PE_AGENT.PXI
Virus:Win32/Wholdor.A (Microsoft); W32/Fujacks (McAfee); Downloader (Symantec); Virus.Win32.Downloader.c (Kaspersky); Virus.Win32.Wholdor.a (v) (Sunbelt); Win32.Vimes.A (FSecure)
Windows 2000, Windows XP, Windows Server 2003
マルウェアタイプ:
ファイル感染型
破壊活動の有無:
なし
暗号化:
感染報告の有無 :
はい
概要
ウイルスは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。
詳細
侵入方法
ウイルスは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。
インストール
ウイルスは、以下のフォルダを作成します。
- %System Root%\_038937_
- %System Root%\ce198427a6f4aff3780463ae167354
- %System Root%\ce198427a6f4aff3780463ae167354\update
- %Windows%\LastGood
- %Windows%\LastGood\INF
- %Windows%\$MSI31Uninstall_KB893803v2$
- %Windows%\$MSI31Uninstall_KB893803v2$\spuninst
(註:%System Root%は、標準設定では "C:" です。また、オペレーティングシステムが存在する場所です。. %Windows%はWindowsの種類とインストール時の設定などにより異なります。標準設定では、Windows9x、Me、XP、Server 2003の場合、"C:\Window"、WindowsNT および 2000の場合、"C:\WINNT" です。)
自動実行方法
ウイルスは、自身をシステムサービスとして登録し、Windows起動時に自動実行されるよう以下のレジストリキーを追加します。
HKEY_LOCAL_MACHINE\System\CurrentControlSet\
Services\EventLog\System\
Windows Installer 3.1
他のシステム変更
ウイルスは、以下のファイルを削除します。
- %Windows%\$MSI31Uninstall_KB893803v2$\_000000_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\msi.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\_000001_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\msiexec.exe
- %Windows%\$MSI31Uninstall_KB893803v2$\_000002_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\msihnd.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\_000003_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\msimsg.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\_000004_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\msisip.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\_000005_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00013
- %Windows%\$MSI31Uninstall_KB893803v2$\_000006_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00014
- %Windows%\$MSI31Uninstall_KB893803v2$\_000007_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00015
- %Windows%\$MSI31Uninstall_KB893803v2$\_000008_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00016
- %Windows%\$MSI31Uninstall_KB893803v2$\_000009_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00017
- %Windows%\$MSI31Uninstall_KB893803v2$\_000010_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00018
- %Windows%\$MSI31Uninstall_KB893803v2$\_000011_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00019
- %Windows%\$MSI31Uninstall_KB893803v2$\_000012_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00020
- %Windows%\$MSI31Uninstall_KB893803v2$\_000013_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00021
- %Windows%\$MSI31Uninstall_KB893803v2$\_000014_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00022
- %Windows%\$MSI31Uninstall_KB893803v2$\_000015_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00023
- %Windows%\$MSI31Uninstall_KB893803v2$\_000016_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00024
- %Windows%\$MSI31Uninstall_KB893803v2$\_000017_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00025
- %Windows%\$MSI31Uninstall_KB893803v2$\_000018_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00026
- %Windows%\$MSI31Uninstall_KB893803v2$\_000019_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00027
- %Windows%\$MSI31Uninstall_KB893803v2$\_000020_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00028
- %Windows%\$MSI31Uninstall_KB893803v2$\_000021_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00029
- %Windows%\$MSI31Uninstall_KB893803v2$\_000022_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00030
- %Windows%\$MSI31Uninstall_KB893803v2$\_000023_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00031
- %Windows%\$MSI31Uninstall_KB893803v2$\_000024_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00032
- %Windows%\$MSI31Uninstall_KB893803v2$\_000025_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00033
- %Windows%\$MSI31Uninstall_KB893803v2$\_000026_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00034
- %Windows%\$MSI31Uninstall_KB893803v2$\_000027_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00035
- %Windows%\$MSI31Uninstall_KB893803v2$\_000028_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00036
- %Windows%\$MSI31Uninstall_KB893803v2$\_000029_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00037
- %Windows%\$MSI31Uninstall_KB893803v2$\_000030_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00038
- %Windows%\$MSI31Uninstall_KB893803v2$\_000031_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00039
- %Windows%\$MSI31Uninstall_KB893803v2$\_000032_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00040
- %Windows%\$MSI31Uninstall_KB893803v2$\_000033_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00041
- %Windows%\$MSI31Uninstall_KB893803v2$\_000034_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00042
- %Windows%\$MSI31Uninstall_KB893803v2$\_000035_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00043
- %Windows%\$MSI31Uninstall_KB893803v2$\_000036_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00044
- %Windows%\$MSI31Uninstall_KB893803v2$\_000037_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00045
- %Windows%\$MSI31Uninstall_KB893803v2$\_000038_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00046
- %Windows%\$MSI31Uninstall_KB893803v2$\_000039_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00047
- %Windows%\$MSI31Uninstall_KB893803v2$\_000040_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00048
- %Windows%\$MSI31Uninstall_KB893803v2$\_000041_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00051
- %Windows%\$MSI31Uninstall_KB893803v2$\_000042_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00052
- %Windows%\$MSI31Uninstall_KB893803v2$\_000043_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00053
- %Windows%\$MSI31Uninstall_KB893803v2$\_000044_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00054
- %Windows%\$MSI31Uninstall_KB893803v2$\_000045_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00055
- %Windows%\$MSI31Uninstall_KB893803v2$\_000046_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00056
- %Windows%\$MSI31Uninstall_KB893803v2$\_000047_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00057
- %Windows%\$MSI31Uninstall_KB893803v2$\_000048_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00058
- %Windows%\$MSI31Uninstall_KB893803v2$\_000049_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00059
- %Windows%\$MSI31Uninstall_KB893803v2$\_000050_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00060
- %Windows%\$MSI31Uninstall_KB893803v2$\_000051_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00061
- %Windows%\$MSI31Uninstall_KB893803v2$\_000052_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00062
- %Windows%\$MSI31Uninstall_KB893803v2$\_000053_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00063
- %Windows%\$MSI31Uninstall_KB893803v2$\_000054_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00064
- %Windows%\$MSI31Uninstall_KB893803v2$\_000055_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00065
- %Windows%\$MSI31Uninstall_KB893803v2$\_000056_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00066
- %Windows%\$MSI31Uninstall_KB893803v2$\_000057_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00067
- %Windows%\$MSI31Uninstall_KB893803v2$\_000058_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00068
- %Windows%\$MSI31Uninstall_KB893803v2$\_000059_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00069
- %Windows%\$MSI31Uninstall_KB893803v2$\_000060_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00070
- %Windows%\$MSI31Uninstall_KB893803v2$\_000061_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00071
- %Windows%\$MSI31Uninstall_KB893803v2$\_000062_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00072
- %Windows%\$MSI31Uninstall_KB893803v2$\_000063_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00073
- %Windows%\$MSI31Uninstall_KB893803v2$\_000064_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00074
- %Windows%\$MSI31Uninstall_KB893803v2$\_000065_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00075
- %Windows%\$MSI31Uninstall_KB893803v2$\_000066_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00076
- %Windows%\$MSI31Uninstall_KB893803v2$\_000067_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00077
- %Windows%\$MSI31Uninstall_KB893803v2$\_000068_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00078
- %Windows%\$MSI31Uninstall_KB893803v2$\_000069_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00079
- %Windows%\$MSI31Uninstall_KB893803v2$\_000070_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00080
- %Windows%\$MSI31Uninstall_KB893803v2$\_000071_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00081
- %Windows%\$MSI31Uninstall_KB893803v2$\_000072_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00082
- %Windows%\$MSI31Uninstall_KB893803v2$\_000073_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00083
- %Windows%\$MSI31Uninstall_KB893803v2$\_000074_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00084
- %Windows%\$MSI31Uninstall_KB893803v2$\_000075_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00085
- %Windows%\$MSI31Uninstall_KB893803v2$\_000076_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00086
- %Windows%\$MSI31Uninstall_KB893803v2$\_000077_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00087
- %Windows%\$MSI31Uninstall_KB893803v2$\_000078_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00088
- %Windows%\$MSI31Uninstall_KB893803v2$\_000079_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00089
- %Windows%\$MSI31Uninstall_KB893803v2$\_000080_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00090
- %Windows%\$MSI31Uninstall_KB893803v2$\_000081_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00091
- %Windows%\$MSI31Uninstall_KB893803v2$\_000082_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00092
- %Windows%\$MSI31Uninstall_KB893803v2$\_000083_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00093
- %Windows%\$MSI31Uninstall_KB893803v2$\_000084_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00094
- %Windows%\$MSI31Uninstall_KB893803v2$\_000085_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00095
- %Windows%\$MSI31Uninstall_KB893803v2$\_000086_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00096
- %Windows%\$MSI31Uninstall_KB893803v2$\_000087_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00097
- %Windows%\$MSI31Uninstall_KB893803v2$\_000088_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00098
- %Windows%\$MSI31Uninstall_KB893803v2$\_000089_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00099
- %Windows%\$MSI31Uninstall_KB893803v2$\_000090_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00100
- %Windows%\$MSI31Uninstall_KB893803v2$\_000091_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00101
- %Windows%\$MSI31Uninstall_KB893803v2$\_000092_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00102
- %Windows%\$MSI31Uninstall_KB893803v2$\_000093_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00103
- %Windows%\$MSI31Uninstall_KB893803v2$\_000094_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00104
- %Windows%\$MSI31Uninstall_KB893803v2$\_000095_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00105
- %Windows%\$MSI31Uninstall_KB893803v2$\_000096_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00106
- %Windows%\$MSI31Uninstall_KB893803v2$\_000097_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00107
- %Windows%\$MSI31Uninstall_KB893803v2$\_000098_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00108
- %Windows%\$MSI31Uninstall_KB893803v2$\_000099_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00109
- %Windows%\$MSI31Uninstall_KB893803v2$\_000100_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00110
- %Windows%\$MSI31Uninstall_KB893803v2$\_000101_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00111
- %Windows%\$MSI31Uninstall_KB893803v2$\_000102_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00112
- %Windows%\$MSI31Uninstall_KB893803v2$\_000103_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00113
- %Windows%\$MSI31Uninstall_KB893803v2$\_000104_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00114
- %Windows%\$MSI31Uninstall_KB893803v2$\_000105_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00115
- %Windows%\$MSI31Uninstall_KB893803v2$\_000106_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00116
- %Windows%\$MSI31Uninstall_KB893803v2$\spuninst\_000107_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\spuninst\updspapi.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\spuninst\_000108_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe
- %Windows%\KB893803v2_wxp.cat
- %Windows%\_000109_.tmp.dll
- %System%\HFX3.tmp
- %System%\_000110_.tmp.dll
- %System%\HFX4.tmp
- %System%\_000111_.tmp.dll
- %System%\HFX5.tmp
- %System%\_000112_.tmp.dll
- %System%\HFX6.tmp
- %System%\_000113_.tmp.dll
- %System%\HFX7.tmp
- %System%\_000114_.tmp.dll
- %System%\DllCache\HFX8.tmp
- %System%\DllCache\_000115_.tmp.dll
- %System%\DllCache\HFX9.tmp
- %System%\DllCache\_000116_.tmp.dll
- %System%\DllCache\HFXA.tmp
- %System%\DllCache\_000117_.tmp.dll
- %System%\DllCache\HFXB.tmp
- %System%\DllCache\_000118_.tmp.dll
- %System%\DllCache\HFXC.tmp
- %System%\DllCache\_000119_.tmp.dll
- %Windows%\imsins.BAK
- %Windows%\INF\oem12.inf
- %Windows%\INF\oem12.pnf
(註:%Windows%はWindowsの種類とインストール時の設定などにより異なります。標準設定では、Windows9x、Me、XP、Server 2003の場合、"C:\Window"、WindowsNT および 2000の場合、"C:\WINNT" です。. %System%はWindowsの種類とインストール時の設定などにより異なります。標準設定では、Windows 98 および MEの場合、"C:\Windows\System"、Windows NT および 2000 の場合、"C:\WinNT\System32"、Windows XP および Server 2003 の場合、"C:\Windows\System32" です。)
ウイルスは、以下のレジストリキーを追加します。
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
KB893803v2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Hotfix\
KB893803v2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Hotfix\
KB893803v2\File 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
KB893803
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
MSI30-Beta1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
MSI30-Beta2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
MSI30-RC1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
MSI30-RC2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
KB884016
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
MSI30a-KB884016
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
MSI30-KB884016
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
MSI31-Beta
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
MSI31-RC1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Setup\
OC Manager\TemporaryData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Setup\
Oc Manager\TemporaryData\610:106208
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Setup\
Oc Manager\TemporaryData\610:106208\
iis
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\UpdateExeVolatile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\UpdateExeVolatile_01CC93CCBAE3BB40
ウイルスは、以下のレジストリ値を追加します。
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Setup
LogLevel = 2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
KB893803v2
DisplayName = "Windows Installer 3.1 (KB893803)"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
KB893803v2
UninstallString = ""%Windows%\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
KB893803v2
TSAware = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
KB893803v2
NoModify = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
KB893803v2
Publisher = "Microsoft Corporation"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
KB893803v2
NoRepair = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
KB893803v2
HelpLink = "http://go.{BLOCKED}oft.com/fwlink/?LinkId=42467"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\Eventlog\System\
Windows Installer 3.1
EventMessageFile = "%SystemRoot%\System32\spmsg.dll"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\Eventlog\System\
Windows Installer 3.1
TypesSupported = 7
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\Session Manager
AllowProtectedRenames = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\0
FileName = "msi.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\0
Version = "3.1.4000.2435"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\0
BuildDate = "Mon May 02 08:51:33 2005"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\0
BuildCheckSum = "2c74db"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\0
Location = "%System%"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\1
FileName = "msiexec.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\1
Version = "3.1.4000.1823"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\1
BuildDate = "Mon Mar 14 18:02:55 2005"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\1
BuildCheckSum = "230ba"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\1
Location = "%System%"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\2
FileName = "msihnd.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\2
Version = "3.1.4000.1823"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\2
BuildDate = "Mon Mar 14 20:05:58 2005"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\2
BuildCheckSum = "4f6b4"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\2
Location = "%System%"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\3
FileName = "msimsg.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\3
Version = "3.1.4000.1823"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\3
BuildDate = "Mon Mar 14 16:23:23 2005"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\3
BuildCheckSum = "e2d67"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\3
Location = "%System%"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\4
FileName = "msisip.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\4
Version = "3.1.4000.1823"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\4
BuildDate = "Mon Mar 14 20:06:02 2005"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\4
BuildCheckSum = "69c8"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\4
Location = "%System%"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\5
FileName = "msi.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\5
Version = "3.1.4000.2435"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\5
BuildDate = "Mon May 02 08:51:33 2005"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\5
BuildCheckSum = "2c74db"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\5
Location = "%System%\DllCache"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\6
FileName = "msiexec.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\6
Version = "3.1.4000.1823"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\6
BuildDate = "Mon Mar 14 18:02:55 2005"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\6
BuildCheckSum = "230ba"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\6
Location = "%System%\DllCache"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\7
FileName = "msihnd.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\7
Version = "3.1.4000.1823"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\7
BuildDate = "Mon Mar 14 20:05:58 2005"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\7
BuildCheckSum = "4f6b4"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\7
Location = "%System%\DllCache"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\8
FileName = "msimsg.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\8
Version = "3.1.4000.1823"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\8
BuildDate = "Mon Mar 14 16:23:23 2005"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\8
BuildCheckSum = "e2d67"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\8
Location = "%System%\DllCache"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\9
FileName = "msisip.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\9
Version = "3.1.4000.1823"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\9
BuildDate = "Mon Mar 14 20:06:02 2005"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\9
BuildCheckSum = "69c8"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2\Filelist\9
Location = "%System%\DllCache"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\HotFix\
KB893803v2
Installed = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\HotFix\
KB893803v2
Comments = "Windows Installer 3.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\HotFix\
KB893803v2
Fix Description = "Windows Installer 3.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\HotFix\
KB893803v2
Service Pack = 3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\HotFix\
KB893803v2
Valid = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2
PackageName = "Windows Installer 3.1 (KB893803)"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2
Description = "Windows Installer 3.1 (KB893803)"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2
PackageVersion = "1.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2
Publisher = "Microsoft Corporation"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2
PublishingGroup = "Windows Installer Team"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2
ReleaseType = "Software Update"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2
ARPLink = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893803v2"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2
InstallerName = "Update.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2
InstallerVersion = "6.1.22.4"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
KB893803
DisplayVersion = "3.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
KB893803
HelpLink = "http://go.{BLOCKED}oft.com/fwlink/?LinkId=42467"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
KB893803
ReleaseType = "Software Update"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
KB893803
DisplayIcon = "%windir%\system32\msiexec.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
MSI30-Beta1
SystemComponent = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
MSI30-Beta2
SystemComponent = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
MSI30-RC1
SystemComponent = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
MSI30-RC2
SystemComponent = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
KB884016
SystemComponent = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
MSI30a-KB884016
SystemComponent = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
MSI30-KB884016
SystemComponent = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
MSI31-Beta
SystemComponent = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
MSI31-RC1
SystemComponent = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
KB893803
SystemComponent = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2
InstalledDate = "10/26/2011"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2
InstalledBy = "Administrator"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2
UninstallCommand = "%Windows%\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe "
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\Windows XP\SP3\
KB893803v2
Type = "Update"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Setup
ServicePackCachePath = "%Windows%\ServicePackFiles\ServicePackCache"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\Session Manager
PendingFileRenameOperations = ""\??\%System%\_000110_.tmp.dll""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Setup\
Oc Manager\TemporaryData\610:106208\
iis
PathInetsrv = "%System%\inetsrv"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Setup\
Oc Manager\TemporaryData\610:106208\
iis
PathIISAdmin = "%System%\inetsrv\iisadmin"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Setup\
Oc Manager\TemporaryData\610:106208\
iis
PathIISHelp = "%Windows%\Help\iishelp"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Setup\
Oc Manager\TemporaryData\610:106208\
iis
PathFTPRoot = "%System Root%\Inetpub\ftproot"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Setup\
Oc Manager\TemporaryData\610:106208\
iis
PathWWWRoot = "%System Root%\Inetpub\wwwroot"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Setup\
Oc Manager\TemporaryData\610:106208\
iis
PathIISSamples = "%System Root%\Inetpub\iissamples"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Setup\
Oc Manager\TemporaryData\610:106208\
iis
PathScripts = "%System Root%\Inetpub\iissamples\Scripts"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Setup\
Oc Manager\TemporaryData\610:106208\
iis
IISProgramGroup = "Microsoft Internet Information Services"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\UpdateExeVolatile
Flags = 2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Updates\UpdateExeVolatile_01CC93CCBAE3BB40
Flags = 2
ウイルスは、以下のレジストリ値を変更します。
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{000C101C-0000-0000-C000-000000000046}
AppId = "{000C101C-0000-0000-C000-000000000046}"
(註:変更前の上記レジストリ値は、「{000C101C-0000-0000-C000-000000000046}」となります。)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer
InstallerLocation = "%System%\"
(註:変更前の上記レジストリ値は、「%System%」となります。)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{000C101C-0000-0000-C000-000000000046}
LocalService = "MSIServer"
(註:変更前の上記レジストリ値は、「MSIServer」となります。)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\Eventlog\Application\
MsiInstaller
EventMessageFile = "%System%\msi.dll"
(註:変更前の上記レジストリ値は、「%System%\msi.dll」となります。)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\Eventlog\Application\
MsiInstaller
TypesSupported = 7
(註:変更前の上記レジストリ値は、「7」となります。)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{000C103E-0000-0000-C000-000000000046}\InProcServer32
ThreadingModel = "Both"
(註:変更前の上記レジストリ値は、「Both」となります。)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{000C1090-0000-0000-C000-000000000046}\InprocServer32
ThreadingModel = "Apartment"
(註:変更前の上記レジストリ値は、「Apartment」となります。)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{000C1094-0000-0000-C000-000000000046}\InprocServer32
ThreadingModel = "Apartment"
(註:変更前の上記レジストリ値は、「Apartment」となります。)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{000C1090-0000-0000-C000-000000000046}\TypeLib
Version = "1.0"
(註:変更前の上記レジストリ値は、「1.0」となります。)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{000C1093-0000-0000-C000-000000000046}\TypeLib
Version = "1.0"
(註:変更前の上記レジストリ値は、「1.0」となります。)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{000C1095-0000-0000-C000-000000000046}\TypeLib
Version = "1.0"
(註:変更前の上記レジストリ値は、「1.0」となります。)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{000C1096-0000-0000-C000-000000000046}\TypeLib
Version = "1.0"
(註:変更前の上記レジストリ値は、「1.0」となります。)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{000C109A-0000-0000-C000-000000000046}\TypeLib
Version = "1.0"
(註:変更前の上記レジストリ値は、「1.0」となります。)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{000C109B-0000-0000-C000-000000000046}\TypeLib
Version = "1.0"
(註:変更前の上記レジストリ値は、「1.0」となります。)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{000C109C-0000-0000-C000-000000000046}\TypeLib
Version = "1.0"
(註:変更前の上記レジストリ値は、「1.0」となります。)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{000C109D-0000-0000-C000-000000000046}\TypeLib
Version = "1.0"
(註:変更前の上記レジストリ値は、「1.0」となります。)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{000C109E-0000-0000-C000-000000000046}\TypeLib
Version = "1.0"
(註:変更前の上記レジストリ値は、「1.0」となります。)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{000C109F-0000-0000-C000-000000000046}\TypeLib
Version = "1.0"
(註:変更前の上記レジストリ値は、「1.0」となります。)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{000C10A0-0000-0000-C000-000000000046}\TypeLib
Version = "1.0"
(註:変更前の上記レジストリ値は、「1.0」となります。)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{000C10A1-0000-0000-C000-000000000046}\TypeLib
Version = "1.0"
(註:変更前の上記レジストリ値は、「1.0」となります。)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\MSIServer
Type = 2
(註:変更前の上記レジストリ値は、「20」となります。)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\MSIServer
Start = 3
(註:変更前の上記レジストリ値は、「3」となります。)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\MSIServer
ErrorControl = 1
(註:変更前の上記レジストリ値は、「1」となります。)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\MSIServer
ImagePath = "%System%\msiexec.exe /V"
(註:変更前の上記レジストリ値は、「%System%\msiexec.exe /V」となります。)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\MSIServer
DependOnService = ""RpcSs""
(註:変更前の上記レジストリ値は、「RpcSs」となります。)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\MSIServer
DependOnGroup = """"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\MSIServer
ObjectName = "LocalSystem"
(註:変更前の上記レジストリ値は、「LocalSystem」となります。)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Msi.Package
EditFlags = {random values}
(註:変更前の上記レジストリ値は、「{random values}」となります。)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Msi.Package
FriendlyTypeName = "@%SystemRoot%\System32\msi.dll,-34"
(註:変更前の上記レジストリ値は、「@%SystemRoot%\System32\msi.dll,-34」となります。)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Msi.Package\shell\Open
MUIVerb = "@%SystemRoot%\System32\msi.dll,-36"
(註:変更前の上記レジストリ値は、「@%SystemRoot%\System32\msi.dll,-36」となります。)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Msi.Package\shell\Repair
MUIVerb = "@%SystemRoot%\System32\msi.dll,-37"
(註:変更前の上記レジストリ値は、「@%SystemRoot%\System32\msi.dll,-37」となります。)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Msi.Package\shell\Uninstall
MUIVerb = "@%SystemRoot%\System32\msi.dll,-38"
(註:変更前の上記レジストリ値は、「@%SystemRoot%\System32\msi.dll,-38」となります。)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Msi.Patch
EditFlags = {random values}
(註:変更前の上記レジストリ値は、「{random values}」となります。)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Msi.Patch
FriendlyTypeName = "@%SystemRoot%\System32\msi.dll,-35"
(註:変更前の上記レジストリ値は、「@%SystemRoot%\System32\msi.dll,-35」となります。)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Msi.Patch\shell\Open
MUIVerb = "@%SystemRoot%\System32\msi.dll,-39"
(註:変更前の上記レジストリ値は、「@%SystemRoot%\System32\msi.dll,-39」となります。)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Tracing\
Microsoft\MSMQ
LogSessionName = "stdout"
(註:変更前の上記レジストリ値は、「stdout」となります。)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Tracing\
Microsoft\MSMQ
Active = 1
(註:変更前の上記レジストリ値は、「1」となります。)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Tracing\
Microsoft\MSMQ
ControlFlags = 1
(註:変更前の上記レジストリ値は、「1」となります。)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Tracing\
Microsoft\MSMQ\Regular
Guid = "24b9a175-8716-40e0-9b2b-785de75b1e67"
(註:変更前の上記レジストリ値は、「24b9a175-8716-40e0-9b2b-785de75b1e67」となります。)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Tracing\
Microsoft\MSMQ\Regular
BitNames = " rsError rsWarning rsTrace rsNone"
(註:変更前の上記レジストリ値は、「 rsError rsWarning rsTrace rsNone」となります。)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\SENS
Start = 2
(註:変更前の上記レジストリ値は、「2」となります。)
作成活動
ウイルスは、以下のファイルを作成します。
- %System Root%\ce198427a6f4aff3780463ae167354\empty.cat
- %System Root%\ce198427a6f4aff3780463ae167354\msi.dll
- %System Root%\ce198427a6f4aff3780463ae167354\msihnd.dll
- %System Root%\ce198427a6f4aff3780463ae167354\msimsg.dll
- %System Root%\ce198427a6f4aff3780463ae167354\msisip.dll
- %System Root%\ce198427a6f4aff3780463ae167354\msiexec.exe
- %System Root%\ce198427a6f4aff3780463ae167354\update\kb893803v2_net.cat
- %System Root%\ce198427a6f4aff3780463ae167354\update\kb893803v2_w2k.cat
- %System Root%\ce198427a6f4aff3780463ae167354\update\kb893803v2_wxp.cat
- %System Root%\ce198427a6f4aff3780463ae167354\update\updatebr.inf
- %System Root%\ce198427a6f4aff3780463ae167354\update\update.ver
- %System Root%\ce198427a6f4aff3780463ae167354\UPDATE\spcustom.dll
- %System Root%\ce198427a6f4aff3780463ae167354\spmsg.dll
- %System Root%\ce198427a6f4aff3780463ae167354\UPDATE\updspapi.dll
- %System Root%\ce198427a6f4aff3780463ae167354\spuninst.exe
- %System Root%\ce198427a6f4aff3780463ae167354\UPDATE\update.exe
- %System Root%\ce198427a6f4aff3780463ae167354\UPDATE\update_w2k3.inf
- %System Root%\ce198427a6f4aff3780463ae167354\UPDATE\update_win2k.inf
- %System Root%\ce198427a6f4aff3780463ae167354\UPDATE\update_wxp.inf
- %System Root%\ce198427a6f4aff3780463ae167354\UPDATE\eula.txt
- %System Root%\ce198427a6f4aff3780463ae167354\$shtdwn$.req
- %Windows%\INF\oem12.PNF
- %Windows%\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.txt
- %Windows%\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.inf
- %Windows%\INF\oem12.inf
- %Windows%\$MSI31Uninstall_KB893803v2$\msi.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\msiexec.exe
- %Windows%\$MSI31Uninstall_KB893803v2$\msihnd.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\msimsg.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\msisip.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\spuninst\updspapi.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe
- %System%\spmsg.dll
- %Windows%\KB893803v2_wxp.cat
- %System%\HFX3.tmp
- %System%\HFX4.tmp
- %System%\HFX5.tmp
- %System%\HFX6.tmp
- %System%\HFX7.tmp
- %System%\DllCache\HFX8.tmp
- %System%\DllCache\HFX9.tmp
- %System%\DllCache\HFXA.tmp
- %System%\DllCache\HFXB.tmp
- %System%\DllCache\HFXC.tmp
(註:%System Root%は、標準設定では "C:" です。また、オペレーティングシステムが存在する場所です。. %Windows%はWindowsの種類とインストール時の設定などにより異なります。標準設定では、Windows9x、Me、XP、Server 2003の場合、"C:\Window"、WindowsNT および 2000の場合、"C:\WINNT" です。. %System%はWindowsの種類とインストール時の設定などにより異なります。標準設定では、Windows 98 および MEの場合、"C:\Windows\System"、Windows NT および 2000 の場合、"C:\WinNT\System32"、Windows XP および Server 2003 の場合、"C:\Windows\System32" です。)
このウイルス情報は、自動解析システムにより作成されました。
対応方法
手順 1
Windows XP および Windows Server 2003 のユーザは、コンピュータからマルウェアもしくはアドウェア等を完全に削除するために、ウイルス検索の実行前には必ず「システムの復元」を無効にしてください。
手順 2
Windowsをセーフモードで再起動します。
手順 3
このレジストリキーを削除します。
警告:レジストリはWindowsの構成情報が格納されているデータベースであり、レジストリの編集内容に問題があると、システムが正常に動作しなくなる場合があります。
レジストリの編集はお客様の責任で行っていただくようお願いいたします。弊社ではレジストリの編集による如何なる問題に対しても補償いたしかねます。
レジストリの編集前にこちらをご参照ください。
- In HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog\System
- Windows Installer 3.1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
- KB893803v2
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2
- Filelist
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist
- 0
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist
- 1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist
- 2
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist
- 3
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist
- 4
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist
- 5
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist
- 6
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist
- 7
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist
- 8
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist
- 9
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix
- KB893803v2
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\KB893803v2
- File 1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
- KB893803
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
- MSI30-Beta1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
- MSI30-Beta2
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
- MSI30-RC1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
- MSI30-RC2
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
- KB884016
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
- MSI30a-KB884016
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
- MSI30-KB884016
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
- MSI31-Beta
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
- MSI31-RC1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\OC Manager
- TemporaryData
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Oc Manager\TemporaryData
- 610:106208
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Oc Manager\TemporaryData\610:106208
- iis
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates
- UpdateExeVolatile
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates
- UpdateExeVolatile_01CC93CCBAE3BB40
手順 4
このレジストリ値を削除します。
警告:レジストリはWindowsの構成情報が格納されているデータベースであり、レジストリの編集内容に問題があると、システムが正常に動作しなくなる場合があります。
レジストリの編集はお客様の責任で行っていただくようお願いいたします。弊社ではレジストリの編集による如何なる問題に対しても補償いたしかねます。
レジストリの編集前にこちらをご参照ください。
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup
- LogLevel=2
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893803v2
- DisplayName="Windows Installer 3.1 (KB893803)"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893803v2
- UninstallString=""%Windows%\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe""
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893803v2
- TSAware=1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893803v2
- NoModify=1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893803v2
- Publisher="Microsoft Corporation"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893803v2
- NoRepair=1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893803v2
- HelpLink="http://go.{BLOCKED}oft.com/fwlink/?LinkId=42467"
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Windows Installer 3.1
- EventMessageFile="%SystemRoot%\System32\spmsg.dll"
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\Windows Installer 3.1
- TypesSupported=7
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
- AllowProtectedRenames=1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist\0
- FileName="msi.dll"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist\0
- Version="3.1.4000.2435"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist\0
- BuildDate="Mon May 02 08:51:33 2005"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist\0
- BuildCheckSum="2c74db"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist\0
- Location="%System%"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist\1
- FileName="msiexec.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist\1
- Version="3.1.4000.1823"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist\1
- BuildDate="Mon Mar 14 18:02:55 2005"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist\1
- BuildCheckSum="230ba"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist\1
- Location="%System%"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist\2
- FileName="msihnd.dll"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist\2
- Version="3.1.4000.1823"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist\2
- BuildDate="Mon Mar 14 20:05:58 2005"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist\2
- BuildCheckSum="4f6b4"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist\2
- Location="%System%"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist\3
- FileName="msimsg.dll"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist\3
- Version="3.1.4000.1823"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist\3
- BuildDate="Mon Mar 14 16:23:23 2005"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist\3
- BuildCheckSum="e2d67"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist\3
- Location="%System%"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist\4
- FileName="msisip.dll"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist\4
- Version="3.1.4000.1823"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist\4
- BuildDate="Mon Mar 14 20:06:02 2005"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist\4
- BuildCheckSum="69c8"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist\4
- Location="%System%"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist\5
- FileName="msi.dll"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist\5
- Version="3.1.4000.2435"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist\5
- BuildDate="Mon May 02 08:51:33 2005"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist\5
- BuildCheckSum="2c74db"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist\5
- Location="%System%\DllCache"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist\6
- FileName="msiexec.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist\6
- Version="3.1.4000.1823"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist\6
- BuildDate="Mon Mar 14 18:02:55 2005"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist\6
- BuildCheckSum="230ba"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist\6
- Location="%System%\DllCache"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist\7
- FileName="msihnd.dll"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist\7
- Version="3.1.4000.1823"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist\7
- BuildDate="Mon Mar 14 20:05:58 2005"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist\7
- BuildCheckSum="4f6b4"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist\7
- Location="%System%\DllCache"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist\8
- FileName="msimsg.dll"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist\8
- Version="3.1.4000.1823"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist\8
- BuildDate="Mon Mar 14 16:23:23 2005"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist\8
- BuildCheckSum="e2d67"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist\8
- Location="%System%\DllCache"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist\9
- FileName="msisip.dll"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist\9
- Version="3.1.4000.1823"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist\9
- BuildDate="Mon Mar 14 20:06:02 2005"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist\9
- BuildCheckSum="69c8"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2\Filelist\9
- Location="%System%\DllCache"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB893803v2
- Installed=1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB893803v2
- Comments="Windows Installer 3.1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB893803v2
- Fix Description="Windows Installer 3.1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB893803v2
- Service Pack=3
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\HotFix\KB893803v2
- Valid=1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2
- PackageName="Windows Installer 3.1 (KB893803)"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2
- Description="Windows Installer 3.1 (KB893803)"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2
- PackageVersion="1.0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2
- Publisher="Microsoft Corporation"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2
- PublishingGroup="Windows Installer Team"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2
- ReleaseType="Software Update"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2
- ARPLink="HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893803v2"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2
- InstallerName="Update.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2
- InstallerVersion="6.1.22.4"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893803
- DisplayVersion="3.1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893803
- HelpLink="http://go.{BLOCKED}oft.com/fwlink/?LinkId=42467"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893803
- ReleaseType="Software Update"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893803
- DisplayIcon="%windir%\system32\msiexec.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-Beta1
- SystemComponent=1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-Beta2
- SystemComponent=1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-RC1
- SystemComponent=1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-RC2
- SystemComponent=1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB884016
- SystemComponent=1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30a-KB884016
- SystemComponent=1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI30-KB884016
- SystemComponent=1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI31-Beta
- SystemComponent=1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MSI31-RC1
- SystemComponent=1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB893803
- SystemComponent=1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2
- InstalledDate="10/26/2011"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2
- InstalledBy="Administrator"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2
- UninstallCommand="%Windows%\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe "
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB893803v2
- Type="Update"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup
- ServicePackCachePath="%Windows%\ServicePackFiles\ServicePackCache"
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
- PendingFileRenameOperations=""\??\%System%\_000110_.tmp.dll""
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Oc Manager\TemporaryData\610:106208\iis
- PathInetsrv="%System%\inetsrv"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Oc Manager\TemporaryData\610:106208\iis
- PathIISAdmin="%System%\inetsrv\iisadmin"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Oc Manager\TemporaryData\610:106208\iis
- PathIISHelp="%Windows%\Help\iishelp"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Oc Manager\TemporaryData\610:106208\iis
- PathFTPRoot="%System Root%\Inetpub\ftproot"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Oc Manager\TemporaryData\610:106208\iis
- PathWWWRoot="%System Root%\Inetpub\wwwroot"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Oc Manager\TemporaryData\610:106208\iis
- PathIISSamples="%System Root%\Inetpub\iissamples"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Oc Manager\TemporaryData\610:106208\iis
- PathScripts="%System Root%\Inetpub\iissamples\Scripts"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Oc Manager\TemporaryData\610:106208\iis
- IISProgramGroup="Microsoft Internet Information Services"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\UpdateExeVolatile
- Flags=2
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\UpdateExeVolatile_01CC93CCBAE3BB40
- Flags=2
手順 5
変更されたレジストリ値を修正します。
警告:レジストリはWindowsの構成情報が格納されているデータベースであり、レジストリの編集内容に問題があると、システムが正常に動作しなくなる場合があります。
レジストリの編集はお客様の責任で行っていただくようお願いいたします。弊社ではレジストリの編集による如何なる問題に対しても補償いたしかねます。
レジストリの編集前にこちらをご参照ください。
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{000C101C-0000-0000-C000-000000000046}
- From: AppId="{000C101C-0000-0000-C000-000000000046}"
To: AppId={000C101C-0000-0000-C000-000000000046}
- From: AppId="{000C101C-0000-0000-C000-000000000046}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer
- From: InstallerLocation="%System%\"
To: InstallerLocation=%System%
- From: InstallerLocation="%System%\"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{000C101C-0000-0000-C000-000000000046}
- From: LocalService="MSIServer"
To: LocalService=MSIServer
- From: LocalService="MSIServer"
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\MsiInstaller
- From: EventMessageFile="%System%\msi.dll"
To: EventMessageFile=%System%\msi.dll
- From: EventMessageFile="%System%\msi.dll"
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\MsiInstaller
- From: TypesSupported=7
To: TypesSupported=7
- From: TypesSupported=7
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{000C103E-0000-0000-C000-000000000046}\InProcServer32
- From: ThreadingModel="Both"
To: ThreadingModel=Both
- From: ThreadingModel="Both"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{000C1090-0000-0000-C000-000000000046}\InprocServer32
- From: ThreadingModel="Apartment"
To: ThreadingModel=Apartment
- From: ThreadingModel="Apartment"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{000C1094-0000-0000-C000-000000000046}\InprocServer32
- From: ThreadingModel="Apartment"
To: ThreadingModel=Apartment
- From: ThreadingModel="Apartment"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{000C1090-0000-0000-C000-000000000046}\TypeLib
- From: Version="1.0"
To: Version=1.0
- From: Version="1.0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{000C1093-0000-0000-C000-000000000046}\TypeLib
- From: Version="1.0"
To: Version=1.0
- From: Version="1.0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{000C1095-0000-0000-C000-000000000046}\TypeLib
- From: Version="1.0"
To: Version=1.0
- From: Version="1.0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{000C1096-0000-0000-C000-000000000046}\TypeLib
- From: Version="1.0"
To: Version=1.0
- From: Version="1.0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{000C109A-0000-0000-C000-000000000046}\TypeLib
- From: Version="1.0"
To: Version=1.0
- From: Version="1.0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{000C109B-0000-0000-C000-000000000046}\TypeLib
- From: Version="1.0"
To: Version=1.0
- From: Version="1.0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{000C109C-0000-0000-C000-000000000046}\TypeLib
- From: Version="1.0"
To: Version=1.0
- From: Version="1.0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{000C109D-0000-0000-C000-000000000046}\TypeLib
- From: Version="1.0"
To: Version=1.0
- From: Version="1.0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{000C109E-0000-0000-C000-000000000046}\TypeLib
- From: Version="1.0"
To: Version=1.0
- From: Version="1.0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{000C109F-0000-0000-C000-000000000046}\TypeLib
- From: Version="1.0"
To: Version=1.0
- From: Version="1.0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{000C10A0-0000-0000-C000-000000000046}\TypeLib
- From: Version="1.0"
To: Version=1.0
- From: Version="1.0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{000C10A1-0000-0000-C000-000000000046}\TypeLib
- From: Version="1.0"
To: Version=1.0
- From: Version="1.0"
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSIServer
- From: Type=2
To: Type=20
- From: Type=2
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSIServer
- From: Start=3
To: Start=3
- From: Start=3
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSIServer
- From: ErrorControl=1
To: ErrorControl=1
- From: ErrorControl=1
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSIServer
- From: ImagePath="%System%\msiexec.exe /V"
To: ImagePath=%System%\msiexec.exe /V
- From: ImagePath="%System%\msiexec.exe /V"
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSIServer
- From: DependOnService=""RpcSs""
To: DependOnService=RpcSs
- From: DependOnService=""RpcSs""
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSIServer
- DependOnGroup=""""
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSIServer
- From: ObjectName="LocalSystem"
To: ObjectName=LocalSystem
- From: ObjectName="LocalSystem"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Msi.Package
- From: EditFlags={random values}
To: EditFlags={random values}
- From: EditFlags={random values}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Msi.Package
- From: FriendlyTypeName="@%SystemRoot%\System32\msi.dll,-34"
To: FriendlyTypeName=@%SystemRoot%\System32\msi.dll,-34
- From: FriendlyTypeName="@%SystemRoot%\System32\msi.dll,-34"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Msi.Package\shell\Open
- From: MUIVerb="@%SystemRoot%\System32\msi.dll,-36"
To: MUIVerb=@%SystemRoot%\System32\msi.dll,-36
- From: MUIVerb="@%SystemRoot%\System32\msi.dll,-36"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Msi.Package\shell\Repair
- From: MUIVerb="@%SystemRoot%\System32\msi.dll,-37"
To: MUIVerb=@%SystemRoot%\System32\msi.dll,-37
- From: MUIVerb="@%SystemRoot%\System32\msi.dll,-37"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Msi.Package\shell\Uninstall
- From: MUIVerb="@%SystemRoot%\System32\msi.dll,-38"
To: MUIVerb=@%SystemRoot%\System32\msi.dll,-38
- From: MUIVerb="@%SystemRoot%\System32\msi.dll,-38"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Msi.Patch
- From: EditFlags={random values}
To: EditFlags={random values}
- From: EditFlags={random values}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Msi.Patch
- From: FriendlyTypeName="@%SystemRoot%\System32\msi.dll,-35"
To: FriendlyTypeName=@%SystemRoot%\System32\msi.dll,-35
- From: FriendlyTypeName="@%SystemRoot%\System32\msi.dll,-35"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Msi.Patch\shell\Open
- From: MUIVerb="@%SystemRoot%\System32\msi.dll,-39"
To: MUIVerb=@%SystemRoot%\System32\msi.dll,-39
- From: MUIVerb="@%SystemRoot%\System32\msi.dll,-39"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\MSMQ
- From: LogSessionName="stdout"
To: LogSessionName=stdout
- From: LogSessionName="stdout"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\MSMQ
- From: Active=1
To: Active=1
- From: Active=1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\MSMQ
- From: ControlFlags=1
To: ControlFlags=1
- From: ControlFlags=1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\MSMQ\Regular
- From: Guid="24b9a175-8716-40e0-9b2b-785de75b1e67"
To: Guid=24b9a175-8716-40e0-9b2b-785de75b1e67
- From: Guid="24b9a175-8716-40e0-9b2b-785de75b1e67"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\MSMQ\Regular
- From: BitNames=" rsError rsWarning rsTrace rsNone"
To: BitNames= rsError rsWarning rsTrace rsNone
- From: BitNames=" rsError rsWarning rsTrace rsNone"
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SENS
- From: Start=2
To: Start=2
- From: Start=2
手順 6
以下のフォルダを検索し削除します。
- %System Root%\_038937_
- %System Root%\ce198427a6f4aff3780463ae167354
- %System Root%\ce198427a6f4aff3780463ae167354\update
- %Windows%\LastGood
- %Windows%\LastGood\INF
- %Windows%\$MSI31Uninstall_KB893803v2$
- %Windows%\$MSI31Uninstall_KB893803v2$\spuninst
手順 7
以下のファイルを検索し削除します。
- %System Root%\ce198427a6f4aff3780463ae167354\empty.cat
- %System Root%\ce198427a6f4aff3780463ae167354\msi.dll
- %System Root%\ce198427a6f4aff3780463ae167354\msihnd.dll
- %System Root%\ce198427a6f4aff3780463ae167354\msimsg.dll
- %System Root%\ce198427a6f4aff3780463ae167354\msisip.dll
- %System Root%\ce198427a6f4aff3780463ae167354\msiexec.exe
- %System Root%\ce198427a6f4aff3780463ae167354\update\kb893803v2_net.cat
- %System Root%\ce198427a6f4aff3780463ae167354\update\kb893803v2_w2k.cat
- %System Root%\ce198427a6f4aff3780463ae167354\update\kb893803v2_wxp.cat
- %System Root%\ce198427a6f4aff3780463ae167354\update\updatebr.inf
- %System Root%\ce198427a6f4aff3780463ae167354\update\update.ver
- %System Root%\ce198427a6f4aff3780463ae167354\UPDATE\spcustom.dll
- %System Root%\ce198427a6f4aff3780463ae167354\spmsg.dll
- %System Root%\ce198427a6f4aff3780463ae167354\UPDATE\updspapi.dll
- %System Root%\ce198427a6f4aff3780463ae167354\spuninst.exe
- %System Root%\ce198427a6f4aff3780463ae167354\UPDATE\update.exe
- %System Root%\ce198427a6f4aff3780463ae167354\UPDATE\update_w2k3.inf
- %System Root%\ce198427a6f4aff3780463ae167354\UPDATE\update_win2k.inf
- %System Root%\ce198427a6f4aff3780463ae167354\UPDATE\update_wxp.inf
- %System Root%\ce198427a6f4aff3780463ae167354\UPDATE\eula.txt
- %System Root%\ce198427a6f4aff3780463ae167354\$shtdwn$.req
- %Windows%\INF\oem12.PNF
- %Windows%\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.txt
- %Windows%\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.inf
- %Windows%\INF\oem12.inf
- %Windows%\$MSI31Uninstall_KB893803v2$\msi.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\msiexec.exe
- %Windows%\$MSI31Uninstall_KB893803v2$\msihnd.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\msimsg.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\msisip.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\spuninst\updspapi.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe
- %System%\spmsg.dll
- %Windows%\KB893803v2_wxp.cat
- %System%\HFX3.tmp
- %System%\HFX4.tmp
- %System%\HFX5.tmp
- %System%\HFX6.tmp
- %System%\HFX7.tmp
- %System%\DllCache\HFX8.tmp
- %System%\DllCache\HFX9.tmp
- %System%\DllCache\HFXA.tmp
- %System%\DllCache\HFXB.tmp
- %System%\DllCache\HFXC.tmp
手順 8
コンピュータを通常モードで再起動し、最新のバージョン(エンジン、パターンファイル)を導入したウイルス対策製品を用い、「PE_AGENT.PXI」と検出したファイルの検索を実行してください。 検出されたファイルが、弊社ウイルス対策製品により既に駆除、隔離またはファイル削除の処理が実行された場合、ウイルスの処理は完了しており、他の削除手順は特にありません。
手順 9
以下のファイルをバックアップを用いて修復します。なお、マイクロソフト製品に関連したファイルのみ修復されます。このマルウェア/グレイウェア/スパイウェアが同社製品以外のプログラムをも削除した場合には、該当プログラムを再度インストールする必要があります。
- %Windows%\$MSI31Uninstall_KB893803v2$\_000000_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\msi.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\_000001_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\msiexec.exe
- %Windows%\$MSI31Uninstall_KB893803v2$\_000002_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\msihnd.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\_000003_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\msimsg.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\_000004_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\msisip.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\_000005_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00013
- %Windows%\$MSI31Uninstall_KB893803v2$\_000006_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00014
- %Windows%\$MSI31Uninstall_KB893803v2$\_000007_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00015
- %Windows%\$MSI31Uninstall_KB893803v2$\_000008_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00016
- %Windows%\$MSI31Uninstall_KB893803v2$\_000009_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00017
- %Windows%\$MSI31Uninstall_KB893803v2$\_000010_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00018
- %Windows%\$MSI31Uninstall_KB893803v2$\_000011_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00019
- %Windows%\$MSI31Uninstall_KB893803v2$\_000012_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00020
- %Windows%\$MSI31Uninstall_KB893803v2$\_000013_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00021
- %Windows%\$MSI31Uninstall_KB893803v2$\_000014_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00022
- %Windows%\$MSI31Uninstall_KB893803v2$\_000015_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00023
- %Windows%\$MSI31Uninstall_KB893803v2$\_000016_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00024
- %Windows%\$MSI31Uninstall_KB893803v2$\_000017_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00025
- %Windows%\$MSI31Uninstall_KB893803v2$\_000018_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00026
- %Windows%\$MSI31Uninstall_KB893803v2$\_000019_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00027
- %Windows%\$MSI31Uninstall_KB893803v2$\_000020_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00028
- %Windows%\$MSI31Uninstall_KB893803v2$\_000021_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00029
- %Windows%\$MSI31Uninstall_KB893803v2$\_000022_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00030
- %Windows%\$MSI31Uninstall_KB893803v2$\_000023_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00031
- %Windows%\$MSI31Uninstall_KB893803v2$\_000024_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00032
- %Windows%\$MSI31Uninstall_KB893803v2$\_000025_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00033
- %Windows%\$MSI31Uninstall_KB893803v2$\_000026_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00034
- %Windows%\$MSI31Uninstall_KB893803v2$\_000027_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00035
- %Windows%\$MSI31Uninstall_KB893803v2$\_000028_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00036
- %Windows%\$MSI31Uninstall_KB893803v2$\_000029_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00037
- %Windows%\$MSI31Uninstall_KB893803v2$\_000030_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00038
- %Windows%\$MSI31Uninstall_KB893803v2$\_000031_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00039
- %Windows%\$MSI31Uninstall_KB893803v2$\_000032_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00040
- %Windows%\$MSI31Uninstall_KB893803v2$\_000033_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00041
- %Windows%\$MSI31Uninstall_KB893803v2$\_000034_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00042
- %Windows%\$MSI31Uninstall_KB893803v2$\_000035_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00043
- %Windows%\$MSI31Uninstall_KB893803v2$\_000036_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00044
- %Windows%\$MSI31Uninstall_KB893803v2$\_000037_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00045
- %Windows%\$MSI31Uninstall_KB893803v2$\_000038_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00046
- %Windows%\$MSI31Uninstall_KB893803v2$\_000039_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00047
- %Windows%\$MSI31Uninstall_KB893803v2$\_000040_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00048
- %Windows%\$MSI31Uninstall_KB893803v2$\_000041_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00051
- %Windows%\$MSI31Uninstall_KB893803v2$\_000042_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00052
- %Windows%\$MSI31Uninstall_KB893803v2$\_000043_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00053
- %Windows%\$MSI31Uninstall_KB893803v2$\_000044_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00054
- %Windows%\$MSI31Uninstall_KB893803v2$\_000045_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00055
- %Windows%\$MSI31Uninstall_KB893803v2$\_000046_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00056
- %Windows%\$MSI31Uninstall_KB893803v2$\_000047_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00057
- %Windows%\$MSI31Uninstall_KB893803v2$\_000048_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00058
- %Windows%\$MSI31Uninstall_KB893803v2$\_000049_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00059
- %Windows%\$MSI31Uninstall_KB893803v2$\_000050_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00060
- %Windows%\$MSI31Uninstall_KB893803v2$\_000051_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00061
- %Windows%\$MSI31Uninstall_KB893803v2$\_000052_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00062
- %Windows%\$MSI31Uninstall_KB893803v2$\_000053_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00063
- %Windows%\$MSI31Uninstall_KB893803v2$\_000054_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00064
- %Windows%\$MSI31Uninstall_KB893803v2$\_000055_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00065
- %Windows%\$MSI31Uninstall_KB893803v2$\_000056_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00066
- %Windows%\$MSI31Uninstall_KB893803v2$\_000057_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00067
- %Windows%\$MSI31Uninstall_KB893803v2$\_000058_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00068
- %Windows%\$MSI31Uninstall_KB893803v2$\_000059_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00069
- %Windows%\$MSI31Uninstall_KB893803v2$\_000060_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00070
- %Windows%\$MSI31Uninstall_KB893803v2$\_000061_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00071
- %Windows%\$MSI31Uninstall_KB893803v2$\_000062_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00072
- %Windows%\$MSI31Uninstall_KB893803v2$\_000063_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00073
- %Windows%\$MSI31Uninstall_KB893803v2$\_000064_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00074
- %Windows%\$MSI31Uninstall_KB893803v2$\_000065_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00075
- %Windows%\$MSI31Uninstall_KB893803v2$\_000066_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00076
- %Windows%\$MSI31Uninstall_KB893803v2$\_000067_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00077
- %Windows%\$MSI31Uninstall_KB893803v2$\_000068_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00078
- %Windows%\$MSI31Uninstall_KB893803v2$\_000069_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00079
- %Windows%\$MSI31Uninstall_KB893803v2$\_000070_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00080
- %Windows%\$MSI31Uninstall_KB893803v2$\_000071_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00081
- %Windows%\$MSI31Uninstall_KB893803v2$\_000072_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00082
- %Windows%\$MSI31Uninstall_KB893803v2$\_000073_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00083
- %Windows%\$MSI31Uninstall_KB893803v2$\_000074_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00084
- %Windows%\$MSI31Uninstall_KB893803v2$\_000075_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00085
- %Windows%\$MSI31Uninstall_KB893803v2$\_000076_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00086
- %Windows%\$MSI31Uninstall_KB893803v2$\_000077_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00087
- %Windows%\$MSI31Uninstall_KB893803v2$\_000078_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00088
- %Windows%\$MSI31Uninstall_KB893803v2$\_000079_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00089
- %Windows%\$MSI31Uninstall_KB893803v2$\_000080_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00090
- %Windows%\$MSI31Uninstall_KB893803v2$\_000081_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00091
- %Windows%\$MSI31Uninstall_KB893803v2$\_000082_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00092
- %Windows%\$MSI31Uninstall_KB893803v2$\_000083_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00093
- %Windows%\$MSI31Uninstall_KB893803v2$\_000084_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00094
- %Windows%\$MSI31Uninstall_KB893803v2$\_000085_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00095
- %Windows%\$MSI31Uninstall_KB893803v2$\_000086_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00096
- %Windows%\$MSI31Uninstall_KB893803v2$\_000087_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00097
- %Windows%\$MSI31Uninstall_KB893803v2$\_000088_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00098
- %Windows%\$MSI31Uninstall_KB893803v2$\_000089_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00099
- %Windows%\$MSI31Uninstall_KB893803v2$\_000090_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00100
- %Windows%\$MSI31Uninstall_KB893803v2$\_000091_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00101
- %Windows%\$MSI31Uninstall_KB893803v2$\_000092_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00102
- %Windows%\$MSI31Uninstall_KB893803v2$\_000093_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00103
- %Windows%\$MSI31Uninstall_KB893803v2$\_000094_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00104
- %Windows%\$MSI31Uninstall_KB893803v2$\_000095_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00105
- %Windows%\$MSI31Uninstall_KB893803v2$\_000096_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00106
- %Windows%\$MSI31Uninstall_KB893803v2$\_000097_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00107
- %Windows%\$MSI31Uninstall_KB893803v2$\_000098_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00108
- %Windows%\$MSI31Uninstall_KB893803v2$\_000099_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00109
- %Windows%\$MSI31Uninstall_KB893803v2$\_000100_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00110
- %Windows%\$MSI31Uninstall_KB893803v2$\_000101_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00111
- %Windows%\$MSI31Uninstall_KB893803v2$\_000102_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00112
- %Windows%\$MSI31Uninstall_KB893803v2$\_000103_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00113
- %Windows%\$MSI31Uninstall_KB893803v2$\_000104_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00114
- %Windows%\$MSI31Uninstall_KB893803v2$\_000105_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00115
- %Windows%\$MSI31Uninstall_KB893803v2$\_000106_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\reg00116
- %Windows%\$MSI31Uninstall_KB893803v2$\spuninst\_000107_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\spuninst\updspapi.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\spuninst\_000108_.tmp.dll
- %Windows%\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe
- %Windows%\KB893803v2_wxp.cat
- %Windows%\_000109_.tmp.dll
- %System%\HFX3.tmp
- %System%\_000110_.tmp.dll
- %System%\HFX4.tmp
- %System%\_000111_.tmp.dll
- %System%\HFX5.tmp
- %System%\_000112_.tmp.dll
- %System%\HFX6.tmp
- %System%\_000113_.tmp.dll
- %System%\HFX7.tmp
- %System%\_000114_.tmp.dll
- %System%\DllCache\HFX8.tmp
- %System%\DllCache\_000115_.tmp.dll
- %System%\DllCache\HFX9.tmp
- %System%\DllCache\_000116_.tmp.dll
- %System%\DllCache\HFXA.tmp
- %System%\DllCache\_000117_.tmp.dll
- %System%\DllCache\HFXB.tmp
- %System%\DllCache\_000118_.tmp.dll
- %System%\DllCache\HFXC.tmp
- %System%\DllCache\_000119_.tmp.dll
- %Windows%\imsins.BAK
- %Windows%\INF\oem12.inf
- %Windows%\INF\oem12.pnf
ご利用はいかがでしたか? アンケートにご協力ください