Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
ClearQuarantineEx(true);
QuarantineFile('C:\WINDOWS.0\SVIQ.EXE', '');
QuarantineFile('C:\WINDOWS.0\TEMP\TornadoCache\AppServer.Tornado.Deploy.dll\AppServer.Tornado.Deploy.dll', '');
QuarantineFile('C:\WINDOWS.0\TEMP\TornadoCache\AppServer.Tornado.Model.dll\AppServer.Tornado.Model.dll', '');
QuarantineFile('C:\WINDOWS.0\TEMP\TornadoCache\AppServer.Tornado.ClientModel.dll\AppServer.Tornado.ClientModel.dll', '');
QuarantineFile('C:\WINDOWS.0\TEMP\TornadoCache\UserInterface.Deploy.dll\UserInterface.Deploy.dll', '');
QuarantineFile('C:\WINDOWS.0\TEMP\TornadoCache\AppServer.Tornado.dll\AppServer.Tornado.dll', '');
QuarantineFile('C:\WINDOWS.0\TEMP\TornadoCache\Parus.Report.ExcelXMLConvert.dll\Parus.Report.ExcelXMLConvert.dll', '');
QuarantineFile('C:\WINDOWS.0\TEMP\TornadoCache\Parus.Reporting.ExcelRenderer.dll\Parus.Reporting.ExcelRenderer.dll', '');
QuarantineFile('C:\WINDOWS.0\TEMP\TornadoCache\Parus.Reporting.WinServices.dll\Parus.Reporting.WinServices.dll', '');
QuarantineFile('C:\WINDOWS.0\TEMP\TornadoCache\Parus.Formats.ExcelXml.dll\Parus.Formats.ExcelXml.dll', '');
QuarantineFile('C:\WINDOWS.0\dc.exe', '');
QuarantineFile('C:\WINDOWS.0\inf\Other.exe', '');
QuarantineFile('C:\WINDOWS.0\system32\config\Win.exe', '');
QuarantineFile('C:\WINDOWS.0\system\Fun.exe', '');
DeleteFile('C:\WINDOWS.0\SVIQ.EXE', '32');
DeleteFile('C:\WINDOWS.0\inf\Other.exe', '32');
DeleteFile('C:\WINDOWS.0\system32\config\Win.exe', '32');
DeleteFile('C:\WINDOWS.0\system\Fun.exe', '32');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dc2k5', 'command');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dc', 'command');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Load', 'command');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Run', 'command');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Fun', 'command');
RegKeyParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Services\Eventlog\System\ip100Avista', 'EventMessageFile', 'REG_EXPAND_SZ', '%SystemRoot%\System32\netevent.dll');
BC_ImportALL;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.