ПОЛЬЗОВАТЕЛЯМ

Закрыть

Поиск

Поиск

Поддержка
Круглосуточная поддержка

Напишите

Запрос через форму

Позвоните

Бесплатно по России:
8-800-333-79-32

ЧаВо | Форум

Напишите

Задать вопрос в поддержку

Ваши запросы

  • Все: -
  • Незакрытые: -
  • Последний: -

Позвоните

Бесплатно по России:
8-800-333-79-32

Свяжитесь с нами Незакрытые запросы: 

Профиль

Профиль

RU
RU CN DE EN ES FR IT JP KZ UZ PL BY
Закрыть

Переключение языка сайта

Сервисы
Сканеры
FixIt!
Dr.Web vxCube
Экспертиза ВКИ
Вирусная библиотека
База знаний

Технологии

Термины

Обучение и просвещение

Мифы

Новости

Trojan.MulDrop18.41199

Добавлен в вирусную базу Dr.Web: 2021-09-12

Описание добавлено:

Техническая информация

Вредоносные функции
Для затруднения выявления своего присутствия в системе
удаляет теневые копии разделов.
Запускает на исполнение
  • '<SYSTEM32>\net.exe' stop U8WorkerService1
  • '<SYSTEM32>\taskkill.exe' /IM RavTray.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM node.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM ssms.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM SecureCRT.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM pvlsvr.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM wampmanager.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM bedbg.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM nginx.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM rdm.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM beserver.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM RsTray.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM wrapper.exe /F
  • '<SYSTEM32>\net.exe' stop UTUService
  • '<SYSTEM32>\net.exe' stop UFReportService
  • '<SYSTEM32>\taskkill.exe' /IM sqlbrowser.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM yundetectservice.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM GNAupdaemon.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM sshd.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM SyncBaseSvr.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM sqlwriter.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM VirtualBoxVM.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM ssclient.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM msftesql.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM iempwatchdog.exe /F
  • '<SYSTEM32>\net.exe' stop UFAllNet
  • '<SYSTEM32>\taskkill.exe' /IM VBoxSVC.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM sqlmangr.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM vm-tray.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM baidunetdisk.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM VirtualBox.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM beremote.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM mssearch.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM SecureCRTPortable.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM vmtoolsd.exe /F
  • '<SYSTEM32>\net.exe' stop U8WebPool
  • '<SYSTEM32>\taskkill.exe' /IM eSightService.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM CasLicenceServer.exe /F
  • '<SYSTEM32>\net.exe' stop U8DispatchService
  • '<SYSTEM32>\net.exe' stop NFSysService
  • '<SYSTEM32>\taskkill.exe' /IM BackupExecManagementService.exe /F
  • '<SYSTEM32>\net.exe' stop TurboCRM70
  • '<SYSTEM32>\taskkill.exe' /IM CCenter.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM fdlauncher.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM vm-agent-daemon.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM fdhost.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM TeamViewer.exe /F
  • '<SYSTEM32>\net.exe' stop SentinelKeysServer
  • '<SYSTEM32>\net.exe' stop "ABBYY.Licensing.FineReader.Professional.12.0"
  • '<SYSTEM32>\net.exe' stop AgentX
  • '<SYSTEM32>\net.exe' stop "Apple Mobile Device Service"
  • '<SYSTEM32>\net.exe' stop DGPNPSEV
  • '<SYSTEM32>\net.exe' stop U8KeyManagePool
  • '<SYSTEM32>\net.exe' stop U8TaskService
  • '<SYSTEM32>\net.exe' stop U8EISService
  • '<SYSTEM32>\net.exe' stop U8SLReportService
  • '<SYSTEM32>\taskkill.exe' /IM tv_x64.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM benetns.exe /F
  • '<SYSTEM32>\net.exe' stop U8SCMPool
  • '<SYSTEM32>\net.exe' stop U8MPool
  • '<SYSTEM32>\taskkill.exe' /IM d_manage.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM softmgrlite.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM cygrunsrv.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM reportingservicesservice.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM tv_w32.exe /F
  • '<SYSTEM32>\net.exe' stop U8GCService
  • '<SYSTEM32>\taskkill.exe' /IM bengine.exe /F
  • '<SYSTEM32>\net.exe' stop U8EncryptService
  • '<SYSTEM32>\taskkill.exe' /IM ScanFrm.exe /F
  • '<SYSTEM32>\net.exe' stop NFOTPService
  • '<SYSTEM32>\taskkill.exe' /IM abs_deployer.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM php.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM oracle.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM Tencentdll.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM DisklessServer.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM JhTask.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM IDDAService.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM Jointsky.CloudExchange.NodeService.ein /F
  • '<SYSTEM32>\taskkill.exe' /IM TXPlatform.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM IcafeServicesTray.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM ControlServer.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM AutoDealService.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM Jointsky.CloudExchangeService.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM BsAgent_0.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM His6Service.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM fppdis5.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM WeChat.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM dinotify.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM DataShareBox.ShareBoxService.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM perl.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM TransMain.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM service_agent.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM AndroidServer.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM DAService.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM QQ.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM TsServer.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM PersonUDisk.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM Executer.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM EnergyDataService.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM emagent.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM jenkins.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM NetDiskServer.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM AllPassCBHost.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM MPService.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM DumpServer.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM ap_nginx.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM UIODetect.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM oravssw.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM SOUNDMAN.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM ipc_proxy.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM GoodGameSrv.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM igfxHK.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM SyncBaseConsole.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM "phpStudy.exe" /F
  • '<SYSTEM32>\taskkill.exe' /IM aspnet_state.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM sfupdatemgr.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM igfxEM.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM TNSLSNR.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM "notepad++.exe" /F
  • '<SYSTEM32>\taskkill.exe' /IM edr_monitor.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM RemoteAssistProcess.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM RAVCp164.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM BarMoniService.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM igfxTray.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM OPCClient.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM BarCMService.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM DataShareBox.ShareBoxMonitorService.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM GNCEFExternal.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM BarServerView.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM PrivacyIconClient.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM MySQLNotifier.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM SunloginClient.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM sfavsvc.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM GoodGame.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM redis-server.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM edr_agent.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM SupportAssistAgent.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM edr_sec_plan.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM TsService.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM 360bdoctor.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM AutoBackUpEx.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM navicat.exe /F
  • '<SYSTEM32>\net.exe' stop Mysoft.SchedulingService
  • '<SYSTEM32>\taskkill.exe' /IM AppMain.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM mdm.exe /F
  • '<SYSTEM32>\net.exe' stop GNWebService
  • '<SYSTEM32>\net.exe' stop AdobeARMservice
  • '<SYSTEM32>\net.exe' stop MSExchangeFrontEndTransport
  • '<SYSTEM32>\net.exe' stop CASWebServer
  • '<SYSTEM32>\net.exe' stop FirebirdServerDefaultInstance
  • '<SYSTEM32>\net.exe' stop MSExchangeFastSearch
  • '<SYSTEM32>\net.exe' stop CASLicenceServer
  • '<SYSTEM32>\net.exe' stop AutoUpdateService
  • '<SYSTEM32>\net.exe' stop RapidRecoveryAgent
  • '<SYSTEM32>\net.exe' stop QPCore
  • '<SYSTEM32>\net.exe' stop Service2
  • '<SYSTEM32>\net.exe' stop MSExchangeDiagnostics
  • '<SYSTEM32>\net.exe' stop TeamViewer
  • '<SYSTEM32>\net.exe' stop JWService
  • '<SYSTEM32>\net.exe' stop MSExchangeDelivery
  • '<SYSTEM32>\net.exe' stop MSExchangeEdgeSync
  • '<SYSTEM32>\net.exe' stop MSExchangeImap4
  • '<SYSTEM32>\net.exe' stop RapService
  • '<SYSTEM32>\net.exe' stop "Alibaba Security Aegis Detect Service"
  • '<SYSTEM32>\net.exe' stop TPlusStdUpgradeService1300
  • '<SYSTEM32>\net.exe' stop MSExchangeIS
  • '<SYSTEM32>\net.exe' stop AGSService
  • '<SYSTEM32>\net.exe' stop TPlusStdTaskService1300
  • '<SYSTEM32>\net.exe' stop MSExchangeIMAP4BE
  • '<SYSTEM32>\net.exe' stop CASXMLService
  • '<SYSTEM32>\net.exe' stop Tomcat8
  • '<SYSTEM32>\net.exe' stop TPlusStdAppService1300
  • '<SYSTEM32>\net.exe' stop "AliyunService"
  • '<SYSTEM32>\net.exe' stop VeeamTransportSvc
  • '<SYSTEM32>\net.exe' stop MSExchangeHMRecovery
  • '<SYSTEM32>\net.exe' stop "Alibaba Security Aegis Update Service"
  • '<SYSTEM32>\net.exe' stop VeeanBackupSvc
  • '<SYSTEM32>\net.exe' stop MSSQL$SQL2008
  • '<SYSTEM32>\net.exe' stop MSExchangeHM
  • '<SYSTEM32>\net.exe' stop VeeamCatalogSvc
  • '<SYSTEM32>\net.exe' stop JWRinfoClientService
  • '<SYSTEM32>\net.exe' stop VMAuthdService
  • '<SYSTEM32>\net.exe' stop VMUSBArbService
  • '<SYSTEM32>\net.exe' stop Realtek11nSU
  • '<SYSTEM32>\net.exe' stop "memcached Server"
  • '<SYSTEM32>\net.exe' stop TeamViewer8
  • '<SYSTEM32>\net.exe' stop "igfxCUIService2.0.0.0"
  • '<SYSTEM32>\net.exe' stop U8WorkerService2
  • '<SYSTEM32>\net.exe' stop Apache2.4
  • '<SYSTEM32>\net.exe' stop VMwareHostd
  • '<SYSTEM32>\net.exe' stop UIODetect
  • '<SYSTEM32>\taskkill.exe' /IM pg_ctl.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM ThunderPlatform.exe /F
  • '<SYSTEM32>\net.exe' stop HaoZipSvc
  • '<SYSTEM32>\taskkill.exe' /IM BackupExec.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM VBoxSDS.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM sqlservr.exe /F
  • '<SYSTEM32>\net.exe' stop "Synology Drive VSS Service x64"
  • '<SYSTEM32>\net.exe' stop "VMware NAT Service"
  • '<SYSTEM32>\net.exe' stop UFIDAWebService
  • '<SYSTEM32>\net.exe' stop JWEM3DBAUTORun
  • '<SYSTEM32>\net.exe' stop MSExchangeCompliance
  • '<SYSTEM32>\net.exe' stop VMnetDHCP
  • '<SYSTEM32>\net.exe' stop FirebirdGuardianDeafaultInstance
  • '<SYSTEM32>\net.exe' stop MSExchangeAntispamUpdate
  • '<SYSTEM32>\net.exe' stop mysqltransport
  • '<SYSTEM32>\net.exe' stop MSExchangeDagMgmt
  • '<SYSTEM32>\net.exe' stop DellDRLogSvc
  • '<SYSTEM32>\net.exe' stop MSExchangeADTopology
  • '<SYSTEM32>\net.exe' stop WebAttendServer
  • '<SYSTEM32>\net.exe' stop Apache2.2
  • '<SYSTEM32>\net.exe' stop MSComplianceAudit
  • '<SYSTEM32>\net.exe' stop wanxiao-monitor
  • '<SYSTEM32>\net.exe' stop XenSvc
  • '<SYSTEM32>\net.exe' stop xenlite
  • '<SYSTEM32>\net.exe' stop MSExchangeMailboxAssistants
  • '<SYSTEM32>\net.exe' stop TPlusStdWebService1300
  • '<SYSTEM32>\net.exe' stop DDNSService
  • '<SYSTEM32>\taskkill.exe' /IM iexplore.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM mysqld.exe /F
  • '<SYSTEM32>\net.exe' stop K3MMainSuspendService
  • '<SYSTEM32>\net.exe' stop IngressMgr
  • '<SYSTEM32>\net.exe' stop SupportAssistAgent
  • '<SYSTEM32>\net.exe' stop DFServ
  • '<SYSTEM32>\net.exe' stop MSExchangeUMCR
  • '<SYSTEM32>\net.exe' stop "Dell Hardware Support"
  • '<SYSTEM32>\net.exe' stop OMAILREPORT
  • '<SYSTEM32>\net.exe' stop "NetVault Process Manager"
  • '<SYSTEM32>\net.exe' stop AutoUpdatePatchService
  • '<SYSTEM32>\net.exe' stop NFLicenceServer
  • '<SYSTEM32>\net.exe' stop MySQL5_OA
  • '<SYSTEM32>\net.exe' stop ImtsEventSvr
  • '<SYSTEM32>\net.exe' stop RavService
  • '<SYSTEM32>\net.exe' stop d_safe
  • '<SYSTEM32>\taskkill.exe' /IM rcrelay.exe /F
  • '<SYSTEM32>\net.exe' stop RTCAVMCU
  • '<SYSTEM32>\taskkill.exe' /IM SogouImeBroker.exe /F
  • '<SYSTEM32>\net.exe' stop U8SendMailAdmin
  • '<SYSTEM32>\net.exe' stop CobianBackup10
  • '<SYSTEM32>\taskkill.exe' /IM vm-agent.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM TeamViewer_Service.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM java.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM Att.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM httpd.exe /F
  • '<SYSTEM32>\net.exe' stop KugouService
  • '<SYSTEM32>\net.exe' stop NFVPrintServer
  • '<SYSTEM32>\net.exe' stop ceng_web_svc_d
  • '<SYSTEM32>\net.exe' stop K3ClouManager
  • '<SYSTEM32>\net.exe' stop KpService
  • '<SYSTEM32>\net.exe' stop EvtSys
  • '<SYSTEM32>\net.exe' stop pcas
  • '<SYSTEM32>\net.exe' stop DDVRulesProcessor
  • '<SYSTEM32>\net.exe' stop AngelOfDeath
  • '<SYSTEM32>\net.exe' stop MSExchangeUM
  • '<SYSTEM32>\net.exe' stop MSExchangeRepl
  • '<SYSTEM32>\net.exe' stop "OracleOraDb10g_homeliSQL*Plus"
  • '<SYSTEM32>\net.exe' stop VeeamMountSvc
  • '<SYSTEM32>\net.exe' stop MSExchangePOP3BE
  • '<SYSTEM32>\net.exe' stop CASMsgSrv
  • '<SYSTEM32>\net.exe' stop OracleDBConsoleilas
  • '<SYSTEM32>\net.exe' stop VeeamCloudSvc
  • '<SYSTEM32>\net.exe' stop CASVirtualDiskService
  • '<SYSTEM32>\net.exe' stop VeeamDeploySvc
  • '<SYSTEM32>\net.exe' stop MSExchangeNotificationsBroker
  • '<SYSTEM32>\net.exe' stop iNethinkSQLBackupSvc
  • '<SYSTEM32>\net.exe' stop VeeamNFSSvc
  • '<SYSTEM32>\net.exe' stop MSExchangeMailboxReplication
  • '<SYSTEM32>\net.exe' stop MSExchangePop3
  • '<SYSTEM32>\net.exe' stop MSExchangeRPC
  • '<SYSTEM32>\net.exe' stop VeeamBrokerSvc
  • '<SYSTEM32>\net.exe' stop VeeamDistributionSvc
  • '<SYSTEM32>\net.exe' stop "FileZilla Server"
  • '<SYSTEM32>\net.exe' stop 360EntPGSvc
  • '<SYSTEM32>\net.exe' stop RavTask
  • '<SYSTEM32>\net.exe' stop MSExchangeTransportLogSearch
  • '<SYSTEM32>\net.exe' stop K3MobileServiceManage
  • '<SYSTEM32>\net.exe' stop ClickToRunSvc
  • '<SYSTEM32>\net.exe' stop MSExchangeTransport
  • '<SYSTEM32>\net.exe' stop TPlusStdUpgradeService1220
  • '<SYSTEM32>\net.exe' stop MSExchangeThrottling
  • '<SYSTEM32>\net.exe' stop MySQL
  • '<SYSTEM32>\net.exe' stop TPlusStdTaskService1220
  • '<SYSTEM32>\net.exe' stop ServiceMid
  • '<SYSTEM32>\net.exe' stop MSExchangeSubmission
  • '<SYSTEM32>\net.exe' stop TPlusStdAppService1220
  • '<SYSTEM32>\net.exe' stop tmlisten
  • '<SYSTEM32>\net.exe' stop MSExchangeServiceHost
  • '<SYSTEM32>\net.exe' stop "Bonjour Service"
  • '<SYSTEM32>\taskkill.exe' /IM HaoZip.exe /F
Изменения в файловой системе
Создает следующие файлы
  • %TEMP%\4346.tmp\4347.tmp\4348.bat
Удаляет следующие файлы
  • %TEMP%\4346.tmp\4347.tmp\4348.bat
Самоудаляется.
Другое
Ищет следующие окна
  • ClassName: '' WindowName: ''
Создает и запускает на исполнение
  • '<SYSTEM32>\cmd.exe' /c "%TEMP%\4346.tmp\4347.tmp\4348.bat <Полный путь к файлу>"' (со скрытым окном)
Запускает на исполнение
  • '<SYSTEM32>\cmd.exe' /c "%TEMP%\4346.tmp\4347.tmp\4348.bat <Полный путь к файлу>"
  • '<SYSTEM32>\sc.exe' delete GPSUserSvr
  • '<SYSTEM32>\sc.exe' delete SQLANYs_sem5
  • '<SYSTEM32>\net1.exe' stop CASXMLService
  • '<SYSTEM32>\net1.exe' stop TPlusStdAppService1300
  • '<SYSTEM32>\sc.exe' delete msftesql
  • '<SYSTEM32>\sc.exe' delete GPSDaemon
  • '<SYSTEM32>\sc.exe' delete CobianBackup10
  • '<SYSTEM32>\net1.exe' stop MSExchangeImap4
  • '<SYSTEM32>\net1.exe' stop "AliyunService"
  • '<SYSTEM32>\net1.exe' stop VeeamTransportSvc
  • '<SYSTEM32>\sc.exe' delete MSSEARCH
  • '<SYSTEM32>\sc.exe' delete OracleRemExecService
  • '<SYSTEM32>\sc.exe' delete RaAutoInstSrv_RT2870
  • '<SYSTEM32>\net1.exe' stop MSExchangeHMRecovery
  • '<SYSTEM32>\sc.exe' delete "SyncBASE Service"
  • '<SYSTEM32>\sc.exe' delete wampapache
  • '<SYSTEM32>\sc.exe' delete MediatekRegistryWriter
  • '<SYSTEM32>\net1.exe' stop "Alibaba Security Aegis Update Service"
  • '<SYSTEM32>\net1.exe' stop VeeanBackupSvc
  • '<SYSTEM32>\sc.exe' delete "OSP Service"
  • '<SYSTEM32>\sc.exe' delete NFWebServer
  • '<SYSTEM32>\sc.exe' delete vmware-converter-worker
  • '<SYSTEM32>\sc.exe' delete LPManager
  • '<SYSTEM32>\net1.exe' stop MSSQL$SQL2008
  • '<SYSTEM32>\sc.exe' delete "FontCache3.0.0.0"
  • '<SYSTEM32>\sc.exe' delete 360EntClientSvc
  • '<SYSTEM32>\sc.exe' delete vmware-converter-server
  • '<SYSTEM32>\sc.exe' delete BestSyncSvc
  • '<SYSTEM32>\net1.exe' stop "Alibaba Security Aegis Detect Service"
  • '<SYSTEM32>\net1.exe' stop VeeamCatalogSvc
  • '<SYSTEM32>\sc.exe' delete QQCertificateService
  • '<SYSTEM32>\net1.exe' stop TPlusStdWebService1300
  • '<SYSTEM32>\net1.exe' stop MSExchangePop3
  • '<SYSTEM32>\sc.exe' delete GPSDownSvr
  • '<SYSTEM32>\sc.exe' delete GPSMysqld
  • '<SYSTEM32>\sc.exe' delete Mysoft.Config.WindowsService
  • '<SYSTEM32>\net1.exe' stop CASVirtualDiskService
  • '<SYSTEM32>\net1.exe' stop VeeamDeploySvc
  • '<SYSTEM32>\sc.exe' delete GPSTomcat6
  • '<SYSTEM32>\sc.exe' delete Mysoft.Autoupgrade.UpdateService
  • '<SYSTEM32>\net1.exe' stop MSExchangeNotificationsBroker
  • '<SYSTEM32>\sc.exe' delete GPSLoginSvr
  • '<SYSTEM32>\sc.exe' delete Mysoft.Autoupgrade.DispatchService
  • '<SYSTEM32>\net1.exe' stop iNethinkSQLBackupSvc
  • '<SYSTEM32>\net1.exe' stop VeeamNFSSvc
  • '<SYSTEM32>\net1.exe' stop MSExchangeMailboxReplication
  • '<SYSTEM32>\sc.exe' delete GPSMediaSvr
  • '<SYSTEM32>\sc.exe' delete ErpEnvSvc
  • '<SYSTEM32>\sc.exe' delete LMS
  • '<SYSTEM32>\net1.exe' stop DDNSService
  • '<SYSTEM32>\sc.exe' delete GPSGatewaySvr
  • '<SYSTEM32>\sc.exe' delete TbossSystem
  • '<SYSTEM32>\net1.exe' stop MSExchangeMailboxAssistants
  • '<SYSTEM32>\sc.exe' delete OracleMTSRecoveryService
  • '<SYSTEM32>\sc.exe' delete GPSDataProcSvr
  • '<SYSTEM32>\sc.exe' delete semwebsrv
  • '<SYSTEM32>\net1.exe' stop RapService
  • '<SYSTEM32>\net1.exe' stop TPlusStdUpgradeService1300
  • '<SYSTEM32>\sc.exe' delete GPSStorageSvr
  • '<SYSTEM32>\sc.exe' delete SQLService
  • '<SYSTEM32>\net1.exe' stop MSExchangeIS
  • '<SYSTEM32>\net1.exe' stop AGSService
  • '<SYSTEM32>\net1.exe' stop TPlusStdTaskService1300
  • '<SYSTEM32>\sc.exe' delete OracleDBConcoleorcl
  • '<SYSTEM32>\net1.exe' stop MSExchangeIMAP4BE
  • '<SYSTEM32>\sc.exe' delete CASLicenceServer
  • '<SYSTEM32>\sc.exe' delete 360EntSvc
  • '<SYSTEM32>\net1.exe' stop Service2
  • '<SYSTEM32>\net1.exe' stop MSExchangeDiagnostics
  • '<SYSTEM32>\sc.exe' delete MsDtsServer100
  • '<SYSTEM32>\sc.exe' delete AppFabricCachingService
  • '<SYSTEM32>\net1.exe' stop TeamViewer
  • '<SYSTEM32>\net1.exe' stop JWService
  • '<SYSTEM32>\sc.exe' delete TPlusStdAppService1300
  • '<SYSTEM32>\sc.exe' delete Jenkins
  • '<SYSTEM32>\sc.exe' delete IpOverUsbSvc
  • '<SYSTEM32>\sc.exe' delete c2wts
  • '<SYSTEM32>\net1.exe' stop MSExchangeDelivery
  • '<SYSTEM32>\sc.exe' delete SSSyncService
  • '<SYSTEM32>\sc.exe' delete apachezt
  • '<SYSTEM32>\sc.exe' delete OracleJobSchedulerORCL
  • '<SYSTEM32>\sc.exe' delete ProjectCalcService16
  • '<SYSTEM32>\sc.exe' delete secbizsrv
  • '<SYSTEM32>\net1.exe' stop Tomcat8
  • '<SYSTEM32>\sc.exe' delete SSMonitorService
  • '<SYSTEM32>\sc.exe' delete eSightService
  • '<SYSTEM32>\net1.exe' stop MSExchangeDagMgmt
  • '<SYSTEM32>\sc.exe' delete MMRHookService
  • '<SYSTEM32>\sc.exe' delete OSearch16
  • '<SYSTEM32>\sc.exe' delete "Sense Shield Service"
  • '<SYSTEM32>\net1.exe' stop "VMware NAT Service"
  • '<SYSTEM32>\net1.exe' stop JWEM3DBAUTORun
  • '<SYSTEM32>\sc.exe' delete OpenSSHd
  • '<SYSTEM32>\sc.exe' delete kbasesrv
  • '<SYSTEM32>\sc.exe' delete SPTraceV4
  • '<SYSTEM32>\sc.exe' delete "UWS HiPriv Services"
  • '<SYSTEM32>\sc.exe' delete "AHS SERVICE"
  • '<SYSTEM32>\net1.exe' stop MSExchangeCompliance
  • '<SYSTEM32>\net1.exe' stop JWRinfoClientService
  • '<SYSTEM32>\sc.exe' delete smtpsvrJT
  • '<SYSTEM32>\sc.exe' delete vmware-converter-agent
  • '<SYSTEM32>\net1.exe' stop QPCore
  • '<SYSTEM32>\sc.exe' delete "FlexNet Licensing Service 64"
  • '<SYSTEM32>\net1.exe' stop AutoUpdateService
  • '<SYSTEM32>\net1.exe' stop AdobeARMservice
  • '<SYSTEM32>\sc.exe' delete jhi_service
  • '<SYSTEM32>\sc.exe' delete 360EntHttpServer
  • '<SYSTEM32>\sc.exe' delete 2345PicSvc
  • '<SYSTEM32>\sc.exe' delete VisualSVNServer
  • '<SYSTEM32>\net1.exe' stop MSExchangeFrontEndTransport
  • '<SYSTEM32>\sc.exe' delete VirboxWebServer
  • '<SYSTEM32>\sc.exe' delete zyb_sync
  • '<SYSTEM32>\sc.exe' delete Protect_2345Explorer
  • '<SYSTEM32>\sc.exe' delete vsvnjobsvc
  • '<SYSTEM32>\net1.exe' stop CASWebServer
  • '<SYSTEM32>\net1.exe' stop FirebirdServerDefaultInstance
  • '<SYSTEM32>\net1.exe' stop MSExchangeHM
  • '<SYSTEM32>\sc.exe' delete TPlusStdUpgradeService1300
  • '<SYSTEM32>\net1.exe' stop MSExchangeFastSearch
  • '<SYSTEM32>\sc.exe' delete btPanel
  • '<SYSTEM32>\sc.exe' delete MotionBoardRCService57
  • '<SYSTEM32>\net1.exe' stop CASLicenceServer
  • '<SYSTEM32>\net1.exe' stop RapidRecoveryAgent
  • '<SYSTEM32>\sc.exe' delete TPlusStdTaskService1300
  • '<SYSTEM32>\sc.exe' delete MSMQ
  • '<SYSTEM32>\sc.exe' delete KMSELDI
  • '<SYSTEM32>\sc.exe' delete MotionBoard57
  • '<SYSTEM32>\net1.exe' stop MSExchangeEdgeSync
  • '<SYSTEM32>\sc.exe' delete SQLAgent$SQL2008
  • '<SYSTEM32>\sc.exe' delete SQLTELEMETRY
  • '<SYSTEM32>\sc.exe' delete KuaiYunTools
  • '<SYSTEM32>\sc.exe' delete ADWS
  • '<SYSTEM32>\sc.exe' delete MSSQL$SQL2008
  • '<SYSTEM32>\sc.exe' delete RemoteAssistService
  • '<SYSTEM32>\net1.exe' stop UFReportService
  • '<SYSTEM32>\sc.exe' delete Mysoft.DataCenterService
  • '<SYSTEM32>\net1.exe' stop NFVPrintServer
  • '<SYSTEM32>\sc.exe' delete NscAuthService
  • '<SYSTEM32>\sc.exe' delete U8TaskService
  • '<SYSTEM32>\net1.exe' stop ceng_web_svc_d
  • '<SYSTEM32>\net1.exe' stop K3ClouManager
  • '<SYSTEM32>\sc.exe' delete MASTER
  • '<SYSTEM32>\sc.exe' delete U8SLReportService
  • '<SYSTEM32>\sc.exe' delete FTA
  • '<SYSTEM32>\sc.exe' delete U8SCMPool
  • '<SYSTEM32>\net1.exe' stop KpService
  • '<SYSTEM32>\net1.exe' stop EvtSys
  • '<SYSTEM32>\sc.exe' delete RTCASMCU
  • '<SYSTEM32>\sc.exe' delete "U8MPool"
  • '<SYSTEM32>\net1.exe' stop K3MMainSuspendService
  • '<SYSTEM32>\net1.exe' stop KugouService
  • '<SYSTEM32>\net1.exe' stop IngressMgr
  • '<SYSTEM32>\sc.exe' delete U8KeyManagePool
  • '<SYSTEM32>\sc.exe' delete OfficeUpdateService
  • '<SYSTEM32>\sc.exe' delete U8GCService
  • '<SYSTEM32>\net1.exe' stop SupportAssistAgent
  • '<SYSTEM32>\net1.exe' stop DFServ
  • '<SYSTEM32>\sc.exe' delete asComSvc
  • '<SYSTEM32>\sc.exe' delete U8EncryptService
  • '<SYSTEM32>\net1.exe' stop "Dell Hardware Support"
  • '<SYSTEM32>\net1.exe' stop RavService
  • '<SYSTEM32>\sc.exe' delete "Daemon Service"
  • '<SYSTEM32>\sc.exe' delete U8EISService
  • '<SYSTEM32>\sc.exe' delete "Nuo Update Monitor"
  • '<SYSTEM32>\sc.exe' delete U8DispatchService
  • '<SYSTEM32>\net1.exe' stop OMAILREPORT
  • '<SYSTEM32>\sc.exe' delete RtcSrv
  • '<SYSTEM32>\net1.exe' stop SentinelKeysServer
  • '<SYSTEM32>\net1.exe' stop CASMsgSrv
  • '<SYSTEM32>\sc.exe' delete UFAllNet
  • '<SYSTEM32>\net1.exe' stop UFAllNet
  • '<SYSTEM32>\net1.exe' stop U8WebPool
  • '<SYSTEM32>\net1.exe' stop U8TaskService
  • '<SYSTEM32>\net1.exe' stop U8SLReportService
  • '<SYSTEM32>\net1.exe' stop U8SCMPool
  • '<SYSTEM32>\net1.exe' stop U8MPool
  • '<SYSTEM32>\net1.exe' stop U8KeyManagePool
  • '<SYSTEM32>\net1.exe' stop U8GCService
  • '<SYSTEM32>\net1.exe' stop U8EncryptService
  • '<SYSTEM32>\net1.exe' stop U8EISService
  • '<SYSTEM32>\net1.exe' stop NFOTPService
  • '<SYSTEM32>\net1.exe' stop U8DispatchService
  • '<SYSTEM32>\net1.exe' stop NFSysService
  • '<SYSTEM32>\net1.exe' stop TurboCRM70
  • '<SYSTEM32>\net1.exe' stop "NetVault Process Manager"
  • '<SYSTEM32>\net1.exe' stop DGPNPSEV
  • '<SYSTEM32>\net1.exe' stop "ABBYY.Licensing.FineReader.Professional.12.0"
  • '<SYSTEM32>\net1.exe' stop AgentX
  • '<SYSTEM32>\net1.exe' stop "Apple Mobile Device Service"
  • '<SYSTEM32>\net1.exe' stop Mysoft.SchedulingService
  • '<SYSTEM32>\net1.exe' stop "Bonjour Service"
  • '<SYSTEM32>\net1.exe' stop GNWebService
  • '<SYSTEM32>\sc.exe' delete "U8WorkerService1"
  • '<SYSTEM32>\net1.exe' stop U8SendMailAdmin
  • '<SYSTEM32>\net1.exe' stop CobianBackup10
  • '<SYSTEM32>\sc.exe' delete UTUService
  • '<SYSTEM32>\sc.exe' delete UFReportService
  • '<SYSTEM32>\net1.exe' stop pcas
  • '<SYSTEM32>\net1.exe' stop RTCAVMCU
  • '<SYSTEM32>\sc.exe' delete MSCRMAsyncService$maintenance
  • '<SYSTEM32>\sc.exe' delete "U8WebPool"
  • '<SYSTEM32>\sc.exe' delete VmAgentDaemon
  • '<SYSTEM32>\sc.exe' delete OpenFastAssist
  • '<SYSTEM32>\net1.exe' stop MSExchangeThrottling
  • '<SYSTEM32>\net1.exe' stop TPlusStdTaskService1220
  • '<SYSTEM32>\net1.exe' stop ServiceMid
  • '<SYSTEM32>\sc.exe' delete BackupExecJobEngine
  • '<SYSTEM32>\sc.exe' delete ShareBoxMonitorService
  • '<SYSTEM32>\net1.exe' stop MSExchangeSubmission
  • '<SYSTEM32>\sc.exe' delete BackupExecAgentBrowser
  • '<SYSTEM32>\sc.exe' delete savsvc
  • '<SYSTEM32>\net1.exe' stop TPlusStdAppService1220
  • '<SYSTEM32>\net1.exe' stop tmlisten
  • '<SYSTEM32>\net1.exe' stop MSExchangeServiceHost
  • '<SYSTEM32>\sc.exe' delete BackupExecRPCService
  • '<SYSTEM32>\sc.exe' delete abs_deployer
  • '<SYSTEM32>\net1.exe' stop MySQL
  • '<SYSTEM32>\net1.exe' stop VeeamDistributionSvc
  • '<SYSTEM32>\sc.exe' delete ShareBoxService
  • '<SYSTEM32>\sc.exe' delete BackupExecDeviceMediaService
  • '<SYSTEM32>\net1.exe' stop MSExchangeRPC
  • '<SYSTEM32>\sc.exe' delete bedbg
  • '<SYSTEM32>\sc.exe' delete MysoftUpdate
  • '<SYSTEM32>\net1.exe' stop OracleDBConsoleilas
  • '<SYSTEM32>\net1.exe' stop VeeamBrokerSvc
  • '<SYSTEM32>\net1.exe' stop MSExchangeRepl
  • '<SYSTEM32>\sc.exe' delete BackupExecAgentAccelerator
  • '<SYSTEM32>\sc.exe' delete Mysoft.Setup.InstallService
  • '<SYSTEM32>\net1.exe' stop "OracleOraDb10g_homeliSQL*Plus"
  • '<SYSTEM32>\net1.exe' stop VeeamMountSvc
  • '<SYSTEM32>\sc.exe' delete "Zabbix Agent"
  • '<SYSTEM32>\sc.exe' delete Mysoft.SchedulingService
  • '<SYSTEM32>\net1.exe' stop MSExchangePOP3BE
  • '<SYSTEM32>\sc.exe' delete GPSFtpd
  • '<SYSTEM32>\sc.exe' delete edr_monitor
  • '<SYSTEM32>\net1.exe' stop VeeamCloudSvc
  • '<SYSTEM32>\net1.exe' stop AutoUpdatePatchService
  • '<SYSTEM32>\net1.exe' stop 360EntPGSvc
  • '<SYSTEM32>\net1.exe' stop NFLicenceServer
  • '<SYSTEM32>\sc.exe' delete "Rpc Monitor"
  • '<SYSTEM32>\sc.exe' delete OfficeClearCache
  • '<SYSTEM32>\net1.exe' stop MySQL5_OA
  • '<SYSTEM32>\sc.exe' delete "EasyFZS Server"
  • '<SYSTEM32>\sc.exe' delete U8SmsSrv
  • '<SYSTEM32>\net1.exe' stop ImtsEventSvr
  • '<SYSTEM32>\net1.exe' stop d_safe
  • '<SYSTEM32>\net1.exe' stop MSExchangeUMCR
  • '<SYSTEM32>\sc.exe' delete Serv-U
  • '<SYSTEM32>\net1.exe' stop DDVRulesProcessor
  • '<SYSTEM32>\net1.exe' stop AngelOfDeath
  • '<SYSTEM32>\sc.exe' delete YunService
  • '<SYSTEM32>\sc.exe' delete KICkSvr
  • '<SYSTEM32>\sc.exe' delete TurboCRM70
  • '<SYSTEM32>\net1.exe' stop MSExchangeUM
  • '<SYSTEM32>\sc.exe' delete EASService
  • '<SYSTEM32>\net1.exe' stop "FileZilla Server"
  • '<SYSTEM32>\net1.exe' stop RavTask
  • '<SYSTEM32>\net1.exe' stop MSExchangeTransportLogSearch
  • '<SYSTEM32>\sc.exe' delete Gailun_Downloader
  • '<SYSTEM32>\sc.exe' delete CIS
  • '<SYSTEM32>\net1.exe' stop K3MobileServiceManage
  • '<SYSTEM32>\net1.exe' stop ClickToRunSvc
  • '<SYSTEM32>\sc.exe' delete TxQBService
  • '<SYSTEM32>\sc.exe' delete "U8WorkerService2"
  • '<SYSTEM32>\net1.exe' stop MSExchangeTransport
  • '<SYSTEM32>\sc.exe' delete MDM
  • '<SYSTEM32>\sc.exe' delete CloudExchangeService
  • '<SYSTEM32>\net1.exe' stop TPlusStdUpgradeService1220
  • '<SYSTEM32>\sc.exe' delete BackupExecManagementService
  • '<SYSTEM32>\sc.exe' delete MSCRMUnzipService
  • '<SYSTEM32>\net1.exe' stop VMnetDHCP
  • '<SYSTEM32>\net1.exe' stop wanxiao-monitor
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\wscript.exe /e /d mssqlserver
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\wscript.exe /e /d SERVICE
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\wscript.exe /e /g Administrators:r
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\wscript.exe /e /g Users:r
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\wscript.exe /g Administrators:f
  • '<SYSTEM32>\takeown.exe' /f <SYSTEM32>\wscript.exe /a
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\FTP.exe /e /d mssql$sqlexpress
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\FTP.exe /e /d system
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\FTP.exe /e /d "network service"
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\FTP.exe /e /d mssqlserver
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\FTP.exe /e /d SERVICE
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\FTP.exe /e /g Administrators:r
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\FTP.exe /e /g Users:r
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\FTP.exe /g Administrators:f
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\wscript.exe /e /d "network service"
  • '<SYSTEM32>\takeown.exe' /f %WINDIR%\SysWOW64\FTP.exe /a
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\FTP.exe /e /d system
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\FTP.exe /e /d "network service"
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\FTP.exe /e /d mssqlserver
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\FTP.exe /e /d SERVICE
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\FTP.exe /e /g Administrators:r
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\FTP.exe /e /g Users:r
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\FTP.exe /g Administrators:f
  • '<SYSTEM32>\takeown.exe' /f <SYSTEM32>\FTP.exe /a
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\mshta.exe /e /d mssql$sqlexpress
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\mshta.exe /e /d system
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\mshta.exe /e /d "network service"
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\mshta.exe /e /d mssqlserver
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\mshta.exe /e /d SERVICE
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\mshta.exe /e /g Administrators:r
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\FTP.exe /e /d mssql$sqlexpress
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\cscript.exe /e /d "network service"
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\WindowsPowerShell\v1.0\powershell.exe /e /d SERVICE
  • '<SYSTEM32>\takeown.exe' /f %WINDIR%\SysWOW64\wscript.exe /a
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\WindowsPowerShell\v1.0\powershell.exe /e /g Administrators:r
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\WindowsPowerShell\v1.0\powershell.exe /e /g Users:r
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\WindowsPowerShell\v1.0\powershell.exe /g Administrators:f
  • '<SYSTEM32>\takeown.exe' /f <SYSTEM32>\WindowsPowerShell\v1.0\powershell.exe /a
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\cscript.exe /e /d mssql$sqlexpress
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\cscript.exe /e /d system
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\cscript.exe /e /d "network service"
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\cscript.exe /e /d mssqlserver
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\cscript.exe /e /d SERVICE
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\cscript.exe /e /g Administrators:r
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\cscript.exe /e /g Users:r
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\cscript.exe /g Administrators:f
  • '<SYSTEM32>\takeown.exe' /f %WINDIR%\SysWOW64\cscript.exe /a
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\cscript.exe /e /d mssql$sqlexpress
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\mshta.exe /e /g Users:r
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\cscript.exe /e /d system
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\cscript.exe /e /d mssqlserver
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\cscript.exe /e /d SERVICE
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\cscript.exe /e /g Administrators:r
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\cscript.exe /e /g Users:r
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\cscript.exe /g Administrators:f
  • '<SYSTEM32>\takeown.exe' /f <SYSTEM32>\cscript.exe /a
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\wscript.exe /e /d mssql$sqlexpress
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\wscript.exe /e /d system
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\wscript.exe /e /d "network service"
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\wscript.exe /e /d mssqlserver
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\wscript.exe /e /d SERVICE
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\wscript.exe /e /g Administrators:r
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\wscript.exe /e /g Users:r
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\wscript.exe /g Administrators:f
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\wscript.exe /e /d system
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\wscript.exe /e /d mssql$sqlexpress
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\mshta.exe /g Administrators:f
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\net.exe /e /g Administrators:r
  • '<SYSTEM32>\takeown.exe' /f %WINDIR%\SysWOW64\net.exe /a
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\net.exe /e /d mssql$sqlexpress
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\net.exe /e /d system
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\net.exe /e /d "network service"
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\net.exe /e /d mssqlserver
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\net.exe /e /d SERVICE
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\net.exe /e /g Administrators:r
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\net.exe /e /g Users:r
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\net.exe /g Administrators:f
  • '<SYSTEM32>\takeown.exe' /f <SYSTEM32>\net.exe /a
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\cmd.exe /e /d mssql$sqlexpress
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\cmd.exe /e /g system:r
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\cmd.exe /e /d "network service"
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\cmd.exe /e /d mssqlserver
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\net.exe /g Administrators:f
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\cmd.exe /e /d SERVICE
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\cmd.exe /e /g Users:r
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\cmd.exe /g Administrators:f
  • '<SYSTEM32>\takeown.exe' /f %WINDIR%\SysWOW64\cmd.exe /a
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\cmd.exe /e /d mssql$sqlexpress
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\cmd.exe /e /g system:r
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\cmd.exe /e /d "network service"
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\cmd.exe /e /d mssqlserver
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\cmd.exe /e /d SERVICE
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\cmd.exe /e /g Administrators:r
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\cmd.exe /e /g Users:r
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\cmd.exe /g Administrators:f
  • '<SYSTEM32>\cmd.exe' /S /D /c" echo y"
  • '<SYSTEM32>\takeown.exe' /f <SYSTEM32>\cmd.exe /a
  • '<SYSTEM32>\reg.exe' delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor" /v "AutoRun" /f
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\cmd.exe /e /g Administrators:r
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\net1.exe /g Administrators:f
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\mshta.exe /e /d mssql$sqlexpress
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\net.exe /e /d SERVICE
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\mshta.exe /e /d system
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\mshta.exe /e /d "network service"
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\mshta.exe /e /d mssqlserver
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\mshta.exe /e /d SERVICE
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\mshta.exe /e /g Administrators:r
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\mshta.exe /e /g Users:r
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\mshta.exe /g Administrators:f
  • '<SYSTEM32>\takeown.exe' /f <SYSTEM32>\mshta.exe /a
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\net1.exe /e /d mssql$sqlexpress
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\net1.exe /e /d system
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\net1.exe /e /d "network service"
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\net1.exe /e /d mssqlserver
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\net1.exe /e /d SERVICE
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\net1.exe /e /g Administrators:r
  • '<SYSTEM32>\takeown.exe' /f %WINDIR%\SysWOW64\mshta.exe /a
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\net1.exe /e /g Users:r
  • '<SYSTEM32>\takeown.exe' /f %WINDIR%\SysWOW64\net1.exe /a
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\net1.exe /e /d mssql$sqlexpress
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\net1.exe /e /d system
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\net1.exe /e /d "network service"
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\net1.exe /e /d mssqlserver
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\net1.exe /e /d SERVICE
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\net1.exe /e /g Administrators:r
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\net1.exe /e /g Users:r
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\net1.exe /g Administrators:f
  • '<SYSTEM32>\takeown.exe' /f <SYSTEM32>\net1.exe /a
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\net.exe /e /d mssql$sqlexpress
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\net.exe /e /d system
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\net.exe /e /d "network service"
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\net.exe /e /d mssqlserver
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\net.exe /e /g Users:r
  • '<SYSTEM32>\net1.exe' stop UIODetect
  • '<SYSTEM32>\sc.exe' delete ZTEVdservice
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\WindowsPowerShell\v1.0\powershell.exe /e /d system
  • '<SYSTEM32>\sc.exe' delete "ZTE USBIP Client"
  • '<SYSTEM32>\sc.exe' delete VMTools
  • '<SYSTEM32>\sc.exe' delete UIODetect
  • '<SYSTEM32>\net1.exe' stop XenSvc
  • '<SYSTEM32>\net1.exe' stop UFIDAWebService
  • '<SYSTEM32>\net1.exe' stop VMAuthdService
  • '<SYSTEM32>\sc.exe' delete ImeDictUpdateService
  • '<SYSTEM32>\sc.exe' delete RTCDATAMCU
  • '<SYSTEM32>\sc.exe' delete "ZTE USBIP Client Guard"
  • '<SYSTEM32>\sc.exe' delete MSSQLServerOLAPService
  • '<SYSTEM32>\sc.exe' delete WebAttendServer
  • '<SYSTEM32>\sc.exe' delete JhTask
  • '<SYSTEM32>\sc.exe' delete RTCIMMCU
  • '<SYSTEM32>\sc.exe' delete ftusbrdsrv
  • '<SYSTEM32>\sc.exe' delete RTCCDR
  • '<SYSTEM32>\sc.exe' delete QcSoftService
  • '<SYSTEM32>\net1.exe' stop Apache2.4
  • '<SYSTEM32>\sc.exe' delete TCPIDDAService
  • '<SYSTEM32>\net1.exe' stop VMUSBArbService
  • '<SYSTEM32>\sc.exe' delete RTCMEETINGMCU
  • '<SYSTEM32>\sc.exe' delete ftusbrdwks
  • '<SYSTEM32>\sc.exe' delete MSSQLSERVER
  • '<SYSTEM32>\sc.exe' delete K3MobileService
  • '<SYSTEM32>\net1.exe' stop Realtek11nSU
  • '<SYSTEM32>\net1.exe' stop "memcached Server"
  • '<SYSTEM32>\sc.exe' delete MSSQLFDLauncher
  • '<SYSTEM32>\sc.exe' delete aspnet_state @sc delete Redis
  • '<SYSTEM32>\sc.exe' delete "UtilDev Web Server Pro"
  • '<SYSTEM32>\net1.exe' stop TeamViewer8
  • '<SYSTEM32>\sc.exe' delete RtcQms
  • '<SYSTEM32>\net1.exe' stop xenlite
  • '<SYSTEM32>\sc.exe' delete TeamViewer
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\WindowsPowerShell\v1.0\powershell.exe /e /d "network service"
  • '<SYSTEM32>\sc.exe' delete "wanxiao-monitor"
  • '<SYSTEM32>\sc.exe' delete SPTimerV4
  • '<SYSTEM32>\sc.exe' delete "Kiwi Syslog Server"
  • '<SYSTEM32>\sc.exe' delete RabbitMQ
  • '<SYSTEM32>\sc.exe' delete "vm-agent"
  • '<SYSTEM32>\net1.exe' stop MSExchangeAntispamUpdate
  • '<SYSTEM32>\sc.exe' delete AlibabaProtect
  • '<SYSTEM32>\sc.exe' delete SPSearchHostController
  • '<SYSTEM32>\sc.exe' delete "Flash Helper Service"
  • '<SYSTEM32>\sc.exe' delete ReportServer
  • '<SYSTEM32>\net1.exe' stop mysqltransport
  • '<SYSTEM32>\net1.exe' stop DellDRLogSvc
  • '<SYSTEM32>\sc.exe' delete VMwareHostd
  • '<SYSTEM32>\sc.exe' delete qemu-ga
  • '<SYSTEM32>\sc.exe' delete SPAdminV4
  • '<SYSTEM32>\sc.exe' delete UI0Detect
  • '<SYSTEM32>\sc.exe' delete allpass_redisservice_port21160
  • '<SYSTEM32>\sc.exe' delete VMUSBArbService
  • '<SYSTEM32>\net1.exe' stop "Synology Drive VSS Service x64"
  • '<SYSTEM32>\net1.exe' stop MSExchangeADTopology
  • '<SYSTEM32>\net1.exe' stop WebAttendServer
  • '<SYSTEM32>\sc.exe' delete ProjectQueueService16
  • '<SYSTEM32>\sc.exe' delete wwbizsrv
  • '<SYSTEM32>\sc.exe' delete MSDTC
  • '<SYSTEM32>\sc.exe' delete VMAuthdService
  • '<SYSTEM32>\sc.exe' delete MCService
  • '<SYSTEM32>\sc.exe' delete ProjectEventService16
  • '<SYSTEM32>\sc.exe' delete "ZTE FileTranS"
  • '<SYSTEM32>\sc.exe' delete VGAuthService
  • '<SYSTEM32>\net1.exe' stop Apache2.2
  • '<SYSTEM32>\net1.exe' stop MSComplianceAudit
  • '<SYSTEM32>\sc.exe' delete XT800Service_Personal
  • '<SYSTEM32>\net1.exe' stop FirebirdGuardianDeafaultInstance
  • '<SYSTEM32>\sc.exe' delete SQLBrowser
  • '<SYSTEM32>\cmd.exe' /c "@color b & sc delete MSCRMAsyncService & @sc delete REPLICA & @sc delete RTCATS & @sc delete RTCAVMCU & @sc delete RtcQms & @sc delete RTCMEETINGMCU & @sc delete RTCIMMCU & @sc delete RTCDA...
  • '<SYSTEM32>\cmd.exe' /c "color b & @sc delete "DAService_TCP" & @sc delete "eCard-TTransServer" & @sc delete eCardMPService & @sc delete EnergyDataService & @sc delete UI0Detect & @sc delete K3MobileService & @sc d...
  • '<SYSTEM32>\cmd.exe' /c "color b & @sc delete "XT800Service_Personal" & @sc delete SQLSERVERAGENT & @sc delete SQLWriter & @sc delete SQLBrowser & @sc delete MSSQLFDLauncher & @sc delete MSSQLSERVER & @sc delete Qc...
  • '<SYSTEM32>\cacls.exe' C:\Users\Public /e /d mssql$sqlexpress
  • '<SYSTEM32>\cacls.exe' C:\Users\Public /e /d system
  • '<SYSTEM32>\cacls.exe' C:\Users\Public /e /d "network service"
  • '<SYSTEM32>\cacls.exe' C:\Users\Public /e /d mssqlserver
  • '<SYSTEM32>\cacls.exe' C:\Users\Public /e /d SERVICE
  • '<SYSTEM32>\cacls.exe' C:\Users\Public /e /g Administrators:r
  • '<SYSTEM32>\cacls.exe' C:\Users\Public /e /g Users:r
  • '<SYSTEM32>\cacls.exe' C:\Users\Public /g Administrators:f
  • '<SYSTEM32>\takeown.exe' /f C:\Users\Public /a
  • '<SYSTEM32>\cacls.exe' %ALLUSERSPROFILE% /e /d mssql$sqlexpress
  • '<SYSTEM32>\cacls.exe' %ALLUSERSPROFILE% /e /d system
  • '<SYSTEM32>\cacls.exe' %ALLUSERSPROFILE% /e /d "network service"
  • '<SYSTEM32>\cmd.exe' /c "color b & @sc delete OracleOraDb11g_home1ClrAgent & @sc delete OracleOraDb11g_home1TNSListener & @sc delete OracleVssWriterORCL & @sc delete OracleServiceORCL & @sc delete aspnet_state @sc ...
  • '<SYSTEM32>\cacls.exe' %ALLUSERSPROFILE% /e /d mssqlserver
  • '<SYSTEM32>\cacls.exe' %ALLUSERSPROFILE% /e /g Administrators:r
  • '<SYSTEM32>\cacls.exe' %ALLUSERSPROFILE% /e /g Users:r
  • '<SYSTEM32>\cacls.exe' %ALLUSERSPROFILE% /g Administrators:f
  • '<SYSTEM32>\takeown.exe' /f %ALLUSERSPROFILE% /a
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /e /d mssql$sqlexpress
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /e /d system
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /e /d "network service"
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /e /d mssqlserver
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /e /d SERVICE
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /e /g Administrators:r
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /e /g Users:r
  • '<SYSTEM32>\cacls.exe' %WINDIR%\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /g Administrators:f
  • '<SYSTEM32>\takeown.exe' /f %WINDIR%\SysWOW64\WindowsPowerShell\v1.0\powershell.exe /a
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\WindowsPowerShell\v1.0\powershell.exe /e /d mssql$sqlexpress
  • '<SYSTEM32>\cacls.exe' %ALLUSERSPROFILE% /e /d SERVICE
  • '<SYSTEM32>\cacls.exe' <SYSTEM32>\WindowsPowerShell\v1.0\powershell.exe /e /d mssqlserver
  • '<SYSTEM32>\sc.exe' delete FxService
  • '<SYSTEM32>\cmd.exe' /c "color a & @net stop U8WorkerService1 & @net stop U8WorkerService2 & @net stop "memcached Server" & @net stop Apache2.4 & @net stop UFIDAWebService & @net stop MSComplianceAudit & @net stop ...
  • '<SYSTEM32>\net1.exe' stop "igfxCUIService2.0.0.0"
  • '<SYSTEM32>\net1.exe' stop U8WorkerService2
  • '<SYSTEM32>\sc.exe' delete RTCAVMCU
  • '<SYSTEM32>\sc.exe' delete EnergyDataService
  • '<SYSTEM32>\net1.exe' stop VMwareHostd
  • '<SYSTEM32>\sc.exe' delete SQLWriter
  • '<SYSTEM32>\sc.exe' delete OracleVssWriterORCL
  • '<SYSTEM32>\sc.exe' delete ftnlses3
  • '<SYSTEM32>\sc.exe' delete RTCATS
  • '<SYSTEM32>\sc.exe' delete eCardMPService
  • '<SYSTEM32>\sc.exe' delete SQLSERVERAGENT
  • '<SYSTEM32>\sc.exe' delete OracleOraDb11g_home1TNSListener
  • '<SYSTEM32>\sc.exe' delete ftnlsv3
  • '<SYSTEM32>\sc.exe' delete REPLICA
  • '<SYSTEM32>\sc.exe' delete OracleServiceORCL
  • '<SYSTEM32>\sc.exe' delete "eCard-TTransServer"
  • '<SYSTEM32>\net1.exe' stop HaoZipSvc
  • '<SYSTEM32>\net1.exe' stop U8WorkerService1
  • '<SYSTEM32>\sc.exe' delete MSCRMAsyncService
  • '<SYSTEM32>\sc.exe' delete "UWS LoPriv Services"
  • '<SYSTEM32>\sc.exe' delete OracleOraDb11g_home1ClrAgent
  • '<SYSTEM32>\sc.exe' delete "XT800Service_Personal"
  • '<SYSTEM32>\sc.exe' delete "DAService_TCP"
  • '<SYSTEM32>\cmd.exe' /c "color e & @taskkill /IM VBoxSDS.exe /F & @taskkill /IM mysqld.exe /F & @taskkill /IM TeamViewer_Service.exe /F & @taskkill /IM TeamViewer.exe /F & @taskkill /IM CasLicenceServer.exe /F & @t...
  • '<SYSTEM32>\cmd.exe' /c "color e & @taskkill /IM BackupExec.exe /F & @taskkill /IM Att.exe /F & @taskkill /IM mdm.exe /F & @taskkill /IM BackupExecManagementService.exe /F & @taskkill /IM bengine.exe /F & @taskkill...
  • '<SYSTEM32>\cmd.exe' /c "color e & @taskkill /IM pg_ctl.exe /F & @taskkill /IM rcrelay.exe /F & @taskkill /IM SogouImeBroker.exe /F & @taskkill /IM CCenter.exe /F & @taskkill /IM ScanFrm.exe /F & @taskkill /IM d_ma...
  • '<SYSTEM32>\cmd.exe' /c "color e & @taskkill /IM ThunderPlatform.exe /F & @taskkill /IM iexplore.exe /F & @taskkill /IM vm-agent.exe /F & @taskkill /IM vm-agent-daemon.exe /F & @taskkill /IM eSightService.exe /F & ...
  • '<SYSTEM32>\cmd.exe' /c "color e & @taskkill /IM sqlservr.exe /F & @taskkill /IM httpd.exe /F & @taskkill /IM java.exe /F & @taskkill /IM fdhost.exe /F & @taskkill /IM fdlauncher.exe /F & @taskkill /IM reportingser...
  • '<SYSTEM32>\cmd.exe' /c "color a & @net stop UIODetect & @net stop VMwareHostd & @net stop TeamViewer8 & @net stop VMUSBArbService & @net stop VMAuthdService & @net stop wanxiao-monitor & @net stop WebAttendServer ...
  • '<SYSTEM32>\cmd.exe' /c "color a & @net stop HaoZipSvc & @net stop "igfxCUIService2.0.0.0" & @net stop Realtek11nSU & @net stop xenlite & @net stop XenSvc & @net stop Apache2.2 & @net stop "Synology Drive VSS Servi...
  • '<SYSTEM32>\cmd.exe' /c "color b & @sc delete "UWS LoPriv Services" & @sc delete ftnlsv3 & @sc delete ftnlses3 & @sc delete FxService & @sc delete "UtilDev Web Server Pro" & @sc delete ftusbrdwks & @sc delete ftusb...
  • '<SYSTEM32>\net1.exe' stop UTUService

Рекомендации по лечению

  1. В случае если операционная система способна загрузиться (в штатном режиме или режиме защиты от сбоев), скачайте лечащую утилиту Dr.Web CureIt! и выполните с ее помощью полную проверку вашего компьютера, а также используемых вами переносных носителей информации.
  2. Если загрузка операционной системы невозможна, измените настройки BIOS вашего компьютера, чтобы обеспечить возможность загрузки ПК с компакт-диска или USB-накопителя. Скачайте образ аварийного диска восстановления системы Dr.Web® LiveDisk или утилиту записи Dr.Web® LiveDisk на USB-накопитель, подготовьте соответствующий носитель. Загрузив компьютер с использованием данного носителя, выполните его полную проверку и лечение обнаруженных угроз.
Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

Выполните полную проверку системы с использованием Антивируса Dr.Web Light для macOS. Данный продукт можно загрузить с официального сайта Apple App Store.

Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

Скачать Dr.Web с Apple Store

На загруженной ОС выполните полную проверку всех дисковых разделов с использованием продукта Антивирус Dr.Web для Linux.

Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

  1. Если мобильное устройство функционирует в штатном режиме, загрузите и установите на него бесплатный антивирусный продукт Dr.Web для Android Light. Выполните полную проверку системы и используйте рекомендации по нейтрализации обнаруженных угроз.
  2. Если мобильное устройство заблокировано троянцем-вымогателем семейства Android.Locker (на экране отображается обвинение в нарушении закона, требование выплаты определенной денежной суммы или иное сообщение, мешающее нормальной работе с устройством), выполните следующие действия:
    • загрузите свой смартфон или планшет в безопасном режиме (в зависимости от версии операционной системы и особенностей конкретного мобильного устройства эта процедура может быть выполнена различными способами; обратитесь за уточнением к инструкции, поставляемой вместе с приобретенным аппаратом, или напрямую к его производителю);
    • после активации безопасного режима установите на зараженное устройство бесплатный антивирусный продукт Dr.Web для Android Light и произведите полную проверку системы, выполнив рекомендации по нейтрализации обнаруженных угроз;
    • выключите устройство и включите его в обычном режиме.

Подробнее о Dr.Web для Android

Демо бесплатно на 14 дней

Выдаётся при установке

Скачать с сайта
Скачать с Google Play