Не то отправилилог UvS
begin
ShowMessage('Внимание! Перед выполнением скрипта AVZ автоматически закроет все сетевые подключения.' + #13#10 + 'После перезагрузки компьютера подключения к сети будут восстановлены в автоматическом режиме.');
ExecuteFile('net.exe', 'stop tcpip /y', 0, 15000, true);
QuarantineFile('C:\Users\Admin\AppData\Roaming\Browsers\exe.erolpxei.bat', '');
QuarantineFileF('c:\program files (x86)\kingsoft', '*', true, '', 0 , 0);
QuarantineFile('C:\Users\Admin\AppData\Roaming\Browsers\exe.erolpxei.bat','');
QuarantineFile('C:\Users\Admin\AppData\Roaming\Browsers\exe.xoferif.bat','');
QuarantineFile('C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\865B~1\DD6A~1\68BE~1.LNK', '');
QuarantineFile('C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\865B~1\DD6A~1\30B3~1.LNK', '');
QuarantineFile('C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\865B~1\DD6A~1\A333~1.LNK', '');
QuarantineFile('C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\865B~1\DD6A~1\3D2A~1.LNK', '');
DeleteFile('C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\865B~1\DD6A~1\68BE~1.LNK');
DeleteFile('C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\865B~1\DD6A~1\30B3~1.LNK');
DeleteFile('C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\865B~1\DD6A~1\A333~1.LNK');
DeleteFile('C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\865B~1\DD6A~1\3D2A~1.LNK');
DeleteFile('C:\Users\Admin\AppData\Roaming\Browsers\exe.erolpxei.bat','');
DeleteFile('C:\Users\Admin\AppData\Roaming\Browsers\exe.xoferif.bat','');
DeleteFile('C:\Users\Admin\AppData\Roaming\Browsers\exe.erolpxei.bat');
DeleteFileMask('c:\program files (x86)\kingsoft', '*', true);
DeleteDirectory('c:\program files (x86)\kingsoft', '');
RegKeyDel('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Services\Eventlog\Kingsoft Internet Security');
CreateQurantineArchive(GetAVZDirectory + 'quarantine.zip');
ExecuteRepair(2);
BC_ImportALL;
ExecuteSysClean;
BC_Activate;
ExecuteWizard('SCU',2,3,true);
RebootWindows(true);
end.
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
;uVS v3.85.7 [http://dsrt.dyndns.org]
;Target OS: NTv6.1
v385c
breg
zoo %SystemDrive%\USERS\ADMIN\APPDATA\ROAMING\BROWSERS\EXE.EROLPXEI.BAT
zoo %SystemDrive%\USERS\ADMIN\APPDATA\ROAMING\BROWSERS\EXE.XOFERIF.BAT
delref D:\IQIYIV~1\LSTYLE\QYPLUGIN.DLL
delref D:\IQIYIV~1\LSTYLE\QYPLUG~1.DLL
dirzoo %SystemDrive%\USERS\ADMIN\APPDATA\ROAMING\IQIYI VIDEO
deldir %SystemDrive%\USERS\ADMIN\APPDATA\ROAMING\IQIYI VIDEO
chklst
delvir
regt 29
regt 28
czoo
deltmp
restart
var
LogPath : string;
ScriptPath : string;
begin
LogPath := GetAVZDirectory + 'log\avz_log.txt';
if FileExists(LogPath) Then DeleteFile(LogPath);
ScriptPath := GetAVZDirectory +'ScanVuln.txt';
if DownloadFile('http://dataforce.ru/~kad/ScanVuln.txt', ScriptPath, 1) then ExecuteScript(ScriptPath) else begin
if DownloadFile('http://dataforce.ru/~kad/ScanVuln.txt', ScriptPath, 0) then ExecuteScript(ScriptPath) else begin
ShowMessage('Невозможно загрузить скрипт AVZ для обнаружения наиболее часто используемых уязвимостей!');
exit;
end;
end;
if FileExists(LogPath) Then ExecuteFile('notepad.exe', LogPath, 1, 0, false)
end.
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?