Код:
begin
StopService('spoolsrvrs');
StopService('werlsfks');
StopService('TrkWk');
DeleteService('TrkWk');
DeleteService('werlsfks');
DeleteService('spoolsrvrs');
TerminateProcessByName('c:\windows\fonts\web\winlogon.exe');
TerminateProcessByName('c:\windows\inf\netlibrariestip\0009\v3.5.56385\1049\5.0\wahiver.exe');
TerminateProcessByName('c:\users\administrator\appdata\roaming\svchost.exe');
TerminateProcessByName('c:\windows\fonts\web\taskhost.exe');
TerminateProcessByName('c:\users\administrator\svchost.exe');
TerminateProcessByName('c:\windows\inf\netlibrariestip\000d\1049\5.0\sql\ssms.exe');
TerminateProcessByName('c:\windows\inf\netlibrariestip\000d\1049\5.0\1049\5.0\spoolsv.exe');
TerminateProcessByName('C:\ProgramData\Microsoft\DRM\Hjataxe\NetFramework.exe');
TerminateProcessByName('c:\windows\inf\netlibrariestip\000d\1049\5.0\1049\5.0\mms.exe');
TerminateProcessByName('c:\windows\inf\netlibrariestip\000d\1049\5.0\sql\lsm.exe');
TerminateProcessByName('C:\ProgramData\Microsoft\DRM\Gfoci\lnterrupts.exe');
TerminateProcessByName('C:\ProgramData\Microsoft\DRM\Hjataxe\Jkuye.exe');
QuarantineFile('C:\Users\administrator\appdata\roaming\svchost.exe','');
QuarantineFile('C:\Users\administrator\svchost.exe','');
QuarantineFile('C:\Windows\Inf\NETLIBRARIESTIP\000D\1049\5.0\SQL\lsm.exe','');
QuarantineFile('C:\Windows\Fonts\web\taskhost.exe','');
QuarantineFile('C:\Windows\Inf\NETLIBRARIESTIP\000D\1049\5.0\1049\5.0\mms.exe','');
QuarantineFile('c:\windows\fonts\web\winlogon.exe','');
QuarantineFile('c:\windows\inf\netlibrariestip\0009\v3.5.56385\1049\5.0\wahiver.exe','');
QuarantineFile('c:\windows\fonts\web\taskhost.exe','');
QuarantineFile('c:\users\administrator\appdata\roaming\svchost.exe','');
QuarantineFile('c:\users\administrator\svchost.exe','');
QuarantineFile('c:\windows\inf\netlibrariestip\000d\1049\5.0\sql\ssms.exe','');
QuarantineFile('c:\windows\inf\netlibrariestip\000d\1049\5.0\1049\5.0\spoolsv.exe','');
QuarantineFile('C:\ProgramData\Microsoft\DRM\Hjataxe\NetFramework.exe','');
QuarantineFile('c:\windows\inf\netlibrariestip\000d\1049\5.0\1049\5.0\mms.exe','');
QuarantineFile('c:\windows\inf\netlibrariestip\000d\1049\5.0\sql\lsm.exe','');
QuarantineFile('C:\ProgramData\Microsoft\DRM\Gfoci\lnterrupts.exe','');
QuarantineFile('C:\ProgramData\Microsoft\DRM\Hjataxe\Jkuye.exe','');
QuarantineFileF('c:\windows\inf\netlibrariestip', '*.exe, *.dll, *.sys, *.bat, *.vbs, *.ps1, *.js*, *.tmp*', true, '', 0 ,0);
DeleteFile('C:\ProgramData\Microsoft\DRM\Hjataxe\Jkuye.exe','32');
DeleteFile('C:\ProgramData\Microsoft\DRM\Gfoci\lnterrupts.exe','32');
DeleteFile('c:\windows\inf\netlibrariestip\000d\1049\5.0\sql\lsm.exe','32');
DeleteFile('c:\windows\inf\netlibrariestip\000d\1049\5.0\1049\5.0\mms.exe','32');
DeleteFile('C:\ProgramData\Microsoft\DRM\Hjataxe\NetFramework.exe','32');
DeleteFile('c:\windows\inf\netlibrariestip\000d\1049\5.0\1049\5.0\spoolsv.exe','32');
DeleteFile('c:\windows\inf\netlibrariestip\000d\1049\5.0\sql\ssms.exe','32');
DeleteFile('c:\users\administrator\svchost.exe','32');
DeleteFile('c:\users\administrator\appdata\roaming\svchost.exe','32');
DeleteFile('c:\windows\fonts\web\taskhost.exe','32');
DeleteFile('c:\windows\inf\netlibrariestip\0009\v3.5.56385\1049\5.0\wahiver.exe','32');
DeleteFile('c:\windows\fonts\web\winlogon.exe','32');
DeleteFile('C:\Windows\Inf\NETLIBRARIESTIP\000D\1049\5.0\1049\5.0\mms.exe','32');
DeleteFile('C:\Windows\Fonts\web\taskhost.exe','32');
DeleteFile('C:\Windows\Inf\NETLIBRARIESTIP\000D\1049\5.0\SQL\lsm.exe','32');
DeleteFile('C:\Windows\system32\Tasks\Microsoft\Windows\EntityFramework\NetLibrary','64');
DeleteFile('C:\Windows\system32\Tasks\Microsoft\Windows\EntityFramework2\NetLibrary','64');
DeleteFile('C:\Users\administrator\svchost.exe','32');
DeleteFile('C:\Users\administrator\appdata\roaming\svchost.exe','32');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
end.
После выполнения скрипта перезагрузите сервер вручную.