Adware.Win32.OpenCandy.GISFX
Windows
- マルウェアタイプ: アドウェア
- 破壊活動の有無: なし
- 暗号化:
- 感染報告の有無: はい
概要
アドウェアは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。
詳細
侵入方法
アドウェアは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。
インストール
アドウェアは、以下のプロセスを追加します。
- cmd.exe /c ping 1.1.1.1 -n 1 -w 5000 > Nul & Del "%User Temp%\ADKAppsOfferManager.dll"
- %User Temp%\utt7EAA.tmp.exe /cnid "512435" /hp /ntp_ie /wait /dsie /dsff
- uTorrent.exe /NOINSTALL /BRINGTOFRONT
- %System%\PING.EXE ping 1.1.1.1 -n 1 -w 5000
- "%User Temp%\~spD75D.tmp" /cnid "512435" /hp /ntp_ie /wait /dsie /dsff /S
(註:%User Temp%フォルダは、現在ログオンしているユーザの一時フォルダです。Windows 2000(32-bit)、XP、Server 2003(32-bit)の場合、通常 "C:\Documents and Settings\<ユーザー名>\Local Settings\Temp"です。また、Windows Vista、7、8、8.1、2008(64-bit)、2012(64-bit)、10(64-bit)の場合、通常 "C:\Users\<ユーザ名>\AppData\Local\Temp" です。. %System%フォルダは、システムフォルダで、いずれのオペレーティングシステム(OS)でも通常、"C:\Windows\System32" です。.)
アドウェアは、以下のフォルダを作成します。
- %AppDataLocal%\{B5F70934-5E12-42d2-882D-62D42EA1FA67}
- %System Root%\Users
- %User Profile%\AppData
- %Application Data%\uTorrent\dlimagecache
- %Application Data%\uTorrent
- %Application Data%\uTorrent\share
- %Application Data%\uTorrent\updates
- %Application Data%\uTorrent\apps
(註:%AppDataLocal%フォルダは、ローカルアプリケーションデータフォルダです。Windows 2000(32-bit)、XP、Server 2003(32-bit)の場合、通常 "C:\Documents and Settings\<ユーザ名>\Local Settings\Application Data" です。また、Windows Vista、7、8、8.1、2008(64-bit)、2012(64-bit)、10(64-bit)の場合、通常 "C:\Users\<ユーザ名>\AppData\Local" です。. %System Root%フォルダは、オペレーティングシステム(OS)が存在する場所で、いずれのOSでも通常、 "C:" です。.. %User Profile%フォルダは、現在ログオンしているユーザのプロファイルフォルダです。Windows 2000(32-bit)、XP、Server 2003(32-bit)の場合、通常 "C:\Documents and Settings\<ユーザ名>"です。また、Windows Vista、7、8、8.1、2008(64-bit)、2012(64-bit)、10(64-bit)の場合、通常 "C:\Users\<ユーザ名>" です。. %Application Data%フォルダは、現在ログオンしているユーザのアプリケーションデータフォルダです。Windows 2000(32-bit)、XP、Server 2003(32-bit)の場合、通常 "C:\Documents and Settings\<ユーザ名>\Local Settings\Application Data" です。また、Windows Vista、7、8、8.1、2008(64-bit)、2012(64-bit)、10(64-bit)の場合、通常 "C:\Users\<ユーザ名>\AppData\Roaming" です。)
自動実行方法
アドウェアは、自身のコピーがWindows起動時に自動実行されるよう以下のレジストリ値を追加します。
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
uTorrent = "%Application Data%\uTorrent\uTorrent.exe /MINIMIZED"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
SMSetup = "{random characters}"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
uTorrent = "%Application Data%\uTorrent\uTorrent.exe /MINIMIZED"
他のシステム変更
アドウェアは、以下のファイルを削除します。
- %User Temp%\e.temp
- %User Temp%\ApnStub.exe
- %User Temp%\offconfig.temp
- %User Temp%\BunndleOfferManager.dll
- %User Temp%\i_temp.temp
(註:%User Temp%フォルダは、現在ログオンしているユーザの一時フォルダです。Windows 2000(32-bit)、XP、Server 2003(32-bit)の場合、通常 "C:\Documents and Settings\<ユーザー名>\Local Settings\Temp"です。また、Windows Vista、7、8、8.1、2008(64-bit)、2012(64-bit)、10(64-bit)の場合、通常 "C:\Users\<ユーザ名>\AppData\Local\Temp" です。)
アドウェアは、以下のフォルダを削除します。
- %User Temp%\nsxD6B1.tmp
(註:%User Temp%フォルダは、現在ログオンしているユーザの一時フォルダです。Windows 2000(32-bit)、XP、Server 2003(32-bit)の場合、通常 "C:\Documents and Settings\<ユーザー名>\Local Settings\Temp"です。また、Windows Vista、7、8、8.1、2008(64-bit)、2012(64-bit)、10(64-bit)の場合、通常 "C:\Users\<ユーザ名>\AppData\Local\Temp" です。)
アドウェアは、以下のレジストリ値を追加します。
HKEY_CURRENT_USER\Software\Classes\
FalconBetaAccount
remote_access_client_id = "4731483538"
HKEY_CURRENT_USER\Software\BitTorrent\
uTorrent
OfferProvider = ""
HKEY_CURRENT_USER\Software\BitTorrent\
uTorrent
OfferName = ""
HKEY_CURRENT_USER\Software\BitTorrent\
uTorrent
OfferAccepted = "0"
HKEY_CURRENT_USER\Software\BitTorrent\
uTorrent
OfferViaCAU = "0"
HKEY_CURRENT_USER\Software\Classes\
.torrent
(Default) = "uTorrent"
HKEY_CURRENT_USER\Software\Classes\
uTorrent\DefaultIcon
(Default) = "%Application Data%\uTorrent\uTorrent.exe,0"
HKEY_CURRENT_USER\Software\Classes\
.torrent
Content Type = "application/x-bittorrent"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
MIME\Database\Content Type\
application/x-bittorrent
Extension = ".torrent"
HKEY_CURRENT_USER\Software\Classes\
MIME\Database\Content Type\
application/x-bittorrent
Extension = ".torrent"
HKEY_CURRENT_USER\Software\Classes\
uTorrent\shell\open\
command
(Default) = "%Application Data%\uTorrent\uTorrent.exe %1"
HKEY_CURRENT_USER\Software\Classes\
uTorrent\shell
(Default) = "open"
HKEY_CURRENT_USER\Software\Classes\
uTorrent\Content Type
(Default) = "application/x-bittorrent"
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\
Microsoft\Windows\CurrentVersion\
explorer
GlobalAssocChangedCounter = "12"
HKEY_CURRENT_USER\Software\Classes\
.btsearch
(Default) = "uTorrent"
HKEY_CURRENT_USER\Software\Classes\
.btsearch
Content Type = "application/x-bittorrentsearchdescription+xml"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
MIME\Database\Content Type\
application/x-bittorrentsearchdescription+xml
Extension = ".btsearch"
HKEY_CURRENT_USER\Software\Classes\
MIME\Database\Content Type\
application/x-bittorrentsearchdescription+xml
Extension = ".btsearch"
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\
Microsoft\Windows\CurrentVersion\
explorer
GlobalAssocChangedCounter = "13"
HKEY_CURRENT_USER\Software\Classes\
Magnet
(Default) = "Magnet URI"
HKEY_CURRENT_USER\Software\Classes\
Magnet
URL Protocol = ""
HKEY_CURRENT_USER\Software\Classes\
Magnet
Content Type = "application/x-magnet"
HKEY_CURRENT_USER\Software\Classes\
Magnet\shell\open\
command
(Default) = "%Application Data%\uTorrent\uTorrent.exe %1"
HKEY_CURRENT_USER\Software\Classes\
Magnet\shell
(Default) = "open"
HKEY_CURRENT_USER\Software\Classes\
Magnet\DefaultIcon
(Default) = "%Application Data%\uTorrent\uTorrent.exe,0"
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\
Microsoft\Windows\CurrentVersion\
explorer
GlobalAssocChangedCounter = "14"
HKEY_CURRENT_USER\Software\Classes\
.torrent\OpenWithProgids
uTorrent = ""
HKEY_CURRENT_USER\Software\Classes\
.btsearch\OpenWithProgids
uTorrent = ""
HKEY_CURRENT_USER\Software\Classes\
Applications\uTorrent.exe\shell
(Default) = "open"
HKEY_CURRENT_USER\Software\Classes\
Applications\uTorrent.exe\shell\
open\command
(Default) = "%Application Data%\uTorrent\uTorrent.exe %1"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Uninstall\
uTorrent
DisplayIcon = "%Application Data%\uTorrent\uTorrent.exe,0"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Uninstall\
uTorrent
DisplayName = "\xc2\xb5Torrent"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Uninstall\
uTorrent
DisplayVersion = "3.3.1.29812"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Uninstall\
uTorrent
UninstallString = "%Application Data%\uTorrent\uTorrent.exe /UNINSTALL"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Uninstall\
uTorrent
InstallLocation = "%Application Data%\uTorrent"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Uninstall\
uTorrent
VersionMajor = "3"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Uninstall\
uTorrent
MajorVersion = "3"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Uninstall\
uTorrent
VersionMinor = "3"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Uninstall\
uTorrent
MinorVersion = "3"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Uninstall\
uTorrent
NoModify = "1"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Uninstall\
uTorrent
NoRepair = "1"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Uninstall\
uTorrent
URLInfoAbout = "http://www.{BLOCKED}nt.com"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Uninstall\
uTorrent
Publisher = "BitTorrent Inc."
HKEY_CURRENT_USER\Software\BitTorrent\
uTorrent
Revision = "29812"
HKEY_CURRENT_USER\Software\AppDataLow\
Software\Settings Manager
cid2 = "8db427b7b79d72e5b03e6bf112530b31"
HKEY_CURRENT_USER\Software\AppDataLow\
Software\Settings Manager
WS_FF_AB = "https://search.{BLOCKED}o.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=524914&p="
HKEY_CURRENT_USER\Software\AppDataLow\
Software\Settings Manager
WS_IE_AB = "{random characters}"
HKEY_CURRENT_USER\Software\AppDataLow\
Software\Settings Manager
WS_FF_IB = "{random characters}"
HKEY_CURRENT_USER\Software\AppDataLow\
Software\Settings Manager
WS_IE_IB = "{random characters}"
HKEY_CURRENT_USER\Software\AppDataLow\
Software\Settings Manager
WS_GC_IB = "{random characters}"
HKEY_CURRENT_USER\Software\AppDataLow\
Software\Settings Manager
spid = "249"
HKEY_CURRENT_USER\Software\AppDataLow\
Software\Settings Manager
channelId = "512435"
HKEY_CURRENT_USER\Software\AppDataLow\
Software\Settings Manager
HP_IE = "https://search.{BLOCKED}o.com/?type=524914&fr=spigot-yhp-ie"
HKEY_CURRENT_USER\Software\AppDataLow\
Software\Settings Manager
HP_FF = "https://search.{BLOCKED}o.com/?type=524914&fr=spigot-yhp-ff"
HKEY_CURRENT_USER\Software\AppDataLow\
Software\Settings Manager
HP_GC = "https://search.{BLOCKED}o.com/?type=524914&fr=yo-yhp-ch"
HKEY_CURRENT_USER\Software\AppDataLow\
Software\Settings Manager
vloc20_brwrst = "2"
HKEY_CURRENT_USER\Software\AppDataLow\
Software\Settings Manager
vloc21_maxwait = "24"
HKEY_CURRENT_USER\Software\AppDataLow\
Software\Settings Manager
ISN = "42F2F885836845A1A94ED8CDB08D7749"
HKEY_CURRENT_USER\Software\AppDataLow\
Software\Settings Manager
ieds_ts = "1569846953"
HKEY_CURRENT_USER\Software\AppDataLow\
Software\Settings Manager
ffds_ts = "1569846953"
HKEY_CURRENT_USER\Software\AppDataLow\
Software\Settings Manager
gcds_ts = "1569846953"
HKEY_CURRENT_USER\Software\AppDataLow\
Software\Settings Manager
ts_brwrst = "1569846954"
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\
Microsoft\Windows\CurrentVersion\
explorer
GlobalAssocChangedCounter = "15"
HKEY_CURRENT_USER\Software\Classes\
.btapp
(Default) = "uTorrent"
HKEY_CURRENT_USER\Software\Classes\
.btapp
Content Type = "application/x-bittorrent-app"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
MIME\Database\Content Type\
application/x-bittorrent-app
Extension = ".btapp"
HKEY_CURRENT_USER\Software\Classes\
MIME\Database\Content Type\
application/x-bittorrent-app
Extension = ".btapp"
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\
Microsoft\Windows\CurrentVersion\
explorer
GlobalAssocChangedCounter = "16"
HKEY_CURRENT_USER\Software\Classes\
.btskin
(Default) = "uTorrent"
HKEY_CURRENT_USER\Software\Classes\
.btskin
Content Type = "application/x-bittorrent-skin"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
MIME\Database\Content Type\
application/x-bittorrent-skin
Extension = ".btskin"
HKEY_CURRENT_USER\Software\Classes\
MIME\Database\Content Type\
application/x-bittorrent-skin
Extension = ".btskin"
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\
Microsoft\Windows\CurrentVersion\
explorer
GlobalAssocChangedCounter = "17"
HKEY_CURRENT_USER\Software\Classes\
.btinstall
(Default) = "uTorrent"
HKEY_CURRENT_USER\Software\Classes\
.btinstall
Content Type = "application/x-bittorrent-appinst"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
MIME\Database\Content Type\
application/x-bittorrent-appinst
Extension = ".btinstall"
HKEY_CURRENT_USER\Software\Classes\
MIME\Database\Content Type\
application/x-bittorrent-appinst
Extension = ".btinstall"
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\
Microsoft\Windows\CurrentVersion\
explorer
GlobalAssocChangedCounter = "18"
HKEY_CURRENT_USER\Software\Classes\
.btkey
(Default) = "uTorrent"
HKEY_CURRENT_USER\Software\Classes\
.btkey
Content Type = "application/x-bittorrent-key"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
MIME\Database\Content Type\
application/x-bittorrent-key
Extension = ".btkey"
HKEY_CURRENT_USER\Software\Classes\
MIME\Database\Content Type\
application/x-bittorrent-key
Extension = ".btkey"
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\
Microsoft\Windows\CurrentVersion\
explorer
GlobalAssocChangedCounter = "19"
作成活動
アドウェアは、以下のファイルを作成します。
- %Application Data%\uTorrent\toolbar_offer.benc
- %Application Data%\uTorrent\dht.dat.old
- %Application Data%\Microsoft\Internet Explorer\Quick Launch\xc2\xb5Torrent.lnk
- %Application Data%\uTorrent\updates.dat
- %Application Data%\uTorrent\uTorrent.exe
- %Application Data%\uTorrent\settings.dat.new
- %Application Data%\uTorrent\toolbar.benc.old
- %Application Data%\uTorrent\dht.dat
- %User Temp%\uttFD61.tmp.new
- %Application Data%\uTorrent\apps\player.btapp
- %Application Data%\uTorrent\apps\welcome-upsell.btapp
- %Desktop%\xc2\xb5Torrent.lnk
- %Application Data%\uTorrent\toolbar.benc.new
- %User Temp%\ADKAppsOfferManager.dll
- %User Temp%\utt7EAA.tmp.exe
- %Application Data%\uTorrent\toolbar.benc
- %Application Data%\uTorrent\settings.dat
- %User Temp%\utt4254.tmp.old
- %Application Data%\uTorrent\settings.dat.old
- %Application Data%\uTorrent\rss.dat.old
- %Application Data%\uTorrent\apps\featuredContent.btapp
- %User Temp%\uttF5CD.tmp.new
- %Application Data%\uTorrent\dht.dat.new
- %User Temp%\uttF6EB.tmp.new
- %User Temp%\yahoo_ie.xml
- %Application Data%\uTorrent\dht_feed.dat.old
- %User Temp%\utt4254.tmp.new
- %Application Data%\uTorrent\updates\3.3.1_29812.exe
- %Start Menu%\xc2\xb5Torrent.lnk
- %Application Data%\uTorrent\rss.dat
- %Application Data%\uTorrent\apps\plus.btapp
- %Application Data%\uTorrent\dlimagecache\10E6FBE4D921B475FA5FEC6E9A535A540D6FEED1
- %Application Data%\uTorrent\dht_feed.dat
- %Application Data%\uTorrent\dht_feed.dat.new
- %Application Data%\uTorrent\rss.dat.new
(註:%Application Data%フォルダは、現在ログオンしているユーザのアプリケーションデータフォルダです。Windows 2000(32-bit)、XP、Server 2003(32-bit)の場合、通常 "C:\Documents and Settings\<ユーザ名>\Local Settings\Application Data" です。また、Windows Vista、7、8、8.1、2008(64-bit)、2012(64-bit)、10(64-bit)の場合、通常 "C:\Users\<ユーザ名>\AppData\Roaming" です。. %User Temp%フォルダは、現在ログオンしているユーザの一時フォルダです。Windows 2000(32-bit)、XP、Server 2003(32-bit)の場合、通常 "C:\Documents and Settings\<ユーザー名>\Local Settings\Temp"です。また、Windows Vista、7、8、8.1、2008(64-bit)、2012(64-bit)、10(64-bit)の場合、通常 "C:\Users\<ユーザ名>\AppData\Local\Temp" です。. %Desktop%フォルダは、現在ログオンしているユーザのデスクトップです。Windows 2000(32-bit)、XP、Server 2003(32-bit)の場合、通常 "C:\Documents and Settings\<ユーザ名>\Desktop" です。また、Windows Vista、7、8、8.1、2008(64-bit)、2012(64-bit)、10(64-bit)の場合、通常 "C:\Users\<ユーザ名>\Desktop" です。. %Start Menu%フォルダは、現在ログオンしているユーザのスタートメニューフォルダです。Windows 2000(32-bit)、XP、Server 2003(32-bit)の場合、通常 "C:\Windows\Start Menu" または "C:\Documents and Settings\<ユーザ名>\Start Menu" です。また、Windows Vista、7、8、8.1、2008(64-bit)、012(64-bit)、10(64-bit)の場合、通常 "C:\Users\<ユーザ名>\AppData\Roaming\Microsoft\Windows\Start Menu" です。)
その他
アドウェアは、以下の不正なWebサイトにアクセスします。
- http://update.{BLOCKED}nt.com/installoffer.php?{random characters}
- http://update.{BLOCKED}nt.com/installstats.php?{random characters}
- http://imp.{BLOCKED}l-zone.com/impression.do/?{random characters}
- http://config.{BLOCKED}l-zone.com/68E633381BD14a69BD08A05C22B72D6A/offers.json?{random characters}
- http://www.{BLOCKED}serbar.com/images/pixel.gif?tb=1&cnid=512435
- http://update.{BLOCKED}nt.com/updatestats.php?{random characters}
- http://apps.{BLOCKED}rent.com/featuredcontent/featuredcontent.btapp
- http://apps.{BLOCKED}rent.com/utorrent-onboarding/welcome-upsell.btapp
- http://apps.{BLOCKED}rent.com/utorrent-onboarding/player.btapp
- http://apps.{BLOCKED}rent.com/utorrent-onboarding/plus2.btapp
- http://ll.{BLOCKED}ad3.utorrent.com/offers/SMStub-en-20150508.exe
- http://update2.{BLOCKED}serbar.com/kits/sds/update.xml
- http://www.{BLOCKED}adnetworkhost.com/kits/sds/update.xml
- http://update.{BLOCKED}adnetworkhost.com/kits/sds/SMSetup.exe
- http://www.{BLOCKED}rent.com/favicon.ico
- http://api.{BLOCKED}adnetworkhost.com/cgi/api.cgi/512435/42F2F885836845A1A94ED8CDB08D7749/vloc/40
- http://update.{BLOCKED}nt.com/checkupdate.php?{random characters}
- http://www.{BLOCKED}va.org/favicon.ico
- http://api.{BLOCKED}adnetworkhost.com/cgi/api.cgi/ping/40
- http://www.{BLOCKED}o.com/favicon.ico
- http://bench.{BLOCKED}nt.com
- http://offers.{BLOCKED}rent.com
- http://update.{BLOCKED}rent.com
- http://router.{BLOCKED}rent.com
- http://router.{BLOCKED}nt.com
- {BLOCKED}244.168
- {BLOCKED}.29.83
- {BLOCKED}.40.227
- {BLOCKED}.147.81
- {BLOCKED}88.84
- {BLOCKED}.225.126
- {BLOCKED}.131.72
- {BLOCKED}.147.186
- {BLOCKED}49.146
- {BLOCKED}.96.41
- {BLOCKED}102.72
- {BLOCKED}53.6
- {BLOCKED}179.237
- {BLOCKED}14.99
- {BLOCKED}77.210
- {BLOCKED}.193.253
- {BLOCKED}.6.42
- {BLOCKED}.154.133
- {BLOCKED}7.166
- {BLOCKED}161.126
- {BLOCKED}.62.72
- {BLOCKED}.21.53
- {BLOCKED}.141.68
- {BLOCKED}198.135
- {BLOCKED}59.176
- {BLOCKED}134.62
- {BLOCKED}.249.249
- {BLOCKED}.128.39
- {BLOCKED}.56.17
- {BLOCKED}.177.146
- {BLOCKED}49.164
- {BLOCKED}.92.131
- {BLOCKED}.0.233
- {BLOCKED}.184.63
- {BLOCKED}.166.35
- {BLOCKED}.77.194
- {BLOCKED}.155.76
- {BLOCKED}.120.145
- {BLOCKED}.75.5
- {BLOCKED}.176.226
- {BLOCKED}.137.158
- {BLOCKED}.75.21
- {BLOCKED}.83.250
- {BLOCKED}.52.168
- {BLOCKED}73.60
- {BLOCKED}.60.77
- {BLOCKED}176.175
- {BLOCKED}.124.77
- {BLOCKED}.204.64
- {BLOCKED}76.28
- {BLOCKED}127.183
- {BLOCKED}139.21
- {BLOCKED}.54.197
- {BLOCKED}204.42
- {BLOCKED}10.1
- {BLOCKED}247.143
- {BLOCKED}2.148
- {BLOCKED}.112.202
- {BLOCKED}79.241
- {BLOCKED}56.151
- {BLOCKED}20.173
- {BLOCKED}255.210
- {BLOCKED}.71.106
- {BLOCKED}.14.219
- {BLOCKED}83.37
- {BLOCKED}147.37
- {BLOCKED}.151.75
- {BLOCKED}.253.23
- {BLOCKED}194.155
- {BLOCKED}.231.18
- {BLOCKED}.79.73
- {BLOCKED}121.96
- {BLOCKED}200.12
- {BLOCKED}.195.13
- {BLOCKED}.156.165
- {BLOCKED}.12.80
- {BLOCKED}.128.233
- {BLOCKED}.200.12
- {BLOCKED}155.132
- {BLOCKED}.97.245
- {BLOCKED}.239.40
- {BLOCKED}.61.91
- {BLOCKED}.239.197
- {BLOCKED}.131.50
- {BLOCKED}43.239
- {BLOCKED}173.255
- {BLOCKED}.212.210
- {BLOCKED}.118.215
- {BLOCKED}239.135
- {BLOCKED}207.205
- {BLOCKED}8.50
- {BLOCKED}141.210
- {BLOCKED}234.173
- {BLOCKED}.154.172
- {BLOCKED}.180.168
- {BLOCKED}.4.238
- {BLOCKED}32.15
- {BLOCKED}.175.55
- {BLOCKED}.168.56
- {BLOCKED}.38.243
- {BLOCKED}250.34
- {BLOCKED}.161.13
- {BLOCKED}.71.172
- {BLOCKED}29.233
- {BLOCKED}.40.177
- {BLOCKED}.76.88
- {BLOCKED}.97.126
- {BLOCKED}.138.86
- {BLOCKED}.107.224
- {BLOCKED}19.229
- {BLOCKED}03.86
- {BLOCKED}114.207
- {BLOCKED}1.128
- {BLOCKED}138.220
- {BLOCKED}.121.96
- {BLOCKED}.106.89
- {BLOCKED}218.23
- {BLOCKED}28.180
- {BLOCKED}174.84
- {BLOCKED}218.16
- {BLOCKED}.62.55
- {BLOCKED}.62.31
- {BLOCKED}.105.212
- {BLOCKED}.131.199
- {BLOCKED}.137.170
- {BLOCKED}.135.233
- {BLOCKED}.124.68
- {BLOCKED}143.249
- {BLOCKED}.93.175
- {BLOCKED}.6.184
- {BLOCKED}182.225
- {BLOCKED}25.164
- {BLOCKED}190.138
- {BLOCKED}79.178
- {BLOCKED}185.96
- {BLOCKED}10.100
- {BLOCKED}.136.108
- {BLOCKED}.240
- {BLOCKED}90.84
- {BLOCKED}74.234
- {BLOCKED}185.57
- {BLOCKED}7.179
- {BLOCKED}05.184
- {BLOCKED}04.29
- {BLOCKED}0.62
- {BLOCKED}45.36
- {BLOCKED}.67.92
- {BLOCKED}72.93
- {BLOCKED}124.237
- {BLOCKED}0.227
- {BLOCKED}243.237
- {BLOCKED}.117.188
- {BLOCKED}.117.104
- {BLOCKED}.132.139
- {BLOCKED}.16.123
- {BLOCKED}.149.10
- {BLOCKED}02.203
- {BLOCKED}43.33
- {BLOCKED}38.21
- {BLOCKED}.149.14
- {BLOCKED}.51.192
- {BLOCKED}.121.5
- {BLOCKED}.143.0
- {BLOCKED}.141.59
- {BLOCKED}.140.250
- {BLOCKED}76.42
- {BLOCKED}113.64
- {BLOCKED}.40.99
- {BLOCKED}39.179
- {BLOCKED}191.68
- {BLOCKED}.254.149
- {BLOCKED}.122.164
- {BLOCKED}.139.5
- {BLOCKED}.49.86
- {BLOCKED}.156.153
- {BLOCKED}.19.42
- {BLOCKED}249.11
- {BLOCKED}131.88
- {BLOCKED}.184.45
- {BLOCKED}.167.100
- {BLOCKED}2.42
- {BLOCKED}167.152
- {BLOCKED}237.229
- {BLOCKED}255.24
- {BLOCKED}6.80
- {BLOCKED}.39.65
- {BLOCKED}.25.164
- {BLOCKED}.166.5
- {BLOCKED}.221.98
- {BLOCKED}.60.199
- {BLOCKED}.11.147
- {BLOCKED}.114.191
- {BLOCKED}.240.82
- {BLOCKED}7.56.107
- {BLOCKED}5.249.147
- {BLOCKED}4.8.50
- {BLOCKED}6.218.22
- {BLOCKED}2.61.103
- {BLOCKED}4.204.48
- {BLOCKED}2.81.178
- {BLOCKED}8.94.127
- {BLOCKED}.164.130
- {BLOCKED}8.140.28
- {BLOCKED}1.22.146
- {BLOCKED}5.202.100
- {BLOCKED}2.161.126
- {BLOCKED}3.120.169
- {BLOCKED}.58.154
- {BLOCKED}.102.176
- {BLOCKED}.171.254
- {BLOCKED}.163.254
- {BLOCKED}6.141.184
- {BLOCKED}6.79.238
- {BLOCKED}.121.247
- {BLOCKED}.203.147
- {BLOCKED}.247.194
- {BLOCKED}6.79.205
- {BLOCKED}8.154.174
- {BLOCKED}8.135.62
- {BLOCKED}9.19.188
- {BLOCKED}6.216.7
- {BLOCKED}6.200.50
- {BLOCKED}4.135.172
- {BLOCKED}2.132.65
- {BLOCKED}6.2.202
- {BLOCKED}6.38.55
- {BLOCKED}1.79.119
- {BLOCKED}1.121.172
- {BLOCKED}2.95.133
- {BLOCKED}.127.219
- {BLOCKED}5.203.5
- {BLOCKED}6.157.15
- {BLOCKED}2.240
- {BLOCKED}6.161
- {BLOCKED}58.31
- {BLOCKED}79.150
- {BLOCKED}1.105
- {BLOCKED}9.249.130
- {BLOCKED}8.97.146
- {BLOCKED}7.169.130
- {BLOCKED}0.11.147
- {BLOCKED}.245.30
- {BLOCKED}.201.14
- {BLOCKED}4.167.63
- {BLOCKED}4.164.27
- {BLOCKED}9.192.25
- {BLOCKED}9.133.96
- {BLOCKED}.82.38
- {BLOCKED}3.220.61
- {BLOCKED}.113.88
- {BLOCKED}.90.234
- {BLOCKED}.130.67
- {BLOCKED}3.214.168
- {BLOCKED}5.10.135
- {BLOCKED}3.150.223
- {BLOCKED}.160.159
- {BLOCKED}8.56.77
- {BLOCKED}2.70.62
- {BLOCKED}2.65.123
- {BLOCKED}2.136.180
- {BLOCKED}3.126.188
- {BLOCKED}7.73.160
- {BLOCKED}.116.72
- {BLOCKED}.7.20
- {BLOCKED}.44.139
- {BLOCKED}5.180.148
- {BLOCKED}1.27.139
- {BLOCKED}2.181.134
- {BLOCKED}.231.169
- {BLOCKED}3.96.236
- {BLOCKED}3.32.236
- {BLOCKED}7.89.13
- {BLOCKED}7.72.82
- {BLOCKED}.82.54
- {BLOCKED}.62.21
- {BLOCKED}4.27.198
- {BLOCKED}8.64.233
- {BLOCKED}3.32.33
- {BLOCKED}2.195.9
- {BLOCKED}0.183.234
- {BLOCKED}9.77.142
- {BLOCKED}6.15.8
- {BLOCKED}.145.32
- {BLOCKED}.195.167
- {BLOCKED}.14.115
- {BLOCKED}.102.231
- {BLOCKED}5.16.21
- {BLOCKED}.214.122
- {BLOCKED}.125.223
- {BLOCKED}4.5.159
- {BLOCKED}.252.173
- {BLOCKED}.190.214
- {BLOCKED}.225.179
- {BLOCKED}9.28.61
- {BLOCKED}5.10.253
- {BLOCKED}.120.242
- {BLOCKED}1.150.31
- {BLOCKED}0.140.28
- {BLOCKED}.137.220
- {BLOCKED}.7.72
- {BLOCKED}.241.3
- {BLOCKED}.86.103
- {BLOCKED}.31.0
- {BLOCKED}5.249.246
- {BLOCKED}5.125.103
- {BLOCKED}5.147.217
- {BLOCKED}1.238.203
- {BLOCKED}5.131.4
- {BLOCKED}.205.184
- {BLOCKED}8.40.128
- {BLOCKED}4.161.179
- {BLOCKED}.148.173
- {BLOCKED}.96.236
- {BLOCKED}.255.24
- {BLOCKED}7.253.164
- {BLOCKED}3.242.219
- {BLOCKED}3.164.73
- {BLOCKED}5.96.236
- {BLOCKED}5.120.151
- {BLOCKED}2.219.177
- {BLOCKED}8.169.34
- {BLOCKED}8.146.164
- {BLOCKED}.189.45
- {BLOCKED}.111.190
- {BLOCKED}68.65
- {BLOCKED}.251.176
- {BLOCKED}5.243.4
- {BLOCKED}9.37.204
- {BLOCKED}0.90.129
- {BLOCKED}2.204.10
- {BLOCKED}6.212.143
- {BLOCKED}.67.38
- {BLOCKED}.250.154
- {BLOCKED}.75.147
- {BLOCKED}.142.149
- {BLOCKED}.139.147
- {BLOCKED}8.113.164
- {BLOCKED}.113.61
- {BLOCKED}7.96.236
- {BLOCKED}5.237.41
- {BLOCKED}7.84.173
- {BLOCKED}0.149.50
- {BLOCKED}8.232.128
- {BLOCKED}2.103.92
- {BLOCKED}4.78.225
- {BLOCKED}.29.17
- {BLOCKED}.91.132
- {BLOCKED}.219.132
- {BLOCKED}.174.21
- {BLOCKED}.168.128
- {BLOCKED}.172.17
- {BLOCKED}69.212
- {BLOCKED}11.111
- {BLOCKED}.35.148
- {BLOCKED}5.89.101
- {BLOCKED}7.15.119
- {BLOCKED}8.47.244
- {BLOCKED}5.21.14
- {BLOCKED}1.178.127
- {BLOCKED}8.254.199
- {BLOCKED}1.138.135
- {BLOCKED}.72.12
- {BLOCKED}.136.180
- {BLOCKED}0.39.100
- {BLOCKED}27.33
- {BLOCKED}.205.93
- {BLOCKED}.105.80
- {BLOCKED}1.97.79
- {BLOCKED}1.81.150
- {BLOCKED}4.56.1
- {BLOCKED}.8.50
- {BLOCKED}3.42.186
- {BLOCKED}2.144.180
- {BLOCKED}.195.3
- {BLOCKED}6.161.126
- {BLOCKED}.83.155
- {BLOCKED}.193.38
- {BLOCKED}3.167.14
- {BLOCKED}3.75.5
- {BLOCKED}9.160.159
- {BLOCKED}5.163.146
- {BLOCKED}1.112.54
- {BLOCKED}.179.98
- {BLOCKED}.76.179
- {BLOCKED}.72.113
- {BLOCKED}8.113.240
- {BLOCKED}9.254.213
- {BLOCKED}7.254.198
- {BLOCKED}.195.48
- {BLOCKED}.133.25
- {BLOCKED}6.102.190
- {BLOCKED}4.223.229
- {BLOCKED}.147.115
- {BLOCKED}6.198.62
- {BLOCKED}6.185.249
- {BLOCKED}5.241.146
- {BLOCKED}8.204.32
- {BLOCKED}.248.50
- {BLOCKED}2.71.172
- {BLOCKED}5.120.107
- {BLOCKED}8.219.198
- {BLOCKED}.112.54
- {BLOCKED}.201.160
- {BLOCKED}2.156.193
- {BLOCKED}3.207.241
- {BLOCKED}1.51.107
- {BLOCKED}0.219.120
- {BLOCKED}.216.28
- {BLOCKED}.248.107
- {BLOCKED}8.13.194
- {BLOCKED}4.145.183
- {BLOCKED}7.38.59
- {BLOCKED}7.149.26
- {BLOCKED}1.139.89
- {BLOCKED}4.63.210
- {BLOCKED}.201.190
- {BLOCKED}3.168.194
- {BLOCKED}0.255.46
- {BLOCKED}3.59.54
- {BLOCKED}91.68
- {BLOCKED}.50
- {BLOCKED}46.107
このウイルス情報は、自動解析システムにより作成されました。
対応方法
手順 1
Windows XP、Windows Vista および Windows 7 のユーザは、コンピュータからマルウェアもしくはアドウェア等を完全に削除するために、ウイルス検索の実行前には必ず「システムの復元」を無効にしてください。
手順 2
Windowsをセーフモードで再起動します。
手順 3
「Adware.Win32.OpenCandy.GISFX」で検出したファイル名を確認し、そのファイルを終了します。
- すべての実行中プロセスが、Windows のタスクマネージャに表示されない場合があります。この場合、"Process Explorer" などのツールを使用しマルウェアのファイルを終了してください。"Process Explorer" については、こちらをご参照下さい。
- 検出ファイルが、Windows のタスクマネージャまたは "Process Explorer" に表示されるものの、削除できない場合があります。この場合、コンピュータをセーフモードで再起動してください。
セーフモードについては、こちらをご参照下さい。 - 検出ファイルがタスクマネージャ上で表示されない場合、次の手順にお進みください。
手順 4
このレジストリ値を削除します。
警告:レジストリはWindowsの構成情報が格納されているデータベースであり、レジストリの編集内容に問題があると、システムが正常に動作しなくなる場合があります。
レジストリの編集はお客様の責任で行っていただくようお願いいたします。弊社ではレジストリの編集による如何なる問題に対しても補償いたしかねます。
レジストリの編集前にこちらをご参照ください。
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- uTorrent = "%Application Data%\uTorrent\uTorrent.exe /MINIMIZED"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- SMSetup = "{random characters}"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- uTorrent = "%Application Data%\uTorrent\uTorrent.exe /MINIMIZED"
- In HKEY_CURRENT_USER\Software\Classes\FalconBetaAccount
- remote_access_client_id = "4731483538"
- In HKEY_CURRENT_USER\Software\BitTorrent\uTorrent
- OfferProvider = ""
- In HKEY_CURRENT_USER\Software\BitTorrent\uTorrent
- OfferName = ""
- In HKEY_CURRENT_USER\Software\BitTorrent\uTorrent
- OfferAccepted = "0"
- In HKEY_CURRENT_USER\Software\BitTorrent\uTorrent
- OfferViaCAU = "0"
- In HKEY_CURRENT_USER\Software\Classes\.torrent
- (Default) = "uTorrent"
- In HKEY_CURRENT_USER\Software\Classes\uTorrent\DefaultIcon
- (Default) = "%Application Data%\uTorrent\uTorrent.exe,0"
- In HKEY_CURRENT_USER\Software\Classes\.torrent
- Content Type = "application/x-bittorrent"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent
- Extension = ".torrent"
- In HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-bittorrent
- Extension = ".torrent"
- In HKEY_CURRENT_USER\Software\Classes\uTorrent\shell\open\command
- (Default) = "%Application Data%\uTorrent\uTorrent.exe %1"
- In HKEY_CURRENT_USER\Software\Classes\uTorrent\shell
- (Default) = "open"
- In HKEY_CURRENT_USER\Software\Classes\uTorrent\Content Type
- (Default) = "application/x-bittorrent"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer
- GlobalAssocChangedCounter = "12"
- In HKEY_CURRENT_USER\Software\Classes\.btsearch
- (Default) = "uTorrent"
- In HKEY_CURRENT_USER\Software\Classes\.btsearch
- Content Type = "application/x-bittorrentsearchdescription+xml"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml
- Extension = ".btsearch"
- In HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-bittorrentsearchdescription+xml
- Extension = ".btsearch"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer
- GlobalAssocChangedCounter = "13"
- In HKEY_CURRENT_USER\Software\Classes\Magnet
- (Default) = "Magnet URI"
- In HKEY_CURRENT_USER\Software\Classes\Magnet
- URL Protocol = ""
- In HKEY_CURRENT_USER\Software\Classes\Magnet
- Content Type = "application/x-magnet"
- In HKEY_CURRENT_USER\Software\Classes\Magnet\shell\open\command
- (Default) = "%Application Data%\uTorrent\uTorrent.exe %1"
- In HKEY_CURRENT_USER\Software\Classes\Magnet\shell
- (Default) = "open"
- In HKEY_CURRENT_USER\Software\Classes\Magnet\DefaultIcon
- (Default) = "%Application Data%\uTorrent\uTorrent.exe,0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer
- GlobalAssocChangedCounter = "14"
- In HKEY_CURRENT_USER\Software\Classes\.torrent\OpenWithProgids
- uTorrent = ""
- In HKEY_CURRENT_USER\Software\Classes\.btsearch\OpenWithProgids
- uTorrent = ""
- In HKEY_CURRENT_USER\Software\Classes\Applications\uTorrent.exe\shell
- (Default) = "open"
- In HKEY_CURRENT_USER\Software\Classes\Applications\uTorrent.exe\shell\open\command
- (Default) = "%Application Data%\uTorrent\uTorrent.exe %1"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent
- DisplayIcon = "%Application Data%\uTorrent\uTorrent.exe,0"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent
- DisplayName = "\xc2\xb5Torrent"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent
- DisplayVersion = "3.3.1.29812"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent
- UninstallString = "%Application Data%\uTorrent\uTorrent.exe /UNINSTALL"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent
- InstallLocation = "%Application Data%\uTorrent"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent
- VersionMajor = "3"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent
- MajorVersion = "3"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent
- VersionMinor = "3"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent
- MinorVersion = "3"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent
- NoModify = "1"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent
- NoRepair = "1"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent
- URLInfoAbout = "http://www.{BLOCKED}nt.com"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent
- Publisher = "BitTorrent Inc."
- In HKEY_CURRENT_USER\Software\BitTorrent\uTorrent
- Revision = "29812"
- In HKEY_CURRENT_USER\Software\AppDataLow\Software\Settings Manager
- cid2 = "8db427b7b79d72e5b03e6bf112530b31"
- In HKEY_CURRENT_USER\Software\AppDataLow\Software\Settings Manager
- WS_FF_AB = "https://search.{BLOCKED}o.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=524914&p="
- In HKEY_CURRENT_USER\Software\AppDataLow\Software\Settings Manager
- WS_IE_AB = "{random characters}"
- In HKEY_CURRENT_USER\Software\AppDataLow\Software\Settings Manager
- WS_FF_IB = "{random characters}"
- In HKEY_CURRENT_USER\Software\AppDataLow\Software\Settings Manager
- WS_IE_IB = "{random characters}"
- In HKEY_CURRENT_USER\Software\AppDataLow\Software\Settings Manager
- WS_GC_IB = "{random characters}"
- In HKEY_CURRENT_USER\Software\AppDataLow\Software\Settings Manager
- spid = "249"
- In HKEY_CURRENT_USER\Software\AppDataLow\Software\Settings Manager
- channelId = "512435"
- In HKEY_CURRENT_USER\Software\AppDataLow\Software\Settings Manager
- HP_IE = "https://search.{BLOCKED}o.com/?type=524914&fr=spigot-yhp-ie"
- In HKEY_CURRENT_USER\Software\AppDataLow\Software\Settings Manager
- HP_FF = "https://search.{BLOCKED}o.com/?type=524914&fr=spigot-yhp-ff"
- In HKEY_CURRENT_USER\Software\AppDataLow\Software\Settings Manager
- HP_GC = "https://search.{BLOCKED}o.com/?type=524914&fr=yo-yhp-ch"
- In HKEY_CURRENT_USER\Software\AppDataLow\Software\Settings Manager
- vloc20_brwrst = "2"
- In HKEY_CURRENT_USER\Software\AppDataLow\Software\Settings Manager
- vloc21_maxwait = "24"
- In HKEY_CURRENT_USER\Software\AppDataLow\Software\Settings Manager
- ISN = "42F2F885836845A1A94ED8CDB08D7749"
- In HKEY_CURRENT_USER\Software\AppDataLow\Software\Settings Manager
- ieds_ts = "1569846953"
- In HKEY_CURRENT_USER\Software\AppDataLow\Software\Settings Manager
- ffds_ts = "1569846953"
- In HKEY_CURRENT_USER\Software\AppDataLow\Software\Settings Manager
- gcds_ts = "1569846953"
- In HKEY_CURRENT_USER\Software\AppDataLow\Software\Settings Manager
- ts_brwrst = "1569846954"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer
- GlobalAssocChangedCounter = "15"
- In HKEY_CURRENT_USER\Software\Classes\.btapp
- (Default) = "uTorrent"
- In HKEY_CURRENT_USER\Software\Classes\.btapp
- Content Type = "application/x-bittorrent-app"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-app
- Extension = ".btapp"
- In HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-bittorrent-app
- Extension = ".btapp"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer
- GlobalAssocChangedCounter = "16"
- In HKEY_CURRENT_USER\Software\Classes\.btskin
- (Default) = "uTorrent"
- In HKEY_CURRENT_USER\Software\Classes\.btskin
- Content Type = "application/x-bittorrent-skin"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-skin
- Extension = ".btskin"
- In HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-bittorrent-skin
- Extension = ".btskin"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer
- GlobalAssocChangedCounter = "17"
- In HKEY_CURRENT_USER\Software\Classes\.btinstall
- (Default) = "uTorrent"
- In HKEY_CURRENT_USER\Software\Classes\.btinstall
- Content Type = "application/x-bittorrent-appinst"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-appinst
- Extension = ".btinstall"
- In HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-bittorrent-appinst
- Extension = ".btinstall"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer
- GlobalAssocChangedCounter = "18"
- In HKEY_CURRENT_USER\Software\Classes\.btkey
- (Default) = "uTorrent"
- In HKEY_CURRENT_USER\Software\Classes\.btkey
- Content Type = "application/x-bittorrent-key"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-bittorrent-key
- Extension = ".btkey"
- In HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-bittorrent-key
- Extension = ".btkey"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer
- GlobalAssocChangedCounter = "19"
手順 5
以下のファイルを検索し削除します。
- %Application Data%\uTorrent\toolbar_offer.benc
- %Application Data%\uTorrent\dht.dat.old
- %Application Data%\Microsoft\Internet Explorer\Quick Launch\xc2\xb5Torrent.lnk
- %Application Data%\uTorrent\updates.dat
- %Application Data%\uTorrent\uTorrent.exe
- %Application Data%\uTorrent\settings.dat.new
- %Application Data%\uTorrent\toolbar.benc.old
- %Application Data%\uTorrent\dht.dat
- %User Temp%\uttFD61.tmp.new
- %Application Data%\uTorrent\apps\player.btapp
- %Application Data%\uTorrent\apps\welcome-upsell.btapp
- %Desktop%\xc2\xb5Torrent.lnk
- %Application Data%\uTorrent\toolbar.benc.new
- %User Temp%\ADKAppsOfferManager.dll
- %User Temp%\utt7EAA.tmp.exe
- %Application Data%\uTorrent\toolbar.benc
- %Application Data%\uTorrent\settings.dat
- %User Temp%\utt4254.tmp.old
- %Application Data%\uTorrent\settings.dat.old
- %Application Data%\uTorrent\rss.dat.old
- %Application Data%\uTorrent\apps\featuredContent.btapp
- %User Temp%\uttF5CD.tmp.new
- %Application Data%\uTorrent\dht.dat.new
- %User Temp%\uttF6EB.tmp.new
- %User Temp%\yahoo_ie.xml
- %Application Data%\uTorrent\dht_feed.dat.old
- %User Temp%\utt4254.tmp.new
- %Application Data%\uTorrent\updates\3.3.1_29812.exe
- %Start Menu%\xc2\xb5Torrent.lnk
- %Application Data%\uTorrent\rss.dat
- %Application Data%\uTorrent\apps\plus.btapp
- %Application Data%\uTorrent\dlimagecache\10E6FBE4D921B475FA5FEC6E9A535A540D6FEED1
- %Application Data%\uTorrent\dht_feed.dat
- %Application Data%\uTorrent\dht_feed.dat.new
- %Application Data%\uTorrent\rss.dat.new
手順 6
以下のフォルダを検索し削除します。
- %AppDataLocal%\{B5F70934-5E12-42d2-882D-62D42EA1FA67}
- %System Root%\Users
- %User Profile%\AppData
- %Application Data%\uTorrent\dlimagecache
- %Application Data%\uTorrent
- %Application Data%\uTorrent\share
- %Application Data%\uTorrent\updates
- %Application Data%\uTorrent\apps
手順 7
コンピュータを通常モードで再起動し、最新のバージョン(エンジン、パターンファイル)を導入したウイルス対策製品を用い、「Adware.Win32.OpenCandy.GISFX」と検出したファイルの検索を実行してください。 検出されたファイルが、弊社ウイルス対策製品により既に駆除、隔離またはファイル削除の処理が実行された場合、ウイルスの処理は完了しており、他の削除手順は特にありません。
手順 8
以下のファイルをバックアップを用いて修復します。なお、マイクロソフト製品に関連したファイルのみ修復されます。このマルウェア/グレイウェア/スパイウェアが同社製品以外のプログラムをも削除した場合には、該当プログラムを再度インストールする必要があります。
- %User Temp%\e.temp
- %User Temp%\ApnStub.exe
- %User Temp%\offconfig.temp
- %User Temp%\BunndleOfferManager.dll
- %User Temp%\i_temp.temp
ご利用はいかがでしたか? アンケートにご協力ください