TROJ_SOPINAR.BC
Trojan.Gen.2 (Symantec); Trojan.Win32.Yakes.kcqk (Kaspersky); Trojan horse Crypt4.DJT (AVG)
Windows
マルウェアタイプ:
トロイの木馬型
破壊活動の有無:
なし
暗号化:
感染報告の有無 :
はい
概要
マルウェアは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。
マルウェアは、実行後、自身を削除します。
詳細
侵入方法
マルウェアは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。
インストール
マルウェアは、以下のフォルダを作成します。
- %Windows%\AppPatch\Custom
(註:%Windows%フォルダは、Windowsが利用するフォルダで、いずれのオペレーティングシステム(OS)でも通常、"C:\Windows" です。.)
他のシステム変更
マルウェアは、以下のレジストリキーを追加します。
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
Custom
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
Custom\explorer.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Uninstall\
{64d1061b-61f7-4477-9a3c-d3a3cf0ea834}.sdb
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{64d1061b-61f7-4477-9a3c-d3a3cf0ea834}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
Custom\iexplore.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Uninstall\
{f004b689-7a7f-42be-b717-a7db434bf274}.sdb
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{f004b689-7a7f-42be-b717-a7db434bf274}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
Custom\chrome.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Uninstall\
{c9981407-4240-4dfc-9b22-f18943f351d9}.sdb
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{c9981407-4240-4dfc-9b22-f18943f351d9}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
Custom\opera.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Uninstall\
{3471dcb3-9a34-4fdf-81c1-36695653b10e}.sdb
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{3471dcb3-9a34-4fdf-81c1-36695653b10e}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
Custom\mozilla.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Uninstall\
{cd03fd78-a423-47aa-95b7-b349074e4709}.sdb
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{cd03fd78-a423-47aa-95b7-b349074e4709}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
Custom\firefox.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Uninstall\
{7d07e82d-b13b-4fd4-9f0d-de2904d77cc4}.sdb
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{7d07e82d-b13b-4fd4-9f0d-de2904d77cc4}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
Custom\firef.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Uninstall\
{8a3b7583-3354-421c-a27b-97141a361559}.sdb
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{8a3b7583-3354-421c-a27b-97141a361559}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
Custom\msimn.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Uninstall\
{0755ab02-63d8-4adf-bc85-edfd00fbd7b2}.sdb
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{0755ab02-63d8-4adf-bc85-edfd00fbd7b2}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
Custom\msmsgs.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Uninstall\
{f2aa3b83-b1b1-4ebf-9076-bd05c8cf0c24}.sdb
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{f2aa3b83-b1b1-4ebf-9076-bd05c8cf0c24}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
Custom\maxthon.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Uninstall\
{1b875fdd-f6b6-42d3-bf69-0b271791abe6}.sdb
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{1b875fdd-f6b6-42d3-bf69-0b271791abe6}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
Custom\avant.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Uninstall\
{98b050e6-fe3e-4a59-8dad-5b4c489fc09d}.sdb
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{98b050e6-fe3e-4a59-8dad-5b4c489fc09d}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
Custom\myie.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Uninstall\
{9e33cfd5-17f2-4fe0-95c2-398a06eb319f}.sdb
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{9e33cfd5-17f2-4fe0-95c2-398a06eb319f}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
Custom\thebat.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Uninstall\
{5409d3f5-4569-448d-bc8a-623932fc3634}.sdb
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{5409d3f5-4569-448d-bc8a-623932fc3634}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
Custom\epic.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Uninstall\
{af1aaedc-7a73-44ae-8354-8d15dd6ad5a4}.sdb
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{af1aaedc-7a73-44ae-8354-8d15dd6ad5a4}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
Custom\dragon.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Uninstall\
{c4ce0369-6ceb-4f52-a7d7-73ca106ef20b}.sdb
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{c4ce0369-6ceb-4f52-a7d7-73ca106ef20b}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
Custom\navigator.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Uninstall\
{4b21f137-7760-4736-8f1b-00b4acf3156c}.sdb
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{4b21f137-7760-4736-8f1b-00b4acf3156c}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
Custom\outlook.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Uninstall\
{2e142930-25bb-4b6c-97db-82296dd4a2c6}.sdb
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{2e142930-25bb-4b6c-97db-82296dd4a2c6}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
Custom\thunderbird.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Uninstall\
{fc0a5889-adbe-4624-95a9-bac57e4d069e}.sdb
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{fc0a5889-adbe-4624-95a9-bac57e4d069e}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
Custom\seamonkey.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Uninstall\
{b3a09d28-f711-4282-8acd-648e7e1a6ab7}.sdb
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{b3a09d28-f711-4282-8acd-648e7e1a6ab7}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
Custom\lsass.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Uninstall\
{0e46a0f2-eba7-45d7-9169-10c519408821}.sdb
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{0e46a0f2-eba7-45d7-9169-10c519408821}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
Custom\iron.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Uninstall\
{67968fda-80d3-4a95-933b-7875020d6fca}.sdb
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{67968fda-80d3-4a95-933b-7875020d6fca}
マルウェアは、以下のレジストリ値を追加します。
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{64d1061b-61f7-4477-9a3c-d3a3cf0ea834}.sdb
DisplayName = "explorer.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{64d1061b-61f7-4477-9a3c-d3a3cf0ea834}.sdb
UninstallString = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{64d1061b-61f7-4477-9a3c-d3a3cf0ea834}
DatabasePath = "%Windows%\AppPatch\Custom\{64d1061b-61f7-4477-9a3c-d3a3cf0ea834}.sdb"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{64d1061b-61f7-4477-9a3c-d3a3cf0ea834}
DatabaseType = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{64d1061b-61f7-4477-9a3c-d3a3cf0ea834}
DatabaseDescription = "explorer.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{f004b689-7a7f-42be-b717-a7db434bf274}.sdb
DisplayName = "iexplore.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{f004b689-7a7f-42be-b717-a7db434bf274}.sdb
UninstallString = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{f004b689-7a7f-42be-b717-a7db434bf274}
DatabasePath = "%Windows%\AppPatch\Custom\{f004b689-7a7f-42be-b717-a7db434bf274}.sdb"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{f004b689-7a7f-42be-b717-a7db434bf274}
DatabaseType = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{f004b689-7a7f-42be-b717-a7db434bf274}
DatabaseDescription = "iexplore.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{c9981407-4240-4dfc-9b22-f18943f351d9}.sdb
DisplayName = "chrome.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{c9981407-4240-4dfc-9b22-f18943f351d9}.sdb
UninstallString = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{c9981407-4240-4dfc-9b22-f18943f351d9}
DatabasePath = "%Windows%\AppPatch\Custom\{c9981407-4240-4dfc-9b22-f18943f351d9}.sdb"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{c9981407-4240-4dfc-9b22-f18943f351d9}
DatabaseType = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{c9981407-4240-4dfc-9b22-f18943f351d9}
DatabaseDescription = "chrome.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{3471dcb3-9a34-4fdf-81c1-36695653b10e}.sdb
DisplayName = "opera.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{3471dcb3-9a34-4fdf-81c1-36695653b10e}.sdb
UninstallString = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{3471dcb3-9a34-4fdf-81c1-36695653b10e}
DatabasePath = "%Windows%\AppPatch\Custom\{3471dcb3-9a34-4fdf-81c1-36695653b10e}.sdb"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{3471dcb3-9a34-4fdf-81c1-36695653b10e}
DatabaseType = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{3471dcb3-9a34-4fdf-81c1-36695653b10e}
DatabaseDescription = "opera.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{cd03fd78-a423-47aa-95b7-b349074e4709}.sdb
DisplayName = "mozilla.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{cd03fd78-a423-47aa-95b7-b349074e4709}.sdb
UninstallString = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{cd03fd78-a423-47aa-95b7-b349074e4709}
DatabasePath = "%Windows%\AppPatch\Custom\{cd03fd78-a423-47aa-95b7-b349074e4709}.sdb"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{cd03fd78-a423-47aa-95b7-b349074e4709}
DatabaseType = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{cd03fd78-a423-47aa-95b7-b349074e4709}
DatabaseDescription = "mozilla.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{7d07e82d-b13b-4fd4-9f0d-de2904d77cc4}.sdb
DisplayName = "firefox.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{7d07e82d-b13b-4fd4-9f0d-de2904d77cc4}.sdb
UninstallString = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{7d07e82d-b13b-4fd4-9f0d-de2904d77cc4}
DatabasePath = "%Windows%\AppPatch\Custom\{7d07e82d-b13b-4fd4-9f0d-de2904d77cc4}.sdb"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{7d07e82d-b13b-4fd4-9f0d-de2904d77cc4}
DatabaseType = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{7d07e82d-b13b-4fd4-9f0d-de2904d77cc4}
DatabaseDescription = "firefox.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{8a3b7583-3354-421c-a27b-97141a361559}.sdb
DisplayName = "firef.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{8a3b7583-3354-421c-a27b-97141a361559}.sdb
UninstallString = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{8a3b7583-3354-421c-a27b-97141a361559}
DatabasePath = "%Windows%\AppPatch\Custom\{8a3b7583-3354-421c-a27b-97141a361559}.sdb"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{8a3b7583-3354-421c-a27b-97141a361559}
DatabaseType = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{8a3b7583-3354-421c-a27b-97141a361559}
DatabaseDescription = "firef.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{0755ab02-63d8-4adf-bc85-edfd00fbd7b2}.sdb
DisplayName = "msimn.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{0755ab02-63d8-4adf-bc85-edfd00fbd7b2}.sdb
UninstallString = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{0755ab02-63d8-4adf-bc85-edfd00fbd7b2}
DatabasePath = "%Windows%\AppPatch\Custom\{0755ab02-63d8-4adf-bc85-edfd00fbd7b2}.sdb"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{0755ab02-63d8-4adf-bc85-edfd00fbd7b2}
DatabaseType = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{0755ab02-63d8-4adf-bc85-edfd00fbd7b2}
DatabaseDescription = "msimn.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{f2aa3b83-b1b1-4ebf-9076-bd05c8cf0c24}.sdb
DisplayName = "msmsgs.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{f2aa3b83-b1b1-4ebf-9076-bd05c8cf0c24}.sdb
UninstallString = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{f2aa3b83-b1b1-4ebf-9076-bd05c8cf0c24}
DatabasePath = "%Windows%\AppPatch\Custom\{f2aa3b83-b1b1-4ebf-9076-bd05c8cf0c24}.sdb"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{f2aa3b83-b1b1-4ebf-9076-bd05c8cf0c24}
DatabaseType = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{f2aa3b83-b1b1-4ebf-9076-bd05c8cf0c24}
DatabaseDescription = "msmsgs.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{1b875fdd-f6b6-42d3-bf69-0b271791abe6}.sdb
DisplayName = "maxthon.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{1b875fdd-f6b6-42d3-bf69-0b271791abe6}.sdb
UninstallString = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{1b875fdd-f6b6-42d3-bf69-0b271791abe6}
DatabasePath = "%Windows%\AppPatch\Custom\{1b875fdd-f6b6-42d3-bf69-0b271791abe6}.sdb"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{1b875fdd-f6b6-42d3-bf69-0b271791abe6}
DatabaseType = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{1b875fdd-f6b6-42d3-bf69-0b271791abe6}
DatabaseDescription = "maxthon.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{98b050e6-fe3e-4a59-8dad-5b4c489fc09d}.sdb
DisplayName = "avant.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{98b050e6-fe3e-4a59-8dad-5b4c489fc09d}.sdb
UninstallString = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{98b050e6-fe3e-4a59-8dad-5b4c489fc09d}
DatabasePath = "%Windows%\AppPatch\Custom\{98b050e6-fe3e-4a59-8dad-5b4c489fc09d}.sdb"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{98b050e6-fe3e-4a59-8dad-5b4c489fc09d}
DatabaseType = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{98b050e6-fe3e-4a59-8dad-5b4c489fc09d}
DatabaseDescription = "avant.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{9e33cfd5-17f2-4fe0-95c2-398a06eb319f}.sdb
DisplayName = "myie.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{9e33cfd5-17f2-4fe0-95c2-398a06eb319f}.sdb
UninstallString = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{9e33cfd5-17f2-4fe0-95c2-398a06eb319f}
DatabasePath = "%Windows%\AppPatch\Custom\{9e33cfd5-17f2-4fe0-95c2-398a06eb319f}.sdb"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{9e33cfd5-17f2-4fe0-95c2-398a06eb319f}
DatabaseType = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{9e33cfd5-17f2-4fe0-95c2-398a06eb319f}
DatabaseDescription = "myie.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{5409d3f5-4569-448d-bc8a-623932fc3634}.sdb
DisplayName = "thebat.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{5409d3f5-4569-448d-bc8a-623932fc3634}.sdb
UninstallString = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{5409d3f5-4569-448d-bc8a-623932fc3634}
DatabasePath = "%Windows%\AppPatch\Custom\{5409d3f5-4569-448d-bc8a-623932fc3634}.sdb"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{5409d3f5-4569-448d-bc8a-623932fc3634}
DatabaseType = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{5409d3f5-4569-448d-bc8a-623932fc3634}
DatabaseDescription = "thebat.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{af1aaedc-7a73-44ae-8354-8d15dd6ad5a4}.sdb
DisplayName = "epic.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{af1aaedc-7a73-44ae-8354-8d15dd6ad5a4}.sdb
UninstallString = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{af1aaedc-7a73-44ae-8354-8d15dd6ad5a4}
DatabasePath = "%Windows%\AppPatch\Custom\{af1aaedc-7a73-44ae-8354-8d15dd6ad5a4}.sdb"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{af1aaedc-7a73-44ae-8354-8d15dd6ad5a4}
DatabaseType = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{af1aaedc-7a73-44ae-8354-8d15dd6ad5a4}
DatabaseDescription = "epic.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{c4ce0369-6ceb-4f52-a7d7-73ca106ef20b}.sdb
DisplayName = "dragon.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{c4ce0369-6ceb-4f52-a7d7-73ca106ef20b}.sdb
UninstallString = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{c4ce0369-6ceb-4f52-a7d7-73ca106ef20b}
DatabasePath = "%Windows%\AppPatch\Custom\{c4ce0369-6ceb-4f52-a7d7-73ca106ef20b}.sdb"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{c4ce0369-6ceb-4f52-a7d7-73ca106ef20b}
DatabaseType = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{c4ce0369-6ceb-4f52-a7d7-73ca106ef20b}
DatabaseDescription = "dragon.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{4b21f137-7760-4736-8f1b-00b4acf3156c}.sdb
DisplayName = "navigator.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{4b21f137-7760-4736-8f1b-00b4acf3156c}.sdb
UninstallString = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{4b21f137-7760-4736-8f1b-00b4acf3156c}
DatabasePath = "%Windows%\AppPatch\Custom\{4b21f137-7760-4736-8f1b-00b4acf3156c}.sdb"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{4b21f137-7760-4736-8f1b-00b4acf3156c}
DatabaseType = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{4b21f137-7760-4736-8f1b-00b4acf3156c}
DatabaseDescription = "navigator.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{2e142930-25bb-4b6c-97db-82296dd4a2c6}.sdb
DisplayName = "outlook.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{2e142930-25bb-4b6c-97db-82296dd4a2c6}.sdb
UninstallString = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{2e142930-25bb-4b6c-97db-82296dd4a2c6}
DatabasePath = "%Windows%\AppPatch\Custom\{2e142930-25bb-4b6c-97db-82296dd4a2c6}.sdb"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{2e142930-25bb-4b6c-97db-82296dd4a2c6}
DatabaseType = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{2e142930-25bb-4b6c-97db-82296dd4a2c6}
DatabaseDescription = "outlook.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{fc0a5889-adbe-4624-95a9-bac57e4d069e}.sdb
DisplayName = "thunderbird.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{fc0a5889-adbe-4624-95a9-bac57e4d069e}.sdb
UninstallString = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{fc0a5889-adbe-4624-95a9-bac57e4d069e}
DatabasePath = "%Windows%\AppPatch\Custom\{fc0a5889-adbe-4624-95a9-bac57e4d069e}.sdb"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{fc0a5889-adbe-4624-95a9-bac57e4d069e}
DatabaseType = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{fc0a5889-adbe-4624-95a9-bac57e4d069e}
DatabaseDescription = "thunderbird.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{b3a09d28-f711-4282-8acd-648e7e1a6ab7}.sdb
DisplayName = "seamonkey.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{b3a09d28-f711-4282-8acd-648e7e1a6ab7}.sdb
UninstallString = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{b3a09d28-f711-4282-8acd-648e7e1a6ab7}
DatabasePath = "%Windows%\AppPatch\Custom\{b3a09d28-f711-4282-8acd-648e7e1a6ab7}.sdb"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{b3a09d28-f711-4282-8acd-648e7e1a6ab7}
DatabaseType = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{b3a09d28-f711-4282-8acd-648e7e1a6ab7}
DatabaseDescription = "seamonkey.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{0e46a0f2-eba7-45d7-9169-10c519408821}.sdb
DisplayName = "lsass.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{0e46a0f2-eba7-45d7-9169-10c519408821}.sdb
UninstallString = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{0e46a0f2-eba7-45d7-9169-10c519408821}
DatabasePath = "%Windows%\AppPatch\Custom\{0e46a0f2-eba7-45d7-9169-10c519408821}.sdb"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{0e46a0f2-eba7-45d7-9169-10c519408821}
DatabaseType = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{0e46a0f2-eba7-45d7-9169-10c519408821}
DatabaseDescription = "lsass.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{67968fda-80d3-4a95-933b-7875020d6fca}.sdb
DisplayName = "iron.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{67968fda-80d3-4a95-933b-7875020d6fca}.sdb
UninstallString = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{67968fda-80d3-4a95-933b-7875020d6fca}
DatabasePath = "%Windows%\AppPatch\Custom\{67968fda-80d3-4a95-933b-7875020d6fca}.sdb"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{67968fda-80d3-4a95-933b-7875020d6fca}
DatabaseType = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
InstalledSDB\{67968fda-80d3-4a95-933b-7875020d6fca}
DatabaseDescription = "iron.exe"
作成活動
マルウェアは、以下のファイルを作成します。
- %User Temp%\sdb2.tmp
- %User Temp%\SDB4.tmp
- %User Temp%\sdbA.tmp
- %User Temp%\sdbC.tmp
- %User Temp%\SDBD.tmp
- %User Temp%\SDB10.tmp
- %User Temp%\sdb12.tmp
- %User Temp%\SDB14.tmp
- %User Temp%\sdb16.tmp
- %User Temp%\SDB1A.tmp
- %User Temp%\sdb1C.tmp
- %User Temp%\SDB20.tmp
- %User Temp%\sdb21.tmp
- %User Temp%\sdb27.tmp
- %User Temp%\SDB29.tmp
- %User Temp%\SDB2D.tmp
- %User Temp%\sdb2F.tmp
- %User Temp%\sdb2E.tmp
- %User Temp%\sdb34.tmp
- %User Temp%\SDB37.tmp
- %User Temp%\SDB38.tmp
- %User Temp%\SDB3D.tmp
- %User Temp%\sdb40.tmp
- %User Temp%\sdb3E.tmp
- %User Temp%\sdb42.tmp
- %User Temp%\sdb49.tmp
- %User Temp%\SDB4A.tmp
- %User Temp%\SDB4B.tmp
- %User Temp%\sdb4E.tmp
- %User Temp%\SDB4F.tmp
- %User Temp%\sdb54.tmp
- %User Temp%\SDB56.tmp
- %User Temp%\sdb5B.tmp
- %User Temp%\SDB59.tmp
- %User Temp%\SDB60.tmp
- %User Temp%\sdb61.tmp
- %User Temp%\SDB63.tmp
- %User Temp%\sdb69.tmp
- %User Temp%\SDB6C.tmp
- %User Temp%\sdb6E.tmp
- %User Temp%\SDB76.tmp
- %User Temp%\SDB77.tmp
- %Windows%\AppPatch\Custom\{64d1061b-61f7-4477-9a3c-d3a3cf0ea834}.sdb
- %Windows%\AppPatch\Custom\{f004b689-7a7f-42be-b717-a7db434bf274}.sdb
- %Windows%\AppPatch\Custom\{c9981407-4240-4dfc-9b22-f18943f351d9}.sdb
- %Windows%\AppPatch\Custom\{3471dcb3-9a34-4fdf-81c1-36695653b10e}.sdb
- %Windows%\AppPatch\Custom\{cd03fd78-a423-47aa-95b7-b349074e4709}.sdb
- %Windows%\AppPatch\Custom\{7d07e82d-b13b-4fd4-9f0d-de2904d77cc4}.sdb
- %Windows%\AppPatch\Custom\{8a3b7583-3354-421c-a27b-97141a361559}.sdb
- %Windows%\AppPatch\Custom\{0755ab02-63d8-4adf-bc85-edfd00fbd7b2}.sdb
- %Windows%\AppPatch\Custom\{f2aa3b83-b1b1-4ebf-9076-bd05c8cf0c24}.sdb
- %Windows%\AppPatch\Custom\{1b875fdd-f6b6-42d3-bf69-0b271791abe6}.sdb
- %Windows%\AppPatch\Custom\{98b050e6-fe3e-4a59-8dad-5b4c489fc09d}.sdb
- %Windows%\AppPatch\Custom\{9e33cfd5-17f2-4fe0-95c2-398a06eb319f}.sdb
- %Windows%\AppPatch\Custom\{5409d3f5-4569-448d-bc8a-623932fc3634}.sdb
- %Windows%\AppPatch\Custom\{af1aaedc-7a73-44ae-8354-8d15dd6ad5a4}.sdb
- %Windows%\AppPatch\Custom\{c4ce0369-6ceb-4f52-a7d7-73ca106ef20b}.sdb
- %Windows%\AppPatch\Custom\{4b21f137-7760-4736-8f1b-00b4acf3156c}.sdb
- %Windows%\AppPatch\Custom\{2e142930-25bb-4b6c-97db-82296dd4a2c6}.sdb
- %Windows%\AppPatch\Custom\{fc0a5889-adbe-4624-95a9-bac57e4d069e}.sdb
- %Windows%\AppPatch\Custom\{b3a09d28-f711-4282-8acd-648e7e1a6ab7}.sdb
- %Windows%\AppPatch\Custom\{0e46a0f2-eba7-45d7-9169-10c519408821}.sdb
- %Windows%\AppPatch\Custom\{67968fda-80d3-4a95-933b-7875020d6fca}.sdb
(註:%User Temp%フォルダは、ユーザの一時フォルダで、Windows 2000、XP および Server 2003 の場合、通常、"C:\Documents and Settings\<ユーザー名>\Local Settings\Temp"、Windows Vista 、 7 、8、8.1 、Server 2008 および Server 2012の場合、"C:\Users\<ユーザ名>\AppData\Local\Temp" です。.. %Windows%フォルダは、Windowsが利用するフォルダで、いずれのオペレーティングシステム(OS)でも通常、"C:\Windows" です。.)
その他
マルウェアは、以下の不正なWebサイトにアクセスします。
- http://{BLOCKED}it.com/rbody32
マルウェアは、実行後、自身を削除します。
このウイルス情報は、自動解析システムにより作成されました。
対応方法
手順 1
Windows XP、Windows Vista および Windows 7 のユーザは、コンピュータからマルウェアもしくはアドウェア等を完全に削除するために、ウイルス検索の実行前には必ず「システムの復元」を無効にしてください。
手順 2
不明なレジストリキーを削除します。
警告:レジストリはWindowsの構成情報が格納されているデータベースであり、レジストリの編集内容に問題があると、システムが正常に動作しなくなる場合があります。
レジストリの編集はお客様の責任で行っていただくようお願いいたします。弊社ではレジストリの編集による如何なる問題に対しても補償いたしかねます。
レジストリの編集前にこちらをご参照ください。
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion
- AppCompatFlags
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
- Custom
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom
- explorer.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
- {64d1061b-61f7-4477-9a3c-d3a3cf0ea834}.sdb
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
- InstalledSDB
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB
- {64d1061b-61f7-4477-9a3c-d3a3cf0ea834}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom
- iexplore.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
- {f004b689-7a7f-42be-b717-a7db434bf274}.sdb
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB
- {f004b689-7a7f-42be-b717-a7db434bf274}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom
- chrome.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
- {c9981407-4240-4dfc-9b22-f18943f351d9}.sdb
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB
- {c9981407-4240-4dfc-9b22-f18943f351d9}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom
- opera.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
- {3471dcb3-9a34-4fdf-81c1-36695653b10e}.sdb
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB
- {3471dcb3-9a34-4fdf-81c1-36695653b10e}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom
- mozilla.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
- {cd03fd78-a423-47aa-95b7-b349074e4709}.sdb
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB
- {cd03fd78-a423-47aa-95b7-b349074e4709}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom
- firefox.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
- {7d07e82d-b13b-4fd4-9f0d-de2904d77cc4}.sdb
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB
- {7d07e82d-b13b-4fd4-9f0d-de2904d77cc4}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom
- firef.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
- {8a3b7583-3354-421c-a27b-97141a361559}.sdb
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB
- {8a3b7583-3354-421c-a27b-97141a361559}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom
- msimn.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
- {0755ab02-63d8-4adf-bc85-edfd00fbd7b2}.sdb
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB
- {0755ab02-63d8-4adf-bc85-edfd00fbd7b2}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom
- msmsgs.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
- {f2aa3b83-b1b1-4ebf-9076-bd05c8cf0c24}.sdb
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB
- {f2aa3b83-b1b1-4ebf-9076-bd05c8cf0c24}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom
- maxthon.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
- {1b875fdd-f6b6-42d3-bf69-0b271791abe6}.sdb
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB
- {1b875fdd-f6b6-42d3-bf69-0b271791abe6}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom
- avant.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
- {98b050e6-fe3e-4a59-8dad-5b4c489fc09d}.sdb
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB
- {98b050e6-fe3e-4a59-8dad-5b4c489fc09d}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom
- myie.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
- {9e33cfd5-17f2-4fe0-95c2-398a06eb319f}.sdb
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB
- {9e33cfd5-17f2-4fe0-95c2-398a06eb319f}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom
- thebat.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
- {5409d3f5-4569-448d-bc8a-623932fc3634}.sdb
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB
- {5409d3f5-4569-448d-bc8a-623932fc3634}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom
- epic.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
- {af1aaedc-7a73-44ae-8354-8d15dd6ad5a4}.sdb
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB
- {af1aaedc-7a73-44ae-8354-8d15dd6ad5a4}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom
- dragon.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
- {c4ce0369-6ceb-4f52-a7d7-73ca106ef20b}.sdb
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB
- {c4ce0369-6ceb-4f52-a7d7-73ca106ef20b}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom
- navigator.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
- {4b21f137-7760-4736-8f1b-00b4acf3156c}.sdb
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB
- {4b21f137-7760-4736-8f1b-00b4acf3156c}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom
- outlook.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
- {2e142930-25bb-4b6c-97db-82296dd4a2c6}.sdb
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB
- {2e142930-25bb-4b6c-97db-82296dd4a2c6}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom
- thunderbird.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
- {fc0a5889-adbe-4624-95a9-bac57e4d069e}.sdb
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB
- {fc0a5889-adbe-4624-95a9-bac57e4d069e}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom
- seamonkey.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
- {b3a09d28-f711-4282-8acd-648e7e1a6ab7}.sdb
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB
- {b3a09d28-f711-4282-8acd-648e7e1a6ab7}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom
- lsass.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
- {0e46a0f2-eba7-45d7-9169-10c519408821}.sdb
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB
- {0e46a0f2-eba7-45d7-9169-10c519408821}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom
- iron.exe
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
- {67968fda-80d3-4a95-933b-7875020d6fca}.sdb
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB
- {67968fda-80d3-4a95-933b-7875020d6fca}
手順 3
このレジストリ値を削除します。
警告:レジストリはWindowsの構成情報が格納されているデータベースであり、レジストリの編集内容に問題があると、システムが正常に動作しなくなる場合があります。
レジストリの編集はお客様の責任で行っていただくようお願いいたします。弊社ではレジストリの編集による如何なる問題に対しても補償いたしかねます。
レジストリの編集前にこちらをご参照ください。
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64d1061b-61f7-4477-9a3c-d3a3cf0ea834}.sdb
- DisplayName = "explorer.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{64d1061b-61f7-4477-9a3c-d3a3cf0ea834}.sdb
- UninstallString = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{64d1061b-61f7-4477-9a3c-d3a3cf0ea834}
- DatabasePath = "%Windows%\AppPatch\Custom\{64d1061b-61f7-4477-9a3c-d3a3cf0ea834}.sdb"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{64d1061b-61f7-4477-9a3c-d3a3cf0ea834}
- DatabaseType = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{64d1061b-61f7-4477-9a3c-d3a3cf0ea834}
- DatabaseDescription = "explorer.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f004b689-7a7f-42be-b717-a7db434bf274}.sdb
- DisplayName = "iexplore.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f004b689-7a7f-42be-b717-a7db434bf274}.sdb
- UninstallString = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{f004b689-7a7f-42be-b717-a7db434bf274}
- DatabasePath = "%Windows%\AppPatch\Custom\{f004b689-7a7f-42be-b717-a7db434bf274}.sdb"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{f004b689-7a7f-42be-b717-a7db434bf274}
- DatabaseType = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{f004b689-7a7f-42be-b717-a7db434bf274}
- DatabaseDescription = "iexplore.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c9981407-4240-4dfc-9b22-f18943f351d9}.sdb
- DisplayName = "chrome.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c9981407-4240-4dfc-9b22-f18943f351d9}.sdb
- UninstallString = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{c9981407-4240-4dfc-9b22-f18943f351d9}
- DatabasePath = "%Windows%\AppPatch\Custom\{c9981407-4240-4dfc-9b22-f18943f351d9}.sdb"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{c9981407-4240-4dfc-9b22-f18943f351d9}
- DatabaseType = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{c9981407-4240-4dfc-9b22-f18943f351d9}
- DatabaseDescription = "chrome.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3471dcb3-9a34-4fdf-81c1-36695653b10e}.sdb
- DisplayName = "opera.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3471dcb3-9a34-4fdf-81c1-36695653b10e}.sdb
- UninstallString = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{3471dcb3-9a34-4fdf-81c1-36695653b10e}
- DatabasePath = "%Windows%\AppPatch\Custom\{3471dcb3-9a34-4fdf-81c1-36695653b10e}.sdb"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{3471dcb3-9a34-4fdf-81c1-36695653b10e}
- DatabaseType = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{3471dcb3-9a34-4fdf-81c1-36695653b10e}
- DatabaseDescription = "opera.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{cd03fd78-a423-47aa-95b7-b349074e4709}.sdb
- DisplayName = "mozilla.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{cd03fd78-a423-47aa-95b7-b349074e4709}.sdb
- UninstallString = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{cd03fd78-a423-47aa-95b7-b349074e4709}
- DatabasePath = "%Windows%\AppPatch\Custom\{cd03fd78-a423-47aa-95b7-b349074e4709}.sdb"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{cd03fd78-a423-47aa-95b7-b349074e4709}
- DatabaseType = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{cd03fd78-a423-47aa-95b7-b349074e4709}
- DatabaseDescription = "mozilla.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7d07e82d-b13b-4fd4-9f0d-de2904d77cc4}.sdb
- DisplayName = "firefox.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7d07e82d-b13b-4fd4-9f0d-de2904d77cc4}.sdb
- UninstallString = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{7d07e82d-b13b-4fd4-9f0d-de2904d77cc4}
- DatabasePath = "%Windows%\AppPatch\Custom\{7d07e82d-b13b-4fd4-9f0d-de2904d77cc4}.sdb"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{7d07e82d-b13b-4fd4-9f0d-de2904d77cc4}
- DatabaseType = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{7d07e82d-b13b-4fd4-9f0d-de2904d77cc4}
- DatabaseDescription = "firefox.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8a3b7583-3354-421c-a27b-97141a361559}.sdb
- DisplayName = "firef.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8a3b7583-3354-421c-a27b-97141a361559}.sdb
- UninstallString = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{8a3b7583-3354-421c-a27b-97141a361559}
- DatabasePath = "%Windows%\AppPatch\Custom\{8a3b7583-3354-421c-a27b-97141a361559}.sdb"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{8a3b7583-3354-421c-a27b-97141a361559}
- DatabaseType = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{8a3b7583-3354-421c-a27b-97141a361559}
- DatabaseDescription = "firef.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0755ab02-63d8-4adf-bc85-edfd00fbd7b2}.sdb
- DisplayName = "msimn.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0755ab02-63d8-4adf-bc85-edfd00fbd7b2}.sdb
- UninstallString = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{0755ab02-63d8-4adf-bc85-edfd00fbd7b2}
- DatabasePath = "%Windows%\AppPatch\Custom\{0755ab02-63d8-4adf-bc85-edfd00fbd7b2}.sdb"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{0755ab02-63d8-4adf-bc85-edfd00fbd7b2}
- DatabaseType = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{0755ab02-63d8-4adf-bc85-edfd00fbd7b2}
- DatabaseDescription = "msimn.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f2aa3b83-b1b1-4ebf-9076-bd05c8cf0c24}.sdb
- DisplayName = "msmsgs.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f2aa3b83-b1b1-4ebf-9076-bd05c8cf0c24}.sdb
- UninstallString = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{f2aa3b83-b1b1-4ebf-9076-bd05c8cf0c24}
- DatabasePath = "%Windows%\AppPatch\Custom\{f2aa3b83-b1b1-4ebf-9076-bd05c8cf0c24}.sdb"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{f2aa3b83-b1b1-4ebf-9076-bd05c8cf0c24}
- DatabaseType = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{f2aa3b83-b1b1-4ebf-9076-bd05c8cf0c24}
- DatabaseDescription = "msmsgs.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1b875fdd-f6b6-42d3-bf69-0b271791abe6}.sdb
- DisplayName = "maxthon.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1b875fdd-f6b6-42d3-bf69-0b271791abe6}.sdb
- UninstallString = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{1b875fdd-f6b6-42d3-bf69-0b271791abe6}
- DatabasePath = "%Windows%\AppPatch\Custom\{1b875fdd-f6b6-42d3-bf69-0b271791abe6}.sdb"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{1b875fdd-f6b6-42d3-bf69-0b271791abe6}
- DatabaseType = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{1b875fdd-f6b6-42d3-bf69-0b271791abe6}
- DatabaseDescription = "maxthon.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{98b050e6-fe3e-4a59-8dad-5b4c489fc09d}.sdb
- DisplayName = "avant.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{98b050e6-fe3e-4a59-8dad-5b4c489fc09d}.sdb
- UninstallString = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{98b050e6-fe3e-4a59-8dad-5b4c489fc09d}
- DatabasePath = "%Windows%\AppPatch\Custom\{98b050e6-fe3e-4a59-8dad-5b4c489fc09d}.sdb"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{98b050e6-fe3e-4a59-8dad-5b4c489fc09d}
- DatabaseType = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{98b050e6-fe3e-4a59-8dad-5b4c489fc09d}
- DatabaseDescription = "avant.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9e33cfd5-17f2-4fe0-95c2-398a06eb319f}.sdb
- DisplayName = "myie.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9e33cfd5-17f2-4fe0-95c2-398a06eb319f}.sdb
- UninstallString = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{9e33cfd5-17f2-4fe0-95c2-398a06eb319f}
- DatabasePath = "%Windows%\AppPatch\Custom\{9e33cfd5-17f2-4fe0-95c2-398a06eb319f}.sdb"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{9e33cfd5-17f2-4fe0-95c2-398a06eb319f}
- DatabaseType = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{9e33cfd5-17f2-4fe0-95c2-398a06eb319f}
- DatabaseDescription = "myie.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5409d3f5-4569-448d-bc8a-623932fc3634}.sdb
- DisplayName = "thebat.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5409d3f5-4569-448d-bc8a-623932fc3634}.sdb
- UninstallString = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{5409d3f5-4569-448d-bc8a-623932fc3634}
- DatabasePath = "%Windows%\AppPatch\Custom\{5409d3f5-4569-448d-bc8a-623932fc3634}.sdb"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{5409d3f5-4569-448d-bc8a-623932fc3634}
- DatabaseType = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{5409d3f5-4569-448d-bc8a-623932fc3634}
- DatabaseDescription = "thebat.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{af1aaedc-7a73-44ae-8354-8d15dd6ad5a4}.sdb
- DisplayName = "epic.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{af1aaedc-7a73-44ae-8354-8d15dd6ad5a4}.sdb
- UninstallString = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{af1aaedc-7a73-44ae-8354-8d15dd6ad5a4}
- DatabasePath = "%Windows%\AppPatch\Custom\{af1aaedc-7a73-44ae-8354-8d15dd6ad5a4}.sdb"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{af1aaedc-7a73-44ae-8354-8d15dd6ad5a4}
- DatabaseType = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{af1aaedc-7a73-44ae-8354-8d15dd6ad5a4}
- DatabaseDescription = "epic.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c4ce0369-6ceb-4f52-a7d7-73ca106ef20b}.sdb
- DisplayName = "dragon.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c4ce0369-6ceb-4f52-a7d7-73ca106ef20b}.sdb
- UninstallString = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{c4ce0369-6ceb-4f52-a7d7-73ca106ef20b}
- DatabasePath = "%Windows%\AppPatch\Custom\{c4ce0369-6ceb-4f52-a7d7-73ca106ef20b}.sdb"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{c4ce0369-6ceb-4f52-a7d7-73ca106ef20b}
- DatabaseType = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{c4ce0369-6ceb-4f52-a7d7-73ca106ef20b}
- DatabaseDescription = "dragon.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4b21f137-7760-4736-8f1b-00b4acf3156c}.sdb
- DisplayName = "navigator.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4b21f137-7760-4736-8f1b-00b4acf3156c}.sdb
- UninstallString = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{4b21f137-7760-4736-8f1b-00b4acf3156c}
- DatabasePath = "%Windows%\AppPatch\Custom\{4b21f137-7760-4736-8f1b-00b4acf3156c}.sdb"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{4b21f137-7760-4736-8f1b-00b4acf3156c}
- DatabaseType = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{4b21f137-7760-4736-8f1b-00b4acf3156c}
- DatabaseDescription = "navigator.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2e142930-25bb-4b6c-97db-82296dd4a2c6}.sdb
- DisplayName = "outlook.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2e142930-25bb-4b6c-97db-82296dd4a2c6}.sdb
- UninstallString = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{2e142930-25bb-4b6c-97db-82296dd4a2c6}
- DatabasePath = "%Windows%\AppPatch\Custom\{2e142930-25bb-4b6c-97db-82296dd4a2c6}.sdb"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{2e142930-25bb-4b6c-97db-82296dd4a2c6}
- DatabaseType = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{2e142930-25bb-4b6c-97db-82296dd4a2c6}
- DatabaseDescription = "outlook.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{fc0a5889-adbe-4624-95a9-bac57e4d069e}.sdb
- DisplayName = "thunderbird.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{fc0a5889-adbe-4624-95a9-bac57e4d069e}.sdb
- UninstallString = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{fc0a5889-adbe-4624-95a9-bac57e4d069e}
- DatabasePath = "%Windows%\AppPatch\Custom\{fc0a5889-adbe-4624-95a9-bac57e4d069e}.sdb"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{fc0a5889-adbe-4624-95a9-bac57e4d069e}
- DatabaseType = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{fc0a5889-adbe-4624-95a9-bac57e4d069e}
- DatabaseDescription = "thunderbird.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{b3a09d28-f711-4282-8acd-648e7e1a6ab7}.sdb
- DisplayName = "seamonkey.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{b3a09d28-f711-4282-8acd-648e7e1a6ab7}.sdb
- UninstallString = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{b3a09d28-f711-4282-8acd-648e7e1a6ab7}
- DatabasePath = "%Windows%\AppPatch\Custom\{b3a09d28-f711-4282-8acd-648e7e1a6ab7}.sdb"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{b3a09d28-f711-4282-8acd-648e7e1a6ab7}
- DatabaseType = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{b3a09d28-f711-4282-8acd-648e7e1a6ab7}
- DatabaseDescription = "seamonkey.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0e46a0f2-eba7-45d7-9169-10c519408821}.sdb
- DisplayName = "lsass.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0e46a0f2-eba7-45d7-9169-10c519408821}.sdb
- UninstallString = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{0e46a0f2-eba7-45d7-9169-10c519408821}
- DatabasePath = "%Windows%\AppPatch\Custom\{0e46a0f2-eba7-45d7-9169-10c519408821}.sdb"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{0e46a0f2-eba7-45d7-9169-10c519408821}
- DatabaseType = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{0e46a0f2-eba7-45d7-9169-10c519408821}
- DatabaseDescription = "lsass.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67968fda-80d3-4a95-933b-7875020d6fca}.sdb
- DisplayName = "iron.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67968fda-80d3-4a95-933b-7875020d6fca}.sdb
- UninstallString = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{67968fda-80d3-4a95-933b-7875020d6fca}
- DatabasePath = "%Windows%\AppPatch\Custom\{67968fda-80d3-4a95-933b-7875020d6fca}.sdb"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{67968fda-80d3-4a95-933b-7875020d6fca}
- DatabaseType = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledSDB\{67968fda-80d3-4a95-933b-7875020d6fca}
- DatabaseDescription = "iron.exe"
手順 4
以下のファイルを検索し削除します。
- %User Temp%\sdb2.tmp
- %User Temp%\SDB4.tmp
- %User Temp%\sdbA.tmp
- %User Temp%\sdbC.tmp
- %User Temp%\SDBD.tmp
- %User Temp%\SDB10.tmp
- %User Temp%\sdb12.tmp
- %User Temp%\SDB14.tmp
- %User Temp%\sdb16.tmp
- %User Temp%\SDB1A.tmp
- %User Temp%\sdb1C.tmp
- %User Temp%\SDB20.tmp
- %User Temp%\sdb21.tmp
- %User Temp%\sdb27.tmp
- %User Temp%\SDB29.tmp
- %User Temp%\SDB2D.tmp
- %User Temp%\sdb2F.tmp
- %User Temp%\sdb2E.tmp
- %User Temp%\sdb34.tmp
- %User Temp%\SDB37.tmp
- %User Temp%\SDB38.tmp
- %User Temp%\SDB3D.tmp
- %User Temp%\sdb40.tmp
- %User Temp%\sdb3E.tmp
- %User Temp%\sdb42.tmp
- %User Temp%\sdb49.tmp
- %User Temp%\SDB4A.tmp
- %User Temp%\SDB4B.tmp
- %User Temp%\sdb4E.tmp
- %User Temp%\SDB4F.tmp
- %User Temp%\sdb54.tmp
- %User Temp%\SDB56.tmp
- %User Temp%\sdb5B.tmp
- %User Temp%\SDB59.tmp
- %User Temp%\SDB60.tmp
- %User Temp%\sdb61.tmp
- %User Temp%\SDB63.tmp
- %User Temp%\sdb69.tmp
- %User Temp%\SDB6C.tmp
- %User Temp%\sdb6E.tmp
- %User Temp%\SDB76.tmp
- %User Temp%\SDB77.tmp
- %Windows%\AppPatch\Custom\{64d1061b-61f7-4477-9a3c-d3a3cf0ea834}.sdb
- %Windows%\AppPatch\Custom\{f004b689-7a7f-42be-b717-a7db434bf274}.sdb
- %Windows%\AppPatch\Custom\{c9981407-4240-4dfc-9b22-f18943f351d9}.sdb
- %Windows%\AppPatch\Custom\{3471dcb3-9a34-4fdf-81c1-36695653b10e}.sdb
- %Windows%\AppPatch\Custom\{cd03fd78-a423-47aa-95b7-b349074e4709}.sdb
- %Windows%\AppPatch\Custom\{7d07e82d-b13b-4fd4-9f0d-de2904d77cc4}.sdb
- %Windows%\AppPatch\Custom\{8a3b7583-3354-421c-a27b-97141a361559}.sdb
- %Windows%\AppPatch\Custom\{0755ab02-63d8-4adf-bc85-edfd00fbd7b2}.sdb
- %Windows%\AppPatch\Custom\{f2aa3b83-b1b1-4ebf-9076-bd05c8cf0c24}.sdb
- %Windows%\AppPatch\Custom\{1b875fdd-f6b6-42d3-bf69-0b271791abe6}.sdb
- %Windows%\AppPatch\Custom\{98b050e6-fe3e-4a59-8dad-5b4c489fc09d}.sdb
- %Windows%\AppPatch\Custom\{9e33cfd5-17f2-4fe0-95c2-398a06eb319f}.sdb
- %Windows%\AppPatch\Custom\{5409d3f5-4569-448d-bc8a-623932fc3634}.sdb
- %Windows%\AppPatch\Custom\{af1aaedc-7a73-44ae-8354-8d15dd6ad5a4}.sdb
- %Windows%\AppPatch\Custom\{c4ce0369-6ceb-4f52-a7d7-73ca106ef20b}.sdb
- %Windows%\AppPatch\Custom\{4b21f137-7760-4736-8f1b-00b4acf3156c}.sdb
- %Windows%\AppPatch\Custom\{2e142930-25bb-4b6c-97db-82296dd4a2c6}.sdb
- %Windows%\AppPatch\Custom\{fc0a5889-adbe-4624-95a9-bac57e4d069e}.sdb
- %Windows%\AppPatch\Custom\{b3a09d28-f711-4282-8acd-648e7e1a6ab7}.sdb
- %Windows%\AppPatch\Custom\{0e46a0f2-eba7-45d7-9169-10c519408821}.sdb
- %Windows%\AppPatch\Custom\{67968fda-80d3-4a95-933b-7875020d6fca}.sdb
手順 5
以下のフォルダを検索し削除します。
- %Windows%\AppPatch\Custom
手順 6
最新のバージョン(エンジン、パターンファイル)を導入したウイルス対策製品を用い、ウイルス検索を実行してください。「TROJ_SOPINAR.BC」と検出したファイルはすべて削除してください。 検出されたファイルが、弊社ウイルス対策製品により既に駆除、隔離またはファイル削除の処理が実行された場合、ウイルスの処理は完了しており、他の削除手順は特にありません。
ご利用はいかがでしたか? アンケートにご協力ください