Remove a registry key when it has a random name
A product that I use has just installed on my system, without my consent, a liveupdate process that runs on my system every hour, even when I am not using that product.
I don't know what this liveupdate does. Sure, it might only be wanting to update the program, but it could be doing anything. This could actually be a virus. And even if it was legit, what is it going to do? Start downloading 200+ MB of files every hour if it finds an update? Automatically update the program in the background without my knowledge? God knows what else.
The product installer creates a key hkcu\software\liveupdate. Under that key is another key with a randomly generated name. In this case, 611dd93a9b5c578be68b17d997792402.
It then adds two run entries, one in startupapproved and one in run.
I can remove all the software, block it in the firewall and add a path rule to stop it running.
But I'd like to automate the removal completely, and that includes the registry keys. How can I retrieve the name of the randomly generated key?
"Reg query hkcu\software\liveupdate" will give me the key name, but i don't know how to extract only the last part - the random part - from the result. (via batch)
These are the keys to be removed;
hkcu\software\liveupdate
hkcu\software\liveupdate\611dd93a9b5c578be68b17d997792402
hkcu\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\611dd93a9b5c578be68b17d997792402
hkcu\Software\Microsoft\Windows\CurrentVersion\Run\611dd93a9b5c578be68b17d997792402
This would get the name of the key into a variable called KeyName:
for /f "Delims=" %%a in ('reg query hkcu\software\liveupdate') do set "KeyName=%%~nxa"
So the batch could be something like this:
@echo off
for /f "Delims=" %%a in ('reg query hkcu\software\liveupdate') do set "KeyName=%%~nxa"
reg delete "hkcu\software\liveupdate" /f
reg delete "hkcu\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /v "%KeyName%" /f
reg delete "hkcu\Software\Microsoft\Windows\CurrentVersion\Run" /v "%KeyName%" /f