begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
if not IsWOW64
then
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
end;
QuarantineFile('C:\Users\Tomash\AppData\Roaming\Macromedia\Caches\mdm','');
QuarantineFile('C:\Users\Tomash\AppData\Local\Agworks\xcddulqb.dll','');
QuarantineFile('C:\Users\Tomash\AppData\Local\Olkics\slkwybdj.dll','');
DeleteFile('C:\Users\Tomash\AppData\Local\Olkics\slkwybdj.dll','32');
DeleteFile('C:\Users\Tomash\AppData\Local\Agworks\xcddulqb.dll','32');
DeleteFile('C:\Windows\system32\Tasks\MdmUpdateTaskMachineCore','64');
DeleteFile('C:\Users\Tomash\AppData\Roaming\Macromedia\Caches\mdm','32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Eption');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','Agworks');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(false);
end.
begin
CreateQurantineArchive('c:\quarantine.zip');
end.
CreateRestorePoint:
C:\Users\Tomash\AppData\Local\c645\9716.lnk
AlternateDataStreams: C:\Windows:nlsPreferences [514]
AlternateDataStreams: C:\Windows\steam_api64.dll:BDU [0]
AlternateDataStreams: C:\ProgramData\TEMP:56E2E879 [118]
Task: {8CB15686-ABEA-4F6C-82C2-20963D153F96} - \eec125ee-832f-44ac-ab8b-a857362350e3-11 -> No File <==== ATTENTION
HKU\S-1-5-21-2254411139-718755899-994215963-1001\...\StartupApproved\StartupFolder: => "w0rm.vbs"
HKLM\...\StartupApproved\Run32: => "w0rm"
HKU\S-1-5-21-2254411139-718755899-994215963-1001\...\StartupApproved\Run: => "w0rm"
C:\Users\Tomash\AppData\Local\Temp\libeay32.dll
C:\Users\Tomash\AppData\Local\Temp\msvcr120.dll
C:\Users\Tomash\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Tomash\AppData\Local\Temp\sqlite3.dll
Reboot:
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?