DLA UŻYTKOWNIKÓW

Zamknij

Library
My library

+ Add to library

Search
Search

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum
Profile

PL

RU CN DE EN ES FR IT JP KZ UZ PL BY
Zamknij
Support services
Scanners
Dr.Web vxCube
Trial
VCI investigations
Virus library
Knowledge base

Technologies

Terminology

Training and education

Myths

News

BAT.AVKill.34

Added to the Dr.Web virus database: 2023-08-15

Virus description added:

Technical Information

To ensure autorun and distribution
Sets the following service settings
  • [HKLM\System\CurrentControlSet\Services\IKEEXT] 'Start' = '00000002'
Malicious functions
Executes the following
  • '<SYSTEM32>\net.exe' stop ГґSecurity CenterГ¶
  • '<SYSTEM32>\net.exe' stop SCRSCAN
  • '<SYSTEM32>\net.exe' stop sharedaccess
  • '<SYSTEM32>\net.exe' stop SPHINX
  • '<SYSTEM32>\net.exe' stop SPYXX
  • '<SYSTEM32>\net.exe' stop SS3EDIT
  • '<SYSTEM32>\net.exe' stop STOPW
  • '<SYSTEM32>\net.exe' stop SVW3
  • '<SYSTEM32>\net.exe' stop SWEEP95
  • '<SYSTEM32>\net.exe' stop SweepNet
  • '<SYSTEM32>\net.exe' stop RTVSCN95
  • '<SYSTEM32>\net.exe' stop SWEEPSRV
  • '<SYSTEM32>\net.exe' stop SCAN32
  • '<SYSTEM32>\net.exe' stop SweepUpdate
  • '<SYSTEM32>\net.exe' stop SymProxySvc
  • '<SYSTEM32>\net.exe' stop SYMTRAY
  • '<SYSTEM32>\net.exe' stop TFAK
  • '<SYSTEM32>\net.exe' stop vbcmserv
  • '<SYSTEM32>\net.exe' stop VbCons
  • '<SYSTEM32>\net.exe' stop VET32
  • '<SYSTEM32>\net.exe' stop VET95
  • '<SYSTEM32>\net.exe' stop VETTRAY
  • '<SYSTEM32>\net.exe' stop VPC32
  • '<SYSTEM32>\net.exe' stop SWEEPSRV.SYS
  • '<SYSTEM32>\net.exe' stop VPTRAY
  • '<SYSTEM32>\net.exe' stop SWNETSUP
  • '<SYSTEM32>\net.exe' stop sbserv
  • '<SYSTEM32>\net.exe' stop RESCUE
  • '<SYSTEM32>\net.exe' stop REALMON
  • '<SYSTEM32>\net.exe' stop ntrtscan
  • '<SYSTEM32>\net.exe' stop NTVDM
  • '<SYSTEM32>\net.exe' stop NTXconfig
  • '<SYSTEM32>\net.exe' stop NVC95
  • '<SYSTEM32>\net.exe' stop NVSVC32
  • '<SYSTEM32>\net.exe' stop NWService
  • '<SYSTEM32>\net.exe' stop NWTOOL16
  • '<SYSTEM32>\net.exe' stop PADMIN
  • '<SYSTEM32>\net.exe' stop pavproxy
  • '<SYSTEM32>\net.exe' stop PCCIOMON
  • '<SYSTEM32>\net.exe' stop NPSSVC
  • '<SYSTEM32>\net.exe' stop pccntmon
  • '<SYSTEM32>\net.exe' stop PCCWIN98
  • '<SYSTEM32>\net.exe' stop pcscan
  • '<SYSTEM32>\net.exe' stop PERSFW
  • '<SYSTEM32>\net.exe' stop POP3TRAP
  • '<SYSTEM32>\net.exe' stop POPROXY
  • '<SYSTEM32>\net.exe' stop PORTMONITOR
  • '<SYSTEM32>\net.exe' stop PROCESSMONITOR
  • '<SYSTEM32>\net.exe' stop PROGRAMAUDITOR
  • '<SYSTEM32>\net.exe' stop PROT95
  • '<SYSTEM32>\net.exe' stop PVIEW95
  • '<SYSTEM32>\net.exe' stop RAV7
  • '<SYSTEM32>\net.exe' stop pccwin97
  • '<SYSTEM32>\net.exe' stop RAV7WIN
  • '<SYSTEM32>\net.exe' stop NPROTECT
  • '<SYSTEM32>\net.exe' stop NSCHED32
  • '<SYSTEM32>\net.exe' stop VSCHED
  • '<SYSTEM32>\net.exe' stop vsmon
  • '<SYSTEM32>\taskkill.exe' /f /t /im Avgctrl.exe
  • '<SYSTEM32>\taskkill.exe' /f /t /im Avkserv.exe
  • '<SYSTEM32>\taskkill.exe' /f /t /im Avnt.exe
  • '<SYSTEM32>\taskkill.exe' /f /t /im Avp.exe
  • '<SYSTEM32>\taskkill.exe' /f /t /im AVP32
  • '<SYSTEM32>\taskkill.exe' /f /t /im Avp32.exe
  • '<SYSTEM32>\taskkill.exe' /f /t /im Avpcc.exe
  • '<SYSTEM32>\taskkill.exe' /f /t /im Avpdos32.exe
  • '<SYSTEM32>\taskkill.exe' /f /t /im Avpm.exe
  • '<SYSTEM32>\taskkill.exe' /f /t /im Avptc32.exe
  • '<SYSTEM32>\taskkill.exe' /f /t /im Avconsol.exe
  • '<SYSTEM32>\taskkill.exe' /f /t /im Ave32.exe
  • '<SYSTEM32>\taskkill.exe' /f /t /im Avpupd.exe
  • '<SYSTEM32>\taskkill.exe' /f /t /im AVSYNMGR
  • '<SYSTEM32>\taskkill.exe' /f /t /im Avwin95.exe
  • '<SYSTEM32>\taskkill.exe' /f /t /im Avwupd32.exe
  • '<SYSTEM32>\taskkill.exe' /f /t /im Blackd.exe
  • '<SYSTEM32>\taskkill.exe' /f /t /im BLACKICE
  • '<SYSTEM32>\taskkill.exe' /f /t /im BlackICE Defender
  • '<SYSTEM32>\taskkill.exe' /f /t /im Blackice.exe
  • '<SYSTEM32>\taskkill.exe' /f /t /im CA Sessionwall-3
  • '<SYSTEM32>\taskkill.exe' /f /t /im Cfiadmin.exe
  • '<SYSTEM32>\taskkill.exe' /f /t /im Cfiaudit.exe
  • '<SYSTEM32>\taskkill.exe' /f /t /im Avsched32.exe
  • '<SYSTEM32>\taskkill.exe' /f /t /im AVSync Manager
  • '<SYSTEM32>\taskkill.exe' /f /t /im AVCONSOL
  • '<SYSTEM32>\taskkill.exe' /f /t /im ATRACK
  • '<SYSTEM32>\net.exe' stop MCAGENT
  • '<SYSTEM32>\net.exe' stop VSSTAT
  • '<SYSTEM32>\net.exe' stop WATCHDOG
  • '<SYSTEM32>\net.exe' stop WEBSCANX
  • '<SYSTEM32>\net.exe' stop WGFE95
  • '<SYSTEM32>\net.exe' stop WIMMUN32
  • '<SYSTEM32>\net.exe' stop WRADMIN
  • '<SYSTEM32>\net.exe' stop WRCTRL
  • '<SYSTEM32>\net.exe' stop ZAPROMINILOG
  • '<SYSTEM32>\net.exe' stop ZONEALARM
  • '<SYSTEM32>\taskkill.exe' /f /t /im ccapp
  • '<SYSTEM32>\taskkill.exe' /f /t /im mcdetect t
  • '<SYSTEM32>\taskkill.exe' /f /t /im McAfee security Center Module
  • '<SYSTEM32>\taskkill.exe' /f /t /im yahoomessenger /f /t
  • '<SYSTEM32>\taskkill.exe' /f /t /im msmsgs
  • '<SYSTEM32>\taskkill.exe' /f /t /im firefox
  • '<SYSTEM32>\taskkill.exe' /f /t /im iexplore
  • '<SYSTEM32>\taskkill.exe' /f /t /im _Avp32.exe
  • '<SYSTEM32>\taskkill.exe' /f /t /im _Avpcc.exe
  • '<SYSTEM32>\taskkill.exe' /f /t /im _Avpm.exe
  • '<SYSTEM32>\taskkill.exe' /f /t /im Agnitum Outpost Firewall
  • '<SYSTEM32>\taskkill.exe' /f /t /im Anti-Trojan.exe
  • '<SYSTEM32>\taskkill.exe' /f /t /im ANTIVIR
  • '<SYSTEM32>\taskkill.exe' /f /t /im Apvxdwin.exe
  • '<SYSTEM32>\net.exe' stop VSECOMR
  • '<SYSTEM32>\net.exe' stop VSMAIN
  • '<SYSTEM32>\net.exe' stop VSHWIN32
  • '<SYSTEM32>\net.exe' stop NORMIST
  • '<SYSTEM32>\net.exe' stop NMAIN
  • '<SYSTEM32>\net.exe' stop NISUM
  • '<SYSTEM32>\net.exe' stop AVXMONITORNT
  • '<SYSTEM32>\net.exe' stop AVXQUAR
  • '<SYSTEM32>\net.exe' stop AVXW
  • '<SYSTEM32>\net.exe' stop BLACKD
  • '<SYSTEM32>\net.exe' stop BLACKICE
  • '<SYSTEM32>\net.exe' stop CLAW95
  • '<SYSTEM32>\net.exe' stop CLAW95CF
  • '<SYSTEM32>\net.exe' stop CLEANER
  • '<SYSTEM32>\net.exe' stop CLEANER3
  • '<SYSTEM32>\net.exe' stop AVSYNMGR
  • '<SYSTEM32>\net.exe' stop CMGRDIAN
  • '<SYSTEM32>\net.exe' stop AVXMONITOR9X
  • '<SYSTEM32>\net.exe' stop defscangui
  • '<SYSTEM32>\net.exe' stop DOORS
  • '<SYSTEM32>\net.exe' stop DVP95
  • '<SYSTEM32>\net.exe' stop EFPEADM
  • '<SYSTEM32>\net.exe' stop ETRUSTCIPE
  • '<SYSTEM32>\net.exe' stop EVPN
  • '<SYSTEM32>\net.exe' stop EXPERT
  • '<SYSTEM32>\net.exe' stop fameh32
  • '<SYSTEM32>\net.exe' stop fch32
  • '<SYSTEM32>\net.exe' stop fih32
  • '<SYSTEM32>\net.exe' stop CONNECTIONMONITOR
  • '<SYSTEM32>\net.exe' stop Avsched32
  • '<SYSTEM32>\net.exe' stop DEFWATCH
  • '<SYSTEM32>\net.exe' stop AVPM
  • '<SYSTEM32>\net.exe' stop AVPCC
  • '<SYSTEM32>\netsh.exe' firewall set opmode mode=disable
  • '<SYSTEM32>\net.exe' stop ADVXDWIN
  • '<SYSTEM32>\net.exe' stop ALERTSVC
  • '<SYSTEM32>\net.exe' stop ALOGSERV
  • '<SYSTEM32>\net.exe' stop AMON9X
  • '<SYSTEM32>\net.exe' stop ANTI-TROJAN
  • '<SYSTEM32>\net.exe' stop ANTS
  • '<SYSTEM32>\net.exe' stop apvxdwin
  • '<SYSTEM32>\net.exe' stop ATCON
  • '<SYSTEM32>\net.exe' stop ATUPDATER
  • '<SYSTEM32>\net.exe' stop ATWATCH
  • '<SYSTEM32>\net.exe' stop AUTODOWN
  • '<SYSTEM32>\net.exe' stop ACKWIN32
  • '<SYSTEM32>\net.exe' stop AutoTrace
  • '<SYSTEM32>\net.exe' stop AVGCC32
  • '<SYSTEM32>\net.exe' stop AVGCTRL
  • '<SYSTEM32>\net.exe' stop AVGSERV
  • '<SYSTEM32>\net.exe' stop AVGSERV9
  • '<SYSTEM32>\net.exe' stop AVGW
  • '<SYSTEM32>\net.exe' stop avkpop
  • '<SYSTEM32>\net.exe' stop AVKSERV
  • '<SYSTEM32>\net.exe' stop avkservice
  • '<SYSTEM32>\net.exe' stop avkwctl9
  • '<SYSTEM32>\net.exe' stop AVP32
  • '<SYSTEM32>\net.exe' stop fnrb32
  • '<SYSTEM32>\net.exe' stop AVCONSOL
  • '<SYSTEM32>\net.exe' stop fsaa
  • '<SYSTEM32>\net.exe' stop AVWINNT
  • '<SYSTEM32>\net.exe' stop fsav32
  • '<SYSTEM32>\net.exe' stop MCTOOL
  • '<SYSTEM32>\net.exe' stop MCVSRTE
  • '<SYSTEM32>\net.exe' stop MCVSSHLD
  • '<SYSTEM32>\net.exe' stop MGAVRTCL
  • '<SYSTEM32>\net.exe' stop MGAVRTE
  • '<SYSTEM32>\net.exe' stop MGHTML
  • '<SYSTEM32>\net.exe' stop minilog
  • '<SYSTEM32>\net.exe' stop MONITOR
  • '<SYSTEM32>\net.exe' stop MOOLIVE
  • '<SYSTEM32>\net.exe' stop MWATCH
  • '<SYSTEM32>\net.exe' stop NAVAP
  • '<SYSTEM32>\net.exe' stop navapsvc
  • '<SYSTEM32>\net.exe' stop NAVAPW32
  • '<SYSTEM32>\net.exe' stop NAVENG
  • '<SYSTEM32>\net.exe' stop NAVEX15
  • '<SYSTEM32>\net.exe' stop NAVLU32
  • '<SYSTEM32>\net.exe' stop NAVW32
  • '<SYSTEM32>\net.exe' stop NAVWNT
  • '<SYSTEM32>\net.exe' stop NDD32
  • '<SYSTEM32>\net.exe' stop NeoWatchLog
  • '<SYSTEM32>\net.exe' stop NETUTILS
  • '<SYSTEM32>\net.exe' stop ngdbserv
  • '<SYSTEM32>\net.exe' stop NGServer
  • '<SYSTEM32>\net.exe' stop NISSERV
  • '<SYSTEM32>\net.exe' stop MCSHIELD
  • '<SYSTEM32>\net.exe' stop fsgk32
  • '<SYSTEM32>\net.exe' stop MCUPDATE
  • '<SYSTEM32>\taskkill.exe' /f /t /im Autodown.exe
  • '<SYSTEM32>\taskkill.exe' /f /t /im CFINET
  • '<SYSTEM32>\net.exe' stop LUCOMSERVER
  • '<SYSTEM32>\net.exe' stop fsma32
  • '<SYSTEM32>\net.exe' stop fsmb32
  • '<SYSTEM32>\net.exe' stop gbmenu
  • '<SYSTEM32>\net.exe' stop GENERICS
  • '<SYSTEM32>\net.exe' stop GUARD
  • '<SYSTEM32>\net.exe' stop GUARDDOG
  • '<SYSTEM32>\net.exe' stop HELP
  • '<SYSTEM32>\net.exe' stop IAMAPP
  • '<SYSTEM32>\net.exe' stop IAMSERV
  • '<SYSTEM32>\net.exe' stop ICLOAD95
  • '<SYSTEM32>\net.exe' stop ICLOADNT
  • '<SYSTEM32>\net.exe' stop fsm32
  • '<SYSTEM32>\net.exe' stop ICMON
  • '<SYSTEM32>\net.exe' stop ICSUPPNT
  • '<SYSTEM32>\net.exe' stop IFACE
  • '<SYSTEM32>\net.exe' stop IOMON98
  • '<SYSTEM32>\net.exe' stop ISRV95
  • '<SYSTEM32>\net.exe' stop JEDI
  • '<SYSTEM32>\net.exe' stop LDNETMON
  • '<SYSTEM32>\net.exe' stop LDPROMENU
  • '<SYSTEM32>\net.exe' stop LDSCAN
  • '<SYSTEM32>\net.exe' stop LOCKDOWN
  • '<SYSTEM32>\net.exe' stop LOCKDOWN2000
  • '<SYSTEM32>\net.exe' stop LUALL
  • '<SYSTEM32>\net.exe' stop ICSUPP95
  • '<SYSTEM32>\net.exe' stop MCMNHDLR
  • '<SYSTEM32>\taskkill.exe' /f /t /im Cfinet.exe
Launches a large number of processes
Terminates or attempts to terminate
the following user processes:
  • firefox.exe
Network activity
UDP
  • 'localhost':65176
  • 'localhost':65188
Miscellaneous
Searches for the following windows
  • ClassName: '' WindowName: ''
Executes the following
  • '<SYSTEM32>\net1.exe' stop ГґSecurity CenterГ¶
  • '<SYSTEM32>\net1.exe' stop MONITOR
  • '<SYSTEM32>\net1.exe' stop MOOLIVE
  • '<SYSTEM32>\net1.exe' stop MWATCH
  • '<SYSTEM32>\net1.exe' stop NAVAP
  • '<SYSTEM32>\net1.exe' stop navapsvc
  • '<SYSTEM32>\net1.exe' stop NAVAPW32
  • '<SYSTEM32>\net1.exe' stop NAVENG
  • '<SYSTEM32>\net1.exe' stop NAVEX15
  • '<SYSTEM32>\net1.exe' stop NAVLU32
  • '<SYSTEM32>\net1.exe' stop NAVW32
  • '<SYSTEM32>\net1.exe' stop NAVWNT
  • '<SYSTEM32>\net1.exe' stop MGHTML
  • '<SYSTEM32>\net1.exe' stop minilog
  • '<SYSTEM32>\net1.exe' stop NDD32
  • '<SYSTEM32>\net1.exe' stop ngdbserv
  • '<SYSTEM32>\net1.exe' stop NGServer
  • '<SYSTEM32>\net1.exe' stop NISSERV
  • '<SYSTEM32>\net1.exe' stop NISUM
  • '<SYSTEM32>\net1.exe' stop NMAIN
  • '<SYSTEM32>\net1.exe' stop NORMIST
  • '<SYSTEM32>\net1.exe' stop NPROTECT
  • '<SYSTEM32>\net1.exe' stop NPSSVC
  • '<SYSTEM32>\net1.exe' stop NSCHED32
  • '<SYSTEM32>\net1.exe' stop ntrtscan
  • '<SYSTEM32>\net1.exe' stop NTVDM
  • '<SYSTEM32>\net1.exe' stop NeoWatchLog
  • '<SYSTEM32>\net1.exe' stop NETUTILS
  • '<SYSTEM32>\net1.exe' stop MGAVRTE
  • '<SYSTEM32>\net1.exe' stop MCVSSHLD
  • '<SYSTEM32>\net1.exe' stop NVC95
  • '<SYSTEM32>\net1.exe' stop HELP
  • '<SYSTEM32>\net1.exe' stop IAMAPP
  • '<SYSTEM32>\net1.exe' stop IAMSERV
  • '<SYSTEM32>\net1.exe' stop ICLOAD95
  • '<SYSTEM32>\net1.exe' stop ICLOADNT
  • '<SYSTEM32>\net1.exe' stop ICMON
  • '<SYSTEM32>\net1.exe' stop ICSUPP95
  • '<SYSTEM32>\net1.exe' stop ICSUPPNT
  • '<SYSTEM32>\net1.exe' stop IFACE
  • '<SYSTEM32>\net1.exe' stop IOMON98
  • '<SYSTEM32>\net1.exe' stop ISRV95
  • '<SYSTEM32>\net1.exe' stop JEDI
  • '<SYSTEM32>\net1.exe' stop LDNETMON
  • '<SYSTEM32>\net1.exe' stop LDPROMENU
  • '<SYSTEM32>\net1.exe' stop LDSCAN
  • '<SYSTEM32>\net1.exe' stop LOCKDOWN
  • '<SYSTEM32>\net1.exe' stop LOCKDOWN2000
  • '<SYSTEM32>\net1.exe' stop LUALL
  • '<SYSTEM32>\net1.exe' stop LUCOMSERVER
  • '<SYSTEM32>\net1.exe' stop MCAGENT
  • '<SYSTEM32>\net1.exe' stop MCMNHDLR
  • '<SYSTEM32>\net1.exe' stop MCSHIELD
  • '<SYSTEM32>\net1.exe' stop MCTOOL
  • '<SYSTEM32>\net1.exe' stop MCUPDATE
  • '<SYSTEM32>\net1.exe' stop MCVSRTE
  • '<SYSTEM32>\net1.exe' stop NTXconfig
  • '<SYSTEM32>\net1.exe' stop GUARD
  • '<SYSTEM32>\net1.exe' stop MGAVRTCL
  • '<SYSTEM32>\net1.exe' stop AVSYNMGR
  • '<SYSTEM32>\net1.exe' stop NVSVC32
  • '<SYSTEM32>\net1.exe' stop SweepNet
  • '<SYSTEM32>\net1.exe' stop SWEEPSRV
  • '<SYSTEM32>\net1.exe' stop SWEEPSRV.SYS
  • '<SYSTEM32>\net1.exe' stop SweepUpdate
  • '<SYSTEM32>\net1.exe' stop SWNETSUP
  • '<SYSTEM32>\net1.exe' stop SymProxySvc
  • '<SYSTEM32>\net1.exe' stop SYMTRAY
  • '<SYSTEM32>\net1.exe' stop TFAK
  • '<SYSTEM32>\net1.exe' stop vbcmserv
  • '<SYSTEM32>\net1.exe' stop VbCons
  • '<SYSTEM32>\net1.exe' stop VET32
  • '<SYSTEM32>\net1.exe' stop VET95
  • '<SYSTEM32>\net1.exe' stop VETTRAY
  • '<SYSTEM32>\net1.exe' stop VPC32
  • '<SYSTEM32>\net1.exe' stop VPTRAY
  • '<SYSTEM32>\net1.exe' stop VSCHED
  • '<SYSTEM32>\net1.exe' stop VSECOMR
  • '<SYSTEM32>\net1.exe' stop VSHWIN32
  • '<SYSTEM32>\net1.exe' stop VSMAIN
  • '<SYSTEM32>\net1.exe' stop vsmon
  • '<SYSTEM32>\net1.exe' stop VSSTAT
  • '<SYSTEM32>\net1.exe' stop WATCHDOG
  • '<SYSTEM32>\net1.exe' stop WEBSCANX
  • '<SYSTEM32>\net1.exe' stop WGFE95
  • '<SYSTEM32>\net1.exe' stop WIMMUN32
  • '<SYSTEM32>\net1.exe' stop WRADMIN
  • '<SYSTEM32>\net1.exe' stop WRCTRL
  • '<SYSTEM32>\net1.exe' stop SWEEP95
  • '<SYSTEM32>\net1.exe' stop GENERICS
  • '<SYSTEM32>\net1.exe' stop GUARDDOG
  • '<SYSTEM32>\net1.exe' stop SS3EDIT
  • '<SYSTEM32>\net1.exe' stop NWTOOL16
  • '<SYSTEM32>\net1.exe' stop PADMIN
  • '<SYSTEM32>\net1.exe' stop pavproxy
  • '<SYSTEM32>\net1.exe' stop PCCIOMON
  • '<SYSTEM32>\net1.exe' stop pccntmon
  • '<SYSTEM32>\net1.exe' stop pccwin97
  • '<SYSTEM32>\net1.exe' stop PCCWIN98
  • '<SYSTEM32>\net1.exe' stop pcscan
  • '<SYSTEM32>\net1.exe' stop PERSFW
  • '<SYSTEM32>\net1.exe' stop POP3TRAP
  • '<SYSTEM32>\net1.exe' stop POPROXY
  • '<SYSTEM32>\net1.exe' stop PORTMONITOR
  • '<SYSTEM32>\net1.exe' stop PROCESSMONITOR
  • '<SYSTEM32>\net1.exe' stop PROGRAMAUDITOR
  • '<SYSTEM32>\net1.exe' stop PROT95
  • '<SYSTEM32>\net1.exe' stop PVIEW95
  • '<SYSTEM32>\net1.exe' stop RAV7
  • '<SYSTEM32>\net1.exe' stop RAV7WIN
  • '<SYSTEM32>\net1.exe' stop REALMON
  • '<SYSTEM32>\net1.exe' stop RESCUE
  • '<SYSTEM32>\net1.exe' stop RTVSCN95
  • '<SYSTEM32>\net1.exe' stop sbserv
  • '<SYSTEM32>\net1.exe' stop SCAN32
  • '<SYSTEM32>\net1.exe' stop SCRSCAN
  • '<SYSTEM32>\net1.exe' stop sharedaccess
  • '<SYSTEM32>\net1.exe' stop SPHINX
  • '<SYSTEM32>\net1.exe' stop SPYXX
  • '<SYSTEM32>\net1.exe' stop STOPW
  • '<SYSTEM32>\net1.exe' stop NWService
  • '<SYSTEM32>\net1.exe' stop gbmenu
  • '<SYSTEM32>\net1.exe' stop fsmb32
  • '<SYSTEM32>\net1.exe' stop fsma32
  • '<SYSTEM32>\tskill.exe' /A zlclien*
  • '<SYSTEM32>\tskill.exe' /A minilog
  • '<SYSTEM32>\tskill.exe' /A cc*
  • '<SYSTEM32>\tskill.exe' /A norton*
  • '<SYSTEM32>\tskill.exe' /A norton au*
  • '<SYSTEM32>\tskill.exe' /A ccc*
  • '<SYSTEM32>\tskill.exe' /A npfmn*
  • '<SYSTEM32>\tskill.exe' /A loge*
  • '<SYSTEM32>\tskill.exe' /A nisum*
  • '<SYSTEM32>\tskill.exe' /A issvc
  • '<SYSTEM32>\tskill.exe' /A tmp*
  • '<SYSTEM32>\tskill.exe' /A tmn*
  • '<SYSTEM32>\tskill.exe' /A pcc*
  • '<SYSTEM32>\tskill.exe' /A cpd*
  • '<SYSTEM32>\tskill.exe' /A pop*
  • '<SYSTEM32>\tskill.exe' /A pav*
  • '<SYSTEM32>\tskill.exe' /A padmin
  • '<SYSTEM32>\tskill.exe' /A panda*
  • '<SYSTEM32>\tskill.exe' /A avsch*
  • '<SYSTEM32>\tskill.exe' /A sche*
  • '<SYSTEM32>\tskill.exe' /A syman*
  • '<SYSTEM32>\tskill.exe' /A virus*
  • '<SYSTEM32>\tskill.exe' /A realm*
  • '<SYSTEM32>\tskill.exe' /A sweep*
  • '<SYSTEM32>\tskill.exe' /A scan*
  • '<SYSTEM32>\tskill.exe' /A zap*
  • '<SYSTEM32>\tskill.exe' /A msiexec
  • '<SYSTEM32>\tskill.exe' /A upd*
  • '<SYSTEM32>\net1.exe' stop ZAPROMINILOG
  • '<SYSTEM32>\tskill.exe' /A ad-*
  • '<SYSTEM32>\tskill.exe' /A mghtml
  • '<SYSTEM32>\tskill.exe' /A fire*
  • '<SYSTEM32>\tskill.exe' /A anti*
  • '<SYSTEM32>\tskill.exe' /A spy*
  • '<SYSTEM32>\tskill.exe' /A bullguard
  • '<SYSTEM32>\tskill.exe' /A PersFw
  • '<SYSTEM32>\tskill.exe' /A KAV*
  • '<SYSTEM32>\tskill.exe' /A ZONEALARM
  • '<SYSTEM32>\tskill.exe' /A SAFEWEB
  • '<SYSTEM32>\tskill.exe' /A OUTPOST
  • '<SYSTEM32>\tskill.exe' /A nv*
  • '<SYSTEM32>\tskill.exe' /A nav*
  • '<SYSTEM32>\tskill.exe' /A F-*
  • '<SYSTEM32>\tskill.exe' /A av*
  • '<SYSTEM32>\tskill.exe' /A ESAFE
  • '<SYSTEM32>\tskill.exe' /A BLACKICE
  • '<SYSTEM32>\tskill.exe' /A def*
  • '<SYSTEM32>\tskill.exe' /A kav
  • '<SYSTEM32>\tskill.exe' /A avg*
  • '<SYSTEM32>\tskill.exe' /A ash*
  • '<SYSTEM32>\tskill.exe' /A aswupdsv
  • '<SYSTEM32>\tskill.exe' /A ewid*
  • '<SYSTEM32>\tskill.exe' /A guard*
  • '<SYSTEM32>\tskill.exe' /A guar*
  • '<SYSTEM32>\tskill.exe' /A gcasDt*
  • '<SYSTEM32>\tskill.exe' /A msmp*
  • '<SYSTEM32>\tskill.exe' /A mcafe*
  • '<SYSTEM32>\tskill.exe' /A cle
  • '<SYSTEM32>\tskill.exe' /A isafe
  • '<SYSTEM32>\net1.exe' stop SVW3
  • '<SYSTEM32>\tskill.exe' /A safe*
  • '<SYSTEM32>\tskill.exe' /A offg*
  • '<SYSTEM32>\net1.exe' stop AVXQUAR
  • '<SYSTEM32>\net1.exe' stop AVXW
  • '<SYSTEM32>\net1.exe' stop BLACKD
  • '<SYSTEM32>\net1.exe' stop BLACKICE
  • '<SYSTEM32>\net1.exe' stop CLAW95
  • '<SYSTEM32>\net1.exe' stop CLAW95CF
  • '<SYSTEM32>\net1.exe' stop CLEANER
  • '<SYSTEM32>\net1.exe' stop CLEANER3
  • '<SYSTEM32>\net1.exe' stop CMGRDIAN
  • '<SYSTEM32>\net1.exe' stop CONNECTIONMONITOR
  • '<SYSTEM32>\net1.exe' stop defscangui
  • '<SYSTEM32>\net1.exe' stop DEFWATCH
  • '<SYSTEM32>\net1.exe' stop DOORS
  • '<SYSTEM32>\net1.exe' stop DVP95
  • '<SYSTEM32>\net1.exe' stop EFPEADM
  • '<SYSTEM32>\net1.exe' stop ETRUSTCIPE
  • '<SYSTEM32>\net1.exe' stop EVPN
  • '<SYSTEM32>\net1.exe' stop EXPERT
  • '<SYSTEM32>\net1.exe' stop fameh32
  • '<SYSTEM32>\net1.exe' stop fch32
  • '<SYSTEM32>\net1.exe' stop fih32
  • '<SYSTEM32>\net1.exe' stop fnrb32
  • '<SYSTEM32>\net1.exe' stop fsaa
  • '<SYSTEM32>\net1.exe' stop fsav32
  • '<SYSTEM32>\net1.exe' stop fsgk32
  • '<SYSTEM32>\net1.exe' stop fsm32
  • '<SYSTEM32>\tskill.exe' /A avas*
  • '<SYSTEM32>\net1.exe' stop AVXMONITORNT
  • '<SYSTEM32>\tskill.exe' /A norm*
  • '<SYSTEM32>\net1.exe' stop AVXMONITOR9X
  • '<SYSTEM32>\tskill.exe' /A zauinst
  • '<SYSTEM32>\net1.exe' stop ACKWIN32
  • '<SYSTEM32>\net1.exe' stop ADVXDWIN
  • '<SYSTEM32>\net1.exe' stop ALERTSVC
  • '<SYSTEM32>\net1.exe' stop ALOGSERV
  • '<SYSTEM32>\net1.exe' stop AMON9X
  • '<SYSTEM32>\net1.exe' stop ANTI-TROJAN
  • '<SYSTEM32>\net1.exe' stop ANTS
  • '<SYSTEM32>\net1.exe' stop apvxdwin
  • '<SYSTEM32>\net1.exe' stop ATCON
  • '<SYSTEM32>\net1.exe' stop ATUPDATER
  • '<SYSTEM32>\net1.exe' stop ATWATCH
  • '<SYSTEM32>\net1.exe' stop AUTODOWN
  • '<SYSTEM32>\net1.exe' stop AutoTrace
  • '<SYSTEM32>\net1.exe' stop AVCONSOL
  • '<SYSTEM32>\net1.exe' stop AVGCC32
  • '<SYSTEM32>\net1.exe' stop AVGCTRL
  • '<SYSTEM32>\net1.exe' stop AVGSERV
  • '<SYSTEM32>\net1.exe' stop AVGSERV9
  • '<SYSTEM32>\net1.exe' stop AVGW
  • '<SYSTEM32>\net1.exe' stop avkpop
  • '<SYSTEM32>\net1.exe' stop AVKSERV
  • '<SYSTEM32>\net1.exe' stop avkservice
  • '<SYSTEM32>\net1.exe' stop avkwctl9
  • '<SYSTEM32>\net1.exe' stop AVP32
  • '<SYSTEM32>\net1.exe' stop AVPCC
  • '<SYSTEM32>\net1.exe' stop AVPM
  • '<SYSTEM32>\net1.exe' stop Avsched32
  • '<SYSTEM32>\net1.exe' stop AVWINNT
  • '<SYSTEM32>\net1.exe' stop ZONEALARM

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play