Код:
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('C:\WINDOWS\system32\VSProtectProxy.dll','');
QuarantineFile('C:\Users\home\AppData\Local\SystemDir\nethost.exe','');
QuarantineFile('C:\Users\home\AppData\Roaming\9zEvWAunIWzXm7psZQGXwFLHefy.exe','');
QuarantineFile('C:\Program Files (x86)\CiPlus-4.5vV21.09\08c62819-465d-418d-8059-025e4a0c90e7-1-6.exe','');
QuarantineFile('C:\WINDOWS\system32\drivers\wwfd_vw_1_10_0_24.sys','');
SetServiceStart('wwfd_vw_1_10_0_24', 4);
DeleteService('wwfd_vw_1_10_0_24');
QuarantineFile('C:\Program Files (x86)\FastoPlayer\VSUpdater.exe','');
DeleteService('VSUpdater');
SetServiceStart('VSProtectProxy', 4);
DeleteService('VSProtectProxy');
SetServiceStart('ridulige', 4);
DeleteService('ridulige');
TerminateProcessByName('c:\program files (x86)\visual protect service\vsprotectproxy.exe');
QuarantineFile('c:\program files (x86)\visual protect service\vsprotectproxy.exe','');
TerminateProcessByName('c:\program files (x86)\visual protect service\vsprotector.exe');
QuarantineFile('c:\program files (x86)\visual protect service\vsprotector.exe','');
TerminateProcessByName('c:\users\home\appdata\local\temp\e592a50d-87a9-437f-9f9b-31aa642d3a9bmp\qqbrowser.exe');
QuarantineFile('c:\users\home\appdata\local\temp\e592a50d-87a9-437f-9f9b-31aa642d3a9bmp\qqbrowser.exe','');
TerminateProcessByName('c:\users\home\appdata\local\temp\nsvf319.tmp');
QuarantineFile('c:\users\home\appdata\local\temp\nsvf319.tmp','');
TerminateProcessByName('c:\users\home\appdata\local\temp\nsgabe6.tmp');
QuarantineFile('c:\users\home\appdata\local\temp\nsgabe6.tmp','');
TerminateProcessByName('c:\program files (x86)\b5d915b2-1442897260-e011-81b4-b870f4dc8737\knsp61ca.tmp');
QuarantineFile('c:\program files (x86)\b5d915b2-1442897260-e011-81b4-b870f4dc8737\knsp61ca.tmp','');
DeleteFile('c:\program files (x86)\b5d915b2-1442897260-e011-81b4-b870f4dc8737\knsp61ca.tmp','32');
DeleteFile('c:\users\home\appdata\local\temp\nsgabe6.tmp','32');
DeleteFile('c:\users\home\appdata\local\temp\nsvf319.tmp','32');
DeleteFile('c:\users\home\appdata\local\temp\e592a50d-87a9-437f-9f9b-31aa642d3a9bmp\qqbrowser.exe','32');
DeleteFile('c:\program files (x86)\visual protect service\vsprotector.exe','32');
DeleteFile('c:\program files (x86)\visual protect service\vsprotectproxy.exe','32');
DeleteFile('C:\Program Files (x86)\FastoPlayer\VSUpdater.exe','32');
DeleteFile('C:\WINDOWS\system32\drivers\wwfd_vw_1_10_0_24.sys','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','nnthvjfovb');
DeleteFile('C:\Program Files (x86)\CiPlus-4.5vV21.09\08c62819-465d-418d-8059-025e4a0c90e7-1-6.exe','32');
DeleteFile('C:\WINDOWS\Tasks\08c62819-465d-418d-8059-025e4a0c90e7-1-6.job','32');
DeleteFile('C:\Program Files (x86)\CiPlus-4.5vV21.09\08c62819-465d-418d-8059-025e4a0c90e7-1-7.exe','32');
DeleteFile('C:\WINDOWS\Tasks\08c62819-465d-418d-8059-025e4a0c90e7-1-7.job','32');
DeleteFile('C:\Program Files (x86)\CiPlus-4.5vV21.09\08c62819-465d-418d-8059-025e4a0c90e7-10.exe','32');
DeleteFile('C:\Program Files (x86)\CiPlus-4.5vV21.09\08c62819-465d-418d-8059-025e4a0c90e7-13.exe','32');
DeleteFile('C:\WINDOWS\Tasks\08c62819-465d-418d-8059-025e4a0c90e7-13.job','32');
DeleteFile('C:\WINDOWS\Tasks\08c62819-465d-418d-8059-025e4a0c90e7-10_user.job','32');
DeleteFile('C:\Program Files (x86)\CiPlus-4.5vV21.09\08c62819-465d-418d-8059-025e4a0c90e7-14.exe','32');
DeleteFile('C:\WINDOWS\Tasks\08c62819-465d-418d-8059-025e4a0c90e7-14.job','32');
DeleteFile('C:\Program Files (x86)\CiPlus-4.5vV21.09\08c62819-465d-418d-8059-025e4a0c90e7-3.exe','32');
DeleteFile('C:\WINDOWS\Tasks\08c62819-465d-418d-8059-025e4a0c90e7-3.job','32');
DeleteFile('C:\Program Files (x86)\CiPlus-4.5vV21.09\08c62819-465d-418d-8059-025e4a0c90e7-5.exe','32');
DeleteFile('C:\Program Files (x86)\CiPlus-4.5vV21.09\08c62819-465d-418d-8059-025e4a0c90e7-6.exe','32');
DeleteFile('C:\Program Files (x86)\CiPlus-4.5vV21.09\08c62819-465d-418d-8059-025e4a0c90e7-7.exe','32');
DeleteFile('C:\Users\home\AppData\Roaming\9zEvWAunIWzXm7psZQGXwFLHefy.exe','32');
DeleteFile('C:\WINDOWS\Tasks\9zEvWAunIWzXm7psZQGXwFLHefy.job','32');
DeleteFile('C:\WINDOWS\Tasks\08c62819-465d-418d-8059-025e4a0c90e7-7.job','32');
DeleteFile('C:\WINDOWS\Tasks\08c62819-465d-418d-8059-025e4a0c90e7-6.job','32');
DeleteFile('C:\WINDOWS\Tasks\08c62819-465d-418d-8059-025e4a0c90e7-5_user.job','32');
DeleteFile('C:\WINDOWS\Tasks\08c62819-465d-418d-8059-025e4a0c90e7-5.job','32');
DeleteFile('C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\utility.exe','32');
DeleteFile('C:\WINDOWS\Tasks\Crossbrowse.job','32');
DeleteFile('C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job','32');
DeleteFile('C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job','32');
DeleteFile('C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe','32');
DeleteFile('C:\WINDOWS\system32\Tasks\08c62819-465d-418d-8059-025e4a0c90e7-1-6','64');
DeleteFile('C:\WINDOWS\system32\Tasks\08c62819-465d-418d-8059-025e4a0c90e7-1-7','64');
DeleteFile('C:\WINDOWS\system32\Tasks\08c62819-465d-418d-8059-025e4a0c90e7-3','64');
DeleteFile('C:\WINDOWS\system32\Tasks\08c62819-465d-418d-8059-025e4a0c90e7-5','64');
DeleteFile('C:\WINDOWS\system32\Tasks\08c62819-465d-418d-8059-025e4a0c90e7-6','64');
DeleteFile('C:\WINDOWS\system32\Tasks\08c62819-465d-418d-8059-025e4a0c90e7-7','64');
DeleteFile('C:\WINDOWS\system32\Tasks\Crossbrowse','64');
DeleteFile('C:\WINDOWS\system32\Tasks\globalUpdateUpdateTaskMachineCore','64');
DeleteFile('C:\WINDOWS\system32\Tasks\globalUpdateUpdateTaskMachineUA','64');
DeleteFile('C:\Users\home\AppData\Local\SystemDir\nethost.exe','32');
DeleteFile('C:\WINDOWS\system32\Tasks\nethost task','64');
DeleteFile('C:\WINDOWS\system32\Tasks\VSProtector','64');
DeleteFile('C:\WINDOWS\system32\Tasks\WordWizard Auto Updater 1.10.0.24 Core','64');
DeleteFile('C:\WINDOWS\system32\Tasks\WordWizard Auto Updater 1.10.0.24 Pending Update','64');
DeleteFile('C:\Program Files (x86)\WordWizard_1.10.0.24\Update\WordwizardAutoUpdateClient.exe','32');
DeleteFile('C:\WINDOWS\system32\VSProtectProxy.dll','32');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
ExecuteREpair(15);
RebootWindows(false);
end.
Будет выполнена перезагрузка компьютера.