BKDR_JADTRE.AI
W32/Agent.JH!tr (Fortinet), W32/QQhelper.C.gen!Eldorado (FProt), Exploit.Win32.ShellCode (Ikarus), TrojanDownloader:Win32/Jadtre.B (Microsoft), a variant of Win32/Wapomi.AO virus (NOD32), Infostealer.Gampass (Norton)
Windows 2000, Windows XP, Server 2003
![](/vinfo/imgFiles/JPlegend.jpg)
マルウェアタイプ:
バックドア型
破壊活動の有無:
なし
暗号化:
感染報告の有無 :
はい
概要
マルウェアは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。
詳細
侵入方法
マルウェアは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。
インストール
マルウェアは、以下のファイルを作成します。
- %System%\{random file name}.sys
(註:%System%はWindowsの種類とインストール時の設定などにより異なります。標準設定では、Windows 98 および MEの場合、"C:\Windows\System"、Windows NT および 2000 の場合、"C:\WinNT\System32"、Windows XP および Server 2003 の場合、"C:\Windows\System32" です。)
マルウェアは、感染したコンピュータ内に以下のように自身のコピーを作成します。
- %System%\{random file name}.tmp
- %System%\appmgmts.dll
(註:%System%はWindowsの種類とインストール時の設定などにより異なります。標準設定では、Windows 98 および MEの場合、"C:\Windows\System"、Windows NT および 2000 の場合、"C:\WinNT\System32"、Windows XP および Server 2003 の場合、"C:\Windows\System32" です。)
他のシステム変更
マルウェアは、以下のファイルを削除します。
- %System%\appmgmts.dll
(註:%System%はWindowsの種類とインストール時の設定などにより異なります。標準設定では、Windows 98 および MEの場合、"C:\Windows\System"、Windows NT および 2000 の場合、"C:\WinNT\System32"、Windows XP および Server 2003 の場合、"C:\Windows\System32" です。)
マルウェアは、インストールの過程で、以下のレジストリ値を追加します。
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
avgnt.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
avgrsx.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
avgtray.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
avguard.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
avgwdsvc.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
avgwdsvc.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
avmailc.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
avp.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
avshadow.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
avwebgrd.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
bdagent.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
CCenter.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
ccSvcHst.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
dwengine.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
egui.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
FilMsg.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
kavstart.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
kissvc.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
kmailmon.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
knsd.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
knsdsvc.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
knsdtray.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
knsdwsc.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
kpfw32.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
kpfwsvc.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
kpopserver.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
krnl360svc.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
krnl360svc.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KSafeSvc.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KSafeTray.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
ksmgui.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
ksmsvc.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
kswebshield.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
kvexpert.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KVMonXP.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KVMonXP.kxp
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
kvol.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
KVSrvXP.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
kvxp.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
kwatch.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
kwstray.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
kwsupd.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
kxedefend.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
kxesapp.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
kxescore.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
kxeserv.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
kxetray.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
livesrv.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
mcagent.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
mcmscsvc.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
McNASvc.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
Mcods.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
McProxy.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
McSACore.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
Mcshield.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
mcsysmon.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
mcvsshld.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
mfefire.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
MOBKbackup.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
MpfSrv.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
MPMon.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
MPSVC.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
MPSVC1.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
MPSVC2.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
msksrver.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
MsSvHost.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
QQPCAddWidget.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
QQPCMgr.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
QQPCMgr_tz_Setup.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
QQPCRTP.EXE
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
QQPCTray.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
QQPCUPDATE.EXE
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
qutmserv.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
RavMonD.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
RavTask.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
RsAgent.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
Rsmgrsvc.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
rsnetsvr.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
RsTray.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
safeboxTray.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
ScanFrm.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
sched.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
seccenter.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
SfCtlCom.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
spideragent.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
SpIDerMl.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
spidernt.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
spiderui.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
SuperKiller.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
TMBMSRV.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
TmProxy.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
Twister.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
UfSeAgnt.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
upsvc.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
V3PScan.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
V3SP.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
vgchsvx.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
VPSvc.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
vsserv.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
zhudongfangyu.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
ÐÞ¸´¹¤¾ß.exe
Debugger = "ntsd -d"
HKLM\SYSTEM\CurrentControlSet\
Services\{random}
Start = "3"
HKLM\SYSTEM\CurrentControlSet\
Services\{random}
Type = "1"
HKLM\SYSTEM\CurrentControlSet\
Services\{random}
ImagePath = "%System%\{random file name}.sys"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
360hotfix.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
360rp.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
360rpt.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
360safe.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
360safebox.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
360SAFE_INSTALLER.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
360sd.exe
Debugge = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
360se.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
360SoftMgrSvc.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
360speedld.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
360tray.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
afwServ.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
ast.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
AvastSvc.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
AvastUI.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
avcenter.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
avfwsvc.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
avgcsrvx.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
avgemc.exe
Debugger = "ntsd -d"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
avgnsx.exe
Debugger = "ntsd -d"
その他
マルウェアは、以下の不正なWebサイトにアクセスします。
- {BLOCKED}0.{BLOCKED}9.92.248
- {BLOCKED}0.{BLOCKED}9.92.245
- {BLOCKED}0.{BLOCKED}9.92.244
- {BLOCKED}0.{BLOCKED}9.92.242
- {BLOCKED}0.{BLOCKED}9.92.239
- {BLOCKED}0.{BLOCKED}9.92.248
- {BLOCKED}0.{BLOCKED}9.92.236
- {BLOCKED}0.{BLOCKED}9.92.250
- {BLOCKED}0.{BLOCKED}9.92.251
- {BLOCKED}0.{BLOCKED}9.92.254
- {BLOCKED}0.{BLOCKED}9.92.249
- {BLOCKED}0.{BLOCKED}9.92.240
- {BLOCKED}0.{BLOCKED}9.92.243
- {BLOCKED}0.{BLOCKED}9.92.253
- {BLOCKED}0.39.92.241
- {BLOCKED}0.{BLOCKED}9.92.246
- {BLOCKED}0.{BLOCKED}9.92.245
- {BLOCKED}0.{BLOCKED}9.92.237
- {BLOCKED}3.{BLOCKED}4.193.128
- {BLOCKED}3.{BLOCKED}4.193.125
- {BLOCKED}2.{BLOCKED}6.167.95
- {BLOCKED}d.{BLOCKED}v.com
- www.{BLOCKED}u.com
- www.{BLOCKED}4.info