A product that I use has just installed on my system, without my consent, a liveupdate process that runs on my system every hour, even when I am not using that product.
I don’t know what this liveupdate does. Sure, it might only be wanting to update the program, but it could be doing anything. This could actually be a virus. And even if it was legit, what is it going to do? Start downloading 200+ MB of files every hour if it finds an update? Automatically update the program in the background without my knowledge? God knows what else.
The product installer creates a key hkcusoftwareliveupdate. Under that key is another key with a randomly generated name. In this case, 611dd93a9b5c578be68b17d997792402.
It then adds two run entries, one in startupapproved and one in run.
I can remove all the software, block it in the firewall and add a path rule to stop it running.
But I’d like to automate the removal completely, and that includes the registry keys. How can I retrieve the name of the randomly generated key?
“Reg query hkcusoftwareliveupdate” will give me the key name, but i don’t know how to extract only the last part – the random part – from the result. (via batch)
These are the keys to be removed;
hkcusoftwareliveupdate hkcusoftwareliveupdate611dd93a9b5c578be68b17d997792402 hkcuSoftwareMicrosoftWindowsCurrentVersionExplorerStartupApprovedRun611dd93a9b5c578be68b17d997792402 hkcuSoftwareMicrosoftWindowsCurrentVersionRun611dd93a9b5c578be68b17d997792402