ユーザー向け情報

閉じる

マイライブラリ
マイライブラリ

+ マイライブラリに追加

検索
検索

電話
テクニカルサポート利用方法

問い合わせ

新規お問い合わせ

電話

03-6550-8770

フォーラム(英語)

お問い合わせ履歴

新規お問い合わせ

電話

03-6550-8770

Profile

JP

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
閉じる
サービス
スキャナー
Dr.Web vxCube
トライアル
ウイルスライブラリ
ナレッジベース

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

ニュース

Trojan.MulDrop36.6051

Added to the Dr.Web virus database: 2026-03-02

Virus description added:

Technical Information

Malicious functions
Executes the following
  • '<SYSTEM32>\taskkill.exe' /F /FI "WINDOWTITLE eq OPTIMIZING*"
  • '<SYSTEM32>\taskkill.exe' /F /FI "WINDOWTITLE eq TWEAKING*"
  • '<SYSTEM32>\taskkill.exe' /F /FI "WINDOWTITLE eq BOOSTING*"
  • '<SYSTEM32>\taskkill.exe' /F /FI "WINDOWTITLE eq NETWORK*"
  • '<SYSTEM32>\taskkill.exe' /F /FI "WINDOWTITLE eq MEMORY*"
  • '<SYSTEM32>\taskkill.exe' /F /FI "WINDOWTITLE eq LATENCY*"
  • '<SYSTEM32>\taskkill.exe' /F /FI "WINDOWTITLE eq FPS*"
  • '<SYSTEM32>\taskkill.exe' /F /FI "WINDOWTITLE eq DPC*"
  • '<SYSTEM32>\taskkill.exe' /F /FI "WINDOWTITLE eq INTERRUPT*"
  • '<SYSTEM32>\taskkill.exe' /F /FI "WINDOWTITLE eq REGISTRY*"
  • '<SYSTEM32>\taskkill.exe' /F /FI "WINDOWTITLE eq SERVICE*"
  • '<SYSTEM32>\taskkill.exe' /F /FI "WINDOWTITLE eq POWER*"
  • '<SYSTEM32>\taskkill.exe' /F /FI "WINDOWTITLE eq TIMER*"
  • '<SYSTEM32>\taskkill.exe' /F /FI "WINDOWTITLE eq USB*"
  • '<SYSTEM32>\taskkill.exe' /F /FI "WINDOWTITLE eq STORAGE*"
  • '<SYSTEM32>\taskkill.exe' /F /FI "WINDOWTITLE eq AUDIO*"
  • '<SYSTEM32>\taskkill.exe' /F /FI "WINDOWTITLE eq VISUAL*"
  • '<SYSTEM32>\taskkill.exe' /F /FI "WINDOWTITLE eq DEFENDER*"
  • '<SYSTEM32>\taskkill.exe' /F /FI "WINDOWTITLE eq TELEMETRY*"
  • '<SYSTEM32>\taskkill.exe' /F /FI "WINDOWTITLE eq BLOAT*"
  • '<SYSTEM32>\taskkill.exe' /F /FI "WINDOWTITLE eq NVIDIA*"
  • '<SYSTEM32>\taskkill.exe' /F /FI "WINDOWTITLE eq AMD*"
  • '<SYSTEM32>\taskkill.exe' /F /FI "WINDOWTITLE eq DEVICE*"
  • '<SYSTEM32>\taskkill.exe' /F /FI "WINDOWTITLE eq TCP*"
Launches a large number of processes
Modifies file system
Creates the following files
  • nul
  • <Current directory>\8000hz
  • <Current directory>\9000
Miscellaneous
Searches for the following windows
  • ClassName: '' WindowName: ''
Executes the following
  • '<SYSTEM32>\cmd.exe' /c start "VISUAL_TWEAKER_0" cmd /c "mode con: cols=60 lines=15 && echo [REG] HKLM\System\CurrentControlSet\Control... && echo [REG] Patching 0x4F2A entries in kernel space... && echo [REG] Disa...
  • '<SYSTEM32>\cmd.exe' /c "mode con: cols=60 lines=15 && echo [REG] HKLM\System\CurrentControlSet\Control... && echo [REG] Patching 0x4F2A entries in kernel space... && echo [REG] Disabling UMPO (0xCsEnabled=0)... &&...
  • '<SYSTEM32>\cmd.exe' /c start "REGISTRY_TWEAKER_1" cmd /c "mode con: cols=60 lines=15 && echo [0x7F3A] Injecting kernel hooks... && echo [0x9B2C] Patching NTOSKRNL.EXE offset 0x4A2F1B... && echo [0xE1D4] Modifying ...
  • '<SYSTEM32>\cmd.exe' /c "mode con: cols=60 lines=15 && echo [0x7F3A] Injecting kernel hooks... && echo [0x9B2C] Patching NTOSKRNL.EXE offset 0x4A2F1B... && echo [0xE1D4] Modifying HAL interrupt table... && echo [0x...
  • '<SYSTEM32>\cmd.exe' /c start "BLOAT_REMOVER_2" cmd /c "mode con: cols=60 lines=15 && echo [MEM] Disabling page combining (0x2A4F)... && echo [MEM] Setting DRAM timings: 14-14-14-28-1T... && echo [MEM] Enabling XMP...
  • '<SYSTEM32>\cmd.exe' /c "mode con: cols=60 lines=15 && echo [MEM] Disabling page combining (0x2A4F)... && echo [MEM] Setting DRAM timings: 14-14-14-28-1T... && echo [MEM] Enabling XMP profile 2 (3600MHz)... && echo...
  • '<SYSTEM32>\mode.com' con: cols=60 lines=15
  • '<SYSTEM32>\cmd.exe' /c start "NETWORK_TURBO_3" cmd /c "mode con: cols=60 lines=15 && echo [NV] Patching nvlddmkm.sys driver... && echo [NV] Disabling NVIDIA telemetry container... && echo [NV] Setting power manage...
  • '<SYSTEM32>\cmd.exe' /c "mode con: cols=60 lines=15 && echo [NV] Patching nvlddmkm.sys driver... && echo [NV] Disabling NVIDIA telemetry container... && echo [NV] Setting power management: Prefer maximum... && echo...
  • '<SYSTEM32>\cmd.exe' /c start "TIMER_PRECISION_4" cmd /c "mode con: cols=60 lines=15 && echo [MEM] Disabling page combining (0x2A4F)... && echo [MEM] Setting DRAM timings: 14-14-14-28-1T... && echo [MEM] Enabling X...
  • '<SYSTEM32>\timeout.exe' /t 2 /nobreak
  • '<SYSTEM32>\cmd.exe' /c start "LATENCY_KILLER_5" cmd /c "mode con: cols=60 lines=15 && echo [DPC] Hooking KeInsertQueueDpc... && echo [DPC] ISR latency target: <1us... && echo [DPC] Patching timer resolution to 0.5...
  • '<SYSTEM32>\cmd.exe' /c "mode con: cols=60 lines=15 && echo [DPC] Hooking KeInsertQueueDpc... && echo [DPC] ISR latency target: <1us... && echo [DPC] Patching timer resolution to 0.5ms... && echo [DPC] Disabling wa...
  • '<SYSTEM32>\cmd.exe' /c start "FPS_BOOSTER_6" cmd /c "mode con: cols=60 lines=15 && echo [REG] HKLM\System\CurrentControlSet\Control... && echo [REG] Patching 0x4F2A entries in kernel space... && echo [REG] Disabli...
  • '<SYSTEM32>\cmd.exe' /c start "POWER_MAXIMIZER_7" cmd /c "mode con: cols=60 lines=15 && echo [USB] Disabling power management on all hubs... && echo [USB] Setting xHCI interrupt moderation: 0... && echo [USB] Polli...
  • '<SYSTEM32>\cmd.exe' /c "mode con: cols=60 lines=15 && echo [USB] Disabling power management on all hubs... && echo [USB] Setting xHCI interrupt moderation: 0... && echo [USB] Polling rate override: 1000Hz -> 8000H...
  • '<SYSTEM32>\cmd.exe' /c start "NVIDIA_TWEAK_8" cmd /c "mode con: cols=60 lines=15 && echo [CPU] Disabling C-States: C1E, C3, C6, C7, C8... && echo [CPU] Setting turbo ratio limits to 0xFF... && echo [CPU] Unlocking...
  • '<SYSTEM32>\cmd.exe' /c "mode con: cols=60 lines=15 && echo [CPU] Disabling C-States: C1E, C3, C6, C7, C8... && echo [CPU] Setting turbo ratio limits to 0xFF... && echo [CPU] Unlocking MSR 0x1FC (power limits)... &...
  • '<SYSTEM32>\cmd.exe' /c start "BOOSTING_CPU_9" cmd /c "mode con: cols=60 lines=15 && echo [TEL] Blocking telemetry endpoints (47 hosts)... && echo [TEL] Disabling DiagTrack service... && echo [TEL] Removing CompatT...
  • '<SYSTEM32>\cmd.exe' /c "mode con: cols=60 lines=15 && echo [TEL] Blocking telemetry endpoints (47 hosts)... && echo [TEL] Disabling DiagTrack service... && echo [TEL] Removing CompatTelRunner.exe... && echo [TEL] ...
  • '<SYSTEM32>\cmd.exe' /c start "VISUAL_TWEAKER_10" cmd /c "mode con: cols=60 lines=15 && echo [MEM] Disabling page combining (0x2A4F)... && echo [MEM] Setting DRAM timings: 14-14-14-28-1T... && echo [MEM] Enabling X...
  • '<SYSTEM32>\cmd.exe' /c start "BOOSTING_CPU_11" cmd /c "mode con: cols=60 lines=15 && echo [AUD] Setting audio buffer: 32 samples (0.67ms)... && echo [AUD] Disabling audio enhancements... && echo [AUD] Exclusive mo...
  • '<SYSTEM32>\cmd.exe' /c "mode con: cols=60 lines=15 && echo [AUD] Setting audio buffer: 32 samples (0.67ms)... && echo [AUD] Disabling audio enhancements... && echo [AUD] Exclusive mode: enabled... && echo [AUD] Sa...
  • '<SYSTEM32>\cmd.exe' /c start "DEFENDER_DISABLE_12" cmd /c "mode con: cols=60 lines=15 && echo [CPU] Disabling C-States: C1E, C3, C6, C7, C8... && echo [CPU] Setting turbo ratio limits to 0xFF... && echo [CPU] Unlo...
  • '<SYSTEM32>\cmd.exe' /c start "AMD_OPTIMIZER_13" cmd /c "mode con: cols=60 lines=15 && echo [TEL] Blocking telemetry endpoints (47 hosts)... && echo [TEL] Disabling DiagTrack service... && echo [TEL] Removing Compa...
  • '<SYSTEM32>\cmd.exe' /c start "TELEMETRY_KILL_14" cmd /c "mode con: cols=60 lines=15 && echo [DEF] Terminating MsMpEng.exe (PID: 1847)... && echo [DEF] Disabling real-time protection... && echo [DEF] Removing WinDe...
  • '<SYSTEM32>\cmd.exe' /c "mode con: cols=60 lines=15 && echo [DEF] Terminating MsMpEng.exe (PID: 1847)... && echo [DEF] Disabling real-time protection... && echo [DEF] Removing WinDefend service... && echo [DEF] Pat...
  • '<SYSTEM32>\cmd.exe' /c start "DEVICE_TUNER_15" cmd /c "mode con: cols=60 lines=15 && echo [IRQ] Mapping IRQ affinity to core 0-7... && echo [IRQ] Setting interrupt priority: 0x1F (highest)... && echo [IRQ] Disabli...
  • '<SYSTEM32>\cmd.exe' /c "mode con: cols=60 lines=15 && echo [IRQ] Mapping IRQ affinity to core 0-7... && echo [IRQ] Setting interrupt priority: 0x1F (highest)... && echo [IRQ] Disabling IRQ coalescing... && echo [I...
  • '<SYSTEM32>\cmd.exe' /c start "AMD_OPTIMIZER_16" cmd /c "mode con: cols=60 lines=15 && echo [NV] Patching nvlddmkm.sys driver... && echo [NV] Disabling NVIDIA telemetry container... && echo [NV] Setting power manag...
  • '<SYSTEM32>\cmd.exe' /c start "BLOAT_REMOVER_17" cmd /c "mode con: cols=60 lines=15 && echo [SSD] Enabling TRIM on all partitions... && echo [SSD] Disabling 8.3 filename creation... && echo [SSD] Setting NVMe queue...
  • '<SYSTEM32>\cmd.exe' /c "mode con: cols=60 lines=15 && echo [SSD] Enabling TRIM on all partitions... && echo [SSD] Disabling 8.3 filename creation... && echo [SSD] Setting NVMe queue depth: 256... && echo [SSD] Dis...
  • '<SYSTEM32>\cmd.exe' /c start "DEFENDER_DISABLE_18" cmd /c "mode con: cols=60 lines=15 && echo [AMD] Patching amdkmdag.sys driver... && echo [AMD] Disabling ULPS (Ultra Low Power State)... && echo [AMD] Setting TDP...
  • '<SYSTEM32>\cmd.exe' /c "mode con: cols=60 lines=15 && echo [AMD] Patching amdkmdag.sys driver... && echo [AMD] Disabling ULPS (Ultra Low Power State)... && echo [AMD] Setting TDP limit: 300W... && echo [AMD] Disab...
  • '<SYSTEM32>\cmd.exe' /c start "SERVICE_OPTIMIZER_19" cmd /c "mode con: cols=60 lines=15 && echo [VFX] Disabling DWM composition... && echo [VFX] Setting visual effects: performance mode... && echo [VFX] Disabling t...
  • '<SYSTEM32>\cmd.exe' /c "mode con: cols=60 lines=15 && echo [VFX] Disabling DWM composition... && echo [VFX] Setting visual effects: performance mode... && echo [VFX] Disabling transparency effects... && echo [VFX]...
  • '<SYSTEM32>\cmd.exe' /c start "NETWORK_TURBO_20" cmd /c "mode con: cols=60 lines=15 && echo [USB] Disabling power management on all hubs... && echo [USB] Setting xHCI interrupt moderation: 0... && echo [USB] Pollin...
  • '<SYSTEM32>\cmd.exe' /c start "DEVICE_TUNER_21" cmd /c "mode con: cols=60 lines=15 && echo [AUD] Setting audio buffer: 32 samples (0.67ms)... && echo [AUD] Disabling audio enhancements... && echo [AUD] Exclusive mo...
  • '<SYSTEM32>\cmd.exe' /c start "NETWORK_STACK_22" cmd /c "mode con: cols=60 lines=15 && echo [MEM] Disabling page combining (0x2A4F)... && echo [MEM] Setting DRAM timings: 14-14-14-28-1T... && echo [MEM] Enabling XM...
  • '<SYSTEM32>\cmd.exe' /c start "VISUAL_TWEAKER_23" cmd /c "mode con: cols=60 lines=15 && echo [USB] Disabling power management on all hubs... && echo [USB] Setting xHCI interrupt moderation: 0... && echo [USB] Polli...
  • '<SYSTEM32>\cmd.exe' /c start "NETWORK_TURBO_24" cmd /c "mode con: cols=60 lines=15 && echo [SVC] Terminating DiagTrack.dll injection... && echo [SVC] Disabling 43 unnecessary services... && echo [SVC] Killing tele...
  • '<SYSTEM32>\cmd.exe' /c "mode con: cols=60 lines=15 && echo [SVC] Terminating DiagTrack.dll injection... && echo [SVC] Disabling 43 unnecessary services... && echo [SVC] Killing telemetry processes (PID: 2847, 3921...
  • '<SYSTEM32>\cmd.exe' /c start "DEVICE_TUNER_25" cmd /c "mode con: cols=60 lines=15 && echo [MEM] Disabling page combining (0x2A4F)... && echo [MEM] Setting DRAM timings: 14-14-14-28-1T... && echo [MEM] Enabling XMP...
  • '<SYSTEM32>\cmd.exe' /c start "TIMER_PRECISION_26" cmd /c "mode con: cols=60 lines=15 && echo [BLT] Removing preinstalled apps (38 found)... && echo [BLT] Uninstalling Cortana integration... && echo [BLT] Disabling...
  • '<SYSTEM32>\cmd.exe' /c "mode con: cols=60 lines=15 && echo [BLT] Removing preinstalled apps (38 found)... && echo [BLT] Uninstalling Cortana integration... && echo [BLT] Disabling Windows Store auto-updates... && ...
  • '<SYSTEM32>\cmd.exe' /c start "TIMER_PRECISION_27" cmd /c "mode con: cols=60 lines=15 && echo [AMD] Patching amdkmdag.sys driver... && echo [AMD] Disabling ULPS (Ultra Low Power State)... && echo [AMD] Setting TDP ...
  • '<SYSTEM32>\cmd.exe' /c start "NETWORK_STACK_28" cmd /c "mode con: cols=60 lines=15 && echo [GPU] Setting P-State override to 0x0F... && echo [GPU] Disabling power gating on CU 0-63... && echo [GPU] Forcing max clo...
  • '<SYSTEM32>\cmd.exe' /c "mode con: cols=60 lines=15 && echo [GPU] Setting P-State override to 0x0F... && echo [GPU] Disabling power gating on CU 0-63... && echo [GPU] Forcing max clock: 2850MHz core / 9500MHz mem.....
  • '<SYSTEM32>\cmd.exe' /c start "MEMORY_OPTIMIZER_29" cmd /c "mode con: cols=60 lines=15 && echo [NV] Patching nvlddmkm.sys driver... && echo [NV] Disabling NVIDIA telemetry container... && echo [NV] Setting power ma...
  • '<SYSTEM32>\cmd.exe' /c start "VISUAL_TWEAKER_30" cmd /c "mode con: cols=60 lines=15 && echo [DEF] Terminating MsMpEng.exe (PID: 1847)... && echo [DEF] Disabling real-time protection... && echo [DEF] Removing WinDe...
  • '<SYSTEM32>\cmd.exe' /c start "AUDIO_OPTIMIZER_31" cmd /c "mode con: cols=60 lines=15 && echo [CPU] Disabling C-States: C1E, C3, C6, C7, C8... && echo [CPU] Setting turbo ratio limits to 0xFF... && echo [CPU] Unloc...
  • '<SYSTEM32>\cmd.exe' /c start "USB_ACCELERATOR_32" cmd /c "mode con: cols=60 lines=15 && echo [IRQ] Mapping IRQ affinity to core 0-7... && echo [IRQ] Setting interrupt priority: 0x1F (highest)... && echo [IRQ] Disa...
  • '<SYSTEM32>\cmd.exe' /c start "AUDIO_OPTIMIZER_33" cmd /c "mode con: cols=60 lines=15 && echo [CPU] Disabling C-States: C1E, C3, C6, C7, C8... && echo [CPU] Setting turbo ratio limits to 0xFF... && echo [CPU] Unloc...
  • '<SYSTEM32>\cmd.exe' /c start "STORAGE_BOOST_34" cmd /c "mode con: cols=60 lines=15 && echo [SVC] Terminating DiagTrack.dll injection... && echo [SVC] Disabling 43 unnecessary services... && echo [SVC] Killing tele...
  • '<SYSTEM32>\cmd.exe' /c start "AMD_OPTIMIZER_35" cmd /c "mode con: cols=60 lines=15 && echo [DPC] Hooking KeInsertQueueDpc... && echo [DPC] ISR latency target: <1us... && echo [DPC] Patching timer resolution to 0.5...
  • '<SYSTEM32>\cmd.exe' /c start "AUDIO_OPTIMIZER_36" cmd /c "mode con: cols=60 lines=15 && echo [PWR] Unlocking power plan limits... && echo [PWR] Disabling ASPM L0s/L1 states... && echo [PWR] Setting processor state...
  • '<SYSTEM32>\cmd.exe' /c "mode con: cols=60 lines=15 && echo [PWR] Unlocking power plan limits... && echo [PWR] Disabling ASPM L0s/L1 states... && echo [PWR] Setting processor state: 100% min/max... && echo [PWR] Tu...
  • '<SYSTEM32>\cmd.exe' /c start "NVIDIA_TWEAK_37" cmd /c "mode con: cols=60 lines=15 && echo [TMR] Setting HPET to 14.31818MHz... && echo [TMR] Disabling dynamic tick (tickless kernel)... && echo [TMR] TSC sync polic...
  • '<SYSTEM32>\cmd.exe' /c "mode con: cols=60 lines=15 && echo [TMR] Setting HPET to 14.31818MHz... && echo [TMR] Disabling dynamic tick (tickless kernel)... && echo [TMR] TSC sync policy: Enhanced... && echo [TMR] Qu...
  • '<SYSTEM32>\cmd.exe' /c start "FPS_BOOSTER_38" cmd /c "mode con: cols=60 lines=15 && echo [GPU] Setting P-State override to 0x0F... && echo [GPU] Disabling power gating on CU 0-63... && echo [GPU] Forcing max clock...
  • '<SYSTEM32>\cmd.exe' /c start "TELEMETRY_KILL_39" cmd /c "mode con: cols=60 lines=15 && echo [SVC] Terminating DiagTrack.dll injection... && echo [SVC] Disabling 43 unnecessary services... && echo [SVC] Killing tel...
  • '<SYSTEM32>\cmd.exe' /c start "MEMORY_OPTIMIZER_40" cmd /c "mode con: cols=60 lines=15 && echo [NET] Setting TCP window scaling factor: 8... && echo [NET] Disabling Nagle algorithm (RFC 896)... && echo [NET] MTU op...
  • '<SYSTEM32>\cmd.exe' /c "mode con: cols=60 lines=15 && echo [NET] Setting TCP window scaling factor: 8... && echo [NET] Disabling Nagle algorithm (RFC 896)... && echo [NET] MTU optimization: 1500 -> 9000 (jumbo)......
  • '<SYSTEM32>\cmd.exe' /c start "REGISTRY_TWEAKER_41" cmd /c "mode con: cols=60 lines=15 && echo [VFX] Disabling DWM composition... && echo [VFX] Setting visual effects: performance mode... && echo [VFX] Disabling tr...
  • '<SYSTEM32>\cmd.exe' /c start "FPS_BOOSTER_42" cmd /c "mode con: cols=60 lines=15 && echo [0x7F3A] Injecting kernel hooks... && echo [0x9B2C] Patching NTOSKRNL.EXE offset 0x4A2F1B... && echo [0xE1D4] Modifying HAL ...
  • '<SYSTEM32>\cmd.exe' /c start "VISUAL_TWEAKER_43" cmd /c "mode con: cols=60 lines=15 && echo [TEL] Blocking telemetry endpoints (47 hosts)... && echo [TEL] Disabling DiagTrack service... && echo [TEL] Removing Comp...
  • '<SYSTEM32>\cmd.exe' /c start "FPS_BOOSTER_44" cmd /c "mode con: cols=60 lines=15 && echo [SVC] Terminating DiagTrack.dll injection... && echo [SVC] Disabling 43 unnecessary services... && echo [SVC] Killing teleme...
  • '<SYSTEM32>\cmd.exe' /c start "BLOAT_REMOVER_45" cmd /c "mode con: cols=60 lines=15 && echo [AMD] Patching amdkmdag.sys driver... && echo [AMD] Disabling ULPS (Ultra Low Power State)... && echo [AMD] Setting TDP li...
  • '<SYSTEM32>\cmd.exe' /c start "TWEAKING_GPU_46" cmd /c "mode con: cols=60 lines=15 && echo [NET] Setting TCP window scaling factor: 8... && echo [NET] Disabling Nagle algorithm (RFC 896)... && echo [NET] MTU optimi...
  • '<SYSTEM32>\cmd.exe' /c start "TIMER_PRECISION_47" cmd /c "mode con: cols=60 lines=15 && echo [NV] Patching nvlddmkm.sys driver... && echo [NV] Disabling NVIDIA telemetry container... && echo [NV] Setting power man...
  • '<SYSTEM32>\cmd.exe' /c start "TELEMETRY_KILL_48" cmd /c "mode con: cols=60 lines=15 && echo [CPU] Disabling C-States: C1E, C3, C6, C7, C8... && echo [CPU] Setting turbo ratio limits to 0xFF... && echo [CPU] Unlock...
  • '<SYSTEM32>\cmd.exe' /c start "MEMORY_OPTIMIZER_49" cmd /c "mode con: cols=60 lines=15 && echo [GPU] Setting P-State override to 0x0F... && echo [GPU] Disabling power gating on CU 0-63... && echo [GPU] Forcing max ...
  • '<SYSTEM32>\cmd.exe' /c taskkill /F /FI "WINDOWTITLE eq OPTIMIZING*" >nul 2>&1
  • '<SYSTEM32>\cmd.exe' /c taskkill /F /FI "WINDOWTITLE eq TWEAKING*" >nul 2>&1
  • '<SYSTEM32>\cmd.exe' /c taskkill /F /FI "WINDOWTITLE eq BOOSTING*" >nul 2>&1
  • '<SYSTEM32>\cmd.exe' /c taskkill /F /FI "WINDOWTITLE eq NETWORK*" >nul 2>&1
  • '<SYSTEM32>\cmd.exe' /c taskkill /F /FI "WINDOWTITLE eq MEMORY*" >nul 2>&1
  • '<SYSTEM32>\cmd.exe' /c taskkill /F /FI "WINDOWTITLE eq LATENCY*" >nul 2>&1
  • '<SYSTEM32>\cmd.exe' /c taskkill /F /FI "WINDOWTITLE eq FPS*" >nul 2>&1
  • '<SYSTEM32>\cmd.exe' /c taskkill /F /FI "WINDOWTITLE eq DPC*" >nul 2>&1
  • '<SYSTEM32>\cmd.exe' /c taskkill /F /FI "WINDOWTITLE eq INTERRUPT*" >nul 2>&1
  • '<SYSTEM32>\cmd.exe' /c taskkill /F /FI "WINDOWTITLE eq REGISTRY*" >nul 2>&1
  • '<SYSTEM32>\cmd.exe' /c taskkill /F /FI "WINDOWTITLE eq SERVICE*" >nul 2>&1
  • '<SYSTEM32>\cmd.exe' /c taskkill /F /FI "WINDOWTITLE eq POWER*" >nul 2>&1
  • '<SYSTEM32>\cmd.exe' /c taskkill /F /FI "WINDOWTITLE eq TIMER*" >nul 2>&1
  • '<SYSTEM32>\cmd.exe' /c taskkill /F /FI "WINDOWTITLE eq USB*" >nul 2>&1
  • '<SYSTEM32>\cmd.exe' /c taskkill /F /FI "WINDOWTITLE eq STORAGE*" >nul 2>&1
  • '<SYSTEM32>\cmd.exe' /c taskkill /F /FI "WINDOWTITLE eq AUDIO*" >nul 2>&1
  • '<SYSTEM32>\cmd.exe' /c taskkill /F /FI "WINDOWTITLE eq VISUAL*" >nul 2>&1
  • '<SYSTEM32>\cmd.exe' /c taskkill /F /FI "WINDOWTITLE eq DEFENDER*" >nul 2>&1
  • '<SYSTEM32>\cmd.exe' /c taskkill /F /FI "WINDOWTITLE eq TELEMETRY*" >nul 2>&1
  • '<SYSTEM32>\cmd.exe' /c taskkill /F /FI "WINDOWTITLE eq BLOAT*" >nul 2>&1
  • '<SYSTEM32>\cmd.exe' /c taskkill /F /FI "WINDOWTITLE eq NVIDIA*" >nul 2>&1
  • '<SYSTEM32>\cmd.exe' /c taskkill /F /FI "WINDOWTITLE eq AMD*" >nul 2>&1
  • '<SYSTEM32>\cmd.exe' /c taskkill /F /FI "WINDOWTITLE eq DEVICE*" >nul 2>&1
  • '<SYSTEM32>\cmd.exe' /c taskkill /F /FI "WINDOWTITLE eq TCP*" >nul 2>&1
  • '<SYSTEM32>\bcdedit.exe' /set disabledynamictick yes
  • '<SYSTEM32>\bcdedit.exe' /set useplatformtick yes
  • '<SYSTEM32>\bcdedit.exe' /set useplatformclock no
  • '<SYSTEM32>\bcdedit.exe' /set tscsyncpolicy enhanced
  • '<SYSTEM32>\bcdedit.exe' /timeout 0
  • '<SYSTEM32>\bcdedit.exe' /set bootux disabled
  • '<SYSTEM32>\bcdedit.exe' /set quietboot yes
  • '<SYSTEM32>\bcdedit.exe' /set nx AlwaysOff
  • '<SYSTEM32>\fsutil.exe' behavior set disable8dot3 1
  • '<SYSTEM32>\fsutil.exe' behavior set disablelastaccess 1
  • '<SYSTEM32>\fsutil.exe' behavior set memoryusage 2
  • '<SYSTEM32>\fsutil.exe' behavior set disableencryption 1
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Disable-MMAgent -MemoryCompression"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Disable-MMAgent -PageCombining"
  • '<SYSTEM32>\powercfg.exe' /h off
  • '<SYSTEM32>\sc.exe' config XblGameSave start=demand
  • '<SYSTEM32>\sc.exe' config XboxGipSvc start=demand
  • '<SYSTEM32>\sc.exe' config XboxNetApiSvc start=demand
  • '<SYSTEM32>\sc.exe' config XblAuthManager start=demand
  • '<SYSTEM32>\sc.exe' config DiagTrack start=demand
  • '<SYSTEM32>\sc.exe' config dmwappushservice start=demand
  • '<SYSTEM32>\sc.exe' config TabletInputService start=demand
  • '<SYSTEM32>\sc.exe' config WerSvc start=demand
  • '<SYSTEM32>\bcdedit.exe' /set disabledynamictick yes' (with hidden window)
  • '<SYSTEM32>\bcdedit.exe' /set useplatformtick yes' (with hidden window)
  • '<SYSTEM32>\bcdedit.exe' /set useplatformclock no' (with hidden window)
  • '<SYSTEM32>\bcdedit.exe' /set tscsyncpolicy enhanced' (with hidden window)
  • '<SYSTEM32>\bcdedit.exe' /timeout 0' (with hidden window)
  • '<SYSTEM32>\bcdedit.exe' /set bootux disabled' (with hidden window)
  • '<SYSTEM32>\bcdedit.exe' /set quietboot yes' (with hidden window)
  • '<SYSTEM32>\bcdedit.exe' /set nx AlwaysOff' (with hidden window)
  • '<SYSTEM32>\fsutil.exe' behavior set disable8dot3 1' (with hidden window)
  • '<SYSTEM32>\fsutil.exe' behavior set disablelastaccess 1' (with hidden window)
  • '<SYSTEM32>\fsutil.exe' behavior set memoryusage 2' (with hidden window)
  • '<SYSTEM32>\fsutil.exe' behavior set disableencryption 1' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Disable-MMAgent -MemoryCompression"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Disable-MMAgent -PageCombining"' (with hidden window)
  • '<SYSTEM32>\powercfg.exe' /h off' (with hidden window)
  • '<SYSTEM32>\sc.exe' config XblGameSave start=demand' (with hidden window)
  • '<SYSTEM32>\sc.exe' config XboxGipSvc start=demand' (with hidden window)
  • '<SYSTEM32>\sc.exe' config XboxNetApiSvc start=demand' (with hidden window)
  • '<SYSTEM32>\sc.exe' config XblAuthManager start=demand' (with hidden window)
  • '<SYSTEM32>\sc.exe' config DiagTrack start=demand' (with hidden window)
  • '<SYSTEM32>\sc.exe' config dmwappushservice start=demand' (with hidden window)
  • '<SYSTEM32>\sc.exe' config TabletInputService start=demand' (with hidden window)
  • '<SYSTEM32>\sc.exe' config WerSvc start=demand' (with hidden window)

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play