WORM_DELF.IFV
TrojanDownloader:Win32/Small.QE (Microsoft); W32/Webbew.worm (McAfee); W32.Dotex (Symantec); PAK:ASPack, Trojan-Downloader.Win32.Agent.jmd (Kaspersky); BehavesLike.Win32.Malware.tsc (mx-v) (Sunbelt); Win32.Worm.Delf.NFZ (FSecure)
Windows 2000, Windows XP, Windows Server 2003
Tipo di minaccia informatica:
Worm
Distruttivo?:
No
Crittografato?:
In the wild::
Sì
Panoramica e descrizione
Elimina archivos para impedir la ejecución correcta de programas y aplicaciones.
Dettagli tecnici
Instalación
Crea las siguientes copias de sí mismo en el sistema afectado:
- %Program Files%\Common Files\System\unqiisl.exe
- %Program Files%\Common Files\Microsoft Shared\mwbmctu.exe
(Nota: %Program Files% es la carpeta Archivos de programa predeterminada, que suele estar en C:\Archivos de programa).
)Otras modificaciones del sistema
Elimina los archivos siguientes:
- %Program Files%\DLD.DAT
- %Program Files%\1.hiv
- %Program Files%\2.hiv
- %Program Files%\3.hiv
- %Program Files%\4.hiv
- %Program Files%\2B1.exe
- %Program Files%\3C2.exe
- %Program Files%\4D3.exe
- %Program Files%\5E4.exe
- %Program Files%\6F5.exe
- %Program Files%\7G6.exe
- %Program Files%\8Hxz.exe
- %Program Files%\9I
- %Program Files%\10J
- %Temp%\scs1.tmp
- %Temp%\scs2.tmp
(Nota: %Program Files% es la carpeta Archivos de programa predeterminada, que suele estar en C:\Archivos de programa).
. %Temp% es la carpeta de archivos temporales de Windows, que suele estar en C:\Windows\Temp o C:\WINNT\Temp).)Agrega las siguientes entradas de registro como parte de la rutina de instalación:
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
Ras.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
avp.com
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
avp.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
runiep.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
PFW.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
FYFireWall.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
rfwmain.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
rfwsrv.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KAVPF.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KPFW32.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
nod32kui.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
nod32.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
Navapsvc.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
Navapw32.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
avconsol.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
webscanx.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
NPFMntor.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
vsstat.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KPfwSvc.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
RavTask.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
Rav.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
RavMon.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
mmsk.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
WoptiClean.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
QQKav.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
QQDoctor.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
EGHOST.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
360Safe.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
iparmo.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
adam.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
IceSword.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
360rpt.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
360tray.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
AgentSvr.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
AppSvc32.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
autoruns.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
avgrssvc.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
AvMonitor.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
CCenter.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
ccSvcHst.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
FileDsty.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
FTCleanerShell.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
HijackThis.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
Iparmor.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
isPwdSvc.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
kabaload.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KaScrScn.SCR
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KASMain.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KASTask.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KAV32.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KAVDX.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KAVPFW.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KAVSetup.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KAVStart.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KISLnchr.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KMailMon.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KMFilter.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KPFW32X.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KRegEx.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KRepair.com
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KsLoader.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KVCenter.kxp
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KvDetect.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KvfwMcl.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KVMonXP.kxp
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KVMonXP_1.kxp
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
kvol.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
kvolself.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KvReport.kxp
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KVScan.kxp
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KVSrvXP.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KVStub.kxp
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
kvupload.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
kvwsc.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KvXP.kxp
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KvXP_1.kxp
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KWatch.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KWatch9x.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KWatchX.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
loaddll.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
MagicSet.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
mcconsol.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
mmqczj.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
nod32krn.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
PFWLiveUpdate.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
QHSET.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
RavMonD.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
RavStub.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
RegClean.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
rfwcfg.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
RsAgent.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
Rsaupd.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
safelive.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
scan32.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
shcfg32.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
SmartUp.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
SREng.EXE
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
symlcsvc.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
SysSafe.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
TrojanDetector.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
Trojanwall.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
TrojDie.kxp
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
UIHost.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
UmxAgent.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
UmxAttachment.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
UmxCfg.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
UmxFwHlp.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
UmxPol.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
UpLive.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
upiea.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
AST.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
ArSwp.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
USBCleaner.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
rstrui.exe
HKEY_CURRENT_USER\Software\mjonht
HKEY_CURRENT_USER\Software\ovwbji
HKEY_CURRENT_USER\Software\nurhnb
HKEY_CURRENT_USER\Software\wtsbjv
HKEY_CURRENT_USER\Software\qvorbg
HKEY_CURRENT_USER\Software\jxlhsq
HKEY_CURRENT_USER\Software\qhtbtj
HKEY_CURRENT_USER\Software\wdenck
HKEY_CURRENT_USER\Software\qfbetu
HKEY_CURRENT_USER\Software\khwtle
HKEY_CURRENT_USER\Software\efclmf
HKEY_CURRENT_USER\Software\xiycep
HKEY_CURRENT_USER\Software\rkvrvy
HKEY_CURRENT_USER\Software\kmrinj
HKEY_CURRENT_USER\Software\epoxft
HKEY_CURRENT_USER\Software\xrkowd
HKEY_CURRENT_USER\Software\rtheon
HKEY_CURRENT_USER\Software\kveugw
HKEY_CURRENT_USER\Software\qxbsqr
HKEY_CURRENT_USER\Software\ywfcai
HKEY_CURRENT_USER\Software\rycsqs
HKEY_CURRENT_USER\Software\lbxiic
HKEY_CURRENT_USER\Software\fduyam
HKEY_CURRENT_USER\Software\ygrorv
HKEY_CURRENT_USER\Software\fpaitp
HKEY_CURRENT_USER\Software\lkkubq
HKEY_CURRENT_USER\Software\emjbfv
HKEY_CURRENT_USER\Software\ylmdub
HKEY_CURRENT_USER\Software\snitml
HKEY_CURRENT_USER\Software\mpfjeu
HKEY_CURRENT_USER\Software\grbauf
HKEY_CURRENT_USER\Software\yuxpmp
HKEY_CURRENT_USER\Software\swugey
HKEY_CURRENT_USER\Software\myqvvj
HKEY_CURRENT_USER\Software\gwvnxk
HKEY_CURRENT_USER\Software\aasept
HKEY_CURRENT_USER\Software\tcothe
HKEY_CURRENT_USER\Software\nelkyo
HKEY_CURRENT_USER\Software\ggiaqx
HKEY_CURRENT_USER\Software\ajeqhi
HKEY_CURRENT_USER\Software\tlbgys
HKEY_CURRENT_USER\Software\nnwwqc
HKEY_CURRENT_USER\Software\hlcosd
HKEY_CURRENT_USER\Software\boyekn
HKEY_CURRENT_USER\Software\gybbjt
Agrega las siguientes entradas de registro:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
Ras.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
avp.com
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
avp.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
runiep.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
PFW.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
FYFireWall.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
rfwmain.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
rfwsrv.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KAVPF.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KPFW32.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
nod32kui.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
nod32.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
Navapsvc.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
Navapw32.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
avconsol.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
webscanx.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
NPFMntor.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
vsstat.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KPfwSvc.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
RavTask.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
Rav.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
RavMon.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
mmsk.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
WoptiClean.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
QQKav.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
QQDoctor.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
EGHOST.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
360Safe.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
iparmo.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
adam.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
IceSword.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
360rpt.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
360tray.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
AgentSvr.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
AppSvc32.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
autoruns.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
avgrssvc.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
AvMonitor.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
CCenter.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
ccSvcHst.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
FileDsty.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
FTCleanerShell.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
HijackThis.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
Iparmor.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
isPwdSvc.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
kabaload.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KaScrScn.SCR
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KASMain.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KASTask.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KAV32.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KAVDX.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KAVPFW.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KAVSetup.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KAVStart.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KISLnchr.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KMailMon.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KMFilter.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KPFW32X.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KRegEx.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KRepair.com
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KsLoader.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KVCenter.kxp
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KvDetect.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KvfwMcl.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KVMonXP.kxp
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KVMonXP_1.kxp
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
kvol.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
kvolself.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KvReport.kxp
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KVScan.kxp
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KVSrvXP.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KVStub.kxp
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
kvupload.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
kvwsc.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KvXP.kxp
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KvXP_1.kxp
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KWatch.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KWatch9x.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KWatchX.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
loaddll.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
MagicSet.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
mcconsol.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
mmqczj.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
nod32krn.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
PFWLiveUpdate.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
QHSET.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
RavMonD.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
RavStub.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
RegClean.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
rfwcfg.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
RsAgent.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
Rsaupd.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
safelive.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
scan32.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
shcfg32.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
SmartUp.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
SREng.EXE
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
symlcsvc.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
SysSafe.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
TrojanDetector.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
Trojanwall.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
TrojDie.kxp
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
UIHost.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
UmxAgent.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
UmxAttachment.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
UmxCfg.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
UmxFwHlp.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
UmxPol.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
UpLive.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
upiea.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
AST.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
ArSwp.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
USBCleaner.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
rstrui.exe
Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
HKEY_CURRENT_USER\Software\mjonht
hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
HKEY_CURRENT_USER\Software\ovwbji
hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
HKEY_CURRENT_USER\Software\nurhnb
hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
HKEY_CURRENT_USER\Software\wtsbjv
hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
HKEY_CURRENT_USER\Software\qvorbg
hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
HKEY_CURRENT_USER\Software\jxlhsq
hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
HKEY_CURRENT_USER\Software\qhtbtj
hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
HKEY_CURRENT_USER\Software\wdenck
hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
HKEY_CURRENT_USER\Software\qfbetu
hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
HKEY_CURRENT_USER\Software\khwtle
hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
HKEY_CURRENT_USER\Software\efclmf
hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
HKEY_CURRENT_USER\Software\xiycep
hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
HKEY_CURRENT_USER\Software\rkvrvy
hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
HKEY_CURRENT_USER\Software\kmrinj
hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
HKEY_CURRENT_USER\Software\epoxft
hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
HKEY_CURRENT_USER\Software\xrkowd
hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
HKEY_CURRENT_USER\Software\rtheon
hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
HKEY_CURRENT_USER\Software\kveugw
hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
HKEY_CURRENT_USER\Software\qxbsqr
hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
HKEY_CURRENT_USER\Software\ywfcai
hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
HKEY_CURRENT_USER\Software\rycsqs
hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
HKEY_CURRENT_USER\Software\lbxiic
hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
HKEY_CURRENT_USER\Software\fduyam
hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
HKEY_CURRENT_USER\Software\ygrorv
hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
HKEY_CURRENT_USER\Software\fpaitp
hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
HKEY_CURRENT_USER\Software\lkkubq
hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
HKEY_CURRENT_USER\Software\emjbfv
hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
HKEY_CURRENT_USER\Software\ylmdub
hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
HKEY_CURRENT_USER\Software\snitml
hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
HKEY_CURRENT_USER\Software\mpfjeu
hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
HKEY_CURRENT_USER\Software\grbauf
hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
HKEY_CURRENT_USER\Software\yuxpmp
hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
HKEY_CURRENT_USER\Software\swugey
hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
HKEY_CURRENT_USER\Software\myqvvj
hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
HKEY_CURRENT_USER\Software\gwvnxk
hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
HKEY_CURRENT_USER\Software\aasept
hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
HKEY_CURRENT_USER\Software\tcothe
hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
HKEY_CURRENT_USER\Software\nelkyo
hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
HKEY_CURRENT_USER\Software\ggiaqx
hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
HKEY_CURRENT_USER\Software\ajeqhi
hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
HKEY_CURRENT_USER\Software\tlbgys
hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
HKEY_CURRENT_USER\Software\nnwwqc
hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
HKEY_CURRENT_USER\Software\hlcosd
hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
HKEY_CURRENT_USER\Software\boyekn
hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
HKEY_CURRENT_USER\Software\gybbjt
iovqgfe = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
Modifica las siguientes entradas de registro:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\SharedAccess
Start = "4"
(Note: The default value data of the said registry entry is 2.)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\helpsvc
Start = "4"
(Note: The default value data of the said registry entry is 2.)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\
Advanced\Folder\Hidden\
SHOWALL
CheckedValue = "0"
(Note: The default value data of the said registry entry is 1.)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\wscsvc
Start = "4"
(Note: The default value data of the said registry entry is 2.)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\wuauserv
Start = "4"
(Note: The default value data of the said registry entry is 2.)
Elimina las siguientes claves de registro:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
unqiisl.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
mwbmctu.exe
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
{4D36E967-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
{4D36E967-E325-11CE-BFC1-08002BE10318}
Rutina de infiltración
Infiltra los archivos siguientes:
- %Program Files%\aurn.inf
- %Program Files%\1A2pk.exe
- %Program Files%\hgrgfkj.inf
- %Program Files%\meex.exe
- %System%\sexit.dat
(Nota: %Program Files% es la carpeta Archivos de programa predeterminada, que suele estar en C:\Archivos de programa).
. %System% es la carpeta del sistema de Windows, que en el caso de Windows 98 y ME suele estar en C:\Windows\System, en el caso de Windows NT y 2000 en C:\WINNT\System32 y en el caso de Windows XP y Server 2003 en C:\Windows\System32).)
Soluzioni
Step 1
Los usuarios de Windows ME y XP, antes de llevar a cabo cualquier exploración, deben comprobar que tienen desactivada la opción Restaurar sistema para permitir la exploración completa del equipo.
Step 2
Eliminar esta clave del Registro
Importante: si modifica el Registro de Windows incorrectamente, podría hacer que el sistema funcione mal de manera irreversible. Lleve a cabo este paso solo si sabe cómo hacerlo o si puede contar con ayuda de su administrador del sistema. De lo contrario, lea este artículo de Microsoft antes de modificar el Registro del equipo.
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- Ras.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- avp.com
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- avp.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- runiep.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- PFW.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- FYFireWall.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- rfwmain.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- rfwsrv.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- KAVPF.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- KPFW32.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- nod32kui.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- nod32.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- Navapsvc.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- Navapw32.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- avconsol.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- webscanx.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- NPFMntor.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- vsstat.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- KPfwSvc.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- RavTask.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- Rav.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- RavMon.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- mmsk.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- WoptiClean.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- QQKav.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- QQDoctor.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- EGHOST.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- 360Safe.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- iparmo.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- adam.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- IceSword.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- 360rpt.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- 360tray.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- AgentSvr.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- AppSvc32.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- autoruns.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- avgrssvc.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- AvMonitor.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- CCenter.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- ccSvcHst.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- FileDsty.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- FTCleanerShell.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- HijackThis.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- Iparmor.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- isPwdSvc.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- kabaload.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- KaScrScn.SCR
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- KASMain.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- KASTask.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- KAV32.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- KAVDX.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- KAVPFW.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- KAVSetup.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- KAVStart.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- KISLnchr.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- KMailMon.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- KMFilter.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- KPFW32X.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- KRegEx.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- KRepair.com
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- KsLoader.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- KVCenter.kxp
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- KvDetect.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- KvfwMcl.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- KVMonXP.kxp
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- KVMonXP_1.kxp
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- kvol.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- kvolself.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- KvReport.kxp
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- KVScan.kxp
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- KVSrvXP.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- KVStub.kxp
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- kvupload.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- kvwsc.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- KvXP.kxp
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- KvXP_1.kxp
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- KWatch.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- KWatch9x.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- KWatchX.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- loaddll.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- MagicSet.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- mcconsol.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- mmqczj.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- nod32krn.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- PFWLiveUpdate.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- QHSET.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- RavMonD.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- RavStub.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- RegClean.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- rfwcfg.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- RsAgent.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- Rsaupd.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- safelive.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- scan32.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- shcfg32.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- SmartUp.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- SREng.EXE
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- symlcsvc.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- SysSafe.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- TrojanDetector.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- Trojanwall.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- TrojDie.kxp
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- UIHost.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- UmxAgent.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- UmxAttachment.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- UmxCfg.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- UmxFwHlp.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- UmxPol.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- UpLive.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- upiea.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- AST.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- ArSwp.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- USBCleaner.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- rstrui.exe
- In HKEY_CURRENT_USER\Software
- mjonht
- In HKEY_CURRENT_USER\Software
- ovwbji
- In HKEY_CURRENT_USER\Software
- nurhnb
- In HKEY_CURRENT_USER\Software
- wtsbjv
- In HKEY_CURRENT_USER\Software
- qvorbg
- In HKEY_CURRENT_USER\Software
- jxlhsq
- In HKEY_CURRENT_USER\Software
- qhtbtj
- In HKEY_CURRENT_USER\Software
- wdenck
- In HKEY_CURRENT_USER\Software
- qfbetu
- In HKEY_CURRENT_USER\Software
- khwtle
- In HKEY_CURRENT_USER\Software
- efclmf
- In HKEY_CURRENT_USER\Software
- xiycep
- In HKEY_CURRENT_USER\Software
- rkvrvy
- In HKEY_CURRENT_USER\Software
- kmrinj
- In HKEY_CURRENT_USER\Software
- epoxft
- In HKEY_CURRENT_USER\Software
- xrkowd
- In HKEY_CURRENT_USER\Software
- rtheon
- In HKEY_CURRENT_USER\Software
- kveugw
- In HKEY_CURRENT_USER\Software
- qxbsqr
- In HKEY_CURRENT_USER\Software
- ywfcai
- In HKEY_CURRENT_USER\Software
- rycsqs
- In HKEY_CURRENT_USER\Software
- lbxiic
- In HKEY_CURRENT_USER\Software
- fduyam
- In HKEY_CURRENT_USER\Software
- ygrorv
- In HKEY_CURRENT_USER\Software
- fpaitp
- In HKEY_CURRENT_USER\Software
- lkkubq
- In HKEY_CURRENT_USER\Software
- emjbfv
- In HKEY_CURRENT_USER\Software
- ylmdub
- In HKEY_CURRENT_USER\Software
- snitml
- In HKEY_CURRENT_USER\Software
- mpfjeu
- In HKEY_CURRENT_USER\Software
- grbauf
- In HKEY_CURRENT_USER\Software
- yuxpmp
- In HKEY_CURRENT_USER\Software
- swugey
- In HKEY_CURRENT_USER\Software
- myqvvj
- In HKEY_CURRENT_USER\Software
- gwvnxk
- In HKEY_CURRENT_USER\Software
- aasept
- In HKEY_CURRENT_USER\Software
- tcothe
- In HKEY_CURRENT_USER\Software
- nelkyo
- In HKEY_CURRENT_USER\Software
- ggiaqx
- In HKEY_CURRENT_USER\Software
- ajeqhi
- In HKEY_CURRENT_USER\Software
- tlbgys
- In HKEY_CURRENT_USER\Software
- nnwwqc
- In HKEY_CURRENT_USER\Software
- hlcosd
- In HKEY_CURRENT_USER\Software
- boyekn
- In HKEY_CURRENT_USER\Software
- gybbjt
Step 3
Eliminar este valor del Registro
Importante: si modifica el Registro de Windows incorrectamente, podría hacer que el sistema funcione mal de manera irreversible. Lleve a cabo este paso solo si sabe cómo hacerlo o si puede contar con ayuda de su administrador del sistema. De lo contrario, lea este artículo de Microsoft antes de modificar el Registro del equipo.
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ras.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FYFireWall.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwmain.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPF.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscanx.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPFMntor.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsstat.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPfwSvc.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMon.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmsk.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WoptiClean.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQKav.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctor.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EGHOST.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmo.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adam.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvr.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppSvc32.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FileDsty.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FTCleanerShell.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isPwdSvc.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kabaload.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KaScrScn.SCR
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVSetup.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KISLnchr.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMailMon.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMFilter.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRepair.com
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KsLoader.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVCenter.kxp
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvDetect.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvfwMcl.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP_1.kxp
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvol.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvolself.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvReport.kxp
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVScan.kxp
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVStub.kxp
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvupload.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvwsc.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP.kxp
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP_1.kxp
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch9x.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatchX.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\loaddll.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MagicSet.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcconsol.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmqczj.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFWLiveUpdate.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QHSET.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonD.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegClean.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwcfg.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgent.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rsaupd.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safelive.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shcfg32.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SmartUp.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREng.EXE
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SysSafe.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojanDetector.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trojanwall.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.kxp
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UIHost.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAgent.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAttachment.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxCfg.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxFwHlp.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxPol.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UpLive.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upiea.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AST.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArSwp.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\USBCleaner.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe
- Debugger = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
- In HKEY_CURRENT_USER\Software\mjonht
- hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
- In HKEY_CURRENT_USER\Software\ovwbji
- hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
- In HKEY_CURRENT_USER\Software\nurhnb
- hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
- In HKEY_CURRENT_USER\Software\wtsbjv
- hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
- In HKEY_CURRENT_USER\Software\qvorbg
- hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
- In HKEY_CURRENT_USER\Software\jxlhsq
- hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
- In HKEY_CURRENT_USER\Software\qhtbtj
- hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
- In HKEY_CURRENT_USER\Software\wdenck
- hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
- In HKEY_CURRENT_USER\Software\qfbetu
- hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
- In HKEY_CURRENT_USER\Software\khwtle
- hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
- In HKEY_CURRENT_USER\Software\efclmf
- hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
- In HKEY_CURRENT_USER\Software\xiycep
- hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
- In HKEY_CURRENT_USER\Software\rkvrvy
- hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
- In HKEY_CURRENT_USER\Software\kmrinj
- hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
- In HKEY_CURRENT_USER\Software\epoxft
- hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
- In HKEY_CURRENT_USER\Software\xrkowd
- hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
- In HKEY_CURRENT_USER\Software\rtheon
- hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
- In HKEY_CURRENT_USER\Software\kveugw
- hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
- In HKEY_CURRENT_USER\Software\qxbsqr
- hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
- In HKEY_CURRENT_USER\Software\ywfcai
- hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
- In HKEY_CURRENT_USER\Software\rycsqs
- hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
- In HKEY_CURRENT_USER\Software\lbxiic
- hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
- In HKEY_CURRENT_USER\Software\fduyam
- hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
- In HKEY_CURRENT_USER\Software\ygrorv
- hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
- In HKEY_CURRENT_USER\Software\fpaitp
- hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
- In HKEY_CURRENT_USER\Software\lkkubq
- hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
- In HKEY_CURRENT_USER\Software\emjbfv
- hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
- In HKEY_CURRENT_USER\Software\ylmdub
- hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
- In HKEY_CURRENT_USER\Software\snitml
- hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
- In HKEY_CURRENT_USER\Software\mpfjeu
- hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
- In HKEY_CURRENT_USER\Software\grbauf
- hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
- In HKEY_CURRENT_USER\Software\yuxpmp
- hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
- In HKEY_CURRENT_USER\Software\swugey
- hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
- In HKEY_CURRENT_USER\Software\myqvvj
- hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
- In HKEY_CURRENT_USER\Software\gwvnxk
- hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
- In HKEY_CURRENT_USER\Software\aasept
- hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
- In HKEY_CURRENT_USER\Software\tcothe
- hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
- In HKEY_CURRENT_USER\Software\nelkyo
- hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
- In HKEY_CURRENT_USER\Software\ggiaqx
- hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
- In HKEY_CURRENT_USER\Software\ajeqhi
- hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
- In HKEY_CURRENT_USER\Software\tlbgys
- hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
- In HKEY_CURRENT_USER\Software\nnwwqc
- hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
- In HKEY_CURRENT_USER\Software\hlcosd
- hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
- In HKEY_CURRENT_USER\Software\boyekn
- hgrgfkj = "%Program Files%\Common Files\System\unqiisl.exe"
- In HKEY_CURRENT_USER\Software\gybbjt
- iovqgfe = "%Program Files%\Common Files\Microsoft Shared\mwbmctu.exe"
Step 4
Restaurar este valor del Registro modificado
Importante: si modifica el Registro de Windows incorrectamente, podría hacer que el sistema funcione mal de manera irreversible. Lleve a cabo este paso solo si sabe cómo hacerlo o si puede contar con ayuda de su administrador del sistema. De lo contrario, lea este artículo de Microsoft antes de modificar el Registro del equipo.
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess
- From: Start = "4"
To: Start = ""2""
- From: Start = "4"
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\helpsvc
- From: Start = "4"
To: Start = ""2""
- From: Start = "4"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
- From: CheckedValue = "0"
To: CheckedValue = ""1""
- From: CheckedValue = "0"
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wscsvc
- From: Start = "4"
To: Start = ""2""
- From: Start = "4"
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv
- From: Start = "4"
To: Start = ""2""
- From: Start = "4"
Step 5
Buscar y eliminar estos archivos
- %Program Files%\aurn.inf
- %Program Files%\1A2pk.exe
- %Program Files%\hgrgfkj.inf
- %Program Files%\meex.exe
- %System%\sexit.dat
Step 6
Explorar el equipo con su producto de Trend Micro para eliminar los archivos detectados como WORM_DELF.IFV En caso de que el producto de Trend Micro ya haya limpiado, eliminado o puesto en cuarentena los archivos detectados, no serán necesarios más pasos. Puede optar simplemente por eliminar los archivos en cuarentena. Consulte esta página de Base de conocimientos para obtener más información.
Sondaggio