Technical Information
- '%TEMP%\nsv5.tmp\ns16.tmp' REG.EXE DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RemoteZilla-Server" /f
- '%TEMP%\nsv5.tmp\ns17.tmp' cmd.exe /C del /P /Q "%TEMP%\RZ.txt"
- '%TEMP%\nsv5.tmp\ns18.tmp' cmd.exe /C RMDIR /S /Q "%TEMP%\RZTmp1"
- '%TEMP%\nsv5.tmp\ns13.tmp' REG.EXE DELETE "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RZ_Service" /f
- '%TEMP%\nsv5.tmp\ns14.tmp' "netsh.exe" firewall delete allowedprogram "<Current directory>\RemoteZilla.exe" ALL
- '%TEMP%\nsv5.tmp\ns15.tmp' "netsh.exe" firewall delete allowedprogram "<Current directory>\RemoteZilla.exe" CURRENT
- '%TEMP%\nsv5.tmp\ns19.tmp' cmd.exe /C RMDIR /S /Q "%TEMP%\RZTmp2"
- '%TEMP%\nsv5.tmp\ns1D.tmp' cmd.exe /C RMDIR /S /Q "%TEMP%\RZTmp2"
- '%TEMP%\nsv5.tmp\ns1E.tmp' cmd.exe /C RMDIR /S /Q "<Current directory>"
- '%TEMP%\nsv5.tmp\ns1F.tmp' cmd.exe /C RMDIR /S /Q "%HOMEPATH%\Local Settings\Temp"
- '%TEMP%\nsv5.tmp\ns1A.tmp' cmd.exe /C RMDIR /S /Q "%HOMEPATH%\Local Settings\Temp"
- '%TEMP%\nsv5.tmp\ns1B.tmp' cmd.exe /C del /P /Q "%TEMP%\RZ.txt"
- '%TEMP%\nsv5.tmp\ns1C.tmp' cmd.exe /C RMDIR /S /Q "%TEMP%\RZTmp1"
- '%TEMP%\nsv5.tmp\ns12.tmp' REG.EXE DELETE "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RZ_Service\Enum" /f
- '%TEMP%\nsv5.tmp\ns8.tmp' "net.exe" stop RZ_Service
- '%TEMP%\nsv5.tmp\ns9.tmp' "tskill.exe" RZHelper
- '%TEMP%\nsv5.tmp\nsA.tmp' "taskkill.exe" /F /IM RZHelper.exe /T
- '%TEMP%\A~ADVANTIGu_.exe' _?=<Current directory>\
- '%TEMP%\nsv5.tmp\ns6.tmp' "sc.exe" delete RZ_Service
- '%TEMP%\nsv5.tmp\ns7.tmp' "sc.exe" delete RZ_CAD
- '%TEMP%\nsv5.tmp\nsB.tmp' "tskill.exe" RemoteZilla
- '%TEMP%\nsv5.tmp\nsF.tmp' REG.EXE DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RZExe" /f
- '%TEMP%\nsv5.tmp\ns10.tmp' REG.EXE DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RZHelper" /f
- '%TEMP%\nsv5.tmp\ns11.tmp' REG.EXE DELETE "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RZ_Service\Security" /f
- '%TEMP%\nsv5.tmp\nsC.tmp' "taskkill.exe" /F /IM RemoteZilla.exe /T
- '%TEMP%\nsv5.tmp\nsD.tmp' REG.EXE DELETE "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\RZ-Hidden" /f
- '%TEMP%\nsv5.tmp\nsE.tmp' REG.EXE DELETE "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\RZ-ShowSuperHidden" /f
- '<SYSTEM32>\reg.exe' DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RZExe" /f
- '<SYSTEM32>\reg.exe' DELETE "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RZHelper" /f
- '<SYSTEM32>\reg.exe' DELETE "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\RZ-Hidden" /f
- '<SYSTEM32>\reg.exe' DELETE "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\RZ-ShowSuperHidden" /f
- '<SYSTEM32>\reg.exe' DELETE "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RZ_Service" /f
- '<SYSTEM32>\reg.exe' DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\RemoteZilla-Server" /f
- '<SYSTEM32>\reg.exe' DELETE "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RZ_Service\Security" /f
- '<SYSTEM32>\reg.exe' DELETE "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RZ_Service\Enum" /f
- '<SYSTEM32>\net.exe' stop RZ_Service
- '<SYSTEM32>\net1.exe' stop RZ_Service
- '<SYSTEM32>\sc.exe' delete RZ_Service
- '<SYSTEM32>\sc.exe' delete RZ_CAD
- '<SYSTEM32>\tskill.exe' RemoteZilla
- '<SYSTEM32>\taskkill.exe' /F /IM RemoteZilla.exe /T
- '<SYSTEM32>\tskill.exe' RZHelper
- '<SYSTEM32>\taskkill.exe' /F /IM RZHelper.exe /T
- %TEMP%\nsv5.tmp\ns16.tmp
- %TEMP%\nsv5.tmp\ns15.tmp
- %TEMP%\nsv5.tmp\ns17.tmp
- <Current directory>\RZ.txt
- %TEMP%\nsv5.tmp\ns12.tmp
- %TEMP%\nsv5.tmp\ns11.tmp
- %TEMP%\nsv5.tmp\ns14.tmp
- %TEMP%\nsv5.tmp\ns13.tmp
- %TEMP%\nsv5.tmp\ns1D.tmp
- %TEMP%\nsv5.tmp\ns1C.tmp
- %TEMP%\nsv5.tmp\ns1F.tmp
- %TEMP%\nsv5.tmp\ns1E.tmp
- %TEMP%\nsv5.tmp\ns19.tmp
- %TEMP%\nsv5.tmp\ns18.tmp
- %TEMP%\nsv5.tmp\ns1B.tmp
- %TEMP%\nsv5.tmp\ns1A.tmp
- %TEMP%\nsv5.tmp\ns6.tmp
- %TEMP%\nsv5.tmp\nsExec.dll
- %TEMP%\nsv5.tmp\ns8.tmp
- %TEMP%\nsv5.tmp\ns7.tmp
- %TEMP%\A~ADVANTIGu_.exe
- %TEMP%\nsj2.tmp
- %TEMP%\RZ.txt
- %TEMP%\nsx4.tmp
- %TEMP%\nsv5.tmp\nsE.tmp
- %TEMP%\nsv5.tmp\nsD.tmp
- %TEMP%\nsv5.tmp\ns10.tmp
- %TEMP%\nsv5.tmp\nsF.tmp
- %TEMP%\nsv5.tmp\nsA.tmp
- %TEMP%\nsv5.tmp\ns9.tmp
- %TEMP%\nsv5.tmp\nsC.tmp
- %TEMP%\nsv5.tmp\nsB.tmp
- %TEMP%\nsv5.tmp\ns17.tmp
- %TEMP%\nsv5.tmp\ns18.tmp
- %TEMP%\nsv5.tmp\ns19.tmp
- %TEMP%\RZ.txt
- %TEMP%\nsv5.tmp\ns15.tmp
- %TEMP%\nsv5.tmp\ns16.tmp
- <Current directory>\RZ.txt
- %TEMP%\nsv5.tmp\ns1D.tmp
- %TEMP%\nsv5.tmp\ns1E.tmp
- %TEMP%\nsv5.tmp\ns1F.tmp
- %TEMP%\nsv5.tmp\ns1C.tmp
- %TEMP%\nsv5.tmp\ns1A.tmp
- %TEMP%\nsv5.tmp\nsExec.dll
- %TEMP%\nsv5.tmp\ns1B.tmp
- %TEMP%\nsv5.tmp\ns14.tmp
- %TEMP%\nsv5.tmp\nsA.tmp
- %TEMP%\nsv5.tmp\nsB.tmp
- %TEMP%\nsv5.tmp\nsC.tmp
- %TEMP%\nsv5.tmp\ns9.tmp
- %TEMP%\nsv5.tmp\ns6.tmp
- %TEMP%\nsv5.tmp\ns7.tmp
- %TEMP%\nsv5.tmp\ns8.tmp
- %TEMP%\nsv5.tmp\ns11.tmp
- %TEMP%\nsv5.tmp\ns12.tmp
- %TEMP%\nsv5.tmp\ns13.tmp
- %TEMP%\nsv5.tmp\ns10.tmp
- %TEMP%\nsv5.tmp\nsD.tmp
- %TEMP%\nsv5.tmp\nsE.tmp
- %TEMP%\nsv5.tmp\nsF.tmp
- ClassName: '(null)' WindowName: '(null)'
- ClassName: 'SysListView32' WindowName: '(null)'
- ClassName: '#32770' WindowName: '(null)'