Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
TerminateProcessByName('c:\program files\wordshark_1.10.0.20\service\wssvc.exe');
TerminateProcessByName('c:\users\пользователь\appdata\local\gmsd_ru_005010028\upgmsd_ru_005010028.exe');
TerminateProcessByName('c:\users\пользователь\appdata\local\gmsd_ru_005010011\upgmsd_ru_005010011.exe');
TerminateProcessByName('c:\users\пользователь\appdata\local\microsoft\windows\system.exe');
TerminateProcessByName('c:\users\пользователь\appdata\local\smartweb\smartwebhelper.exe');
TerminateProcessByName('c:\users\пользователь\appdata\local\smartweb\smartwebapp.exe');
TerminateProcessByName('C:\Users\пользователь\AppData\Roaming\E057AD90-1435146775-E111-9086-C744550B040E\knsoEBE1.tmp');
TerminateProcessByName('c:\users\пользователь\appdata\roaming\e057ad90-1435146775-e111-9086-c744550b040e\jnspad68.tmp');
TerminateProcessByName('c:\users\пользователь\appdata\roaming\e057ad90-1435146775-e111-9086-c744550b040e\hnsjc730.tmp');
TerminateProcessByName('c:\program files\gmsd_ru_005010028\gmsd_ru_005010028.exe');
TerminateProcessByName('c:\windows\system32\macromed\flash\flashplayerplugin_18_0_0_203.exe');
TerminateProcessByName('c:\windows\system32\cpuminer-x86.exe');
StopService('globalUpdatem');
StopService('globalUpdate');
QuarantineFile('C:\Program Files\WordShark_1.10.0.20\Update\WordSharkAutoUpdateClient.exe', '');
QuarantineFile('C:\Program Files\WordShark_1.10.0.20\Service\wssvc.exe', '');
QuarantineFile('C:\Users\пользователь\appdata\local\smartweb\__u.exe', '');
QuarantineFile('C:\Users\пользователь\AppData\Roaming\dv8RBevJX1sbirbuJU4PGI.exe', '');
QuarantineFile('C:\Users\пользователь\AppData\Roaming\dv8RBevJX1sbirbuJU4PGI', '');
QuarantineFile('C:\Users\пользователь\AppData\Roaming\CYb8mdQASMBmW8hXSr.exe', '');
QuarantineFile('C:\Users\пользователь\AppData\Roaming\CYb8mdQASMBmW8hXSr', '');
QuarantineFile('C:\Users\пользователь\AppData\Roaming\4JON8iIyx8.exe', '');
QuarantineFile('C:\Users\пользователь\AppData\Roaming\4JON8iIyx8', '');
QuarantineFile('C:\Users\пользователь\AppData\Roaming\22CfbL4.exe', '');
QuarantineFile('C:\Users\пользователь\AppData\Roaming\22CfbL4', '');
QuarantineFile('C:\Users\пользователь\AppData\Local\gmsd_ru_005010011\upgmsd_ru_005010028.exe', '');
QuarantineFile('C:\Program Files\globalUpdate\Update\globalupdate.exe', '');
QuarantineFile('C:\Windows\system32\drivers\wsfd_vt_1_10_0_20.sys', '');
QuarantineFile('C:\Windows\system32\Oexufafono.dll', '');
QuarantineFile('C:\Users\пользователь\AppData\Local\SmartWeb\swhk.dll', '');
QuarantineFile('c:\users\пользователь\appdata\local\gmsd_ru_005010028\upgmsd_ru_005010028.exe', '');
QuarantineFile('c:\users\пользователь\appdata\local\gmsd_ru_005010011\upgmsd_ru_005010011.exe', '');
QuarantineFile('c:\users\пользователь\appdata\local\microsoft\windows\system.exe', '');
QuarantineFile('c:\users\пользователь\appdata\local\smartweb\smartwebhelper.exe', '');
QuarantineFile('c:\users\пользователь\appdata\local\smartweb\smartwebapp.exe', '');
QuarantineFile('C:\Users\пользователь\AppData\Roaming\E057AD90-1435146775-E111-9086-C744550B040E\knsoEBE1.tmp', '');
QuarantineFile('c:\users\пользователь\appdata\roaming\e057ad90-1435146775-e111-9086-c744550b040e\jnspad68.tmp', '');
QuarantineFile('c:\users\пользователь\appdata\roaming\e057ad90-1435146775-e111-9086-c744550b040e\hnsjc730.tmp', '');
QuarantineFile('c:\program files\gmsd_ru_005010028\gmsd_ru_005010028.exe', '');
QuarantineFile('c:\windows\system32\macromed\flash\flashplayerplugin_18_0_0_203.exe', '');
QuarantineFile('c:\windows\system32\cpuminer-x86.exe', '');
DeleteFile('c:\windows\system32\macromed\flash\flashplayerplugin_18_0_0_203.exe', '32');
DeleteFile('c:\users\пользователь\appdata\roaming\e057ad90-1435146775-e111-9086-c744550b040e\jnspad68.tmp', '32');
DeleteFile('C:\Users\пользователь\AppData\Roaming\E057AD90-1435146775-E111-9086-C744550B040E\knsoEBE1.tmp', '32');
DeleteFile('c:\users\пользователь\appdata\local\smartweb\smartwebapp.exe', '32');
DeleteFile('c:\users\пользователь\appdata\local\gmsd_ru_005010028\upgmsd_ru_005010028.exe', '32');
DeleteFile('C:\Users\пользователь\AppData\Local\SmartWeb\swhk.dll', '32');
DeleteFile('C:\Windows\system32\Oexufafono.dll', '32');
DeleteFile('C:\Windows\system32\drivers\wsfd_vt_1_10_0_20.sys', '32');
DeleteFile('C:\Program Files\globalUpdate\Update\globalupdate.exe', '32');
DeleteFile('C:\Program Files\gmsd_ru_005010028\gmsd_ru_005010028.exe', '32');
DeleteFile('C:\Users\пользователь\AppData\Local\Microsoft\Windows\system.exe', '32');
DeleteFile('C:\Users\пользователь\AppData\Local\gmsd_ru_005010011\upgmsd_ru_005010011.exe', '32');
DeleteFile('C:\Users\пользователь\AppData\Local\gmsd_ru_005010011\upgmsd_ru_005010028.exe', '32');
DeleteFile('C:\Windows\system32\cpuminer-x86.exe', '32');
DeleteFile('C:\Users\пользователь\AppData\Roaming\22CfbL4.exe', '32');
DeleteFile('C:\Users\пользователь\AppData\Roaming\22CfbL4', '32');
DeleteFile('C:\Users\пользователь\AppData\Roaming\4JON8iIyx8.exe', '32');
DeleteFile('C:\Users\пользователь\AppData\Roaming\4JON8iIyx8', '32');
DeleteFile('C:\Users\пользователь\AppData\Roaming\CYb8mdQASMBmW8hXSr.exe', '32');
DeleteFile('C:\Users\пользователь\AppData\Roaming\CYb8mdQASMBmW8hXSr', '32');
DeleteFile('C:\Users\пользователь\AppData\Roaming\dv8RBevJX1sbirbuJU4PGI.exe', '32');
DeleteFile('C:\Users\пользователь\AppData\Roaming\dv8RBevJX1sbirbuJU4PGI', '32');
DeleteFile('C:\Users\пользователь\AppData\Local\SmartWeb\SmartWebHelper.exe', '32');
DeleteFile('C:\Users\пользователь\appdata\local\smartweb\__u.exe', '32');
DeleteFile('C:\Users\пользователь\AppData\Roaming\E057AD90-1435146775-E111-9086-C744550B040E\hnsjC730.tmp', '32');
DeleteFile('c:\program files\wordshark_1.10.0.20\service\wssvc.exe', '32');
DeleteFile('C:\Program Files\WordShark_1.10.0.20\Update\WordSharkAutoUpdateClient.exe', '32');
DeleteService('wsfd_1_10_0_19');
DeleteService('scfd_1_10_0_16');
DeleteService('innfd_1_10_0_14');
DeleteService('cherimoya');
DeleteService('wsfd_vt_1_10_0_20');
DeleteService('LiveUpdateSvc');
DeleteService('globalUpdatem');
DeleteService('globalUpdate');
DeleteFileMask('C:\Program Files\WordShark_1.10.0.20', '*', true);
DeleteFileMask('C:\Users\пользователь\AppData\Roaming\E057AD90-1435146775-E111-9086-C744550B040E', '*', true);
DeleteFileMask('C:\Users\пользователь\AppData\Local\SmartWeb', '*', true);
DeleteFileMask('C:\Program Files\globalUpdate', '*', true);
DeleteFileMask('C:\Program Files\gmsd_ru_005010028', '*', true);
DeleteFileMask('C:\Users\пользователь\AppData\Local\gmsd_ru_005010011', '*', true);
DeleteDirectory('C:\Program Files\WordShark_1.10.0.20');
DeleteDirectory('C:\Users\пользователь\AppData\Roaming\E057AD90-1435146775-E111-9086-C744550B040E');
DeleteDirectory('C:\Users\пользователь\AppData\Local\SmartWeb');
DeleteDirectory('C:\Program Files\globalUpdate');
DeleteDirectory('C:\Program Files\gmsd_ru_005010028');
DeleteDirectory('C:\Users\пользователь\AppData\Local\gmsd_ru_005010011');
DelSPIByFileName('C:\Windows\system32\Oexufafono.dll', true);
DelSPIByFileName('C:\Windows\system32\Oexufafono.dll', false);
DelBHO('{0633EE93-D776-472f-A0FF-E1416B8B2E3D}');
DelBHO('{72a94386-d7dd-4032-86b6-e013e104f0ab}');
DelBHO('{3c9ce603-44cc-4997-a166-239e6186c6ef}');
DelBHO('{10921475-03CE-4E04-90CE-E2E7EF20C814}');
ExecuteFile('schtasks.exe', '/delete /TN "4d939b3a-87fd-4202-b377-09d019253ffd-1-6.job" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "4d939b3a-87fd-4202-b377-09d019253ffd-1-7.job" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "4d939b3a-87fd-4202-b377-09d019253ffd-10_user.job" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "4d939b3a-87fd-4202-b377-09d019253ffd-4.job" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "4d939b3a-87fd-4202-b377-09d019253ffd-5.job" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "4d939b3a-87fd-4202-b377-09d019253ffd-5_user.job" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "4d939b3a-87fd-4202-b377-09d019253ffd-6.job" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "4d939b3a-87fd-4202-b377-09d019253ffd-7.job" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "9277e659-56ca-4041-bcfa-190086149b0a-1-6.job" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "9277e659-56ca-4041-bcfa-190086149b0a-1-7.job" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "9277e659-56ca-4041-bcfa-190086149b0a-4.job" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "9277e659-56ca-4041-bcfa-190086149b0a-5.job" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "9277e659-56ca-4041-bcfa-190086149b0a-5_user.job" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "9277e659-56ca-4041-bcfa-190086149b0a-6.job" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "9277e659-56ca-4041-bcfa-190086149b0a-7.job" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "a8486c7e-b7b3-4765-ac6c-c89424c31b10-1-6.job" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "a8486c7e-b7b3-4765-ac6c-c89424c31b10-1-7.job" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "a8486c7e-b7b3-4765-ac6c-c89424c31b10-10_user.job" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "a8486c7e-b7b3-4765-ac6c-c89424c31b10-3.job" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "a8486c7e-b7b3-4765-ac6c-c89424c31b10-4.job" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "a8486c7e-b7b3-4765-ac6c-c89424c31b10-5.job" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "a8486c7e-b7b3-4765-ac6c-c89424c31b10-5_user.job" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "a8486c7e-b7b3-4765-ac6c-c89424c31b10-6.job" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "a8486c7e-b7b3-4765-ac6c-c89424c31b10-7.job" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "APSnotifierPP1.job" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "APSnotifierPP2.job" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "APSnotifierPP3.job" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Crossbrowse.job" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "globalUpdateUpdateTaskMachineCore.job" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "globalUpdateUpdateTaskMachineUA.job" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "4d939b3a-87fd-4202-b377-09d019253ffd-1-6" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "4d939b3a-87fd-4202-b377-09d019253ffd-1-7" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "4d939b3a-87fd-4202-b377-09d019253ffd-4" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "4d939b3a-87fd-4202-b377-09d019253ffd-5" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "4d939b3a-87fd-4202-b377-09d019253ffd-6" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "4d939b3a-87fd-4202-b377-09d019253ffd-7" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "9277e659-56ca-4041-bcfa-190086149b0a-1-6" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "9277e659-56ca-4041-bcfa-190086149b0a-1-7" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "9277e659-56ca-4041-bcfa-190086149b0a-4" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "9277e659-56ca-4041-bcfa-190086149b0a-5" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "9277e659-56ca-4041-bcfa-190086149b0a-6" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "9277e659-56ca-4041-bcfa-190086149b0a-7" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "a8486c7e-b7b3-4765-ac6c-c89424c31b10-1-6" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "a8486c7e-b7b3-4765-ac6c-c89424c31b10-1-7" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "a8486c7e-b7b3-4765-ac6c-c89424c31b10-3" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "a8486c7e-b7b3-4765-ac6c-c89424c31b10-4" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "a8486c7e-b7b3-4765-ac6c-c89424c31b10-5" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "a8486c7e-b7b3-4765-ac6c-c89424c31b10-6" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "a8486c7e-b7b3-4765-ac6c-c89424c31b10-7" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "APSnotifierPP1" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "APSnotifierPP2" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "APSnotifierPP3" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Crossbrowse" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "globalUpdateUpdateTaskMachineCore" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "globalUpdateUpdateTaskMachineUA" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "nethost task" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "SmartWeb Upgrade Trigger Task" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "SystemScript" /F', 0, 15000, true);
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'YTDownloader');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'YTDownloader');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'ZaxarGameBrowser');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'ZaxarLoader');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'Timestasks');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\RunOnce', 'Update');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'gpuminer');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'htomymsuvi');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'cpuminer');
BC_ImportALL;
ExecuteSysClean;
BC_DeleteSvc('wsfd_vt_1_10_0_20');
BC_DeleteSvc('xoperoze');
BC_DeleteSvc('zedepory');
ExecuteRepair(2);
ExecuteRepair(4);
ExecuteWizard('SCU', 2, 2, true);
BC_Activate;
RebootWindows(true);
end.
Компьютер перезагрузится.