Adware.Win32.CONDUIT.B
HEUR:AdWare.Win32.Conduit.gen (KASPERSKY); Riskware/Conduit (FORTINET)
Windows
マルウェアタイプ:
アドウェア
破壊活動の有無:
なし
暗号化:
はい
感染報告の有無 :
はい
概要
アドウェアは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。 アドウェアは、ユーザの手動インストールにより、コンピュータに侵入します。
このファイルには、アドウェアが他のファイルをダウンロードするためにアクセスするURLが含まれています。 ただし、情報公開日現在、このWebサイトにはアクセスできません。
詳細
侵入方法
アドウェアは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。
アドウェアは、ユーザの手動インストールにより、コンピュータに侵入します。
インストール
アドウェアは、以下のフォルダを作成します。
- %User Temp%\{}\
- %User Temp%\{}\conduitengine\
- %User Temp%\{}\chrome\
- %User Temp%\{}\chrome\components\
- %User Temp%\{}\chrome\components\defaults\
- %User Temp%\{}\conduitengine\DualPackage\
- %User Temp%\{}\conduitengine\lib\
- %User Temp%\{}\conduitengine\META-INF\
- %User Temp%\{}\conduitengine\searchplugin\
- %User Temp%\{}\META-INF\
- %User Temp%\{}\toolbar\
- %User Temp%\{}\toolbar\chrome\
- %Program Files%\BrotherSoft_Extreme\
- %User Temp%\{}\toolbar\components\
- %User Temp%\{}\toolbar\defaults\
- %User Temp%\{}\toolbar\lib\
- %User Temp%\{}\toolbar\META-INF\
- %User Temp%\{}\toolbar\searchplugin\
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@{BLOCKED}t.com\
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@{BLOCKED}t.com\chrome\
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@{BLOCKED}t.com\components\
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@{BLOCKED}t.com\defaults\
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@{BLOCKED}t.com\DualPackage\
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@{BLOCKED}t.com\lib\
- %Program Files%\BrotherSoft_Extreme\
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@{BLOCKED}t.com\META-INF\
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@{BLOCKED}t.com\searchplugin\
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\chrome\
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\components\
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\defaults\
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\lib\
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\META-INF\
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\searchplugin\
- %Program Files%\ConduitEngine\
- %Program Files%\Conduit\Community Alerts\
他のシステム変更
アドウェアは、以下のレジストリ値を追加します。
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
BrotherSoft_Extreme Toolbar
DisplayName = “BrotherSoft_Extreme Toolbar”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
BrotherSoft_Extreme Toolbar
UninstallString = "%Program Files%\BrotherSoft_Extreme\UNWISE.EXE /U %Program Files%\BrotherSoft_Extreme\INSTALL.LOG "
HKEY_CURRENT_USER\Software\Microsoft\
Internet Explorer\Main
Use Search Asst = "no"
HKEY_CURRENT_USER\Software\Microsoft\
Internet Explorer\Main
Enable Browser Extensions = "yes"
HKEY_CURRENT_USER\Software\AppDataLow\
Software\BrotherSoft_Extreme\toolbar\
IE5
CabinetVisible = "FALSE"
HKEY_CURRENT_USER\Software\AppDataLow\
Software\BrotherSoft_Extreme\toolbar\
IE5
ExplorerVisible = "FALSE"
HKEY_CURRENT_USER\Software\AppDataLow\
Software\BrotherSoft_Extreme\toolbar\
IE5
FirstTime = "TRUE"
HKEY_CURRENT_USER\Software\AppDataLow\
Software\BrotherSoft_Extreme\toolbar\
IE5
Visible = "TRUE"
HKEY_CURRENT_USER\Software\AppDataLow\
Software\BrotherSoft_Extreme\toolbar\
settings
EnableSearchFromAdress = "TRUE"
HKEY_CURRENT_USER\Software\AppDataLow\
Software\BrotherSoft_Extreme\toolbar\
settings
FixPageNotFoundError = 1
HKEY_CURRENT_USER\Software\AppDataLow\
Software\BrotherSoft_Extreme\toolbar\
settings\LanguagePack
LanguagePackServerUrl = "http//translation.users.{BLOCKED}t.com/Translation.ashx"
HKEY_CURRENT_USER\Software\AppDataLow\
Software\BrotherSoft_Extreme\toolbar
SearchServerUrl = "http//search.{BLOCKED}t.com"
HKEY_CURRENT_USER\Software\AppDataLow\
Software\BrotherSoft_Extreme\toolbar
Server = "users.{BLOCKED}t.com"
HKEY_CURRENT_USER\Software\AppDataLow\
Software\BrotherSoft_Extreme\toolbar
ShouldPerformGroupByOS = "FALSE"
HKEY_CURRENT_USER\Software\AppDataLow\
Software\BrotherSoft_Extreme\toolbar
Write us link = "forrest@{BLOCKED}rsoft.com"
HKEY_CURRENT_USER\Software\AppDataLow\
Software\BrotherSoft_Extreme\toolbar\
settings
ShouldSendReferalCookie = "TRUE"
HKEY_CURRENT_USER\Software\AppDataLow\
Software\BrotherSoft_Extreme\toolbar\
settings
OpenSetupFinishPage = "FALSE"
HKEY_CURRENT_USER\Software\Microsoft\
Internet Explorer\URLSearchHooks
{51a86bb3-6602-4c85-92a5-130ee4864f13} = ""
HKEY_LOCAL_MACHINE\Software\Microsoft\
Internet Explorer\URLSearchHooks
{51a86bb3-6602-4c85-92a5-130ee4864f13} = ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
DisplayName = "BrotherSoft Extreme Customized Web Search"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\SearchScopes
DefaultScope = "{afdbddaa-5d3f-42ee-b79c-185a7020515b}"
HKEY_CURRENT_USER\Software\Microsoft\
Internet Explorer\SearchScopes
DefaultScope = "{afdbddaa-5d3f-42ee-b79c-185a7020515b}"
HKEY_CURRENT_USER\Software\Microsoft\
Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
DisplayName = "BrotherSoft Extreme Customized Web Search"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
URL = "http://search.{BLOCKED}t.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2776682"
HKEY_CURRENT_USER\Software\AppDataLow\
Software\BrotherSoft_Extreme\toolbar\
settings
SearchFromAdressUrl = "http://search.{BLOCKED}t.com/ResultsExt.aspx?ctid=CT2776682&q=MYSEARCHTERM"
HKEY_CURRENT_USER\Software\AppDataLow\
Software\BrotherSoft_Extreme\toolbar
GroupingServerURL = "http://grouping.services.{BLOCKED}t.com/"
HKEY_CURRENT_USER\Software\AppDataLow\
Software\BrotherSoft_Extreme\toolbar
UsageURL = "http://usage.users.{BLOCKED}t.com/UsersWebService.asmx/UsersRequests"
HKEY_CURRENT_USER\Software\AppDataLow\
Software\BrotherSoft_Extreme\toolbar
WebServerUrl = "http://BrotherSoftExtreme.{BLOCKED}lbar.com/"
HKEY_CURRENT_USER\Software\Microsoft\
Internet Explorer\Main
Start Page = "http://search.{BLOCKED}t.com?SearchSource=10&ctid=CT2776682"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Toolbar
{51a86bb3-6602-4c85-92a5-130ee4864f13} = "BrotherSoft_Extreme Toolbar"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\
Browser Helper Objects
(Default) = ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\
Browser Helper Objects\{51a86bb3-6602-4c85-92a5-130ee4864f13}
(Default) = ""
HKEY_LOCAL_MACHINE\SOFTWARE\BrotherSoft_Extreme\
Communicator
Url = "http://servicemap.{BLOCKED}rvices.com/Toolbar/"
HKEY_LOCAL_MACHINE\SOFTWARE\BrotherSoft_Extreme\
toolbar
ComId = "{51a86bb3-6602-4c85-92a5-130ee4864f13}"
HKEY_LOCAL_MACHINE\SOFTWARE\BrotherSoft_Extreme\
toolbar
DisplayName = "BrotherSoft Extreme"
HKEY_LOCAL_MACHINE\SOFTWARE\BrotherSoft_Extreme\
toolbar
DisplayTitle = "BrotherSoft_Extreme Toolbar"
HKEY_LOCAL_MACHINE\SOFTWARE\BrotherSoft_Extreme\
toolbar
GroupingEnabled = "FALSE"
HKEY_LOCAL_MACHINE\SOFTWARE\BrotherSoft_Extreme\
toolbar
InstallationId = "integrated_ct2776682.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\BrotherSoft_Extreme\
toolbar
InstallationType = "conduitintegration"
HKEY_LOCAL_MACHINE\SOFTWARE\BrotherSoft_Extreme\
toolbar
MultiCommunityEnabled = "FALSE"
HKEY_LOCAL_MACHINE\SOFTWARE\BrotherSoft_Extreme\
toolbar
Path = "%Program Files%\BrotherSoft_Extreme"
HKEY_LOCAL_MACHINE\SOFTWARE\BrotherSoft_Extreme\
toolbar
Server = "users.{BLOCKED}t.com"
HKEY_LOCAL_MACHINE\SOFTWARE\BrotherSoft_Extreme\
toolbar
ShouldPerformGroupByOS = "FALSE"
HKEY_LOCAL_MACHINE\SOFTWARE\BrotherSoft_Extreme\
toolbar
ShouldShowPersonalComponentDlg = "false"
HKEY_LOCAL_MACHINE\SOFTWARE\BrotherSoft_Extreme\
toolbar
SponsorId = "CT2776682"
HKEY_LOCAL_MACHINE\SOFTWARE\BrotherSoft_Extreme\
toolbar
ToolbarHelperFileName = "%Program Files%\BrotherSoft_Extreme\BrotherSoft_ExtremeToolbarHelper.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\
Platforms\{51a86bb3-6602-4c85-92a5-130ee4864f13}
Name = "BrotherSoft_Extreme"
HKEY_LOCAL_MACHINE\SOFTWARE\BrotherSoft_Extreme\
toolbar
PlatformType = "ConduitToolbar"
HKEY_LOCAL_MACHINE\SOFTWARE\BrotherSoft_Extreme\
toolbar
IsEngineHost = "TRUE"
HKEY_LOCAL_MACHINE\SOFTWARE\BrotherSoft_Extreme\
toolbar
AllowToUninstallFromEngine = "FALSE"
HKEY_LOCAL_MACHINE\SOFTWARE\BrotherSoft_Extreme\
toolbar
ForceEngineUninstall = "TRUE"
HKEY_LOCAL_MACHINE\SOFTWARE\BrotherSoft_Extreme\
toolbar
IphoneUpdateURL = ""
HKEY_LOCAL_MACHINE\SOFTWARE\BrotherSoft_Extreme\
toolbar
ShouldSendToolbarAge = "TRUE"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\MAIN
Enable Browser Extensions = "yes"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\MAIN
Use Search Asst = "no"
HKEY_LOCAL_MACHINE\SOFTWARE\conduitEngine\
toolbar
ShouldShowFirstTimeDlg = "FALSE"
HKEY_CURRENT_USER\Software\AppDataLow\
Software\conduitEngine\toolbar\
IE5
CabinetVisible = "FALSE"
HKEY_CURRENT_USER\Software\AppDataLow\
Software\conduitEngine\toolbar\
IE5
ExplorerVisible = "FALSE"
HKEY_CURRENT_USER\Software\AppDataLow\
Software\conduitEngine\toolbar\
IE5
FirstTime = "TRUE"
HKEY_CURRENT_USER\Software\AppDataLow\
Software\conduitEngine\toolbar\
IE5
Visible = "TRUE"
HKEY_CURRENT_USER\Software\AppDataLow\
Software\conduitEngine\toolbar\
Settings
EnableAppssAlerts = "TRUE"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Toolbar
{30F9B915-B755-4826-820B-08FBA6BD249D} = ""
HKEY_LOCAL_MACHINE\SOFTWARE\conduitEngine\
toolbar
Path = %Program Files%\ConduitEngine
HKEY_LOCAL_MACHINE\SOFTWARE\conduitEngine\
toolbar
ComId = "{30F9B915-B755-4826-820B-08FBA6BD249D}"
HKEY_LOCAL_MACHINE\SOFTWARE\conduitEngine\
toolbar
DisplayTitle = "Conduit Engine"
HKEY_LOCAL_MACHINE\SOFTWARE\conduitEngine\
toolbar
DisplayName = "Conduit Engine"
HKEY_LOCAL_MACHINE\SOFTWARE\conduitEngine\
toolbar\InstalledApps
(Default) = 0
HKEY_LOCAL_MACHINE\SOFTWARE\conduitEngine\
toolbar
ShouldShowFirstTimeDlg = "FALSE"
HKEY_LOCAL_MACHINE\SOFTWARE\conduitEngine\
toolbar
DefaultSettingsServiceURL = http://settings.engine.{BLOCKED}vices.com/?browser=EB_BROWSER_TYPE&lut=EB_LUT
HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\
Platforms\{30F9B915-B755-4826-820B-08FBA6BD249D}
Name = "conduitEngine"
HKEY_LOCAL_MACHINE\SOFTWARE\conduitEngine\
toolbar
PlatformType = "ConduitEngine"
HKEY_LOCAL_MACHINE\SOFTWARE\conduitEngine\
toolbar
SponsorId = "ConduitEngine"
HKEY_LOCAL_MACHINE\SOFTWARE\conduitEngine\
Communicator
Url = "http://servicemap.{BLOCKED}rvices.com/Toolbar/"
HKEY_LOCAL_MACHINE\SOFTWARE\conduitEngine\
toolbar
ShouldSendToolbarAge = "TRUE"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\MAIN
Enable Browser Extensions = "yes"
HKEY_LOCAL_MACHINE\SOFTWARE\conduitEngine\
toolbar
HostID = "{51a86bb3-6602-4c85-92a5-130ee4864f13}"
HKEY_LOCAL_MACHINE\SOFTWARE\conduitEngine\
toolbar
EngineHelperFileName = "%Program Files%\ConduitEngine\ConduitEngineHelper.exe"
HKEY_CURRENT_USER\Software\AppDataLow\
Software\conduitEngine\toolbar\
Log
LogLevelsString = ""
HKEY_CURRENT_USER\Software\AppDataLow\
Software\conduitEngine\toolbar\
Monitored
SHRINK_TOOLBAR = 0
HKEY_LOCAL_MACHINE\SOFTWARE\conduitEngine\
toolbar
version = "6.2.7.3"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
(Default) = "Conduit Engine"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\InprocServer32
(Default) = "%Program Files%\ConduitEngine\ConduitEngine.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\InprocServer32
ThreadingModel = "Apartment"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Toolbar
{30F9B915-B755-4826-820B-08FBA6BD249D} = "Conduit Engine"
HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\
Toolbars
Conduit Engine = "{30F9B915-B755-4826-820B-08FBA6BD249D}"
HKEY_CURRENT_USER\Software\AppDataLow\
Software\conduitEngine\toolbar\
IE5
ToolbarRunFirstTimeAfterInstall = "TRUE"
HKEY_CURRENT_USER\Software\AppDataLow\
Software\conduitEngine\toolbar\
Repository\conduit_ConduitEngine\Coordinator
ResetServiceMap = 1
HKEY_LOCAL_MACHINE\SOFTWARE\conduitEngine\
toolbar
VistaElevationComId = {78B26CB2-A6A2-4F0A-8727-9CA9E729BD71}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Low Rights\ElevationPolicy\
{78B26CB2-A6A2-4F0A-8727-9CA9E729BD71}
AppPath = %Program Files%\ConduitEngine
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Low Rights\ElevationPolicy\
{78B26CB2-A6A2-4F0A-8727-9CA9E729BD71}
AppName = "ConduitEngineHelper.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Low Rights\ElevationPolicy\
{78B26CB2-A6A2-4F0A-8727-9CA9E729BD71}
Policy = 3
HKEY_LOCAL_MACHINE\SOFTWARE\conduitEngine\
toolbar
EngineAPIComId = "{09E4F9FB-B09C-4C72-9486-4DEF7E6E1B65}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{09E4F9FB-B09C-4C72-9486-4DEF7E6E1B65}
(Default) = "Conduit Engine API Server"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{09E4F9FB-B09C-4C72-9486-4DEF7E6E1B65}\InprocServer32
(Default) = "%Program Files%\ConduitEngine\ConduitEngine.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{09E4F9FB-B09C-4C72-9486-4DEF7E6E1B65}\InprocServer32
ThreadingModel = "Apartment"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{09E4F9FB-B09C-4C72-9486-4DEF7E6E1B65}\ProgID
(Default) = "Conduit.Engine"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{09E4F9FB-B09C-4C72-9486-4DEF7E6E1B65}\VersionIndependentProgID
(Default) = "Conduit.Engine"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Conduit.Engine\CLSID
(Default) = "{09E4F9FB-B09C-4C72-9486-4DEF7E6E1B65}"
HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\
Platforms\{09E4F9FB-B09C-4C72-9486-4DEF7E6E1B65}
HostID = "{30F9B915-B755-4826-820B-08FBA6BD249D}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\
Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
(Default) = ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\
Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
NoExplorer = 1
HKEY_LOCAL_MACHINE\SOFTWARE\conduitEngine\
toolbar
UserID = "UN15875110723678932"
HKEY_CURRENT_USER\Software\AppDataLow\
Software\conduitEngine\toolbar
UserID = "UN15875110723678932"
HKEY_CURRENT_USER\Software\AppDataLow\
Toolbar\RegisteredSources
ConduitEngine = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
conduitEngine
DisplayName = "Conduit Engine"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
conduitEngine
UninstallString = "%Program Files%\ConduitEngine\ConduitEngineUninstall.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
conduitEngine
DisplayIcon = "%Program Files%\ConduitEngine\ConduitEngineUninstall.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
conduitEngine
DisplayVersion = 6.2.7.3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
conduitEngine
Publisher = Conduit Ltd.
HKEY_CURRENT_USER\Software\AppDataLow\
Software\conduitEngine\toolbar\
IE5
Visible = "TRUE"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
conduitEngine
Comments = ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
conduitEngine
Contact = ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
conduitEngine
DisplayIcon = %Program Files%\ConduitEngine\ConduitEngineUninstall.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
conduitEngine
DisplayName = "Conduit Engine"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
conduitEngine
DisplayVersion = ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
conduitEngine
HelpLink = ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
conduitEngine
Publisher = Conduit Ltd.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
conduitEngine
UninstallString = "%Program Files%\ConduitEngine\ConduitEngineUninstall.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
conduitEngine
URLInfoAbout = ""
HKEY_CURRENT_USER\Software\AppDataLow\
Software\BrotherSoft_Extreme\toolbar\
Log
LogLevelsString = ""
HKEY_CURRENT_USER\Software\AppDataLow\
Software\BrotherSoft_Extreme\toolbar
MultiCommunityEnabled = "FALSE"
HKEY_CURRENT_USER\Software\AppDataLow\
Software\BrotherSoft_Extreme\toolbar\
Monitored
MultiCommunityEnabled = "FALSE"
HKEY_CURRENT_USER\Software\AppDataLow\
Software\BrotherSoft_Extreme\toolbar
GroupingEnabled = "FALSE"
HKEY_CURRENT_USER\Software\AppDataLow\
Software\BrotherSoft_Extreme\toolbar\
Monitored
GroupingEnabled = "FALSE"
HKEY_CURRENT_USER\Software\AppDataLow\
Software\BrotherSoft_Extreme\toolbar\
Monitored
MultiCommunityID = "CT2776682"
HKEY_CURRENT_USER\Software\AppDataLow\
Software\BrotherSoft_Extreme\toolbar\
Monitored
SHRINK_TOOLBAR = 0
HKEY_CURRENT_USER\Software\AppDataLow\
Software\BrotherSoft_Extreme\toolbar
DisplayName = "BrotherSoft Extreme"
HKEY_LOCAL_MACHINE\SOFTWARE\BrotherSoft_Extreme\
toolbar
version = "6.2.7.3"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{51A86BB3-6602-4C85-92A5-130EE4864F13}
(Default) = "BrotherSoft Extreme Toolbar"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{51A86BB3-6602-4C85-92A5-130EE4864F13}\InprocServer32
(Default) = "%Program Files%\BrotherSoft_Extreme\tbBrot.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{51A86BB3-6602-4C85-92A5-130EE4864F13}\InprocServer32
ThreadingModel = "Apartment"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Toolbar
{51A86BB3-6602-4C85-92A5-130EE4864F13} = "BrotherSoft Extreme Toolbar"
HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\
Toolbars
BrotherSoft Extreme Toolbar = "{51A86BB3-6602-4C85-92A5-130EE4864F13}"
HKEY_CURRENT_USER\Software\AppDataLow\
Software\BrotherSoft_Extreme\toolbar\
IE5
ToolbarRunFirstTimeAfterInstall = "TRUE"
HKEY_CURRENT_USER\Software\AppDataLow\
Software\BrotherSoft_Extreme\toolbar\
Repository\conduit_CT2776682\Coordinator
ResetServiceMap = 1
HKEY_LOCAL_MACHINE\SOFTWARE\BrotherSoft_Extreme\
toolbar
VistaElevationComId = "{A2E84908-77AB-4368-9038-5BC2D2C161B7}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Low Rights\ElevationPolicy\
{A2E84908-77AB-4368-9038-5BC2D2C161B7}
AppPath = "%Program Files%\BrotherSoft_Extreme"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Low Rights\ElevationPolicy\
{A2E84908-77AB-4368-9038-5BC2D2C161B7}
AppName = "BrotherSoft_ExtremeToolbarHelper.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Low Rights\ElevationPolicy\
{A2E84908-77AB-4368-9038-5BC2D2C161B7}
Policy = 3
HKEY_LOCAL_MACHINE\SOFTWARE\BrotherSoft_Extreme\
toolbar
ToolbarAPIComId = "{E7837BD9-B225-473F-A7F1-D221BEB7BD90}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{E7837BD9-B225-473F-A7F1-D221BEB7BD90}
(Default) = "BrotherSoft Extreme API Server"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{E7837BD9-B225-473F-A7F1-D221BEB7BD90}\InprocServer32
(Default) = "%Program Files%\BrotherSoft_Extreme\tbBrot.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{E7837BD9-B225-473F-A7F1-D221BEB7BD90}\InprocServer32
ThreadingModel = "Apartment"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{E7837BD9-B225-473F-A7F1-D221BEB7BD90}\ProgID
(Default) = Toolbar.CT2776682
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{E7837BD9-B225-473F-A7F1-D221BEB7BD90}\VersionIndependentProgID
(Default) = "Toolbar.CT2776682"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Toolbar.CT2776682\CLSID
(Default) = "{E7837BD9-B225-473F-A7F1-D221BEB7BD90}"
HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\
Platforms\{E7837BD9-B225-473F-A7F1-D221BEB7BD90}
HostID = "{51a86bb3-6602-4c85-92a5-130ee4864f13}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\
Browser Helper Objects\{51a86bb3-6602-4c85-92a5-130ee4864f13}
NoExplorer = 1
HKEY_LOCAL_MACHINE\SOFTWARE\BrotherSoft_Extreme\
toolbar
UserID = "UN19514875571025297"
HKEY_CURRENT_USER\Software\AppDataLow\
Software\BrotherSoft_Extreme\toolbar
UserID = "UN19514875571025297"
HKEY_CURRENT_USER\Software\AppDataLow\
Toolbar\RegisteredSources
CT2776682 = 0
HKEY_CURRENT_USER\Software\AppDataLow\
Software\conduitEngine\toolbar\
Settings\MyStuff
CanShowPlusButton = "TRUE"
HKEY_CURRENT_USER\Software\AppDataLow\
Software\conduitEngine\toolbar\
Settings\MyStuff
EnableDetection = "TRUE"
HKEY_CURRENT_USER\Software\AppDataLow\
Software\BrotherSoft_Extreme\toolbar
ImportMyStuffToEngine = "FALSE"
HKEY_CURRENT_USER\Software\AppDataLow\
Software\Conduit\Community Alerts\
Settings
AutoUpdateEnabled = "TRUE"
HKEY_CURRENT_USER\Software\AppDataLow\
Software\Conduit\Community Alerts\
Settings
ShowAlerts = "FALSE"
HKEY_CURRENT_USER\Software\AppDataLow\
Software\Conduit\Community Alerts\
Settings
ALPClientsServerName = "http://alert.client.{BLOCKED}t.com"
HKEY_CURRENT_USER\Software\AppDataLow\
Software\Conduit\Community Alerts\
Settings
ALPServicesServerName = "http://alert.services.{BLOCKED}t.com"
HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\
Community Alerts
Path = "%Program Files%\Conduit\Community Alerts\Alert.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}
(Default) = "Conduit Community Alerts"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32
(Default) = "%Program Files%\Conduit\Community Alerts\Alert.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32
ThreadingModel = "Apartment"
HKEY_CURRENT_USER\Software\AppDataLow\
Software\Conduit\Community Alerts\
Settings
UserID = "873419FE-3B40-4489-94FD-A2A3D9CE5FD2"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
BrotherSoft_Extreme Toolbar
Comments = ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
BrotherSoft_Extreme Toolbar
Contact = ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
BrotherSoft_Extreme Toolbar
HelpLink = "http://BrotherSoftExtreme.{BLOCKED}lbar.com/help"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
BrotherSoft_Extreme Toolbar
Publisher = BrotherSoft Extreme
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
BrotherSoft_Extreme Toolbar
DisplayVersion = "6.2.7.3"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
BrotherSoft_Extreme Toolbar
URLInfoAbout = "http//BrotherSoftExtreme.{BLOCKED}lbar.com/"
HKEY_LOCAL_MACHINE\SOFTWARE\BrotherSoft_Extreme\
toolbar
OpenUninstallPage = "TRUE"
作成活動
アドウェアは、以下のファイルを作成します。
- %User Temp%\GL{random}.tmp
- %User Temp%\BrotherSoft_Extreme.exe
- %User Temp%\{}\~GLH{random numbers}.TMP
- %User Temp%\{}\brothersoft_extreme_tb.xpi
- %User Temp%\{}\conduitengine.xpi
- %User Temp%\{}\install.rdf
- %User Temp%\{}\xpis.txt
- %User Temp%\{}\conduitengine\~GLH{random numbers}.tmp
- %User Temp%\{}\conduitengine\install.rdf
- %User Temp%\{}\conduitengine\chrome.manifest
- %User Temp%\{}\conduitengine\version.txt
- %User Temp%\{}\chrome\~GLH{random numbers}.tmp
- %User Temp%\{}\chrome\conduitengine.jar
- %User Temp%\{}\chrome\components\~GLH{random numbers}.tmp
- %User Temp%\{}\chrome\components\ConduitAutoCompleteSearch.js
- %User Temp%\{}\chrome\components\ConduitAutoCompleteSearch.xpt
- %User Temp%\{}\chrome\components\ConduitToolbar.idl
- %User Temp%\{}\chrome\components\ConduitToolbar.js
- %User Temp%\{}\chrome\components\ConduitToolbar.xpt
- %User Temp%\{}\chrome\components\RadioWMPCore.dll
- %User Temp%\{}\chrome\components\RadioWMPCore.xpt
- %User Temp%\{}\chrome\components\RadioWMPCoreGecko19.dll
- %User Temp%\{}\chrome\components\defaults\~GLH{random numbers}.tmp
- %User Temp%\{}\chrome\components\defaults\alertSettinfsComponent.xml
- %User Temp%\{}\chrome\components\defaults\appContextMenu.xml
- %User Temp%\{}\chrome\components\defaults\engineContextMenu.xml
- %User Temp%\{}\chrome\components\defaults\engineSettings.json
- %User Temp%\{}\chrome\components\defaults\fbAlert.js
- %User Temp%\{}\conduitengine\defaults\getAppsContextMenu.xml
- %User Temp%\{}\conduitengine\defaults\postAppsContextMenu.xml
- %User Temp%\{}\conduitengine\defaults\toolbarContextMenu.xml
- %User Temp%\{}\conduitengine\defaults\unsharedAppsContextMenu.xml
- %User Temp%\{}\conduitengine\DualPackage\~GLH{random numbers}.TMP
- %User Temp%\{}\conduitengine\DualPackage\install.rdf
- %User Temp%\{}\conduitengine\lib\~GLH{random numbers}.TMP
- %User Temp%\{}\conduitengine\lib\xpcom.js
- %User Temp%\{}\conduitengine\META-INF\~GLH{random numbers}.TMP
- %User Temp%\{}\conduitengine\META-INF\manifest.mf
- %User Temp%\{}\conduitengine\META-INF\~GLH{random numbers}.TMP
- %User Temp%\{}\conduitengine\META-INF\zigbert.rsa
- %User Temp%\{}\conduitengine\META-INF\zigbert.sf
- %User Temp%\{}\conduitengine\searchplugin\~GLH{random numbers}.TMP
- %User Temp%\{}\conduitengine\searchplugin\conduit.gif
- %User Temp%\{}\conduitengine\searchplugin\conduit.ico
- %User Temp%\{}\conduitengine\searchplugin\conduit.PNG
- %User Temp%\{}\conduitengine\searchplugin\conduit.src
- %User Temp%\{}\META-INF\~GLH{random numbers}.TMP
- %User Temp%\{}\META-INF\manifest.mf
- %User Temp%\{}\META-INF\zigbert.rsa
- %User Temp%\{}\META-INF\zigbert.sf
- %User Temp%\{}\toolbar\~GLH{random numbers}.TMP
- %User Temp%\{}\toolbar\chrome.manifest
- %User Temp%\{}\toolbar\install.rdf
- %User Temp%\{}\toolbar\version.txt
- %User Temp%\{}\toolbar\chrome\~GLH{random numbers}.TMP
- %User Temp%\GLF{random}.tmp.tbBrot.dll
- %Program Files%\BrotherSoft_Extreme\~GLH{random numbers}.TMP
- %Program Files%\BrotherSoft_Extreme\UNWISE.EXE
- %Program Files%\BrotherSoft_Extreme\toolbar.cfg
- %Program Files%\BrotherSoft_Extreme\BrotherSoft_ExtremeToolbarHelper.exe
- %User Temp%\{}\toolbar\chrome\brothersoft_extreme.jar
- %User Temp%\{}\toolbar\components\~GLH{random numbers}.TMP
- %User Temp%\{}\toolbar\components\ConduitAutoCompleteSearch.js
- %User Temp%\{}\toolbar\components\ConduitAutoCompleteSearch.xpt
- %User Temp%\{}\toolbar\components\ConduitToolbar.idl
- %User Temp%\{}\toolbar\components\ConduitToolbar.js
- %User Temp%\{}\toolbar\components\ConduitToolbar.xpt
- %User Temp%\{}\toolbar\components\RadioWMPCore.dll
- %User Temp%\{}\toolbar\components\RadioWMPCoreGecko19.dll
- %User Temp%\{}\toolbar\defaults\alertSettingsComponent.xml
- %User Temp%\{}\toolbar\defaults\~GLH{random numbers}.TMP
- %User Temp%\{}\toolbar\defaults\appContextMenu.xml
- %User Temp%\{}\toolbar\defaults\engineContextMenu.xml
- %User Temp%\{}\toolbar\defaults\engineSettings.json
- %User Temp%\{}\toolbar\defaults\fbAlert.js
- %User Temp%\{}\toolbar\defaults\getAppsContextMenu.xml
- %User Temp%\{}\toolbar\defaults\postAppsContextMenu.xml
- %User Temp%\{}\toolbar\defaults\toolbarContextMenu.xml
- %User Temp%\{}\toolbar\defaults\unsharedAppsContextMenu.xml
- %User Temp%\{}\toolbar\lib\xpcom.js
- %User Temp%\{}\toolbar\lib\~GLH{random numbers}.tmp
- %User Temp%\{}\toolbar\META-INF\~GLH{random numbers}.TMP
- %User Temp%\{}\toolbar\META-INF\manifest.mf
- %User Temp%\{}\toolbar\META-INF\~GLH{random numbers}.TMP
- %User Temp%\{}\toolbar\META-INF\zigbert.rsa
- %User Temp%\{}\toolbar\META-INF\zigbert.sf
- %User Temp%\{}\toolbar\searchplugin\~GLH{random numbers}.TMP
- %User Temp%\{}\toolbar\searchplugin\conduit.gif
- %User Temp%\{}\toolbar\searchplugin\conduit.ico
- %User Temp%\{}\toolbar\searchplugin\conduit.PNG
- %User Temp%\{}\toolbar\searchplugin\conduit.src
- %User Temp%\{}\toolbar\searchplugin\conduit.xml
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\~GLH{random numbers}.TMP
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\install.rdf
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\version.txt.
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\chrome\conduitengine.jar
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\components\{random numbers}.TMP
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\components\ConduitAutoCompleteSearch.js
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\components\ConduitAutoCompleteSearch.xpt
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\components\ConduitToolbar.idl
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\components\ConduitToolbar.js
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\components\ConduitToolbar.xpt
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\components\RadioWMPCore.dll
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\components\RadioWMPCore.xpt
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\defaults\{random numbers}.TMP
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\defaults\alertSettingsComponent.xml
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\defaults\appContextMenu.xml
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\defaults\engineContextMenu.xml
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\defaults\engineSettings.json
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\defaults\fbAlert.js
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\defaults\getAppsContextMenu.xml
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\defaults\postAppsContextMenu.xml
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\defaults\toolbarContextMenu.xml
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\defaults\unsharedAppsContextMenu.xml
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\DualPackage\~GLH{random numbers}.TMP
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\DualPackage\install.rdf
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\lib\~GLH{random numbers}.TMP
- %Program Files%\BrotherSoft_Extreme\tbBrot.dll
- %Program Files%\BrotherSoft_Extreme\~GLH{random numbers}.TMP
- %Program Files%\BrotherSoft_Extreme\GottenAppsContextMenu.xml
- %Program Files%\BrotherSoft_Extreme\SharedAppsContextMenu.xml
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\lib\xpcom.js
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\META-INF\~GLH{random numbers}.TMP
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\META-INF\manifest.mf
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\META-INF\zigbert.rsa
- %Program Files%\BrotherSoft_Extreme\ToolbarContextMenu.xml
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\META-INF\zigbert.sf
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\searchplugin\~GLH{random numbers}.TMP
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\searchplugin\conduit.gif
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\searchplugin\~GLH{random numbers}.TMP
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\searchplugin\conduit.ico
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\searchplugin\conduit.PNG
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\searchplugin\conduit.src
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\searchplugin\conduit.xml
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\~GLH{random numbers}.TMP
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\chrome.manifest
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\install.rdf
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\version.txt
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\chrome\~GLH{random numbers}.TMP
- %User Temp%\GLF{random}.tmp.ConduitEngineSetup.exe
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\chrome\brothersoft_extreme.jar
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\components\~GLH{random numbers}.TMP
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\components\ConduitAutoCompleteSearch.js
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\components\ConduitAutoCompleteSearch.xpt
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\components\ConduitToolbar.idl
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\components\ConduitToolbar.js
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\components\ConduitToolbar.xpt
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\components\RadioWMPCore.dll
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\components\RadioWMPCore.xpt
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\components\RadioWMPCoreGecko19.dll
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\defaults\~GLH{random numbers}.TMP
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\defaults\alertSettingsComponent.xml
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\defaults\appContextMenu.xml
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\defaults\engineContextMenu.xml
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\defaults\engineSettings.json
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\defaults\fbAlert.js
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\defaults\getAppsContextMenu.xml
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\defaults\postAppsContextMenu.xml
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\defaults\toolbarContextMenu.xml
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\defaults\unsharedAppsContextMenu.xml
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\lib\~GLH{random numbers}.TMP
- %System%\GLBSINST.%$D
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\lib\xpcom.js
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\META-INF\~GLH{random numbers}.TMP
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\META-INF\manifest.mf
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\META-INF\zigbert.rsa
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\META-INF\zigbert.sf
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\searchplugin\~GLH{random numbers}.TMP
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\searchplugin\conduit.gif
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\searchplugin\conduit.ico
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\searchplugin\conduit.PNG
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\searchplugin\conduit.src
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\searchplugin\conduit.xml
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\setup.ini
- %User Temp%\GLF{random}.tmp.ConduitEngine.dll
- %Program Files%\ConduitEngine\~GLH{random numbers}.TMP
- %Program Files%\ConduitEngine\toolbar.cfg
- %Program Files%\ConduitEngine\ConduitEngineUninstall.exe
- %Program Files%\ConduitEngine\appContextMenu.xml
- %Program Files%\ConduitEngine\engineContextMenu.xml
- %Program Files%\ConduitEngine\EngineSettings.json
- %Program Files%\ConduitEngine\ConduitEngineHelper.exe
- %Program Files%\ConduitEngine\ConduitEngine.dll
- %Program Files%\ConduitEngine\INSTALL.LOG
- %Program Files%\Conduit\Community Alerts\~GLH{random numbers}.TMP
- %Program Files%\Conduit\Community Alerts\Alert.dll
- %Program Files%\BrotherSoft_Extreme\INSTALL.LOG
その他
このファイルには、アドウェアが他のファイルをダウンロードするためのURLが含まれています。情報公開日現在、このファイルには以下のURLが含まれています。
- brothersoftextreme.{BLOCKED}bar.com
ただし、情報公開日現在、このWebサイトにはアクセスできません。
対応方法
手順 1
Windows XP、Windows Vista および Windows 7 のユーザは、コンピュータからマルウェアもしくはアドウェア等を完全に削除するために、ウイルス検索の実行前には必ず「システムの復元」を無効にしてください。
手順 2
このマルウェアもしくはアドウェア等の実行により、手順中に記載されたすべてのファイル、フォルダおよびレジストリキーや値がコンピュータにインストールされるとは限りません。インストールが不完全である場合の他、オペレーティングシステム(OS)の条件によりインストールがされない場合が考えられます。手順中に記載されたファイル/フォルダ/レジストリ情報が確認されない場合、該当の手順の操作は不要ですので、次の手順に進んでください。
手順 3
Windowsをセーフモードで再起動します。
手順 4
自身のアンインストールオプションを使用し、「Adware.Win32.CONDUIT.B」を削除します。
手順 5
このレジストリ値を削除します。
警告:レジストリはWindowsの構成情報が格納されているデータベースであり、レジストリの編集内容に問題があると、システムが正常に動作しなくなる場合があります。
レジストリの編集はお客様の責任で行っていただくようお願いいたします。弊社ではレジストリの編集による如何なる問題に対しても補償いたしかねます。
レジストリの編集前にこちらをご参照ください。
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrotherSoft_Extreme Toolbar
- DisplayName = “BrotherSoft_Extreme Toolbar”
- DisplayName = “BrotherSoft_Extreme Toolbar”
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BrotherSoft_Extreme Toolbar
- UninstallString = %Program Files%\BrotherSoft_Extreme\UNWISE.EXE /U %Program Files%\BrotherSoft_Extreme\INSTALL.LOG
- UninstallString = %Program Files%\BrotherSoft_Extreme\UNWISE.EXE /U %Program Files%\BrotherSoft_Extreme\INSTALL.LOG
- In HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
- Use Search Asst = no
- Use Search Asst = no
- In HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
- Enable Browser Extensions = yes
- Enable Browser Extensions = yes
- In HKEY_CURRENT_USER\Software\AppDataLow\Software\BrotherSoft_Extreme\toolbar\IE5
- CabinetVisible = FALSE
- CabinetVisible = FALSE
- In HKEY_CURRENT_USER\Software\AppDataLow\Software\BrotherSoft_Extreme\toolbar\IE5
- ExplorerVisible = FALSE
- ExplorerVisible = FALSE
- In HKEY_CURRENT_USER\Software\AppDataLow\Software\BrotherSoft_Extreme\toolbar\IE5
- FirstTime = TRUE
- FirstTime = TRUE
- In HKEY_CURRENT_USER\Software\AppDataLow\Software\BrotherSoft_Extreme\toolbar\IE5
- Visible = TRUE
- Visible = TRUE
- In HKEY_CURRENT_USER\Software\AppDataLow\Software\BrotherSoft_Extreme\toolbar\settings
- EnableSearchFromAdress = TRUE
- EnableSearchFromAdress = TRUE
- In HKEY_CURRENT_USER\Software\AppDataLow\Software\BrotherSoft_Extreme\toolbar\settings
- FixPageNotFoundError = 1
- FixPageNotFoundError = 1
- In HKEY_CURRENT_USER\Software\AppDataLow\Software\BrotherSoft_Extreme\toolbar\settings
- SearchFromAdressUrl = http://search.{BLOCKED}t.com/ResultsExt.aspx?ctid=CT2776682&q=MYSEARCHTERM
- SearchFromAdressUrl = http://search.{BLOCKED}t.com/ResultsExt.aspx?ctid=CT2776682&q=MYSEARCHTERM
- In HKEY_CURRENT_USER\Software\AppDataLow\Software\BrotherSoft_Extreme\toolbar\settings\LanguagePack
- LanguagePackServerUrl = http://translation.users.{BLOCKED}t.com/Translation.ashx
- LanguagePackServerUrl = http://translation.users.{BLOCKED}t.com/Translation.ashx
- In HKEY_CURRENT_USER\Software\AppDataLow\Software\BrotherSoft_Extreme\toolbar
- GroupingServerURL = http://grouping.services.{BLOCKED}t.com/
- GroupingServerURL = http://grouping.services.{BLOCKED}t.com/
- In HKEY_CURRENT_USER\Software\AppDataLow\Software\BrotherSoft_Extreme\toolbar
- SearchServerUrl = http://search.{BLOCKED}t.com
- SearchServerUrl = http://search.{BLOCKED}t.com
- In HKEY_CURRENT_USER\Software\AppDataLow\Software\BrotherSoft_Extreme\toolbar
- Server = users.{BLOCKED}t.com
- Server = users.{BLOCKED}t.com
- In HKEY_CURRENT_USER\Software\AppDataLow\Software\BrotherSoft_Extreme\toolbar
- ShouldPerformGroupByOS = FALSE
- ShouldPerformGroupByOS = FALSE
- In HKEY_CURRENT_USER\Software\AppDataLow\Software\BrotherSoft_Extreme\toolbar
- UsageURL = http://usage.users.{BLOCKED}t.com/UsersWebService.asmx/UsersRequests
- UsageURL = http://usage.users.{BLOCKED}t.com/UsersWebService.asmx/UsersRequests
- In HKEY_CURRENT_USER\Software\AppDataLow\Software\BrotherSoft_Extreme\toolbar
- WebServerUrl = http://BrotherSoftExtreme.{BLOCKED}lbar.com/
- WebServerUrl = http://BrotherSoftExtreme.{BLOCKED}lbar.com/
- In HKEY_CURRENT_USER\Software\AppDataLow\Software\BrotherSoft_Extreme\toolbar
- Write us link = {BLOCKED}t@brothersoft.com
- Write us link = {BLOCKED}t@brothersoft.com
- In HKEY_CURRENT_USER\Software\AppDataLow\Software\BrotherSoft_Extreme\toolbar\settings
- ShouldSendReferalCookie = TRUE
- ShouldSendReferalCookie = TRUE
- In HKEY_CURRENT_USER\Software\AppDataLow\Software\BrotherSoft_Extreme\toolbar\settings
- OpenSetupFinishPage = FALSE
- OpenSetupFinishPage = FALSE
- In HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
- {51a86bb3-6602-4c85-92a5-130ee4864f13} = “”
- {51a86bb3-6602-4c85-92a5-130ee4864f13} = “”
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks
- {51a86bb3-6602-4c85-92a5-130ee4864f13} = “”
- {51a86bb3-6602-4c85-92a5-130ee4864f13} = “”
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
- DisplayName = BrotherSoft Extreme Customized Web Search
- DisplayName = BrotherSoft Extreme Customized Web Search
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
- URL = http://search.{BLOCKED}t.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2776682
- URL = http://search.{BLOCKED}t.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2776682
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
- DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
- DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
- In HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes
- DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
- DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
- In HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
- DisplayName = BrotherSoft Extreme Customized Web Search
- DisplayName = BrotherSoft Extreme Customized Web Search
- In HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
- URL = http://search.{BLOCKED}t.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2776682
- URL = http://search.{BLOCKED}t.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2776682
- In HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
- Start Page = http://search.{BLOCKED}t.com?SearchSource=10&ctid=CT2776682
- Start Page = http://search.{BLOCKED}t.com?SearchSource=10&ctid=CT2776682
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
- {51a86bb3-6602-4c85-92a5-130ee4864f13} = BrotherSoft_Extreme Toolbar
- {51a86bb3-6602-4c85-92a5-130ee4864f13} = BrotherSoft_Extreme Toolbar
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
- (Default) = “”
- (Default) = “”
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51a86bb3-6602-4c85-92a5-130ee4864f13}
- (Default) = “”
- (Default) = “”
- In HKEY_LOCAL_MACHINE\SOFTWARE\BrotherSoft_Extreme\Communicator
- Url = http://servicemap.{BLOCKED}rvices.com/Toolbar/
- Url = http://servicemap.{BLOCKED}rvices.com/Toolbar/
- In HKEY_LOCAL_MACHINE\SOFTWARE\BrotherSoft_Extreme\toolbar
- ComId = {51a86bb3-6602-4c85-92a5-130ee4864f13}
- ComId = {51a86bb3-6602-4c85-92a5-130ee4864f13}
- In HKEY_LOCAL_MACHINE\SOFTWARE\BrotherSoft_Extreme\toolbar
- DisplayName = BrotherSoft Extreme
- DisplayName = BrotherSoft Extreme
- In HKEY_LOCAL_MACHINE\SOFTWARE\BrotherSoft_Extreme\toolbar
- DisplayTitle = BrotherSoft_Extreme Toolbar
- DisplayTitle = BrotherSoft_Extreme Toolbar
- In HKEY_LOCAL_MACHINE\SOFTWARE\BrotherSoft_Extreme\toolbar
- GroupingEnabled = FALSE
- GroupingEnabled = FALSE
- In HKEY_LOCAL_MACHINE\SOFTWARE\BrotherSoft_Extreme\toolbar
- InstallationId = integrated_ct2776682.exe
- InstallationId = integrated_ct2776682.exe
- In HKEY_LOCAL_MACHINE\SOFTWARE\BrotherSoft_Extreme\toolbar
- InstallationType = conduitintegration
- InstallationType = conduitintegration
- In HKEY_LOCAL_MACHINE\SOFTWARE\BrotherSoft_Extreme\toolbar
- MultiCommunityEnabled = FALSE
- MultiCommunityEnabled = FALSE
- In HKEY_LOCAL_MACHINE\SOFTWARE\BrotherSoft_Extreme\toolbar
- Path = %Program Files%\BrotherSoft_Extreme
- Path = %Program Files%\BrotherSoft_Extreme
- In HKEY_LOCAL_MACHINE\SOFTWARE\BrotherSoft_Extreme\toolbar
- Server = users.conduit.com
- Server = users.conduit.com
- In HKEY_LOCAL_MACHINE\SOFTWARE\BrotherSoft_Extreme\toolbar
- ShouldPerformGroupByOS = FALSE
- ShouldPerformGroupByOS = FALSE
- In HKEY_LOCAL_MACHINE\SOFTWARE\BrotherSoft_Extreme\toolbar
- ShouldShowPersonalComponentDlg = false
- ShouldShowPersonalComponentDlg = false
- In HKEY_LOCAL_MACHINE\SOFTWARE\BrotherSoft_Extreme\toolbar
- SponsorId = CT2776682
- SponsorId = CT2776682
- In HKEY_LOCAL_MACHINE\SOFTWARE\BrotherSoft_Extreme\toolbar
- ToolbarHelperFileName = %Program Files%\BrotherSoft_Extreme\BrotherSoft_ExtremeToolbarHelper.exe
- ToolbarHelperFileName = %Program Files%\BrotherSoft_Extreme\BrotherSoft_ExtremeToolbarHelper.exe
- In HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\Platforms\{51a86bb3-6602-4c85-92a5-130ee4864f13}
- Name = BrotherSoft_Extreme
- Name = BrotherSoft_Extreme
- In HKEY_LOCAL_MACHINE\SOFTWARE\BrotherSoft_Extreme\toolbar
- PlatformType = ConduitToolbar
- PlatformType = ConduitToolbar
- In HKEY_LOCAL_MACHINE\SOFTWARE\BrotherSoft_Extreme\toolbar
- IsEngineHost = TRUE
- IsEngineHost = TRUE
- In HKEY_LOCAL_MACHINE\SOFTWARE\BrotherSoft_Extreme\toolbar
- AllowToUninstallFromEngine = FALSE
- AllowToUninstallFromEngine = FALSE
- In HKEY_LOCAL_MACHINE\SOFTWARE\BrotherSoft_Extreme\toolbar
- ForceEngineUninstall = TRUE
- ForceEngineUninstall = TRUE
- In HKEY_LOCAL_MACHINE\SOFTWARE\BrotherSoft_Extreme\toolbar
- IphoneUpdateURL = “”
- IphoneUpdateURL = “”
- In HKEY_LOCAL_MACHINE\SOFTWARE\BrotherSoft_Extreme\toolbar
- ShouldSendToolbarAge = TRUE
- ShouldSendToolbarAge = TRUE
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN
- Enable Browser Extensions = yes
- Enable Browser Extensions = yes
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN
- Use Search Asst = no
- Use Search Asst = no
- In HKEY_LOCAL_MACHINE\SOFTWARE\conduitEngine\toolbar
- ShouldShowFirstTimeDlg = FALSE
- ShouldShowFirstTimeDlg = FALSE
- In HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitEngine\toolbar\IE5
- CabinetVisible = FALSE
- CabinetVisible = FALSE
- In HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitEngine\toolbar\IE5
- ExplorerVisible = FALSE
- ExplorerVisible = FALSE
- In HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitEngine\toolbar\IE5
- FirstTime = TRUE
- FirstTime = TRUE
- In HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitEngine\toolbar\IE5
- Visible = TRUE
- Visible = TRUE
- In HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitEngine\toolbar\Settings
- EnableAppssAlerts = TRUE
- EnableAppssAlerts = TRUE
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
- {30F9B915-B755-4826-820B-08FBA6BD249D}
- {30F9B915-B755-4826-820B-08FBA6BD249D}
- In HKEY_LOCAL_MACHINE\SOFTWARE\conduitEngine\toolbar
- Path = %Program Files%\ConduitEngine
- Path = %Program Files%\ConduitEngine
- In HKEY_LOCAL_MACHINE\SOFTWARE\conduitEngine\toolbar
- ComId = {30F9B915-B755-4826-820B-08FBA6BD249D}
- ComId = {30F9B915-B755-4826-820B-08FBA6BD249D}
手順 6
以下のファイルを検索し削除します。
- %User Temp%\GL{random}.tmp
- %User Temp%\BrotherSoft_Extreme.exe
- %User Temp%\{}\~GLH{random numbers}.TMP
- %User Temp%\{}\brothersoft_extreme_tb.xpi
- %User Temp%\{}\conduitengine.xpi
- %User Temp%\{}\install.rdf
- %User Temp%\{}\xpis.txt
- %User Temp%\{}\conduitengine\~GLH{random numbers}.tmp
- %User Temp%\{}\conduitengine\install.rdf
- %User Temp%\{}\conduitengine\chrome.manifest
- %User Temp%\{}\conduitengine\version.txt
- %User Temp%\{}\chrome\~GLH{random numbers}.tmp
- %User Temp%\{}\chrome\conduitengine.jar
- %User Temp%\{}\chrome\components\~GLH{random numbers}.tmp
- %User Temp%\{}\chrome\components\ConduitAutoCompleteSearch.js
- %User Temp%\{}\chrome\components\ConduitAutoCompleteSearch.xpt
- %User Temp%\{}\chrome\components\ConduitToolbar.idl
- %User Temp%\{}\chrome\components\ConduitToolbar.js
- %User Temp%\{}\chrome\components\ConduitToolbar.xpt
- %User Temp%\{}\chrome\components\RadioWMPCore.dll
- %User Temp%\{}\chrome\components\RadioWMPCore.xpt
- %User Temp%\{}\chrome\components\RadioWMPCoreGecko19.dll
- %User Temp%\{}\chrome\components\defaults\~GLH{random numbers}.tmp
- %User Temp%\{}\chrome\components\defaults\alertSettinfsComponent.xml
- %User Temp%\{}\chrome\components\defaults\appContextMenu.xml
- %User Temp%\{}\chrome\components\defaults\engineContextMenu.xml
- %User Temp%\{}\chrome\components\defaults\engineSettings.json
- %User Temp%\{}\chrome\components\defaults\fbAlert.js
- %User Temp%\{}\conduitengine\defaults\getAppsContextMenu.xml
- %User Temp%\{}\conduitengine\defaults\postAppsContextMenu.xml
- %User Temp%\{}\conduitengine\defaults\toolbarContextMenu.xml
- %User Temp%\{}\conduitengine\defaults\unsharedAppsContextMenu.xml
- %User Temp%\{}\conduitengine\DualPackage\~GLH{random numbers}.TMP
- %User Temp%\{}\conduitengine\DualPackage\install.rdf
- %User Temp%\{}\conduitengine\lib\~GLH{random numbers}.TMP
- %User Temp%\{}\conduitengine\lib\xpcom.js
- %User Temp%\{}\conduitengine\META-INF\~GLH{random numbers}.TMP
- %User Temp%\{}\conduitengine\META-INF\manifest.mf
- %User Temp%\{}\conduitengine\META-INF\~GLH{random numbers}.TMP
- %User Temp%\{}\conduitengine\META-INF\zigbert.rsa
- %User Temp%\{}\conduitengine\META-INF\zigbert.sf
- %User Temp%\{}\conduitengine\searchplugin\~GLH{random numbers}.TMP
- %User Temp%\{}\conduitengine\searchplugin\conduit.gif
- %User Temp%\{}\conduitengine\searchplugin\conduit.ico
- %User Temp%\{}\conduitengine\searchplugin\conduit.PNG
- %User Temp%\{}\conduitengine\searchplugin\conduit.src
- %User Temp%\{}\META-INF\~GLH{random numbers}.TMP
- %User Temp%\{}\META-INF\manifest.mf
- %User Temp%\{}\META-INF\zigbert.rsa
- %User Temp%\{}\META-INF\zigbert.sf
- %User Temp%\{}\toolbar\~GLH{random numbers}.TMP
- %User Temp%\{}\toolbar\chrome.manifest
- %User Temp%\{}\toolbar\install.rdf
- %User Temp%\{}\toolbar\version.txt
- %User Temp%\{}\toolbar\chrome\~GLH{random numbers}.TMP
- %User Temp%\GLF{random}.tmp.tbBrot.dll
- %Program Files%\BrotherSoft_Extreme\~GLH{random numbers}.TMP
- %Program Files%\BrotherSoft_Extreme\UNWISE.EXE
- %Program Files%\BrotherSoft_Extreme\toolbar.cfg
- %Program Files%\BrotherSoft_Extreme\BrotherSoft_ExtremeToolbarHelper.exe
- %User Temp%\{}\toolbar\chrome\brothersoft_extreme.jar
- %User Temp%\{}\toolbar\components\~GLH{random numbers}.TMP
- %User Temp%\{}\toolbar\components\ConduitAutoCompleteSearch.js
- %User Temp%\{}\toolbar\components\ConduitAutoCompleteSearch.xpt
- %User Temp%\{}\toolbar\components\ConduitToolbar.idl
- %User Temp%\{}\toolbar\components\ConduitToolbar.js
- %User Temp%\{}\toolbar\components\ConduitToolbar.xpt
- %User Temp%\{}\toolbar\components\RadioWMPCore.dll
- %User Temp%\{}\toolbar\components\RadioWMPCoreGecko19.dll
- %User Temp%\{}\toolbar\defaults\alertSettingsComponent.xml
- %User Temp%\{}\toolbar\defaults\~GLH{random numbers}.TMP
- %User Temp%\{}\toolbar\defaults\appContextMenu.xml
- %User Temp%\{}\toolbar\defaults\engineContextMenu.xml
- %User Temp%\{}\toolbar\defaults\engineSettings.json
- %User Temp%\{}\toolbar\defaults\fbAlert.js
- %User Temp%\{}\toolbar\defaults\getAppsContextMenu.xml
- %User Temp%\{}\toolbar\defaults\postAppsContextMenu.xml
- %User Temp%\{}\toolbar\defaults\toolbarContextMenu.xml
- %User Temp%\{}\toolbar\defaults\unsharedAppsContextMenu.xml
- %User Temp%\{}\toolbar\lib\xpcom.js
- %User Temp%\{}\toolbar\lib\~GLH{random numbers}.tmp
- %User Temp%\{}\toolbar\META-INF\~GLH{random numbers}.TMP
- %User Temp%\{}\toolbar\META-INF\manifest.mf
- %User Temp%\{}\toolbar\META-INF\~GLH{random numbers}.TMP
- %User Temp%\{}\toolbar\META-INF\zigbert.rsa
- %User Temp%\{}\toolbar\META-INF\zigbert.sf
- %User Temp%\{}\toolbar\searchplugin\~GLH{random numbers}.TMP
- %User Temp%\{}\toolbar\searchplugin\conduit.gif
- %User Temp%\{}\toolbar\searchplugin\conduit.ico
- %User Temp%\{}\toolbar\searchplugin\conduit.PNG
- %User Temp%\{}\toolbar\searchplugin\conduit.src
- %User Temp%\{}\toolbar\searchplugin\conduit.xml
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\~GLH{random numbers}.TMP
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\install.rdf
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\version.txt.
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\chrome\conduitengine.jar
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\components\{random numbers}.TMP
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\components\ConduitAutoCompleteSearch.js
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\components\ConduitAutoCompleteSearch.xpt
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\components\ConduitToolbar.idl
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\components\ConduitToolbar.js
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\components\ConduitToolbar.xpt
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\components\RadioWMPCore.dll
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\components\RadioWMPCore.xpt
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\defaults\\{random numbers}.TMP
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\defaults\alertSettingsComponent.xml
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\defaults\appContextMenu.xml
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\defaults\engineContextMenu.xml
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\defaults\engineSettings.json
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\defaults\fbAlert.js
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\defaults\getAppsContextMenu.xml
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\defaults\postAppsContextMenu.xml
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\defaults\toolbarContextMenu.xml
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\defaults\unsharedAppsContextMenu.xml
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\DualPackage\~GLH{random numbers}.TMP
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\DualPackage\install.rdf
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\lib\~GLH{random numbers}.TMP
- %Program Files%\BrotherSoft_Extreme\tbBrot.dll
- %Program Files%\BrotherSoft_Extreme\~GLH{random numbers}.TMP
- %Program Files%\BrotherSoft_Extreme\GottenAppsContextMenu.xml
- %Program Files%\BrotherSoft_Extreme\SharedAppsContextMenu.xml
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\lib\xpcom.js
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\META-INF\~GLH{random numbers}.TMP
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\META-INF\manifest.mf
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\META-INF\zigbert.rsa
- %Program Files%\BrotherSoft_Extreme\ToolbarContextMenu.xml
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\META-INF\zigbert.sf
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\searchplugin\~GLH{random numbers}.TMP
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\searchplugin\conduit.gif
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\searchplugin\~GLH{random numbers}.TMP
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\searchplugin\conduit.ico
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\searchplugin\conduit.PNG
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\searchplugin\conduit.src
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\engine@conduit.com\searchplugin\conduit.xml
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\~GLH{random numbers}.TMP
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\chrome.manifest
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\install.rdf
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\version.txt
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\chrome\~GLH{random numbers}.TMP
- %User Temp%\GLF{random}.tmp.ConduitEngineSetup.exe
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\chrome\brothersoft_extreme.jar
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\components\~GLH{random numbers}.TMP
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\components\ConduitAutoCompleteSearch.js
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\components\ConduitAutoCompleteSearch.xpt
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\components\ConduitToolbar.idl
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\components\ConduitToolbar.js
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\components\ConduitToolbar.xpt
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\components\RadioWMPCore.dll
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\components\RadioWMPCore.xpt
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\components\RadioWMPCoreGecko19.dll
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\defaults\~GLH{random numbers}.TMP
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\defaults\alertSettingsComponent.xml
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\defaults\appContextMenu.xml
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\defaults\engineContextMenu.xml
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\defaults\engineSettings.json
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\defaults\fbAlert.js
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\defaults\getAppsContextMenu.xml
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\defaults\postAppsContextMenu.xml
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\defaults\toolbarContextMenu.xml
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\defaults\unsharedAppsContextMenu.xml
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\lib\~GLH{random numbers}.TMP
- %System%\GLBSINST.%$D
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\lib\xpcom.js
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\META-INF\~GLH{random numbers}.TMP
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\META-INF\manifest.mf
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\META-INF\zigbert.rsa
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\META-INF\zigbert.sf
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\searchplugin\~GLH{random numbers}.TMP
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\searchplugin\conduit.gif
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\searchplugin\conduit.ico
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\searchplugin\conduit.PNG
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\searchplugin\conduit.src
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\searchplugin\conduit.xml
- %Application Data%\Mozilla\Firefox\Profiles\{random}.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\setup.ini
- %User Temp%\GLF{random}.tmp.ConduitEngine.dll
- %Program Files%\ConduitEngine\~GLH{random numbers}.TMP
- %Program Files%\ConduitEngine\toolbar.cfg
- %Program Files%\ConduitEngine\ConduitEngineUninstall.exe
- %Program Files%\ConduitEngine\appContextMenu.xml
- %Program Files%\ConduitEngine\engineContextMenu.xml
- %Program Files%\ConduitEngine\EngineSettings.json
- %Program Files%\ConduitEngine\ConduitEngineHelper.exe
- %Program Files%\ConduitEngine\ConduitEngine.dll
- %Program Files%\ConduitEngine\INSTALL.LOG
- %Program Files%\Conduit\Community Alerts\~GLH{random numbers}.TMP
- %Program Files%\Conduit\Community Alerts\Alert.dll
- %Program Files%\BrotherSoft_Extreme\INSTALL.LOG
手順 7
コンピュータを通常モードで再起動し、最新のバージョン(エンジン、パターンファイル)を導入したウイルス対策製品を用い、「Adware.Win32.CONDUIT.B」と検出したファイルの検索を実行してください。 検出されたファイルが、弊社ウイルス対策製品により既に駆除、隔離またはファイル削除の処理が実行された場合、ウイルスの処理は完了しており、他の削除手順は特にありません。
ご利用はいかがでしたか? アンケートにご協力ください