Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(true);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1201', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1001', 1);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '1004', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '2201', 3);
RegKeyIntParamWrite('HKCU', 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\', '2201', 1);
QuarantineFile('C:\Documents and Settings\Admin\Application Data\efmkpqdj.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\ejtfrrhj.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\ekrjovij.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\enmrqllj.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\eqigmqoj.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\etnplmrj.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\fineqvgk.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\flhepkjk.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\ftsrkork.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\gfsepsdl.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\ghgpprfl.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\gmkemvkl.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\grhomspl.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\hilnnmgm.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\ighomqen.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\iiejkogn.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\itqnkxrn.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\jijfnygo.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\joefrvmo.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\jrsiltpo.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\jsffnwqo.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\jtrnkwro.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\khtpmqfp.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\knsemnlp.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\kptkpknp.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\lepkqucq.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\lomqpymq.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\lptnktnq.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\miqgmlgr.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\mjitkphr.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\mpotlsnr.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\mrhklypr.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\nelhqucs.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\niqjplgs.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\ojifrvht.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\olsfrtjt.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\oohhlxmt.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\opkgmnnt.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\otioolrt.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\penqnkcu.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\pkksktiu.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\porlltmu.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\qefjqlcv.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\qhfjrofv.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\qisrrsgv.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\rhiplkfw.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\riopnrgw.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\rmiknvkw.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\rrojmwpw.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\rrrjlnpw.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\sggiprex.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\skpioyix.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\slkspsjx.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\sregnnpx.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\ssrrnnqx.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\tinhkjgy.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\tnktowly.exe','');
QuarantineFile('C:\Documents and Settings\Admin\Application Data\trmlltpy.exe','');
QuarantineFile('C:\WINDOWS\system32\ACF7EF\74BE16.EXE','');
QuarantineFile('C:\WINDOWS\system32\XP-D41D8CD9.EXE','');
QuarantineFile('C:\WINDOWS\System32\Drivers\avgtdi.sys','');
DeleteFile('C:\WINDOWS\system32\XP-D41D8CD9.EXE');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','XP-D41D8CD9');
DeleteFile('C:\WINDOWS\system32\ACF7EF\74BE16.EXE');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','74BE16');
DeleteFile('C:\Documents and Settings\Admin\Application Data\trmlltpy.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\tnktowly.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\tinhkjgy.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\ssrrnnqx.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\sregnnpx.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\slkspsjx.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\skpioyix.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\sggiprex.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\rrrjlnpw.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\rrojmwpw.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\rmiknvkw.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\riopnrgw.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\rhiplkfw.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\qisrrsgv.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\qhfjrofv.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\qefjqlcv.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\porlltmu.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\pkksktiu.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\penqnkcu.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\otioolrt.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\opkgmnnt.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\oohhlxmt.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\olsfrtjt.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\ojifrvht.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\niqjplgs.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\nelhqucs.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\mrhklypr.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\mpotlsnr.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\mjitkphr.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\miqgmlgr.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\lptnktnq.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\lomqpymq.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\lepkqucq.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\kptkpknp.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\knsemnlp.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\khtpmqfp.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\jtrnkwro.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\jsffnwqo.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\jrsiltpo.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\joefrvmo.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\jijfnygo.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\itqnkxrn.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\iiejkogn.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\ighomqen.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\hilnnmgm.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\grhomspl.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\gmkemvkl.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\ghgpprfl.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\gfsepsdl.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\ftsrkork.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\flhepkjk.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\fineqvgk.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\etnplmrj.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\eqigmqoj.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\enmrqllj.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\ekrjovij.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\ejtfrrhj.exe');
DeleteFile('C:\Documents and Settings\Admin\Application Data\efmkpqdj.exe');
BC_ImportAll;
ExecuteSysClean;
ExecuteWizard('TSW',2,2,true);
BC_Activate;
RebootWindows(true);
end.
После выполнения скрипта компьютер перезагрузится.