DLA UŻYTKOWNIKÓW

Zamknij

Library
My library

+ Add to library

Search
Search

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum
Profile

PL

RU CN DE EN ES FR IT JP KZ UZ PL BY
Zamknij
Support services
Scanners
Dr.Web vxCube
Trial
VCI investigations
Virus library
Knowledge base

Technologies

Terminology

Training and education

Myths

News

Win32.HLLW.Autoruner3.1962

Added to the Dr.Web virus database: 2020-01-27

Virus description added:

Technical Information

To ensure autorun and distribution
Creates the following files on removable media
  • <Drive name for removable media>:\dblue3.lnk
  • <Drive name for removable media>:\jblue6.lnk
  • <Drive name for removable media>:\iblue6.lnk
  • <Drive name for removable media>:\hblue6.lnk
  • <Drive name for removable media>:\gblue6.lnk
  • <Drive name for removable media>:\fblue6.lnk
  • <Drive name for removable media>:\eblue6.lnk
  • <Drive name for removable media>:\dblue6.lnk
  • <Drive name for removable media>:\blue3.bin
  • <Drive name for removable media>:\kblue3.lnk
  • <Drive name for removable media>:\jblue3.lnk
  • <Drive name for removable media>:\iblue3.lnk
  • <Drive name for removable media>:\hblue3.lnk
  • <Drive name for removable media>:\gblue3.lnk
  • <Drive name for removable media>:\fblue3.lnk
  • <Drive name for removable media>:\eblue3.lnk
  • <Drive name for removable media>:\kblue6.lnk
  • <Drive name for removable media>:\blue6.bin
Modifies file system
Creates the following files
  • %TEMP%\lgrt4oi5.0.cs
  • %TEMP%\cscab84.tmp
  • %TEMP%\bgruczim.out
  • %TEMP%\bgruczim.cmdline
  • %TEMP%\bgruczim.0.cs
  • %TEMP%\eqtrezlm.dll
  • %TEMP%\msoiubzs.dll
  • %TEMP%\resa78d.tmp
  • %TEMP%\resa77e.tmp
  • %TEMP%\csca6a2.tmp
  • %TEMP%\csca76d.tmp
  • %TEMP%\msoiubzs.out
  • %TEMP%\msoiubzs.cmdline
  • %TEMP%\msoiubzs.0.cs
  • %TEMP%\eqtrezlm.out
  • %TEMP%\eqtrezlm.cmdline
  • %TEMP%\eqtrezlm.0.cs
  • %TEMP%\lgrt4oi5.dll
  • %TEMP%\res9761.tmp
  • %TEMP%\csc9750.tmp
  • %TEMP%\lgrt4oi5.out
  • %TEMP%\lgrt4oi5.cmdline
  • %TEMP%\resab95.tmp
  • %TEMP%\bgruczim.dll
Deletes the following files
  • %TEMP%\res9761.tmp
  • %TEMP%\bgruczim.out
  • %TEMP%\bgruczim.cmdline
  • %TEMP%\bgruczim.pdb
  • %TEMP%\cscab84.tmp
  • %TEMP%\resab95.tmp
  • %TEMP%\msoiubzs.out
  • %TEMP%\msoiubzs.0.cs
  • %TEMP%\msoiubzs.dll
  • %TEMP%\msoiubzs.pdb
  • %TEMP%\msoiubzs.cmdline
  • %TEMP%\eqtrezlm.pdb
  • %TEMP%\eqtrezlm.cmdline
  • %TEMP%\eqtrezlm.out
  • %TEMP%\eqtrezlm.0.cs
  • %TEMP%\eqtrezlm.dll
  • %TEMP%\csca6a2.tmp
  • %TEMP%\resa78d.tmp
  • %TEMP%\csca76d.tmp
  • %TEMP%\resa77e.tmp
  • %TEMP%\lgrt4oi5.dll
  • %TEMP%\lgrt4oi5.cmdline
  • %TEMP%\lgrt4oi5.pdb
  • %TEMP%\lgrt4oi5.out
  • %TEMP%\lgrt4oi5.0.cs
  • %TEMP%\csc9750.tmp
  • %TEMP%\bgruczim.0.cs
  • %TEMP%\bgruczim.dll
Network activity
TCP
  • 'ap#.#pify.org':443
UDP
  • DNS ASK ap#.#pify.org
Miscellaneous
Creates and executes the following
  • '%WINDIR%\microsoft.net\framework64\v2.0.50727\csc.exe' /noconfig /fullpaths @"%TEMP%\lgrt4oi5.cmdline"' (with hidden window)
  • '%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES9761.tmp" "%TEMP%\CSC9750.tmp"' (with hidden window)
  • '%WINDIR%\microsoft.net\framework64\v2.0.50727\csc.exe' /noconfig /fullpaths @"%TEMP%\eqtrezlm.cmdline"' (with hidden window)
  • '%WINDIR%\microsoft.net\framework64\v2.0.50727\csc.exe' /noconfig /fullpaths @"%TEMP%\msoiubzs.cmdline"' (with hidden window)
  • '%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESA77E.tmp" "%TEMP%\CSCA76D.tmp"' (with hidden window)
  • '%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESA78D.tmp" "%TEMP%\CSCA6A2.tmp"' (with hidden window)
  • '%WINDIR%\microsoft.net\framework64\v2.0.50727\csc.exe' /noconfig /fullpaths @"%TEMP%\bgruczim.cmdline"' (with hidden window)
  • '%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESAB95.tmp" "%TEMP%\CSCAB84.tmp"' (with hidden window)
  • '<SYSTEM32>\taskmgr.exe' ' (with hidden window)
Executes the following
  • '%WINDIR%\microsoft.net\framework64\v2.0.50727\csc.exe' /noconfig /fullpaths @"%TEMP%\lgrt4oi5.cmdline"
  • '<SYSTEM32>\sc.exe' Config AxInstSV Start= Disabled
  • '<SYSTEM32>\sc.exe' Stop AxInstSV
  • '<SYSTEM32>\sc.exe' Delete AxInstSV
  • '<SYSTEM32>\sc.exe' Config Zational Start= Disabled
  • '<SYSTEM32>\sc.exe' Stop Zational
  • '<SYSTEM32>\sc.exe' Delete Zational
  • '<SYSTEM32>\sc.exe' Config "DNS Server" Start= Disabled
  • '<SYSTEM32>\sc.exe' Stop "DNS Server"
  • '<SYSTEM32>\sc.exe' Delete "DNS Server"
  • '<SYSTEM32>\sc.exe' Config Serhiez Start= Disabled
  • '<SYSTEM32>\sc.exe' Stop Serhiez
  • '<SYSTEM32>\sc.exe' Delete Serhiez
  • '<SYSTEM32>\sc.exe' Delete aspnet_staters
  • '<SYSTEM32>\sc.exe' Config SuperProServer Start= Disabled
  • '<SYSTEM32>\sc.exe' Delete SuperProServer
  • '<SYSTEM32>\sc.exe' Config ".Net CLR" Start= Disabled
  • '<SYSTEM32>\sc.exe' Stop ".Net CLR"
  • '<SYSTEM32>\sc.exe' Delete ".Net CLR"
  • '<SYSTEM32>\sc.exe' Config WissssssnHelp32 Start= Disabled
  • '<SYSTEM32>\sc.exe' Stop WissssssnHelp32
  • '<SYSTEM32>\sc.exe' Delete WissssssnHelp32
  • '<SYSTEM32>\sc.exe' Config WinHasdadelp32 Start= Disabled
  • '<SYSTEM32>\sc.exe' Stop WinHasdadelp32
  • '<SYSTEM32>\sc.exe' Delete WinHasdadelp32
  • '<SYSTEM32>\sc.exe' Config WinHasdelp32 Start= Disabled
  • '<SYSTEM32>\sc.exe' Stop WinHasdelp32
  • '<SYSTEM32>\sc.exe' Stop clr_optimization
  • '<SYSTEM32>\sc.exe' Delete clr_optimization
  • '<SYSTEM32>\sc.exe' Config clr_optimization Start= Disabled
  • '<SYSTEM32>\sc.exe' Stop aspnet_staters
  • '<SYSTEM32>\sc.exe' Config ClipBooks Start= Disabled
  • '<SYSTEM32>\sc.exe' Delete WifiService
  • '<SYSTEM32>\sc.exe' Config ALGM Start= Disabled
  • '<SYSTEM32>\sc.exe' Stop ALGM
  • '<SYSTEM32>\sc.exe' Delete ALGM
  • '<SYSTEM32>\sc.exe' Config wmiApSrvs Start= Disabled
  • '<SYSTEM32>\sc.exe' Stop wmiApSrvs
  • '<SYSTEM32>\sc.exe' Delete wmiApSrvs
  • '<SYSTEM32>\sc.exe' Config wmiApServs Start= Disabled
  • '<SYSTEM32>\sc.exe' Stop wmiApServs
  • '<SYSTEM32>\sc.exe' Delete wmiApServs
  • '<SYSTEM32>\sc.exe' Config taskmgr1 Start= Disabled
  • '<SYSTEM32>\sc.exe' Delete WinHasdelp32
  • '<SYSTEM32>\sc.exe' Config WifiService Start= Disabled
  • '<SYSTEM32>\sc.exe' Stop SuperProServer
  • '<SYSTEM32>\sc.exe' Stop taskmgr1
  • '<SYSTEM32>\sc.exe' Delete WebServers
  • '<SYSTEM32>\sc.exe' Config ExpressVNService Start= Disabled
  • '<SYSTEM32>\sc.exe' Stop ExpressVNService
  • '<SYSTEM32>\sc.exe' Delete ExpressVNService
  • '<SYSTEM32>\sc.exe' Config WW#.#DOS.CN.COM Start= Disabled
  • '<SYSTEM32>\sc.exe' Stop WW#.#DOS.CN.COM
  • '<SYSTEM32>\sc.exe' Delete WW#.#DOS.CN.COM
  • '<SYSTEM32>\sc.exe' Config WinHelpSvcs Start= Disabled
  • '<SYSTEM32>\sc.exe' Stop WinHelpSvcs
  • '<SYSTEM32>\sc.exe' Delete WinHelpSvcs
  • '<SYSTEM32>\sc.exe' Config aspnet_staters Start= Disabled
  • '<SYSTEM32>\sc.exe' Delete taskmgr1
  • '<SYSTEM32>\sc.exe' Config WebServers Start= Disabled
  • '<SYSTEM32>\sc.exe' Stop WebServers
  • '<SYSTEM32>\sc.exe' Stop "NetMsmqActiv Media NVIDIA"
  • '<SYSTEM32>\sc.exe' Stop ClipBooks
  • '<SYSTEM32>\schtasks.exe' /Delete /TN DNS /F
  • '<SYSTEM32>\schtasks.exe' /Delete /TN SYSTEM /F
  • '<SYSTEM32>\schtasks.exe' /Delete /TN DNS2 /F
  • '<SYSTEM32>\schtasks.exe' /Delete /TN SYSTEMa /F
  • '<SYSTEM32>\schtasks.exe' /Delete /TN skycmd /F
  • '<SYSTEM32>\schtasks.exe' /Delete /TN Miscfost /F
  • '<SYSTEM32>\schtasks.exe' /Delete /TN Netframework /F
  • '<SYSTEM32>\schtasks.exe' /Delete /TN Flash /F
  • '<SYSTEM32>\schtasks.exe' /Delete /TN RavTask /F
  • '<SYSTEM32>\schtasks.exe' /Delete /TN GooglePingConfigs /F
  • '<SYSTEM32>\schtasks.exe' /Delete /TN HomeGroupProvider /F
  • '<SYSTEM32>\schtasks.exe' /Delete /TN MiscfostNsi /F
  • '<SYSTEM32>\schtasks.exe' /Delete /TN WwANsvc /F
  • '<SYSTEM32>\schtasks.exe' /Delete /TN Update4 /F
  • '<SYSTEM32>\sc.exe' Delete SRDSL
  • '<SYSTEM32>\schtasks.exe' /Delete /TN Update3 /F
  • '<SYSTEM32>\ipconfig.exe' /displaydns
  • '<SYSTEM32>\netstat.exe' -ano
  • '<SYSTEM32>\schtasks.exe' /Delete /TN DnsScan /F
  • '<SYSTEM32>\schtasks.exe' /Delete /TN WebServers /F
  • '<SYSTEM32>\schtasks.exe' /Delete /TN Credentials /F
  • '<SYSTEM32>\schtasks.exe' /Delete /TN TablteInputout /F
  • '<SYSTEM32>\schtasks.exe' /Delete /TN werclpsyport /F
  • '<SYSTEM32>\schtasks.exe' /Delete /TN HispDemorn /F
  • '<SYSTEM32>\schtasks.exe' /Delete /TN LimeRAT-Admin /F
  • '<SYSTEM32>\schtasks.exe' /Delete /TN DnsCore /F
  • '<SYSTEM32>\schtasks.exe' /Delete /TN "Update service for Windows Service" /F
  • '<SYSTEM32>\schtasks.exe' /Delete /TN ECDnsCore /F
  • '<SYSTEM32>\schtasks.exe' /Delete /TN Bluetooths /F
  • '<SYSTEM32>\ipconfig.exe' /all
  • '<SYSTEM32>\sc.exe' Stop WifiService
  • '<SYSTEM32>\schtasks.exe' /Delete /TN Update1 /F
  • '<SYSTEM32>\schtasks.exe' /Delete /TN Windows_Update /F
  • '<SYSTEM32>\schtasks.exe' /Delete /TN Mysa /F
  • '<SYSTEM32>\schtasks.exe' /Delete /TN Mysa1 /F
  • '<SYSTEM32>\schtasks.exe' /Delete /TN Mysa2 /F
  • '<SYSTEM32>\schtasks.exe' /Delete /TN Mysa3 /F
  • '<SYSTEM32>\schtasks.exe' /Delete /TN ok /F
  • '<SYSTEM32>\schtasks.exe' /Delete /TN "Oracle Java" /F
  • '<SYSTEM32>\schtasks.exe' /Delete /TN "Oracle Java Update" /F
  • '<SYSTEM32>\schtasks.exe' /Delete /TN "Microsoft Telemetry" /F
  • '<SYSTEM32>\schtasks.exe' /Delete /TN "Spooler SubSystem Service" /F
  • '<SYSTEM32>\schtasks.exe' /Delete /TN "Oracle Products Reporter" /F
  • '<SYSTEM32>\schtasks.exe' /Delete /TN "Update service for products" /F
  • '<SYSTEM32>\schtasks.exe' /Delete /TN gm /F
  • '<SYSTEM32>\schtasks.exe' /Delete /TN Update2 /F
  • '<SYSTEM32>\sc.exe' Delete ClipBooks
  • '<SYSTEM32>\schtasks.exe' /Delete /TN my1 /F
  • '<SYSTEM32>\schtasks.exe' /Delete /TN Update_windows /F
  • '<SYSTEM32>\schtasks.exe' /Delete /TN WindowsUpdate1 /F
  • '<SYSTEM32>\schtasks.exe' /Delete /TN WindowsUpdate2 /F
  • '<SYSTEM32>\schtasks.exe' /Delete /TN WindowsUpdate3 /F
  • '<SYSTEM32>\schtasks.exe' /Delete /TN AdobeFlashPlayer /F
  • '<SYSTEM32>\schtasks.exe' /Delete /TN FlashPlayer1 /F
  • '<SYSTEM32>\schtasks.exe' /Delete /TN FlashPlayer2 /F
  • '<SYSTEM32>\schtasks.exe' /Delete /TN FlashPlayer3 /F
  • '<SYSTEM32>\schtasks.exe' /Delete /TN IIS /F
  • '<SYSTEM32>\schtasks.exe' /Delete /TN WindowsLogTasks /F
  • '<SYSTEM32>\schtasks.exe' /Delete /TN "System Log Security Check" /F
  • '<SYSTEM32>\schtasks.exe' /Delete /TN Update /F
  • '<SYSTEM32>\schtasks.exe' /Delete /TN Sorry /F
  • '<SYSTEM32>\schtasks.exe' /Delete /TN ngm /F
  • '<SYSTEM32>\sc.exe' Stop SRDSL
  • '<SYSTEM32>\sc.exe' Config SRDSL Start= Disabled
  • '<SYSTEM32>\sc.exe' Delete MpeSvc
  • '<SYSTEM32>\sc.exe' Delete sysmgt
  • '<SYSTEM32>\sc.exe' Config \gm Start= Disabled
  • '<SYSTEM32>\sc.exe' Stop \gm
  • '<SYSTEM32>\sc.exe' Delete \gm
  • '<SYSTEM32>\sc.exe' Config WmdnPnSN Start= Disabled
  • '<SYSTEM32>\sc.exe' Stop WmdnPnSN
  • '<SYSTEM32>\sc.exe' Delete WmdnPnSN
  • '<SYSTEM32>\sc.exe' Config Sougoudl Start= Disabled
  • '<SYSTEM32>\sc.exe' Stop Sougoudl
  • '<SYSTEM32>\sc.exe' Delete Sougoudl
  • '<SYSTEM32>\sc.exe' Config National Start= Disabled
  • '<SYSTEM32>\sc.exe' Delete CLR
  • '<SYSTEM32>\sc.exe' Config "Microsoft Telemetry" Start= Disabled
  • '<SYSTEM32>\sc.exe' Stop sysmgt
  • '<SYSTEM32>\sc.exe' Stop National
  • '<SYSTEM32>\sc.exe' Delete Nationaaal
  • '<SYSTEM32>\sc.exe' Config Natimmonal Start= Disabled
  • '<SYSTEM32>\sc.exe' Stop Natimmonal
  • '<SYSTEM32>\sc.exe' Delete Natimmonal
  • '<SYSTEM32>\sc.exe' Config Nationaloll Start= Disabled
  • '<SYSTEM32>\sc.exe' Stop Nationaloll
  • '<SYSTEM32>\sc.exe' Delete Nationaloll
  • '<SYSTEM32>\sc.exe' Config Nationalmll Start= Disabled
  • '<SYSTEM32>\sc.exe' Stop Nationalmll
  • '<SYSTEM32>\sc.exe' Delete Nationalmll
  • '<SYSTEM32>\sc.exe' Config Nationalaie Start= Disabled
  • '<SYSTEM32>\sc.exe' Delete National
  • '<SYSTEM32>\sc.exe' Config Nationaaal Start= Disabled
  • '<SYSTEM32>\sc.exe' Stop Nationaaal
  • '<SYSTEM32>\netstat.exe' -anop TCP
  • '<SYSTEM32>\sc.exe' Stop Nationalaie
  • '<SYSTEM32>\sc.exe' Delete Oracleupdate
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -s -NoLogo -NoProfile
  • '%WINDIR%\microsoft.net\framework64\v2.0.50727\csc.exe' /noconfig /fullpaths @"%TEMP%\eqtrezlm.cmdline"
  • '%WINDIR%\microsoft.net\framework64\v2.0.50727\csc.exe' /noconfig /fullpaths @"%TEMP%\msoiubzs.cmdline"
  • '%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESA77E.tmp" "%TEMP%\CSCA76D.tmp"
  • '%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESA78D.tmp" "%TEMP%\CSCA6A2.tmp"
  • '%WINDIR%\microsoft.net\framework64\v2.0.50727\csc.exe' /noconfig /fullpaths @"%TEMP%\bgruczim.cmdline"
  • '%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RESAB95.tmp" "%TEMP%\CSCAB84.tmp"
  • '<SYSTEM32>\sc.exe' Config xWinWpdSrv Start= Disabled
  • '<SYSTEM32>\sc.exe' Stop xWinWpdSrv
  • '<SYSTEM32>\sc.exe' Delete xWinWpdSrv
  • '<SYSTEM32>\sc.exe' Config SVSHost Start= Disabled
  • '<SYSTEM32>\sc.exe' Stop SVSHost
  • '<SYSTEM32>\sc.exe' Config CLR Start= Disabled
  • '<SYSTEM32>\sc.exe' Stop CLR
  • '<SYSTEM32>\sc.exe' Delete SVSHost
  • '<SYSTEM32>\sc.exe' Delete "Microsoft Telemetry"
  • '<SYSTEM32>\sc.exe' Config lsass Start= Disabled
  • '<SYSTEM32>\sc.exe' Stop lsass
  • '<SYSTEM32>\sc.exe' Delete lsass
  • '<SYSTEM32>\sc.exe' Config Microsoft Start= Disabled
  • '<SYSTEM32>\sc.exe' Stop Microsoft
  • '<SYSTEM32>\sc.exe' Delete Microsoft
  • '<SYSTEM32>\sc.exe' Config system Start= Disabled
  • '<SYSTEM32>\sc.exe' Stop system
  • '<SYSTEM32>\sc.exe' Delete system
  • '<SYSTEM32>\sc.exe' Config Oracleupdate Start= Disabled
  • '<SYSTEM32>\sc.exe' Stop Oracleupdate
  • '%WINDIR%\microsoft.net\framework64\v2.0.50727\cvtres.exe' /NOLOGO /READONLY /MACHINE:IX86 "/OUT:%TEMP%\RES9761.tmp" "%TEMP%\CSC9750.tmp"
  • '<SYSTEM32>\sc.exe' Stop "Microsoft Telemetry"
  • '<SYSTEM32>\schtasks.exe' /Delete /TN Ddrivers /F
  • '<SYSTEM32>\sc.exe' Delete Nationalaie
  • '<SYSTEM32>\sc.exe' Delete Nationalwpi
  • '<SYSTEM32>\sc.exe' Delete Windows_Update
  • '<SYSTEM32>\sc.exe' Config "Windows Managers" Start= Disabled
  • '<SYSTEM32>\sc.exe' Stop "Windows Managers"
  • '<SYSTEM32>\sc.exe' Delete "Windows Managers"
  • '<SYSTEM32>\sc.exe' Config SvcNlauser Start= Disabled
  • '<SYSTEM32>\sc.exe' Stop SvcNlauser
  • '<SYSTEM32>\sc.exe' Delete SvcNlauser
  • '<SYSTEM32>\sc.exe' Config WinVaultSvc Start= Disabled
  • '<SYSTEM32>\sc.exe' Stop WinVaultSvc
  • '<SYSTEM32>\sc.exe' Delete WinVaultSvc
  • '<SYSTEM32>\sc.exe' Config Xtfy Start= Disabled
  • '<SYSTEM32>\sc.exe' Stop Xtfy
  • '<SYSTEM32>\sc.exe' Config Nationalwpi Start= Disabled
  • '<SYSTEM32>\sc.exe' Stop Windows_Update
  • '<SYSTEM32>\sc.exe' Config Windows_Update Start= Disabled
  • '<SYSTEM32>\sc.exe' Delete Xtfya
  • '<SYSTEM32>\sc.exe' Config Xtfyxxx Start= Disabled
  • '<SYSTEM32>\sc.exe' Stop Xtfyxxx
  • '<SYSTEM32>\sc.exe' Delete Xtfyxxx
  • '<SYSTEM32>\sc.exe' Config 360rTys Start= Disabled
  • '<SYSTEM32>\sc.exe' Stop 360rTys
  • '<SYSTEM32>\sc.exe' Delete 360rTys
  • '<SYSTEM32>\sc.exe' Config IPSECS Start= Disabled
  • '<SYSTEM32>\sc.exe' Stop IPSECS
  • '<SYSTEM32>\sc.exe' Delete IPSECS
  • '<SYSTEM32>\sc.exe' Config MpeSvc Start= Disabled
  • '<SYSTEM32>\sc.exe' Stop MpeSvc
  • '<SYSTEM32>\sc.exe' Delete Xtfy
  • '<SYSTEM32>\sc.exe' Stop Xtfya
  • '<SYSTEM32>\sc.exe' Stop Nationalwpi
  • '<SYSTEM32>\sc.exe' Config Xtfya Start= Disabled
  • '<SYSTEM32>\sc.exe' Config sysmgt Start= Disabled
  • '<SYSTEM32>\sc.exe' Config WinHelp32 Start= Disabled
  • '<SYSTEM32>\sc.exe' Stop WinHelp32
  • '<SYSTEM32>\sc.exe' Delete WinHelp32
  • '<SYSTEM32>\sc.exe' Config WinHelp64 Start= Disabled
  • '<SYSTEM32>\sc.exe' Stop WinHelp64
  • '<SYSTEM32>\sc.exe' Delete WinHelp64
  • '<SYSTEM32>\sc.exe' Config Samserver Start= Disabled
  • '<SYSTEM32>\sc.exe' Stop Samserver
  • '<SYSTEM32>\sc.exe' Delete Samserver
  • '<SYSTEM32>\sc.exe' Config RpcEptManger Start= Disabled
  • '<SYSTEM32>\sc.exe' Stop RpcEptManger
  • '<SYSTEM32>\sc.exe' Delete RpcEptManger
  • '<SYSTEM32>\sc.exe' Config mssecsvc2.0 Start= Disabled
  • '<SYSTEM32>\sc.exe' Delete mssecsvc2.0
  • '<SYSTEM32>\sc.exe' Stop mssecsvc2.0
  • '<SYSTEM32>\sc.exe' Config "Sncryption Media Playeq" Start= Disabled
  • '<SYSTEM32>\sc.exe' Stop "Sncryption Media Playeq"
  • '<SYSTEM32>\sc.exe' Delete "Sncryption Media Playeq"
  • '<SYSTEM32>\sc.exe' Config SxS Start= Disabled
  • '<SYSTEM32>\sc.exe' Stop SxS
  • '<SYSTEM32>\sc.exe' Delete SxS
  • '<SYSTEM32>\sc.exe' Config WinSvc Start= Disabled
  • '<SYSTEM32>\sc.exe' Stop WinSvc
  • '<SYSTEM32>\sc.exe' Delete WinSvc
  • '<SYSTEM32>\sc.exe' Config mssecsvc2.1 Start= Disabled
  • '<SYSTEM32>\sc.exe' Stop mssecsvc2.1
  • '<SYSTEM32>\sc.exe' Delete mssecsvc2.1
  • '<SYSTEM32>\sc.exe' Config "NetMsmqActiv Media NVIDIA" Start= Disabled
  • '<SYSTEM32>\sc.exe' Delete "NetMsmqActiv Media NVIDIA"
  • '<SYSTEM32>\taskmgr.exe'