Dropper-FAG!BE84ADCA5C9F (McAfee); PAK:PE_Patch (Kaspersky); Trojan.Win32.Generic!BT (Sunbelt); Gen:Variant.Kazy.31861 (FSecure)

 Plataforma:

Windows 2000, Windows XP, Windows Server 2003

 Classificao do risco total:
 Potencial de dano:
 Potencial de distribuição:
 infecção relatada:
Baixo
Medium
Alto
Crítico

  • Tipo de grayware:
    Trojan

  • Destrutivo:
    Não

  • Criptografado:
     

  • In the Wild:
    Sim

  Visão geral

Löscht Dateien, so dass Programme und Anwendungen nicht ordnungsgemäß ausgeführt werden.

Löscht sich nach der Ausführung selbst.

  Detalhes técnicos

Tipo de compactação: 137,216 bytes
Tipo de arquivo: EXE
Residente na memória: Sim
Data de recebimento das amostras iniciais: 03 abril 2012

Autostart-Technik

Registriert sich als Systemdienst, damit die Ausführung bei jedem Systemstart automatisch erfolgt, indem die folgenden Registrierungsschlüssel hinzufügt werden:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaieSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynaSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynbSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsyncSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsyndSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsyneSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynfSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsyngSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynhSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsyniSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynjSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynkSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynlSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynmSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynnSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynoSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynpSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynqSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynrSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynsSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsyntSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynuSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynvSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynwSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynxSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynySvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynzSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\XsynaSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\XsynbSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\XsyncSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\XsyndSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\XsyneSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\XsynfSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\XsyngSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\XsynhSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\XsyniSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\XsynjSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\XsynkSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\XsynlSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\XsynmSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\XsynnSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\XsynoSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\XsynpSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakaSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakbSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakcSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakdSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakeSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakfSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakgSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakhSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakiSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakjSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakkSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaklSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakmSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaknSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakoSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakpSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakqSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakrSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaksSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaktSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakuSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakvSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakwSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakxSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakySvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakzSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WalaSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WalbSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WalcSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaldSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaleSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WalfSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WalgSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WalhSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaliSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaljSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WalkSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WallSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WalmSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WalnSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaloSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WalpSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WalqSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WalrSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WalsSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaltSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaluSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WalvSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WalwSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WalxSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WalySvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WalzSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamaSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WambSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamcSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamdSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WameSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamfSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamhSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamiSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamjSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamkSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamlSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WammSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamnSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamoSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WampSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamqSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamrSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamsSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamtSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamuSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamvSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamwSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamxSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamySvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamzSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WanaSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WanbSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WancSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WandSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaneSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WanfSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WangSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WanhSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaniSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WanjSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WankSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WanlSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WanmSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WannSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WanoSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WanpSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WanqSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WanrSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WansSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WantSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WanuSvc

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WanvSvc

Andere Systemänderungen

Löscht die folgenden Dateien:

  • %Windows%\Microsoft.NET\Framework\v2.0.50727\config\security.config.cch.280.38718
  • %Windows%\Microsoft.NET\Framework\v2.0.50727\config\enterprisesec.config.cch.280.38718
  • %User Profile%\v2.0.50727.42\security.config.cch.280.39359

(Hinweis: %Windows% ist der Windows Ordner, normalerweise C:\Windows oder C:\WINNT.. %User Profile% ist der Ordner für Benutzerprofile des aktuellen Benutzers, normalerweise C:\Windows\Profile\{Benutzername} unter Windows 98 und ME, C:\WINNT\Profile\{Benutzername} unter Windows NT und C:\Dokumente und Einstellungen\{Benutzername} unter Windows 2000, XP und Server 2003.)

Fügt die folgenden Registrierungsschlüssel hinzu:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\Eventlog\Application\
Service1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
ESENT\Process\lib32wanw

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
ESENT\Process\lib32wanw\
DEBUG

Fügt die folgenden Registrierungseinträge hinzu:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\WanwSvc
Description = "{random characters}"

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\WanwSvc
FailureActions = "{random values}"

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\Eventlog\Application\
Service1
EventMessageFile = "%Windows%\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll"

Ändert die folgenden Registrierungseinträge:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\Eventlog\Application
Sources = "{random characters}"

(Note: The default value data of the said registry entry is {random values}.)

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\Eventlog\Application\
ESENT
EventMessageFile = "%System%\ESENT.dll"

(Note: The default value data of the said registry entry is {random values}.)

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\Eventlog\Application\
ESENT
CategoryMessageFile = "%System%\ESENT.dll"

(Note: The default value data of the said registry entry is {random values}.)

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\Eventlog\Application\
ESENT
CategoryCount = "1"

(Note: The default value data of the said registry entry is 10.)

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\Eventlog\Application\
ESENT
TypesSupported = "7"

(Note: The default value data of the said registry entry is 7.)

Andere Details

Löscht sich nach der Ausführung selbst.

  Solução

Mecanismo de varredura mínima: 9.200

Step 1

Für Windows ME und XP Benutzer: Stellen Sie vor einer Suche sicher, dass die Systemwiederherstellung deaktiviert ist, damit der gesamte Computer durchsucht werden kann.

Step 2

Im abgesicherten Modus neu starten

[ Saber mais ]

Step 3

Diesen Registrierungsschlüssel löschen

[ Saber mais ]

Wichtig: Eine nicht ordnungsgemäße Bearbeitung der Windows Registrierung kann zu einer dauerhaften Fehlfunktion des Systems führen. Führen Sie diesen Schritt nur durch, wenn Sie mit der Vorgehensweise vertraut sind oder wenn Sie Ihren Systemadministrator um Unterstützung bitten können. Lesen Sie ansonsten zuerst diesen Microsoft Artikel, bevor Sie die Registrierung Ihres Computers ändern.

  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WaieSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WsynaSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WsynbSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WsyncSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WsyndSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WsyneSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WsynfSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WsyngSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WsynhSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WsyniSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WsynjSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WsynkSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WsynlSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WsynmSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WsynnSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WsynoSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WsynpSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WsynqSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WsynrSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WsynsSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WsyntSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WsynuSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WsynvSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WsynwSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WsynxSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WsynySvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WsynzSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • XsynaSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • XsynbSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • XsyncSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • XsyndSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • XsyneSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • XsynfSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • XsyngSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • XsynhSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • XsyniSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • XsynjSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • XsynkSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • XsynlSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • XsynmSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • XsynnSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • XsynoSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • XsynpSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WakaSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WakbSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WakcSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WakdSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WakeSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WakfSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WakgSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WakhSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WakiSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WakjSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WakkSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WaklSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WakmSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WaknSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WakoSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WakpSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WakqSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WakrSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WaksSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WaktSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WakuSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WakvSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WakwSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WakxSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WakySvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WakzSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WalaSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WalbSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WalcSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WaldSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WaleSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WalfSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WalgSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WalhSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WaliSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WaljSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WalkSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WallSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WalmSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WalnSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WaloSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WalpSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WalqSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WalrSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WalsSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WaltSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WaluSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WalvSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WalwSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WalxSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WalySvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WalzSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WamaSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WambSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WamcSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WamdSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WameSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WamfSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WamhSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WamiSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WamjSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WamkSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WamlSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WammSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WamnSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WamoSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WampSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WamqSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WamrSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WamsSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WamtSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WamuSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WamvSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WamwSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WamxSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WamySvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WamzSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WanaSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WanbSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WancSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WandSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WaneSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WanfSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WangSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WanhSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WaniSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WanjSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WankSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WanlSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WanmSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WannSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WanoSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WanpSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WanqSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WanrSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WansSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WantSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WanuSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
    • WanvSvc
  • In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application
    • Service1
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process
    • lib32wanw
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\lib32wanw
    • DEBUG

Step 4

Diesen Registrierungswert löschen

[ Saber mais ]

Wichtig: Eine nicht ordnungsgemäße Bearbeitung der Windows Registrierung kann zu einer dauerhaften Fehlfunktion des Systems führen. Führen Sie diesen Schritt nur durch, wenn Sie mit der Vorgehensweise vertraut sind oder wenn Sie Ihren Systemadministrator um Unterstützung bitten können. Lesen Sie ansonsten zuerst diesen Microsoft Artikel, bevor Sie die Registrierung Ihres Computers ändern.

  • In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WanwSvc
    • Description = "{random characters}"
  • In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WanwSvc
    • FailureActions = "{random values}"
  • In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Service1
    • EventMessageFile = "%Windows%\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll"

Step 5

Diesen geänderten Registrierungswert wiederherstellen

[ Saber mais ]

Wichtig: Eine nicht ordnungsgemäße Bearbeitung der Windows Registrierung kann zu einer dauerhaften Fehlfunktion des Systems führen. Führen Sie diesen Schritt nur durch, wenn Sie mit der Vorgehensweise vertraut sind oder wenn Sie Ihren Systemadministrator um Unterstützung bitten können. Lesen Sie ansonsten zuerst diesen Microsoft Artikel, bevor Sie die Registrierung Ihres Computers ändern.

  • In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application
    • From: Sources = "{random characters}"
      To: Sources = ""{random values}""
  • In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT
    • From: EventMessageFile = "%System%\ESENT.dll"
      To: EventMessageFile = ""{random values}""
  • In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT
    • From: CategoryMessageFile = "%System%\ESENT.dll"
      To: CategoryMessageFile = ""{random values}""
  • In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT
    • From: CategoryCount = "1"
      To: CategoryCount = ""10""
  • In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT
    • From: TypesSupported = "7"
      To: TypesSupported = ""7""

Step 6

Führen Sie den Neustart im normalen Modus durch, und durchsuchen Sie Ihren Computer mit Ihrem Trend Micro Produkt nach Dateien, die als TROJ_AGENT.BBWF entdeckt werden. Falls die entdeckten Dateien bereits von Ihrem Trend Micro Produkt gesäubert, gelöscht oder in Quarantäne verschoben wurden, sind keine weiteren Schritte erforderlich. Dateien in Quarantäne können einfach gelöscht werden. Auf dieser Knowledge-Base-Seite finden Sie weitere Informationen.


Participe da nossa pesquisa!