Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DeleteFileMask(GetAVZDirectory+'Quarantine', '*.*', true);
TerminateProcessByName('c:\windows\system32\csrcs.exe');
TerminateProcessByName('c:\windows\system32\msnwm.exe');
QuarantineFile('C:\tinkk\Файлы\wrar380ru.exe','');
QuarantineFile('C:\Program Files\QSP\QSPgui\sound\codec_aiff.dll','');
QuarantineFile('C:\WINDOWS\system32\drivers\kernelx86.sys','');
QuarantineFile('C:\WINDOWS\system32\GameMon.des','');
DeleteService('rkevluwc');
QuarantineFile('C:\WINDOWS\System32\Drivers\rkevluwc.sys','');
DeleteService('qoseqzjr');
QuarantineFile('C:\WINDOWS\System32\Drivers\qoseqzjr.sys','');
QuarantineFile('C:\Program Files\PeerBlock\pbfilter.sys','');
DeleteService('lkojwefi');
QuarantineFile('C:\WINDOWS\System32\Drivers\lkojwefi.sys','');
DeleteService('kswffrre');
QuarantineFile('C:\WINDOWS\System32\Drivers\kswffrre.sys','');
DeleteService('irnwagch');
QuarantineFile('C:\WINDOWS\System32\Drivers\irnwagch.sys','');
DeleteService('hryyqhqk');
QuarantineFile('C:\WINDOWS\System32\Drivers\hryyqhqk.sys','');
DeleteService('ecknpvpv');
QuarantineFile('C:\WINDOWS\System32\Drivers\ecknpvpv.sys','');
DeleteService('aasyytv7nq3r5a');
QuarantineFile('C:\Documents and Settings\LocalService\Application Data\Microsoft\wivoog.exe','');
DeleteService('vtuhaoddoua3');
QuarantineFile('C:\WINDOWS\system32\tifou.exe','');
QuarantineFile('C:\WINDOWS\system32\dehopedoo.exe','');
QuarantineFile('C:\Documents and Settings\LocalService\Application Data\Microsoft\dehopedoo.exe','');
QuarantineFile('c:\windows\system32\csrcs.exe','');
QuarantineFile('c:\windows\system32\msnwm.exe','');
QuarantineFile('C:\System Volume Information\_restore{D0A0393C-F82A-4319-843C-D762226ABC93}\RP284\A0171086.sys','');
QuarantineFile('C:\System Volume Information\_restore{D0A0393C-F82A-4319-843C-D762226ABC93}\RP284\A0171248.sys','');
QuarantineFile('F:\autorun.inf','');
QuarantineFile('G:\autorun.inf','');
QuarantineFile('G:\anpimw.exe','');
QuarantineFile('F:\anpimw.exe','');
QuarantineFile('C:\WINDOWS\system32\sdra64.exe','');
QuarantineFile('C:\Documents and Settings\tinkk\ybq.exe','');
QuarantineFile('C:\WINDOWS\system32\regedit.exe','');
QuarantineFile('C:\WINDOWS\System32\guxehqav.dll','');
QuarantineFile('C:\WINDOWS\system32\dxkvb.dll','');
DeleteFile('C:\WINDOWS\System32\Drivers\ecknpvpv.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\hryyqhqk.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\irnwagch.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\kswffrre.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\lkojwefi.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\qoseqzjr.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\rkevluwc.sys');
DeleteFile('C:\Documents and Settings\LocalService\Application Data\Microsoft\wivoog.exe');
DeleteFile('C:\WINDOWS\system32\tifou.exe');
DeleteFile('C:\WINDOWS\system32\dehopedoo.exe');
DeleteFile('C:\Documents and Settings\LocalService\Application Data\Microsoft\dehopedoo.exe');
DeleteFile('c:\windows\system32\csrcs.exe');
DeleteFile('c:\windows\system32\msnwm.exe');
DeleteFile('C:\System Volume Information\_restore{D0A0393C-F82A-4319-843C-D762226ABC93}\RP284\A0171086.sys');
DeleteFile('C:\System Volume Information\_restore{D0A0393C-F82A-4319-843C-D762226ABC93}\RP284\A0171248.sys');
DeleteFile('F:\autorun.inf');
DeleteFile('G:\autorun.inf');
DeleteFile('F:\anpimw.exe');
DeleteFile('G:\anpimw.exe');
DeleteFile('C:\WINDOWS\system32\sdra64.exe');
DeleteFile('C:\Documents and Settings\tinkk\ybq.exe');
DeleteFile('C:\WINDOWS\system32\regedit.exe');
DeleteFile('C:\WINDOWS\System32\guxehqav.dll');
DeleteFile('C:\WINDOWS\system32\dxkvb.dll');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','csrcs');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Regedit32');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run','woocob');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run','woocob');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','woocob');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad','UpdateCheck');
BC_ImportALL;
ExecuteSysClean;
DelSPIByFileName('C:\WINDOWS\System32\guxehqav.dll', false);
ExecuteWizard('TSW', 2, 2, true);
ExecuteWizard('SCU', 2, 2, true);
BC_Activate;
AutoFixSPI;
ClearHostsFile;
RebootWindows(true);
end.
Компьютер перезагрузится.