TROJ_BOAXXE.KP
Windows 2000, Windows XP, Windows Server 2003
![](/vinfo/imgFiles/JPlegend.jpg)
マルウェアタイプ:
トロイの木馬型
破壊活動の有無:
なし
暗号化:
感染報告の有無 :
はい
概要
マルウェアは、他のマルウェアに作成され、コンピュータに侵入します。
マルウェアは、ワーム活動の機能を備えていません。
マルウェアは、バックドア活動の機能を備えていません。
マルウェアは、情報収集する機能を備えていません。
ただし、情報公開日現在、このWebサイトにはアクセスできません。
詳細
侵入方法
マルウェアは、他のマルウェアに作成され、コンピュータに侵入します。
インストール
マルウェアは、以下のファイルを作成します。
- %System%\bopomofo.uce
- %Windows%\Task\At{random}.job
(註:%System%はWindowsの種類とインストール時の設定などにより異なります。標準設定では、Windows 98 および MEの場合、"C:\Windows\System"、Windows NT および 2000 の場合、"C:\WinNT\System32"、Windows XP および Server 2003 の場合、"C:\Windows\System32" です。. %Windows%はWindowsの種類とインストール時の設定などにより異なります。標準設定では、Windows9x、Me、XP、Server 2003の場合、"C:\Window"、WindowsNT および 2000の場合、"C:\WINNT" です。)
自動実行方法
マルウェアは、自身をシステムサービスとして登録し、Windows起動時に自動実行されるよう以下のレジストリ値を追加します。
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\dgocehqk\Parameters
ServiceDll = "{malware path and filename}"
マルウェアは、以下のレジストリキーを追加し、自身を Browser Helper Object(BHO)として登録します。これにより、Internet Explorer(IE)が起動するとマルウェアが自動実行されます。
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\
Browser Helper Objects\{A9E3A5E6-A75E-B689-2181-696FC74540D3}
他のシステム変更
マルウェアは、以下のレジストリキーを追加します。
HKEY_CLASSES_ROOT\Oraauqar
HKEY_CLASSES_ROOT\CLSID\{A9E3A5E6-A75E-B689-2181-696FC74540D3}
マルウェアは、以下のレジストリ値を追加します。
HKEY_CLASSES_ROOT\Oraauqar\CLSID
(Default) = "{A9E3A5E6-A75E-B689-2181-696FC74540D3}"
HKEY_CLASSES_ROOT\CLSID\{A9E3A5E6-A75E-B689-2181-696FC74540D3}\
InprocServer32
(Default) = "{malware path and file name}"
感染活動
マルウェアは、ワーム活動の機能を備えていません。
バックドア活動
マルウェアは、バックドア活動の機能を備えていません。
ダウンロード活動
マルウェアは、以下のWebサイトにアクセスし、ファイルをダウンロードします。
- {BLOCKED}o.net
- {BLOCKED}y.com
- {BLOCKED}net
- {BLOCKED}knight.com
- {BLOCKED}ng.com
- {BLOCKED}ruce.com
- {BLOCKED}.com
- {BLOCKED}d.biz
- {BLOCKED}com
- {BLOCKED}res.net
- {BLOCKED}sulators.com
- {BLOCKED}orn.biz
- {BLOCKED}unteses.com
- {BLOCKED}ldeals.com
- {BLOCKED}n.com
- {BLOCKED}unsub.com
- {BLOCKED}hdplate.com
- {BLOCKED}moviemax.com
- {BLOCKED}tiseit.net
- {BLOCKED}j.com
- {BLOCKED}drooster.com
- {BLOCKED}alcasino.com
- {BLOCKED}iz
- {BLOCKED}nc.net
- {BLOCKED}ephant.com
- {BLOCKED}xle.com
- {BLOCKED}aneband.com
- {BLOCKED}ale.net
- {BLOCKED}oresta.com
- {BLOCKED}almovies.com
- {BLOCKED}alm.com
- {BLOCKED}logs.net
- {BLOCKED}plum.com
- {BLOCKED}uwiw.com
- {BLOCKED}ik-c.net
- {BLOCKED}vrhy.com
- {BLOCKED}mex.com
- {BLOCKED}wlike.com
- {BLOCKED}archfire.com
- {BLOCKED}ctedway.com
- {BLOCKED}ewline.com
- {BLOCKED}ingold.com
- {BLOCKED}com
- {BLOCKED}p.com
- {BLOCKED}net
- {BLOCKED}com
- {BLOCKED}tytrue.com
- {BLOCKED}sender.net
- {BLOCKED}temblem.com
- {BLOCKED}nd.net
- {BLOCKED}ntill.com
- {BLOCKED}sian.net
- {BLOCKED}illy.com
- {BLOCKED}nflashy.com
- {BLOCKED}gsoffers.com
- {BLOCKED}life.com
- {BLOCKED}r.com
- {BLOCKED}nto.info
- {BLOCKED}s4l.com
- {BLOCKED}ngie.com
- {BLOCKED}nkturtle.com
- {BLOCKED}alis.com
- {BLOCKED}stomnews.com
- {BLOCKED}yloans.com
- {BLOCKED}rlsclub.com
- {BLOCKED}vita.com
- {BLOCKED}visit.com
- {BLOCKED}pid.com
- {BLOCKED}bplus.info
- {BLOCKED}udefever.com
- {BLOCKED}ezbalbas.com
- {BLOCKED}blazes.com
- {BLOCKED}to.com
- {BLOCKED}ennf.com
- {BLOCKED}rsubway.com
- {BLOCKED}msicte.com
- {BLOCKED}s.com
- {BLOCKED}agist.com
- {BLOCKED}incsnack.com
- {BLOCKED}net
- {BLOCKED}bud.com
- {BLOCKED}extrous.com
- {BLOCKED}ook.com
- {BLOCKED}nds.net
- {BLOCKED}z.com
- {BLOCKED}ver.com
- {BLOCKED}.com
- {BLOCKED}biz
- {BLOCKED}orno.com
- {BLOCKED}t.net
- {BLOCKED}onesdb.com
- {BLOCKED}busc.com
- {BLOCKED}tork.com
- {BLOCKED}end.com
- {BLOCKED}sands.com
- {BLOCKED}ta.com
- {BLOCKED}alsdaily.com
- {BLOCKED}lers.info
- {BLOCKED}onkey.com
- {BLOCKED}gdeals.com
- {BLOCKED}ndhonest.com
- {BLOCKED}ps.com
- {BLOCKED}basket.com
- {BLOCKED}efinding.com
- {BLOCKED}gehammer.com
- {BLOCKED}enetsafe.com
- {BLOCKED}lnews.net
- {BLOCKED}ree.com
- {BLOCKED}r.info
- {BLOCKED}ne.com
- {BLOCKED}thods.com
- {BLOCKED}o.com
- {BLOCKED}slevin.com
- {BLOCKED}chu.com
- {BLOCKED}opics.net
- {BLOCKED}lldoors.com
- {BLOCKED}rclaymix.com
- {BLOCKED}emaker.com
- {BLOCKED}etoget.com
- {BLOCKED}acrumet.com
- {BLOCKED}sla.com
- {BLOCKED}lette.com
- {BLOCKED}apex.com
- {BLOCKED}senate.net
- {BLOCKED}aday.com
- {BLOCKED}bt.net
- {BLOCKED}nshore.com
- {BLOCKED}ilcheck.com
- {BLOCKED}planet.com
- {BLOCKED}dhorse.com
- {BLOCKED}in.net
- {BLOCKED}star.com
- {BLOCKED}dish.net
- {BLOCKED}htreason.com
- {BLOCKED}ransfer.com
- {BLOCKED}ituwitz.com
- {BLOCKED}indepot.net
- {BLOCKED}taples.com
- {BLOCKED}rryfrost.com
- {BLOCKED}.com
- {BLOCKED}redit.com
- {BLOCKED}ann.com
- {BLOCKED}door.com
- {BLOCKED}i-full.com
- {BLOCKED}erun.com
- {BLOCKED}fmediate.com
- {BLOCKED}blossom.com
- {BLOCKED}oak.com
- {BLOCKED}elieveit.com
- {BLOCKED}t2u.com
- {BLOCKED}illy.com
- {BLOCKED}.com
- {BLOCKED}invegies.com
- {BLOCKED}annetta.com
- {BLOCKED}um.com
- {BLOCKED}solution.biz
- {BLOCKED}w.com
- {BLOCKED}hieday.com
- {BLOCKED}ilac.com
- {BLOCKED}upe.com
- {BLOCKED}y4u.net
- {BLOCKED}rockstar.com
- {BLOCKED}ng.com
- {BLOCKED}bolt.com
- {BLOCKED}dbeans.com
- {BLOCKED}tlovers.net
- {BLOCKED}anny.com
- {BLOCKED}olives.com
- {BLOCKED}future.com
- {BLOCKED}domain.com
- {BLOCKED}evasi.com
- {BLOCKED}onpoker.com
- {BLOCKED}doorstop.com
- {BLOCKED}vercall.com
- {BLOCKED}gefrosen.com
- {BLOCKED}resource.net
- {BLOCKED}mon.com
- {BLOCKED}maonline.com
- {BLOCKED}ziolaw.biz
- {BLOCKED}money.com
- {BLOCKED}rreplica.com
- {BLOCKED}less.net
- {BLOCKED}oker.com
- {BLOCKED}uccess.com
- {BLOCKED}tbuys.com
- {BLOCKED}itiative.com
- {BLOCKED}kesa.com
- {BLOCKED}archfire.com
- {BLOCKED}ockx.com
- {BLOCKED}ncap.com
- {BLOCKED}aonline.com
- {BLOCKED}nac.com
- {BLOCKED}word.net
- {BLOCKED}burg.com
- {BLOCKED}ineye.com
- {BLOCKED}eltway.com
- {BLOCKED}ine.com
- {BLOCKED}ndon.net
- {BLOCKED}.com
- {BLOCKED}biz
- {BLOCKED}stable.com
- {BLOCKED}rlime.com
- {BLOCKED}osoar.com
- {BLOCKED}ourcut.com
- {BLOCKED}afish.net
- {BLOCKED}family.net
- {BLOCKED}violins.com
- {BLOCKED}sworks.com
- {BLOCKED}edays.com
- {BLOCKED}tgame.com
- {BLOCKED}h4ever.com
- {BLOCKED}yworld.com
- {BLOCKED}laims.com
- {BLOCKED}z.info
- {BLOCKED}love.com
- {BLOCKED}meisnoon.com
- {BLOCKED}rhaze.com
- {BLOCKED}nalmice.com
- {BLOCKED}hhouse.com
- {BLOCKED}n.com
- {BLOCKED}ftygoat.com
- {BLOCKED}akstate.com
- {BLOCKED}inebox.com
- {BLOCKED}memore.com
- {BLOCKED}redtimes.com
- {BLOCKED}olrug.com
- {BLOCKED}freeze.com
- {BLOCKED}erpitch.net
- {BLOCKED}batio.com
- {BLOCKED}aga.com
- {BLOCKED}s.com
- {BLOCKED}derpin.com
- {BLOCKED}ids.com
- {BLOCKED}ws.com
- {BLOCKED}security.com
- {BLOCKED}oo.net
- {BLOCKED}lats.com
- {BLOCKED}gleget.com
- {BLOCKED}lealdo.com
- {BLOCKED}th.net
- {BLOCKED}dye.com
- {BLOCKED}nac.com
- {BLOCKED}waveline.com
- {BLOCKED}ergunman.com
- {BLOCKED}emoon.net
- {BLOCKED}eurdream.com
- {BLOCKED}ewards.net
- {BLOCKED}ro-gsm.com
- {BLOCKED}spring.com
- {BLOCKED}rinia.com
- {BLOCKED}orm.com
- {BLOCKED}ocean.com
- {BLOCKED}oss.com
- {BLOCKED}ssus.com
- {BLOCKED}reakdown.com
- {BLOCKED}m.com
- {BLOCKED}thebaby.com
- {BLOCKED}sure.com
- {BLOCKED}wayused.com
- {BLOCKED}ngair.com
- {BLOCKED}ngcarpet.com
- {BLOCKED}il.com
- {BLOCKED}c.com
- {BLOCKED}ermill.com
- {BLOCKED}san.com
- {BLOCKED}edge.com
- {BLOCKED}-lutong.net
- {BLOCKED}bodi.com
- {BLOCKED}etter.com
- {BLOCKED}dynamic.com
- {BLOCKED}pport.com
- {BLOCKED}elegant.net
- {BLOCKED}ezines.com
- {BLOCKED}o.com
- {BLOCKED}satcost.com
- {BLOCKED}nvote.com
- {BLOCKED}il.com
- {BLOCKED}m.com
- {BLOCKED}c.com
- {BLOCKED}lib.com
- {BLOCKED}otor.com
- {BLOCKED}rose.com
- {BLOCKED}ttrace.com
- {BLOCKED}nmedic.com
- {BLOCKED}st.net
- {BLOCKED}stuff.com
- {BLOCKED}teamfor.com
- {BLOCKED}wellow.com
- {BLOCKED}jupiter.com
- {BLOCKED}e.com
- {BLOCKED}.com
- {BLOCKED}.com
- {BLOCKED}ace4free.biz
- {BLOCKED}ec.net
- {BLOCKED}rnquests.com
- {BLOCKED}erhappy.com
- {BLOCKED}pickets.com
- {BLOCKED}time.net
- {BLOCKED}rsetting.com
- {BLOCKED}frogtell.com
- {BLOCKED}worm.com
- {BLOCKED}ogpool.com
- {BLOCKED}lephant.com
- {BLOCKED}ixmedia.com
- {BLOCKED}-4-gifts.com
- {BLOCKED}formoney.biz
- {BLOCKED}outup.info
- {BLOCKED}ave.com
- {BLOCKED}rpencil.com
- {BLOCKED}uncradle.com
- {BLOCKED}rsatel.com
- {BLOCKED}me.net
- {BLOCKED}eandwine.com
- {BLOCKED}moothie.com
- {BLOCKED}arapida.com
- {BLOCKED}rzone.com
- {BLOCKED}nsteak.com
- {BLOCKED}ndoes.net
- {BLOCKED}find.com
- {BLOCKED}zz.com
- {BLOCKED}lueshoes.com
- {BLOCKED}atcash.com
- {BLOCKED}icks.net
- {BLOCKED}rblaze.com
- {BLOCKED}oda.com
- {BLOCKED}andwitch.com
- {BLOCKED}eagull.com
- {BLOCKED}oupspoon.com
- {BLOCKED}wordfish.com
- {BLOCKED}oes.com
- {BLOCKED}megather.com
- {BLOCKED}ermaker.info
- {BLOCKED}yshoot.com
- {BLOCKED}esure.com
- {BLOCKED}tobacco.com
- {BLOCKED}alplain.com
- {BLOCKED}aradise.net
- {BLOCKED}force.com
- {BLOCKED}kittens.com
- {BLOCKED}mguru.com
- {BLOCKED}o.biz
- {BLOCKED}eberry.net
- {BLOCKED}ippos.com
- {BLOCKED}yons.com
- {BLOCKED}bs.com
- {BLOCKED}boom.com
- {BLOCKED}eatosky.com
- {BLOCKED}lanket.com
- {BLOCKED}eryin.com
- {BLOCKED}-space.info
- {BLOCKED}hew.com
- {BLOCKED}nmap.info
- {BLOCKED}ehernow.com
- {BLOCKED}oyersred.com
- {BLOCKED}al.com
- {BLOCKED}.com
- {BLOCKED}rk.com
- {BLOCKED}nowhow.net
- {BLOCKED}ampton.com
- {BLOCKED}e.com
- {BLOCKED}arballet.com
- {BLOCKED}ionbyzer.com
- {BLOCKED}r.com
- {BLOCKED}.com
- {BLOCKED}e.net
- {BLOCKED}.biz
- {BLOCKED}p.net
- {BLOCKED}laned.com
- {BLOCKED}schutt.net
- {BLOCKED}slick.com
- {BLOCKED}mind.com
- {BLOCKED}kesoaked.com
- {BLOCKED}sfers.biz
- {BLOCKED}uscowboy.com
- {BLOCKED}d-invest.com
- {BLOCKED}rnhands.com
- {BLOCKED}idea.com
- {BLOCKED}nknig.net
- {BLOCKED}il.com
- {BLOCKED}-pots.net
- {BLOCKED}ink.com
- {BLOCKED}phorus.com
- {BLOCKED}niskey.com
- {BLOCKED}z.biz
- {BLOCKED}tes.com
- {BLOCKED}imta.com
- {BLOCKED}view.com
- {BLOCKED}elining.com
- {BLOCKED}enetwork.com
- {BLOCKED}lab.com
- {BLOCKED}s.com
- {BLOCKED}sino.biz
- {BLOCKED}ngmist.com
- {BLOCKED}ia.net
- {BLOCKED}oms.biz
- {BLOCKED}cnite.com
- {BLOCKED}n.com
- {BLOCKED}nd.info
- {BLOCKED}oject.info
- {BLOCKED}china.net
- {BLOCKED}valux.com
- {BLOCKED}licker.com
- {BLOCKED}ailfleet.net
- {BLOCKED}ize.com
- {BLOCKED}rgeneral.com
- {BLOCKED}auk.com
- {BLOCKED}erblue.com
- {BLOCKED}ale-corp.com
- {BLOCKED}light.com
- {BLOCKED}elynx.com
- {BLOCKED}ceinvest.net
- {BLOCKED}elect.com
- {BLOCKED}poker.com
- {BLOCKED}ime.net
- {BLOCKED}ear.net
- {BLOCKED}over.com
- {BLOCKED}tenbank.com
- {BLOCKED}fort.com
- {BLOCKED}epost.net
- {BLOCKED}rect.com
- {BLOCKED}harlie.com
- {BLOCKED}erest.info
- {BLOCKED}survey.net
- {BLOCKED}.com
- {BLOCKED}net
- {BLOCKED}up.com
- {BLOCKED}nfreek.com
- {BLOCKED}textiles.com
- {BLOCKED}ystems.com
- {BLOCKED}harvest.com
- {BLOCKED}unda.com
- {BLOCKED}oponline.net
- {BLOCKED}lugs.com
- {BLOCKED}whirl.com
- {BLOCKED}dia.com
- {BLOCKED}com
- {BLOCKED}oodstuff.com
- {BLOCKED}emania.com
- {BLOCKED}t.com
- {BLOCKED}enet.com
- {BLOCKED}biles.net
- {BLOCKED}.info
- {BLOCKED}forcall.info
- {BLOCKED}mesite.com
- {BLOCKED}info
- {BLOCKED}s.com
- {BLOCKED}-expo.com
- {BLOCKED}os.com
- {BLOCKED}ks.com
- {BLOCKED}liixxxx.net
- {BLOCKED}.com
- {BLOCKED}ack.com
- {BLOCKED}cash.com
- {BLOCKED}halice.com
- {BLOCKED}response.net
- {BLOCKED}dnessed.com
- {BLOCKED}atches.net
- {BLOCKED}gloo.com
- {BLOCKED}hoof.com
- {BLOCKED}hink.com
- {BLOCKED}antnews.com
- {BLOCKED}get.net
- {BLOCKED}hebags.com
- {BLOCKED}s-x.com
- {BLOCKED}choose.com
- {BLOCKED}netvalue.net
- {BLOCKED}newcars.com
- {BLOCKED}ripple.com
- {BLOCKED}ndtrisha.com
- {BLOCKED}sa.biz
- {BLOCKED}ews.com
- {BLOCKED}com
- {BLOCKED}eal.com
- {BLOCKED}ofjungle.com
- {BLOCKED}oasthap.com
- {BLOCKED}n.info
- {BLOCKED}-a.net
- {BLOCKED}lo.net
- {BLOCKED}nches.com
- {BLOCKED}only.com
- {BLOCKED}mora.info
- {BLOCKED}rbeaches.com
- {BLOCKED}hronng.com
- {BLOCKED}utter.com
- {BLOCKED}exs.com
- {BLOCKED}p.info
- {BLOCKED}.com
- {BLOCKED}rrewards.net
- {BLOCKED}aydiner.net
- {BLOCKED}lthy.com
- {BLOCKED}y.net
- {BLOCKED}ayhot.info
- {BLOCKED}gainpets.com
- {BLOCKED}t.com
- {BLOCKED}up.net
- {BLOCKED}ontune.com
- {BLOCKED}bull.net
- {BLOCKED}extiles.com
- {BLOCKED}ousname.com
- {BLOCKED}outlet.com
- {BLOCKED}re.com
- {BLOCKED}alue.net
- {BLOCKED}lower.com
- {BLOCKED}p.com
- {BLOCKED}nds.com
- {BLOCKED}ightsite.com
- {BLOCKED}right.com
- {BLOCKED}.com
- {BLOCKED}blackcum.com
- {BLOCKED}nacast.com
- {BLOCKED}ilis.com
- {BLOCKED}ativeon.com
- {BLOCKED}anceqa.com
- {BLOCKED}-euro.net
- {BLOCKED}biz.4t.com
- {BLOCKED}tion.com
- {BLOCKED}taggie.com
- {BLOCKED}torabcs.com
- {BLOCKED}torspick.com
- {BLOCKED}hosting.net
- {BLOCKED}atdirect.com
- {BLOCKED}adclass.com
- {BLOCKED}mold.net
- {BLOCKED}com
- {BLOCKED}nglecn.com
- {BLOCKED}pu.com
- {BLOCKED}ss.com
- {BLOCKED}socks.com
- {BLOCKED}alfaden.com
- {BLOCKED}.com
- {BLOCKED}bimbos.com
- {BLOCKED}io.com
- {BLOCKED}es.net
- {BLOCKED}com
- {BLOCKED}ccash.biz
- {BLOCKED}weys.com
- {BLOCKED}ll.com
- {BLOCKED}uyer.net
- {BLOCKED}l.com
- {BLOCKED}.info
- {BLOCKED}bo.com
- {BLOCKED}wat.com
- {BLOCKED}.com
- {BLOCKED}ueous.com
- {BLOCKED}da.biz
- {BLOCKED}kingdom.com
- {BLOCKED}totears.com
- {BLOCKED}music.info
- {BLOCKED}icity.com
- {BLOCKED}silk.com
- {BLOCKED}hush.com
- {BLOCKED}riveedge.com
- {BLOCKED}ew.com
- {BLOCKED}own.com
- {BLOCKED}i.net
- {BLOCKED}nforum.com
- {BLOCKED}ll.com
- {BLOCKED}cover.net
- {BLOCKED}nique.com
- {BLOCKED}iango.com
- {BLOCKED}ymails.com
- {BLOCKED}en.com
- {BLOCKED}tymeds.com
- {BLOCKED}iken.com
- {BLOCKED}en.com
- {BLOCKED}pcreamie.com
- {BLOCKED}rewipe.com
- {BLOCKED}ist.com
- {BLOCKED}sour.com
- {BLOCKED}.com
- {BLOCKED}villas.com
- {BLOCKED}s.com
- {BLOCKED}perceive.com
- {BLOCKED}isor.com
- {BLOCKED}reorder.com
- {BLOCKED}ankforav.com
- {BLOCKED}ex.info
- {BLOCKED}onup.com
- {BLOCKED}software.com
- {BLOCKED}jumbo.com
- {BLOCKED}i.com
- {BLOCKED}ori.biz
- {BLOCKED}.net
- {BLOCKED}aloro.com
- {BLOCKED}n.com
- {BLOCKED}an.info
- {BLOCKED}jade.com
- {BLOCKED}teaties.com
- {BLOCKED}nks.info
- {BLOCKED}a.com
- {BLOCKED}ednabil.net
- {BLOCKED}ok-b.net
- {BLOCKED}en.info
- {BLOCKED}ri.com
- {BLOCKED}n.com
- {BLOCKED}unforyou.net
- {BLOCKED}nglilly.com
- {BLOCKED}age-live.net
- {BLOCKED}roop.net
- {BLOCKED}tymuck.net
- {BLOCKED}liran.com
- {BLOCKED}-on-cd.com
- {BLOCKED}success.com
- {BLOCKED}ponworld.com
- {BLOCKED}nyfamily.com
- {BLOCKED}factor.com
- {BLOCKED}tynews.info
- {BLOCKED}.com
- {BLOCKED}cta.com
- {BLOCKED}sser.com
- {BLOCKED}aweb.com
- {BLOCKED}ameleon.com
- {BLOCKED}hitelist.com
- {BLOCKED}zz4you.com
- {BLOCKED}neuk.com
- {BLOCKED}.net
- {BLOCKED}ridge.com
- {BLOCKED}ields.com
- {BLOCKED}eatlife.info
- {BLOCKED}fefund.com
- {BLOCKED}oktoday.com
- {BLOCKED}mmovie.com
- {BLOCKED}uplink.com
- {BLOCKED}dewalks.com
- {BLOCKED}ewnet.com
- {BLOCKED}arting.com
- {BLOCKED}sist.com
- {BLOCKED}eflavors.com
- {BLOCKED}eslipper.com
- {BLOCKED}ozhida.com
- {BLOCKED}tty.com
- {BLOCKED}l.com
- {BLOCKED}ect.com
- {BLOCKED}ozh.info
- {BLOCKED}u.com
- {BLOCKED}ens.com
- {BLOCKED}cess.com
- {BLOCKED}lusives.com
- {BLOCKED}s4golf.com
- {BLOCKED}inted.com
- {BLOCKED}net
- {BLOCKED}usbraid.com
- {BLOCKED}skids.net
- {BLOCKED}enac.com
- {BLOCKED}f.com
- {BLOCKED}ugshop.com
- {BLOCKED}.com
- {BLOCKED}ka-b.net
- {BLOCKED}ka-d.net
- {BLOCKED}ow.com
- {BLOCKED}egue.com
- {BLOCKED}.com
- {BLOCKED}tware.info
- {BLOCKED}this.com
- {BLOCKED}uc.info
- {BLOCKED}ear.com
- {BLOCKED}labs.net
- {BLOCKED}ee.net
- {BLOCKED}hill.net
- {BLOCKED}listint.com
- {BLOCKED}oft.info
- {BLOCKED}sign.com
- {BLOCKED}rthought.com
- {BLOCKED}alking.com
- {BLOCKED}4uall.com
- {BLOCKED}rewards.net
- {BLOCKED}freezone.com
- {BLOCKED}a.com
- {BLOCKED}op.com
- {BLOCKED}ingslist.com
- {BLOCKED}oposal.com
- {BLOCKED}r.com
- {BLOCKED}uyy.com
- {BLOCKED}d.net
- {BLOCKED}onsider.com
- {BLOCKED}omemore.com
- {BLOCKED}tormdoor.com
- {BLOCKED}hole.com
- {BLOCKED}ls.net
- {BLOCKED}ipclub.com
- {BLOCKED}owerty.com
- {BLOCKED}tan.com
- {BLOCKED}v.com
- {BLOCKED}v.com
- {BLOCKED}omisst.com
- {BLOCKED}ssky.com
- {BLOCKED}fog.com
- {BLOCKED}ood.com
- {BLOCKED}urly.com
- {BLOCKED}bird.com
- {BLOCKED}lub.com
- {BLOCKED}or.info
- {BLOCKED}ankk.info
- {BLOCKED}erweb.com
- {BLOCKED}ifts.com
- {BLOCKED}hka.com
- {BLOCKED}re.net
- {BLOCKED}arvalue.net
- {BLOCKED}j.info
情報漏えい
マルウェアは、情報収集する機能を備えていません。
その他
ただし、情報公開日現在、このWebサイトにはアクセスできません。
マルウェアは、自身が以下のプロセスに組み込まれているかを確認します。
- csrss.exe
- explorer.exe
- firefox.exe
- iexplore.exe
- msimn.exe
- msimn.exe
- outlook.exe
- rundll32.exe
- svchost.exe
- winlogon.exe
マルウェアは、ルートキット機能を備えていません。
マルウェアは、脆弱性を利用した感染活動を行いません。
対応方法
手順 1
Windows XP および Windows Server 2003 のユーザは、コンピュータからマルウェアもしくはアドウェア等を完全に削除するために、ウイルス検索の実行前には必ず「システムの復元」を無効にしてください。
手順 2
Windowsをセーフモードで再起動します。
手順 3
このレジストリキーを削除します。
警告:レジストリはWindowsの構成情報が格納されているデータベースであり、レジストリの編集内容に問題があると、システムが正常に動作しなくなる場合があります。
レジストリの編集はお客様の責任で行っていただくようお願いいたします。弊社ではレジストリの編集による如何なる問題に対しても補償いたしかねます。
レジストリの編集前にこちらをご参照ください。
- In HKEY_CLASSES_ROOT
- Oraauqar
- Oraauqar
- In HKEY_CLASSES_ROOT\CLSID
- {A9E3A5E6-A75E-B689-2181-696FC74540D3}
- {A9E3A5E6-A75E-B689-2181-696FC74540D3}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
- {A9E3A5E6-A75E-B689-2181-696FC74540D3}
- {A9E3A5E6-A75E-B689-2181-696FC74540D3}
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
- dgocehqk
- dgocehqk
手順 4
以下のファイルを検索し削除します。
- %System%\bopomofo.uce
- %Windows%\Task\At{random}.job
手順 5
コンピュータを通常モードで再起動し、最新のバージョン(エンジン、パターンファイル)を導入したウイルス対策製品を用い、「TROJ_BOAXXE.KP」と検出したファイルの検索を実行してください。 検出されたファイルが、弊社ウイルス対策製品により既に駆除、隔離またはファイル削除の処理が実行された場合、ウイルスの処理は完了しており、他の削除手順は特にありません。
手順 6
最新のバージョン(エンジン、パターンファイル)を導入したウイルス対策製品を用い、ウイルス検索を実行してください。「TROJ_BOAXXE.KP」と検出したファイルはすべて削除してください。 検出されたファイルが、弊社ウイルス対策製品により既に駆除、隔離またはファイル削除の処理が実行された場合、ウイルスの処理は完了しており、他の削除手順は特にありません。
ご利用はいかがでしたか? アンケートにご協力ください