502fgc0u.exe -del service aszwbwn
502fgc0u.exe -del service ctykdylxy
502fgc0u.exe -del service dhldnzi
502fgc0u.exe -del service emdbp
502fgc0u.exe -del service ercvickp
502fgc0u.exe -del service hmopbuyxd
502fgc0u.exe -del service qrqln
502fgc0u.exe -del service sbpkih
502fgc0u.exe -del service xejuh
502fgc0u.exe -del service yqlkfiobl
502fgc0u.exe -del file "C:\WINDOWS\system32\wpymymct.dll"
502fgc0u.exe -del file "C:\Program Files\Internet Explorer\wpymymct.dll"
502fgc0u.exe -del file "C:\WINDOWS\system32\tqhuqoa.dll"
502fgc0u.exe -del reg "HKLM\SYSTEM\CurrentControlSet\Services\yqlkfiobl"
502fgc0u.exe -del reg "HKLM\SYSTEM\CurrentControlSet\Services\xejuh"
502fgc0u.exe -del reg "HKLM\SYSTEM\CurrentControlSet\Services\sbpkih"
502fgc0u.exe -del reg "HKLM\SYSTEM\CurrentControlSet\Services\qrqln"
502fgc0u.exe -del reg "HKLM\SYSTEM\CurrentControlSet\Services\hmopbuyxd"
502fgc0u.exe -del reg "HKLM\SYSTEM\CurrentControlSet\Services\ercvickp"
502fgc0u.exe -del reg "HKLM\SYSTEM\CurrentControlSet\Services\emdbp"
502fgc0u.exe -del reg "HKLM\SYSTEM\CurrentControlSet\Services\dhldnzi"
502fgc0u.exe -del reg "HKLM\SYSTEM\CurrentControlSet\Services\ctykdylxy"
502fgc0u.exe -del reg "HKLM\SYSTEM\CurrentControlSet\Services\aszwbwn"
502fgc0u.exe -del reg "HKLM\SYSTEM\ControlSet004\Services\yqlkfiobl"
502fgc0u.exe -del reg "HKLM\SYSTEM\ControlSet004\Services\xejuh"
502fgc0u.exe -del reg "HKLM\SYSTEM\ControlSet004\Services\sbpkih"
502fgc0u.exe -del reg "HKLM\SYSTEM\ControlSet004\Services\qrqln"
502fgc0u.exe -del reg "HKLM\SYSTEM\ControlSet004\Services\hmopbuyxd"
502fgc0u.exe -del reg "HKLM\SYSTEM\ControlSet004\Services\ercvickp"
502fgc0u.exe -del reg "HKLM\SYSTEM\ControlSet004\Services\emdbp"
502fgc0u.exe -del reg "HKLM\SYSTEM\ControlSet004\Services\dhldnzi"
502fgc0u.exe -del reg "HKLM\SYSTEM\ControlSet004\Services\ctykdylxy"
502fgc0u.exe -del reg "HKLM\SYSTEM\ControlSet004\Services\aszwbwn"
502fgc0u.exe -del reg "HKLM\SYSTEM\ControlSet003\Services\yqlkfiobl"
502fgc0u.exe -del reg "HKLM\SYSTEM\ControlSet003\Services\xejuh"
502fgc0u.exe -del reg "HKLM\SYSTEM\ControlSet003\Services\sbpkih"
502fgc0u.exe -del reg "HKLM\SYSTEM\ControlSet003\Services\qrqln"
502fgc0u.exe -del reg "HKLM\SYSTEM\ControlSet003\Services\hmopbuyxd"
502fgc0u.exe -del reg "HKLM\SYSTEM\ControlSet003\Services\ercvickp"
502fgc0u.exe -del reg "HKLM\SYSTEM\ControlSet003\Services\emdbp"
502fgc0u.exe -del reg "HKLM\SYSTEM\ControlSet003\Services\dhldnzi"
502fgc0u.exe -del reg "HKLM\SYSTEM\ControlSet003\Services\ctykdylxy"
502fgc0u.exe -del reg "HKLM\SYSTEM\ControlSet003\Services\aszwbwn"
502fgc0u.exe -del reg "HKLM\SYSTEM\ControlSet002\Services\yqlkfiobl"
502fgc0u.exe -del reg "HKLM\SYSTEM\ControlSet002\Services\xejuh"
502fgc0u.exe -del reg "HKLM\SYSTEM\ControlSet002\Services\sbpkih"
502fgc0u.exe -del reg "HKLM\SYSTEM\ControlSet002\Services\qrqln"
502fgc0u.exe -del reg "HKLM\SYSTEM\ControlSet002\Services\hmopbuyxd"
502fgc0u.exe -del reg "HKLM\SYSTEM\ControlSet002\Services\ercvickp"
502fgc0u.exe -del reg "HKLM\SYSTEM\ControlSet002\Services\emdbp"
502fgc0u.exe -del reg "HKLM\SYSTEM\ControlSet002\Services\dhldnzi"
502fgc0u.exe -del reg "HKLM\SYSTEM\ControlSet002\Services\ctykdylxy"
502fgc0u.exe -del reg "HKLM\SYSTEM\ControlSet002\Services\aszwbwn"
502fgc0u.exe -reboot
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\system32\01.tmp','');
DeleteFile('C:\WINDOWS\system32\01.tmp');
BC_ImportAll;
ExecuteSysClean;
BC_DeleteSvc('hjzbvusm');
BC_Activate;
RebootWindows(true);
end.
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
"browser.startup.homepage" - "http://www.smaxxi.biz"
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?