TROJ_FAKEAV.GXX
Trojan.Win32.FakeAV.rwt
Windows 2000, XP, Server 2003
マルウェアタイプ:
トロイの木馬型
破壊活動の有無:
なし
暗号化:
なし
感染報告の有無 :
はい
概要
マルウェアは、リモートサイトから他の不正プログラムにダウンロードされ、コンピュータに侵入します。
マルウェアは、ユーザの感染を通知する偽の警告を表示します。また、感染したコンピュータの偽のスキャン結果を表示します。スキャンが完了すると、ユーザに製品の購入を要求します。ユーザが偽の製品を購入しようとすると、ユーザを特定のWebサイトに誘導してクレジットカード番号といった個人情報を要求します。
詳細
侵入方法
マルウェアは、リモートサイトから以下の不正プログラムによりダウンロードされ、コンピュータに侵入します。
- TROJ_FAKEAV.SMVK
インストール
マルウェアは、感染したコンピュータ内に以下のように自身のコピーを作成します。
- C:\Documents and Settings\All Users\Application Data\SM{random numbers}_{random numbers}.exe
マルウェアは、以下のフォルダを作成します。
- %Application Data%\Smart Engine
- C:\Documents and Settings\All Users\Application Data\{random characters}
(註:%Application Data%フォルダは、 Windows 2000、XP、Server 2003 の場合 "C:\Documents and Settings\<ユーザ名>\Local Settings\Application Data" 、 Windows NTの場合 "C:\WINNT\Profiles\<ユーザ名>\Application Data"、Windows 98 および MEの場合、"C:\Windows\Profiles\<ユーザ名>\Application Data" です。)
マルウェアは、ランダムなファイル名を用いて以下のディレクトリ内に無害なファイルを作成します。偽のスキャン結果は、作成されたファイルが不正であると表示します。
- %User Profile%\Recent
(註:%User Profile% フォルダは、Windows 98 および MEの場合、"C:\Windows\Profiles\<ユーザ名>"、Windows NTでは、"C:\WINNT\Profiles\<ユーザ名>"、Windows 2000, XP, Server 2003の場合は、"C:\Documents and Settings\<ユーザ名>" です。)
自動実行方法
マルウェアは、自身のコピーがWindows起動時に自動実行されるよう以下のレジストリ値を追加します。
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Smart Engine = "C:\Documents and Settings\All Users\Application Data\{random characters}\SM{random numbers}_{random numbers}.exe" /s /d
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}\
LocalServer32
(default) = C:\Documents and Settings\All Users\Application Data\{random characters}\SM{random numbers}_{random numbers}.exe
他のシステム変更
マルウェアは、以下のレジストリキーを追加します。
HKEY_CLASSES_ROOT\SM{random numbers}_{random numbers}.DocHostUIHandler
HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Internet Settings\
5.0\User Agent
マルウェアは、以下のレジストリ値を追加します。
HKEY_CLASSES_ROOT\Software\Microsoft\
Internet Explorer\SearchScopes
URL = http://findgala.com/?&uid=2116&q={searchTerms}
HKEY_CURRENT_USER\Software\Microsoft\
Internet Explorer\SearchScopes
URL = http://findgala.com/?&uid=2116&q={searchTerms}
HKEY_CURRENT_USER\Software\Classes\
Software\Microsoft\Internet Explorer\
SearchScopes
URL = http://findgala.com/?&uid=2116&q={searchTerms}
HKEY_CURRENT_USER\Software\Microsoft\
Internet Explorer\Download
RunInvalidSignatures = 1
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Internet Settings
UID = 2116
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Internet Settings
ProxyServer = http=127.0.0.1:25520
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Policies\
Explorer
DisallowRun = 1
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Policies\
Explorer\DisallowRun
0 = msseces.exe
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Policies\
Explorer\DisallowRun
1 = MSASCui.exe
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Policies\
Explorer\DisallowRun
2 = ekrn.exe
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Policies\
Explorer\DisallowRun
3 = egui.exe
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Policies\
Explorer\DisallowRun
4 = avgnt.exe
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Policies\
Explorer\DisallowRun
5 = avcenter.exe
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Policies\
Explorer\DisallowRun
6 = avscan.exe
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Policies\
Explorer\DisallowRun
7 = avgfrw.exe
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Policies\
Explorer\DisallowRun
8 = avgui.exe
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Policies\
Explorer\DisallowRun
9 = avgtray.exe
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Policies\
Explorer\DisallowRun
10 = avgscanx.exe
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Policies\
Explorer\DisallowRun
11 = avgcfgex.exe
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Policies\
Explorer\DisallowRun
12 = avgemc.exe
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Policies\
Explorer\DisallowRun
13 = avgchsvx.exe
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Policies\
Explorer\DisallowRun
14 = avgcmgr.exe
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Policies\
Explorer\DisallowRun
15 = avgwdsvc.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\SharedAccess\Parameters\
FirewallPolicy\StandardProfile\AuthorizedApplications\
List
C:\Documents and Settings\All Users\Application Data\{random characters}\SM{random numbers}_{random numbers}.exe = C:\Documents and Settings\All Users\Application Data\{random characters}\SM{random numbers}_{random numbers}.exe:*:Enabled:Smart Engine
HKEY_USERS\.DEFAULT\Software\
Microsoft\Internet Explorer\SearchScopes
URL = http://findgala.com/?&uid=2116&q={searchTerms}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options
Debugger = svchost.exe
作成活動
マルウェアは、以下のファイルを作成します。
- %Application Data%\Microsoft\Internet Explorer\Quick Launch\Smart Engine.lnk
- %Desktop%\Smart Engine.lnk
- %Start Menu%\Smart Engine.lnk
- %Start Menu%\Programs\Smart Engine.lnk
(註:%Application Data%フォルダは、 Windows 2000、XP、Server 2003 の場合 "C:\Documents and Settings\<ユーザ名>\Local Settings\Application Data" 、 Windows NTの場合 "C:\WINNT\Profiles\<ユーザ名>\Application Data"、Windows 98 および MEの場合、"C:\Windows\Profiles\<ユーザ名>\Application Data" です。. %Desktop%フォルダは、Windows 98 および MEの場合、通常 "C:\Windows\Profiles\<ユーザ名>\デスクトップ" です。 Windows NTの場合、"C:\WINNT\Profiles\<ユーザ名>\デスクトップ"、Windows 2000、XP、Server 2003の場合は "C:\Documents and Settings\<ユーザ名>\デスクトップ" です。. %Start Menu%フォルダは、通常、Windows 98 および MEの場合、"C:\Windows\Profiles\<ユーザ名>\Start Menu" 、Windows NTの場合、"C:\WINNT\Profiles\<ユーザ名>\Start Menu "、Windows 2000、XP、Server 2003の場合、"C:\Windows\Start Menu" および "C:\Documents and Settings\<ユーザ名>\Start Menu " です。)
HOSTSファイルの改変
マルウェアは、WindowsのHOSTSファイルに以下の文字列を追加します。
- 74.125.45.100 www.getantivirusplusnow.com
- 74.125.45.100 www.secure-plus-payments.com
- 74.125.45.100 www.getavplusnow.com
- 74.125.45.100 safebrowsing-cache.google.com
- 74.125.45.100 urs.microsoft.com
- 74.125.45.100 www.securesoftwarebill.com
- 74.125.45.100 secure.paysecuresystem.com
- 74.125.45.100 paysoftbillsolution.com
- 74.125.45.100 protected.maxisoftwaremart.com
- 64.46.38.209 www.google.com
- 64.46.38.209 google.com
- 64.46.38.209 google.com.au
- 64.46.38.209 www.google.com.au
- 64.46.38.209 google.be
- 64.46.38.209 www.google.be
- 64.46.38.209 google.com.br
- 64.46.38.209 www.google.com.br
- 64.46.38.209 google.ca
- 64.46.38.209 www.google.ca
- 64.46.38.209 google.ch
- 64.46.38.209 www.google.ch
- 64.46.38.209 google.de
- 64.46.38.209 www.google.de
- 64.46.38.209 google.dk
- 64.46.38.209 www.google.dk
- 64.46.38.209 google.fr
- 64.46.38.209 www.google.fr
- 64.46.38.209 google.ie
- 64.46.38.209 www.google.ie
- 64.46.38.209 google.it
- 64.46.38.209 www.google.it
- 64.46.38.209 google.co.jp
- 64.46.38.209 www.google.co.jp
- 64.46.38.209 google.nl
- 64.46.38.209 www.google.nl
- 64.46.38.209 google.no
- 64.46.38.209 www.google.no
- 64.46.38.209 google.co.nz
- 64.46.38.209 www.google.co.nz
- 64.46.38.209 google.pl
- 64.46.38.209 www.google.pl
- 64.46.38.209 google.se
- 64.46.38.209 www.google.se
- 64.46.38.209 google.co.uk
- 64.46.38.209 www.google.co.uk
- 64.46.38.209 google.co.za
- 64.46.38.209 www.google.co.za
- 64.46.38.209 www.google-analytics.com
- 64.46.38.209 www.bing.com
- 64.46.38.209 search.yahoo.com
- 64.46.38.209 www.search.yahoo.com
- 64.46.38.209 uk.search.yahoo.com
- 64.46.38.209 ca.search.yahoo.com
- 64.46.38.209 de.search.yahoo.com
- 64.46.38.209 fr.search.yahoo.com
- 64.46.38.209 au.search.yahoo.com
- 64.46.38.209 www.youtube.com
その他
このマルウェアのコードから、マルウェアは、以下の機能を備えています。
- It also creates a registry entry for certain application names located under the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- The created entry contains the following data value:
Debugger = "svchost.exe"
Affected application keys are as follows:
- AAWTray.exe
- AVCare.exe
- AVENGINE.EXE
- AVWEBGRD.EXE
- About.exe
- Ad-Aware.exe
- AdwarePrj.exe
- AlphaAV
- AlphaAV.exe
- AluSchedulerSvc.exe
- Anti-Virus Professional.exe
- AntiVirus_Pro.exe
- AntispywarXP2009.exe
- AntivirusPlus
- AntivirusPlus.exe
- AntivirusPro_2010.exe
- AntivirusXP
- AntivirusXP.exe
- Arrakis3.exe
- BDInProcPatch.exe
- BDMsnScan.exe
- BDSurvey.exe
- Cl.exe
- History.exe
- IEShow.exe
- Identity.exe
- JsRcGen.exe
- MPFSrv.exe
- MSASCui.exe
- MalwareRemoval.exe
- McSACore.exe
- MsMpEng.exe
- OAReg.exe
- OAcat.exe
- OAhlp.exe
- ODSW.exe
- OcHealthMon.exe
- PC_Antispyware2010.exe
- PSANCU.exe
- PSANHost.exe
- PSANToManager.exe
- PSUNMain.exe
- PavFnSvr.exe
- PerAvir.exe
- PsCtrls.exe
- PsImSvc.exe
- PskSvc.exe
- Quick Heal.exe
- QuickHealCleaner.exe
- SafetyKeeper.exe
- Save.exe
- SaveArmor.exe
- SaveDefense.exe
- SaveKeep.exe
- Secure Veteran.exe
- Security Center.exe
- SecurityFighter.exe
- SoftSafeness.exe
- TPSrv.exe
- TrustWarrior.exe
- VisthAux.exe
- VisthLic.exe
- VisthUpd.exe
- W3asbas.exe
- WebProxy.exe
- WinSSUI.exe
- _avp32.exe
- _avpcc.exe
- _avpm.exe
- a.exe
- aAvgApi.exe
- ackwin32.exe
- adaware.exe
- advxdwin.exe
- agent.exe
- agentsvr.exe
- agentw.exe
- alertsvc.exe
- alevir.exe
- alogserv.exe
- amon9x.exe
- anti-trojan.exe
- antivirus.exe
- antivirusxppro2009.exe
- ants.exe
- apimonitor.exe
- aplica32.exe
- apvxdwin.exe
- arr.exe
- ashAvast.exe
- ashBug.exe
- ashChest.exe
- ashCnsnt.exe
- ashDisp.exe
- ashLogV.exe
- ashMaiSv.exe
- ashPopWz.exe
- ashQuick.exe
- ashServ.exe
- ashSimp2.exe
- ashSimpl.exe
- ashSkPcc.exe
- ashSkPck.exe
- ashUpd.exe
- ashWebSv.exe
- aswChLic.exe
- aswRegSvr.exe
- aswRunDll.exe
- aswUpdSv.exe
- atcon.exe
- atguard.exe
- atro55en.exe
- atupdater.exe
- atwatch.exe
- au.exe
- aupdate.exe
- auto-protect.nav80try.exe
- autodown.exe
- autotrace.exe
- autoupdate.exe
- av360.exe
- avadmin.exe
- avcenter.exe
- avciman.exe
- avconfig.exe
- avconsol.exe
- ave32.exe
- avgcc32.exe
- avgchk.exe
- avgcmgr.exe
- avgcsrvx.exe
- avgctrl.exe
- avgdumpx.exeii
- avgemc.exei
- avgiproxy.exe
- avgnsx.exe
- avgnt.exe
- avgrsx.exe
- avgscanx.exe
- avgserv.exe
- avgserv9.exe
- avgsrmax.exe
- avgtray.exe
- avgui.exe
- avgupd.exe
- avgw.exe
- avgwdsvc.exe
- avkpop.exe
- avkserv.exe
- avkservice.exe
- avkwctl9.exe
- avltmain.exe
- avmailc.exe
- avmcdlg.exe
- avnotify.exe
- avnt.exe
- avp32.exe
- avpcc.exe
- avpdos32.exe
- avpm.exe
- avptc32.exe
- avpupd.exe
- avsched32.exe
- avsynmgr.exe
- avupgsvc.exe
- avwin.exe
- avwin95.exe
- avwinnt.exe
- avwsc.exe
- avwupd.exe
- avwupd32.exe
- avwupsrv.exe
- avxmonitor9x.exe
- avxmonitornt.exe
- avxquar.exe
- b.exe
- backweb.exe
- bargains.exe
- bd_professional.exe
- bdagent.exe
- bdfvcl.exe
- bdfvwiz.exe
- bdmcon.exe
- bdreinit.exe
- bdsubwiz.exe
- bdtkexec.exe
- bdwizreg.exe
- beagle.exe
- belt.exe
- bidef.exe
- bidserver.exe
- bipcp.exe
- bipcpevalsetup.exe
- bisp.exe
- blackd.exe
- blackice.exe
- blink.exe
- blss.exe
- bootconf.exe
- bootwarn.exe
- borg2.exe
- bpc.exe
- brasil.exe
- brastk.exe
- brw.exe
- bs120.exe
- bspatch.exe
- bundle.exe
- bvt.exe
- c.exe
- cavscan.exe
- ccSvcHst.exe
- ccapp.exe
- ccevtmgr.exe
- ccpxysvc.exe
- cdp.exe
- cfd.exe
- cfgwiz.exe
- cfiadmin.exe
- cfiaudit.exe
- cfinet.exe
- cfinet32.exe
- cfp.exe
- cfpconfg.exe
- cfplogvw.exe
- cfpupdat.exe
- claw95.exe
- claw95cf.exe
- clean.exe
- cleanIELow.exe
- cleaner.exe
- cleaner3.exe
- cleanpc.exe
- click.exe
- cmd32.exe
- cmdagent.exe
- cmesys.exe
- cmgrdian.exe
- cmon016.exe
- connectionmonitor.exe
- control
- cpd.exe
- cpf9x206.exe
- cpfnt206.exe
- crashrep.exe
- csc.exe
- cssconfg.exe
- cssupdat.exe
- cssurf.exe
- ctrl.exe
- cv.exe
- cwnb181.exe
- cwntdwmo.exe
- d.exe
- datemanager.exe
- dcomx.exe
- defalert.exe
- defscangui.exe
- defwatch.exe
- deloeminfs.exe
- deputy.exe
- divx.exe
- dllcache.exe
- dllreg.exe
- doors.exe
- dop.exe
- dpf.exe
- dpfsetup.exe
- dpps2.exe
- driverctrl.exe
- drwatson.exe
- drweb32.exe
- drwebupw.exe
- dssagent.exe
- dvp95.exe
- dvp95_0.exe
- ecengine.exe
- efpeadm.exe
- egui.exe
- ekrn.exe
- emsw.exe
- ent.exe
- esafe.exe
- escanhnt.exe
- escanv95.exe
- espwatch.exe
- ethereal.exe
- etrustcipe.exe
- evpn.exe
- exantivirus-cnet.exe
- exe.avxw.exe
- expert.exe
- explore.exe
- f-agnt95.exe
- f-prot.exe
- f-prot95.exe
- f-stopw.exe
- fact.exe
- fameh32.exe
- fast.exe
- fch32.exe
- fih32.exe
- findviru.exe
- firewall.exe
- fixcfg.exe
- fixfp.exe
- fnrb32.exe
- fp-win.exe
- fp-win_trial.exe
- fprot.exe
- frmwrk32.exe
- frw.exe
- fsaa.exe
- fsav.exe
- fsav32.exe
- fsav530stbyb.exe
- fsav530wtbyb.exe
- fsav95.exe
- fsgk32.exe
- fsm32.exe
- fsma32.exe
- fsmb32.exe
- gator.exe
- gav.exe
- gbmenu.exe
- gbn976rl.exe
- gbpoll.exe
- generics.exe
- gmt.exe
- guard.exe
- guarddog.exe
- guardgui.exe
- hacktracersetup.exe
- hbinst.exe
- hbsrv.exe
- homeav2010.exe
- hotactio.exe
- hotpatch.exe
- htlog.exe
- htpatch.exe
- hwpe.exe
- hxdl.exe
- hxiul.exe
- iamapp.exe
- iamserv.exe
- iamstats.exe
- ibmasn.exe
- ibmavsp.exe
- icload95.exe
- icloadnt.exe
- icmon.exe
- icsupp95.exe
- icsuppnt.exe
- idle.exe
- iedll.exe
- iedriver.exe
- iface.exe
- ifw2000.exe
- inetlnfo.exe
- infus.exe
- infwin.exe
- init.exe
- init32.exe
- install.exe
- install[1].exe
- install[2].exe
- install[3].exe
- install[4].exe
- install[5].exe
- intdel.exe
- intren.exe
- iomon98.exe
- istsvc.exe
- jammer.exe
- jdbgmrg.exe
- jedi.exe
- kavlite40eng.exe
- kavpers40eng.exe
- kavpf.exe
- kazza.exe
- keenvalue.exe
- kerio-pf-213-en-win.exe
- kerio-wrl-421-en-win.exe
- kerio-wrp-421-en-win.exe
- killprocesssetup161.exe
- ldnetmon.exe
- ldpro.exe
- ldpromenu.exe
- ldscan.exe
- licmgr.exe
- livesrv.exe
- lnetinfo.exe
- loader.exe
- localnet.exe
- lockdown.exe
- lockdown2000.exe
- lookout.exe
- lordpe.exe
- lsetup.exe
- luall.exe
- luau.exe
- lucomserver.exe
- luinit.exe
- luspt.exe
- mapisvc32.exe
- mcagent.exe
- mcmnhdlr.exe
- mcmscsvc.exe
- mcnasvc.exe
- mcproxy.exe
- mcshell.exe
- mcshield.exe
- mcsysmon.exe
- mctool.exe
- mcupdate.exe
- mcvsrte.exe
- mcvsshld.exe
- md.exe
- mfin32.exe
- mfw2en.exe
- mfweng3.02d30.exe
- mgavrtcl.exe
- mgavrte.exe
- mghtml.exe
- mgui.exe
- minilog.exe
- mmod.exe
- monitor.exe
- moolive.exe
- mostat.exe
- mpfagent.exe
- mpfservice.exe
- mpftray.exe
- mrflux.exe
- mrt.exe
- msa.exe
- msapp.exe
- msbb.exe
- msblast.exe
- mscache.exe
- msccn32.exe
- mscman.exe
- msconfig
- msdm.exe
- msdos.exe
- msfwsvc.exe
- msiexec16.exe
- mslaugh.exe
- msmgt.exe
- msmsgri32.exe
- msseces.exe
- mssmmc32.exe
- mssys.exe
- msvxd.exe
- mu0311ad.exe
- mwatch.exe
- n32scanw.exe
- nav.exe
- navap.navapsvc.exe
- navapsvc.exe
- navapw32.exe
- navdx.exe
- navlu32.exe
- navnt.exe
- navstub.exe
- navw32.exe
- navwnt.exe
- nc2000.exe
- ncinst4.exe
- ndd32.exe
- neomonitor.exe
- neowatchlog.exe
- netarmor.exe
- netd32.exe
- netinfo.exe
- netmon.exe
- netscanpro.exe
- netspyhunter-1.2.exe
- netutils.exe
- nisserv.exe
- nisum.exe
- nmain.exe
- nod32.exe
- normist.exe
- norton_internet_secu_3.0_407.exe
- notstart.exe
- npf40_tw_98_nt_me_2k.exe
- npfmessenger.exe
- nprotect.exe
- npscheck.exe
- npssvc.exe
- nsched32.exe
- nssys32.exe
- nstask32.exe
- nsupdate.exe
- nt.exe
- ntrtscan.exe
- ntvdm.exe
- ntxconfig.exe
- nui.exe
- nupgrade.exe
- nvarch16.exe
- nvc95.exe
- nvsvc32.exe
- nwinst4.exe
- nwservice.exe
- nwtool16.exe
- oasrv.exe
- oaui.exe
- oaview.exe
- ollydbg.exe
- onsrvr.exe
- optimize.exe
- ostronet.exe
- otfix.exe
- outpost.exe
- outpostinstall.exe
- outpostproinstall.exe
- ozn695m5.exe
- padmin.exe
- panixk.exe
- patch.exe
- pav.exe
- pavcl.exe
- pavproxy.exe
- pavprsrv.exe
- pavsched.exe
- pavsrv51.exe
- pavw.exe
- pc.exe
- pccwin98.exe
- pcfwallicon.exe
- pcip10117_0.exe
- pcscan.exe
- pctsAuxs.exe
- pctsGui.exe
- pctsSvc.exe
- pctsTray.exe
- pdfndr.exe
- pdsetup.exe
- periscope.exe
- persfw.exe
- personalguard
- personalguard.exe
- perswf.exe
- pf2.exe
- pfwadmin.exe
- pgmonitr.exe
- pingscan.exe
- platin.exe
- pop3trap.exe
- poproxy.exe
- popscan.exe
- portdetective.exe
- portmonitor.exe
- powerscan.exe
- ppinupdt.exe
- pptbc.exe
- ppvstop.exe
- prizesurfer.exe
- prmt.exe
- prmvr.exe
- procdump.exe
- processmonitor.exe
- procexplorerv1.0.exe
- programauditor.exe
- proport.exe
- protector.exe
- protectx.exe
- pspf.exe
- purge.exe
- qconsole.exe
- qh.exe
- qserver.exe
- rapapp.exe
- rav7.exe
- rav7win.exe
- rav8win32eng.exe
- ray.exe
- rb32.exe
- rcsync.exe
- realmon.exe
- reged.exe
- regedt32.exe
- rescue.exe
- rescue32.exe
- rrguard.exe
- rscdwld.exe
- rshell.exe
- rtvscan.exe
- rtvscn95.exe
- rulaunch.exe
- rwg
- rwg.exei
- safeweb.exe
- sahagent.exe
- savenow.exe
- sbserv.exe
- sc.exe
- scam32.exe
- scan32.exe
- scan95.exe
- scanpm.exe
- scrscan.exe
- seccenter.exe
- secureveteran.exe
- securitysoldier.exe
- serv95.exe
- setloadorder.exe
- setup_flowprotector_us.exe
- setupvameeval.exe
- sgssfw32.exe
- sh.exe
- shellspyinstall.exe
- shield.exe
- shn.exe
- showbehind.exe
- signcheck.exe
- smart.exe
- smartprotector.exe
- smc.exe
- smrtdefp.exe
- sms.exe
- smss32.exe
- snetcfg.exe
- soap.exe
- sofi.exe
- sperm.exe
- spf.exe
- sphinx.exe
- spoler.exe
- spoolcv.exe
- spoolsv32.exe
- spywarexpguard.exe
- spyxx.exe
- srexe.exe
- srng.exe
- ss3edit.exe
- ssg_4104.exe
- ssgrate.exe
- st2.exe
- start.exe
- stcloader.exe
- supftrl.exe
- support.exe
- supporter5.exe
- svc.exe
- svchostc.exe
- svchosts.exe
- svshost.exe
- sweep95.exe
- sweepnet.sweepsrv.sys.swnetsup.exe
- symlcsvc.exe
- symproxysvc.exe
- symtray.exe
- system.exe
- system32.exe
- sysupd.exe
- tapinstall.exe
- taskmgr.exe
- taumon.exe
- tbscan.exe
- tc.exe
- tca.exe
- tcm.exe
- tds-3.exe
- tds2-98.exe
- tds2-nt.exe
- teekids.exe
- tfak.exe
- tfak5.exe
- tgbob.exe
- titanin.exe
- titaninxp.exe
- trickler.exe
- trjscan.exe
- trjsetup.exe
- trojantrap3.exe
- tsadbot.exe
- tsc.exe
- tvmd.exe
- tvtmd.exe
- uiscan.exe
- undoboot.exe
- updat.exe
- upgrad.exe
- upgrepl.exe
- utpost.exe
- vbcmserv.exe
- vbcons.exe
- vbust.exe
- vbwin9x.exe
- vbwinntw.exe
- vcsetup.exe
- vet32.exe
- vet95.exe
- vettray.exe
- vfsetup.exe
- vir-help.exe
- virusmdpersonalfirewall.exe
- vnlan300.exe
- vnpc3000.exe
- vpc32.exe
- vpc42.exe
- vpfw30s.exe
- vptray.exe
- vscan40.exe
- vscenu6.02d30.exe
- vsched.exe
- vsecomr.exe
- vshwin32.exe
- vsisetup.exe
- vsmain.exe
- vsmon.exe
- vsserv.exe
- vsstat.exe
- vswin9xe.exe
- vswinntse.exe
- vswinperse.exe
- w32dsm89.exe
- w9x.exe
- watchdog.exe
- webdav.exe
- webscanx.exe
- webtrap.exe
- wfindv32.exe
- whoswatchingme.exe
- wimmun32.exe
- win-bugsfix.exe
- win32.exe
- win32us.exe
- winactive.exe
- winav.exe
- windll32.exe
- window.exe
- windows Police Pro.exe
- windows.exe
- wininetd.exe
- wininitx.exe
- winlogin.exe
- winmain.exe
- winppr32.exe
- winrecon.exe
- winservn.exe
- winss.exe
- winssk32.exe
- winssnotify.exe
- winstart.exe
- winstart001.exe
- wintsk32.exe
- winupdate.exe
- wkufind.exe
- wnad.exe
- wnt.exe
- wradmin.exe
- wrctrl.exe
- wsbgate.exe
- wscfxas.exe
- wscfxav.exe
- wscfxfw.exe
- wsctool.exe
- wupdater.exe
- wupdt.exe
- wyvernworksfirewall.exe
- xp_antispyware.exe
- xpdeluxe.exe
- xpf202en.exe
- zapro.exe
- zapsetup3001.exe
- zatutor.exe
- zonalm2601.exe
- zonealarm.exe
- ~1.exe
- ~2.exe
偽セキュリティソフト型不正プログラムによる不正活動
マルウェアは、ユーザの感染を通知する偽の警告を表示します。また、感染したコンピュータの偽のスキャン結果を表示します。スキャンが完了すると、ユーザに製品の購入を要求します。ユーザが偽の製品を購入しようとすると、ユーザを特定のWebサイトに誘導してクレジットカード番号といった個人情報を要求します。
対応方法
手順 1
Windows XP および Windows Server 2003 のユーザは、コンピュータからマルウェアもしくはアドウェア等を完全に削除するために、ウイルス検索の実行前には必ず「システムの復元」を無効にしてください。
手順 2
この「TROJ_FAKEAV.GXX」が作成、あるいは、ダウンロードした以下のファイルを検索し、検索した場合は削除してください。
- TROJ_FAKEAV.SMVK
手順 3
このマルウェアのパス名およびファイル名を確認します。
最新のバージョン(エンジン、パターンファイル)を導入したウイルス対策製品を用いてウイルス検索を実行してください。「TROJ_FAKEAV.GXX」で検出したパス名およびファイル名を確認し、メモ等をとってください。
手順 4
Windowsをセーフモードで再起動します。
手順 5
このレジストリ値を削除します。
警告:レジストリはWindowsの構成情報が格納されているデータベースであり、レジストリの編集内容に問題があると、システムが正常に動作しなくなる場合があります。
レジストリの編集はお客様の責任で行っていただくようお願いいたします。弊社ではレジストリの編集による如何なる問題に対しても補償いたしかねます。
レジストリの編集前にこちらをご参照ください。
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- Smart Engine = C:\Documents and Settings\All Users\Application Data\{random characters}\SM{random numbers}_{random numbers}.exe /s /d
- Smart Engine = C:\Documents and Settings\All Users\Application Data\{random characters}\SM{random numbers}_{random numbers}.exe /s /d
- In HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes
- URL = http://findgala.com/?&uid=2116&q={searchTerms}
- URL = http://findgala.com/?&uid=2116&q={searchTerms}
- In HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes
- URL = http://findgala.com/?&uid=2116&q={searchTerms}
- URL = http://findgala.com/?&uid=2116&q={searchTerms}
- In HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes
- URL = http://findgala.com/?&uid=2116&q={searchTerms}
- URL = http://findgala.com/?&uid=2116&q={searchTerms}
- In HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download
- RunInvalidSignatures = 1
- RunInvalidSignatures = 1
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
- UID = 2116
- UID = 2116
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
- ProxyServer = http=127.0.0.1:25520
- ProxyServer = http=127.0.0.1:25520
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
- DisallowRun = 1
- DisallowRun = 1
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
- 0 = msseces.exe
- 0 = msseces.exe
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
- 1 = MSASCui.exe
- 1 = MSASCui.exe
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
- 2 = ekrn.exe
- 2 = ekrn.exe
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
- 3 = egui.exe
- 3 = egui.exe
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
- 4 = avgnt.exe
- 4 = avgnt.exe
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
- 5 = avcenter.exe
- 5 = avcenter.exe
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
- 6 = avscan.exe
- 6 = avscan.exe
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
- 7 = avgfrw.exe
- 7 = avgfrw.exe
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
- 8 = avgui.exe
- 8 = avgui.exe
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
- 9 = avgtray.exe
- 9 = avgtray.exe
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
- 10 = avgscanx.exe
- 10 = avgscanx.exe
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
- 11 = avgcfgex.exe
- 11 = avgcfgex.exe
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
- 12 = avgemc.exe
- 12 = avgemc.exe
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
- 13 = avgchsvx.exe
- 13 = avgchsvx.exe
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
- 14 = avgcmgr.exe
- 14 = avgcmgr.exe
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun
- 15 = avgwdsvc.exe
- 15 = avgwdsvc.exe
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
- C:\Documents and Settings\All Users\Application Data\{random characters}\SM{random numbers}_{random numbers}.exe = C:\Documents and Settings\All Users\Application Data\{random characters}\SM{random numbers}_{random numbers}.exe:*:Enabled:Smart Engine
- C:\Documents and Settings\All Users\Application Data\{random characters}\SM{random numbers}_{random numbers}.exe = C:\Documents and Settings\All Users\Application Data\{random characters}\SM{random numbers}_{random numbers}.exe:*:Enabled:Smart Engine
- In HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes
- URL = http://findgala.com/?&uid=2116&q={searchTerms}
- URL = http://findgala.com/?&uid=2116&q={searchTerms}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- Debugger = svchost.exe
- Debugger = svchost.exe
手順 6
このレジストリキーを削除します。
警告:レジストリはWindowsの構成情報が格納されているデータベースであり、レジストリの編集内容に問題があると、システムが正常に動作しなくなる場合があります。
レジストリの編集はお客様の責任で行っていただくようお願いいたします。弊社ではレジストリの編集による如何なる問題に対しても補償いたしかねます。
レジストリの編集前にこちらをご参照ください。
- In HKEY_CLASSES_ROOT
- SM{random numbers}_{random numbers}.DocHostUIHandler
- SM{random numbers}_{random numbers}.DocHostUIHandler
- In HKEY_CLASSES_ROOT\CLSID
- {3F2BBC05-40DF-11D2-9455-00104BC936FF}
- {3F2BBC05-40DF-11D2-9455-00104BC936FF}
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0
- User Agent
- User Agent
手順 7
このレジストリ値を削除します。
警告:レジストリはWindowsの構成情報が格納されているデータベースであり、レジストリの編集内容に問題があると、システムが正常に動作しなくなる場合があります。
レジストリの編集はお客様の責任で行っていただくようお願いいたします。弊社ではレジストリの編集による如何なる問題に対しても補償いたしかねます。
レジストリの編集前にこちらをご参照ください。
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\{Application Key}
- Debugger = svchost.exe
Note that {Application Key} refers to the following:- AAWTray.exe
- AVCare.exe
- AVENGINE.EXE
- AVWEBGRD.EXE
- About.exe
- Ad-Aware.exe
- AdwarePrj.exe
- AlphaAV
- AlphaAV.exe
- AluSchedulerSvc.exe
- Anti-Virus Professional.exe
- AntiVirus_Pro.exe
- AntispywarXP2009.exe
- AntivirusPlus
- AntivirusPlus.exe
- AntivirusPro_2010.exe
- AntivirusXP
- AntivirusXP.exe
- Arrakis3.exe
- BDInProcPatch.exe
- BDMsnScan.exe
- BDSurvey.exe
- Cl.exe
- History.exe
- IEShow.exe
- Identity.exe
- JsRcGen.exe
- MPFSrv.exe
- MSASCui.exe
- MalwareRemoval.exe
- McSACore.exe
- MsMpEng.exe
- OAReg.exe
- OAcat.exe
- OAhlp.exe
- ODSW.exe
- OcHealthMon.exe
- PC_Antispyware2010.exe
- PSANCU.exe
- PSANHost.exe
- PSANToManager.exe
- PSUNMain.exe
- PavFnSvr.exe
- PerAvir.exe
- PsCtrls.exe
- PsImSvc.exe
- PskSvc.exe
- Quick Heal.exe
- QuickHealCleaner.exe
- SafetyKeeper.exe
- Save.exe
- SaveArmor.exe
- SaveDefense.exe
- SaveKeep.exe
- Secure Veteran.exe
- Security Center.exe
- SecurityFighter.exe
- SoftSafeness.exe
- TPSrv.exe
- TrustWarrior.exe
- VisthAux.exe
- VisthLic.exe
- VisthUpd.exe
- W3asbas.exe
- WebProxy.exe
- WinSSUI.exe
- _avp32.exe
- _avpcc.exe
- _avpm.exe
- a.exe
- aAvgApi.exe
- ackwin32.exe
- adaware.exe
- advxdwin.exe
- agent.exe
- agentsvr.exe
- agentw.exe
- alertsvc.exe
- alevir.exe
- alogserv.exe
- amon9x.exe
- anti-trojan.exe
- antivirus.exe
- antivirusxppro2009.exe
- ants.exe
- apimonitor.exe
- aplica32.exe
- apvxdwin.exe
- arr.exe
- ashAvast.exe
- ashBug.exe
- ashChest.exe
- ashCnsnt.exe
- ashDisp.exe
- ashLogV.exe
- ashMaiSv.exe
- ashPopWz.exe
- ashQuick.exe
- ashServ.exe
- ashSimp2.exe
- ashSimpl.exe
- ashSkPcc.exe
- ashSkPck.exe
- ashUpd.exe
- ashWebSv.exe
- aswChLic.exe
- aswRegSvr.exe
- aswRunDll.exe
- aswUpdSv.exe
- atcon.exe
- atguard.exe
- atro55en.exe
- atupdater.exe
- atwatch.exe
- au.exe
- aupdate.exe
- auto-protect.nav80try.exe
- autodown.exe
- autotrace.exe
- autoupdate.exe
- av360.exe
- avadmin.exe
- avcenter.exe
- avciman.exe
- avconfig.exe
- avconsol.exe
- ave32.exe
- avgcc32.exe
- avgchk.exe
- avgcmgr.exe
- avgcsrvx.exe
- avgctrl.exe
- avgdumpx.exeii
- avgemc.exei
- avgiproxy.exe
- avgnsx.exe
- avgnt.exe
- avgrsx.exe
- avgscanx.exe
- avgserv.exe
- avgserv9.exe
- avgsrmax.exe
- avgtray.exe
- avgui.exe
- avgupd.exe
- avgw.exe
- avgwdsvc.exe
- avkpop.exe
- avkserv.exe
- avkservice.exe
- avkwctl9.exe
- avltmain.exe
- avmailc.exe
- avmcdlg.exe
- avnotify.exe
- avnt.exe
- avp32.exe
- avpcc.exe
- avpdos32.exe
- avpm.exe
- avptc32.exe
- avpupd.exe
- avsched32.exe
- avsynmgr.exe
- avupgsvc.exe
- avwin.exe
- avwin95.exe
- avwinnt.exe
- avwsc.exe
- avwupd.exe
- avwupd32.exe
- avwupsrv.exe
- avxmonitor9x.exe
- avxmonitornt.exe
- avxquar.exe
- b.exe
- backweb.exe
- bargains.exe
- bd_professional.exe
- bdagent.exe
- bdfvcl.exe
- bdfvwiz.exe
- bdmcon.exe
- bdreinit.exe
- bdsubwiz.exe
- bdtkexec.exe
- bdwizreg.exe
- beagle.exe
- belt.exe
- bidef.exe
- bidserver.exe
- bipcp.exe
- bipcpevalsetup.exe
- bisp.exe
- blackd.exe
- blackice.exe
- blink.exe
- blss.exe
- bootconf.exe
- bootwarn.exe
- borg2.exe
- bpc.exe
- brasil.exe
- brastk.exe
- brw.exe
- bs120.exe
- bspatch.exe
- bundle.exe
- bvt.exe
- c.exe
- cavscan.exe
- ccSvcHst.exe
- ccapp.exe
- ccevtmgr.exe
- ccpxysvc.exe
- cdp.exe
- cfd.exe
- cfgwiz.exe
- cfiadmin.exe
- cfiaudit.exe
- cfinet.exe
- cfinet32.exe
- cfp.exe
- cfpconfg.exe
- cfplogvw.exe
- cfpupdat.exe
- claw95.exe
- claw95cf.exe
- clean.exe
- cleanIELow.exe
- cleaner.exe
- cleaner3.exe
- cleanpc.exe
- click.exe
- cmd32.exe
- cmdagent.exe
- cmesys.exe
- cmgrdian.exe
- cmon016.exe
- connectionmonitor.exe
- control
- cpd.exe
- cpf9x206.exe
- cpfnt206.exe
- crashrep.exe
- csc.exe
- cssconfg.exe
- cssupdat.exe
- cssurf.exe
- ctrl.exe
- cv.exe
- cwnb181.exe
- cwntdwmo.exe
- d.exe
- datemanager.exe
- dcomx.exe
- defalert.exe
- defscangui.exe
- defwatch.exe
- deloeminfs.exe
- deputy.exe
- divx.exe
- dllcache.exe
- dllreg.exe
- doors.exe
- dop.exe
- dpf.exe
- dpfsetup.exe
- dpps2.exe
- driverctrl.exe
- drwatson.exe
- drweb32.exe
- drwebupw.exe
- dssagent.exe
- dvp95.exe
- dvp95_0.exe
- ecengine.exe
- efpeadm.exe
- egui.exe
- ekrn.exe
- emsw.exe
- ent.exe
- esafe.exe
- escanhnt.exe
- escanv95.exe
- espwatch.exe
- ethereal.exe
- etrustcipe.exe
- evpn.exe
- exantivirus-cnet.exe
- exe.avxw.exe
- expert.exe
- explore.exe
- f-agnt95.exe
- f-prot.exe
- f-prot95.exe
- f-stopw.exe
- fact.exe
- fameh32.exe
- fast.exe
- fch32.exe
- fih32.exe
- findviru.exe
- firewall.exe
- fixcfg.exe
- fixfp.exe
- fnrb32.exe
- fp-win.exe
- fp-win_trial.exe
- fprot.exe
- frmwrk32.exe
- frw.exe
- fsaa.exe
- fsav.exe
- fsav32.exe
- fsav530stbyb.exe
- fsav530wtbyb.exe
- fsav95.exe
- fsgk32.exe
- fsm32.exe
- fsma32.exe
- fsmb32.exe
- gator.exe
- gav.exe
- gbmenu.exe
- gbn976rl.exe
- gbpoll.exe
- generics.exe
- gmt.exe
- guard.exe
- guarddog.exe
- guardgui.exe
- hacktracersetup.exe
- hbinst.exe
- hbsrv.exe
- homeav2010.exe
- hotactio.exe
- hotpatch.exe
- htlog.exe
- htpatch.exe
- hwpe.exe
- hxdl.exe
- hxiul.exe
- iamapp.exe
- iamserv.exe
- iamstats.exe
- ibmasn.exe
- ibmavsp.exe
- icload95.exe
- icloadnt.exe
- icmon.exe
- icsupp95.exe
- icsuppnt.exe
- idle.exe
- iedll.exe
- iedriver.exe
- iface.exe
- ifw2000.exe
- inetlnfo.exe
- infus.exe
- infwin.exe
- init.exe
- init32.exe
- install.exe
- install[1].exe
- install[2].exe
- install[3].exe
- install[4].exe
- install[5].exe
- intdel.exe
- intren.exe
- iomon98.exe
- istsvc.exe
- jammer.exe
- jdbgmrg.exe
- jedi.exe
- kavlite40eng.exe
- kavpers40eng.exe
- kavpf.exe
- kazza.exe
- keenvalue.exe
- kerio-pf-213-en-win.exe
- kerio-wrl-421-en-win.exe
- kerio-wrp-421-en-win.exe
- killprocesssetup161.exe
- ldnetmon.exe
- ldpro.exe
- ldpromenu.exe
- ldscan.exe
- licmgr.exe
- livesrv.exe
- lnetinfo.exe
- loader.exe
- localnet.exe
- lockdown.exe
- lockdown2000.exe
- lookout.exe
- lordpe.exe
- lsetup.exe
- luall.exe
- luau.exe
- lucomserver.exe
- luinit.exe
- luspt.exe
- mapisvc32.exe
- mcagent.exe
- mcmnhdlr.exe
- mcmscsvc.exe
- mcnasvc.exe
- mcproxy.exe
- mcshell.exe
- mcshield.exe
- mcsysmon.exe
- mctool.exe
- mcupdate.exe
- mcvsrte.exe
- mcvsshld.exe
- md.exe
- mfin32.exe
- mfw2en.exe
- mfweng3.02d30.exe
- mgavrtcl.exe
- mgavrte.exe
- mghtml.exe
- mgui.exe
- minilog.exe
- mmod.exe
- monitor.exe
- moolive.exe
- mostat.exe
- mpfagent.exe
- mpfservice.exe
- mpftray.exe
- mrflux.exe
- mrt.exe
- msa.exe
- msapp.exe
- msbb.exe
- msblast.exe
- mscache.exe
- msccn32.exe
- mscman.exe
- msconfig
- msdm.exe
- msdos.exe
- msfwsvc.exe
- msiexec16.exe
- mslaugh.exe
- msmgt.exe
- msmsgri32.exe
- msseces.exe
- mssmmc32.exe
- mssys.exe
- msvxd.exe
- mu0311ad.exe
- mwatch.exe
- n32scanw.exe
- nav.exe
- navap.navapsvc.exe
- navapsvc.exe
- navapw32.exe
- navdx.exe
- navlu32.exe
- navnt.exe
- navstub.exe
- navw32.exe
- navwnt.exe
- nc2000.exe
- ncinst4.exe
- ndd32.exe
- neomonitor.exe
- neowatchlog.exe
- netarmor.exe
- netd32.exe
- netinfo.exe
- netmon.exe
- netscanpro.exe
- netspyhunter-1.2.exe
- netutils.exe
- nisserv.exe
- nisum.exe
- nmain.exe
- nod32.exe
- normist.exe
- norton_internet_secu_3.0_407.exe
- notstart.exe
- npf40_tw_98_nt_me_2k.exe
- npfmessenger.exe
- nprotect.exe
- npscheck.exe
- npssvc.exe
- nsched32.exe
- nssys32.exe
- nstask32.exe
- nsupdate.exe
- nt.exe
- ntrtscan.exe
- ntvdm.exe
- ntxconfig.exe
- nui.exe
- nupgrade.exe
- nvarch16.exe
- nvc95.exe
- nvsvc32.exe
- nwinst4.exe
- nwservice.exe
- nwtool16.exe
- oasrv.exe
- oaui.exe
- oaview.exe
- ollydbg.exe
- onsrvr.exe
- optimize.exe
- ostronet.exe
- otfix.exe
- outpost.exe
- outpostinstall.exe
- outpostproinstall.exe
- ozn695m5.exe
- padmin.exe
- panixk.exe
- patch.exe
- pav.exe
- pavcl.exe
- pavproxy.exe
- pavprsrv.exe
- pavsched.exe
- pavsrv51.exe
- pavw.exe
- pc.exe
- pccwin98.exe
- pcfwallicon.exe
- pcip10117_0.exe
- pcscan.exe
- pctsAuxs.exe
- pctsGui.exe
- pctsSvc.exe
- pctsTray.exe
- pdfndr.exe
- pdsetup.exe
- periscope.exe
- persfw.exe
- personalguard
- personalguard.exe
- perswf.exe
- pf2.exe
- pfwadmin.exe
- pgmonitr.exe
- pingscan.exe
- platin.exe
- pop3trap.exe
- poproxy.exe
- popscan.exe
- portdetective.exe
- portmonitor.exe
- powerscan.exe
- ppinupdt.exe
- pptbc.exe
- ppvstop.exe
- prizesurfer.exe
- prmt.exe
- prmvr.exe
- procdump.exe
- processmonitor.exe
- procexplorerv1.0.exe
- programauditor.exe
- proport.exe
- protector.exe
- protectx.exe
- pspf.exe
- purge.exe
- qconsole.exe
- qh.exe
- qserver.exe
- rapapp.exe
- rav7.exe
- rav7win.exe
- rav8win32eng.exe
- ray.exe
- rb32.exe
- rcsync.exe
- realmon.exe
- reged.exe
- regedt32.exe
- rescue.exe
- rescue32.exe
- rrguard.exe
- rscdwld.exe
- rshell.exe
- rtvscan.exe
- rtvscn95.exe
- rulaunch.exe
- rwg
- rwg.exei
- safeweb.exe
- sahagent.exe
- savenow.exe
- sbserv.exe
- sc.exe
- scam32.exe
- scan32.exe
- scan95.exe
- scanpm.exe
- scrscan.exe
- seccenter.exe
- secureveteran.exe
- securitysoldier.exe
- serv95.exe
- setloadorder.exe
- setup_flowprotector_us.exe
- setupvameeval.exe
- sgssfw32.exe
- sh.exe
- shellspyinstall.exe
- shield.exe
- shn.exe
- showbehind.exe
- signcheck.exe
- smart.exe
- smartprotector.exe
- smc.exe
- smrtdefp.exe
- sms.exe
- smss32.exe
- snetcfg.exe
- soap.exe
- sofi.exe
- sperm.exe
- spf.exe
- sphinx.exe
- spoler.exe
- spoolcv.exe
- spoolsv32.exe
- spywarexpguard.exe
- spyxx.exe
- srexe.exe
- srng.exe
- ss3edit.exe
- ssg_4104.exe
- ssgrate.exe
- st2.exe
- start.exe
- stcloader.exe
- supftrl.exe
- support.exe
- supporter5.exe
- svc.exe
- svchostc.exe
- svchosts.exe
- svshost.exe
- sweep95.exe
- sweepnet.sweepsrv.sys.swnetsup.exe
- symlcsvc.exe
- symproxysvc.exe
- symtray.exe
- system.exe
- system32.exe
- sysupd.exe
- tapinstall.exe
- taskmgr.exe
- taumon.exe
- tbscan.exe
- tc.exe
- tca.exe
- tcm.exe
- tds-3.exe
- tds2-98.exe
- tds2-nt.exe
- teekids.exe
- tfak.exe
- tfak5.exe
- tgbob.exe
- titanin.exe
- titaninxp.exe
- trickler.exe
- trjscan.exe
- trjsetup.exe
- trojantrap3.exe
- tsadbot.exe
- tsc.exe
- tvmd.exe
- tvtmd.exe
- uiscan.exe
- undoboot.exe
- updat.exe
- upgrad.exe
- upgrepl.exe
- utpost.exe
- vbcmserv.exe
- vbcons.exe
- vbust.exe
- vbwin9x.exe
- vbwinntw.exe
- vcsetup.exe
- vet32.exe
- vet95.exe
- vettray.exe
- vfsetup.exe
- vir-help.exe
- virusmdpersonalfirewall.exe
- vnlan300.exe
- vnpc3000.exe
- vpc32.exe
- vpc42.exe
- vpfw30s.exe
- vptray.exe
- vscan40.exe
- vscenu6.02d30.exe
- vsched.exe
- vsecomr.exe
- vshwin32.exe
- vsisetup.exe
- vsmain.exe
- vsmon.exe
- vsserv.exe
- vsstat.exe
- vswin9xe.exe
- vswinntse.exe
- vswinperse.exe
- w32dsm89.exe
- w9x.exe
- watchdog.exe
- webdav.exe
- webscanx.exe
- webtrap.exe
- wfindv32.exe
- whoswatchingme.exe
- wimmun32.exe
- win-bugsfix.exe
- win32.exe
- win32us.exe
- winactive.exe
- winav.exe
- windll32.exe
- window.exe
- windows Police Pro.exe
- windows.exe
- wininetd.exe
- wininitx.exe
- winlogin.exe
- winmain.exe
- winppr32.exe
- winrecon.exe
- winservn.exe
- winss.exe
- winssk32.exe
- winssnotify.exe
- winstart.exe
- winstart001.exe
- wintsk32.exe
- winupdate.exe
- wkufind.exe
- wnad.exe
- wnt.exe
- wradmin.exe
- wrctrl.exe
- wsbgate.exe
- wscfxas.exe
- wscfxav.exe
- wscfxfw.exe
- wsctool.exe
- wupdater.exe
- wupdt.exe
- wyvernworksfirewall.exe
- xp_antispyware.exe
- xpdeluxe.exe
- xpf202en.exe
- zapro.exe
- zapsetup3001.exe
- zatutor.exe
- zonalm2601.exe
- zonealarm.exe
- ~1.exe
- ~2.exe
- Debugger = svchost.exe
手順 8
不正プログラム/グレイウェア/スパイウェアがHOSTSファイルに追加した文字列を削除します。
手順 9
以下のフォルダを検索し削除します。
手順 10
以下のファイルを検索し削除します。
手順 11
最新のバージョン(エンジン、パターンファイル)を導入したウイルス対策製品を用い、ウイルス検索を実行してください。「TROJ_FAKEAV.GXX」と検出したファイルはすべて削除してください。 検出されたファイルが、弊社ウイルス対策製品により既に駆除、隔離またはファイル削除の処理が実行された場合、ウイルスの処理は完了しており、他の削除手順は特にありません。
ご利用はいかがでしたか? アンケートにご協力ください