Remove a registry key when it has a random name

windows-registry random

A product that I use has just installed on my system, without my consent, a liveupdate process that runs on my system every hour, even when I am not using that product.

I don't know what this liveupdate does. Sure, it might only be wanting to update the program, but it could be doing anything. This could actually be a virus. And even if it was legit, what is it going to do? Start downloading 200+ MB of files every hour if it finds an update? Automatically update the program in the background without my knowledge? God knows what else.

The product installer creates a key hkcu\software\liveupdate. Under that key is another key with a randomly generated name. In this case, 611dd93a9b5c578be68b17d997792402.

It then adds two run entries, one in startupapproved and one in run.

I can remove all the software, block it in the firewall and add a path rule to stop it running.

But I'd like to automate the removal completely, and that includes the registry keys. How can I retrieve the name of the randomly generated key?

"Reg query hkcu\software\liveupdate" will give me the key name, but i don't know how to extract only the last part - the random part - from the result. (via batch)

These are the keys to be removed;

hkcu\software\liveupdate
hkcu\software\liveupdate\611dd93a9b5c578be68b17d997792402
hkcu\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\611dd93a9b5c578be68b17d997792402
hkcu\Software\Microsoft\Windows\CurrentVersion\Run\611dd93a9b5c578be68b17d997792402

This would get the name of the key into a variable called KeyName:

for /f "Delims=" %%a in ('reg query hkcu\software\liveupdate') do set "KeyName=%%~nxa"

So the batch could be something like this:

@echo off

for /f "Delims=" %%a in ('reg query hkcu\software\liveupdate') do set "KeyName=%%~nxa"

reg delete "hkcu\software\liveupdate" /f
reg delete "hkcu\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run" /v "%KeyName%" /f
reg delete "hkcu\Software\Microsoft\Windows\CurrentVersion\Run" /v "%KeyName%" /f

Related

How can I restore a Google Chrome URL-bar suggestion I accidentally removed?
How can I fix my USB keyboard that keeps on chattering whenever I plugged in my laptop to its charger?
Slow computer processing
Use ffmpeg to render out only single Y-channel - either alpha or grayscale
Get file name by CMD
Huh an empty folder that containers 42.8 GB?
Had to reinstall Windows 10 but didn't write down the license key, what are my options? [duplicate]
How to locate Matlab installation?
Windows Explorer error, while open any folder
Which Gentoo ebuild provide phpize binary?
Pinpoint cause of sluggish computer
How can i embed my OpenSSL certificate in Firefox?