Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('c:\windows\explorer.exe:userini.exe:$DATA','');
QuarantineFile('c:\windows\system32\svchost.exe:exe.exe:$DATA','');
QuarantineFile('slmvsrv.exe','');
QuarantineFile('c:\documents and settings\all users\application data\srtserv\slmvsrv.exe','');
QuarantineFile('C:\WINDOWS\system32\poussub.exe','');
QuarantineFile('C:\WINDOWS\system32\dyzuzoc.exe','');
QuarantineFile('C:\Documents and Settings\User\Application Data\xgezu.exe','');
QuarantineFile('C:\WINDOWS\system32\drivers\protect.sys','');
DeleteService('protect');
QuarantineFile('jrmpciyxjzrjkh.sys','');
DeleteService('jrmpciyxjzrjkh');
QuarantineFile('00001C8D.sys','');
QuarantineFile('C:\WINDOWS\system32\DRIVERS\tcpip.sys','');
QuarantineFile('C:\DOCUME~1\User\LOCALS~1\Temp\WPM49.tmp','');
QuarantineFile('C:\Documents and Settings\All Users\Application Data\srtserv\sdata.dll','');
TerminateProcessByName('c:\windows\temp\wpv511274083602.exe');
QuarantineFile('c:\windows\temp\wpv511274083602.exe','');
TerminateProcessByName('c:\docume~1\user\locals~1\temp\wpm49.tmp');
QuarantineFile('c:\docume~1\user\locals~1\temp\wpm49.tmp','');
TerminateProcessByName('c:\windows\system32\userini.exe');
QuarantineFile('c:\windows\system32\userini.exe','');
TerminateProcessByName('c:\windows\system32\kydu.exe');
QuarantineFile('c:\windows\system32\kydu.exe','');
TerminateProcessByName('c:\windows\system32\dyzuzoc.exe');
QuarantineFile('c:\windows\system32\dyzuzoc.exe','');
TerminateProcessByName('c:\windows\system32\csrcs.exe');
QuarantineFile('c:\windows\system32\csrcs.exe','');
TerminateProcessByName('c:\docume~1\user\locals~1\temp\1303.exe');
QuarantineFile('c:\docume~1\user\locals~1\temp\1303.exe','');
TerminateProcessByName('c:\docume~1\user\locals~1\temp\0646997.exe');
QuarantineFile('c:\docume~1\user\locals~1\temp\0646997.exe','');
DeleteFile('c:\docume~1\user\locals~1\temp\0646997.exe');
DeleteFile('c:\docume~1\user\locals~1\temp\1303.exe');
DeleteFile('c:\windows\system32\csrcs.exe');
DeleteFile('c:\windows\system32\dyzuzoc.exe');
DeleteFile('c:\windows\system32\kydu.exe');
DeleteFile('c:\windows\system32\userini.exe');
DeleteFile('c:\docume~1\user\locals~1\temp\wpm49.tmp');
DeleteFile('c:\windows\temp\wpv511274083602.exe');
DeleteFile('C:\Documents and Settings\All Users\Application Data\srtserv\sdata.dll');
DeleteFile('C:\DOCUME~1\User\LOCALS~1\Temp\WPM49.tmp');
DeleteFile('jrmpciyxjzrjkh.sys');
DeleteFile('C:\WINDOWS\system32\drivers\protect.sys');
DeleteFile('C:\Documents and Settings\User\Application Data\xgezu.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunServices','csrcs');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','csrcs');
DeleteFile('C:\WINDOWS\system32\dyzuzoc.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','viru');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunServices','viru');
DeleteFile('C:\WINDOWS\system32\poussub.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','dulik');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\RunServices','dulik');
DeleteFile('c:\documents and settings\all users\application data\srtserv\slmvsrv.exe');
DeleteFile('slmvsrv.exe');
DeleteFile('c:\windows\system32\svchost.exe:exe.exe:$DATA');
DeleteFile('c:\windows\explorer.exe:userini.exe:$DATA');
QuarantineFile('c:\windows\system32\svchost.exe:exe.exe','');
QuarantineFile('c:\windows\explorer.exe:userini.exe','');
DeleteFile('c:\windows\system32\svchost.exe:exe.exe');
DeleteFile('c:\windows\explorer.exe:userini.exe');
DeleteFileMask('C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5', '*.*', true);
BC_ImportAll;
ExecuteSysClean;
ExecuteRepair(11);
ExecuteRepair(10);
ExecuteRepair(6);
ExecuteRepair(8);
RegKeyIntParamWrite('HKLM', 'SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum', '{BDEADF00-C265-11D0-BCED-00A0C90AB50F}', 1);
ExecuteWizard('TSW', 2, 2, true);
ExecuteWizard('SCU', 2, 2, true);
RegKeyIntParamWrite('HKLM','SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer','NoDriveTypeAutoRun', 221);
BC_DeleteSvc('ICF');
BC_Activate;
RebootWindows(true);
end.
После перезагрузки: