PUA_AdvancedPCCare
Windows
Tipo de malware
Trojan
Destructivo?
No
Cifrado
In the Wild:
Sí
Resumen y descripción
Elimina archivos para impedir la ejecución correcta de programas y aplicaciones.
Detalles técnicos
Instalación
Crea las carpetas siguientes:
- %User Temp%\is-F1VBN.tmp
- %User Temp%\is-AUR6L.tmp
- %User Temp%\is-AUR6L.tmp\_isetup
- %Program Files%\Advanced PC Care
- %Program Files%\Advanced PC Care\x64
- %Program Files%\Advanced PC Care\x86
- %User Profile%\Application Data\Advancedpccare.com
- %User Profile%\Advancedpccare.com\Advanced PC Care
- %User Profile%\Application Data\EasyFileOpener
- %User Profile%\Application Data\Appverifier
- %Program Files%\Advanced PC Care\langs
- %User Profile%\EasyFileOpener\langs
- %Start Menu%\Programs\Advanced PC Care
- %User Profile%\Advanced PC Care\smico
Técnica de inicio automático
Agrega las siguientes entradas de registro para permitir su ejecución automática cada vez que se inicia el sistema:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Advanced PC Care_Logon = "%Program Files%\Advanced PC Care\advancedpccare.exe startuplaunch"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Advanced PC Care_Logon = "%Program Files%\Advanced PC Care\advancedpccare.exe startuplaunch"
Otras modificaciones del sistema
Elimina los archivos siguientes:
- %Program Files%\Advanced PC Care\langs\english_apc_en.ini
- %User Profile%\langs\english_efo_en.ini
- %Start Menu%\Programs\Advanced PC Care\Advanced PC Care.pif
- %Start Menu%\Programs\Advanced PC Care\Advanced PC Care.url
- %Start Menu%\Programs\Advanced PC Care\Buy Advanced PC Care.pif
- %Start Menu%\Programs\Advanced PC Care\Buy Advanced PC Care.url
- %Start Menu%\Programs\Advanced PC Care\Uninstall Advanced PC Care.pif
- %Start Menu%\Programs\Advanced PC Care\Uninstall Advanced PC Care.url
- %Desktop%\Advanced PC Care.pif
- %Desktop%\Advanced PC Care.url
- %Desktop%\Ashampoo exclusive Offers.lnk
- %Desktop%\Ashampoo exclusive Offers.pif
- %User Temp%\81t638_s.pdb
(Nota: %Program Files% es la carpeta Archivos de programa predeterminada, que suele estar en C:\Archivos de programa).
. %User Profile% es la carpeta de perfil del usuario activo, que en el caso de Windows 98 y ME suele estar en C:\Windows\Profiles\{nombre de usuario}, en el caso de Windows NT en C:\WINNT\Profiles\{nombre de usuario} y en el caso de Windows 2000, XP y Server 2003 en C:\Documents and Settings\{nombre de usuario}).. %Start Menu% es la carpeta Menú Inicio del usuario activo, que en el caso de Windows 98 y ME suele estar ubicada en C:\Windows\Profiles\{nombre de usuario}\Menú Inicio, en el caso de Windows NT en C:\WINNT\Profiles\{nombre de usuario}\Menú Inicio y en el caso de Windows 2000, XP y Server 2003 en C:\Documents and Settings\{nombre de usuario}\Menú Inicio).. %Desktop% es la carpeta Escritorio del usuario activo, que en el caso de Windows 98 y ME suele estar en C:\Windows\Profiles\{nombre de usuario}\Escritorio, en el caso de Windows NT en C:\WINNT\Profiles\{nombre de usuario}\Escritorio y en el caso de Windows 2000, XP y Server 2003 en C:\Documents and Settings\{nombre de usuario}\Escritorio).. %User Temp% es la carpeta Temp del usuario activo, que en el caso de Windows 2000, XP y Server 2003 suele estar en C:\Documents and Settings\{nombre de usuario}\Local Settings\Temp).)Elimina las carpetas siguientes:
- %Start Menu%\Programs\Advancedpccare.com
Agrega las siguientes entradas de registro como parte de la rutina de instalación:
HKEY_LOCAL_MACHINE\Software\Advancedpccare.com\
Advanced PC Care
HKEY_CURRENT_USER\Software\Advancedpccare.com\
Advanced PC Care
HKEY_CURRENT_USER\Software\Advancedpccare.com\
Advanced PC Care\1.0.0.2024
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Uninstall\
B7A64AC7-B828-4D74-98B2-097AFA836948_is1
HKEY_LOCAL_MACHINE\Software\pcv-vars
HKEY_LOCAL_MACHINE\Software\AppVerifierService\
AppVerifierService
HKEY_LOCAL_MACHINE\Software\QWR2YW5jZWRwY2NhcmUuY29t\
QWR2YW5jZWQgUEMgQ2FyZQ==\ACT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\Eventlog\Application\
AppVerifier
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Unknown\shell\opendlg
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Unknown\shell\opendlg\
command
Agrega las siguientes entradas de registro:
HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\
Advanced PC Care
phone = "(877)-883-7061"
HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\
Advanced PC Care
isphone = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\
Advanced PC Care
issilent = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\
Advanced PC Care
showefo = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\
Advanced PC Care
efosetting = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\
Advanced PC Care
msl = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\
Advanced PC Care
pxl = "AD146_AD141_RUNT"
HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\
Advanced PC Care
ipaddrurl = "http://www.{BLOCKED}edpccare.com/getIpAddress.asp"
HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\
Advanced PC Care
paramurl = "http://trkr.{BLOCKED}edpccare.com/ipfiles"
HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\
Advanced PC Care
prereg = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\
Advanced PC Care
showtn = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\
Advanced PC Care
ovoffdis = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\
Advanced PC Care
utm_source = "ad1"
HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\
Advanced PC Care
utm_campaign = "ad1"
HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\
Advanced PC Care
Phone = "(877)-883-7061"
HKEY_CURRENT_USER\Software\Advancedpccare.com\
Advanced PC Care
utm_source = "ad1"
HKEY_CURRENT_USER\Software\Advancedpccare.com\
Advanced PC Care
utm_campaign = "ad1"
HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\
Advanced PC Care
Phone_us = "(877)-883-7061"
HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\
Advanced PC Care
Phone_uk = "(800)-404-8430"
HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\
Advanced PC Care
Phone_gb = "(800)-404-8430"
HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\
Advanced PC Care
Phone_au = "1800-764-389"
HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\
Advanced PC Care
Phone_fr = "(334)-88627945"
HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\
Advanced PC Care
Phone_de = "(800)-180-0926"
HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\
Advanced PC Care
Phone_at = "(800)-180-0926"
HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\
Advanced PC Care
Phone_ch = "(800)-180-0926"
HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\
Advanced PC Care
Phone_lu = "(800)-180-0926"
HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\
Advanced PC Care
PurchaseURL = "http://www.{BLOCKED}edpccare.com/apc/price.asp?"
HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\
Advanced PC Care
RenewURL = "http://www.{BLOCKED}edpccare.com/apc/renewal.asp?"
HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\
Advanced PC Care
WebURL = "http://www.{BLOCKED}edpccare.com"
HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\
Advanced PC Care
EmailURL = "support@advancedpccare.com"
HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\
Advanced PC Care
supporturl = "http://www.{BLOCKED}edpccare.com/help"
HKEY_CURRENT_USER\Software\Advancedpccare.com\
Advanced PC Care
Installstring = "%Program Files%\Advanced PC Care"
HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\
Advanced PC Care
Installstring = "%Program Files%\Advanced PC Care"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
B7A64AC7-B828-4D74-98B2-097AFA836948_is1
Inno Setup: Setup Version = "5.5.5 (u)"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
B7A64AC7-B828-4D74-98B2-097AFA836948_is1
Inno Setup: App Path = "%Program Files%\Advanced PC Care"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
B7A64AC7-B828-4D74-98B2-097AFA836948_is1
InstallLocation = "%Program Files%\Advanced PC Care"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
B7A64AC7-B828-4D74-98B2-097AFA836948_is1
Inno Setup: Icon Group = "Advanced PC Care"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
B7A64AC7-B828-4D74-98B2-097AFA836948_is1
Inno Setup: User = "Wilbert"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
B7A64AC7-B828-4D74-98B2-097AFA836948_is1
Inno Setup: Language = "en"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
B7A64AC7-B828-4D74-98B2-097AFA836948_is1
DisplayName = "Advanced PC Care"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
B7A64AC7-B828-4D74-98B2-097AFA836948_is1
DisplayIcon = "%Program Files%\Advanced PC Care\advancedpccare.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
B7A64AC7-B828-4D74-98B2-097AFA836948_is1
UninstallString = "%Program Files%\Advanced PC Care\unins000.exe "
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
B7A64AC7-B828-4D74-98B2-097AFA836948_is1
QuietUninstallString = "%Program Files%\Advanced PC Care\unins000.exe /SILENT"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
B7A64AC7-B828-4D74-98B2-097AFA836948_is1
DisplayVersion = "1.0.0.2024"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
B7A64AC7-B828-4D74-98B2-097AFA836948_is1
Publisher = "Advancedpccare.com"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
B7A64AC7-B828-4D74-98B2-097AFA836948_is1
URLInfoAbout = "http://www.{BLOCKED}edpccare.com"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
B7A64AC7-B828-4D74-98B2-097AFA836948_is1
HelpLink = "http://www.{BLOCKED}edpccare.com/help"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
B7A64AC7-B828-4D74-98B2-097AFA836948_is1
NoModify = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
B7A64AC7-B828-4D74-98B2-097AFA836948_is1
NoRepair = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
B7A64AC7-B828-4D74-98B2-097AFA836948_is1
InstallDate = "20171031"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
B7A64AC7-B828-4D74-98B2-097AFA836948_is1
MajorVersion = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
B7A64AC7-B828-4D74-98B2-097AFA836948_is1
MinorVersion = "0"
HKEY_CURRENT_USER\Software\Advancedpccare.com\
Advanced PC Care
InstallString = "%Program Files%\Advanced PC Care"
HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\
Advanced PC Care
InstallString = "%Program Files%\Advanced PC Care"
HKEY_CURRENT_USER\Software\Advancedpccare.com\
Advanced PC Care
LangCode = "en"
HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\
Advanced PC Care
LangCode = "en"
HKEY_LOCAL_MACHINE\SOFTWARE\pcv-vars
utm_source = "ad1"
HKEY_LOCAL_MACHINE\SOFTWARE\pcv-vars
utm_campaign = "ad1"
HKEY_LOCAL_MACHINE\SOFTWARE\pcv-vars
LangCode = "en"
HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\
Advanced PC Care
afterInstallUrl = "http://www.{BLOCKED}edpccare.com/apc/afterinstall/?"
HKEY_LOCAL_MACHINE\SOFTWARE\pcv-vars
country = "us"
HKEY_LOCAL_MACHINE\SOFTWARE\pcv-vars
phone = "(877)-883-7061"
HKEY_LOCAL_MACHINE\SOFTWARE\AppVerifierService\
AppVerifierService
country = "us"
HKEY_LOCAL_MACHINE\SOFTWARE\QWR2YW5jZWRwY2NhcmUuY29t\
QWR2YW5jZWQgUEMgQ2FyZQ==\ACT
data = "{random values}"
HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\
Advanced PC Care
reg = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\
Advanced PC Care
expired = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\
Advanced PC Care
country = "us"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\Eventlog\Application\
AppVerifier
EventMessageFile = "%Windows%\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\
Advanced PC Care
hdata = "{random values}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Unknown\shell\openas\
command
easyfileopener.Dat = "%System%\rundll32.exe %System%\shell32.dll,OpenAs_RunDLL %1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Unknown\shell\opendlg
MultiSelectModel = "Single"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Unknown\shell\opendlg\
command
easyfileopener.Dat = "%System%\rundll32.exe %System%\shell32.dll,OpenAs_RunDLL %1"
Modifica las siguientes entradas de registro:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\Eventlog\Application
Sources = "{random characters}"
(Note: The default value data of the said registry entry is {random values}.)
Elimina las siguientes claves de registro:
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Uninstall\
B7A64AC7-B828-4D74-98B2-097AFA836948_is1
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Uninstall\
Advanced PC Care_is1
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Uninstall\
Advanced PC Care_is1
Rutina de infiltración
Infiltra los archivos siguientes:
- %User Temp%\is-f1vbn.tmp\{malware file name}.tmp
- %User Temp%\is-AUR6L.tmp\_isetup\_shfoldr.dll
- %User Temp%\is-AUR6L.tmp\isxdl.dll
- %Program Files%\Advanced PC Care\unins000.dat
- %Program Files%\Advanced PC Care\is-RO6FD.tmp
- %Program Files%\Advanced PC Care\is-L54SH.tmp
- %Program Files%\Advanced PC Care\is-AM34D.tmp
- %Program Files%\Advanced PC Care\is-NA1B0.tmp
- %Program Files%\Advanced PC Care\is-LH385.tmp
- %Program Files%\Advanced PC Care\is-J9B77.tmp
- %Program Files%\Advanced PC Care\is-90J4O.tmp
- %Program Files%\Advanced PC Care\is-0L33L.tmp
- %Program Files%\Advanced PC Care\is-LG4MH.tmp
- %Program Files%\Advanced PC Care\is-4UDE3.tmp
- %Program Files%\Advanced PC Care\x64\is-4A523.tmp
- %Program Files%\Advanced PC Care\x86\is-A0UTD.tmp
- %Program Files%\Advanced PC Care\is-1UQQ9.tmp
- %Program Files%\Advanced PC Care\is-LBJFT.tmp
- %Program Files%\Advanced PC Care\is-7DOM7.tmp
- %User Profile%\Advanced PC Care\is-V6BP0.tmp
- %User Profile%\Advanced PC Care\is-PHGN6.tmp
- %User Profile%\EasyFileOpener\is-8ICVE.tmp
- %User Profile%\Appverifier\is-KTJUR.tmp
- %User Profile%\Appverifier\is-CLVB5.tmp
- %Program Files%\Advanced PC Care\langs\is-H8AL0.tmp
- %Program Files%\Advanced PC Care\langs\is-FJ73D.tmp
- %Program Files%\Advanced PC Care\langs\is-1QGTO.tmp
- %Program Files%\Advanced PC Care\langs\is-JDJSL.tmp
- %Program Files%\Advanced PC Care\langs\is-SP3VE.tmp
- %Program Files%\Advanced PC Care\langs\is-FV2MJ.tmp
- %Program Files%\Advanced PC Care\langs\is-HCBOL.tmp
- %Program Files%\Advanced PC Care\langs\is-1IEA7.tmp
- %Program Files%\Advanced PC Care\langs\is-GID68.tmp
- %Program Files%\Advanced PC Care\langs\is-C6A7N.tmp
- %Program Files%\Advanced PC Care\langs\is-LBGPB.tmp
- %Program Files%\Advanced PC Care\langs\is-2044J.tmp
- %Program Files%\Advanced PC Care\langs\is-L79T7.tmp
- %Program Files%\Advanced PC Care\langs\is-2K7PI.tmp
- %User Profile%\langs\is-UBADH.tmp
- %User Profile%\langs\is-RT1GJ.tmp
- %User Profile%\langs\is-BKES3.tmp
- %User Profile%\langs\is-07R2S.tmp
- %User Profile%\langs\is-FLF70.tmp
- %User Profile%\langs\is-43F6S.tmp
- %User Profile%\langs\is-9DVUJ.tmp
- %User Profile%\langs\is-CPFEB.tmp
- %User Profile%\langs\is-I6FRF.tmp
- %User Profile%\langs\is-9FOK8.tmp
- %User Profile%\langs\is-T6E4F.tmp
- %User Profile%\langs\is-TTHQQ.tmp
- %User Profile%\langs\is-9R54N.tmp
- %User Profile%\langs\is-E3HPF.tmp
- %Program Files%\Advanced PC Care\is-HULHG.tmp
- %Start Menu%\Programs\Advanced PC Care\Advanced PC Care.lnk
- %Start Menu%\Programs\Advanced PC Care\Buy Advanced PC Care.lnk
- %Start Menu%\Programs\Advanced PC Care\Uninstall Advanced PC Care.lnk
- %Desktop%\Advanced PC Care.lnk
- %Desktop%\Ashampoo exclusive Offers.url
- %Program Files%\Advanced PC Care\unins000.msg
- %User Profile%\Advanced PC Care\Errorlog.txt
- %User Profile%\Appverifier\AppVerifierService.InstallState
- %User Profile%\Advanced PC Care\exlist.bin
- %User Profile%\Advanced PC Care\lmi.xml
- %User Temp%\81t638_s.tmp
- %User Temp%\81t638_s.0.cs
- %User Temp%\81t638_s.dll
- %User Temp%\81t638_s.cmdline
- %User Temp%\81t638_s.out
- %User Temp%\81t638_s.err
- %User Profile%\Advanced PC Care\Lmircc.msi
- %User Temp%\CSC89.tmp
- %User Temp%\RES8C.tmp
(Nota: %User Temp% es la carpeta Temp del usuario activo, que en el caso de Windows 2000, XP y Server 2003 suele estar en C:\Documents and Settings\{nombre de usuario}\Local Settings\Temp).
. %Program Files% es la carpeta Archivos de programa predeterminada, que suele estar en C:\Archivos de programa).. %User Profile% es la carpeta de perfil del usuario activo, que en el caso de Windows 98 y ME suele estar en C:\Windows\Profiles\{nombre de usuario}, en el caso de Windows NT en C:\WINNT\Profiles\{nombre de usuario} y en el caso de Windows 2000, XP y Server 2003 en C:\Documents and Settings\{nombre de usuario}).. %Start Menu% es la carpeta Menú Inicio del usuario activo, que en el caso de Windows 98 y ME suele estar ubicada en C:\Windows\Profiles\{nombre de usuario}\Menú Inicio, en el caso de Windows NT en C:\WINNT\Profiles\{nombre de usuario}\Menú Inicio y en el caso de Windows 2000, XP y Server 2003 en C:\Documents and Settings\{nombre de usuario}\Menú Inicio).. %Desktop% es la carpeta Escritorio del usuario activo, que en el caso de Windows 98 y ME suele estar en C:\Windows\Profiles\{nombre de usuario}\Escritorio, en el caso de Windows NT en C:\WINNT\Profiles\{nombre de usuario}\Escritorio y en el caso de Windows 2000, XP y Server 2003 en C:\Documents and Settings\{nombre de usuario}\Escritorio).)
Soluciones
Step 1
Los usuarios de Windows ME y XP, antes de llevar a cabo cualquier exploración, deben comprobar que tienen desactivada la opción Restaurar sistema para permitir la exploración completa del equipo.
Step 2
Reiniciar en modo seguro
Step 3
Eliminar esta clave del Registro
Importante: si modifica el Registro de Windows incorrectamente, podría hacer que el sistema funcione mal de manera irreversible. Lleve a cabo este paso solo si sabe cómo hacerlo o si puede contar con ayuda de su administrador del sistema. De lo contrario, lea este artículo de Microsoft antes de modificar el Registro del equipo.
- In HKEY_LOCAL_MACHINE\Software\Advancedpccare.com
- Advanced PC Care
- In HKEY_CURRENT_USER\Software\Advancedpccare.com
- Advanced PC Care
- In HKEY_CURRENT_USER\Software\Advancedpccare.com\Advanced PC Care
- 1.0.0.2024
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
- B7A64AC7-B828-4D74-98B2-097AFA836948_is1
- In HKEY_LOCAL_MACHINE\Software
- pcv-vars
- In HKEY_LOCAL_MACHINE\Software
- AppVerifierService
- In HKEY_LOCAL_MACHINE\Software\QWR2YW5jZWRwY2NhcmUuY29t\QWR2YW5jZWQgUEMgQ2FyZQ==
- ACT
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application
- AppVerifier
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\shell
- opendlg
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\shell\opendlg
- command
Step 4
Eliminar este valor del Registro
Importante: si modifica el Registro de Windows incorrectamente, podría hacer que el sistema funcione mal de manera irreversible. Lleve a cabo este paso solo si sabe cómo hacerlo o si puede contar con ayuda de su administrador del sistema. De lo contrario, lea este artículo de Microsoft antes de modificar el Registro del equipo.
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- Advanced PC Care_Logon = "%Program Files%\Advanced PC Care\advancedpccare.exe startuplaunch"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- Advanced PC Care_Logon = "%Program Files%\Advanced PC Care\advancedpccare.exe startuplaunch"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\Advanced PC Care
- phone = "(877)-883-7061"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\Advanced PC Care
- isphone = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\Advanced PC Care
- issilent = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\Advanced PC Care
- showefo = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\Advanced PC Care
- efosetting = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\Advanced PC Care
- msl = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\Advanced PC Care
- pxl = "AD146_AD141_RUNT"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\Advanced PC Care
- ipaddrurl = "http://www.{BLOCKED}edpccare.com/getIpAddress.asp"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\Advanced PC Care
- paramurl = "http://trkr.{BLOCKED}edpccare.com/ipfiles"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\Advanced PC Care
- prereg = "0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\Advanced PC Care
- showtn = "0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\Advanced PC Care
- ovoffdis = "0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\Advanced PC Care
- utm_source = "ad1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\Advanced PC Care
- utm_campaign = "ad1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\Advanced PC Care
- Phone = "(877)-883-7061"
- In HKEY_CURRENT_USER\Software\Advancedpccare.com\Advanced PC Care
- utm_source = "ad1"
- In HKEY_CURRENT_USER\Software\Advancedpccare.com\Advanced PC Care
- utm_campaign = "ad1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\Advanced PC Care
- Phone_us = "(877)-883-7061"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\Advanced PC Care
- Phone_uk = "(800)-404-8430"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\Advanced PC Care
- Phone_gb = "(800)-404-8430"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\Advanced PC Care
- Phone_au = "1800-764-389"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\Advanced PC Care
- Phone_fr = "(334)-88627945"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\Advanced PC Care
- Phone_de = "(800)-180-0926"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\Advanced PC Care
- Phone_at = "(800)-180-0926"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\Advanced PC Care
- Phone_ch = "(800)-180-0926"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\Advanced PC Care
- Phone_lu = "(800)-180-0926"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\Advanced PC Care
- PurchaseURL = "http://www.{BLOCKED}edpccare.com/apc/price.asp?"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\Advanced PC Care
- RenewURL = "http://www.{BLOCKED}edpccare.com/apc/renewal.asp?"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\Advanced PC Care
- WebURL = "http://www.{BLOCKED}edpccare.com"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\Advanced PC Care
- EmailURL = "support@advancedpccare.com"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\Advanced PC Care
- supporturl = "http://www.{BLOCKED}edpccare.com/help"
- In HKEY_CURRENT_USER\Software\Advancedpccare.com\Advanced PC Care
- Installstring = "%Program Files%\Advanced PC Care"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\Advanced PC Care
- Installstring = "%Program Files%\Advanced PC Care"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\B7A64AC7-B828-4D74-98B2-097AFA836948_is1
- Inno Setup: Setup Version = "5.5.5 (u)"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\B7A64AC7-B828-4D74-98B2-097AFA836948_is1
- Inno Setup: App Path = "%Program Files%\Advanced PC Care"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\B7A64AC7-B828-4D74-98B2-097AFA836948_is1
- InstallLocation = "%Program Files%\Advanced PC Care"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\B7A64AC7-B828-4D74-98B2-097AFA836948_is1
- Inno Setup: Icon Group = "Advanced PC Care"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\B7A64AC7-B828-4D74-98B2-097AFA836948_is1
- Inno Setup: User = "Wilbert"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\B7A64AC7-B828-4D74-98B2-097AFA836948_is1
- Inno Setup: Language = "en"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\B7A64AC7-B828-4D74-98B2-097AFA836948_is1
- DisplayName = "Advanced PC Care"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\B7A64AC7-B828-4D74-98B2-097AFA836948_is1
- DisplayIcon = "%Program Files%\Advanced PC Care\advancedpccare.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\B7A64AC7-B828-4D74-98B2-097AFA836948_is1
- UninstallString = "%Program Files%\Advanced PC Care\unins000.exe "
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\B7A64AC7-B828-4D74-98B2-097AFA836948_is1
- QuietUninstallString = "%Program Files%\Advanced PC Care\unins000.exe /SILENT"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\B7A64AC7-B828-4D74-98B2-097AFA836948_is1
- DisplayVersion = "1.0.0.2024"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\B7A64AC7-B828-4D74-98B2-097AFA836948_is1
- Publisher = "Advancedpccare.com"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\B7A64AC7-B828-4D74-98B2-097AFA836948_is1
- URLInfoAbout = "http://www.{BLOCKED}edpccare.com"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\B7A64AC7-B828-4D74-98B2-097AFA836948_is1
- HelpLink = "http://www.{BLOCKED}edpccare.com/help"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\B7A64AC7-B828-4D74-98B2-097AFA836948_is1
- NoModify = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\B7A64AC7-B828-4D74-98B2-097AFA836948_is1
- NoRepair = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\B7A64AC7-B828-4D74-98B2-097AFA836948_is1
- InstallDate = "20171031"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\B7A64AC7-B828-4D74-98B2-097AFA836948_is1
- MajorVersion = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\B7A64AC7-B828-4D74-98B2-097AFA836948_is1
- MinorVersion = "0"
- In HKEY_CURRENT_USER\Software\Advancedpccare.com\Advanced PC Care
- InstallString = "%Program Files%\Advanced PC Care"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\Advanced PC Care
- InstallString = "%Program Files%\Advanced PC Care"
- In HKEY_CURRENT_USER\Software\Advancedpccare.com\Advanced PC Care
- LangCode = "en"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\Advanced PC Care
- LangCode = "en"
- In HKEY_LOCAL_MACHINE\SOFTWARE\pcv-vars
- utm_source = "ad1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\pcv-vars
- utm_campaign = "ad1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\pcv-vars
- LangCode = "en"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\Advanced PC Care
- afterInstallUrl = "http://www.{BLOCKED}edpccare.com/apc/afterinstall/?"
- In HKEY_LOCAL_MACHINE\SOFTWARE\pcv-vars
- country = "us"
- In HKEY_LOCAL_MACHINE\SOFTWARE\pcv-vars
- phone = "(877)-883-7061"
- In HKEY_LOCAL_MACHINE\SOFTWARE\AppVerifierService\AppVerifierService
- country = "us"
- In HKEY_LOCAL_MACHINE\SOFTWARE\QWR2YW5jZWRwY2NhcmUuY29t\QWR2YW5jZWQgUEMgQ2FyZQ==\ACT
- data = "{random values}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\Advanced PC Care
- reg = "0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\Advanced PC Care
- expired = "0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\Advanced PC Care
- country = "us"
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\AppVerifier
- EventMessageFile = "%Windows%\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Advancedpccare.com\Advanced PC Care
- hdata = "{random values}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\shell\openas\command
- easyfileopener.Dat = "%System%\rundll32.exe %System%\shell32.dll,OpenAs_RunDLL %1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\shell\opendlg
- MultiSelectModel = "Single"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\shell\opendlg\command
- easyfileopener.Dat = "%System%\rundll32.exe %System%\shell32.dll,OpenAs_RunDLL %1"
Step 5
Restaurar este valor del Registro modificado
Importante: si modifica el Registro de Windows incorrectamente, podría hacer que el sistema funcione mal de manera irreversible. Lleve a cabo este paso solo si sabe cómo hacerlo o si puede contar con ayuda de su administrador del sistema. De lo contrario, lea este artículo de Microsoft antes de modificar el Registro del equipo.
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application
- From: Sources = "{random characters}"
To: Sources = ""{random values}""
- From: Sources = "{random characters}"
Step 6
Buscar y eliminar estos archivos
- %User Temp%\is-f1vbn.tmp\{malware file name}.tmp
- %User Temp%\is-AUR6L.tmp\_isetup\_shfoldr.dll
- %User Temp%\is-AUR6L.tmp\isxdl.dll
- %Program Files%\Advanced PC Care\unins000.dat
- %Program Files%\Advanced PC Care\is-RO6FD.tmp
- %Program Files%\Advanced PC Care\is-L54SH.tmp
- %Program Files%\Advanced PC Care\is-AM34D.tmp
- %Program Files%\Advanced PC Care\is-NA1B0.tmp
- %Program Files%\Advanced PC Care\is-LH385.tmp
- %Program Files%\Advanced PC Care\is-J9B77.tmp
- %Program Files%\Advanced PC Care\is-90J4O.tmp
- %Program Files%\Advanced PC Care\is-0L33L.tmp
- %Program Files%\Advanced PC Care\is-LG4MH.tmp
- %Program Files%\Advanced PC Care\is-4UDE3.tmp
- %Program Files%\Advanced PC Care\x64\is-4A523.tmp
- %Program Files%\Advanced PC Care\x86\is-A0UTD.tmp
- %Program Files%\Advanced PC Care\is-1UQQ9.tmp
- %Program Files%\Advanced PC Care\is-LBJFT.tmp
- %Program Files%\Advanced PC Care\is-7DOM7.tmp
- %User Profile%\Advanced PC Care\is-V6BP0.tmp
- %User Profile%\Advanced PC Care\is-PHGN6.tmp
- %User Profile%\EasyFileOpener\is-8ICVE.tmp
- %User Profile%\Appverifier\is-KTJUR.tmp
- %User Profile%\Appverifier\is-CLVB5.tmp
- %Program Files%\Advanced PC Care\langs\is-H8AL0.tmp
- %Program Files%\Advanced PC Care\langs\is-FJ73D.tmp
- %Program Files%\Advanced PC Care\langs\is-1QGTO.tmp
- %Program Files%\Advanced PC Care\langs\is-JDJSL.tmp
- %Program Files%\Advanced PC Care\langs\is-SP3VE.tmp
- %Program Files%\Advanced PC Care\langs\is-FV2MJ.tmp
- %Program Files%\Advanced PC Care\langs\is-HCBOL.tmp
- %Program Files%\Advanced PC Care\langs\is-1IEA7.tmp
- %Program Files%\Advanced PC Care\langs\is-GID68.tmp
- %Program Files%\Advanced PC Care\langs\is-C6A7N.tmp
- %Program Files%\Advanced PC Care\langs\is-LBGPB.tmp
- %Program Files%\Advanced PC Care\langs\is-2044J.tmp
- %Program Files%\Advanced PC Care\langs\is-L79T7.tmp
- %Program Files%\Advanced PC Care\langs\is-2K7PI.tmp
- %User Profile%\langs\is-UBADH.tmp
- %User Profile%\langs\is-RT1GJ.tmp
- %User Profile%\langs\is-BKES3.tmp
- %User Profile%\langs\is-07R2S.tmp
- %User Profile%\langs\is-FLF70.tmp
- %User Profile%\langs\is-43F6S.tmp
- %User Profile%\langs\is-9DVUJ.tmp
- %User Profile%\langs\is-CPFEB.tmp
- %User Profile%\langs\is-I6FRF.tmp
- %User Profile%\langs\is-9FOK8.tmp
- %User Profile%\langs\is-T6E4F.tmp
- %User Profile%\langs\is-TTHQQ.tmp
- %User Profile%\langs\is-9R54N.tmp
- %User Profile%\langs\is-E3HPF.tmp
- %Program Files%\Advanced PC Care\is-HULHG.tmp
- %Start Menu%\Programs\Advanced PC Care\Advanced PC Care.lnk
- %Start Menu%\Programs\Advanced PC Care\Buy Advanced PC Care.lnk
- %Start Menu%\Programs\Advanced PC Care\Uninstall Advanced PC Care.lnk
- %Desktop%\Advanced PC Care.lnk
- %Desktop%\Ashampoo exclusive Offers.url
- %Program Files%\Advanced PC Care\unins000.msg
- %User Profile%\Advanced PC Care\Errorlog.txt
- %User Profile%\Appverifier\AppVerifierService.InstallState
- %User Profile%\Advanced PC Care\exlist.bin
- %User Profile%\Advanced PC Care\lmi.xml
- %User Temp%\81t638_s.tmp
- %User Temp%\81t638_s.0.cs
- %User Temp%\81t638_s.dll
- %User Temp%\81t638_s.cmdline
- %User Temp%\81t638_s.out
- %User Temp%\81t638_s.err
- %User Profile%\Advanced PC Care\Lmircc.msi
- %User Temp%\CSC89.tmp
- %User Temp%\RES8C.tmp
Step 7
Buscar y eliminar estas carpetas
- %User Temp%\is-F1VBN.tmp
- %User Temp%\is-AUR6L.tmp
- %User Temp%\is-AUR6L.tmp\_isetup
- %Program Files%\Advanced PC Care
- %Program Files%\Advanced PC Care\x64
- %Program Files%\Advanced PC Care\x86
- %User Profile%\Application Data\Advancedpccare.com
- %User Profile%\Advancedpccare.com\Advanced PC Care
- %User Profile%\Application Data\EasyFileOpener
- %User Profile%\Application Data\Appverifier
- %Program Files%\Advanced PC Care\langs
- %User Profile%\EasyFileOpener\langs
- %Start Menu%\Programs\Advanced PC Care
- %User Profile%\Advanced PC Care\smico
Step 8
Reinicie en modo normal y explore el equipo con su producto de Trend Micro para buscar los archivos identificados como PUA_AdvancedPCCare En caso de que el producto de Trend Micro ya haya limpiado, eliminado o puesto en cuarentena los archivos detectados, no serán necesarios más pasos. Puede optar simplemente por eliminar los archivos en cuarentena. Consulte esta página de Base de conocimientos para obtener más información.
Rellene nuestra encuesta!