用户服务中心

Close

Library
My library

+ Add to library

Search
Search

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum

Your tickets

New ticket

Call us

+7 (495) 789-45-86

Profile

CN

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
Close
服务
扫描仪
Dr.Web vxCube
试用
病毒知识库
知识库

技术

术语

教育培训

误区

新闻

Trojan.KillProc2.39652

Added to the Dr.Web virus database: 2026-02-27

Virus description added:

Technical Information

Malicious functions
To complicate detection of its presence in the operating system,
blocks execution of the following system utilities:
  • Windows Update
Executes the following
  • '<SYSTEM32>\taskkill.exe' /f /im SecurityHealthSystray.exe
  • '<SYSTEM32>\net.exe' stop WinDefend /y
  • '<SYSTEM32>\net.exe' stop SecurityHealthService /y
  • '<SYSTEM32>\net.exe' stop WdNisSvc /y
  • '<SYSTEM32>\net.exe' stop MpsSvc /y
  • '<SYSTEM32>\net.exe' stop Sense /y
  • '<SYSTEM32>\net.exe' stop DiagTrack /y
  • '<SYSTEM32>\net.exe' stop WMPNetworkSvc /y
  • '<SYSTEM32>\net.exe' stop RemoteRegistry /y
  • '<SYSTEM32>\net.exe' stop wscsvc /y
  • '<SYSTEM32>\net.exe' stop WinHttpAutoProxySvc /y
  • '<SYSTEM32>\net.exe' stop BITS /y
  • '<SYSTEM32>\net.exe' stop wuauserv /y
  • '<SYSTEM32>\net.exe' stop MSiSCSI /y
  • '<SYSTEM32>\net.exe' stop StorSvc /y
  • '<SYSTEM32>\net.exe' stop DPS /y
  • '<SYSTEM32>\net.exe' stop WdiServiceHost /y
  • '<SYSTEM32>\net.exe' stop WdiSystemHost /y
  • '<SYSTEM32>\net.exe' stop WpnService /y
  • '<SYSTEM32>\net.exe' stop PcaSvc /y
  • '<SYSTEM32>\net.exe' stop SysMain /y
  • '<SYSTEM32>\net.exe' stop WSearch /y
  • '<SYSTEM32>\net.exe' stop WbioSrvc /y
  • '<SYSTEM32>\net.exe' stop WlanSvc /y
  • '<SYSTEM32>\net.exe' stop WwanSvc /y
  • '<SYSTEM32>\net.exe' stop WinRM /y
  • '<SYSTEM32>\net.exe' stop W3SVC /y
  • '<SYSTEM32>\net.exe' stop IISADMIN /y
  • '<SYSTEM32>\net.exe' stop MSMQ /y
  • '<SYSTEM32>\net.exe' stop RpcEptMapper /y
Launches a large number of processes
Terminates or attempts to terminate
the following system processes:
  • <SYSTEM32>\securityhealthsystray.exe
Modifies file system
Creates the following files
  • %TEMP%\sysdata.dat
Miscellaneous
Searches for the following windows
  • ClassName: '' WindowName: ''
Executes the following
  • '<SYSTEM32>\sc.exe' stop SecurityHealthSystray.exe
  • '<SYSTEM32>\sc.exe' delete SecurityHealthSystray.exe
  • '<SYSTEM32>\wbem\wmic.exe' process where name='SecurityHealthSystray.exe' delete
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Process -Name 'SecurityHealthSystray.exe' -Force"
  • '<SYSTEM32>\sc.exe' stop WinDefend
  • '<SYSTEM32>\sc.exe' config WinDefend start= disabled
  • '<SYSTEM32>\sc.exe' delete WinDefend
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WinDefend' call stopservice
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WinDefend' delete
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'WinDefend' -Force"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'WinDefend' -StartupType Disabled"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'WinDefend'"
  • '<SYSTEM32>\sc.exe' stop SecurityHealthService
  • '<SYSTEM32>\sc.exe' config SecurityHealthService start= disabled
  • '<SYSTEM32>\sc.exe' delete SecurityHealthService
  • '<SYSTEM32>\wbem\wmic.exe' service where name='SecurityHealthService' call stopservice
  • '<SYSTEM32>\wbem\wmic.exe' service where name='SecurityHealthService' delete
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'SecurityHealthService' -Force"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'SecurityHealthService' -StartupType Disabled"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'SecurityHealthService'"
  • '<SYSTEM32>\sc.exe' stop WdNisSvc
  • '<SYSTEM32>\sc.exe' config WdNisSvc start= disabled
  • '<SYSTEM32>\sc.exe' delete WdNisSvc
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WdNisSvc' call stopservice
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WdNisSvc' delete
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'WdNisSvc' -Force"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'WdNisSvc' -StartupType Disabled"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'WdNisSvc'"
  • '<SYSTEM32>\sc.exe' stop MpsSvc
  • '<SYSTEM32>\sc.exe' config MpsSvc start= disabled
  • '<SYSTEM32>\sc.exe' delete MpsSvc
  • '<SYSTEM32>\wbem\wmic.exe' service where name='MpsSvc' call stopservice
  • '<SYSTEM32>\wbem\wmic.exe' service where name='MpsSvc' delete
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'MpsSvc' -Force"
  • '<SYSTEM32>\net1.exe' stop WinDefend /y
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'MpsSvc' -StartupType Disabled"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'MpsSvc'"
  • '<SYSTEM32>\sc.exe' stop Sense
  • '<SYSTEM32>\sc.exe' config Sense start= disabled
  • '<SYSTEM32>\sc.exe' delete Sense
  • '<SYSTEM32>\wbem\wmic.exe' service where name='Sense' call stopservice
  • '<SYSTEM32>\wbem\wmic.exe' service where name='Sense' delete
  • '<SYSTEM32>\net1.exe' stop SecurityHealthService /y
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'Sense' -Force"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'Sense' -StartupType Disabled"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'Sense'"
  • '<SYSTEM32>\sc.exe' stop DiagTrack
  • '<SYSTEM32>\sc.exe' config DiagTrack start= disabled
  • '<SYSTEM32>\sc.exe' delete DiagTrack
  • '<SYSTEM32>\wbem\wmic.exe' service where name='DiagTrack' call stopservice
  • '<SYSTEM32>\wbem\wmic.exe' service where name='DiagTrack' delete
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'DiagTrack' -Force"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'DiagTrack' -StartupType Disabled"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'DiagTrack'"
  • '<SYSTEM32>\sc.exe' stop WMPNetworkSvc
  • '<SYSTEM32>\sc.exe' config WMPNetworkSvc start= disabled
  • '<SYSTEM32>\net1.exe' stop WdNisSvc /y
  • '<SYSTEM32>\sc.exe' delete WMPNetworkSvc
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WMPNetworkSvc' call stopservice
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WMPNetworkSvc' delete
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'WMPNetworkSvc' -Force"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'WMPNetworkSvc' -StartupType Disabled"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'WMPNetworkSvc'"
  • '<SYSTEM32>\sc.exe' stop RemoteRegistry
  • '<SYSTEM32>\sc.exe' config RemoteRegistry start= disabled
  • '<SYSTEM32>\sc.exe' delete RemoteRegistry
  • '<SYSTEM32>\wbem\wmic.exe' service where name='RemoteRegistry' call stopservice
  • '<SYSTEM32>\wbem\wmic.exe' service where name='RemoteRegistry' delete
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'RemoteRegistry' -Force"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'RemoteRegistry' -StartupType Disabled"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'RemoteRegistry'"
  • '<SYSTEM32>\sc.exe' stop wscsvc
  • '<SYSTEM32>\sc.exe' config wscsvc start= disabled
  • '<SYSTEM32>\sc.exe' delete wscsvc
  • '<SYSTEM32>\wbem\wmic.exe' service where name='wscsvc' call stopservice
  • '<SYSTEM32>\wbem\wmic.exe' service where name='wscsvc' delete
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'wscsvc' -Force"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'wscsvc' -StartupType Disabled"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'wscsvc'"
  • '<SYSTEM32>\sc.exe' stop WinHttpAutoProxySvc
  • '<SYSTEM32>\sc.exe' config WinHttpAutoProxySvc start= disabled
  • '<SYSTEM32>\sc.exe' delete WinHttpAutoProxySvc
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WinHttpAutoProxySvc' call stopservice
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WinHttpAutoProxySvc' delete
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'WinHttpAutoProxySvc' -Force"
  • '<SYSTEM32>\net1.exe' stop DiagTrack /y
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'WinHttpAutoProxySvc' -StartupType Disabled"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'WinHttpAutoProxySvc'"
  • '<SYSTEM32>\sc.exe' stop BITS
  • '<SYSTEM32>\sc.exe' config BITS start= disabled
  • '<SYSTEM32>\sc.exe' delete BITS
  • '<SYSTEM32>\wbem\wmic.exe' service where name='BITS' call stopservice
  • '<SYSTEM32>\wbem\wmic.exe' service where name='BITS' delete
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'BITS' -Force"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'BITS' -StartupType Disabled"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'BITS'"
  • '<SYSTEM32>\sc.exe' stop wuauserv
  • '<SYSTEM32>\sc.exe' config wuauserv start= disabled
  • '<SYSTEM32>\sc.exe' delete wuauserv
  • '<SYSTEM32>\wbem\wmic.exe' service where name='wuauserv' call stopservice
  • '<SYSTEM32>\wbem\wmic.exe' service where name='wuauserv' delete
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'wuauserv' -Force"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'wuauserv' -StartupType Disabled"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'wuauserv'"
  • '<SYSTEM32>\sc.exe' stop MSiSCSI
  • '<SYSTEM32>\sc.exe' config MSiSCSI start= disabled
  • '<SYSTEM32>\sc.exe' delete MSiSCSI
  • '<SYSTEM32>\net1.exe' stop WMPNetworkSvc /y
  • '<SYSTEM32>\wbem\wmic.exe' service where name='MSiSCSI' call stopservice
  • '<SYSTEM32>\wbem\wmic.exe' service where name='MSiSCSI' delete
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'MSiSCSI' -Force"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'MSiSCSI' -StartupType Disabled"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'MSiSCSI'"
  • '<SYSTEM32>\sc.exe' stop StorSvc
  • '<SYSTEM32>\sc.exe' config StorSvc start= disabled
  • '<SYSTEM32>\sc.exe' delete StorSvc
  • '<SYSTEM32>\net1.exe' stop MpsSvc /y
  • '<SYSTEM32>\wbem\wmic.exe' service where name='StorSvc' call stopservice
  • '<SYSTEM32>\wbem\wmic.exe' service where name='StorSvc' delete
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'StorSvc' -Force"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'StorSvc' -StartupType Disabled"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'StorSvc'"
  • '<SYSTEM32>\sc.exe' stop DPS
  • '<SYSTEM32>\sc.exe' config DPS start= disabled
  • '<SYSTEM32>\sc.exe' delete DPS
  • '<SYSTEM32>\wbem\wmic.exe' service where name='DPS' call stopservice
  • '<SYSTEM32>\wbem\wmic.exe' service where name='DPS' delete
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'DPS' -Force"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'DPS' -StartupType Disabled"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'DPS'"
  • '<SYSTEM32>\sc.exe' stop WdiServiceHost
  • '<SYSTEM32>\sc.exe' config WdiServiceHost start= disabled
  • '<SYSTEM32>\sc.exe' delete WdiServiceHost
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WdiServiceHost' call stopservice
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WdiServiceHost' delete
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'WdiServiceHost' -Force"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'WdiServiceHost' -StartupType Disabled"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'WdiServiceHost'"
  • '<SYSTEM32>\sc.exe' stop WdiSystemHost
  • '<SYSTEM32>\sc.exe' config WdiSystemHost start= disabled
  • '<SYSTEM32>\sc.exe' delete WdiSystemHost
  • '<SYSTEM32>\net1.exe' stop Sense /y
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WdiSystemHost' call stopservice
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WdiSystemHost' delete
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'WdiSystemHost' -Force"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'WdiSystemHost' -StartupType Disabled"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'WdiSystemHost'"
  • '<SYSTEM32>\sc.exe' stop WpnService
  • '<SYSTEM32>\sc.exe' config WpnService start= disabled
  • '<SYSTEM32>\sc.exe' delete WpnService
  • '<SYSTEM32>\net1.exe' stop wuauserv /y
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WpnService' call stopservice
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WpnService' delete
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'WpnService' -Force"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'WpnService' -StartupType Disabled"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'WpnService'"
  • '<SYSTEM32>\sc.exe' stop PcaSvc
  • '<SYSTEM32>\sc.exe' config PcaSvc start= disabled
  • '<SYSTEM32>\sc.exe' delete PcaSvc
  • '<SYSTEM32>\wbem\wmic.exe' service where name='PcaSvc' call stopservice
  • '<SYSTEM32>\wbem\wmic.exe' service where name='PcaSvc' delete
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'PcaSvc' -Force"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'PcaSvc' -StartupType Disabled"
  • '<SYSTEM32>\net1.exe' stop RemoteRegistry /y
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'PcaSvc'"
  • '<SYSTEM32>\sc.exe' stop SysMain
  • '<SYSTEM32>\sc.exe' config SysMain start= disabled
  • '<SYSTEM32>\sc.exe' delete SysMain
  • '<SYSTEM32>\wbem\wmic.exe' service where name='SysMain' call stopservice
  • '<SYSTEM32>\wbem\wmic.exe' service where name='SysMain' delete
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'SysMain' -Force"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'SysMain' -StartupType Disabled"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'SysMain'"
  • '<SYSTEM32>\sc.exe' stop WSearch
  • '<SYSTEM32>\sc.exe' config WSearch start= disabled
  • '<SYSTEM32>\sc.exe' delete WSearch
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WSearch' call stopservice
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WSearch' delete
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'WSearch' -Force"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'WSearch' -StartupType Disabled"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'WSearch'"
  • '<SYSTEM32>\sc.exe' stop WbioSrvc
  • '<SYSTEM32>\sc.exe' config WbioSrvc start= disabled
  • '<SYSTEM32>\sc.exe' delete WbioSrvc
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WbioSrvc' call stopservice
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WbioSrvc' delete
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'WbioSrvc' -Force"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'WbioSrvc' -StartupType Disabled"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'WbioSrvc'"
  • '<SYSTEM32>\sc.exe' stop WlanSvc
  • '<SYSTEM32>\sc.exe' config WlanSvc start= disabled
  • '<SYSTEM32>\sc.exe' delete WlanSvc
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WlanSvc' call stopservice
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WlanSvc' delete
  • '<SYSTEM32>\net1.exe' stop BITS /y
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'WlanSvc' -Force"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'WlanSvc' -StartupType Disabled"
  • '<SYSTEM32>\net1.exe' stop StorSvc /y
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'WlanSvc'"
  • '<SYSTEM32>\sc.exe' stop WwanSvc
  • '<SYSTEM32>\sc.exe' config WwanSvc start= disabled
  • '<SYSTEM32>\sc.exe' delete WwanSvc
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WwanSvc' call stopservice
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WwanSvc' delete
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'WwanSvc' -Force"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'WwanSvc' -StartupType Disabled"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'WwanSvc'"
  • '<SYSTEM32>\sc.exe' stop WinRM
  • '<SYSTEM32>\sc.exe' config WinRM start= disabled
  • '<SYSTEM32>\sc.exe' delete WinRM
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WinRM' call stopservice
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WinRM' delete
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'WinRM' -Force"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'WinRM' -StartupType Disabled"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'WinRM'"
  • '<SYSTEM32>\sc.exe' stop W3SVC
  • '<SYSTEM32>\sc.exe' config W3SVC start= disabled
  • '<SYSTEM32>\sc.exe' delete W3SVC
  • '<SYSTEM32>\wbem\wmic.exe' service where name='W3SVC' call stopservice
  • '<SYSTEM32>\wbem\wmic.exe' service where name='W3SVC' delete
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'W3SVC' -Force"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'W3SVC' -StartupType Disabled"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'W3SVC'"
  • '<SYSTEM32>\sc.exe' stop IISADMIN
  • '<SYSTEM32>\sc.exe' config IISADMIN start= disabled
  • '<SYSTEM32>\sc.exe' delete IISADMIN
  • '<SYSTEM32>\wbem\wmic.exe' service where name='IISADMIN' call stopservice
  • '<SYSTEM32>\wbem\wmic.exe' service where name='IISADMIN' delete
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'IISADMIN' -Force"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'IISADMIN' -StartupType Disabled"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'IISADMIN'"
  • '<SYSTEM32>\sc.exe' stop MSMQ
  • '<SYSTEM32>\sc.exe' config MSMQ start= disabled
  • '<SYSTEM32>\sc.exe' delete MSMQ
  • '<SYSTEM32>\wbem\wmic.exe' service where name='MSMQ' call stopservice
  • '<SYSTEM32>\wbem\wmic.exe' service where name='MSMQ' delete
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'MSMQ' -Force"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'MSMQ' -StartupType Disabled"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'MSMQ'"
  • '<SYSTEM32>\sc.exe' stop RpcEptMapper
  • '<SYSTEM32>\sc.exe' config RpcEptMapper start= disabled
  • '<SYSTEM32>\sc.exe' delete RpcEptMapper
  • '<SYSTEM32>\wbem\wmic.exe' service where name='RpcEptMapper' call stopservice
  • '<SYSTEM32>\wbem\wmic.exe' service where name='RpcEptMapper' delete
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'RpcEptMapper' -Force"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'RpcEptMapper' -StartupType Disabled"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'RpcEptMapper'"
  • '<SYSTEM32>\sc.exe' stop SecurityHealthSystray.exe' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete SecurityHealthSystray.exe' (with hidden window)
  • '<SYSTEM32>\taskkill.exe' /f /im SecurityHealthSystray.exe' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' process where name='SecurityHealthSystray.exe' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Process -Name 'SecurityHealthSystray.exe' -Force"' (with hidden window)
  • '<SYSTEM32>\sc.exe' stop WinDefend' (with hidden window)
  • '<SYSTEM32>\sc.exe' config WinDefend start= disabled' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete WinDefend' (with hidden window)
  • '<SYSTEM32>\net.exe' stop WinDefend /y' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WinDefend' call stopservice' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WinDefend' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'WinDefend' -Force"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'WinDefend' -StartupType Disabled"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'WinDefend'"' (with hidden window)
  • '<SYSTEM32>\sc.exe' stop SecurityHealthService' (with hidden window)
  • '<SYSTEM32>\sc.exe' config SecurityHealthService start= disabled' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete SecurityHealthService' (with hidden window)
  • '<SYSTEM32>\net.exe' stop SecurityHealthService /y' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='SecurityHealthService' call stopservice' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='SecurityHealthService' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'SecurityHealthService' -Force"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'SecurityHealthService' -StartupType Disabled"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'SecurityHealthService'"' (with hidden window)
  • '<SYSTEM32>\sc.exe' stop WdNisSvc' (with hidden window)
  • '<SYSTEM32>\sc.exe' config WdNisSvc start= disabled' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete WdNisSvc' (with hidden window)
  • '<SYSTEM32>\net.exe' stop WdNisSvc /y' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WdNisSvc' call stopservice' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WdNisSvc' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'WdNisSvc' -Force"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'WdNisSvc' -StartupType Disabled"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'WdNisSvc'"' (with hidden window)
  • '<SYSTEM32>\sc.exe' stop MpsSvc' (with hidden window)
  • '<SYSTEM32>\sc.exe' config MpsSvc start= disabled' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete MpsSvc' (with hidden window)
  • '<SYSTEM32>\net.exe' stop MpsSvc /y' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='MpsSvc' call stopservice' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='MpsSvc' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'MpsSvc' -Force"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'MpsSvc' -StartupType Disabled"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'MpsSvc'"' (with hidden window)
  • '<SYSTEM32>\sc.exe' stop Sense' (with hidden window)
  • '<SYSTEM32>\sc.exe' config Sense start= disabled' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete Sense' (with hidden window)
  • '<SYSTEM32>\net.exe' stop Sense /y' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='Sense' call stopservice' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='Sense' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'Sense' -Force"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'Sense' -StartupType Disabled"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'Sense'"' (with hidden window)
  • '<SYSTEM32>\sc.exe' stop DiagTrack' (with hidden window)
  • '<SYSTEM32>\sc.exe' config DiagTrack start= disabled' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete DiagTrack' (with hidden window)
  • '<SYSTEM32>\net.exe' stop DiagTrack /y' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='DiagTrack' call stopservice' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='DiagTrack' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'DiagTrack' -Force"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'DiagTrack' -StartupType Disabled"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'DiagTrack'"' (with hidden window)
  • '<SYSTEM32>\sc.exe' stop WMPNetworkSvc' (with hidden window)
  • '<SYSTEM32>\sc.exe' config WMPNetworkSvc start= disabled' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete WMPNetworkSvc' (with hidden window)
  • '<SYSTEM32>\net.exe' stop WMPNetworkSvc /y' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WMPNetworkSvc' call stopservice' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WMPNetworkSvc' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'WMPNetworkSvc' -Force"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'WMPNetworkSvc' -StartupType Disabled"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'WMPNetworkSvc'"' (with hidden window)
  • '<SYSTEM32>\sc.exe' stop RemoteRegistry' (with hidden window)
  • '<SYSTEM32>\sc.exe' config RemoteRegistry start= disabled' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete RemoteRegistry' (with hidden window)
  • '<SYSTEM32>\net.exe' stop RemoteRegistry /y' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='RemoteRegistry' call stopservice' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='RemoteRegistry' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'RemoteRegistry' -Force"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'RemoteRegistry' -StartupType Disabled"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'RemoteRegistry'"' (with hidden window)
  • '<SYSTEM32>\sc.exe' stop wscsvc' (with hidden window)
  • '<SYSTEM32>\sc.exe' config wscsvc start= disabled' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete wscsvc' (with hidden window)
  • '<SYSTEM32>\net.exe' stop wscsvc /y' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='wscsvc' call stopservice' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='wscsvc' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'wscsvc' -Force"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'wscsvc' -StartupType Disabled"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'wscsvc'"' (with hidden window)
  • '<SYSTEM32>\sc.exe' stop WinHttpAutoProxySvc' (with hidden window)
  • '<SYSTEM32>\sc.exe' config WinHttpAutoProxySvc start= disabled' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete WinHttpAutoProxySvc' (with hidden window)
  • '<SYSTEM32>\net.exe' stop WinHttpAutoProxySvc /y' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WinHttpAutoProxySvc' call stopservice' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WinHttpAutoProxySvc' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'WinHttpAutoProxySvc' -Force"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'WinHttpAutoProxySvc' -StartupType Disabled"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'WinHttpAutoProxySvc'"' (with hidden window)
  • '<SYSTEM32>\sc.exe' stop BITS' (with hidden window)
  • '<SYSTEM32>\sc.exe' config BITS start= disabled' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete BITS' (with hidden window)
  • '<SYSTEM32>\net.exe' stop BITS /y' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='BITS' call stopservice' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='BITS' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'BITS' -Force"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'BITS' -StartupType Disabled"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'BITS'"' (with hidden window)
  • '<SYSTEM32>\sc.exe' stop wuauserv' (with hidden window)
  • '<SYSTEM32>\sc.exe' config wuauserv start= disabled' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete wuauserv' (with hidden window)
  • '<SYSTEM32>\net.exe' stop wuauserv /y' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='wuauserv' call stopservice' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='wuauserv' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'wuauserv' -Force"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'wuauserv' -StartupType Disabled"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'wuauserv'"' (with hidden window)
  • '<SYSTEM32>\sc.exe' stop MSiSCSI' (with hidden window)
  • '<SYSTEM32>\sc.exe' config MSiSCSI start= disabled' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete MSiSCSI' (with hidden window)
  • '<SYSTEM32>\net.exe' stop MSiSCSI /y' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='MSiSCSI' call stopservice' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='MSiSCSI' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'MSiSCSI' -Force"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'MSiSCSI' -StartupType Disabled"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'MSiSCSI'"' (with hidden window)
  • '<SYSTEM32>\sc.exe' stop StorSvc' (with hidden window)
  • '<SYSTEM32>\sc.exe' config StorSvc start= disabled' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete StorSvc' (with hidden window)
  • '<SYSTEM32>\net.exe' stop StorSvc /y' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='StorSvc' call stopservice' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='StorSvc' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'StorSvc' -Force"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'StorSvc' -StartupType Disabled"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'StorSvc'"' (with hidden window)
  • '<SYSTEM32>\sc.exe' stop DPS' (with hidden window)
  • '<SYSTEM32>\sc.exe' config DPS start= disabled' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete DPS' (with hidden window)
  • '<SYSTEM32>\net.exe' stop DPS /y' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='DPS' call stopservice' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='DPS' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'DPS' -Force"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'DPS' -StartupType Disabled"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'DPS'"' (with hidden window)
  • '<SYSTEM32>\sc.exe' stop WdiServiceHost' (with hidden window)
  • '<SYSTEM32>\sc.exe' config WdiServiceHost start= disabled' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete WdiServiceHost' (with hidden window)
  • '<SYSTEM32>\net.exe' stop WdiServiceHost /y' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WdiServiceHost' call stopservice' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WdiServiceHost' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'WdiServiceHost' -Force"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'WdiServiceHost' -StartupType Disabled"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'WdiServiceHost'"' (with hidden window)
  • '<SYSTEM32>\sc.exe' stop WdiSystemHost' (with hidden window)
  • '<SYSTEM32>\sc.exe' config WdiSystemHost start= disabled' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete WdiSystemHost' (with hidden window)
  • '<SYSTEM32>\net.exe' stop WdiSystemHost /y' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WdiSystemHost' call stopservice' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WdiSystemHost' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'WdiSystemHost' -Force"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'WdiSystemHost' -StartupType Disabled"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'WdiSystemHost'"' (with hidden window)
  • '<SYSTEM32>\sc.exe' stop WpnService' (with hidden window)
  • '<SYSTEM32>\sc.exe' config WpnService start= disabled' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete WpnService' (with hidden window)
  • '<SYSTEM32>\net.exe' stop WpnService /y' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WpnService' call stopservice' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WpnService' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'WpnService' -Force"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'WpnService' -StartupType Disabled"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'WpnService'"' (with hidden window)
  • '<SYSTEM32>\sc.exe' stop PcaSvc' (with hidden window)
  • '<SYSTEM32>\sc.exe' config PcaSvc start= disabled' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete PcaSvc' (with hidden window)
  • '<SYSTEM32>\net.exe' stop PcaSvc /y' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='PcaSvc' call stopservice' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='PcaSvc' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'PcaSvc' -Force"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'PcaSvc' -StartupType Disabled"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'PcaSvc'"' (with hidden window)
  • '<SYSTEM32>\sc.exe' stop SysMain' (with hidden window)
  • '<SYSTEM32>\sc.exe' config SysMain start= disabled' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete SysMain' (with hidden window)
  • '<SYSTEM32>\net.exe' stop SysMain /y' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='SysMain' call stopservice' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='SysMain' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'SysMain' -Force"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'SysMain' -StartupType Disabled"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'SysMain'"' (with hidden window)
  • '<SYSTEM32>\sc.exe' stop WSearch' (with hidden window)
  • '<SYSTEM32>\sc.exe' config WSearch start= disabled' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete WSearch' (with hidden window)
  • '<SYSTEM32>\net.exe' stop WSearch /y' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WSearch' call stopservice' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WSearch' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'WSearch' -Force"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'WSearch' -StartupType Disabled"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'WSearch'"' (with hidden window)
  • '<SYSTEM32>\sc.exe' stop WbioSrvc' (with hidden window)
  • '<SYSTEM32>\sc.exe' config WbioSrvc start= disabled' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete WbioSrvc' (with hidden window)
  • '<SYSTEM32>\net.exe' stop WbioSrvc /y' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WbioSrvc' call stopservice' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WbioSrvc' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'WbioSrvc' -Force"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'WbioSrvc' -StartupType Disabled"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'WbioSrvc'"' (with hidden window)
  • '<SYSTEM32>\sc.exe' stop WlanSvc' (with hidden window)
  • '<SYSTEM32>\sc.exe' config WlanSvc start= disabled' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete WlanSvc' (with hidden window)
  • '<SYSTEM32>\net.exe' stop WlanSvc /y' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WlanSvc' call stopservice' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WlanSvc' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'WlanSvc' -Force"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'WlanSvc' -StartupType Disabled"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'WlanSvc'"' (with hidden window)
  • '<SYSTEM32>\sc.exe' stop WwanSvc' (with hidden window)
  • '<SYSTEM32>\sc.exe' config WwanSvc start= disabled' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete WwanSvc' (with hidden window)
  • '<SYSTEM32>\net.exe' stop WwanSvc /y' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WwanSvc' call stopservice' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WwanSvc' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'WwanSvc' -Force"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'WwanSvc' -StartupType Disabled"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'WwanSvc'"' (with hidden window)
  • '<SYSTEM32>\sc.exe' stop WinRM' (with hidden window)
  • '<SYSTEM32>\sc.exe' config WinRM start= disabled' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete WinRM' (with hidden window)
  • '<SYSTEM32>\net.exe' stop WinRM /y' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WinRM' call stopservice' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WinRM' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'WinRM' -Force"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'WinRM' -StartupType Disabled"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'WinRM'"' (with hidden window)
  • '<SYSTEM32>\sc.exe' stop W3SVC' (with hidden window)
  • '<SYSTEM32>\sc.exe' config W3SVC start= disabled' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete W3SVC' (with hidden window)
  • '<SYSTEM32>\net.exe' stop W3SVC /y' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='W3SVC' call stopservice' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='W3SVC' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'W3SVC' -Force"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'W3SVC' -StartupType Disabled"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'W3SVC'"' (with hidden window)
  • '<SYSTEM32>\sc.exe' stop IISADMIN' (with hidden window)
  • '<SYSTEM32>\sc.exe' config IISADMIN start= disabled' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete IISADMIN' (with hidden window)
  • '<SYSTEM32>\net.exe' stop IISADMIN /y' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='IISADMIN' call stopservice' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='IISADMIN' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'IISADMIN' -Force"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'IISADMIN' -StartupType Disabled"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'IISADMIN'"' (with hidden window)
  • '<SYSTEM32>\sc.exe' stop MSMQ' (with hidden window)
  • '<SYSTEM32>\sc.exe' config MSMQ start= disabled' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete MSMQ' (with hidden window)
  • '<SYSTEM32>\net.exe' stop MSMQ /y' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='MSMQ' call stopservice' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='MSMQ' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'MSMQ' -Force"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'MSMQ' -StartupType Disabled"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'MSMQ'"' (with hidden window)
  • '<SYSTEM32>\sc.exe' stop RpcEptMapper' (with hidden window)
  • '<SYSTEM32>\sc.exe' config RpcEptMapper start= disabled' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete RpcEptMapper' (with hidden window)
  • '<SYSTEM32>\net.exe' stop RpcEptMapper /y' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='RpcEptMapper' call stopservice' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='RpcEptMapper' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'RpcEptMapper' -Force"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'RpcEptMapper' -StartupType Disabled"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'RpcEptMapper'"' (with hidden window)

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play
Wechat