TROJ_AGENT.BBWF
Dropper-FAG!BE84ADCA5C9F (McAfee); PAK:PE_Patch (Kaspersky); Trojan.Win32.Generic!BT (Sunbelt); Gen:Variant.Kazy.31861 (FSecure)
Windows 2000, Windows XP, Windows Server 2003
Type de grayware:
Trojan
Destructif:
Non
Chiffrement:
In the wild::
Oui
Overview
Löscht Dateien, so dass Programme und Anwendungen nicht ordnungsgemäß ausgeführt werden.
Löscht sich nach der Ausführung selbst.
Détails techniques
Autostart-Technik
Registriert sich als Systemdienst, damit die Ausführung bei jedem Systemstart automatisch erfolgt, indem die folgenden Registrierungsschlüssel hinzufügt werden:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaieSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynaSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynbSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsyncSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsyndSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsyneSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynfSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsyngSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynhSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsyniSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynjSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynkSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynlSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynmSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynnSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynoSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynpSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynqSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynrSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynsSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsyntSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynuSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynvSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynwSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynxSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynySvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WsynzSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\XsynaSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\XsynbSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\XsyncSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\XsyndSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\XsyneSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\XsynfSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\XsyngSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\XsynhSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\XsyniSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\XsynjSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\XsynkSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\XsynlSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\XsynmSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\XsynnSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\XsynoSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\XsynpSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakaSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakbSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakcSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakdSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakeSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakfSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakgSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakhSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakiSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakjSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakkSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaklSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakmSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaknSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakoSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakpSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakqSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakrSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaksSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaktSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakuSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakvSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakwSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakxSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakySvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WakzSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WalaSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WalbSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WalcSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaldSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaleSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WalfSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WalgSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WalhSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaliSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaljSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WalkSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WallSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WalmSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WalnSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaloSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WalpSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WalqSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WalrSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WalsSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaltSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaluSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WalvSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WalwSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WalxSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WalySvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WalzSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamaSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WambSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamcSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamdSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WameSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamfSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamhSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamiSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamjSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamkSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamlSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WammSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamnSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamoSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WampSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamqSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamrSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamsSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamtSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamuSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamvSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamwSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamxSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamySvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WamzSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WanaSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WanbSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WancSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WandSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaneSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WanfSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WangSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WanhSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WaniSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WanjSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WankSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WanlSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WanmSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WannSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WanoSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WanpSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WanqSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WanrSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WansSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WantSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WanuSvc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\WanvSvc
Andere Systemänderungen
Löscht die folgenden Dateien:
- %Windows%\Microsoft.NET\Framework\v2.0.50727\config\security.config.cch.280.38718
- %Windows%\Microsoft.NET\Framework\v2.0.50727\config\enterprisesec.config.cch.280.38718
- %User Profile%\v2.0.50727.42\security.config.cch.280.39359
(Hinweis: %Windows% ist der Windows Ordner, normalerweise C:\Windows oder C:\WINNT.. %User Profile% ist der Ordner für Benutzerprofile des aktuellen Benutzers, normalerweise C:\Windows\Profile\{Benutzername} unter Windows 98 und ME, C:\WINNT\Profile\{Benutzername} unter Windows NT und C:\Dokumente und Einstellungen\{Benutzername} unter Windows 2000, XP und Server 2003.)
Fügt die folgenden Registrierungsschlüssel hinzu:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\Eventlog\Application\
Service1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
ESENT\Process\lib32wanw
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
ESENT\Process\lib32wanw\
DEBUG
Fügt die folgenden Registrierungseinträge hinzu:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\WanwSvc
Description = "{random characters}"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\WanwSvc
FailureActions = "{random values}"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\Eventlog\Application\
Service1
EventMessageFile = "%Windows%\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll"
Ändert die folgenden Registrierungseinträge:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\Eventlog\Application
Sources = "{random characters}"
(Note: The default value data of the said registry entry is {random values}.)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\Eventlog\Application\
ESENT
EventMessageFile = "%System%\ESENT.dll"
(Note: The default value data of the said registry entry is {random values}.)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\Eventlog\Application\
ESENT
CategoryMessageFile = "%System%\ESENT.dll"
(Note: The default value data of the said registry entry is {random values}.)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\Eventlog\Application\
ESENT
CategoryCount = "1"
(Note: The default value data of the said registry entry is 10.)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\Eventlog\Application\
ESENT
TypesSupported = "7"
(Note: The default value data of the said registry entry is 7.)
Andere Details
Löscht sich nach der Ausführung selbst.
Solutions
Step 1
Für Windows ME und XP Benutzer: Stellen Sie vor einer Suche sicher, dass die Systemwiederherstellung deaktiviert ist, damit der gesamte Computer durchsucht werden kann.
Step 2
Im abgesicherten Modus neu starten
Step 3
Diesen Registrierungsschlüssel löschen
Wichtig: Eine nicht ordnungsgemäße Bearbeitung der Windows Registrierung kann zu einer dauerhaften Fehlfunktion des Systems führen. Führen Sie diesen Schritt nur durch, wenn Sie mit der Vorgehensweise vertraut sind oder wenn Sie Ihren Systemadministrator um Unterstützung bitten können. Lesen Sie ansonsten zuerst diesen Microsoft Artikel, bevor Sie die Registrierung Ihres Computers ändern.
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaieSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WsynaSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WsynbSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WsyncSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WsyndSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WsyneSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WsynfSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WsyngSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WsynhSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WsyniSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WsynjSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WsynkSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WsynlSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WsynmSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WsynnSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WsynoSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WsynpSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WsynqSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WsynrSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WsynsSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WsyntSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WsynuSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WsynvSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WsynwSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WsynxSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WsynySvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WsynzSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- XsynaSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- XsynbSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- XsyncSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- XsyndSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- XsyneSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- XsynfSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- XsyngSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- XsynhSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- XsyniSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- XsynjSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- XsynkSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- XsynlSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- XsynmSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- XsynnSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- XsynoSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- XsynpSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WakaSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WakbSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WakcSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WakdSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WakeSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WakfSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WakgSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WakhSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WakiSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WakjSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WakkSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaklSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WakmSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaknSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WakoSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WakpSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WakqSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WakrSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaksSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaktSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WakuSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WakvSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WakwSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WakxSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WakySvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WakzSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WalaSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WalbSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WalcSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaldSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaleSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WalfSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WalgSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WalhSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaliSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaljSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WalkSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WallSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WalmSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WalnSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaloSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WalpSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WalqSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WalrSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WalsSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaltSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaluSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WalvSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WalwSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WalxSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WalySvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WalzSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WamaSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WambSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WamcSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WamdSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WameSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WamfSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WamhSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WamiSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WamjSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WamkSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WamlSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WammSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WamnSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WamoSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WampSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WamqSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WamrSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WamsSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WamtSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WamuSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WamvSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WamwSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WamxSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WamySvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WamzSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WanaSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WanbSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WancSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WandSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaneSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WanfSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WangSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WanhSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WaniSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WanjSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WankSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WanlSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WanmSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WannSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WanoSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WanpSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WanqSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WanrSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WansSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WantSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WanuSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- WanvSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application
- Service1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process
- lib32wanw
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\lib32wanw
- DEBUG
Step 4
Diesen Registrierungswert löschen
Wichtig: Eine nicht ordnungsgemäße Bearbeitung der Windows Registrierung kann zu einer dauerhaften Fehlfunktion des Systems führen. Führen Sie diesen Schritt nur durch, wenn Sie mit der Vorgehensweise vertraut sind oder wenn Sie Ihren Systemadministrator um Unterstützung bitten können. Lesen Sie ansonsten zuerst diesen Microsoft Artikel, bevor Sie die Registrierung Ihres Computers ändern.
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WanwSvc
- Description = "{random characters}"
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WanwSvc
- FailureActions = "{random values}"
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Service1
- EventMessageFile = "%Windows%\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll"
Step 5
Diesen geänderten Registrierungswert wiederherstellen
Wichtig: Eine nicht ordnungsgemäße Bearbeitung der Windows Registrierung kann zu einer dauerhaften Fehlfunktion des Systems führen. Führen Sie diesen Schritt nur durch, wenn Sie mit der Vorgehensweise vertraut sind oder wenn Sie Ihren Systemadministrator um Unterstützung bitten können. Lesen Sie ansonsten zuerst diesen Microsoft Artikel, bevor Sie die Registrierung Ihres Computers ändern.
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application
- From: Sources = "{random characters}"
To: Sources = ""{random values}""
- From: Sources = "{random characters}"
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT
- From: EventMessageFile = "%System%\ESENT.dll"
To: EventMessageFile = ""{random values}""
- From: EventMessageFile = "%System%\ESENT.dll"
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT
- From: CategoryMessageFile = "%System%\ESENT.dll"
To: CategoryMessageFile = ""{random values}""
- From: CategoryMessageFile = "%System%\ESENT.dll"
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT
- From: CategoryCount = "1"
To: CategoryCount = ""10""
- From: CategoryCount = "1"
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT
- From: TypesSupported = "7"
To: TypesSupported = ""7""
- From: TypesSupported = "7"
Step 6
Führen Sie den Neustart im normalen Modus durch, und durchsuchen Sie Ihren Computer mit Ihrem Trend Micro Produkt nach Dateien, die als TROJ_AGENT.BBWF entdeckt werden. Falls die entdeckten Dateien bereits von Ihrem Trend Micro Produkt gesäubert, gelöscht oder in Quarantäne verschoben wurden, sind keine weiteren Schritte erforderlich. Dateien in Quarantäne können einfach gelöscht werden. Auf dieser Knowledge-Base-Seite finden Sie weitere Informationen.
Participez à notre enquête!