Код:
begin
TerminateProcessByName('c:\program files (x86)\firefox\bin\firefoxupdate.exe');
StopService('FirefoxU');
StopService('AntannaSU');
QuarantineFileF('c:\program files (x86)\firefox', '*.exe', true, '', 0 , 0);
QuarantineFile('c:\program files (x86)\firefox\bin\firefoxupdate.exe', '');
QuarantineFile('c:\programdata\software\apple\apps\notification.dll', '');
QuarantineFile('c:\users\daniel\appdata\local\kitty\kitty.dll', '');
QuarantineFile('c:\users\daniel\appdata\roaming\winsapsvc\winsap.dll', '');
QuarantineFile('c:\users\daniel\appdata\local\3dm\kitty.dll', '');
QuarantineFile('C:\WINDOWS\TEMP\hp1744.tmp\ttff.exe', '');
QuarantineFile('C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys', '');
QuarantineFile('C:\Program Files (x86)\Antanna\Application\chrome.exe', '');
QuarantineFile('C:\Program Files (x86)\Yeahship\Application\chrome.exe', '');
QuarantineFile('C:\Program Files (x86)\Alltie\Application\chrome.exe', '');
QuarantineFile('C:\Program Files (x86)\Eastness\Application\chrome.exe', '');
QuarantineFile('C:\Users\Daniel\AppData\Local\SNARE\Snarer.dll', '');
QuarantineFile('C:\Users\Daniel\AppData\Local\SNARER\Snarer.dll', '');
QuarantineFile('C:\Program Files (x86)\Baperksulos Core\local64spl.dll', '');
QuarantineFile('C:\Program Files (x86)\Philughgrukis\xteqerry.exe', '');
QuarantineFile('"C:\Program Files (x86)\MIO\MIO.exe" -bindurl http://api.suibianmaimaicom.com/hitachixhts547575a9e384_j2140059faar9afaar9ax.dat cmd=', '');
QuarantineFile('C:\windows\Update\psgo\psgo.ps1', '');
QuarantineFile('C:\Users\Daniel\appdata\local\kitty\cat.exe', '');
DeleteFile('c:\program files (x86)\firefox\bin\firefoxupdate.exe', '32');
DeleteFile('c:\programdata\software\apple\apps\notification.dll', '32');
DeleteFile('c:\users\daniel\appdata\local\kitty\kitty.dll', '32');
DeleteFile('c:\users\daniel\appdata\roaming\winsapsvc\winsap.dll', '32');
DeleteFile('c:\users\daniel\appdata\local\3dm\kitty.dll', '32');
DeleteFile('C:\WINDOWS\TEMP\hp1744.tmp\ttff.exe', '32');
DeleteFile('C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys', '32');
DeleteFile('C:\Program Files (x86)\Antanna\Application\chrome.exe', '32');
DeleteFile('C:\Program Files (x86)\Yeahship\Application\chrome.exe', '32');
DeleteFile('C:\Program Files (x86)\Alltie\Application\chrome.exe', '32');
DeleteFile('C:\Program Files (x86)\Eastness\Application\chrome.exe', '32');
DeleteFile('C:\Users\Daniel\AppData\Local\SNARE\Snarer.dll', '32');
DeleteFile('C:\Users\Daniel\AppData\Local\SNARER\Snarer.dll', '32');
DeleteFile('C:\Program Files (x86)\Baperksulos Core\local64spl.dll', '32');
DeleteFile('C:\Program Files (x86)\Philughgrukis\xteqerry.exe', '32');
DeleteFile('"C:\Program Files (x86)\MIO\MIO.exe" -bindurl http://api.suibianmaimaicom.com/hitachixhts547575a9e384_j2140059faar9afaar9ax.dat cmd=', '32');
DeleteFile('C:\windows\Update\psgo\psgo.ps1', '32');
DeleteFile('C:\Users\Daniel\appdata\local\kitty\cat.exe', '32');
DeleteService('FirefoxU');
DeleteService('AntannaSU');
DeleteService('iSafeKrnlMon');
DeleteService('madngavn');
DeleteFileMask('c:\program files (x86)\firefox', '*', true);
DeleteFileMask('c:\users\daniel\appdata\local\kitty', '*', true);
DeleteFileMask('c:\users\daniel\appdata\local\3dm', '*', true);
DeleteFileMask('c:\program files (x86)\elex-tech', '*', true);
DeleteFileMask('c:\program files (x86)\antanna', '*', true);
DeleteFileMask('c:\program files (x86)\yeahship', '*', true);
DeleteFileMask('c:\program files (x86)\alltie', '*', true);
DeleteFileMask('c:\program files (x86)\eastness', '*', true);
DeleteFileMask('c:\users\daniel\appdata\local\snare', '*', true);
DeleteFileMask('c:\users\daniel\appdata\local\snarer', '*', true);
DeleteFileMask('c:\program files (x86)\baperksulos core', '*', true);
DeleteFileMask('c:\program files (x86)\philughgrukis', '*', true);
DeleteFileMask('"c:\program files (x86)\mio', '*', true);
DeleteFileMask('c:\windows\update\psgo', '*', true);
DeleteDirectory('c:\program files (x86)\firefox');
DeleteDirectory('c:\users\daniel\appdata\local\kitty');
DeleteDirectory('c:\users\daniel\appdata\local\3dm');
DeleteDirectory('c:\program files (x86)\elex-tech');
DeleteDirectory('c:\program files (x86)\antanna');
DeleteDirectory('c:\program files (x86)\yeahship');
DeleteDirectory('c:\program files (x86)\alltie');
DeleteDirectory('c:\program files (x86)\eastness');
DeleteDirectory('c:\users\daniel\appdata\local\snare');
DeleteDirectory('c:\users\daniel\appdata\local\snarer');
DeleteDirectory('c:\program files (x86)\baperksulos core');
DeleteDirectory('c:\program files (x86)\philughgrukis');
DeleteDirectory('"c:\program files (x86)\mio');
DeleteDirectory('c:\windows\update\psgo');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Baperksulos Core" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Milimili" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Windows-PG" /F', 0, 15000, true);
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'GoogleChromeAutoLaunch_A29CAD8D33637ACE34FF1D1876C590B6');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'GoogleChromeAutoLaunch_B0401B2798D1C3A88B3ACD7D95767DCF');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'GoogleChromeAutoLaunch_E6C4B8ABCBC5C59F305C56962C00B95C');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'GoogleChromeAutoLaunch_E9A837614744C942D5D83D9ECDCA8BDB');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Services\3DM\Parameters', 'ServiceDll');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Services\AppleAzureSrv\Parameters', 'ServiceDll');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Services\AppleNotificationsSrv\Parameters', 'ServiceDll');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Services\Kitty\Parameters', 'ServiceDll');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Services\SNARE\Parameters', 'ServiceDll');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Services\SNARER\Parameters', 'ServiceDll');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Services\WinSAPSvc\Parameters', 'ServiceDll');
CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip');
ExecuteSysClean;
ExecuteWizard('SCU', 2, 2, true);
RebootWindows(false);
end.
Компьютер перезагрузится.