TROJ_SPNV.03AR14
Trojan-Downloader.Win32.MultiDL.m (Kaspersky)
Windows 2000, Windows XP, Windows Server 2003
マルウェアタイプ:
トロイの木馬型
破壊活動の有無:
なし
暗号化:
感染報告の有無 :
はい
概要
マルウェアは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。
詳細
侵入方法
マルウェアは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。
インストール
マルウェアは、以下のフォルダを作成します。
- %System Root%\DOCUME~1
- %System Root%\DOCUME~1\Wilbert
- %User Profile%\LOCALS~1
- %System Root%\Documents and Settings\Wilbert
- %User Profile%\Application Data\7go
- %User Profile%\Application Data\Mozilla
- %User Profile%\Mozilla\Extensions
- %User Profile%\Extensions\7go@7go.com
- %User Temp%\nsk40.tmp
- %User Profile%\7go@7go.com\chrome
- %User Profile%\chrome\content
- %User Profile%\content\mz
- %User Profile%\chrome\skin
- %User Temp%\nsiA.tmp
- %Program Files%\7Go Games
- %Program Files%\7Go Games\mz
- %Application Data%\Google\Chrome\User Data\Default\Extensions
- %Application Data%\Google\Chrome\User Data\Default\Extensions\gjajpkikblccgefaibcafkfbanllpefi
- %Application Data%\Google\Chrome\User Data\Default\Extensions\gjajpkikblccgefaibcafkfbanllpefi\1.0.0.2
自動実行方法
マルウェアは、以下のレジストリキーを追加し、自身をBrowser Helper Object(BHO)として登録します。これにより、Internet Explorer(IE)が起動するとマルウェアが自動実行されます。
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\
Browser Helper Objects\{FF103732-4528-4322-AA8B-F7849AB7776B}
他のシステム変更
マルウェアは、以下のファイルを削除します。
- %User Temp%\nsk1.tmp
- install_helper.exe
- 7go.exe
- chrome_install.exe
- %User Temp%\nsk40.tmp
- 7go.xpi
- %User Temp%\nst8.tmp
- %User Temp%\nsiA.tmp
(註:%User Temp%フォルダはWindowsの種類とインストール時の設定などにより異なります。標準設定では、Windows 2000、XP および Server 2003 の場合、"C:\Documents and Settings\<ユーザー名>\Local Settings\Temp"、Windows Vista および 7 の場合、"C:\Users\<ユーザ名>\AppData\Local\Temp" です。)
マルウェアは、以下のレジストリキーを追加します。
HKEY_LOCAL_MACHINE\SOFTWARE\Google\
Chrome\Extensions\gjajpkikblccgefaibcafkfbanllpefi
HKEY_CURRENT_USER\SOFTWARE\Mozilla\
Firefox\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\
Firefox\Extensions
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Uninstall\
7go
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Uninstall\
7Go Games
HKEY_CURRENT_USER\Software\Microsoft\
Internet Explorer\MINIE
HKEY_CURRENT_USER\Software\7Go Games
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{A493779E-8D06-460A-9AB3-59EA2ED5396F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\ScriptHost.DLL
HKEY_CLASSES_ROOT\7Go Games.ScriptHostObject.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
7Go Games.ScriptHostObject.1\CLSID
HKEY_CLASSES_ROOT\7Go Games.ScriptHostObject
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
7Go Games.ScriptHostObject\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
7Go Games.ScriptHostObject\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{FF103732-4528-4322-AA8B-F7849AB7776B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{FF103732-4528-4322-AA8B-F7849AB7776B}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{FF103732-4528-4322-AA8B-F7849AB7776B}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{FF103732-4528-4322-AA8B-F7849AB7776B}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{FF103732-4528-4322-AA8B-F7849AB7776B}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{FF103732-4528-4322-AA8B-F7849AB7776B}\TypeLib
HKEY_CLASSES_ROOT\7Go Games.Tool.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
7Go Games.Tool.1\CLSID
HKEY_CLASSES_ROOT\7Go Games.Tool
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
7Go Games.Tool\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
7Go Games.Tool\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{A3632F95-2BB4-4DC6-95E0-16FCF5C4EB4C}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{A3632F95-2BB4-4DC6-95E0-16FCF5C4EB4C}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{A3632F95-2BB4-4DC6-95E0-16FCF5C4EB4C}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{A3632F95-2BB4-4DC6-95E0-16FCF5C4EB4C}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{A3632F95-2BB4-4DC6-95E0-16FCF5C4EB4C}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{A3632F95-2BB4-4DC6-95E0-16FCF5C4EB4C}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{B6C39D5B-210D-416C-8487-A30A477AC424}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{B6C39D5B-210D-416C-8487-A30A477AC424}\1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{B6C39D5B-210D-416C-8487-A30A477AC424}\1.0\
FLAGS
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{B6C39D5B-210D-416C-8487-A30A477AC424}\1.0\
0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{B6C39D5B-210D-416C-8487-A30A477AC424}\1.0\
0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{B6C39D5B-210D-416C-8487-A30A477AC424}\1.0\
HELPDIR
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{458BD324-E5D0-412C-954D-EDFD69A59ED9}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{458BD324-E5D0-412C-954D-EDFD69A59ED9}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{458BD324-E5D0-412C-954D-EDFD69A59ED9}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{458BD324-E5D0-412C-954D-EDFD69A59ED9}\TypeLib
HKEY_CLASSES_ROOT\7Go Games.Navbar.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
7Go Games.Navbar.1\CLSID
HKEY_CLASSES_ROOT\7Go Games.Navbar
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
7Go Games.Navbar\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
7Go Games.Navbar\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{6F876588-5EFF-4194-AC5D-548630BB3BA2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{6F876588-5EFF-4194-AC5D-548630BB3BA2}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{6F876588-5EFF-4194-AC5D-548630BB3BA2}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{6F876588-5EFF-4194-AC5D-548630BB3BA2}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{6F876588-5EFF-4194-AC5D-548630BB3BA2}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{6F876588-5EFF-4194-AC5D-548630BB3BA2}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\ButtonSite.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{0069D032-00A9-4EEB-AD62-342FB59185A4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{0069D032-00A9-4EEB-AD62-342FB59185A4}\1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{0069D032-00A9-4EEB-AD62-342FB59185A4}\1.0\
FLAGS
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{0069D032-00A9-4EEB-AD62-342FB59185A4}\1.0\
0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{0069D032-00A9-4EEB-AD62-342FB59185A4}\1.0\
0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{0069D032-00A9-4EEB-AD62-342FB59185A4}\1.0\
HELPDIR
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{EDC8EEB4-F3CF-46BD-A5F8-49A8314F549A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\AddonsFramework.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{F6C6A088-BA3F-46AB-8B0A-15459A96BC43}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{F6C6A088-BA3F-46AB-8B0A-15459A96BC43}\1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{F6C6A088-BA3F-46AB-8B0A-15459A96BC43}\1.0\
FLAGS
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{F6C6A088-BA3F-46AB-8B0A-15459A96BC43}\1.0\
0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{F6C6A088-BA3F-46AB-8B0A-15459A96BC43}\1.0\
0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{F6C6A088-BA3F-46AB-8B0A-15459A96BC43}\1.0\
HELPDIR
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{B5445928-B77D-474B-84F6-6F1323CA5701}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{B5445928-B77D-474B-84F6-6F1323CA5701}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{B5445928-B77D-474B-84F6-6F1323CA5701}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{B5445928-B77D-474B-84F6-6F1323CA5701}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{F4F96034-2761-4BAF-B906-E4B59E5D50EA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{F4F96034-2761-4BAF-B906-E4B59E5D50EA}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{F4F96034-2761-4BAF-B906-E4B59E5D50EA}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{F4F96034-2761-4BAF-B906-E4B59E5D50EA}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{BE6C7021-0352-4A7E-8A5B-46126353049E}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{BE6C7021-0352-4A7E-8A5B-46126353049E}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{BE6C7021-0352-4A7E-8A5B-46126353049E}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{BE6C7021-0352-4A7E-8A5B-46126353049E}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{FE42F7F2-D931-40CD-ACE7-7B47383ACE25}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{FE42F7F2-D931-40CD-ACE7-7B47383ACE25}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{FE42F7F2-D931-40CD-ACE7-7B47383ACE25}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{FE42F7F2-D931-40CD-ACE7-7B47383ACE25}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{D2AA22AE-2103-4D78-9C0D-46DE64EE0ED7}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{D2AA22AE-2103-4D78-9C0D-46DE64EE0ED7}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{D2AA22AE-2103-4D78-9C0D-46DE64EE0ED7}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{D2AA22AE-2103-4D78-9C0D-46DE64EE0ED7}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{2D017725-74A0-4513-913D-2939ADF6D0F3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{2D017725-74A0-4513-913D-2939ADF6D0F3}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{2D017725-74A0-4513-913D-2939ADF6D0F3}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{2D017725-74A0-4513-913D-2939ADF6D0F3}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{D94BA844-0355-4F02-97F2-6856CD94FE66}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{D94BA844-0355-4F02-97F2-6856CD94FE66}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{D94BA844-0355-4F02-97F2-6856CD94FE66}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{D94BA844-0355-4F02-97F2-6856CD94FE66}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{DFBED68E-BBF6-454A-940F-C84C7E7B4CE6}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{DFBED68E-BBF6-454A-940F-C84C7E7B4CE6}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{DFBED68E-BBF6-454A-940F-C84C7E7B4CE6}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{DFBED68E-BBF6-454A-940F-C84C7E7B4CE6}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{A70CA55D-8EE5-4997-8BC3-B341E36ACBBA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{A70CA55D-8EE5-4997-8BC3-B341E36ACBBA}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{A70CA55D-8EE5-4997-8BC3-B341E36ACBBA}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{A70CA55D-8EE5-4997-8BC3-B341E36ACBBA}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{9275FE6D-8F84-4CA5-97E7-DD3AFD5E4BDE}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{9275FE6D-8F84-4CA5-97E7-DD3AFD5E4BDE}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{9275FE6D-8F84-4CA5-97E7-DD3AFD5E4BDE}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{9275FE6D-8F84-4CA5-97E7-DD3AFD5E4BDE}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{806ED5AF-3ED0-454C-BE4E-6644DD7BEDD1}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{806ED5AF-3ED0-454C-BE4E-6644DD7BEDD1}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{806ED5AF-3ED0-454C-BE4E-6644DD7BEDD1}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{806ED5AF-3ED0-454C-BE4E-6644DD7BEDD1}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{9ADA5C62-B227-45A9-9D77-E5609A43E943}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{9ADA5C62-B227-45A9-9D77-E5609A43E943}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{9ADA5C62-B227-45A9-9D77-E5609A43E943}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{9ADA5C62-B227-45A9-9D77-E5609A43E943}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{A37DD83A-DABA-4EF0-98AA-CDDA88839172}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{A37DD83A-DABA-4EF0-98AA-CDDA88839172}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{A37DD83A-DABA-4EF0-98AA-CDDA88839172}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{A37DD83A-DABA-4EF0-98AA-CDDA88839172}\TypeLib
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Ext\
Settings\{FF103732-4528-4322-AA8B-F7849AB7776B}
HKEY_CURRENT_USER\Software\Microsoft\
Internet Explorer\Approved Extensions
マルウェアは、以下のレジストリ値を追加します。
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Internet Settings
CertificateRevocation = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Google\
Chrome\Extensions\gjajpkikblccgefaibcafkfbanllpefi
path = "%User Profile%\7go\7go.crx"
HKEY_LOCAL_MACHINE\SOFTWARE\Google\
Chrome\Extensions\gjajpkikblccgefaibcafkfbanllpefi
version = "1.0.0.2"
HKEY_CURRENT_USER\Software\Mozilla\
Firefox\Extensions
7go@7go.com = "%User Profile%\Extensions\7go@7go.com"
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\
Firefox\Extensions
7go@7go.com = "%User Profile%\Extensions\7go@7go.com"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
7go
UninstallString = "%Program Files%\7go\uninst.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
7Go Games
DisplayName = "7Go Games"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
7Go Games
UninstallString = "%Program Files%\7Go Games\uninstall.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
7Go Games
DisplayVersion = "1.0.0.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
7Go Games
Publisher = "7go.com"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
7Go Games
URLInfoAbout = "http://www.{BLOCKED}o.com"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
7Go Games
DisplayIcon = "%Program Files%\7Go Games\uninstall.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
7Go Games
InstDir = "%Program Files%\7Go Games"
HKEY_CURRENT_USER\Software\Microsoft\
Internet Explorer\MINIE
CommandBarEnabled = "1"
HKEY_CURRENT_USER\Software\7Go Games
installId = "5B20C292-17B9-4597-9629-B7C88AE556F0"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\ScriptHost.DLL
AppID = "{A493779E-8D06-460A-9AB3-59EA2ED5396F}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\
Browser Helper Objects\{FF103732-4528-4322-AA8B-F7849AB7776B}
NoExplorer = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{FF103732-4528-4322-AA8B-F7849AB7776B}\InprocServer32
ThreadingModel = "Apartment"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{A3632F95-2BB4-4DC6-95E0-16FCF5C4EB4C}\InprocServer32
ThreadingModel = "Apartment"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{458BD324-E5D0-412C-954D-EDFD69A59ED9}\TypeLib
Version = "1.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{6F876588-5EFF-4194-AC5D-548630BB3BA2}\InprocServer32
ThreadingModel = "Apartment"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\ButtonSite.DLL
AppID = "{A493779E-8D06-460A-9AB3-59EA2ED5396F}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\AddonsFramework.DLL
AppID = "{EDC8EEB4-F3CF-46BD-A5F8-49A8314F549A}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{B5445928-B77D-474B-84F6-6F1323CA5701}\TypeLib
Version = "1.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{F4F96034-2761-4BAF-B906-E4B59E5D50EA}\TypeLib
Version = "1.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{BE6C7021-0352-4A7E-8A5B-46126353049E}\TypeLib
Version = "1.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{FE42F7F2-D931-40CD-ACE7-7B47383ACE25}\TypeLib
Version = "1.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{D2AA22AE-2103-4D78-9C0D-46DE64EE0ED7}\TypeLib
Version = "1.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{2D017725-74A0-4513-913D-2939ADF6D0F3}\TypeLib
Version = "1.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{D94BA844-0355-4F02-97F2-6856CD94FE66}\TypeLib
Version = "1.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{DFBED68E-BBF6-454A-940F-C84C7E7B4CE6}\TypeLib
Version = "1.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{A70CA55D-8EE5-4997-8BC3-B341E36ACBBA}\TypeLib
Version = "1.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{9275FE6D-8F84-4CA5-97E7-DD3AFD5E4BDE}\TypeLib
Version = "1.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{806ED5AF-3ED0-454C-BE4E-6644DD7BEDD1}\TypeLib
Version = "1.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{9ADA5C62-B227-45A9-9D77-E5609A43E943}\TypeLib
Version = "1.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{A37DD83A-DABA-4EF0-98AA-CDDA88839172}\TypeLib
Version = "1.0"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Ext\
Settings\{FF103732-4528-4322-AA8B-F7849AB7776B}
Flags = "0"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Ext\
Settings\{FF103732-4528-4322-AA8B-F7849AB7776B}
Version = "*"
HKEY_CURRENT_USER\Software\Microsoft\
Internet Explorer\Approved Extensions
{FF103732-4528-4322-AA8B-F7849AB7776B} = "{random values}"
作成活動
マルウェアは、以下のファイルを作成します。
- %User Temp%\icon.ico
- %Desktop%\7go.lnk
- %User Temp%\7go.exe
- %User Temp%\install_helper.exe
- %User Profile%\7go\7go.crx
- %User Profile%\7go\chrome_install.exe
- %User Temp%\7go.xpi
- %User Temp%\nsk40.tmp\nsisunz.dll
- %User Profile%\content\background.html
- %User Profile%\content\bg.js
- %User Profile%\content\button.xml
- %User Profile%\content\config.js
- %User Profile%\content\content.js
- %User Profile%\content\framework.js
- %User Profile%\content\framework.png
- %User Profile%\content\framework.xul
- %User Profile%\content\icon128.ico
- %User Profile%\content\icon128.png
- %User Profile%\content\icon16.ico
- %User Profile%\content\icon16.png
- %User Profile%\content\icon18.ico
- %User Profile%\content\icon18.png
- %User Profile%\content\icon24.ico
- %User Profile%\content\icon24.png
- %User Profile%\content\icon32.ico
- %User Profile%\content\icon32.png
- %User Profile%\content\icon48.ico
- %User Profile%\content\icon48.png
- %User Profile%\content\icon64.ico
- %User Profile%\content\icon64.png
- %User Profile%\content\jquery-1.9.1.min.js
- %User Profile%\mz\background.js
- %User Profile%\mz\content.js
- %User Profile%\content\options.xul
- %User Profile%\content\settings.json
- %User Profile%\skin\framework.css
- %User Profile%\7go@7go.com\chrome.manifest
- %User Profile%\7go@7go.com\install.rdf
- %Program Files%\7go\uninst.exe
- %User Temp%\nsiA.tmp\help_page.ini
- %User Temp%\nsiA.tmp\ie9install.bmp
- %User Temp%\nsiA.tmp\UAC.dll
- %Program Files%\7Go Games\AddonsFramework.Typelib.dll
- %Program Files%\7Go Games\AddonsFramework.Typelib64.dll
- %Program Files%\7Go Games\BackgroundHost.exe
- %Program Files%\7Go Games\BackgroundHost64.exe
- %Program Files%\7Go Games\ButtonSite.dll
- %Program Files%\7Go Games\ButtonSite64.dll
- %Program Files%\7Go Games\ScriptHost.dll
- %Program Files%\7Go Games\ScriptHost64.dll
- %Program Files%\7Go Games\background.html
- %Program Files%\7Go Games\bg.js
- %Program Files%\7Go Games\config.xml
- %Program Files%\7Go Games\content.js
- %Program Files%\7Go Games\icon128.ico
- %Program Files%\7Go Games\icon128.png
- %Program Files%\7Go Games\icon16.ico
- %Program Files%\7Go Games\icon16.png
- %Program Files%\7Go Games\icon18.ico
- %Program Files%\7Go Games\icon18.png
- %Program Files%\7Go Games\icon24.ico
- %Program Files%\7Go Games\icon24.png
- %Program Files%\7Go Games\icon32.ico
- %Program Files%\7Go Games\icon32.png
- %Program Files%\7Go Games\icon48.ico
- %Program Files%\7Go Games\icon48.png
- %Program Files%\7Go Games\icon64.ico
- %Program Files%\7Go Games\icon64.png
- %Program Files%\7Go Games\jquery-1.9.1.min.js
- %Program Files%\7Go Games\json2.min.js
- %Program Files%\7Go Games\options.htm
- %Program Files%\7Go Games\updater.js
- %Program Files%\7Go Games\updaterWrapper.js
- %Program Files%\7Go Games\mz\background.js
- %Program Files%\7Go Games\mz\content.js
- %Program Files%\7Go Games\uninstall.exe
- %User Temp%\nsiA.tmp\System.dll
- %User Temp%\che38.tmp
このウイルス情報は、自動解析システムにより作成されました。
対応方法
手順 1
Windows XP、Windows Vista および Windows 7 のユーザは、コンピュータからマルウェアもしくはアドウェア等を完全に削除するために、ウイルス検索の実行前には必ず「システムの復元」を無効にしてください。
手順 2
起動中ブラウザのウインドウを全て閉じてください。
手順 3
不明なレジストリ値を削除します。
警告:レジストリはWindowsの構成情報が格納されているデータベースであり、レジストリの編集内容に問題があると、システムが正常に動作しなくなる場合があります。
レジストリの編集はお客様の責任で行っていただくようお願いいたします。弊社ではレジストリの編集による如何なる問題に対しても補償いたしかねます。
レジストリの編集前にこちらをご参照ください。
- In HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
- gjajpkikblccgefaibcafkfbanllpefi
- In HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox
- Extensions
- In HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox
- Extensions
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
- 7go
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
- 7Go Games
- In HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer
- MINIE
- In HKEY_CURRENT_USER\Software
- 7Go Games
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID
- {A493779E-8D06-460A-9AB3-59EA2ED5396F}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID
- ScriptHost.DLL
- In HKEY_CLASSES_ROOT
- 7Go Games.ScriptHostObject.1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\7Go Games.ScriptHostObject.1
- CLSID
- In HKEY_CLASSES_ROOT
- 7Go Games.ScriptHostObject
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\7Go Games.ScriptHostObject
- CLSID
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\7Go Games.ScriptHostObject
- CurVer
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID
- {FF103732-4528-4322-AA8B-F7849AB7776B}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF103732-4528-4322-AA8B-F7849AB7776B}
- ProgID
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF103732-4528-4322-AA8B-F7849AB7776B}
- VersionIndependentProgID
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF103732-4528-4322-AA8B-F7849AB7776B}
- Programmable
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF103732-4528-4322-AA8B-F7849AB7776B}
- InprocServer32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF103732-4528-4322-AA8B-F7849AB7776B}
- TypeLib
- In HKEY_CLASSES_ROOT
- 7Go Games.Tool.1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\7Go Games.Tool.1
- CLSID
- In HKEY_CLASSES_ROOT
- 7Go Games.Tool
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\7Go Games.Tool
- CLSID
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\7Go Games.Tool
- CurVer
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID
- {A3632F95-2BB4-4DC6-95E0-16FCF5C4EB4C}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3632F95-2BB4-4DC6-95E0-16FCF5C4EB4C}
- ProgID
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3632F95-2BB4-4DC6-95E0-16FCF5C4EB4C}
- VersionIndependentProgID
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3632F95-2BB4-4DC6-95E0-16FCF5C4EB4C}
- Programmable
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3632F95-2BB4-4DC6-95E0-16FCF5C4EB4C}
- InprocServer32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3632F95-2BB4-4DC6-95E0-16FCF5C4EB4C}
- TypeLib
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib
- {B6C39D5B-210D-416C-8487-A30A477AC424}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B6C39D5B-210D-416C-8487-A30A477AC424}
- 1.0
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B6C39D5B-210D-416C-8487-A30A477AC424}\1.0
- FLAGS
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B6C39D5B-210D-416C-8487-A30A477AC424}\1.0
- 0
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B6C39D5B-210D-416C-8487-A30A477AC424}\1.0\0
- win32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B6C39D5B-210D-416C-8487-A30A477AC424}\1.0
- HELPDIR
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
- {458BD324-E5D0-412C-954D-EDFD69A59ED9}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{458BD324-E5D0-412C-954D-EDFD69A59ED9}
- ProxyStubClsid
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{458BD324-E5D0-412C-954D-EDFD69A59ED9}
- ProxyStubClsid32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{458BD324-E5D0-412C-954D-EDFD69A59ED9}
- TypeLib
- In HKEY_CLASSES_ROOT
- 7Go Games.Navbar.1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\7Go Games.Navbar.1
- CLSID
- In HKEY_CLASSES_ROOT
- 7Go Games.Navbar
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\7Go Games.Navbar
- CLSID
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\7Go Games.Navbar
- CurVer
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID
- {6F876588-5EFF-4194-AC5D-548630BB3BA2}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F876588-5EFF-4194-AC5D-548630BB3BA2}
- ProgID
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F876588-5EFF-4194-AC5D-548630BB3BA2}
- VersionIndependentProgID
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F876588-5EFF-4194-AC5D-548630BB3BA2}
- Programmable
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F876588-5EFF-4194-AC5D-548630BB3BA2}
- InprocServer32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F876588-5EFF-4194-AC5D-548630BB3BA2}
- TypeLib
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID
- ButtonSite.DLL
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib
- {0069D032-00A9-4EEB-AD62-342FB59185A4}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0069D032-00A9-4EEB-AD62-342FB59185A4}
- 1.0
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0069D032-00A9-4EEB-AD62-342FB59185A4}\1.0
- FLAGS
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0069D032-00A9-4EEB-AD62-342FB59185A4}\1.0
- 0
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0069D032-00A9-4EEB-AD62-342FB59185A4}\1.0\0
- win32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{0069D032-00A9-4EEB-AD62-342FB59185A4}\1.0
- HELPDIR
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID
- {EDC8EEB4-F3CF-46BD-A5F8-49A8314F549A}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID
- AddonsFramework.DLL
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib
- {F6C6A088-BA3F-46AB-8B0A-15459A96BC43}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F6C6A088-BA3F-46AB-8B0A-15459A96BC43}
- 1.0
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F6C6A088-BA3F-46AB-8B0A-15459A96BC43}\1.0
- FLAGS
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F6C6A088-BA3F-46AB-8B0A-15459A96BC43}\1.0
- 0
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F6C6A088-BA3F-46AB-8B0A-15459A96BC43}\1.0\0
- win32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F6C6A088-BA3F-46AB-8B0A-15459A96BC43}\1.0
- HELPDIR
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
- {B5445928-B77D-474B-84F6-6F1323CA5701}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B5445928-B77D-474B-84F6-6F1323CA5701}
- ProxyStubClsid
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B5445928-B77D-474B-84F6-6F1323CA5701}
- ProxyStubClsid32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B5445928-B77D-474B-84F6-6F1323CA5701}
- TypeLib
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
- {F4F96034-2761-4BAF-B906-E4B59E5D50EA}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F4F96034-2761-4BAF-B906-E4B59E5D50EA}
- ProxyStubClsid
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F4F96034-2761-4BAF-B906-E4B59E5D50EA}
- ProxyStubClsid32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F4F96034-2761-4BAF-B906-E4B59E5D50EA}
- TypeLib
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
- {BE6C7021-0352-4A7E-8A5B-46126353049E}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BE6C7021-0352-4A7E-8A5B-46126353049E}
- ProxyStubClsid
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BE6C7021-0352-4A7E-8A5B-46126353049E}
- ProxyStubClsid32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BE6C7021-0352-4A7E-8A5B-46126353049E}
- TypeLib
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
- {FE42F7F2-D931-40CD-ACE7-7B47383ACE25}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FE42F7F2-D931-40CD-ACE7-7B47383ACE25}
- ProxyStubClsid
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FE42F7F2-D931-40CD-ACE7-7B47383ACE25}
- ProxyStubClsid32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FE42F7F2-D931-40CD-ACE7-7B47383ACE25}
- TypeLib
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
- {D2AA22AE-2103-4D78-9C0D-46DE64EE0ED7}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D2AA22AE-2103-4D78-9C0D-46DE64EE0ED7}
- ProxyStubClsid
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D2AA22AE-2103-4D78-9C0D-46DE64EE0ED7}
- ProxyStubClsid32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D2AA22AE-2103-4D78-9C0D-46DE64EE0ED7}
- TypeLib
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
- {2D017725-74A0-4513-913D-2939ADF6D0F3}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2D017725-74A0-4513-913D-2939ADF6D0F3}
- ProxyStubClsid
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2D017725-74A0-4513-913D-2939ADF6D0F3}
- ProxyStubClsid32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2D017725-74A0-4513-913D-2939ADF6D0F3}
- TypeLib
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
- {D94BA844-0355-4F02-97F2-6856CD94FE66}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D94BA844-0355-4F02-97F2-6856CD94FE66}
- ProxyStubClsid
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D94BA844-0355-4F02-97F2-6856CD94FE66}
- ProxyStubClsid32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D94BA844-0355-4F02-97F2-6856CD94FE66}
- TypeLib
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
- {DFBED68E-BBF6-454A-940F-C84C7E7B4CE6}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DFBED68E-BBF6-454A-940F-C84C7E7B4CE6}
- ProxyStubClsid
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DFBED68E-BBF6-454A-940F-C84C7E7B4CE6}
- ProxyStubClsid32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DFBED68E-BBF6-454A-940F-C84C7E7B4CE6}
- TypeLib
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
- {A70CA55D-8EE5-4997-8BC3-B341E36ACBBA}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A70CA55D-8EE5-4997-8BC3-B341E36ACBBA}
- ProxyStubClsid
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A70CA55D-8EE5-4997-8BC3-B341E36ACBBA}
- ProxyStubClsid32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A70CA55D-8EE5-4997-8BC3-B341E36ACBBA}
- TypeLib
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
- {9275FE6D-8F84-4CA5-97E7-DD3AFD5E4BDE}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9275FE6D-8F84-4CA5-97E7-DD3AFD5E4BDE}
- ProxyStubClsid
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9275FE6D-8F84-4CA5-97E7-DD3AFD5E4BDE}
- ProxyStubClsid32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9275FE6D-8F84-4CA5-97E7-DD3AFD5E4BDE}
- TypeLib
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
- {806ED5AF-3ED0-454C-BE4E-6644DD7BEDD1}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{806ED5AF-3ED0-454C-BE4E-6644DD7BEDD1}
- ProxyStubClsid
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{806ED5AF-3ED0-454C-BE4E-6644DD7BEDD1}
- ProxyStubClsid32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{806ED5AF-3ED0-454C-BE4E-6644DD7BEDD1}
- TypeLib
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
- {9ADA5C62-B227-45A9-9D77-E5609A43E943}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9ADA5C62-B227-45A9-9D77-E5609A43E943}
- ProxyStubClsid
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9ADA5C62-B227-45A9-9D77-E5609A43E943}
- ProxyStubClsid32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9ADA5C62-B227-45A9-9D77-E5609A43E943}
- TypeLib
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
- {A37DD83A-DABA-4EF0-98AA-CDDA88839172}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A37DD83A-DABA-4EF0-98AA-CDDA88839172}
- ProxyStubClsid
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A37DD83A-DABA-4EF0-98AA-CDDA88839172}
- ProxyStubClsid32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A37DD83A-DABA-4EF0-98AA-CDDA88839172}
- TypeLib
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings
- {FF103732-4528-4322-AA8B-F7849AB7776B}
- In HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer
- Approved Extensions
手順 4
このレジストリ値を削除します。
警告:レジストリはWindowsの構成情報が格納されているデータベースであり、レジストリの編集内容に問題があると、システムが正常に動作しなくなる場合があります。
レジストリの編集はお客様の責任で行っていただくようお願いいたします。弊社ではレジストリの編集による如何なる問題に対しても補償いたしかねます。
レジストリの編集前にこちらをご参照ください。
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
- CertificateRevocation = "0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gjajpkikblccgefaibcafkfbanllpefi
- path = "%User Profile%\7go\7go.crx"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gjajpkikblccgefaibcafkfbanllpefi
- version = "1.0.0.2"
- In HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions
- 7go@7go.com = "%User Profile%\Extensions\7go@7go.com"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions
- 7go@7go.com = "%User Profile%\Extensions\7go@7go.com"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7go
- UninstallString = "%Program Files%\7go\uninst.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7Go Games
- DisplayName = "7Go Games"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7Go Games
- UninstallString = "%Program Files%\7Go Games\uninstall.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7Go Games
- DisplayVersion = "1.0.0.0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7Go Games
- Publisher = "7go.com"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7Go Games
- URLInfoAbout = "http://www.{BLOCKED}o.com"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7Go Games
- DisplayIcon = "%Program Files%\7Go Games\uninstall.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7Go Games
- InstDir = "%Program Files%\7Go Games"
- In HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MINIE
- CommandBarEnabled = "1"
- In HKEY_CURRENT_USER\Software\7Go Games
- installId = "5B20C292-17B9-4597-9629-B7C88AE556F0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\ScriptHost.DLL
- AppID = "{A493779E-8D06-460A-9AB3-59EA2ED5396F}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF103732-4528-4322-AA8B-F7849AB7776B}
- NoExplorer = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF103732-4528-4322-AA8B-F7849AB7776B}\InprocServer32
- ThreadingModel = "Apartment"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3632F95-2BB4-4DC6-95E0-16FCF5C4EB4C}\InprocServer32
- ThreadingModel = "Apartment"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{458BD324-E5D0-412C-954D-EDFD69A59ED9}\TypeLib
- Version = "1.0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F876588-5EFF-4194-AC5D-548630BB3BA2}\InprocServer32
- ThreadingModel = "Apartment"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\ButtonSite.DLL
- AppID = "{A493779E-8D06-460A-9AB3-59EA2ED5396F}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\AddonsFramework.DLL
- AppID = "{EDC8EEB4-F3CF-46BD-A5F8-49A8314F549A}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B5445928-B77D-474B-84F6-6F1323CA5701}\TypeLib
- Version = "1.0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F4F96034-2761-4BAF-B906-E4B59E5D50EA}\TypeLib
- Version = "1.0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BE6C7021-0352-4A7E-8A5B-46126353049E}\TypeLib
- Version = "1.0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FE42F7F2-D931-40CD-ACE7-7B47383ACE25}\TypeLib
- Version = "1.0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D2AA22AE-2103-4D78-9C0D-46DE64EE0ED7}\TypeLib
- Version = "1.0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2D017725-74A0-4513-913D-2939ADF6D0F3}\TypeLib
- Version = "1.0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D94BA844-0355-4F02-97F2-6856CD94FE66}\TypeLib
- Version = "1.0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DFBED68E-BBF6-454A-940F-C84C7E7B4CE6}\TypeLib
- Version = "1.0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A70CA55D-8EE5-4997-8BC3-B341E36ACBBA}\TypeLib
- Version = "1.0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9275FE6D-8F84-4CA5-97E7-DD3AFD5E4BDE}\TypeLib
- Version = "1.0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{806ED5AF-3ED0-454C-BE4E-6644DD7BEDD1}\TypeLib
- Version = "1.0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9ADA5C62-B227-45A9-9D77-E5609A43E943}\TypeLib
- Version = "1.0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A37DD83A-DABA-4EF0-98AA-CDDA88839172}\TypeLib
- Version = "1.0"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FF103732-4528-4322-AA8B-F7849AB7776B}
- Flags = "0"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FF103732-4528-4322-AA8B-F7849AB7776B}
- Version = "*"
- In HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Approved Extensions
- {FF103732-4528-4322-AA8B-F7849AB7776B} = "{random values}"
手順 5
以下のファイルを検索し削除します。
- %User Temp%\icon.ico
- %Desktop%\7go.lnk
- %User Temp%\7go.exe
- %User Temp%\install_helper.exe
- %User Profile%\7go\7go.crx
- %User Profile%\7go\chrome_install.exe
- %User Temp%\7go.xpi
- %User Temp%\nsk40.tmp\nsisunz.dll
- %User Profile%\content\background.html
- %User Profile%\content\bg.js
- %User Profile%\content\button.xml
- %User Profile%\content\config.js
- %User Profile%\content\content.js
- %User Profile%\content\framework.js
- %User Profile%\content\framework.png
- %User Profile%\content\framework.xul
- %User Profile%\content\icon128.ico
- %User Profile%\content\icon128.png
- %User Profile%\content\icon16.ico
- %User Profile%\content\icon16.png
- %User Profile%\content\icon18.ico
- %User Profile%\content\icon18.png
- %User Profile%\content\icon24.ico
- %User Profile%\content\icon24.png
- %User Profile%\content\icon32.ico
- %User Profile%\content\icon32.png
- %User Profile%\content\icon48.ico
- %User Profile%\content\icon48.png
- %User Profile%\content\icon64.ico
- %User Profile%\content\icon64.png
- %User Profile%\content\jquery-1.9.1.min.js
- %User Profile%\mz\background.js
- %User Profile%\mz\content.js
- %User Profile%\content\options.xul
- %User Profile%\content\settings.json
- %User Profile%\skin\framework.css
- %User Profile%\7go@7go.com\chrome.manifest
- %User Profile%\7go@7go.com\install.rdf
- %Program Files%\7go\uninst.exe
- %User Temp%\nsiA.tmp\help_page.ini
- %User Temp%\nsiA.tmp\ie9install.bmp
- %User Temp%\nsiA.tmp\UAC.dll
- %Program Files%\7Go Games\AddonsFramework.Typelib.dll
- %Program Files%\7Go Games\AddonsFramework.Typelib64.dll
- %Program Files%\7Go Games\BackgroundHost.exe
- %Program Files%\7Go Games\BackgroundHost64.exe
- %Program Files%\7Go Games\ButtonSite.dll
- %Program Files%\7Go Games\ButtonSite64.dll
- %Program Files%\7Go Games\ScriptHost.dll
- %Program Files%\7Go Games\ScriptHost64.dll
- %Program Files%\7Go Games\background.html
- %Program Files%\7Go Games\bg.js
- %Program Files%\7Go Games\config.xml
- %Program Files%\7Go Games\content.js
- %Program Files%\7Go Games\icon128.ico
- %Program Files%\7Go Games\icon128.png
- %Program Files%\7Go Games\icon16.ico
- %Program Files%\7Go Games\icon16.png
- %Program Files%\7Go Games\icon18.ico
- %Program Files%\7Go Games\icon18.png
- %Program Files%\7Go Games\icon24.ico
- %Program Files%\7Go Games\icon24.png
- %Program Files%\7Go Games\icon32.ico
- %Program Files%\7Go Games\icon32.png
- %Program Files%\7Go Games\icon48.ico
- %Program Files%\7Go Games\icon48.png
- %Program Files%\7Go Games\icon64.ico
- %Program Files%\7Go Games\icon64.png
- %Program Files%\7Go Games\jquery-1.9.1.min.js
- %Program Files%\7Go Games\json2.min.js
- %Program Files%\7Go Games\options.htm
- %Program Files%\7Go Games\updater.js
- %Program Files%\7Go Games\updaterWrapper.js
- %Program Files%\7Go Games\mz\background.js
- %Program Files%\7Go Games\mz\content.js
- %Program Files%\7Go Games\uninstall.exe
- %User Temp%\nsiA.tmp\System.dll
- %User Temp%\che38.tmp
手順 6
以下のフォルダを検索し削除します。
- %System Root%\DOCUME~1
- %System Root%\DOCUME~1\Wilbert
- %User Profile%\LOCALS~1
- %System Root%\Documents and Settings\Wilbert
- %User Profile%\Application Data\7go
- %User Profile%\Application Data\Mozilla
- %User Profile%\Mozilla\Extensions
- %User Profile%\Extensions\7go@7go.com
- %User Temp%\nsk40.tmp
- %User Profile%\7go@7go.com\chrome
- %User Profile%\chrome\content
- %User Profile%\content\mz
- %User Profile%\chrome\skin
- %User Temp%\nsiA.tmp
- %Program Files%\7Go Games
- %Program Files%\7Go Games\mz
- %Application Data%\Google\Chrome\User Data\Default\Extensions
- %Application Data%\Google\Chrome\User Data\Default\Extensions\gjajpkikblccgefaibcafkfbanllpefi
- %Application Data%\Google\Chrome\User Data\Default\Extensions\gjajpkikblccgefaibcafkfbanllpefi\1.0.0.2
手順 7
最新のバージョン(エンジン、パターンファイル)を導入したウイルス対策製品を用い、ウイルス検索を実行してください。「TROJ_SPNV.03AR14」と検出したファイルはすべて削除してください。 検出されたファイルが、弊社ウイルス対策製品により既に駆除、隔離またはファイル削除の処理が実行された場合、ウイルスの処理は完了しており、他の削除手順は特にありません。
手順 8
以下のファイルをバックアップを用いて修復します。なお、マイクロソフト製品に関連したファイルのみ修復されます。このマルウェア/グレイウェア/スパイウェアが同社製品以外のプログラムをも削除した場合には、該当プログラムを再度インストールする必要があります。
- %User Temp%\nsk1.tmp
- install_helper.exe
- 7go.exe
- chrome_install.exe
- %User Temp%\nsk40.tmp
- 7go.xpi
- %User Temp%\nst8.tmp
- %User Temp%\nsiA.tmp
ご利用はいかがでしたか? アンケートにご協力ください