Код:
procedure DeleteDirectoryF(N: String);
begin
DeleteFileMask(N, '*', true);
DeleteDirectory(N);
end;
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('C:\Users\Admin\appdata\roaming\vopackage\vosrv.exe','');
QuarantineFile('C:\Users\Admin\appdata\local\temp\b14b.tmp','');
QuarantineFile('C:\Program Files (x86)\Microsoft Data\InstallAddons.exe','');
QuarantineFile('C:\Program Files (x86)\Radio Canyon\39b0c27e-e513-4376-9d09-539622bc7eab-5.exe','');
QuarantineFile('C:\Program Files (x86)\Radio Canyon\39b0c27e-e513-4376-9d09-539622bc7eab-4.exe','');
QuarantineFile('C:\Program Files (x86)\Radio Canyon\39b0c27e-e513-4376-9d09-539622bc7eab-11.exe','');
DelBHO('{FA8C3F06-D4A0-471F-827B-1303BEA7A6A2}');
DelBHO('{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}');
DelBHO('{11111111-1111-1111-1111-110611081104}');
QuarantineFile('C:\iexplore.bat','');
QuarantineFile('C:\Users\Admin\AppData\Roaming\jitujavg\cgcdgvbj.exe','');
QuarantineFile('C:\Users\Admin\AppData\Local\Yandex\browser.bat','');
QuarantineFile('C:\Program Files (x86)\Settings Manager\smdmf\x64\sysapcrt.dll','');
SetServiceStart('F06DEFF2-5B9C-490D-910F-35D3A9119622', 4);
DeleteService('F06DEFF2-5B9C-490D-910F-35D3A9119622');
QuarantineFile('C:\Windows\system32\drivers\wpnfd_1_10_0_6.sys','');
DeleteService('wpnfd_1_10_0_6');
SetServiceStart('WindowsMangerProtect', 4);
DeleteService('WindowsMangerProtect');
SetServiceStart('SmdmFService', 4);
DeleteService('SmdmFService');
SetServiceStart('IHProtect Service', 4);
DeleteService('IHProtect Service');
QuarantineFile('C:\Program Files (x86)\Settings Manager\smdmf\x64\smdmfmgrc2.cfg','');
QuarantineFile('C:\Program Files (x86)\Аудио и видео скачивание\IE\x86\Downloader.dll','');
QuarantineFile('C:\Program Files (x86)\XTab\SupTab.dll','');
QuarantineFile('C:\Program Files (x86)\XTab\IeWatchDog.dll','');
QuarantineFile('C:\Program Files (x86)\XTab\BrowserAction.dll','');
QuarantineFile('C:\Program Files (x86)\Settings Manager\smdmf\sysapcrt.dll','');
QuarantineFile('C:\Program Files (x86)\Settings Manager\smdmf\smdmfldr.dll','');
QuarantineFile('C:\Program Files (x86)\Settings Manager\smdmf\smdmfbho.dll','');
QuarantineFile('C:\Program Files (x86)\Settings Manager\smdmf\smdmf.dll','');
QuarantineFile('C:\Program Files (x86)\Radio Canyon\Radio Canyon-bho.dll','');
TerminateProcessByName('c:\users\admin\appdata\local\microsoft\windows\system.exe');
QuarantineFile('c:\users\admin\appdata\local\microsoft\windows\system.exe','');
TerminateProcessByName('c:\program files (x86)\settings manager\smdmf\smdmfservice.exe');
QuarantineFile('c:\program files (x86)\settings manager\smdmf\smdmfservice.exe','');
TerminateProcessByName('c:\program files (x86)\radio canyon\radio canyon-bg.exe');
QuarantineFile('c:\program files (x86)\radio canyon\radio canyon-bg.exe','');
TerminateProcessByName('c:\programdata\windowsmangerprotect\protectwindowsmanager.exe');
QuarantineFile('c:\programdata\windowsmangerprotect\protectwindowsmanager.exe','');
TerminateProcessByName('c:\program files (x86)\xtab\protectservice.exe');
QuarantineFile('c:\program files (x86)\xtab\protectservice.exe','');
TerminateProcessByName('c:\program files (x86)\xtab\hpnotify.exe');
QuarantineFile('c:\program files (x86)\xtab\hpnotify.exe','');
TerminateProcessByName('c:\programdata\windows\csrss.exe');
QuarantineFile('c:\programdata\windows\csrss.exe','');
TerminateProcessByName('c:\program files (x86)\xtab\cmdshell.exe');
QuarantineFile('c:\program files (x86)\xtab\cmdshell.exe','');
DeleteFile('c:\program files (x86)\xtab\cmdshell.exe','32');
DeleteFile('c:\programdata\windows\csrss.exe','32');
DeleteFile('c:\program files (x86)\xtab\hpnotify.exe','32');
DeleteFile('c:\program files (x86)\xtab\protectservice.exe','32');
DeleteFile('c:\programdata\windowsmangerprotect\protectwindowsmanager.exe','32');
DeleteFile('c:\program files (x86)\radio canyon\radio canyon-bg.exe','32');
DeleteFile('c:\program files (x86)\settings manager\smdmf\smdmfservice.exe','32');
DeleteFile('c:\users\admin\appdata\local\microsoft\windows\system.exe','32');
DeleteFile('C:\Program Files (x86)\Radio Canyon\Radio Canyon-bho.dll','32');
DeleteFile('C:\Program Files (x86)\Settings Manager\smdmf\smdmf.dll','32');
DeleteFile('C:\Program Files (x86)\Settings Manager\smdmf\smdmfbho.dll','32');
DeleteFile('C:\Program Files (x86)\Settings Manager\smdmf\smdmfldr.dll','32');
DeleteFile('C:\Program Files (x86)\Settings Manager\smdmf\sysapcrt.dll','32');
DeleteFile('C:\Program Files (x86)\XTab\BrowserAction.dll','32');
DeleteFile('C:\Program Files (x86)\XTab\IeWatchDog.dll','32');
DeleteFile('C:\Program Files (x86)\XTab\SupTab.dll','32');
DeleteFile('C:\Program Files (x86)\Аудио и видео скачивание\IE\x86\Downloader.dll','32');
DeleteFile('C:\Program Files (x86)\Settings Manager\smdmf\x64\smdmfmgrc2.cfg','32');
DeleteFile('C:\Windows\system32\drivers\wpnfd_1_10_0_6.sys','32');
DeleteFile('C:\Program Files (x86)\Settings Manager\smdmf\x64\sysapcrt.dll','32');
RegKeyParamDel('HKEY_LOCAL_MACHINE','System\CurrentControlSet\Control\Session Manager\AppCertDlls','x86');
RegKeyParamDel('HKEY_LOCAL_MACHINE','System\CurrentControlSet\Control\Session Manager\AppCertDlls','x64');
DeleteFile('C:\Program Files (x86)\baidu\baidu.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','baidu');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Client Server Runtime Subsystem');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','SystemScript');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','SystemScript');
DeleteFile('C:\Users\Admin\AppData\Local\Yandex\browser.bat','32');
DeleteFile('C:\Users\Admin\AppData\Roaming\jitujavg\cgcdgvbj.exe','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','Macromedia');
DeleteFile('C:\iexplore.bat','32');
DeleteFile('C:\Windows\Tasks\39b0c27e-e513-4376-9d09-539622bc7eab-1.job','64');
DeleteFile('C:\Program Files (x86)\Radio Canyon\39b0c27e-e513-4376-9d09-539622bc7eab-11.exe','32');
DeleteFile('C:\Windows\Tasks\39b0c27e-e513-4376-9d09-539622bc7eab-11.job','64');
DeleteFile('C:\Program Files (x86)\Radio Canyon\39b0c27e-e513-4376-9d09-539622bc7eab-4.exe','32');
DeleteFile('C:\Windows\Tasks\39b0c27e-e513-4376-9d09-539622bc7eab-4.job','64');
DeleteFile('C:\Program Files (x86)\Radio Canyon\39b0c27e-e513-4376-9d09-539622bc7eab-5.exe','32');
DeleteFile('C:\Windows\Tasks\39b0c27e-e513-4376-9d09-539622bc7eab-5.job','64');
DeleteFile('C:\Windows\Tasks\39b0c27e-e513-4376-9d09-539622bc7eab-5_user.job','64');
DeleteFile('C:\Windows\system32\Tasks\39b0c27e-e513-4376-9d09-539622bc7eab-1','64');
DeleteFile('C:\Windows\system32\Tasks\39b0c27e-e513-4376-9d09-539622bc7eab-11','64');
DeleteFile('C:\Windows\system32\Tasks\39b0c27e-e513-4376-9d09-539622bc7eab-4','64');
DeleteFile('C:\Windows\system32\Tasks\39b0c27e-e513-4376-9d09-539622bc7eab-5','64');
DeleteFile('C:\Windows\system32\Tasks\39b0c27e-e513-4376-9d09-539622bc7eab-5_user','64');
DeleteFile('C:\Program Files (x86)\Microsoft Data\InstallAddons.exe','32');
DeleteFile('C:\Windows\system32\Tasks\chrome5','64');
DeleteFile('C:\Windows\system32\Tasks\chrome5_logon','64');
DeleteFile('C:\Windows\system32\Tasks\DoctorPC_Start','64');
DeleteFile('C:\Windows\system32\Tasks\SystemScript','64');
DeleteFile('C:\Users\Admin\appdata\local\temp\b14b.tmp','32');
DeleteFile('C:\Users\Admin\appdata\roaming\vopackage\vosrv.exe','32');
DeleteDirectoryF('C:\Users\Admin\appdata\roaming\vopackage');
DeleteDirectoryF('C:\Program Files (x86)\Microsoft Data');
DeleteDirectoryF('C:\Program Files (x86)\Radio Canyon');
DeleteDirectoryF('C:\Users\Admin\AppData\Roaming\jitujavg');
DeleteDirectoryF('C:\Program Files (x86)\Settings Manager');
DeleteDirectoryF('C:\Program Files (x86)\Аудио и видео скачивание');
DeleteDirectoryF('C:\Program Files (x86)\XTab');
DeleteDirectoryF('c:\programdata\windowsmangerprotect');
DeleteDirectoryF('C:\Program Files (x86)\baidu');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(false);
end.
Компьютер перезагрузится.