Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(true);
TerminateProcessByName('c:\docume~1\admin~1.maf\locals~1\temp\1462943.exe');
TerminateProcessByName('c:\windows\cfdrive32.exe');
TerminateProcessByName('c:\windows\system32\msvmiode.exe');
TerminateProcessByName('c:\windows\system32\syscache.exe');
QuarantineFile('C:\DOCUME~1\ADMIN~1.MAF\LOCALS~1\Temp\1462943.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe','');
QuarantineFile('C:\WINDOWS\system32\syscache.exe','');
QuarantineFile('linkdel.cmd','');
QuarantineFile('C:\Documents and Settings\Admin.MAFIA-9E0B9323E\Application Data\ltzqai.exe','');
QuarantineFile('C:\WINDOWS\system32\msvmiode.exe','');
QuarantineFile('C:\WINDOWS\system32\23.exe','');
QuarantineFile('C:\WINDOWS\system32\53.exe','');
QuarantineFile('C:\WINDOWS\system32\21.exe','');
QuarantineFile('C:\WINDOWS\system32\36.exe','');
QuarantineFile('C:\WINDOWS\system32\78.exe','');
QuarantineFile('C:\WINDOWS\system32\12.exe','');
QuarantineFile('C:\WINDOWS\system32\14.exe','');
QuarantineFile('C:\WINDOWS\system32\60.exe','');
QuarantineFile('C:\WINDOWS\system32\41.exe','');
QuarantineFile('C:\WINDOWS\system32\64.exe','');
QuarantineFile('C:\WINDOWS\system32\70.exe','');
QuarantineFile('C:\WINDOWS\system32\43.exe','');
QuarantineFile('C:\WINDOWS\system32\26.exe','');
QuarantineFile('C:\WINDOWS\system32\35.exe','');
QuarantineFile('C:\WINDOWS\system32\67.exe','');
QuarantineFile('C:\WINDOWS\system32\77.exe','');
QuarantineFile('C:\WINDOWS\system32\86.exe','');
QuarantineFile('C:\WINDOWS\system32\87.exe','');
QuarantineFile('C:\WINDOWS\system32\02.exe','');
QuarantineFile('C:\WINDOWS\system32\04.exe','');
QuarantineFile('C:\WINDOWS\system32\07.exe','');
QuarantineFile('C:\WINDOWS\system32\15.exe','');
QuarantineFile('C:\WINDOWS\system32\16.exe','');
QuarantineFile('C:\WINDOWS\system32\24.exe','');
QuarantineFile('C:\WINDOWS\system32\25.exe','');
QuarantineFile('C:\WINDOWS\system32\27.exe','');
QuarantineFile('C:\WINDOWS\system32\28.exe','');
QuarantineFile('C:\WINDOWS\system32\32.exe','');
QuarantineFile('C:\WINDOWS\system32\33.exe','');
QuarantineFile('C:\WINDOWS\system32\42.exe','');
QuarantineFile('C:\WINDOWS\cfdrive32.exe','');
DeleteFile('C:\WINDOWS\cfdrive32.exe');
DeleteFile('C:\WINDOWS\system32\42.exe');
DeleteFile('C:\WINDOWS\system32\33.exe');
DeleteFile('C:\WINDOWS\system32\32.exe');
DeleteFile('C:\WINDOWS\system32\27.exe');
DeleteFile('C:\WINDOWS\system32\25.exe');
DeleteFile('C:\WINDOWS\system32\24.exe');
DeleteFile('C:\WINDOWS\system32\16.exe');
DeleteFile('C:\WINDOWS\system32\15.exe');
DeleteFile('C:\WINDOWS\system32\07.exe');
DeleteFile('C:\WINDOWS\system32\04.exe');
DeleteFile('C:\WINDOWS\system32\02.exe');
DeleteFile('C:\WINDOWS\system32\87.exe');
DeleteFile('C:\WINDOWS\system32\86.exe');
DeleteFile('C:\WINDOWS\system32\77.exe');
DeleteFile('C:\WINDOWS\system32\67.exe');
DeleteFile('C:\WINDOWS\system32\35.exe');
DeleteFile('C:\WINDOWS\system32\26.exe');
DeleteFile('C:\WINDOWS\system32\43.exe');
DeleteFile('C:\WINDOWS\system32\70.exe');
DeleteFile('C:\WINDOWS\system32\64.exe');
DeleteFile('C:\WINDOWS\system32\41.exe');
DeleteFile('C:\WINDOWS\system32\60.exe');
DeleteFile('C:\WINDOWS\system32\14.exe');
DeleteFile('C:\WINDOWS\system32\12.exe');
DeleteFile('C:\WINDOWS\system32\78.exe');
DeleteFile('C:\WINDOWS\system32\36.exe');
DeleteFile('C:\WINDOWS\system32\21.exe');
DeleteFile('C:\WINDOWS\system32\53.exe');
DeleteFile('C:\WINDOWS\system32\23.exe');
DeleteFile('C:\WINDOWS\system32\msvmiode.exe');
DeleteFile('C:\Documents and Settings\Admin.MAFIA-9E0B9323E\Application Data\ltzqai.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','MSODESNV7');
DeleteFile('C:\WINDOWS\system32\syscache.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','1854');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','3450');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','5318');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','Microsoft Driver Setup');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Microsoft Driver Setup');
DeleteFile('C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','12CFG214-K641-12SF-N85P');
DeleteFile('C:\DOCUME~1\ADMIN~1.MAF\LOCALS~1\Temp\1462943.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Advanced DHTML Enable');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows NT\CurrentVersion\Winlogon','Taskman');
BC_ImportAll;
ExecuteSysClean;
ExecuteWizard('TSW',2,2,true);
ClearHostsFile;
BC_Activate;
RebootWindows(true);
end.
После выполнения скрипта компьютер перезагрузится.