Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2266.dll','');
QuarantineFile('C:\WINDOWS\Intel\baiduc.dll','');
QuarantineFile('C:\Program Files\Common Files\PushWare\cpush0.dll','');
QuarantineFile('C:\WINDOWS\system32\xunleiBHO12.dll','');
QuarantineFile('C:\WINDOWS\system32\vmdetdhc.exe','');
QuarantineFile('C:\WINDOWS\system32\kepSafe.exe','');
QuarantineFile('C:\WINDOWS\Fonts\kzhionlr.dll','');
QuarantineFile('C:\Documents and Settings\All Users\Application Data\Microsoft\Media Player\obj\wmpobj.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\pnpmem.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\acpidisk.sys','');
QuarantineFile('C:\WINDOWS\system32\acpi64.sys','');
QuarantineFile('C:\WINDOWS\system32\ztxvpieo.dll','');
QuarantineFile('C:\WINDOWS\system32\drivers\ssmfr.sys','');
QuarantineFile('C:\WINDOWS\HXQ3LL44RDL.exe','');
QuarantineFile('C:\WINDOWS\SKGGNS.exe','');
QuarantineFile('C:\WINDOWS\system32\wsldoekd.exe','');
QuarantineFile('C:\WINDOWS\system32\WinHelp3x.exe','');
QuarantineFile('C:\WINDOWS\system32\Helper32.exe','');
QuarantineFile('C:\WINDOWS\system32\WinHelp321.exe','');
QuarantineFile('C:\WINDOWS\system32\WinHelp23.exe','');
QuarantineFile('C:\WINDOWS\system32\IM.exe','');
QuarantineFile('C:\WINDOWS\system32\tdydowkc.exe','');
QuarantineFile('C:\WINDOWS\system32\tcim.exe','');
QuarantineFile('C:\WINDOWS\system32\takjq.exe','');
QuarantineFile('C:\WINDOWS\system32\XmrwP\001.exe','');
QuarantineFile('C:\WINDOWS\system32\soxpeca.exe','');
QuarantineFile('C:\WINDOWS\system32\WinHelp.exe','');
QuarantineFile('C:\WINDOWS\system32\NPC329.exe','');
QuarantineFile('C:\WINDOWS\system32\roytctm.exe','');
QuarantineFile('C:\WINDOWS\system32\RiSing.exe','');
QuarantineFile('C:\WINDOWS\system32\QQZone.exe','');
QuarantineFile('C:\WINDOWS\BO7GYTSC.exe','');
QuarantineFile('C:\WINDOWS\system32\Station.exe','');
QuarantineFile('C:\WINDOWS\C6N8KBKRRJ.exe','');
QuarantineFile('C:\WINDOWS\guocyok88.exe','');
QuarantineFile('C:\WINDOWS\system32\noytcyr.exe','');
QuarantineFile('C:\WINDOWS\system32\svchosa.exe','');
QuarantineFile('C:\WINDOWS\system32\Softwar.exe','');
QuarantineFile('C:\WINDOWS\K3FFM26N.exe','');
QuarantineFile('c:\windows\mfc42.exe','');
QuarantineFile('C:\WINDOWS\system32\mabidwe.exe','');
QuarantineFile('C:\WINDOWS\66O1YLENOEW.exe','');
QuarantineFile('C:\WINDOWS\system32\k.exe','');
QuarantineFile('C:\WINDOWS\system32\j.exe','');
QuarantineFile('C:\WINDOWS\system32\svchoat.exe','');
QuarantineFile('C:\WINDOWS\system32\sudbc.exe','');
QuarantineFile('c:\windows\system32\KERNEL32.exe','');
QuarantineFile('C:\WINDOWS\system32\jwmk.exe','');
QuarantineFile('C:\WINDOWS\system32\jlqk.exe','');
QuarantineFile('C:\WINDOWS\system32\jlfk.exe','');
QuarantineFile('C:\WINDOWS\system32\jfzy.exe','');
QuarantineFile('C:\WINDOWS\system32\jfwk.exe','');
QuarantineFile('C:\WINDOWS\system32\jfmy.exe','');
QuarantineFile('C:\WINDOWS\system32\jbzy.exe','');
QuarantineFile('C:\WINDOWS\system32\jazy.exe','');
QuarantineFile('C:\WINDOWS\6QOGLJMC2JS.exe','');
QuarantineFile('C:\WINDOWS\8B3B901K8B8J.exe','');
QuarantineFile('C:\Program Files\Common Files\System\Slsvc.exe','');
QuarantineFile('C:\WINDOWS\Fonts\B76E0E5C.EXE','');
QuarantineFile('C:\WINDOWS\system32\Events.exe','');
QuarantineFile('C:\WINDOWS\system32\snss.exe','');
QuarantineFile('C:\WINDOWS\278YC4U.exe','');
QuarantineFile('C:\WINDOWS\system32\init32.exe','');
QuarantineFile('C:\WINDOWS\system32\game.exe','');
QuarantineFile('C:\WINDOWS\system32\borcservice.exe','');
QuarantineFile('C:\WINDOWS\system32\regedit32.exe','');
QuarantineFile('C:\WINDOWS\System32\migration\smss.exe','');
QuarantineFile('C:\WINDOWS\system32\maxtho.exe','');
QuarantineFile('C:\WINDOWS\system32\afisicx.exe','');
QuarantineFile('C:\WINDOWS\system32\acpi64.exe','');
QuarantineFile('C:\WINDOWS\OCV71.exe','');
QuarantineFile('C:\WINDOWS\RFVF3.exe','');
QuarantineFile('C:\WINDOWS\NC1K7NY4E.exe','');
QuarantineFile('C:\WINDOWS\KLCH7QHP.exe','');
QuarantineFile('C:\WINDOWS\KZL258BSIY.exe','');
QuarantineFile('C:\WINDOWS\system32\1239.exe','');
QuarantineFile('C:\WINDOWS\system32\tching.exe','');
QuarantineFile('C:\WINDOWS\system32\instbum.exe','');
QuarantineFile('C:\WINDOWS\system32\yy.dll','');
QuarantineFile('C:\WINDOWS\system32\QQ.dll','');
QuarantineFile('C:\WINDOWS\system32\iexplorer.exe','');
QuarantineFile('C:\WINDOWS\system32\friend.dll','');
QuarantineFile('c:\windows\system32\angnvw.dll','');
QuarantineFile('c:\windows\oeimport.dll','');
QuarantineFile('c:\windows\msgslang.dll','');
QuarantineFile('C:\WINDOWS\LY86T2D.exe','');
QuarantineFile('c:\windows\haibin8211.dll','');
QuarantineFile('C:\WINDOWS\Fonts\mcmzsyaj.dll','');
QuarantineFile('c:\windows\adobelm.dll','');
DeleteFile('c:\windows\adobelm.dll');
DeleteFile('C:\WINDOWS\Fonts\mcmzsyaj.dll');
DeleteFile('c:\windows\haibin8211.dll');
DeleteFile('C:\WINDOWS\LY86T2D.exe');
DeleteFile('c:\windows\msgslang.dll');
DeleteFile('c:\windows\oeimport.dll');
DeleteFile('c:\windows\system32\angnvw.dll');
DeleteFile('C:\WINDOWS\system32\friend.dll');
DeleteFile('C:\WINDOWS\system32\iexplorer.exe');
DeleteFile('C:\WINDOWS\system32\QQ.dll');
DeleteFile('C:\WINDOWS\system32\yy.dll');
DeleteFile('C:\WINDOWS\system32\instbum.exe');
DeleteFile('C:\WINDOWS\system32\tching.exe');
DeleteFile('C:\WINDOWS\system32\1239.exe');
DeleteFile('C:\WINDOWS\KZL258BSIY.exe');
DeleteFile('C:\WINDOWS\KLCH7QHP.exe');
DeleteFile('C:\WINDOWS\NC1K7NY4E.exe');
DeleteFile('C:\WINDOWS\RFVF3.exe');
DeleteFile('C:\WINDOWS\OCV71.exe');
DeleteFile('C:\WINDOWS\system32\acpi64.exe');
DeleteFile('C:\WINDOWS\system32\afisicx.exe');
DeleteFile('C:\WINDOWS\system32\maxtho.exe');
DeleteFile('C:\WINDOWS\System32\migration\smss.exe');
DeleteFile('C:\WINDOWS\system32\regedit32.exe');
DeleteFile('C:\WINDOWS\system32\borcservice.exe');
DeleteFile('C:\WINDOWS\system32\game.exe');
DeleteFile('C:\WINDOWS\system32\init32.exe');
DeleteFile('C:\WINDOWS\278YC4U.exe');
DeleteFile('C:\WINDOWS\system32\snss.exe');
DeleteFile('C:\WINDOWS\system32\Events.exe');
DeleteFile('C:\WINDOWS\Fonts\B76E0E5C.EXE');
DeleteFile('C:\Program Files\Common Files\System\Slsvc.exe');
DeleteFile('C:\WINDOWS\8B3B901K8B8J.exe');
DeleteFile('C:\WINDOWS\6QOGLJMC2JS.exe');
DeleteFile('C:\WINDOWS\system32\jazy.exe');
DeleteFile('C:\WINDOWS\system32\jbzy.exe');
DeleteFile('C:\WINDOWS\system32\jfmy.exe');
DeleteFile('C:\WINDOWS\system32\jfwk.exe');
DeleteFile('C:\WINDOWS\system32\jfzy.exe');
DeleteFile('C:\WINDOWS\system32\jlfk.exe');
DeleteFile('C:\WINDOWS\system32\jlqk.exe');
DeleteFile('C:\WINDOWS\system32\jwmk.exe');
DeleteFile('c:\windows\system32\KERNEL32.exe');
DeleteFile('C:\WINDOWS\system32\sudbc.exe');
DeleteFile('C:\WINDOWS\system32\svchoat.exe');
DeleteFile('C:\WINDOWS\system32\j.exe');
DeleteFile('C:\WINDOWS\system32\k.exe');
DeleteFile('C:\WINDOWS\66O1YLENOEW.exe');
DeleteFile('C:\WINDOWS\system32\mabidwe.exe');
DeleteFile('c:\windows\mfc42.exe');
DeleteFile('C:\WINDOWS\K3FFM26N.exe');
DeleteFile('C:\WINDOWS\system32\Softwar.exe');
DeleteFile('C:\WINDOWS\system32\svchosa.exe');
DeleteFile('C:\WINDOWS\system32\noytcyr.exe');
DeleteFile('C:\WINDOWS\guocyok88.exe');
DeleteFile('C:\WINDOWS\C6N8KBKRRJ.exe');
DeleteFile('C:\WINDOWS\system32\Station.exe');
DeleteFile('C:\WINDOWS\BO7GYTSC.exe');
DeleteFile('C:\WINDOWS\system32\QQZone.exe');
DeleteFile('C:\WINDOWS\system32\RiSing.exe');
DeleteFile('C:\WINDOWS\system32\roytctm.exe');
DeleteFile('C:\WINDOWS\system32\NPC329.exe');
DeleteFile('C:\WINDOWS\system32\WinHelp.exe');
DeleteFile('C:\WINDOWS\system32\soxpeca.exe');
DeleteFile('C:\WINDOWS\system32\XmrwP\001.exe');
DeleteFile('C:\WINDOWS\system32\takjq.exe');
DeleteFile('C:\WINDOWS\system32\tcim.exe');
DeleteFile('C:\WINDOWS\system32\tdydowkc.exe');
DeleteFile('C:\WINDOWS\system32\IM.exe');
DeleteFile('C:\WINDOWS\system32\WinHelp23.exe');
DeleteFile('C:\WINDOWS\system32\WinHelp321.exe');
DeleteFile('C:\WINDOWS\system32\Helper32.exe');
DeleteFile('C:\WINDOWS\system32\WinHelp3x.exe');
DeleteFile('C:\WINDOWS\system32\wsldoekd.exe');
DeleteFile('C:\WINDOWS\SKGGNS.exe');
DeleteFile('C:\WINDOWS\HXQ3LL44RDL.exe');
DeleteFile('C:\WINDOWS\system32\drivers\ssmfr.sys');
DeleteFile('C:\WINDOWS\system32\ztxvpieo.dll');
DeleteFile('C:\WINDOWS\system32\acpi64.sys');
DeleteFile('C:\WINDOWS\system32\drivers\acpidisk.sys');
DeleteFile('C:\WINDOWS\system32\drivers\pnpmem.sys');
DeleteFile('C:\Documents and Settings\All Users\Application Data\Microsoft\Media Player\obj\wmpobj.sys');
DeleteFile('C:\WINDOWS\Fonts\kzhionlr.dll');
DeleteFile('C:\WINDOWS\system32\kepSafe.exe');
DeleteFile('C:\WINDOWS\system32\vmdetdhc.exe');
DeleteFile('C:\WINDOWS\system32\xunleiBHO12.dll');
DeleteFile('C:\Program Files\Common Files\PushWare\cpush0.dll');
DeleteFile('C:\WINDOWS\Intel\baiduc.dll');
DeleteFile('C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2266.dll');
DeleteFile('c:\windows\system32\iexplorer.exe');
DeleteFile('c:\windows\fonts\mcmzsyaj.dll');
DeleteFile('C:\WINDOWS\Fonts\n1234091583k.exe');
DeleteFile('C:\WINDOWS\Fonts\n1234093984k.exe');
DeleteFile('C:\WINDOWS\Fonts\n1234291349k.exe');
DeleteFile('C:\WINDOWS\Fonts\n1234428295k.exe');
DeleteFile('C:\WINDOWS\Fonts\n1234454094k.exe');
BC_ImportALL;
ExecuteSysClean;
ExecuteRepair(9);
BC_Activate;
RebootWindows(true);
end.
Компьютер перезагрузится.