@echo off
chcp 1255

copy %0 "%userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"


taskkill /im wscript.exe
taskkill /im cscript.exe
taskkill /im streamer.exe
taskkill /im WinddowsUpdater.exe

cd  /d c:/
mkdir streamer
mkdir streamerdata
mkdir WinddowsUpdater
mkdir WinddowsUpdateCheck
mkdir fegmtdrhbkjzbhmbrodnh
mkdir kufmrozaaytnhivmdxwbz

attrib +H c:/streamer
attrib +H c:/streamerdata
attrib +H c:/WinddowsUpdater
attrib +H c:/WinddowsUpdateCheck
attrib +H c:/fegmtdrhbkjzbhmbrodnh
attrib +H c:/kufmrozaaytnhivmdxwbz


icacls "c:/streamer" /deny Everyone:(OI)(CI)(DE,DC,WD,GR)
icacls "c:/streamerdata" /deny Everyone:(OI)(CI)(DE,DC,WD,GR)
icacls "c:/WinddowsUpdater" /deny Everyone:(OI)(CI)(DE,DC,WD,GR)
icacls "c:/WinddowsUpdateCheck" /deny Everyone:(OI)(CI)(DE,DC,WD,GR)
icacls "C:/fegmtdrhbkjzbhmbrodnh" /deny Everyone:(OI)(CI)(DE,DC,WD,GR)
icacls "C:/kufmrozaaytnhivmdxwbz" /deny Everyone:(OI)(CI)(DE,DC,WD,GR)


del "%userprofile%\AppData\Local\Temp\*.vbs"
del "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\*.vbs"
del "%userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.vbs"
del "%userprofile%\AppData\Local\Temp\*.wsf"
del "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\*.wsf"
del "%userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.wsf"
del "%userprofile%\AppData\Local\Temp\*.vfs"
del "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\*.vfs"
del "%userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.vfs"
del "%userprofile%\AppData\Local\Temp\IMG-512.wsf"
del "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\IMG-512.wsf"
del "%userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMG-512.wsf"

del C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\desktop.ini
del %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

reg delete HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run  /v "WinddowsUpdater" /f
reg delete HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run  /v "WinddowsUpdate" /f
reg delete HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run  /v "WinddowsUpdater" /f
reg delete HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run  /v "WinddowsUpdate" /f
reg delete HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run  /v "Streamer" /f
reg delete HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run  /v "streamer" /f
reg delete HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run  /v "Streamer" /f
reg delete HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run  /v "streamer" /f


msg ** הוירוס נמצא במחשב אך נעול ואינו יכול להזיק לעולם. אך יש זנים של 'וירוס קיצורי הדרך' שלא ננעלו ולכן אם הותקפם בהם יש להפעיל את המחשב מחדש ואז ימחקו