ADWARE.WIN32.OPENCANDY.AA

2018年10月31日

解析者: Arvin Roi Macaraeg

別名:

PUA:Win32/CandyOpen(Microsoft), not-a-virus:Downloader.Win32.OpenCandy.kw(Kaspersky), Win32/OpenCandy potentially unsafe(ESET-NOD32)

プラットフォーム:

Windows

危険度:

ダメージ度:

感染力:

感染確認数:

情報漏えい:

マルウェアタイプ:
アドウェア
破壊活動の有無:
なし
暗号化:
感染報告の有無 :
はい

概要

アドウェアは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。

詳細

ファイルサイズ 3,390,816 bytes

タイプ EXE

メモリ常駐なし

発見日 2012年6月18日

侵入方法

アドウェアは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。

インストール

アドウェアは、以下のファイルを作成します。

%Program Files%\WinSCP\unins000.exe
%Program Files%\WinSCP\WinSCP.exe
%Program Files%\WinSCP\WinSCP.com
%Program Files%\WinSCP\WinSCP.ico
%Program Files%\WinSCP\licence
%Program Files%\WinSCP\DragExt.dll
%Program Files%\WinSCP\PuTTY\LICENCE
%Program Files%\WinSCP\PuTTY\putty.hlp
%Program Files%\WinSCP\PuTTY\pageant.exe
%Program Files%\WinSCP\PuTTY\puttygen.exe
%User Temp%\is-{random}.tmp\{Malware Name}.tmp
%User Temp%\is-{random}.tmp\_isetup\_RegDLL.tmp
%User Temp%\is-{random}.tmp\_isetup\_shfoldr.dll
%User Temp%\is-{random}.tmp\OCSetupHlp.dll
%Common Programs%\WinSCP\WinSCP.lnk
%Common Programs%\WinSCP\Key tools\PuTTYgen.lnk
%Common Programs%\WinSCP\Key tools\Pageant.lnk
%Desktop%\WinSCP.lnk
%Application Data%\Microsoft\Windows\SendTo\WinSCP (for upload).lnk
%Application Data%\winscp.rnd

他のシステム変更

アドウェアは、インストールの過程で、以下のレジストリ値を追加します。

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
Interface = "0"

HKEY_LOCAL_MACHINE\SOFTWARE\Martin Prikryl\
WinSCP 2
DefaultInterfaceInterface = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
ShowAdvancedLoginOptions = "0"

HKEY_LOCAL_MACHINE\SOFTWARE\Martin Prikryl\
WinSCP 2
DefaultInterfaceShowAdvancedLoginOptions = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
DDExtEnabled = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Updates
Period = "7"

HKEY_LOCAL_MACHINE\SOFTWARE\Martin Prikryl\
WinSCP 2
DefaultUpdatesPeriod = "7"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Directory\shellex\CopyHookHandlers\
WinSCPCopyHook
{Default} = "{E15E1D68-0D1C-49F7-BEB8-812B1E00FA60}"

HKEY_LOCAL_MACHINE\SOFTWARE\Martin Prikryl\
WinSCP 2\DragExt
Enable = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer
GlobalAssocChangedCounter = "34"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
Inno Setup: Setup Version = "5.4.3 (a)"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
Inno Setup: App Path = "%Program Files%\WinSCP"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
InstallLocation = "%Program Files%\WinSCP\"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
Inno Setup: Icon Group = "WinSCP"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
Inno Setup: User = "{PC name}"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
Inno Setup: Setup Type = "full"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
Inno Setup: Selected Components = "main,shellext,pageant,puttygen,transl,transl\eng"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
Inno Setup: Deselected Components = "transl\ch,transl\chs,transl\cs,transl\de,transl\es,transl\et,transl\fi,transl\fr,transl\hu,transl\it,transl\jp,transl\ko,transl\nl,transl\pl,transl\sk,transl\sv,transl\uk"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
Inno Setup: Selected Tasks = "enableupdates,desktopicon,desktopicon\user,sendtohook,urlhandler"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
Inno Setup: Deselected Tasks = "desktopicon\common,quicklaunchicon,searchpath"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
Inno Setup: Language = "en"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
DisplayName = "WinSCP 4.3.8"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
DisplayIcon = "%Program Files%\WinSCP\WinSCP.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
UninstallString = ""%Program Files%\WinSCP\unins000.exe""

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
QuietUninstallString = ""%Program Files%\WinSCP\unins000.exe" /SILENT"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
DisplayVersion = "4.3.8"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
Publisher = "Martin Prikryl"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
URLInfoAbout = "http://winscp.net/"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
HelpLink = "http://winscp.net/forum/"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
URLUpdateInfo = "http://winscp.net/eng/download.php"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
NoModify = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
NoRepair = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
InstallDate = "20181030"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
MajorVersion = "4"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
MinorVersion = "3"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
EstimatedSize = "8325"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
Inno Setup CodeFile: SetupType = "typical"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SCP
{Default} = "URL: SCP Protocol"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SCP
URL Protocol = ""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SCP
EditFlags = "2"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SCP
BrowserFlags = "8"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SCP\DefaultIcon
{Default} = ""%Program Files%\WinSCP\WinSCP.exe",0"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SCP\shell\open\
command
{Default} = ""%Program Files%\WinSCP\WinSCP.exe" /unsafe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SFTP
{Default} = "URL: SFTP Protocol"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SFTP
URL Protocol = ""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SFTP
EditFlags = "2"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SFTP
BrowserFlags = "8"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SFTP\DefaultIcon
{Default} = ""%Program Files%\WinSCP\WinSCP.exe",0"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SFTP\shell\open\
command
{Default} = ""%Program Files%\WinSCP\WinSCP.exe" /unsafe "%1""

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
RandomSeedFile = "%25APPDATA%25%5Cwinscp.rnd"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
PuttyRegistryStorageKey = "Software%5CSimonTatham%5CPuTTY"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
ConfirmOverwriting = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
ConfirmResume = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
AutoReadDirectoryAfterOp = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
SessionReopenAuto = "5000"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
SessionReopenBackground = "2000"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
SessionReopenTimeout = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
TunnelLocalPortNumberLow = "50000"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
TunnelLocalPortNumberHigh = "50099"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
CacheDirectoryChangesMaxSize = "100"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
ShowFtpWelcomeMessage = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Logging
Logging = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Logging
LogFileName = ""

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Logging
LogFileAppend = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Logging
LogWindowLines = "100"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Logging
LogProtocol = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Logging
LogActions = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
ContinueOnError = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
ConfirmCommandSession = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
SynchronizeParams = "66"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
SynchronizeOptions = "5"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
SynchronizeModeAuto = "4294967295"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
SynchronizeMode = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
MaxWatchDirectories = "500"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
QueueTransfersLimit = "2"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
QueueAutoPopup = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
QueueRememberPassword = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
PuttySession = "WinSCP%20temporary%20session"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
PuttyPath = "%25PROGRAMFILES%25%5CPuTTY%5Cputty.exe"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
PuttyPassword = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
TelnetForFtpInPutty = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
IgnoreCancelBeforeFinish = "DF BC 9A 78 56 34 02 3F "

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
BeepOnFinish = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
BeepOnFinishAfter = "17 6C C1 16 6C C1 36 3F "

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
SynchronizeBrowsing = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
KeepUpToDateChangeDelay = "500"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
ChecksumAlg = "md5"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
SessionReopenAutoIdle = "5000"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
AddXToDirectories = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
Masks = "%2A.%2Ahtml"%20%2A.htm"%20%2A.txt"%20%2A.php"%20%2A.php3"%20%2A.cgi"%20%2A.c"%20%2A.cpp"%20%2A.h"%20%2A.pas"%20%2A.bas"%20%2A.tex"%20%2A.pl"%20%2A.js"%20.htaccess"%20%2A.xtml"%20%2A.css"%20%2A.cfg"%20%2A.ini"%20%2A.sh"%20%2A.xml"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
FileNameCase = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
PreserveReadOnly = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
PreserveTime = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
PreserveRights = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
IgnorePermErrors = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
Text = "rw-r--r--"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
TransferMode = "2"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
ResumeSupport = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
ResumeThreshold = "00 90 01 00 00 00 00 00 "

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
ReplaceInvalidChars = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
LocalInvalidChars = "/%5C:%2A%3F"<>|"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
CalculateSize = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
ExcludeFileMask = ""

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
NegativeExclude = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
ClearArchive = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
CPSLimit = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
Queue = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
QueueNoConfirmation = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
QueueIndividually = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
NewerOnly = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
CopyParamList = "4294967295"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
NewDirectory2
Valid = "00 "

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
Interface = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
ShowAdvancedLoginOptions = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
ConfirmExitOnCompletion = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Logging
LogView = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
SynchronizeChecklist
WindowParams = "0"-1"-1"600"450"0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
SynchronizeChecklist
ListParams = "1"1|150,1"100,1"80,1"130,1"25,1"100,1"80,1"130,1|0"1"2"3"4"5"6"7"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
FindFile
WindowParams = "646,481"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
FindFile
ListParams = "3"1|125,1"181,1"80,1"122,1|0"1"2"3"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
ConsoleWin
WindowSize = "570,430"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
CopyOnDoubleClick = "2"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
CopyOnDoubleClickConfirmation = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
DDAllowMove = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
DDAllowMoveInit = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
DDTransferConfirmation = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
DDTemporaryDirectory = ""

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
DDWarnLackOfTempSpace = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
DDWarnLackOfTempSpaceRatio = "9A 99 99 99 99 99 F1 3F "

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
DeleteToRecycleBin = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
DimmHiddenFiles = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
RenameWholeName = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
SelectDirectories = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
SelectMask = "%2A.%2A"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
ShowHiddenFiles = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
ShowInaccesibleDirectories = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
ConfirmTransferring = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
ConfirmDeleting = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
ConfirmRecycling = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
ConfirmClosingSession = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
AutoStartSession = ""

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
UseLocationProfiles = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
UseSharedBookmarks = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
LocaleSafe = "1033"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
DDExtEnabled = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
DDExtTimeout = "1000"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
DefaultDirIsHome = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
TemporaryDirectoryAppendSession = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
TemporaryDirectoryAppendPath = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
TemporaryDirectoryCleanup = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
ConfirmTemporaryDirectoryCleanup = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
PreservePanelState = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
Theme = "OfficeXP"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
PathInCaption = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
MinimizeToTray = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
BalloonNotifications = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
NotificationsTimeout = "10"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
NotificationsStickTime = "2"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
CopyParamAutoSelectNotice = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
SessionToolbarAutoShown = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
LockToolbars = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
AutoOpenInPutty = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
LastMonitor = "4294967295"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
VersionHistory = "403081771,stable"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor
FontName = "Courier%20New"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor
FontHeight = "4294967284"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor
FontStyle = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor
FontCharset = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor
WordWrap = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor
FindTextA = ""

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor
ReplaceTextA = ""

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor
FindMatchCase = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor
FindWholeWord = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor
FindDown = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor
TabSize = "7"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor
MaxEditors = "500"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor
EarlyClose = "2"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor
SDIShellEditor = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor
WindowParams = ""

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
QueueView
Height = "100"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
QueueView
Layout = "70,160,160,80,80,80"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
QueueView
Show = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
QueueView
LastHideShow = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
QueueView
ToolBar = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Updates
Period = "7"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Updates
LastCheck = "00 00 00 00 00 00 00 00 "

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Updates
HaveResults = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Updates
ShownResults = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Updates
BetaVersions = "2"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Updates
ConnectionType = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Updates
ProxyHost = ""

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Updates
ProxyPort = "8080"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Updates
ForVersion = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Updates
Version = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Updates
Message = ""

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Updates
Critical = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Updates
Release = ""

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Updates
Disabled = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Updates
Url = ""

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Updates
UrlButton = ""

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Explorer
DirViewParams = "0"1"0|150,1"70,1"101,1"79,1"62,1"55,1"20,0"150,0"125,0|0"1"8"2"3"4"5"6"7"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Explorer
LastLocalTargetDirectory = "C:%5CUsers%5C{PC name}%5CDocuments"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Explorer
StatusBar = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Explorer
WindowParams = "-1"-1"600"400"0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Explorer
ViewStyle = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Explorer
ShowFullAddress = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Explorer
DriveView = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Explorer
DriveViewWidth = "180"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander
CurrentPanel = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander
LocalPanelWidth = "00 00 00 00 00 00 E0 3F "

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander
SwappedPanels = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander
StatusBar = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander
WindowParams = "-1"-1"850"650"0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander
ExplorerStyleSelection = "2"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander
PreserveLocalDirectory = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander
CompareByTime = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander
CompareBySize = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander
FullRowSelect = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander
TreeOnLeft = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander\LocalPanel
DirViewParams = "0"1"0|150,1"70,1"101,1"79,1"62,1"55,0|0"1"2"3"4"5"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander\LocalPanel
StatusBar = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander\LocalPanel
DriveView = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander\LocalPanel
DriveViewHeight = "100"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander\LocalPanel
DriveViewWidth = "100"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander\RemotePanel
DirViewParams = "0"1"0|150,1"70,1"101,1"79,1"62,1"55,0"20,0"150,0"125,0|0"1"8"2"3"4"5"6"7"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander\RemotePanel
StatusBar = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander\RemotePanel
DriveView = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander\RemotePanel
DriveViewHeight = "100"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander\RemotePanel
DriveViewWidth = "100"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Logging
LogWindowOnStartup = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Logging
LogWindowParams = "-1"-1"500"400"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Security
UseMasterPassword = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Security
MasterPasswordVerifier = ""

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor\0
FileMask = "%2A.%2A"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor\0
Editor = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor\0
ExternalEditor = ""

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor\0
ExternalEditorText = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor\0
SDIExternalEditor = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor\0
DetectMDIExternalEditor = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor\1
FileMask = "%2A.%2A"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor\1
Editor = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor\1
ExternalEditor = "notepad.exe"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor\1
ExternalEditorText = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor\1
SDIExternalEditor = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor\1
DetectMDIExternalEditor = "0"

その他

アドウェアは、以下の不正なWebサイトにアクセスします。

http://opencandy.{BLOCKED}p.net/?clientv=31&cltzone=480&language=en,en&method=get_offers&mstime=0.109&os=WIN6.1SP1&product_key=c8223ec7b782bba155ed4a5f24e87c75&v=1.0&signature=f22b2fc2bf60bb9affdbfc564408b399

対応方法

対応検索エンジン: 9.850

SSAPI パターンバージョン: 2.112.44

SSAPI パターンリリース日: 2018年10月25日

手順 1

Windows XP、Windows Vista および Windows 7 のユーザは、コンピュータからマルウェアもしくはアドウェア等を完全に削除するために、ウイルス検索の実行前には必ず「システムの復元」を無効にしてください。

手順 2

このマルウェアもしくはアドウェア等の実行により、手順中に記載されたすべてのファイル、フォルダおよびレジストリキーや値がコンピュータにインストールされるとは限りません。インストールが不完全である場合の他、オペレーティングシステム（OS）の条件によりインストールがされない場合が考えられます。手順中に記載されたファイル／フォルダ／レジストリ情報が確認されない場合、該当の手順の操作は不要ですので、次の手順に進んでください。

手順 3

自身のアンインストールオプションを使用し、「ADWARE.WIN32.OPENCANDY.AA」を削除します。

[ 詳細 ]

マルウェアのプロセスの削除DATA_GENERIC

[削除]をクリックします。

表示されるダイアログボックスの指示に従ってください。

[プログラムの追加と削除]ウインドウを閉じ、[コントロールパネル]ウインドウも閉じます。

手順 4

最新のバージョン（エンジン、パターンファイル）を導入したウイルス対策製品を用い、ウイルス検索を実行してください。「ADWARE.WIN32.OPENCANDY.AA」と検出したファイルはすべて削除してください。検出されたファイルが、弊社ウイルス対策製品により既に駆除、隔離またはファイル削除の処理が実行された場合、ウイルスの処理は完了しており、他の削除手順は特にありません。

ご利用はいかがでしたか？　アンケートにご協力ください

ADWARE.WIN32.OPENCANDY.AA

概要

詳細

対応方法

リソース

サポート

会社概要

東京本社

ADWARE.WIN32.OPENCANDY.AA

概要

詳細

対応方法

リソース

サポート

会社概要

東京本社

The Americas

Asia Pacific

Europe, Middle East & Africa