Код:
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('C:\Windows\System32\fsproflt2.exe','');
QuarantineFile('C:\Windows\System32\reminder.exe','');
QuarantineFile('C:\Windows\System32\Resident\fsproflt2.exe ipfw.exe reminder.exe updater.exe waagent.exe Wasppacer.exe wasub.exe wizard.exe wmic.exe WMIC.exe.exe','');
QuarantineFile('C:\Windows\System32\Radiance\wizard.exe','');
QuarantineFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CN1YIYT0\23622[3].js','');
QuarantineFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CN1YIYT0\ttj45IHFBQ8.js','');
QuarantineFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GMN9G2N4\ttjXIFO5DYG.js','');
QuarantineFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3E6CR7F\ajs[6].js','');
QuarantineFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3E6CR7F\ttjX7R66LQZ.js','');
QuarantineFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3E6CR7F\ttj[2].js','');
QuarantineFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HRJP60S5\15318[1].js','');
QuarantineFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J80DBARC\ttjO536U39W.js','');
QuarantineFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K5ENRVUE\ttjVNVJJ7RS.js','');
QuarantineFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MEFOYKCC\bds_s_v2[1].js','');
QuarantineFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NSY6WD8V\GetAdFQMNILH8.js','');
QuarantineFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NSY6WD8V\GetAdT5R37T7X.js','');
QuarantineFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NSY6WD8V\GetAd[10].js','');
QuarantineFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NSY6WD8V\GetAd[6].js','');
QuarantineFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NSY6WD8V\GetAd[7].js','');
QuarantineFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NSY6WD8V\GetAd[8].js','');
QuarantineFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NSY6WD8V\GetAd[9].js','');
QuarantineFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PM91UW4T\ajs92R8VCRT.js','');
QuarantineFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PM91UW4T\ttjCQU7JN0M.js','');
QuarantineFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q8U9PDYH\ajs[2].js','');
QuarantineFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q8U9PDYH\ba[1].js','');
QuarantineFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q8U9PDYH\ttj6DCXY1SC.js','');
QuarantineFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QIYV2368\jstag[1].js','');
QuarantineFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TD0VZ33X\wiki-common_sync_js_0_c71edc4[1].js','');
QuarantineFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ULU8JCRO\ttjH5HZYDM4.js','');
QuarantineFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ULU8JCRO\ttjTPAYXOJQ.js','');
QuarantineFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ULU8JCRO\ttjVBGFZ31T.js','');
QuarantineFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UZ1ZIECC\embed[1].js','');
QuarantineFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UZ1ZIECC\index[3].js','');
QuarantineFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\135A41NK\23622[1].js','');
QuarantineFile('C:\Windows\System32\Radiance\Wasppacer.exe','');
QuarantineFile('C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7[1].exe','');
DeleteFile('C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\КАК РАСШИФРОВАТЬ ФАЙЛЫ.txt','32');
DeleteFile('C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7[1].exe','32');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','explorer');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','explorer');
DeleteFile('C:\Windows\System32\Radiance\Wasppacer.exe','32');
DeleteFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\135A41NK\23622[1].js','32');
DeleteFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UZ1ZIECC\index[3].js','32');
DeleteFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UZ1ZIECC\embed[1].js','32');
DeleteFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ULU8JCRO\ttjVBGFZ31T.js','32');
DeleteFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ULU8JCRO\ttjTPAYXOJQ.js','32');
DeleteFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ULU8JCRO\ttjH5HZYDM4.js','32');
DeleteFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TD0VZ33X\wiki-common_sync_js_0_c71edc4[1].js','32');
DeleteFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QIYV2368\jstag[1].js','32');
DeleteFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q8U9PDYH\ttj6DCXY1SC.js','32');
DeleteFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q8U9PDYH\ba[1].js','32');
DeleteFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q8U9PDYH\ajs[2].js','32');
DeleteFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PM91UW4T\ttjCQU7JN0M.js','32');
DeleteFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PM91UW4T\ajs92R8VCRT.js','32');
DeleteFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NSY6WD8V\GetAd[9].js','32');
DeleteFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NSY6WD8V\GetAd[8].js','32');
DeleteFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NSY6WD8V\GetAd[7].js','32');
DeleteFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NSY6WD8V\GetAd[6].js','32');
DeleteFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NSY6WD8V\GetAd[10].js','32');
DeleteFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NSY6WD8V\GetAdT5R37T7X.js','32');
DeleteFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NSY6WD8V\GetAdFQMNILH8.js','32');
DeleteFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MEFOYKCC\bds_s_v2[1].js','32');
DeleteFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K5ENRVUE\ttjVNVJJ7RS.js','32');
DeleteFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J80DBARC\ttjO536U39W.js','32');
DeleteFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HRJP60S5\15318[1].js','32');
DeleteFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3E6CR7F\ttj[2].js','32');
DeleteFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3E6CR7F\ttjX7R66LQZ.js','32');
DeleteFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H3E6CR7F\ajs[6].js','32');
DeleteFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GMN9G2N4\ttjXIFO5DYG.js','32');
DeleteFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CN1YIYT0\ttj45IHFBQ8.js','32');
DeleteFile('C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CN1YIYT0\23622[3].js','32');
DeleteFile('C:\Windows\System32\Radiance\wizard.exe','32');
DeleteFile('C:\Windows\System32\Resident\fsproflt2.exe ipfw.exe reminder.exe updater.exe waagent.exe Wasppacer.exe wasub.exe wizard.exe wmic.exe WMIC.exe.exe','32');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(false);
end.
Компьютер перезагрузится.