Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
TerminateProcessByName('c:\users\samsung\appdata\local\4510eee0-1445197632-11b2-8000-8eccd90e3ef2\qnsu7fe.tmp');
TerminateProcessByName('c:\program files\mybrowser\mybrowser\application\mybrowser.exe');
StopService('hidekoqe');
QuarantineFile('C:\Users\samsung\AppData\Local\Temp\R.vbs','');
QuarantineFile('C:\Users\samsung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Yandex.lnk','');
QuarantineFile('C:\Users\samsung\AppData\Local\Jk\TbKOAT1.bat','');
QuarantineFile('C:\Users\samsung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\MyBrowser.lnk','');
QuarantineFile('C:\Users\samsung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk','');
QuarantineFile('C:\ProgramData\CmOILqXvGowSps\DoyjRQOuRHvJDec5.bat','');
QuarantineFile('C:\Users\samsung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Internet Quick Access.lnk','');
QuarantineFile('C:\Users\samsung\AppData\Local\oGFmjdLlrIiCbAO\aIJQHto0.bat','');
QuarantineFile('C:\Users\samsung\AppData\Local\Amigo\Application\amigo.exe','');
QuarantineFile('C:\Program Files\SFK\SSFK.exe','');
QuarantineFile('C:\Users\samsung\AppData\Roaming\NetService\netservice.exe','');
QuarantineFile('C:\Program Files\4510EEE0-1444747421-11B2-8000-8ECCD90E3EF2\hnscB4D8.tmp','');
QuarantineFile('C:\Program Files\MyBrowser\MyBrowser\Application\39.5.2171.95\pdf.dll','');
QuarantineFile('C:\Program Files\MyBrowser\MyBrowser\Application\39.5.2171.95\libglesv2.dll','');
QuarantineFile('C:\Program Files\MyBrowser\MyBrowser\Application\39.5.2171.95\libegl.dll','');
QuarantineFile('C:\Program Files\MyBrowser\MyBrowser\Application\39.5.2171.95\ffmpegsumo.dll','');
QuarantineFile('C:\Program Files\MyBrowser\MyBrowser\Application\39.5.2171.95\chrome_elf.dll','');
QuarantineFile('C:\Program Files\MyBrowser\MyBrowser\Application\39.5.2171.95\chrome_child.dll','');
QuarantineFile('C:\Program Files\MyBrowser\MyBrowser\Application\39.5.2171.95\chrome.dll','');
QuarantineFile('c:\users\samsung\appdata\local\4510eee0-1445197632-11b2-8000-8eccd90e3ef2\qnsu7fe.tmp','');
QuarantineFile('c:\program files\mybrowser\mybrowser\application\mybrowser.exe','');
DeleteFile('C:\Users\samsung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Yandex.lnk');
DeleteFile('C:\Users\samsung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\MyBrowser.lnk');
DeleteFile('C:\Users\samsung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk');
DeleteFile('C:\Users\samsung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Internet Quick Access.lnk');
DeleteFile('C:\Program Files\MyBrowser\MyBrowser\Application\mybrowser.exe','32');
DeleteFile('C:\Program Files\MyBrowser\MyBrowser\Application\39.5.2171.95\chrome.dll','32');
DeleteFile('C:\Program Files\MyBrowser\MyBrowser\Application\39.5.2171.95\chrome_child.dll','32');
DeleteFile('C:\Program Files\MyBrowser\MyBrowser\Application\39.5.2171.95\chrome_elf.dll','32');
DeleteFile('C:\Program Files\MyBrowser\MyBrowser\Application\39.5.2171.95\ffmpegsumo.dll','32');
DeleteFile('C:\Program Files\MyBrowser\MyBrowser\Application\39.5.2171.95\libegl.dll','32');
DeleteFile('C:\Program Files\MyBrowser\MyBrowser\Application\39.5.2171.95\libglesv2.dll','32');
DeleteFile('C:\Program Files\MyBrowser\MyBrowser\Application\39.5.2171.95\pdf.dll','32');
DeleteFile('C:\Users\samsung\AppData\Local\4510EEE0-1445197632-11B2-8000-8ECCD90E3EF2\qnsu7FE.tmp','32');
DeleteFile('C:\Program Files\4510EEE0-1444747421-11B2-8000-8ECCD90E3EF2\hnscB4D8.tmp','32');
DeleteFile('C:\Program Files\SFK\SSFK.exe','32');
DeleteFile('C:\Users\samsung\AppData\Local\oGFmjdLlrIiCbAO\aIJQHto0.bat','32');
DeleteFile('C:\ProgramData\CmOILqXvGowSps\DoyjRQOuRHvJDec5.bat','32');
DeleteFile('C:\Users\samsung\AppData\Local\Jk\TbKOAT1.bat','32');
DeleteFile('C:\Program Files\AnyProtectEx\AnyProtect.exe','32');
DeleteFile('C:\windows\Tasks\APSnotifierPP1.job','32');
DeleteFile('C:\windows\Tasks\APSnotifierPP2.job','32');
DeleteFile('C:\windows\Tasks\APSnotifierPP3.job','32');
DeleteFile('C:\Program Files\globalUpdate\Update\globalupdate.exe','32');
DeleteFile('C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job','32');
DeleteFile('C:\windows\Tasks\globalUpdateUpdateTaskMachineUA.job','32');
DeleteFile('C:\Program Files\MyBrowser\MyBrowser\Application\utility.exe','32');
DeleteFile('C:\windows\Tasks\MyBrowser.job','32');
DeleteFile('C:\Users\samsung\AppData\Roaming\ta9Bf10f0xqOO.exe','32');
DeleteFile('C:\windows\Tasks\ta9Bf10f0xqOO.job','32');
DeleteFile('C:\windows\system32\Tasks\APSnotifierPP1','32');
DeleteFile('C:\windows\system32\Tasks\APSnotifierPP2','32');
DeleteFile('C:\windows\system32\Tasks\APSnotifierPP3','32');
DeleteFile('C:\windows\system32\Tasks\globalUpdateUpdateTaskMachineCore','32');
DeleteFile('C:\windows\system32\Tasks\globalUpdateUpdateTaskMachineUA','32');
DeleteFile('C:\Users\samsung\AppData\Local\Temp\R.vbs','32');
DeleteFile('C:\windows\system32\Tasks\RestoreSearch','32');
DeleteFile('C:\windows\system32\Tasks\{435E0064-AD59-427C-A591-648D497063D3}','32');
DeleteFile('c:\users\samsung\appdata\local\amigo\application\amigo.exe','32');
DelBHO('{8984B388-A5BB-4DF7-B274-77B879E179DB}');
DelBHO('{0633EE93-D776-472f-A0FF-E1416B8B2E3D}');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','GoogleChromeAutoLaunch_F78B069440D467B6AB4507F53159C02C');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\amigo','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GoogleChromeAutoLaunch_F78B069440D467B6AB4507F53159C02C','command');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\C','command');
DeleteService('SSFK');
DeleteService('dijojyvi');
DeleteService('hidekoqe');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
ExecuteRepair(3);
ExecuteRepair(4);
RebootWindows(true);
end.
После перезагрузки выполните скрипт: