PE_FUTU.A
別名:
Exploit:Win32/RpcDcom.gen!MS03-039 (Microsoft); Exploit-DcomRpc.g.gen (McAfee); W32.Blaster.Worm (Symantec); Net-Worm.Win32.Kolabc.gu (Kaspersky); ERROR (Sunbelt); Worm/Antinny.AR (AVG)
プラットフォーム:
Windows 2000, Windows XP, Windows Server 2003
危険度:
感染確認数:
マルウェアタイプ:
ファイル感染型
破壊活動の有無:
なし
暗号化:
感染報告の有無 :
はい
概要
ウイルスは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。
詳細
ファイルサイズ 16,806 bytes
タイプ EXE
メモリ常駐 なし
発見日 2013年5月10日
侵入方法
ウイルスは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。
インストール
ウイルスは、感染したコンピュータ内に以下のように自身のコピーを作成します。
- %System Root%\Documents and Settings\All Users\Application Data\Adobe\Acrobat_
- %System Root%\Documents and Settings\All Users\Application Data\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AA0000000001}\setup.exe_
- %System Root%\Documents and Settings\Wilbert\Local Settings\Temp\{835818DD-220C-4ABD-946E-0D8660B95E29}\SourcePath.bat_
- %System Root%\NTDETECT.COM_
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\AcroBroker.exe_
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe_
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\AcroRd32Info.exe_
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\AcroTextExtractor.exe_
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe_
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\Eula.exe_
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\LogTransport2.exe_
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\PDFPrevHndlrShim.exe_
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe_
- %System Root%\Program Files\Common Files\Adobe\Acrobat_
- %System Root%\Program Files\Common Files\Adobe\ARM\1.0\AcrobatUpdater.exe_
- %System Root%\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe_
- %System Root%\Program Files\Common Files\Adobe\ARM\1.0\ReaderUpdater.exe_
- %System Root%\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE_
- %System Root%\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE_
- %System Root%\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe_
- %System Root%\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe_
- %System Root%\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe_
- %System Root%\Program Files\Internet Explorer\Connection Wizard\icwconn2.exe_
- %System Root%\Program Files\Internet Explorer\Connection Wizard\icwrmind.exe_
- %System Root%\Program Files\Internet Explorer\Connection Wizard\icwtutor.exe_
- %System Root%\Program Files\Internet Explorer\Connection Wizard\inetwiz.exe_
- %System Root%\Program Files\Internet Explorer\Connection Wizard\isignup.exe_
- %System Root%\Program Files\Internet Explorer\iedw.exe_
- %System Root%\Program Files\Internet Explorer\IEXPLORE.EXE_
- %System Root%\Program Files\Messenger\msmsgs.exe_
- %System Root%\Program Files\Movie Maker\moviemk.exe_
- %System Root%\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\Digcore.exe_
- %System Root%\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\Msncli.exe_
- %System Root%\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe_
- %System Root%\Program Files\MSN Gaming Zone\Windows\bckgzm.exe_
- %System Root%\Program Files\MSN Gaming Zone\Windows\chkrzm.exe_
- %System Root%\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe_
- %System Root%\Program Files\MSN Gaming Zone\Windows\Rvsezm.exe_
- %System Root%\Program Files\MSN Gaming Zone\Windows\shvlzm.exe_
- %System Root%\Program Files\MSN Gaming Zone\Windows\zClientm.exe_
- %System Root%\Program Files\NetMeeting\cb32.exe_
- %System Root%\Program Files\NetMeeting\conf.exe_
- %System Root%\Program Files\NetMeeting\wb32.exe_
- %System Root%\Program Files\Outlook Express\msimn.exe_
- %System Root%\Program Files\Outlook Express\oemig50.exe_
- %System Root%\Program Files\Outlook Express\setup50.exe_
- %System Root%\Program Files\Outlook Express\wab.exe_
- %System Root%\Program Files\Outlook Express\wabmig.exe_
- %System Root%\Program Files\Windows Media Player\migrate.exe_
- %System Root%\Program Files\Windows Media Player\mplayer2.exe_
- %System Root%\Program Files\Windows Media Player\setup_wm.exe_
- %System Root%\Program Files\Windows Media Player\wmplayer.exe_
- %System Root%\Program Files\Windows NT\Accessories\wordpad.exe_
- %System Root%\Program Files\Windows NT\dialer.exe_
- %System Root%\Program Files\Windows NT\hypertrm.exe_
- %System Root%\Program Files\Windows NT\Pinball\PINBALL.EXE_
- %System Root%\Program Files\WinPcap\rpcapd.exe_
- %System Root%\Program Files\WinPcap\Uninstall.exe_
- %System Root%\WINDOWS\$MSI31Uninstall_KB893803v2$\msiexec.exe_
- %System Root%\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe_
- %System Root%\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe_
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\bb3c2f59a821abc54f420f3a9e051d6a\ComSvcConfig.ni.exe_
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\837fe02bdcf637d5bf1e5ffb935ebb80\dfsvc.ni.exe_
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\MSBuild\aa99ebdd26e5d493fec18b1714458782\MSBuild.ni.exe_
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\4ce7fd62d4107fbe996ab305eb21ee6a\PresentationFontCache.ni.exe_
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\feac66e81309d67b48f7a9f4cb98f7c8\ServiceModelReg.ni.exe_
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMSvcHost\a098c66aa40d958878f3f5344e6ae1a4\SMSvcHost.ni.exe_
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\WsatConfig\13f498f606b7cb97c086eea149b8c872\WsatConfig.ni.exe_
- %System Root%\WINDOWS\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\51819c709096229ee187a7feee395d9f\ComSvcConfig.ni.exe_
- %System Root%\WINDOWS\assembly\NativeImages_v4.0.30319_32\dfsvc\b9b6069e6da06eb57e89cc544397f735\dfsvc.ni.exe_
- %System Root%\WINDOWS\assembly\NativeImages_v4.0.30319_32\Microsoft.Workflow.#\6a8da5dd61b1fcfed27f84047a3e2bad\Microsoft.Workflow.Compiler.ni.exe_
- %System Root%\WINDOWS\assembly\NativeImages_v4.0.30319_32\MSBuild\aa25092606e5e9826db7a7bd0adb9b2b\MSBuild.ni.exe_
- %System Root%\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMSvcHost\38f0d77629891e7808424103aaef0728\SMSvcHost.ni.exe_
- %System Root%\WINDOWS\assembly\NativeImages_v4.0.30319_32\WsatConfig\3c0d21e75c9a48aba6fba3ddff0fcf39\WsatConfig.ni.exe_
- %System Root%\WINDOWS\explorer.exe_
- %System Root%\WINDOWS\Help\Tours\mmTour\tour.exe_
(註:%System Root%フォルダは、標準設定では "C:" です。また、オペレーティングシステムが存在する場所です。)
他のシステム変更
ウイルスは、以下のファイルを削除します。
- %System Root%\Documents and Settings\All Users\Application Data\Adobe\Acrobat
- %System Root%\Documents and Settings\All Users\Application Data\Adobe\Acrobat_
- %System Root%\Documents and Settings\All Users\Application Data\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AA0000000001}\setup.exe
- %System Root%\Documents and Settings\All Users\Application Data\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AA0000000001}\setup.exe_
- %System Root%\Documents and Settings\Wilbert\Local Settings\Temp\{835818DD-220C-4ABD-946E-0D8660B95E29}\SourcePath.bat
- %System Root%\Documents and Settings\Wilbert\Local Settings\Temp\{835818DD-220C-4ABD-946E-0D8660B95E29}\SourcePath.bat_
- %System Root%\NTDETECT.COM
- %System Root%\NTDETECT.COM_
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\AcroBroker.exe
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\AcroBroker.exe_
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe_
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\AcroRd32Info.exe
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\AcroRd32Info.exe_
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\AcroTextExtractor.exe
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\AcroTextExtractor.exe_
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe_
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\Eula.exe
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\Eula.exe_
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\LogTransport2.exe
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\LogTransport2.exe_
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\PDFPrevHndlrShim.exe
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\PDFPrevHndlrShim.exe_
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe_
- %System Root%\Program Files\Common Files\Adobe\Acrobat
- %System Root%\Program Files\Common Files\Adobe\Acrobat_
- %System Root%\Program Files\Common Files\Adobe\ARM\1.0\AcrobatUpdater.exe
- %System Root%\Program Files\Common Files\Adobe\ARM\1.0\AcrobatUpdater.exe_
- %System Root%\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
- %System Root%\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe_
- %System Root%\Program Files\Common Files\Adobe\ARM\1.0\ReaderUpdater.exe
- %System Root%\Program Files\Common Files\Adobe\ARM\1.0\ReaderUpdater.exe_
- %System Root%\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE
- %System Root%\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE_
- %System Root%\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE
- %System Root%\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE_
- %System Root%\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe
- %System Root%\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe_
- %System Root%\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe
- %System Root%\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe_
- %System Root%\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe
- %System Root%\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe_
- %System Root%\Program Files\Internet Explorer\Connection Wizard\icwconn2.exe
- %System Root%\Program Files\Internet Explorer\Connection Wizard\icwconn2.exe_
- %System Root%\Program Files\Internet Explorer\Connection Wizard\icwrmind.exe
- %System Root%\Program Files\Internet Explorer\Connection Wizard\icwrmind.exe_
- %System Root%\Program Files\Internet Explorer\Connection Wizard\icwtutor.exe
- %System Root%\Program Files\Internet Explorer\Connection Wizard\icwtutor.exe_
- %System Root%\Program Files\Internet Explorer\Connection Wizard\inetwiz.exe
- %System Root%\Program Files\Internet Explorer\Connection Wizard\inetwiz.exe_
- %System Root%\Program Files\Internet Explorer\Connection Wizard\isignup.exe
- %System Root%\Program Files\Internet Explorer\Connection Wizard\isignup.exe_
- %System Root%\Program Files\Internet Explorer\iedw.exe
- %System Root%\Program Files\Internet Explorer\iedw.exe_
- %System Root%\Program Files\Internet Explorer\IEXPLORE.EXE
- %System Root%\Program Files\Internet Explorer\IEXPLORE.EXE_
- %System Root%\Program Files\Messenger\msmsgs.exe
- %System Root%\Program Files\Messenger\msmsgs.exe_
- %System Root%\Program Files\Movie Maker\moviemk.exe
- %System Root%\Program Files\Movie Maker\moviemk.exe_
- %System Root%\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\Digcore.exe
- %System Root%\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\Digcore.exe_
- %System Root%\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\Msncli.exe
- %System Root%\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\Msncli.exe_
- %System Root%\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe
- %System Root%\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe_
- %System Root%\Program Files\MSN Gaming Zone\Windows\bckgzm.exe
- %System Root%\Program Files\MSN Gaming Zone\Windows\bckgzm.exe_
- %System Root%\Program Files\MSN Gaming Zone\Windows\chkrzm.exe
- %System Root%\Program Files\MSN Gaming Zone\Windows\chkrzm.exe_
- %System Root%\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe
- %System Root%\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe_
- %System Root%\Program Files\MSN Gaming Zone\Windows\Rvsezm.exe
- %System Root%\Program Files\MSN Gaming Zone\Windows\Rvsezm.exe_
- %System Root%\Program Files\MSN Gaming Zone\Windows\shvlzm.exe
- %System Root%\Program Files\MSN Gaming Zone\Windows\shvlzm.exe_
- %System Root%\Program Files\MSN Gaming Zone\Windows\zClientm.exe
- %System Root%\Program Files\MSN Gaming Zone\Windows\zClientm.exe_
- %System Root%\Program Files\NetMeeting\cb32.exe
- %System Root%\Program Files\NetMeeting\cb32.exe_
- %System Root%\Program Files\NetMeeting\conf.exe
- %System Root%\Program Files\NetMeeting\conf.exe_
- %System Root%\Program Files\NetMeeting\wb32.exe
- %System Root%\Program Files\NetMeeting\wb32.exe_
- %System Root%\Program Files\Outlook Express\msimn.exe
- %System Root%\Program Files\Outlook Express\msimn.exe_
- %System Root%\Program Files\Outlook Express\oemig50.exe
- %System Root%\Program Files\Outlook Express\oemig50.exe_
- %System Root%\Program Files\Outlook Express\setup50.exe
- %System Root%\Program Files\Outlook Express\setup50.exe_
- %System Root%\Program Files\Outlook Express\wab.exe
- %System Root%\Program Files\Outlook Express\wab.exe_
- %System Root%\Program Files\Outlook Express\wabmig.exe
- %System Root%\Program Files\Outlook Express\wabmig.exe_
- %System Root%\Program Files\Windows Media Player\migrate.exe
- %System Root%\Program Files\Windows Media Player\migrate.exe_
- %System Root%\Program Files\Windows Media Player\mplayer2.exe
- %System Root%\Program Files\Windows Media Player\mplayer2.exe_
- %System Root%\Program Files\Windows Media Player\setup_wm.exe
- %System Root%\Program Files\Windows Media Player\setup_wm.exe_
- %System Root%\Program Files\Windows Media Player\wmplayer.exe
- %System Root%\Program Files\Windows Media Player\wmplayer.exe_
- %System Root%\Program Files\Windows NT\Accessories\wordpad.exe
- %System Root%\Program Files\Windows NT\Accessories\wordpad.exe_
- %System Root%\Program Files\Windows NT\dialer.exe
- %System Root%\Program Files\Windows NT\dialer.exe_
- %System Root%\Program Files\Windows NT\hypertrm.exe
- %System Root%\Program Files\Windows NT\hypertrm.exe_
- %System Root%\Program Files\Windows NT\Pinball\PINBALL.EXE
- %System Root%\Program Files\Windows NT\Pinball\PINBALL.EXE_
- %System Root%\Program Files\WinPcap\rpcapd.exe
- %System Root%\Program Files\WinPcap\rpcapd.exe_
- %System Root%\Program Files\WinPcap\Uninstall.exe
- %System Root%\Program Files\WinPcap\Uninstall.exe_
- %System Root%\WINDOWS\$MSI31Uninstall_KB893803v2$\msiexec.exe
- %System Root%\WINDOWS\$MSI31Uninstall_KB893803v2$\msiexec.exe_
- %System Root%\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe
- %System Root%\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe_
- %System Root%\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe
- %System Root%\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe_
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\bb3c2f59a821abc54f420f3a9e051d6a\ComSvcConfig.ni.exe
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\bb3c2f59a821abc54f420f3a9e051d6a\ComSvcConfig.ni.exe_
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\837fe02bdcf637d5bf1e5ffb935ebb80\dfsvc.ni.exe
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\837fe02bdcf637d5bf1e5ffb935ebb80\dfsvc.ni.exe_
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\MSBuild\aa99ebdd26e5d493fec18b1714458782\MSBuild.ni.exe
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\MSBuild\aa99ebdd26e5d493fec18b1714458782\MSBuild.ni.exe_
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\4ce7fd62d4107fbe996ab305eb21ee6a\PresentationFontCache.ni.exe
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\4ce7fd62d4107fbe996ab305eb21ee6a\PresentationFontCache.ni.exe_
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\feac66e81309d67b48f7a9f4cb98f7c8\ServiceModelReg.ni.exe
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\feac66e81309d67b48f7a9f4cb98f7c8\ServiceModelReg.ni.exe_
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMSvcHost\a098c66aa40d958878f3f5344e6ae1a4\SMSvcHost.ni.exe
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMSvcHost\a098c66aa40d958878f3f5344e6ae1a4\SMSvcHost.ni.exe_
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\WsatConfig\13f498f606b7cb97c086eea149b8c872\WsatConfig.ni.exe
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\WsatConfig\13f498f606b7cb97c086eea149b8c872\WsatConfig.ni.exe_
- %System Root%\WINDOWS\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\51819c709096229ee187a7feee395d9f\ComSvcConfig.ni.exe
- %System Root%\WINDOWS\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\51819c709096229ee187a7feee395d9f\ComSvcConfig.ni.exe_
- %System Root%\WINDOWS\assembly\NativeImages_v4.0.30319_32\dfsvc\b9b6069e6da06eb57e89cc544397f735\dfsvc.ni.exe
- %System Root%\WINDOWS\assembly\NativeImages_v4.0.30319_32\dfsvc\b9b6069e6da06eb57e89cc544397f735\dfsvc.ni.exe_
- %System Root%\WINDOWS\assembly\NativeImages_v4.0.30319_32\Microsoft.Workflow.#\6a8da5dd61b1fcfed27f84047a3e2bad\Microsoft.Workflow.Compiler.ni.exe
- %System Root%\WINDOWS\assembly\NativeImages_v4.0.30319_32\Microsoft.Workflow.#\6a8da5dd61b1fcfed27f84047a3e2bad\Microsoft.Workflow.Compiler.ni.exe_
- %System Root%\WINDOWS\assembly\NativeImages_v4.0.30319_32\MSBuild\aa25092606e5e9826db7a7bd0adb9b2b\MSBuild.ni.exe
- %System Root%\WINDOWS\assembly\NativeImages_v4.0.30319_32\MSBuild\aa25092606e5e9826db7a7bd0adb9b2b\MSBuild.ni.exe_
- %System Root%\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMSvcHost\38f0d77629891e7808424103aaef0728\SMSvcHost.ni.exe
- %System Root%\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMSvcHost\38f0d77629891e7808424103aaef0728\SMSvcHost.ni.exe_
- %System Root%\WINDOWS\assembly\NativeImages_v4.0.30319_32\WsatConfig\3c0d21e75c9a48aba6fba3ddff0fcf39\WsatConfig.ni.exe
- %System Root%\WINDOWS\assembly\NativeImages_v4.0.30319_32\WsatConfig\3c0d21e75c9a48aba6fba3ddff0fcf39\WsatConfig.ni.exe_
- %System Root%\WINDOWS\explorer.exe
- %System Root%\WINDOWS\explorer.exe_
- %System Root%\WINDOWS\Help\Tours\mmTour\tour.exe
- %System Root%\WINDOWS\Help\Tours\mmTour\tour.exe_
(註:%System Root%フォルダは、標準設定では "C:" です。また、オペレーティングシステムが存在する場所です。)
作成活動
ウイルスは、以下のファイルを作成します。
- %System Root%\Documents and Settings\All Users\Application Data\Adobe\Acrobat-
- %System Root%\Documents and Settings\All Users\Application Data\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AA0000000001}\setup.exe-
- %System Root%\Documents and Settings\Wilbert\Local Settings\Temp\{835818DD-220C-4ABD-946E-0D8660B95E29}\SourcePath.bat-
- %System Root%\NTDETECT.COM-
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\AcroBroker.exe-
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe-
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\AcroRd32Info.exe-
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\AcroTextExtractor.exe-
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe-
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\Eula.exe-
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\LogTransport2.exe-
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\PDFPrevHndlrShim.exe-
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe-
- %System Root%\Program Files\Common Files\Adobe\Acrobat-
- %System Root%\Program Files\Common Files\Adobe\ARM\1.0\AcrobatUpdater.exe-
- %System Root%\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe-
- %System Root%\Program Files\Common Files\Adobe\ARM\1.0\ReaderUpdater.exe-
- %System Root%\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE-
- %System Root%\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE-
- %System Root%\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe-
- %System Root%\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe-
- %System Root%\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe-
- %System Root%\Program Files\Internet Explorer\Connection Wizard\icwconn2.exe-
- %System Root%\Program Files\Internet Explorer\Connection Wizard\icwrmind.exe-
- %System Root%\Program Files\Internet Explorer\Connection Wizard\icwtutor.exe-
- %System Root%\Program Files\Internet Explorer\Connection Wizard\inetwiz.exe-
- %System Root%\Program Files\Internet Explorer\Connection Wizard\isignup.exe-
- %System Root%\Program Files\Internet Explorer\iedw.exe-
- %System Root%\Program Files\Internet Explorer\IEXPLORE.EXE-
- %System Root%\Program Files\Messenger\msmsgs.exe-
- %System Root%\Program Files\Movie Maker\moviemk.exe-
- %System Root%\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\Digcore.exe-
- %System Root%\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\Msncli.exe-
- %System Root%\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe-
- %System Root%\Program Files\MSN Gaming Zone\Windows\bckgzm.exe-
- %System Root%\Program Files\MSN Gaming Zone\Windows\chkrzm.exe-
- %System Root%\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe-
- %System Root%\Program Files\MSN Gaming Zone\Windows\Rvsezm.exe-
- %System Root%\Program Files\MSN Gaming Zone\Windows\shvlzm.exe-
- %System Root%\Program Files\MSN Gaming Zone\Windows\zClientm.exe-
- %System Root%\Program Files\NetMeeting\cb32.exe-
- %System Root%\Program Files\NetMeeting\conf.exe-
- %System Root%\Program Files\NetMeeting\wb32.exe-
- %System Root%\Program Files\Outlook Express\msimn.exe-
- %System Root%\Program Files\Outlook Express\oemig50.exe-
- %System Root%\Program Files\Outlook Express\setup50.exe-
- %System Root%\Program Files\Outlook Express\wab.exe-
- %System Root%\Program Files\Outlook Express\wabmig.exe-
- %System Root%\Program Files\Windows Media Player\migrate.exe-
- %System Root%\Program Files\Windows Media Player\mplayer2.exe-
- %System Root%\Program Files\Windows Media Player\setup_wm.exe-
- %System Root%\Program Files\Windows Media Player\wmplayer.exe-
- %System Root%\Program Files\Windows NT\Accessories\wordpad.exe-
- %System Root%\Program Files\Windows NT\dialer.exe-
- %System Root%\Program Files\Windows NT\hypertrm.exe-
- %System Root%\Program Files\Windows NT\Pinball\PINBALL.EXE-
- %System Root%\Program Files\WinPcap\rpcapd.exe-
- %System Root%\Program Files\WinPcap\Uninstall.exe-
- %System Root%\WINDOWS\$MSI31Uninstall_KB893803v2$\msiexec.exe-
- %System Root%\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe-
- %System Root%\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe-
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\bb3c2f59a821abc54f420f3a9e051d6a\ComSvcConfig.ni.exe-
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\837fe02bdcf637d5bf1e5ffb935ebb80\dfsvc.ni.exe-
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\MSBuild\aa99ebdd26e5d493fec18b1714458782\MSBuild.ni.exe-
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\4ce7fd62d4107fbe996ab305eb21ee6a\PresentationFontCache.ni.exe-
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\feac66e81309d67b48f7a9f4cb98f7c8\ServiceModelReg.ni.exe-
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMSvcHost\a098c66aa40d958878f3f5344e6ae1a4\SMSvcHost.ni.exe-
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\WsatConfig\13f498f606b7cb97c086eea149b8c872\WsatConfig.ni.exe-
- %System Root%\WINDOWS\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\51819c709096229ee187a7feee395d9f\ComSvcConfig.ni.exe-
- %System Root%\WINDOWS\assembly\NativeImages_v4.0.30319_32\dfsvc\b9b6069e6da06eb57e89cc544397f735\dfsvc.ni.exe-
- %System Root%\WINDOWS\assembly\NativeImages_v4.0.30319_32\Microsoft.Workflow.#\6a8da5dd61b1fcfed27f84047a3e2bad\Microsoft.Workflow.Compiler.ni.exe-
- %System Root%\WINDOWS\assembly\NativeImages_v4.0.30319_32\MSBuild\aa25092606e5e9826db7a7bd0adb9b2b\MSBuild.ni.exe-
- %System Root%\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMSvcHost\38f0d77629891e7808424103aaef0728\SMSvcHost.ni.exe-
- %System Root%\WINDOWS\assembly\NativeImages_v4.0.30319_32\WsatConfig\3c0d21e75c9a48aba6fba3ddff0fcf39\WsatConfig.ni.exe-
- %System Root%\WINDOWS\explorer.exe-
- %System Root%\WINDOWS\Help\Tours\mmTour\tour.exe-
- %System Root%\Documents and Settings\All Users\Application Data\Adobe\Acrobat
- %System Root%\Documents and Settings\All Users\Application Data\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AA0000000001}\setup.exe
- %System Root%\Documents and Settings\Wilbert\Local Settings\Temp\{835818DD-220C-4ABD-946E-0D8660B95E29}\SourcePath.bat
- %System Root%\NTDETECT.COM
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\AcroBroker.exe
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\AcroRd32Info.exe
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\AcroTextExtractor.exe
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\Eula.exe
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\LogTransport2.exe
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\PDFPrevHndlrShim.exe
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe
- %System Root%\Program Files\Common Files\Adobe\Acrobat
- %System Root%\Program Files\Common Files\Adobe\ARM\1.0\AcrobatUpdater.exe
- %System Root%\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
- %System Root%\Program Files\Common Files\Adobe\ARM\1.0\ReaderUpdater.exe
- %System Root%\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE
- %System Root%\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE
- %System Root%\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe
- %System Root%\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe
- %System Root%\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe
- %System Root%\Program Files\Internet Explorer\Connection Wizard\icwconn2.exe
- %System Root%\Program Files\Internet Explorer\Connection Wizard\icwrmind.exe
- %System Root%\Program Files\Internet Explorer\Connection Wizard\icwtutor.exe
- %System Root%\Program Files\Internet Explorer\Connection Wizard\inetwiz.exe
- %System Root%\Program Files\Internet Explorer\Connection Wizard\isignup.exe
- %System Root%\Program Files\Internet Explorer\iedw.exe
- %System Root%\Program Files\Internet Explorer\IEXPLORE.EXE
- %System Root%\Program Files\Messenger\msmsgs.exe
- %System Root%\Program Files\Movie Maker\moviemk.exe
- %System Root%\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\Digcore.exe
- %System Root%\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\Msncli.exe
- %System Root%\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe
- %System Root%\Program Files\MSN Gaming Zone\Windows\bckgzm.exe
- %System Root%\Program Files\MSN Gaming Zone\Windows\chkrzm.exe
- %System Root%\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe
- %System Root%\Program Files\MSN Gaming Zone\Windows\Rvsezm.exe
- %System Root%\Program Files\MSN Gaming Zone\Windows\shvlzm.exe
- %System Root%\Program Files\MSN Gaming Zone\Windows\zClientm.exe
- %System Root%\Program Files\NetMeeting\cb32.exe
- %System Root%\Program Files\NetMeeting\conf.exe
- %System Root%\Program Files\NetMeeting\wb32.exe
- %System Root%\Program Files\Outlook Express\msimn.exe
- %System Root%\Program Files\Outlook Express\oemig50.exe
- %System Root%\Program Files\Outlook Express\setup50.exe
- %System Root%\Program Files\Outlook Express\wab.exe
- %System Root%\Program Files\Outlook Express\wabmig.exe
- %System Root%\Program Files\Windows Media Player\migrate.exe
- %System Root%\Program Files\Windows Media Player\mplayer2.exe
- %System Root%\Program Files\Windows Media Player\setup_wm.exe
- %System Root%\Program Files\Windows Media Player\wmplayer.exe
- %System Root%\Program Files\Windows NT\Accessories\wordpad.exe
- %System Root%\Program Files\Windows NT\dialer.exe
- %System Root%\Program Files\Windows NT\hypertrm.exe
- %System Root%\Program Files\Windows NT\Pinball\PINBALL.EXE
- %System Root%\Program Files\WinPcap\rpcapd.exe
- %System Root%\Program Files\WinPcap\Uninstall.exe
- %System Root%\WINDOWS\$MSI31Uninstall_KB893803v2$\msiexec.exe
- %System Root%\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe
- %System Root%\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\bb3c2f59a821abc54f420f3a9e051d6a\ComSvcConfig.ni.exe
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\837fe02bdcf637d5bf1e5ffb935ebb80\dfsvc.ni.exe
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\MSBuild\aa99ebdd26e5d493fec18b1714458782\MSBuild.ni.exe
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\4ce7fd62d4107fbe996ab305eb21ee6a\PresentationFontCache.ni.exe
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\feac66e81309d67b48f7a9f4cb98f7c8\ServiceModelReg.ni.exe
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMSvcHost\a098c66aa40d958878f3f5344e6ae1a4\SMSvcHost.ni.exe
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\WsatConfig\13f498f606b7cb97c086eea149b8c872\WsatConfig.ni.exe
- %System Root%\WINDOWS\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\51819c709096229ee187a7feee395d9f\ComSvcConfig.ni.exe
- %System Root%\WINDOWS\assembly\NativeImages_v4.0.30319_32\dfsvc\b9b6069e6da06eb57e89cc544397f735\dfsvc.ni.exe
- %System Root%\WINDOWS\assembly\NativeImages_v4.0.30319_32\Microsoft.Workflow.#\6a8da5dd61b1fcfed27f84047a3e2bad\Microsoft.Workflow.Compiler.ni.exe
- %System Root%\WINDOWS\assembly\NativeImages_v4.0.30319_32\MSBuild\aa25092606e5e9826db7a7bd0adb9b2b\MSBuild.ni.exe
- %System Root%\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMSvcHost\38f0d77629891e7808424103aaef0728\SMSvcHost.ni.exe
- %System Root%\WINDOWS\assembly\NativeImages_v4.0.30319_32\WsatConfig\3c0d21e75c9a48aba6fba3ddff0fcf39\WsatConfig.ni.exe
- %System Root%\WINDOWS\explorer.exe
- %System Root%\WINDOWS\Help\Tours\mmTour\tour.exe
(註:%System Root%フォルダは、標準設定では "C:" です。また、オペレーティングシステムが存在する場所です。)
このウイルス情報は、自動解析システムにより作成されました。
対応方法
対応検索エンジン: 9.300
手順 1
Windows XP、Windows Vista および Windows 7 のユーザは、コンピュータからマルウェアもしくはアドウェア等を完全に削除するために、ウイルス検索の実行前には必ず「システムの復元」を無効にしてください。
手順 2
以下のファイルを検索し削除します。
[ 詳細 ]
コンポーネントファイルが隠しファイル属性の場合があります。[詳細設定オプション]をクリックし、[隠しファイルとフォルダの検索]のチェックボックスをオンにし、検索結果に隠しファイルとフォルダが含まれるようにしてください。 - %System Root%\Documents and Settings\All Users\Application Data\Adobe\Acrobat-
- %System Root%\Documents and Settings\All Users\Application Data\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AA0000000001}\setup.exe-
- %System Root%\Documents and Settings\Wilbert\Local Settings\Temp\{835818DD-220C-4ABD-946E-0D8660B95E29}\SourcePath.bat-
- %System Root%\NTDETECT.COM-
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\AcroBroker.exe-
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe-
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\AcroRd32Info.exe-
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\AcroTextExtractor.exe-
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe-
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\Eula.exe-
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\LogTransport2.exe-
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\PDFPrevHndlrShim.exe-
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe-
- %System Root%\Program Files\Common Files\Adobe\Acrobat-
- %System Root%\Program Files\Common Files\Adobe\ARM\1.0\AcrobatUpdater.exe-
- %System Root%\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe-
- %System Root%\Program Files\Common Files\Adobe\ARM\1.0\ReaderUpdater.exe-
- %System Root%\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE-
- %System Root%\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE-
- %System Root%\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe-
- %System Root%\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe-
- %System Root%\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe-
- %System Root%\Program Files\Internet Explorer\Connection Wizard\icwconn2.exe-
- %System Root%\Program Files\Internet Explorer\Connection Wizard\icwrmind.exe-
- %System Root%\Program Files\Internet Explorer\Connection Wizard\icwtutor.exe-
- %System Root%\Program Files\Internet Explorer\Connection Wizard\inetwiz.exe-
- %System Root%\Program Files\Internet Explorer\Connection Wizard\isignup.exe-
- %System Root%\Program Files\Internet Explorer\iedw.exe-
- %System Root%\Program Files\Internet Explorer\IEXPLORE.EXE-
- %System Root%\Program Files\Messenger\msmsgs.exe-
- %System Root%\Program Files\Movie Maker\moviemk.exe-
- %System Root%\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\Digcore.exe-
- %System Root%\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\Msncli.exe-
- %System Root%\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe-
- %System Root%\Program Files\MSN Gaming Zone\Windows\bckgzm.exe-
- %System Root%\Program Files\MSN Gaming Zone\Windows\chkrzm.exe-
- %System Root%\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe-
- %System Root%\Program Files\MSN Gaming Zone\Windows\Rvsezm.exe-
- %System Root%\Program Files\MSN Gaming Zone\Windows\shvlzm.exe-
- %System Root%\Program Files\MSN Gaming Zone\Windows\zClientm.exe-
- %System Root%\Program Files\NetMeeting\cb32.exe-
- %System Root%\Program Files\NetMeeting\conf.exe-
- %System Root%\Program Files\NetMeeting\wb32.exe-
- %System Root%\Program Files\Outlook Express\msimn.exe-
- %System Root%\Program Files\Outlook Express\oemig50.exe-
- %System Root%\Program Files\Outlook Express\setup50.exe-
- %System Root%\Program Files\Outlook Express\wab.exe-
- %System Root%\Program Files\Outlook Express\wabmig.exe-
- %System Root%\Program Files\Windows Media Player\migrate.exe-
- %System Root%\Program Files\Windows Media Player\mplayer2.exe-
- %System Root%\Program Files\Windows Media Player\setup_wm.exe-
- %System Root%\Program Files\Windows Media Player\wmplayer.exe-
- %System Root%\Program Files\Windows NT\Accessories\wordpad.exe-
- %System Root%\Program Files\Windows NT\dialer.exe-
- %System Root%\Program Files\Windows NT\hypertrm.exe-
- %System Root%\Program Files\Windows NT\Pinball\PINBALL.EXE-
- %System Root%\Program Files\WinPcap\rpcapd.exe-
- %System Root%\Program Files\WinPcap\Uninstall.exe-
- %System Root%\WINDOWS\$MSI31Uninstall_KB893803v2$\msiexec.exe-
- %System Root%\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe-
- %System Root%\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe-
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\bb3c2f59a821abc54f420f3a9e051d6a\ComSvcConfig.ni.exe-
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\837fe02bdcf637d5bf1e5ffb935ebb80\dfsvc.ni.exe-
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\MSBuild\aa99ebdd26e5d493fec18b1714458782\MSBuild.ni.exe-
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\4ce7fd62d4107fbe996ab305eb21ee6a\PresentationFontCache.ni.exe-
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\feac66e81309d67b48f7a9f4cb98f7c8\ServiceModelReg.ni.exe-
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMSvcHost\a098c66aa40d958878f3f5344e6ae1a4\SMSvcHost.ni.exe-
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\WsatConfig\13f498f606b7cb97c086eea149b8c872\WsatConfig.ni.exe-
- %System Root%\WINDOWS\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\51819c709096229ee187a7feee395d9f\ComSvcConfig.ni.exe-
- %System Root%\WINDOWS\assembly\NativeImages_v4.0.30319_32\dfsvc\b9b6069e6da06eb57e89cc544397f735\dfsvc.ni.exe-
- %System Root%\WINDOWS\assembly\NativeImages_v4.0.30319_32\Microsoft.Workflow.#\6a8da5dd61b1fcfed27f84047a3e2bad\Microsoft.Workflow.Compiler.ni.exe-
- %System Root%\WINDOWS\assembly\NativeImages_v4.0.30319_32\MSBuild\aa25092606e5e9826db7a7bd0adb9b2b\MSBuild.ni.exe-
- %System Root%\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMSvcHost\38f0d77629891e7808424103aaef0728\SMSvcHost.ni.exe-
- %System Root%\WINDOWS\assembly\NativeImages_v4.0.30319_32\WsatConfig\3c0d21e75c9a48aba6fba3ddff0fcf39\WsatConfig.ni.exe-
- %System Root%\WINDOWS\explorer.exe-
- %System Root%\WINDOWS\Help\Tours\mmTour\tour.exe-
- %System Root%\Documents and Settings\All Users\Application Data\Adobe\Acrobat
- %System Root%\Documents and Settings\All Users\Application Data\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AA0000000001}\setup.exe
- %System Root%\Documents and Settings\Wilbert\Local Settings\Temp\{835818DD-220C-4ABD-946E-0D8660B95E29}\SourcePath.bat
- %System Root%\NTDETECT.COM
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\AcroBroker.exe
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\AcroRd32Info.exe
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\AcroTextExtractor.exe
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\Eula.exe
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\LogTransport2.exe
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\PDFPrevHndlrShim.exe
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe
- %System Root%\Program Files\Common Files\Adobe\Acrobat
- %System Root%\Program Files\Common Files\Adobe\ARM\1.0\AcrobatUpdater.exe
- %System Root%\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
- %System Root%\Program Files\Common Files\Adobe\ARM\1.0\ReaderUpdater.exe
- %System Root%\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE
- %System Root%\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE
- %System Root%\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe
- %System Root%\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe
- %System Root%\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe
- %System Root%\Program Files\Internet Explorer\Connection Wizard\icwconn2.exe
- %System Root%\Program Files\Internet Explorer\Connection Wizard\icwrmind.exe
- %System Root%\Program Files\Internet Explorer\Connection Wizard\icwtutor.exe
- %System Root%\Program Files\Internet Explorer\Connection Wizard\inetwiz.exe
- %System Root%\Program Files\Internet Explorer\Connection Wizard\isignup.exe
- %System Root%\Program Files\Internet Explorer\iedw.exe
- %System Root%\Program Files\Internet Explorer\IEXPLORE.EXE
- %System Root%\Program Files\Messenger\msmsgs.exe
- %System Root%\Program Files\Movie Maker\moviemk.exe
- %System Root%\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\Digcore.exe
- %System Root%\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\Msncli.exe
- %System Root%\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe
- %System Root%\Program Files\MSN Gaming Zone\Windows\bckgzm.exe
- %System Root%\Program Files\MSN Gaming Zone\Windows\chkrzm.exe
- %System Root%\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe
- %System Root%\Program Files\MSN Gaming Zone\Windows\Rvsezm.exe
- %System Root%\Program Files\MSN Gaming Zone\Windows\shvlzm.exe
- %System Root%\Program Files\MSN Gaming Zone\Windows\zClientm.exe
- %System Root%\Program Files\NetMeeting\cb32.exe
- %System Root%\Program Files\NetMeeting\conf.exe
- %System Root%\Program Files\NetMeeting\wb32.exe
- %System Root%\Program Files\Outlook Express\msimn.exe
- %System Root%\Program Files\Outlook Express\oemig50.exe
- %System Root%\Program Files\Outlook Express\setup50.exe
- %System Root%\Program Files\Outlook Express\wab.exe
- %System Root%\Program Files\Outlook Express\wabmig.exe
- %System Root%\Program Files\Windows Media Player\migrate.exe
- %System Root%\Program Files\Windows Media Player\mplayer2.exe
- %System Root%\Program Files\Windows Media Player\setup_wm.exe
- %System Root%\Program Files\Windows Media Player\wmplayer.exe
- %System Root%\Program Files\Windows NT\Accessories\wordpad.exe
- %System Root%\Program Files\Windows NT\dialer.exe
- %System Root%\Program Files\Windows NT\hypertrm.exe
- %System Root%\Program Files\Windows NT\Pinball\PINBALL.EXE
- %System Root%\Program Files\WinPcap\rpcapd.exe
- %System Root%\Program Files\WinPcap\Uninstall.exe
- %System Root%\WINDOWS\$MSI31Uninstall_KB893803v2$\msiexec.exe
- %System Root%\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe
- %System Root%\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\bb3c2f59a821abc54f420f3a9e051d6a\ComSvcConfig.ni.exe
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\837fe02bdcf637d5bf1e5ffb935ebb80\dfsvc.ni.exe
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\MSBuild\aa99ebdd26e5d493fec18b1714458782\MSBuild.ni.exe
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\4ce7fd62d4107fbe996ab305eb21ee6a\PresentationFontCache.ni.exe
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\feac66e81309d67b48f7a9f4cb98f7c8\ServiceModelReg.ni.exe
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMSvcHost\a098c66aa40d958878f3f5344e6ae1a4\SMSvcHost.ni.exe
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\WsatConfig\13f498f606b7cb97c086eea149b8c872\WsatConfig.ni.exe
- %System Root%\WINDOWS\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\51819c709096229ee187a7feee395d9f\ComSvcConfig.ni.exe
- %System Root%\WINDOWS\assembly\NativeImages_v4.0.30319_32\dfsvc\b9b6069e6da06eb57e89cc544397f735\dfsvc.ni.exe
- %System Root%\WINDOWS\assembly\NativeImages_v4.0.30319_32\Microsoft.Workflow.#\6a8da5dd61b1fcfed27f84047a3e2bad\Microsoft.Workflow.Compiler.ni.exe
- %System Root%\WINDOWS\assembly\NativeImages_v4.0.30319_32\MSBuild\aa25092606e5e9826db7a7bd0adb9b2b\MSBuild.ni.exe
- %System Root%\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMSvcHost\38f0d77629891e7808424103aaef0728\SMSvcHost.ni.exe
- %System Root%\WINDOWS\assembly\NativeImages_v4.0.30319_32\WsatConfig\3c0d21e75c9a48aba6fba3ddff0fcf39\WsatConfig.ni.exe
- %System Root%\WINDOWS\explorer.exe
- %System Root%\WINDOWS\Help\Tours\mmTour\tour.exe
手順 3
最新のバージョン(エンジン、パターンファイル)を導入したウイルス対策製品を用い、「PE_FUTU.A」と検出したファイルの駆除を実行してください。 検出されたファイルが、弊社ウイルス対策製品により既に駆除、隔離またはファイル削除の処理が実行された場合、ウイルスの処理は完了しており、他の削除手順は特にありません。
手順 4
以下のファイルをバックアップを用いて修復します。なお、マイクロソフト製品に関連したファイルのみ修復されます。このマルウェア/グレイウェア/スパイウェアが同社製品以外のプログラムをも削除した場合には、該当プログラムを再度インストールする必要があります。
- %System Root%\Documents and Settings\All Users\Application Data\Adobe\Acrobat
- %System Root%\Documents and Settings\All Users\Application Data\Adobe\Acrobat_
- %System Root%\Documents and Settings\All Users\Application Data\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AA0000000001}\setup.exe
- %System Root%\Documents and Settings\All Users\Application Data\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AA0000000001}\setup.exe_
- %System Root%\Documents and Settings\Wilbert\Local Settings\Temp\{835818DD-220C-4ABD-946E-0D8660B95E29}\SourcePath.bat
- %System Root%\Documents and Settings\Wilbert\Local Settings\Temp\{835818DD-220C-4ABD-946E-0D8660B95E29}\SourcePath.bat_
- %System Root%\NTDETECT.COM
- %System Root%\NTDETECT.COM_
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\AcroBroker.exe
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\AcroBroker.exe_
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe_
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\AcroRd32Info.exe
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\AcroRd32Info.exe_
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\AcroTextExtractor.exe
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\AcroTextExtractor.exe_
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe_
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\Eula.exe
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\Eula.exe_
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\LogTransport2.exe
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\LogTransport2.exe_
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\PDFPrevHndlrShim.exe
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\PDFPrevHndlrShim.exe_
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe
- %System Root%\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe_
- %System Root%\Program Files\Common Files\Adobe\Acrobat
- %System Root%\Program Files\Common Files\Adobe\Acrobat_
- %System Root%\Program Files\Common Files\Adobe\ARM\1.0\AcrobatUpdater.exe
- %System Root%\Program Files\Common Files\Adobe\ARM\1.0\AcrobatUpdater.exe_
- %System Root%\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
- %System Root%\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe_
- %System Root%\Program Files\Common Files\Adobe\ARM\1.0\ReaderUpdater.exe
- %System Root%\Program Files\Common Files\Adobe\ARM\1.0\ReaderUpdater.exe_
- %System Root%\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE
- %System Root%\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE_
- %System Root%\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE
- %System Root%\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE_
- %System Root%\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe
- %System Root%\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe_
- %System Root%\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe
- %System Root%\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe_
- %System Root%\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe
- %System Root%\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe_
- %System Root%\Program Files\Internet Explorer\Connection Wizard\icwconn2.exe
- %System Root%\Program Files\Internet Explorer\Connection Wizard\icwconn2.exe_
- %System Root%\Program Files\Internet Explorer\Connection Wizard\icwrmind.exe
- %System Root%\Program Files\Internet Explorer\Connection Wizard\icwrmind.exe_
- %System Root%\Program Files\Internet Explorer\Connection Wizard\icwtutor.exe
- %System Root%\Program Files\Internet Explorer\Connection Wizard\icwtutor.exe_
- %System Root%\Program Files\Internet Explorer\Connection Wizard\inetwiz.exe
- %System Root%\Program Files\Internet Explorer\Connection Wizard\inetwiz.exe_
- %System Root%\Program Files\Internet Explorer\Connection Wizard\isignup.exe
- %System Root%\Program Files\Internet Explorer\Connection Wizard\isignup.exe_
- %System Root%\Program Files\Internet Explorer\iedw.exe
- %System Root%\Program Files\Internet Explorer\iedw.exe_
- %System Root%\Program Files\Internet Explorer\IEXPLORE.EXE
- %System Root%\Program Files\Internet Explorer\IEXPLORE.EXE_
- %System Root%\Program Files\Messenger\msmsgs.exe
- %System Root%\Program Files\Messenger\msmsgs.exe_
- %System Root%\Program Files\Movie Maker\moviemk.exe
- %System Root%\Program Files\Movie Maker\moviemk.exe_
- %System Root%\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\Digcore.exe
- %System Root%\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\Digcore.exe_
- %System Root%\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\Msncli.exe
- %System Root%\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\Msncli.exe_
- %System Root%\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe
- %System Root%\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe_
- %System Root%\Program Files\MSN Gaming Zone\Windows\bckgzm.exe
- %System Root%\Program Files\MSN Gaming Zone\Windows\bckgzm.exe_
- %System Root%\Program Files\MSN Gaming Zone\Windows\chkrzm.exe
- %System Root%\Program Files\MSN Gaming Zone\Windows\chkrzm.exe_
- %System Root%\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe
- %System Root%\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe_
- %System Root%\Program Files\MSN Gaming Zone\Windows\Rvsezm.exe
- %System Root%\Program Files\MSN Gaming Zone\Windows\Rvsezm.exe_
- %System Root%\Program Files\MSN Gaming Zone\Windows\shvlzm.exe
- %System Root%\Program Files\MSN Gaming Zone\Windows\shvlzm.exe_
- %System Root%\Program Files\MSN Gaming Zone\Windows\zClientm.exe
- %System Root%\Program Files\MSN Gaming Zone\Windows\zClientm.exe_
- %System Root%\Program Files\NetMeeting\cb32.exe
- %System Root%\Program Files\NetMeeting\cb32.exe_
- %System Root%\Program Files\NetMeeting\conf.exe
- %System Root%\Program Files\NetMeeting\conf.exe_
- %System Root%\Program Files\NetMeeting\wb32.exe
- %System Root%\Program Files\NetMeeting\wb32.exe_
- %System Root%\Program Files\Outlook Express\msimn.exe
- %System Root%\Program Files\Outlook Express\msimn.exe_
- %System Root%\Program Files\Outlook Express\oemig50.exe
- %System Root%\Program Files\Outlook Express\oemig50.exe_
- %System Root%\Program Files\Outlook Express\setup50.exe
- %System Root%\Program Files\Outlook Express\setup50.exe_
- %System Root%\Program Files\Outlook Express\wab.exe
- %System Root%\Program Files\Outlook Express\wab.exe_
- %System Root%\Program Files\Outlook Express\wabmig.exe
- %System Root%\Program Files\Outlook Express\wabmig.exe_
- %System Root%\Program Files\Windows Media Player\migrate.exe
- %System Root%\Program Files\Windows Media Player\migrate.exe_
- %System Root%\Program Files\Windows Media Player\mplayer2.exe
- %System Root%\Program Files\Windows Media Player\mplayer2.exe_
- %System Root%\Program Files\Windows Media Player\setup_wm.exe
- %System Root%\Program Files\Windows Media Player\setup_wm.exe_
- %System Root%\Program Files\Windows Media Player\wmplayer.exe
- %System Root%\Program Files\Windows Media Player\wmplayer.exe_
- %System Root%\Program Files\Windows NT\Accessories\wordpad.exe
- %System Root%\Program Files\Windows NT\Accessories\wordpad.exe_
- %System Root%\Program Files\Windows NT\dialer.exe
- %System Root%\Program Files\Windows NT\dialer.exe_
- %System Root%\Program Files\Windows NT\hypertrm.exe
- %System Root%\Program Files\Windows NT\hypertrm.exe_
- %System Root%\Program Files\Windows NT\Pinball\PINBALL.EXE
- %System Root%\Program Files\Windows NT\Pinball\PINBALL.EXE_
- %System Root%\Program Files\WinPcap\rpcapd.exe
- %System Root%\Program Files\WinPcap\rpcapd.exe_
- %System Root%\Program Files\WinPcap\Uninstall.exe
- %System Root%\Program Files\WinPcap\Uninstall.exe_
- %System Root%\WINDOWS\$MSI31Uninstall_KB893803v2$\msiexec.exe
- %System Root%\WINDOWS\$MSI31Uninstall_KB893803v2$\msiexec.exe_
- %System Root%\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe
- %System Root%\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe_
- %System Root%\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe
- %System Root%\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe_
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\bb3c2f59a821abc54f420f3a9e051d6a\ComSvcConfig.ni.exe
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\bb3c2f59a821abc54f420f3a9e051d6a\ComSvcConfig.ni.exe_
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\837fe02bdcf637d5bf1e5ffb935ebb80\dfsvc.ni.exe
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\837fe02bdcf637d5bf1e5ffb935ebb80\dfsvc.ni.exe_
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\MSBuild\aa99ebdd26e5d493fec18b1714458782\MSBuild.ni.exe
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\MSBuild\aa99ebdd26e5d493fec18b1714458782\MSBuild.ni.exe_
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\4ce7fd62d4107fbe996ab305eb21ee6a\PresentationFontCache.ni.exe
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\4ce7fd62d4107fbe996ab305eb21ee6a\PresentationFontCache.ni.exe_
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\feac66e81309d67b48f7a9f4cb98f7c8\ServiceModelReg.ni.exe
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\feac66e81309d67b48f7a9f4cb98f7c8\ServiceModelReg.ni.exe_
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMSvcHost\a098c66aa40d958878f3f5344e6ae1a4\SMSvcHost.ni.exe
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMSvcHost\a098c66aa40d958878f3f5344e6ae1a4\SMSvcHost.ni.exe_
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\WsatConfig\13f498f606b7cb97c086eea149b8c872\WsatConfig.ni.exe
- %System Root%\WINDOWS\assembly\NativeImages_v2.0.50727_32\WsatConfig\13f498f606b7cb97c086eea149b8c872\WsatConfig.ni.exe_
- %System Root%\WINDOWS\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\51819c709096229ee187a7feee395d9f\ComSvcConfig.ni.exe
- %System Root%\WINDOWS\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\51819c709096229ee187a7feee395d9f\ComSvcConfig.ni.exe_
- %System Root%\WINDOWS\assembly\NativeImages_v4.0.30319_32\dfsvc\b9b6069e6da06eb57e89cc544397f735\dfsvc.ni.exe
- %System Root%\WINDOWS\assembly\NativeImages_v4.0.30319_32\dfsvc\b9b6069e6da06eb57e89cc544397f735\dfsvc.ni.exe_
- %System Root%\WINDOWS\assembly\NativeImages_v4.0.30319_32\Microsoft.Workflow.#\6a8da5dd61b1fcfed27f84047a3e2bad\Microsoft.Workflow.Compiler.ni.exe
- %System Root%\WINDOWS\assembly\NativeImages_v4.0.30319_32\Microsoft.Workflow.#\6a8da5dd61b1fcfed27f84047a3e2bad\Microsoft.Workflow.Compiler.ni.exe_
- %System Root%\WINDOWS\assembly\NativeImages_v4.0.30319_32\MSBuild\aa25092606e5e9826db7a7bd0adb9b2b\MSBuild.ni.exe
- %System Root%\WINDOWS\assembly\NativeImages_v4.0.30319_32\MSBuild\aa25092606e5e9826db7a7bd0adb9b2b\MSBuild.ni.exe_
- %System Root%\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMSvcHost\38f0d77629891e7808424103aaef0728\SMSvcHost.ni.exe
- %System Root%\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMSvcHost\38f0d77629891e7808424103aaef0728\SMSvcHost.ni.exe_
- %System Root%\WINDOWS\assembly\NativeImages_v4.0.30319_32\WsatConfig\3c0d21e75c9a48aba6fba3ddff0fcf39\WsatConfig.ni.exe
- %System Root%\WINDOWS\assembly\NativeImages_v4.0.30319_32\WsatConfig\3c0d21e75c9a48aba6fba3ddff0fcf39\WsatConfig.ni.exe_
- %System Root%\WINDOWS\explorer.exe
- %System Root%\WINDOWS\explorer.exe_
- %System Root%\WINDOWS\Help\Tours\mmTour\tour.exe
- %System Root%\WINDOWS\Help\Tours\mmTour\tour.exe_
ご利用はいかがでしたか? アンケートにご協力ください