Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\TEMP\WinDefender.exe','');
QuarantineFile('C:\WINDOWS\ggdrive32.exe','');
QuarantineFile('C:\WINDOWS\system32\dn.exe','');
QuarantineFile('C:\WINDOWS\system32\84.exe','');
QuarantineFile('C:\WINDOWS\system32\75.exe','');
QuarantineFile('C:\WINDOWS\system32\72.exe','');
QuarantineFile('C:\WINDOWS\system32\68.exe','');
QuarantineFile('C:\WINDOWS\system32\61.exe','');
QuarantineFile('C:\WINDOWS\system32\48.exe','');
QuarantineFile('C:\WINDOWS\system32\02.scr','');
QuarantineFile('C:\WINDOWS\system32\01.exe','');
QuarantineFile('C:\WINDOWS\system32\87.exe','');
QuarantineFile('C:\WINDOWS\system32\78.exe','');
QuarantineFile('C:\WINDOWS\system32\65.exe','');
QuarantineFile('C:\WINDOWS\system32\64.exe','');
QuarantineFile('C:\WINDOWS\system32\56.exe','');
QuarantineFile('C:\WINDOWS\system32\41.exe','');
QuarantineFile('C:\WINDOWS\system32\15.exe','');
QuarantineFile('C:\WINDOWS\system32\10.exe','');
QuarantineFile('C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\CDUF4TYB\xx4[1].exe','');
QuarantineFile('C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\CDUF4TYB\xmob[1].exe','');
QuarantineFile('C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8DEJKDYB\xx4[1].exe','');
QuarantineFile('C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8DEJKDYB\xmob[1].exe','');
QuarantineFile('C:\WINDOWS\usbmngr.exe','');
QuarantineFile('c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-1982599616-7894331018-140427611-7929\csisf.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe','');
QuarantineFile('C:\Documents and Settings\Администратор\Application Data\bowcav.exe','');
QuarantineFile('c:\windows\temp\windefender.exe','');
QuarantineFile('c:\windows\usbmngr.exe','');
TerminateProcessByName('c:\windows\usbmngr.exe');
QuarantineFile('c:\windows\system32\serivces.exe','');
TerminateProcessByName('c:\windows\system32\serivces.exe');
QuarantineFile('c:\windows\ggdrive32.exe','');
TerminateProcessByName('c:\windows\ggdrive32.exe');
DeleteFile('c:\windows\ggdrive32.exe');
DeleteFile('c:\windows\system32\serivces.exe');
DeleteFile('c:\windows\usbmngr.exe');
DeleteFile('c:\windows\temp\windefender.exe');
DeleteFile('C:\Documents and Settings\Администратор\Application Data\bowcav.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-1982599616-7894331018-140427611-7929\csisf.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Microsoft Driver Setup');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','Microsoft Driver Setup');
DeleteFile('c:\RECYCLER\R-1-5-21-1482476501-1644491937-682003330-1013\acleaner.exe');
DeleteFile('C:\WINDOWS\usbmngr.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Windows Data Serivce');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','WinDefender');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','WinDefender');
DeleteFile('C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8DEJKDYB\xmob[1].exe');
DeleteFile('C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8DEJKDYB\xx4[1].exe');
DeleteFile('C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\CDUF4TYB\xmob[1].exe');
DeleteFile('C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\CDUF4TYB\xx4[1].exe');
DeleteFile('C:\WINDOWS\system32\10.exe');
DeleteFile('C:\WINDOWS\system32\15.exe');
DeleteFile('C:\WINDOWS\system32\41.exe');
DeleteFile('C:\WINDOWS\system32\56.exe');
DeleteFile('C:\WINDOWS\system32\64.exe');
DeleteFile('C:\WINDOWS\system32\65.exe');
DeleteFile('C:\WINDOWS\system32\78.exe');
DeleteFile('C:\WINDOWS\system32\87.exe');
DeleteFile('C:\WINDOWS\system32\01.exe');
DeleteFile('C:\WINDOWS\system32\02.scr');
DeleteFile('C:\WINDOWS\system32\08.exe');
DeleteFile('C:\WINDOWS\system32\11.exe');
DeleteFile('C:\WINDOWS\system32\23.exe');
DeleteFile('C:\WINDOWS\system32\34.exe');
DeleteFile('C:\WINDOWS\system32\48.exe');
DeleteFile('C:\WINDOWS\system32\61.exe');
DeleteFile('C:\WINDOWS\system32\68.exe');
DeleteFile('C:\WINDOWS\system32\72.exe');
DeleteFile('C:\WINDOWS\system32\75.exe');
DeleteFile('C:\WINDOWS\system32\84.exe');
DeleteFile('C:\WINDOWS\ggdrive32.exe');
DeleteFile('C:\WINDOWS\TEMP\WinDefender.exe');
DeleteFile('C:\WINDOWS\system32\dn.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows NT\CurrentVersion\Winlogon','Taskman ');
DeleteFileMask('C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5', '*.*', true);
DeleteDirectory('C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5');
BC_ImportAll;
ExecuteSysClean;
ExecuteRepair(11);
ExecuteWizard('TSW', 2, 2, true);
ExecuteWizard('SCU', 2, 2, true);
RegKeyIntParamWrite('HKLM','SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer','NoDriveTypeAutoRun',221);
BC_Activate;
RebootWindows(true);
end.
После перезагрузки: