Код:
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('C:\Program Files (x86)\SupTab\SupTab.dll','');
QuarantineFile('C:\Windows\Fonts\XTrapVa.dll','');
QuarantineFile('C:\Windows\Fonts\MiniObject.dll','');
QuarantineFile('C:\Windows\Fonts\antiblock2.dll','');
QuarantineFile('C:\Windows\Fonts\Zom.exe','');
QuarantineFile('C:\Windows\Fonts\Vina.exe','');
QuarantineFile('C:\Windows\Fonts\Syn.exe','');
QuarantineFile('C:\Windows\Fonts\Nagibator.exe','');
QuarantineFile('C:\Windows\Fonts\Mini.exe','');
QuarantineFile('C:\Windows\Fonts\mapsynboz.exe','');
QuarantineFile('C:\Windows\Fonts\fapcf.exe','');
QuarantineFile('C:\Windows\Fonts\Activation.exe','');
QuarantineFile('C:\Windows\Fonts\1.exe','');
QuarantineFile('C:\Users\FE70~1\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE','');
QuarantineFile('C:\Users\Адмон\AppData\Roaming\newSI_21\s_inst.exe','');
QuarantineFile('C:\Users\Адмон\AppData\Roaming\newSI_2\s_inst.exe','');
QuarantineFile('C:\Users\Адмон\AppData\Roaming\newSI_1497\s_inst.exe','');
QuarantineFile('C:\Users\Адмон\AppData\Roaming\cppredistx86.exe','');
QuarantineFile('C:\Users\Адмон\AppData\Roaming\ZZima\zzima_loader\nloader.exe','');
QuarantineFile('C:\ProgramData\Windows\csrss.exe','');
QuarantineFile('C:\Program Files (x86)\Zaxar\ZaxarLoader.exe','');
SetServiceStart('{9edd0ea8-2819-47c2-8320-b007d5996f8a}w64', 4);
DeleteService('{9edd0ea8-2819-47c2-8320-b007d5996f8a}w64');
SetServiceStart('WindowsMangerProtect', 4);
DeleteService('WindowsMangerProtect');
QuarantineFile('C:\ProgramData\IePluginServices\PluginService.exe','');
SetServiceStart('IePluginServices', 4);
DeleteService('IePluginServices');
SetServiceStart('IePluginService', 4);
DeleteService('IePluginService');
QuarantineFile('C:\Windows\system32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}w64.sys','');
TerminateProcessByName('c:\users\Адмон\appdata\roaming\ssleas.exe');
QuarantineFile('c:\users\Адмон\appdata\roaming\ssleas.exe','');
TerminateProcessByName('c:\programdata\windowsmangerprotect\protectwindowsmanager.exe');
QuarantineFile('c:\programdata\windowsmangerprotect\protectwindowsmanager.exe','');
TerminateProcessByName('c:\programdata\iepluginservice\pluginservice.exe');
QuarantineFile('c:\programdata\iepluginservice\pluginservice.exe','');
TerminateProcessByName('c:\users\Адмон\appdata\roaming\x11\a\engine.exe');
QuarantineFile('c:\users\Адмон\appdata\roaming\x11\a\engine.exe','');
TerminateProcessByName('c:\users\Адмон\appdata\roaming\cppredistx86.exe');
QuarantineFile('c:\users\Адмон\appdata\roaming\cppredistx86.exe','');
DeleteFile('c:\users\Адмон\appdata\roaming\cppredistx86.exe','32');
DeleteFile('c:\users\Адмон\appdata\roaming\x11\a\engine.exe','32');
DeleteFile('c:\programdata\iepluginservice\pluginservice.exe','32');
DeleteFile('c:\programdata\windowsmangerprotect\protectwindowsmanager.exe','32');
DeleteFile('c:\users\Адмон\appdata\roaming\ssleas.exe','32');
DeleteFile('C:\Windows\system32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}w64.sys','32');
DeleteFile('C:\ProgramData\IePluginServices\PluginService.exe','32');
DeleteFile('C:\Program Files (x86)\Zaxar\ZaxarLoader.exe','32');
DeleteFile('C:\ProgramData\Windows\csrss.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Client Server Runtime Subsystem');
DeleteFile('C:\Users\Адмон\AppData\Roaming\cppredistx86.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Microsoft Visual C++ 2010');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','CMD');
DeleteFile('C:\Users\Адмон\AppData\Roaming\newSI_1497\s_inst.exe','32');
DeleteFile('C:\Users\Адмон\AppData\Roaming\newSI_2\s_inst.exe','32');
DeleteFile('C:\Users\Адмон\AppData\Roaming\newSI_21\s_inst.exe','32');
DeleteFile('C:\Users\FE70~1\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE','32');
DeleteFile('C:\Windows\Tasks\UpdaterEX.job','64');
DeleteFile('C:\Windows\Tasks\newSI_21.job','64');
DeleteFile('C:\Windows\Tasks\newSI_2.job','64');
DeleteFile('C:\Windows\Tasks\newSI_1497.job','64');
DeleteFile('C:\Windows\system32\Tasks\newSI_1497','64');
DeleteFile('C:\Windows\system32\Tasks\newSI_2','64');
DeleteFile('C:\Windows\system32\Tasks\newSI_21','64');
DeleteFile('C:\Windows\system32\Tasks\UpdaterEX','64');
DeleteFile('C:\Windows\Fonts\1.exe','32');
DeleteFile('C:\Windows\Fonts\Activation.exe','32');
DeleteFile('C:\Windows\Fonts\fapcf.exe','32');
DeleteFile('C:\Windows\Fonts\mapsynboz.exe','32');
DeleteFile('C:\Windows\Fonts\Mini.exe','32');
DeleteFile('C:\Windows\Fonts\Nagibator.exe','32');
DeleteFile('C:\Windows\Fonts\Syn.exe','32');
DeleteFile('C:\Windows\Fonts\Vina.exe','32');
DeleteFile('C:\Windows\Fonts\Zom.exe','32');
DeleteFile('C:\Windows\Fonts\XTrapVa.dll','32');
DeleteFile('C:\Windows\Fonts\MiniObject.dll','32');
DeleteFile('C:\Windows\Fonts\antiblock2.dll','32');
DeleteFile('C:\Program Files (x86)\SupTab\SupTab.dll','32');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(false);
end.
Компьютер перезагрузится.