile('C:\Windows\system32\mjcm\5132\nsib.dll', '32');
DeleteFileMask('C:\Program Files\CinePlus-1.2V23.10', '*', true);
DeleteFileMask('C:\Windows\system32\jmdp', '*', true);
DeleteFileMask('C:\Windows\system32\mjcm', '*', true);
DeleteDirectory('C:\Program Files\CinePlus-1.2V23.10');
DeleteDirectory('C:\Windows\system32\jmdp');
DeleteDirectory('C:\Windows\system32\mjcm');
DelBHO('{4788ac5b-fce4-47c8-bfaf-9b1c29bdf93d}');
DelBHO('{8dec4b69-27c4-405d-a37d-8d45c83f66ab}');
DelBHO('{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}');
BC_ImportDeletedList;
ExecuteSysClean;
ExecuteRepair(2);
ExecuteRepair(3);
ExecuteRepair(4);
ExecuteWizard('TSW', 2, 2, true);
ExecuteWizard('SCU', 2, 2, true);
BC_Activate;
RebootWindows(true);
end.
Компьютер перезагрузится.