PUA.Win32.WinMaster.A
a variant of Win32/Monitor.WinMaster.A (NOD32)
Windows
Tipo di minaccia informatica:
Potentially Unwanted Application
Distruttivo?:
No
Crittografato?:
In the wild::
Sì
Dettagli tecnici
Instalación
Agrega las carpetas siguientes:
- %System Root%\temp
- %System Root%\temp\temp
- %System Root%\temp\temp\Policy
- %System Root%\temp\temp\Policy\System
- %User Temp%\5f6d5g9gg5er9g3h5uj4e6sjh6u22i4t6
- %Windows%\debug\SMR
- %Windows%\debug\SMR\RMSLog
- %User Temp%\SMR
- %User Temp%\SMRCV7
(Nota: %System Root% es la carpeta raíz, normalmente C:\. También es la ubicación del sistema operativo).
. %User Temp% es la carpeta Temp del usuario activo, que en el caso de Windows 2000(32-bit), XP y Server 2003(32-bit) suele estar en C:\Documents and Settings\{nombre de usuario}\Local Settings\Temp y en el case de Windows Vista, 7, 8, 8.1, 2008(64-bit), 2012(64-bit) y 10(64-bit) en C:\Users\{nombre de usuario}\AppData\Local\Temp).. %Windows% es la carpeta de Windows, que suele estar en C:\Windows o C:\WINNT).)Infiltra los archivos siguientes:
- %System Root%\temp\temp\_tmp_rar_sfx_access_check_3987229
- %System Root%\temp\temp\FoxSDKU32w.dll
- %System Root%\temp\temp\HuCheck5.exe
- %System Root%\temp\temp\install.dat
- %System Root%\temp\temp\ManualUpdate2015.exe
- %System Root%\temp\temp\PCInfo.exe
- %System Root%\temp\temp\Policy\system\ReplySystem.opt
- %System Root%\temp\temp\Presto.agn
- %System Root%\temp\temp\rms.dll
- %System Root%\temp\temp\RunManualUpdate2015.exe
- %System Root%\temp\temp\ScheduleTask.exe
- %System Root%\temp\temp\sensetup.exe
- %System Root%\temp\temp\ServerSchTask.dat
- %System Root%\temp\temp\smrf.cat.208
- %System Root%\temp\temp\smrf.cat.208_x64
- %System Root%\temp\temp\smrf.cat.212R2_x64
- %System Root%\temp\temp\smrf.cat.212_x64
- %System Root%\temp\temp\smrf.cat.vis
- %System Root%\temp\temp\smrf.cat.w7
- %System Root%\temp\temp\Smrf.cat.w7_x64
- %System Root%\temp\temp\smrf.cat.w8
- %System Root%\temp\temp\smrf.cat.w81
- %System Root%\temp\temp\smrf.cat.w81_x64
- %System Root%\temp\temp\smrf.cat.w8_x64
- %System Root%\temp\temp\Smrf.inf.208
- %System Root%\temp\temp\smrf.inf.208_x64
- %System Root%\temp\temp\smrf.inf.212R2_x64
- %System Root%\temp\temp\smrf.inf.212_x64
- %System Root%\temp\temp\Smrf.inf.vis
- %System Root%\temp\temp\Smrf.inf.w23
- %System Root%\temp\temp\Smrf.inf.w7
- %System Root%\temp\temp\Smrf.inf.w7_x64
- %System Root%\temp\temp\smrf.inf.w8
- %System Root%\temp\temp\smrf.inf.w81
- %System Root%\temp\temp\smrf.inf.w81_x64
- %System Root%\temp\temp\Smrf.inf.wxp
- %System Root%\temp\temp\Smrf.sys.208
- %System Root%\temp\temp\smrf.sys.208_x64
- %System Root%\temp\temp\smrf.sys.212R2_x64
- %System Root%\temp\temp\smrf.sys.212_x64
- %System Root%\temp\temp\Smrf.sys.vis
- %System Root%\temp\temp\Smrf.sys.w23
- %System Root%\temp\temp\Smrf.sys.w7
- %System Root%\temp\temp\Smrf.sys.w7_x64
- %System Root%\temp\temp\smrf.sys.w8
- %System Root%\temp\temp\smrf.sys.w81
- %System Root%\temp\temp\smrf.sys.w81_x64
- %System Root%\temp\temp\smrf.sys.w8_x64
- %System Root%\temp\temp\Smrf.sys.wxp
- %System Root%\temp\temp\winet.ln_
- %System Root%\temp\temp\WinNetDaily.dll
- %System Root%\temp\temp\wmcDataBurner.exe
- %System Root%\temp\temp\wmcEncryption.exe
- %System Root%\temp\temp\wmcFTSlave.exe
- %System Root%\temp\temp\wmcHook.dll
- %System Root%\temp\temp\wmcHook64dll
- %System Root%\temp\temp\wmcMemmgr.dll
- %System Root%\temp\temp\wmcMemmgr64.dll
- %System Root%\temp\temp\wmcProc.exe
- %System Root%\temp\temp\wmcRCSlave.exe
- %System Root%\temp\temp\wmcRMS.exe
- %System Root%\temp\temp\wmcService.exe
- %System Root%\temp\temp\wmcService64.exe
- %System Root%\temp\temp\wmc5ystem.exe
- %System Root%\temp\temp\wmcSystem64.exe
- %System Root%\temp\temp\wmcUser.exe
- %System Root%\temp\temp\XceedCry.dll
- %System Root%\temp\wwnew.ver
- %System Root%\Windows\debug\SMR\ManualUpdate2015{_systemdate}.log
- %AppData%\Local\Temp\autBE3.tmp
- %AppData%\Local\Temp\5f6d5g9gg5er9g3h5uj4e6sjh6u22i4t6\wmcrms.exe
- %User Temp%\SMR\hodll.1214005016
- %User Temp%\SMR\Hook1.1214005016
- %User Temp%\SMR\Hook2.1214005016
- %User Temp%\SMR\wmLookProc.1214005016
- %User Temp%\SMR\wmTakeHttp.1214005016
- %User Temp%\SMR\wmTakeIM.1214005016
- %User Temp%\SMR\wmLookProc64.1214005016
- %User Temp%\SMR\WaterMark.1214005016
- %User Temp%\SMR\wmcHook.1214005016
- %User Temp%\SMR\wmcHook64.1214005016
- %User Temp%\SMR\wmcMemmgr.1214005016
- %User Temp%\SMR\wmcMemmgr64.1214005016
- %User Temp%\SMR\wmcInvenLib.1214005016
(Nota: %System Root% es la carpeta raíz, normalmente C:\. También es la ubicación del sistema operativo).
. %User Temp% es la carpeta Temp del usuario activo, que en el caso de Windows 2000(32-bit), XP y Server 2003(32-bit) suele estar en C:\Documents and Settings\{nombre de usuario}\Local Settings\Temp y en el case de Windows Vista, 7, 8, 8.1, 2008(64-bit), 2012(64-bit) y 10(64-bit) en C:\Users\{nombre de usuario}\AppData\Local\Temp).)Agrega los procesos siguientes:
- %System Root%\temp\temp\RunManualUpdate2015.exe
- %System Root%\temp\temp\ManualUpdate2015.exe
- %System Root%\temp\temp\CSL.exe
- %System Root%\temp\temp\HuCheck5.exe
- %System%\cmd.exe /c %User Temp%\5f6d5g9gg5er9g3h5uj4e6sjh6u22i4t6\wmcrms.exe -noui -driver -alt -log
- %User Temp%\5f6d5g9gg5er9g3h5uj4e6sjh6u22i4t6\wmcrms.exe
- %User Temp%\5f6d5g9gg5er9g3h5uj4e6sjh6u22i4t6\wmcrms.exe -noui -driver -alt -log
- cmd.exe /c del %Program Files%\ww2010cf\smrf.* /F /S /Q
- schtasks.exe /Delete /TN "CheckTaskHour" /F
- schtasks.exe /Delete /TN "CheckTaskDaily" /F
- schtasks.exe /Delete /TN "WinMaster Log and Backup Auto Archive" /F
- cmd.exe /c netsh advfirewall firewall delete rule name="WinMasterServices Server_x64"
- cmd.exe /c netsh advfirewall firewall delete rule name="WinMasterServices Server x64"
- cmd.exe /c netsh advfirewall firewall delete rule name="WinMasterServices Server"
- cmd.exe /c netsh advfirewall firewall delete rule name="WinMasterServices Connect x64"
- cmd.exe /c netsh advfirewall firewall delete rule name="WinMasterServices Connect"
- cmd.exe /c netsh advfirewall firewall delete rule name="WinMasterServices Client"
- cmd.exe /c netsh advfirewall firewall delete rule name="WinMasterServices Client_x64"
- cmd.exe /c netsh advfirewall firewall delete rule name="WinMasterServices Client x64"
- cmd.exe /c netsh advfirewall firewall delete rule name="WinMasterServices V7 Server x64"
- cmd.exe /c netsh advfirewall firewall delete rule name="WinMasterServices V7 Server"
- cmd.exe /c netsh advfirewall firewall delete rule name="WinMasterServices V7 Client x64"
- cmd.exe /c netsh advfirewall firewall delete rule name="WinMasterServices V7 Client"
- cmd.exe /c netsh advfirewall firewall delete rule name="WinMasterRC Slave"
- cmd.exe /c netsh advfirewall firewall delete rule name="WinMasterFT Slave"
- cmd.exe /c netsh advfirewall firewall delete rule name="WinMasterRC Master"
- cmd.exe /c netsh advfirewall firewall delete rule name="WinMasterFT Master"
- cmd.exe /c netsh advfirewall firewall delete rule name="WinMasterRC Slave x64"
- cmd.exe /c netsh advfirewall firewall delete rule name="WinMasterFT Slave x64"
- cmd.exe /c netsh advfirewall firewall delete rule name="WinMasterRC Master x64"
- cmd.exe /c netsh advfirewall firewall delete rule name="WinMasterFT Master x64"
- cmd.exe /c netsh advfirewall firewall delete rule name="WinMaster Client"
- cmd.exe /c netsh advfirewall firewall delete rule name="WinMaster Server"
- cmd.exe /c netsh firewall delete allowedprogram program ="%Program Files%\WW2010CF\wmcSystem.exe"
- cmd.exe /c netsh firewall delete allowedprogram program ="%Program Files%\WW2010CF\WM7_Server.exe"
- cmd.exe /c netsh firewall delete allowedprogram program ="%Program Files%\WW2010CF\wmcFTMaster.exe"
- cmd.exe /c netsh firewall delete allowedprogram program ="%Program Files%\WW2010CF\wmcFTSlave.exe"
- cmd.exe /c netsh firewall delete allowedprogram program ="%Program Files%\WW2010CF\wmcRCMaster.exe"
- cmd.exe /c netsh firewall delete allowedprogram program ="%Program Files%\WW2010CF\wmcRCSlave.exe"
- "%System%\cmd.exe" /c net stop smrf
- "%System%\cmd.exe" /c ren "%Program Files%\ww2010cf\wmcHook.dll" wmcHook.1214005252
- "%System%\cmd.exe" /c ren "%Program Files%\ww2010cf\wmcHook64.dll" wmcHook64.1214005252
- "%System%\cmd.exe" /c ren "%Program Files%\ww2010cf\wmcMemmgr.dll" wmcMemmgr.1214005252
- "%System%\cmd.exe" /c ren "%Program Files%\ww2010cf\wmcMemmgr64.dll" wmcMemmgr64.1214005252
- "%System%\cmd.exe" /c move "%Program Files%\ww2010cf\*.1214005252" "%User Temp%\SMRCV7"
- netsh advfirewall firewall delete rule name="WinMasterServices Server_x64"
- netsh advfirewall firewall delete rule name="WinMasterServices Server x64"
- netsh advfirewall firewall delete rule name="WinMasterServices Server"
- netsh advfirewall firewall delete rule name="WinMasterServices Connect x64"
- netsh advfirewall firewall delete rule name="WinMasterServices Connect"
- netsh advfirewall firewall delete rule name="WinMasterServices Client"
- netsh advfirewall firewall delete rule name="WinMasterServices Client_x64"
- netsh advfirewall firewall delete rule name="WinMasterServices Client x64"
- netsh advfirewall firewall delete rule name="WinMasterServices V7 Server x64"
- netsh advfirewall firewall delete rule name="WinMasterServices V7 Server"
- netsh advfirewall firewall delete rule name="WinMasterServices V7 Client x64"
- netsh advfirewall firewall delete rule name="WinMasterServices V7 Client"
- netsh advfirewall firewall delete rule name="WinMasterRC Slave"
- netsh advfirewall firewall delete rule name="WinMasterFT Slave"
- netsh advfirewall firewall delete rule name="WinMasterRC Master"
- netsh advfirewall firewall delete rule name="WinMasterFT Master"
- netsh advfirewall firewall delete rule name="WinMasterRC Slave x64"
- netsh advfirewall firewall delete rule name="WinMasterFT Slave x64"
- netsh advfirewall firewall delete rule name="WinMasterRC Master x64"
- netsh advfirewall firewall delete rule name="WinMasterFT Master x64"
- netsh firewall delete allowedprogram program ="%Program Files%\WW2010CF\wmcFTMaster.exe"
- netsh firewall delete allowedprogram program ="%Program Files%\WW2010CF\wmcRCMaster.exe"
- netsh firewall delete allowedprogram program ="%Program Files%\WW2010CF\wmcFTSlave.exe"
(Nota: %System Root% es la carpeta raíz, normalmente C:\. También es la ubicación del sistema operativo).
. %User Temp% es la carpeta Temp del usuario activo, que en el caso de Windows 2000(32-bit), XP y Server 2003(32-bit) suele estar en C:\Documents and Settings\{nombre de usuario}\Local Settings\Temp y en el case de Windows Vista, 7, 8, 8.1, 2008(64-bit), 2012(64-bit) y 10(64-bit) en C:\Users\{nombre de usuario}\AppData\Local\Temp).. %Program Files% es la carpeta Archivos de programa predeterminada, que suele estar en C:\Archivos de programa).)Otras modificaciones del sistema
Agrega las siguientes entradas de registro:
HKEY_CURRENT_USER\Software\WinRAR SFX
c%%temp%temp = %System Root%\temp\temp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
services\USBSTOR
Start = 3
HKEY_CURRENT_USER\Software\Classes\
Local Settings\MuiCache\CF\
52C64B7E
LanguageList = \x00\x00
HKEY_CURRENT_USER\Software\Classes\
Local Settings\MuiCache\CF\
52C64B7E\@%SystemRoot%\system32
dhcpqec.dll,-100 = DHCP Quarantine Enforcement Client
HKEY_CURRENT_USER\Software\Classes\
Local Settings\MuiCache\CF\
52C64B7E\@%SystemRoot%\system32
dhcpqec.dll,-101 = Provides DHCP based enforcement for NAP
HKEY_CURRENT_USER\Software\Classes\
Local Settings\MuiCache\CF\
52C64B7E\@%SystemRoot%\system32
dhcpqec.dll,-103 = 1.0
HKEY_CURRENT_USER\Software\Classes\
Local Settings\MuiCache\CF\
52C64B7E\@%SystemRoot%\system32
dhcpqec.dll,-102 = Microsoft Corporation
HKEY_CURRENT_USER\Software\Classes\
Local Settings\MuiCache\CF\
52C64B7E\@%SystemRoot%\system32
napipsec.dll,-1 = IPsec Relying Party
HKEY_CURRENT_USER\Software\Classes\
Local Settings\MuiCache\CF\
52C64B7E\@%SystemRoot%\system32
napipsec.dll,-2 = Provides IPsec based enforcement for Network Access Protection
HKEY_CURRENT_USER\Software\Classes\
Local Settings\MuiCache\CF\
52C64B7E\@%SystemRoot%\system32
napipsec.dll,-4 = 1.0
HKEY_CURRENT_USER\Software\Classes\
Local Settings\MuiCache\CF\
52C64B7E\@%SystemRoot%\system32
napipsec.dll,-3 = Microsoft Corporation
HKEY_CURRENT_USER\Software\Classes\
Local Settings\MuiCache\CF\
52C64B7E\@%SystemRoot%\system32
tsgqec.dll,-100 = RD Gateway Quarantine Enforcement Client
HKEY_CURRENT_USER\Software\Classes\
Local Settings\MuiCache\CF\
52C64B7E\@%SystemRoot%\system32
tsgqec.dll,-101 = Provides RD Gateway enforcement for NAP
HKEY_CURRENT_USER\Software\Classes\
Local Settings\MuiCache\CF\
52C64B7E\@%SystemRoot%\system32
tsgqec.dll,-102 = 1.0
HKEY_CURRENT_USER\Software\Classes\
Local Settings\MuiCache\CF\
52C64B7E\@%SystemRoot%\system32
tsgqec.dll,-103 = Microsoft Corporation
HKEY_CURRENT_USER\Software\Classes\
Local Settings\MuiCache\CF\
52C64B7E\@%SystemRoot%\system32
eapqec.dll,-100 = EAP Quarantine Enforcement Client
HKEY_CURRENT_USER\Software\Classes\
Local Settings\MuiCache\CF\
52C64B7E\@%SystemRoot%\system32
eapqec.dll,-101 = Provides Network Access Protection enforcement for EAP authenticated network connections, such as those used with 802.1X and VPN technologies.
HKEY_CURRENT_USER\Software\Classes\
Local Settings\MuiCache\CF\
52C64B7E\@%SystemRoot%\system32
eapqec.dll,-102 = 1.0
HKEY_CURRENT_USER\Software\Classes\
Local Settings\MuiCache\CF\
52C64B7E\@%SystemRoot%\system32
eapqec.dll,-103 = Microsoft Corporation
Soluzioni
Step 1
Los usuarios de Windows ME y XP, antes de llevar a cabo cualquier exploración, deben comprobar que tienen desactivada la opción Restaurar sistema para permitir la exploración completa del equipo.
Step 2
Note that not all files, folders, and registry keys and entries are installed on your computer during this malware's/spyware's/grayware's execution. This may be due to incomplete installation or other operating system conditions. If you do not find the same files/folders/registry information, please proceed to the next step.
Step 3
Eliminar este valor del Registro
Importante: si modifica el Registro de Windows incorrectamente, podría hacer que el sistema funcione mal de manera irreversible. Lleve a cabo este paso solo si sabe cómo hacerlo o si puede contar con ayuda de su administrador del sistema. De lo contrario, lea este artículo de Microsoft antes de modificar el Registro del equipo.
- In HKEY_CURRENT_USER\Software\WinRAR SFX
- c%%temp%temp=%System Root%\temp\temp
- c%%temp%temp=%System Root%\temp\temp
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\USBSTOR
- Start=3
- Start=3
- In HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\CF\52C64B7E
- LanguageList=\x00\x00
- LanguageList=\x00\x00
- In HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\CF\52C64B7E\@%SystemRoot%\system32
- dhcpqec.dll,-100=DHCP Quarantine Enforcement Client
- dhcpqec.dll,-100=DHCP Quarantine Enforcement Client
- In HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\CF\52C64B7E\@%SystemRoot%\system32
- dhcpqec.dll,-101=Provides DHCP based enforcement for NAP
- dhcpqec.dll,-101=Provides DHCP based enforcement for NAP
- In HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\CF\52C64B7E\@%SystemRoot%\system32
- dhcpqec.dll,-103=1.0
- dhcpqec.dll,-103=1.0
- In HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\CF\52C64B7E\@%SystemRoot%\system32
- dhcpqec.dll,-102=Microsoft Corporation
- dhcpqec.dll,-102=Microsoft Corporation
- In HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\CF\52C64B7E\@%SystemRoot%\system32
- napipsec.dll,-1=IPsec Relying Party
- napipsec.dll,-1=IPsec Relying Party
- In HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\CF\52C64B7E\@%SystemRoot%\system32
- napipsec.dll,-2=Provides IPsec based enforcement for Network Access Protection
- napipsec.dll,-2=Provides IPsec based enforcement for Network Access Protection
- In HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\CF\52C64B7E\@%SystemRoot%\system32
- napipsec.dll,-4=1.0
- napipsec.dll,-4=1.0
- In HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\CF\52C64B7E\@%SystemRoot%\system32
- napipsec.dll,-3=Microsoft Corporation
- napipsec.dll,-3=Microsoft Corporation
- In HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\CF\52C64B7E\@%SystemRoot%\system32
- tsgqec.dll,-100=RD Gateway Quarantine Enforcement Client
- tsgqec.dll,-100=RD Gateway Quarantine Enforcement Client
- In HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\CF\52C64B7E\@%SystemRoot%\system32
- tsgqec.dll,-101=Provides RD Gateway enforcement for NAP
- tsgqec.dll,-101=Provides RD Gateway enforcement for NAP
- In HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\CF\52C64B7E\@%SystemRoot%\system32
- tsgqec.dll,-102=1.0
- tsgqec.dll,-102=1.0
- In HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\CF\52C64B7E\@%SystemRoot%\system32
- tsgqec.dll,-103=Microsoft Corporation
- tsgqec.dll,-103=Microsoft Corporation
- In HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\CF\52C64B7E\@%SystemRoot%\system32
- eapqec.dll,-100=EAP Quarantine Enforcement Client
- eapqec.dll,-100=EAP Quarantine Enforcement Client
- In HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\CF\52C64B7E\@%SystemRoot%\system32
- eapqec.dll,-101=Provides Network Access Protection enforcement for EAP authenticated network connections, such as those used with 802.1X and VPN technologies.
- eapqec.dll,-101=Provides Network Access Protection enforcement for EAP authenticated network connections, such as those used with 802.1X and VPN technologies.
- In HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\CF\52C64B7E\@%SystemRoot%\system32
- eapqec.dll,-102=1.0
- eapqec.dll,-102=1.0
- In HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\CF\52C64B7E\@%SystemRoot%\system32
- eapqec.dll,-103=Microsoft Corporation
- eapqec.dll,-103=Microsoft Corporation
Step 4
Buscar y eliminar este archivo
- %System Root%\temp\temp\_tmp_rar_sfx_access_check_3987229
- %System Root%\temp\temp\FoxSDKU32w.dll
- %System Root%\temp\temp\HuCheck5.exe
- %System Root%\temp\temp\install.dat
- %System Root%\temp\temp\ManualUpdate2015.exe
- %System Root%\temp\temp\PCInfo.exe
- %System Root%\temp\temp\Policy\system\ReplySystem.opt
- %System Root%\temp\temp\Presto.agn
- %System Root%\temp\temp\rms.dll
- %System Root%\temp\temp\RunManualUpdate2015.exe
- %System Root%\temp\temp\ScheduleTask.exe
- %System Root%\temp\temp\sensetup.exe
- %System Root%\temp\temp\ServerSchTask.dat
- %System Root%\temp\temp\smrf.cat.208
- %System Root%\temp\temp\smrf.cat.208_x64
- %System Root%\temp\temp\smrf.cat.212R2_x64
- %System Root%\temp\temp\smrf.cat.212_x64
- %System Root%\temp\temp\smrf.cat.vis
- %System Root%\temp\temp\smrf.cat.w7
- %System Root%\temp\temp\Smrf.cat.w7_x64
- %System Root%\temp\temp\smrf.cat.w8
- %System Root%\temp\temp\smrf.cat.w81
- %System Root%\temp\temp\smrf.cat.w81_x64
- %System Root%\temp\temp\smrf.cat.w8_x64
- %System Root%\temp\temp\Smrf.inf.208
- %System Root%\temp\temp\smrf.inf.208_x64
- %System Root%\temp\temp\smrf.inf.212R2_x64
- %System Root%\temp\temp\smrf.inf.212_x64
- %System Root%\temp\temp\Smrf.inf.vis
- %System Root%\temp\temp\Smrf.inf.w23
- %System Root%\temp\temp\Smrf.inf.w7
- %System Root%\temp\temp\Smrf.inf.w7_x64
- %System Root%\temp\temp\smrf.inf.w8
- %System Root%\temp\temp\smrf.inf.w81
- %System Root%\temp\temp\smrf.inf.w81_x64
- %System Root%\temp\temp\Smrf.inf.wxp
- %System Root%\temp\temp\Smrf.sys.208
- %System Root%\temp\temp\smrf.sys.208_x64
- %System Root%\temp\temp\smrf.sys.212R2_x64
- %System Root%\temp\temp\smrf.sys.212_x64
- %System Root%\temp\temp\Smrf.sys.vis
- %System Root%\temp\temp\Smrf.sys.w23
- %System Root%\temp\temp\Smrf.sys.w7
- %System Root%\temp\temp\Smrf.sys.w7_x64
- %System Root%\temp\temp\smrf.sys.w8
- %System Root%\temp\temp\smrf.sys.w81
- %System Root%\temp\temp\smrf.sys.w81_x64
- %System Root%\temp\temp\smrf.sys.w8_x64
- %System Root%\temp\temp\Smrf.sys.wxp
- %System Root%\temp\temp\winet.ln_
- %System Root%\temp\temp\WinNetDaily.dll
- %System Root%\temp\temp\wmcDataBurner.exe
- %System Root%\temp\temp\wmcEncryption.exe
- %System Root%\temp\temp\wmcFTSlave.exe
- %System Root%\temp\temp\wmcHook.dll
- %System Root%\temp\temp\wmcHook64dll
- %System Root%\temp\temp\wmcMemmgr.dll
- %System Root%\temp\temp\wmcMemmgr64.dll
- %System Root%\temp\temp\wmcProc.exe
- %System Root%\temp\temp\wmcRCSlave.exe
- %System Root%\temp\temp\wmcRMS.exe
- %System Root%\temp\temp\wmcService.exe
- %System Root%\temp\temp\wmcService64.exe
- %System Root%\temp\temp\wmc5ystem.exe
- %System Root%\temp\temp\wmcSystem64.exe
- %System Root%\temp\temp\wmcUser.exe
- %System Root%\temp\temp\XceedCry.dll
- %System Root%\temp\wwnew.ver
- %System Root%\Windows\debug\SMR\ManualUpdate2015{_systemdate}.log
- %AppData%\Local\Temp\autBE3.tmp
- %AppData%\Local\Temp\5f6d5g9gg5er9g3h5uj4e6sjh6u22i4t6\wmcrms.exe
- %User Temp%\SMR\hodll.1214005016
- %User Temp%\SMR\Hook1.1214005016
- %User Temp%\SMR\Hook2.1214005016
- %User Temp%\SMR\wmLookProc.1214005016
- %User Temp%\SMR\wmTakeHttp.1214005016
- %User Temp%\SMR\wmTakeIM.1214005016
- %User Temp%\SMR\wmLookProc64.1214005016
- %User Temp%\SMR\WaterMark.1214005016
- %User Temp%\SMR\wmcHook.1214005016
- %User Temp%\SMR\wmcHook64.1214005016
- %User Temp%\SMR\wmcMemmgr.1214005016
- %User Temp%\SMR\wmcMemmgr64.1214005016
- %User Temp%\SMR\wmcInvenLib.1214005016
Step 5
Buscar y eliminar estas carpetas
- %System Root%\temp
- %System Root%\temp\temp
- %System Root%\temp\temp\Policy
- %System Root%\temp\temp\Policy\System
- %User Temp%\5f6d5g9gg5er9g3h5uj4e6sjh6u22i4t6
- %Windows%\debug\SMR
- %Windows%\debug\SMR\RMSLog
- %User Temp%\SMR
- %User Temp%\SMRCV7
Step 6
Explorar el equipo con su producto de Trend Micro para eliminar los archivos detectados como PUA.Win32.WinMaster.A En caso de que el producto de Trend Micro ya haya limpiado, eliminado o puesto en cuarentena los archivos detectados, no serán necesarios más pasos. Puede optar simplemente por eliminar los archivos en cuarentena. Consulte esta página de Base de conocimientos para obtener más información.
Sondaggio