begin
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
TerminateProcessByName('c:\windows\temp\conhost.exe');
QuarantineFile('c:\windows\temp\conhost.exe', '');
DeleteFile('c:\windows\temp\conhost.exe', '');
DeleteFile('c:\windows\temp\conhost.exe', '64');
ExecuteSysClean;
ExecuteWizard('SCU', 2, 3, true);
CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip');
RebootWindows(true);
end.
begin
DeleteFile(GetAVZDirectory+'quarantine.7z');
ExecuteFile(GetAVZDirectory+'7za.exe', 'a -mx9 -pmalware quarantine .\Quarantine\*', 1, 300000, false);
end.
Start::
CreateRestorePoint:
Task: {02C6136A-A603-40A2-AC8D-8AD6393614FA} - \ok -> No File <==== ATTENTION
Task: {272E28CB-D52D-4AB2-AD5E-4E789FC98710} - \Mysa3 -> No File <==== ATTENTION
Task: {739EF136-F7CF-440E-B7F9-B3AB57FA7497} - \Mysa2 -> No File <==== ATTENTION
Task: {7FF7687B-6C02-45F6-BF7C-E5A69DACEB60} - \Mysa1 -> No File <==== ATTENTION
Task: {AE2A15ED-23CF-4640-9041-C4A720343D90} - \Mysa -> No File <==== ATTENTION
Task: {D8A1D332-356D-4F18-9969-0329B2A4654D} - \cvc -> No File <==== ATTENTION
EmptyTemp:
Reboot:
End::
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
DeleteFile('c:\windows\temp\conhost.exe', '32');
DeleteFile('c:\windows\debug\item.dat','32');
DeleteFile('c:\windows\debug\ok.dat','32');
DeleteSchedulerTask('Mysa');
DeleteSchedulerTask('Mysa1');
DeleteSchedulerTask('Mysa2');
DeleteSchedulerTask('Mysa3');
DeleteSchedulerTask('ok');
ExecuteSysClean;
ExecuteWizard('SCU', 2, 3, true);
RebootWindows(true);
end.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\gpsvc
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?