Technical Information
- Windows Update
- Windows Security Center
- %TEMP%\~3b89.bat
- %TEMP%\~3b89.bat
- %TEMP%\~3b89.bat
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- '%WINDIR%\syswow64\cmd.exe' /c %TEMP%\~3B89.bat "<Full path to file>"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c %TEMP%\~3B89.bat "<Full path to file>"
- '%WINDIR%\syswow64\sc.exe' delete "MicroCloudEngine"
- '%WINDIR%\syswow64\sc.exe' delete "mintpad service"
- '%WINDIR%\syswow64\sc.exe' delete "Kdiskdown"
- '%WINDIR%\syswow64\sc.exe' delete "KService"
- '%WINDIR%\syswow64\sc.exe' delete "JJangFileDown"
- '%WINDIR%\syswow64\sc.exe' delete "ingrid114up"
- '%WINDIR%\syswow64\sc.exe' delete "114ktisetup"
- '%WINDIR%\syswow64\sc.exe' delete "ingrid114"
- '%WINDIR%\syswow64\sc.exe' delete "hidiskdown"
- '%WINDIR%\syswow64\sc.exe' delete "hsstrayservice"
- '%WINDIR%\syswow64\sc.exe' delete "hotspotshieldservice"
- '%WINDIR%\syswow64\sc.exe' delete "hsssrv"
- '%WINDIR%\syswow64\sc.exe' delete "hsswd"
- '%WINDIR%\syswow64\sc.exe' delete "Naver Anti-virus Realtime Monitor"
- '%WINDIR%\syswow64\sc.exe' delete "npkcmsvc"
- '%WINDIR%\syswow64\sc.exe' delete "GridMember"
- '%WINDIR%\syswow64\sc.exe' delete "FileDown"
- '%WINDIR%\syswow64\sc.exe' delete "FeelDownload"
- '%WINDIR%\syswow64\sc.exe' delete "Filecityupdater"
- '%WINDIR%\syswow64\sc.exe' delete "FIDownService"
- '%WINDIR%\syswow64\sc.exe' delete "FsUsbExService"
- '%WINDIR%\syswow64\sc.exe' delete "ExpressService"
- '%WINDIR%\syswow64\sc.exe' delete "DsSearchBar"
- '%WINDIR%\syswow64\sc.exe' delete "DaokiFastDown"
- '%WINDIR%\syswow64\sc.exe' delete "dgdersvc"
- '%WINDIR%\syswow64\sc.exe' delete "CloudManager"
- '%WINDIR%\syswow64\sc.exe' delete "cvhsvc"
- '%WINDIR%\syswow64\sc.exe' delete "BBoxSearchBar"
- '%WINDIR%\syswow64\sc.exe' delete "GDownService"
- '%WINDIR%\syswow64\sc.exe' stop "MicroCloudEngine"
- '%WINDIR%\syswow64\sc.exe' delete "Naver Anti-virus Scan Service"
- '%WINDIR%\syswow64\sc.exe' config "wuauserv" start= disabled
- '%WINDIR%\syswow64\sc.exe' config "FsUsbExService" start= disabled
- '%WINDIR%\syswow64\sc.exe' config "YahooAUService" start= disabled
- '%WINDIR%\syswow64\sc.exe' delete "ZioFileDown"
- '%WINDIR%\syswow64\sc.exe' delete "yahooauservice"
- '%WINDIR%\syswow64\sc.exe' delete "xOceanUpdate"
- '%WINDIR%\syswow64\sc.exe' delete "xOcean"
- '%WINDIR%\syswow64\sc.exe' delete "wscsvc"
- '%WINDIR%\syswow64\sc.exe' delete "wuauserv"
- '%WINDIR%\syswow64\sc.exe' delete "windows multibox update class"
- '%WINDIR%\syswow64\sc.exe' delete "Windows Cloud-Web Update Class"
- '%WINDIR%\syswow64\sc.exe' delete "Windows CloudWeb Update Class"
- '%WINDIR%\syswow64\sc.exe' delete "vupdate"
- '%WINDIR%\syswow64\sc.exe' delete "TGridService"
- '%WINDIR%\syswow64\sc.exe' delete "Tple_download"
- '%WINDIR%\syswow64\sc.exe' delete "TsService"
- '%WINDIR%\syswow64\sc.exe' delete "SBoxSearchBar"
- '%WINDIR%\syswow64\sc.exe' delete "sftvsa"
- '%WINDIR%\syswow64\sc.exe' delete "sftlist"
- '%WINDIR%\syswow64\sc.exe' delete "qdownservice"
- '%WINDIR%\syswow64\sc.exe' delete "qdownagent"
- '%WINDIR%\syswow64\sc.exe' delete "qdownupdate"
- '%WINDIR%\syswow64\sc.exe' delete "Qatutoup"
- '%WINDIR%\syswow64\sc.exe' delete "QUploader"
- '%WINDIR%\syswow64\sc.exe' delete "QBrid_Service"
- '%WINDIR%\syswow64\sc.exe' delete "QuickDownload Update"
- '%WINDIR%\syswow64\sc.exe' delete "QuickDownload Service"
- '%WINDIR%\syswow64\sc.exe' delete "QuickDownload Agent"
- '%WINDIR%\syswow64\sc.exe' delete "NATService"
- '%WINDIR%\syswow64\sc.exe' delete "bigfilesearch"
- '%WINDIR%\syswow64\sc.exe' delete "GDownAgent"
- '%WINDIR%\syswow64\sc.exe' delete "bigfiledownload"
- '%WINDIR%\syswow64\sc.exe' delete "BonService"
- '%WINDIR%\syswow64\sc.exe' delete "Bonjour Service"
- '%WINDIR%\syswow64\sc.exe' stop "FeelDownload"
- '%WINDIR%\syswow64\sc.exe' stop "JJangFileDown"
- '%WINDIR%\syswow64\sc.exe' stop "ingrid114up"
- '%WINDIR%\syswow64\sc.exe' stop "114ktisetup"
- '%WINDIR%\syswow64\sc.exe' stop "ingrid114"
- '%WINDIR%\syswow64\sc.exe' stop "hidiskdown"
- '%WINDIR%\syswow64\sc.exe' stop "hsstrayservice"
- '%WINDIR%\syswow64\sc.exe' stop "hotspotshieldservice"
- '%WINDIR%\syswow64\sc.exe' stop "hsssrv"
- '%WINDIR%\syswow64\sc.exe' stop "hsswd"
- '%WINDIR%\syswow64\sc.exe' stop "GDownService"
- '%WINDIR%\syswow64\sc.exe' stop "GDownAgent"
- '%WINDIR%\syswow64\sc.exe' stop "GridMember"
- '%WINDIR%\syswow64\sc.exe' stop "FileDown"
- '%WINDIR%\syswow64\sc.exe' stop "Filecityupdater"
- '%WINDIR%\syswow64\sc.exe' stop "Kdiskdown"
- '%WINDIR%\syswow64\sc.exe' stop "FIDownService"
- '%WINDIR%\syswow64\sc.exe' stop "FsUsbExService"
- '%WINDIR%\syswow64\sc.exe' stop "ExpressService"
- '%WINDIR%\syswow64\sc.exe' stop "DsSearchBar"
- '%WINDIR%\syswow64\sc.exe' stop "DaokiFastDown"
- '%WINDIR%\syswow64\sc.exe' stop "dgdersvc"
- '%WINDIR%\syswow64\sc.exe' stop "CloudManager"
- '%WINDIR%\syswow64\sc.exe' stop "cvhsvc"
- '%WINDIR%\syswow64\sc.exe' stop "BBoxSearchBar"
- '%WINDIR%\syswow64\sc.exe' stop "bigfilesearch"
- '%WINDIR%\syswow64\sc.exe' stop "bigfiledownload"
- '%WINDIR%\syswow64\sc.exe' stop "BonService"
- '%WINDIR%\syswow64\sc.exe' stop "Bonjour Service"
- '%WINDIR%\syswow64\sc.exe' config "wscsvc" start= disabled
- '%WINDIR%\syswow64\sc.exe' delete "NetAccelerator"
- '%WINDIR%\syswow64\sc.exe' stop "mintpad service"
- '%WINDIR%\syswow64\sc.exe' stop "Naver Anti-virus Realtime Monitor"
- '%WINDIR%\syswow64\sc.exe' stop "KService"
- '%WINDIR%\syswow64\sc.exe' stop "ZioFileDown"
- '%WINDIR%\syswow64\sc.exe' stop "yahooauservice"
- '%WINDIR%\syswow64\sc.exe' stop "xOceanUpdate"
- '%WINDIR%\syswow64\sc.exe' stop "xOcean"
- '%WINDIR%\syswow64\sc.exe' stop "wscsvc"
- '%WINDIR%\syswow64\sc.exe' stop "wuauserv"
- '%WINDIR%\syswow64\sc.exe' stop "windows multibox update class"
- '%WINDIR%\syswow64\sc.exe' stop "Windows Cloud-Web Update Class"
- '%WINDIR%\syswow64\sc.exe' stop "Windows CloudWeb Update Class"
- '%WINDIR%\syswow64\sc.exe' stop "vupdate"
- '%WINDIR%\syswow64\sc.exe' stop "TGridService"
- '%WINDIR%\syswow64\sc.exe' stop "Tple_download"
- '%WINDIR%\syswow64\sc.exe' stop "TsService"
- '%WINDIR%\syswow64\sc.exe' stop "SBoxSearchBar"
- '%WINDIR%\syswow64\sc.exe' stop "sftvsa"
- '%WINDIR%\syswow64\sc.exe' stop "sftlist"
- '%WINDIR%\syswow64\sc.exe' stop "qdownservice"
- '%WINDIR%\syswow64\sc.exe' stop "qdownagent"
- '%WINDIR%\syswow64\sc.exe' stop "qdownupdate"
- '%WINDIR%\syswow64\sc.exe' stop "Qatutoup"
- '%WINDIR%\syswow64\sc.exe' stop "QUploader"
- '%WINDIR%\syswow64\sc.exe' stop "QBrid_Service"
- '%WINDIR%\syswow64\sc.exe' stop "QuickDownload Update"
- '%WINDIR%\syswow64\sc.exe' stop "QuickDownload Service"
- '%WINDIR%\syswow64\sc.exe' stop "QuickDownload Agent"
- '%WINDIR%\syswow64\sc.exe' stop "NATService"
- '%WINDIR%\syswow64\sc.exe' stop "NetAccelerator"
- '%WINDIR%\syswow64\sc.exe' stop "Naver Anti-virus Scan Service"
- '%WINDIR%\syswow64\sc.exe' stop "npkcmsvc"
- '%WINDIR%\syswow64\regedit.exe' /s "<SYSTEM32>\remove.Reg"