MediaGet
MinerGate
begin
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
ClearQuarantineEx(true);
TerminateProcessByName('c:\programdata\framework\windows driver.exe');
TerminateProcessByName('c:\programdata\windowssql\com surrogate.exe');
QuarantineFile('C:\Program Files\MinerGate\minergate.exe', '');
QuarantineFile('c:\programdata\framework\windows driver.exe', '');
QuarantineFile('c:\programdata\windowssql\com surrogate.exe', '');
DeleteFile('C:\Program Files\MinerGate\minergate.exe', '32');
DeleteFile('c:\programdata\framework\windows driver.exe', '32');
DeleteFile('c:\programdata\windowssql\com surrogate.exe', '32');
RegKeyParamDel('HKEY_CURRENT_USER', 'Software\Microsoft\Windows\CurrentVersion\Run', 'MinerGateGui');
CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip');
ExecuteSysClean;
ExecuteRepair(3);
ExecuteRepair(4);
ExecuteWizard('SCU', 2, 3, true);
RebootWindows(true);
end.
;uVS v4.0.10 [http://dsrt.dyndns.org]
;Target OS: NTv10.0
v400c
BREG
;---------command-b---------
bl 4635935FC972C582632BF45C26BFCB0E 8192
zoo %SystemDrive%\PROGRAMDATA\WINDOWSSQL\SYSTEM.EXE
delall %SystemDrive%\PROGRAMDATA\WINDOWSSQL\SYSTEM.EXE
zoo %SystemDrive%\PROGRAMDATA\DIRECTX11B\SYSTEM.EXE
delall %SystemDrive%\PROGRAMDATA\DIRECTX11B\SYSTEM.EXE
zoo %SystemDrive%\PROGRAMDATA\FRAMEWORK\SYSTEM.EXE
delall %SystemDrive%\PROGRAMDATA\FRAMEWORK\SYSTEM.EXE
apply
zoo %SystemDrive%\PROGRAMDATA\FRAMEWORK\WINDOWS DRIVER.EXE
bl 818DB8AB8F364495A38DE6E00D50F015 406528
addsgn 1A8F7E9A5583DD8CF42B627DA804DEC9E946303A4536D3C184C3C5BCA2D961619B678757D549244B2B80846D4906643A0D9BE8995863B32C2D775620D72B9A03 8 Win32.BitCoinMiner.hxao [Kaspersky] 7
chklst
delvir
deldir %SystemDrive%\PROGRAMDATA\DIRECTX11B\
deldir %SystemDrive%\PROGRAMDATA\FRAMEWORK\
czoo
restart
Файл ZOO переименовал в quarantine
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?