Код:
begin
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
TerminateProcessByName('c:\program files (x86)\opjpqbamiie\vghtwlslfz.exe');
TerminateProcessByName('C:\Program Files (x86)\Script\908833.exe');
TerminateProcessByName('C:\Program Files\6I5YBFZAU7\0XM63JPSP.exe');
TerminateProcessByName('C:\Program Files\DFE2TCZNCI\DFE2TCZNC.exe');
TerminateProcessByName('C:\Program Files\XEXVMF12D2\XEXVMF12D.exe');
TerminateProcessByName('c:\programdata\dahjservice\dahjservice.exe');
TerminateProcessByName('c:\programdata\logic cramble\set.exe');
TerminateProcessByName('c:\programdata\prefssecure\nettrans.exe');
TerminateProcessByName('c:\programdata\yahoochrome_d\desktop174.exe');
TerminateProcessByName('c:\users\pupsik\appdata\local\temp\00009638\msiql.exe');
TerminateProcessByName('c:\users\pupsik\appdata\local\temp\is-7jkia.tmp\g3cfkgdwezd.tmp');
TerminateProcessByName('C:\Users\Pupsik\AppData\Local\Temp\xmrig.exe');
TerminateProcessByName('c:\users\pupsik\appdata\roaming\2btuzttitio\g3cfkgdwezd.exe');
TerminateProcessByName('C:\Windows\Temp\csrss.exe');
TerminateProcessByName('C:\Windows\Temp\svchost.exe');
StopService('backlh');
StopService('dahjService');
StopService('Nettrans');
StopService('saiyitechnology');
StopService('Windows');
QuarantineFile('C:\PROGRA~3\f2d18221\cf43db24.dll', '');
QuarantineFile('C:\Program Files (x86)\FpyEWGzDFWVVpLycIFR\oXbYAni.dll', '');
QuarantineFile('C:\Program Files (x86)\GYHHaWMnbkQU2\MqRtrzDsaVLTL.dll', '');
QuarantineFile('C:\Program Files (x86)\IUpWUBcycmhgC\rFnehUe.dll', '');
QuarantineFile('C:\Program Files (x86)\muZPPgwvU\qtzsVT.dll', '');
QuarantineFile('C:\Program Files (x86)\oPjpQbAMIIE\kUyiWzk.dll', '');
QuarantineFile('C:\Program Files (x86)\oPjpQbAMIIE\TT0noN.dll', '');
QuarantineFile('c:\program files (x86)\opjpqbamiie\vghtwlslfz.exe', '');
QuarantineFile('C:\Program Files (x86)\Script\908833.exe', '');
QuarantineFile('C:\Program Files (x86)\YeaDesktop\YeaDesktop.exe', '');
QuarantineFile('C:\Program Files\6I5YBFZAU7\0XM63JPSP.exe', '');
QuarantineFile('C:\Program Files\DFE2TCZNCI\DFE2TCZNC.exe', '');
QuarantineFile('C:\Program Files\Jetmedia\NativeDesktopMediaService\checker.exe', '');
QuarantineFile('C:\Program Files\Jetmedia\NativeDesktopMediaService\desktop_media_service.exe', '');
QuarantineFile('C:\Program Files\KRV1SIUO0S\F83QGTWZA.exe', '');
QuarantineFile('C:\Program Files\XEXVMF12D2\XEXVMF12D.exe', '');
QuarantineFile('c:\programdata\dahjservice\dahjservice.exe', '');
QuarantineFile('c:\programdata\logic cramble\set.exe', '');
QuarantineFile('c:\programdata\prefssecure\nettrans.exe', '');
QuarantineFile('c:\programdata\yahoochrome_d\desktop174.exe', '');
QuarantineFile('C:\Users\Pupsik\AppData\Local\B8F1A310-E7CB-74E4-84DB-3B7B2844256A\{CF43DB24-5905-3D92-3478-B277CEBE7649}..', '');
QuarantineFile('c:\users\pupsik\appdata\local\temp\00009638\msiql.exe', '');
QuarantineFile('c:\users\pupsik\appdata\local\temp\is-7jkia.tmp\g3cfkgdwezd.tmp', '');
QuarantineFile('C:\Users\Pupsik\AppData\Local\Temp\xmrig.exe', '');
QuarantineFile('c:\users\pupsik\appdata\local\xservice\xservice.dll', '');
QuarantineFile('c:\users\pupsik\appdata\roaming\2btuzttitio\g3cfkgdwezd.exe', '');
QuarantineFile('C:\Users\Pupsik\AppData\Roaming\cpuminer\cpm.exe', '');
QuarantineFile('C:\Users\Pupsik\AppData\Roaming\iabqw4tm0rn\ykjbkjhwfgb.exe', '');
QuarantineFile('C:\Users\Pupsik\AppData\Roaming\TOIfotMLQI.exe', '');
QuarantineFile('C:\Users\Pupsik\AppData\Roaming\xmp4jwgbnec\blbjjsk33ge.exe', '');
QuarantineFile('C:\Windows\System32\conhost.exe', '');
QuarantineFile('C:\Windows\Temp\csrss.exe', '');
QuarantineFile('C:\Windows\Temp\svchost.exe', '');
QuarantineFile('C:\Windows\Wpai.exe', '');
DeleteFile('C:\PROGRA~3\f2d18221\cf43db24.dll', '32');
DeleteFile('C:\Program Files (x86)\FpyEWGzDFWVVpLycIFR\oXbYAni.dll', '32');
DeleteFile('C:\Program Files (x86)\GYHHaWMnbkQU2\MqRtrzDsaVLTL.dll', '32');
DeleteFile('C:\Program Files (x86)\IUpWUBcycmhgC\rFnehUe.dll', '32');
DeleteFile('C:\Program Files (x86)\muZPPgwvU\qtzsVT.dll', '32');
DeleteFile('C:\Program Files (x86)\oPjpQbAMIIE\kUyiWzk.dll', '32');
DeleteFile('C:\Program Files (x86)\oPjpQbAMIIE\TT0noN.dll', '32');
DeleteFile('c:\program files (x86)\opjpqbamiie\vghtwlslfz.exe', '32');
DeleteFile('C:\Program Files (x86)\Script\908833.exe', '32');
DeleteFile('C:\Program Files (x86)\YeaDesktop\YeaDesktop.exe', '32');
DeleteFile('C:\Program Files\6I5YBFZAU7\0XM63JPSP.exe', '32');
DeleteFile('C:\Program Files\DFE2TCZNCI\DFE2TCZNC.exe', '32');
DeleteFile('C:\Program Files\Jetmedia\NativeDesktopMediaService\checker.exe', '32');
DeleteFile('C:\Program Files\Jetmedia\NativeDesktopMediaService\desktop_media_service.exe', '32');
DeleteFile('C:\Program Files\KRV1SIUO0S\F83QGTWZA.exe', '32');
DeleteFile('C:\Program Files\XEXVMF12D2\XEXVMF12D.exe', '32');
DeleteFile('c:\programdata\dahjservice\dahjservice.exe', '32');
DeleteFile('c:\programdata\logic cramble\set.exe', '32');
DeleteFile('c:\programdata\prefssecure\nettrans.exe', '32');
DeleteFile('c:\programdata\yahoochrome_d\desktop174.exe', '32');
DeleteFile('C:\Users\Pupsik\AppData\Local\B8F1A310-E7CB-74E4-84DB-3B7B2844256A\{CF43DB24-5905-3D92-3478-B277CEBE7649}..', '32');
DeleteFile('c:\users\pupsik\appdata\local\temp\00009638\msiql.exe', '32');
DeleteFile('c:\users\pupsik\appdata\local\temp\is-7jkia.tmp\g3cfkgdwezd.tmp', '32');
DeleteFile('C:\Users\Pupsik\AppData\Local\Temp\is-LKMM0.tmp\_isetup\_isdecmp.dll', '32');
DeleteFile('C:\Users\Pupsik\AppData\Local\Temp\is-LKMM0.tmp\idp.dll', '32');
DeleteFile('C:\Users\Pupsik\AppData\Local\Temp\xmrig.exe', '32');
DeleteFile('c:\users\pupsik\appdata\local\xservice\xservice.dll', '32');
DeleteFile('c:\users\pupsik\appdata\roaming\2btuzttitio\g3cfkgdwezd.exe', '32');
DeleteFile('C:\Users\Pupsik\AppData\Roaming\cpuminer\cpm.exe', '32');
DeleteFile('C:\Users\Pupsik\AppData\Roaming\iabqw4tm0rn\ykjbkjhwfgb.exe', '32');
DeleteFile('C:\Users\Pupsik\AppData\Roaming\TOIfotMLQI.exe', '32');
DeleteFile('C:\Users\Pupsik\AppData\Roaming\xmp4jwgbnec\blbjjsk33ge.exe', '32');
DeleteFile('C:\Windows\Temp\csrss.exe', '32');
DeleteFile('C:\Windows\Temp\svchost.exe', '32');
DeleteFile('C:\Windows\Wpai.exe', '32');
ExecuteFile('schtasks.exe', '/delete /TN "{1352E3D2-AF45-4182-AA3E-FC6FB99F9897}" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "{7E0F7947-7F0B-0A78-7F11-0F0D7E7F110B}" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "{8FB8EF90-03CF-4A98-BFDC-DAD0FA842C18}" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "{E2750EB4-D448-47F6-B20B-ADC53E3A9D5E}" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "{E3B7CD6C-31BC-74AA-D8EA-B164EFE31F45}" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "46F65358-17D4-8709-B853-EEF2F6029CB3" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "Checker64" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "KlAEYQtzmHgics" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "KlgKDPyHEeVbjwqnEgK2" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "XeRTeJCMKPYXWyYqW2" /F', 0, 15000, true);
ExecuteFile('schtasks.exe', '/delete /TN "xRZOrQVCBWPMscb2" /F', 0, 15000, true);
DeleteService('backlh');
DeleteService('dahjService');
DeleteService('NativeDesktopMediaService');
DeleteService('Nettrans');
DeleteService('saiyitechnology');
DeleteService('Windows');
DeleteFileMask('c:\progra~3\f2d18221', '*', true);
DeleteFileMask('c:\program files (x86)\fpyewgzdfwvvplycifr', '*', true);
DeleteFileMask('c:\program files (x86)\gyhhawmnbkqu2', '*', true);
DeleteFileMask('c:\program files (x86)\iupwubcycmhgc', '*', true);
DeleteFileMask('c:\program files (x86)\muzppgwvu', '*', true);
DeleteFileMask('c:\program files (x86)\opjpqbamiie', '*', true);
DeleteFileMask('c:\program files (x86)\script', '*', true);
DeleteFileMask('c:\program files (x86)\yeadesktop', '*', true);
DeleteFileMask('c:\program files\6i5ybfzau7', '*', true);
DeleteFileMask('c:\program files\dfe2tcznci', '*', true);
DeleteFileMask('c:\program files\jetmedia', '*', true);
DeleteFileMask('c:\program files\krv1siuo0s', '*', true);
DeleteFileMask('c:\program files\xexvmf12d2', '*', true);
DeleteFileMask('c:\programdata\dahjservice', '*', true);
DeleteFileMask('c:\programdata\logic cramble', '*', true);
DeleteFileMask('c:\programdata\prefssecure', '*', true);
DeleteFileMask('c:\programdata\yahoochrome_d', '*', true);
DeleteFileMask('c:\users\pupsik\appdata\local\b8f1a310-e7cb-74e4-84db-3b7b2844256a', '*', true);
DeleteFileMask('c:\users\pupsik\appdata\local\temp\00009638', '*', true);
DeleteFileMask('c:\users\pupsik\appdata\local\temp\is-7jkia.tmp', '*', true);
DeleteFileMask('c:\users\pupsik\appdata\local\xservice', '*', true);
DeleteFileMask('c:\users\pupsik\appdata\roaming\2btuzttitio', '*', true);
DeleteFileMask('c:\users\pupsik\appdata\roaming\cpuminer', '*', true);
DeleteFileMask('c:\users\pupsik\appdata\roaming\iabqw4tm0rn', '*', true);
DeleteFileMask('c:\users\pupsik\appdata\roaming\xmp4jwgbnec', '*', true);
DeleteDirectory('c:\progra~3\f2d18221');
DeleteDirectory('c:\program files (x86)\fpyewgzdfwvvplycifr');
DeleteDirectory('c:\program files (x86)\gyhhawmnbkqu2');
DeleteDirectory('c:\program files (x86)\iupwubcycmhgc');
DeleteDirectory('c:\program files (x86)\muzppgwvu');
DeleteDirectory('c:\program files (x86)\opjpqbamiie');
DeleteDirectory('c:\program files (x86)\script');
DeleteDirectory('c:\program files (x86)\yeadesktop');
DeleteDirectory('c:\program files\6i5ybfzau7');
DeleteDirectory('c:\program files\dfe2tcznci');
DeleteDirectory('c:\program files\jetmedia');
DeleteDirectory('c:\program files\krv1siuo0s');
DeleteDirectory('c:\program files\xexvmf12d2');
DeleteDirectory('c:\programdata\dahjservice');
DeleteDirectory('c:\programdata\logic cramble');
DeleteDirectory('c:\programdata\prefssecure');
DeleteDirectory('c:\programdata\yahoochrome_d');
DeleteDirectory('c:\users\pupsik\appdata\local\b8f1a310-e7cb-74e4-84db-3b7b2844256a');
DeleteDirectory('c:\users\pupsik\appdata\local\temp\00009638');
DeleteDirectory('c:\users\pupsik\appdata\local\temp\is-7jkia.tmp');
DeleteDirectory('c:\users\pupsik\appdata\local\xservice');
DeleteDirectory('c:\users\pupsik\appdata\roaming\2btuzttitio');
DeleteDirectory('c:\users\pupsik\appdata\roaming\cpuminer');
DeleteDirectory('c:\users\pupsik\appdata\roaming\iabqw4tm0rn');
DeleteDirectory('c:\users\pupsik\appdata\roaming\xmp4jwgbnec');
DelBHO('{C0D38E5A-7CF8-4105-8FE8-31B81443A114}');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '4549267');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '8972907');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', '9005909');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'msiql');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'OZUVTMCFGM2FCDI');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'VQ9ZT13V1WQ988W');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'YeaDesktop');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'ZJLLWNFBSVROUPH');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Y2MLG2LFTG70JR5', 'command');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\Run', 'cpuminer');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows\CurrentVersion\RunOnce', 'jvzle0xskm1');
RegKeyParamDel('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Services\WinService\Parameters', 'ServiceDll');
ExecuteRepair(2);
ExecuteRepair(4);
ExecuteRepair(3);
ExecuteRepair(21);
ExecuteFile('ipconfig.exe', '/flushdns', 0, 15000, true);
CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip');
ExecuteSysClean;
ExecuteWizard('SCU', 2, 2, true);
RebootWindows(true);
end.
Компьютер перезагрузится.