PUA.Win32.WebCompanion.AA
Downloader.Win32.OpenCandy.db (Kaspersky); Adware/OpenCandy (Fortinet)
Windows
- マルウェアタイプ: 潜在的に迷惑なアプリケーション
- 破壊活動の有無: なし
- 暗号化:
- 感染報告の有無: はい
概要
プログラムは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。
詳細
侵入方法
プログラムは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。
インストール
プログラムは、以下のファイルを作成します。
- %Application Data%\pdfforge\Images2PDF\Images2PDF.settings
- %Common Programs%\PDFCreator\Donate to PDFCreator.lnk
- %Common Programs%\PDFCreator\Images2PDF\Images2PDF Console Application.lnk
- %Common Programs%\PDFCreator\Images2PDF\Images2PDF.lnk
- %Common Programs%\PDFCreator\Licenses\AFPL License.lnk
- %Common Programs%\PDFCreator\Licenses\FairPlay License.lnk
- %Common Programs%\PDFCreator\Licenses\GPL License.lnk
- %Common Programs%\PDFCreator\PDFCreator Help.lnk
- %Common Programs%\PDFCreator\PDFCreator on the Web.lnk
- %Common Programs%\PDFCreator\PDFCreator.lnk
- %Desktop%\PDF Architect 2.lnk
- %Desktop%\PDFCreator.lnk
- %Program Files%\PDFCreator\COM Scripts\JS Scripts\Basics\GetPrinterDevices.js
- %Program Files%\PDFCreator\COM Scripts\JS Scripts\Basics\MergedFiles2Tif.js
- %Program Files%\PDFCreator\COM Scripts\JS Scripts\Basics\MultipleFiles2Tif.js
- %Program Files%\PDFCreator\COM Scripts\JS Scripts\Basics\TestPage2JPG.js
- %Program Files%\PDFCreator\COM Scripts\JS Scripts\Basics\TestPage2PDF.js
- %Program Files%\PDFCreator\COM Scripts\JS Scripts\Basics\TestPage2Tif.js
- %Program Files%\PDFCreator\COM Scripts\JS Scripts\Basics\TestPageMergeTarget.js
- %Program Files%\PDFCreator\COM Scripts\JS Scripts\How To\AttachmentPage.js
- %Program Files%\PDFCreator\COM Scripts\JS Scripts\How To\AttachmentPage.pdf
- %Program Files%\PDFCreator\COM Scripts\JS Scripts\How To\BackgroundPage.js
- %Program Files%\PDFCreator\COM Scripts\JS Scripts\How To\BackgroundPage.pdf
- %Program Files%\PDFCreator\COM Scripts\JS Scripts\How To\ChangeOutputFormat.js
- %Program Files%\PDFCreator\COM Scripts\JS Scripts\How To\ConvertFileAsync.js
- %Program Files%\PDFCreator\COM Scripts\JS Scripts\How To\CoverPage.js
- %Program Files%\PDFCreator\COM Scripts\JS Scripts\How To\CoverPage.pdf
- %Program Files%\PDFCreator\COM Scripts\JS Scripts\How To\EmailClient.js
- %Program Files%\PDFCreator\COM Scripts\JS Scripts\How To\EmailSmtp.js
- %Program Files%\PDFCreator\COM Scripts\JS Scripts\How To\JpegSettings.js
- %Program Files%\PDFCreator\COM Scripts\JS Scripts\How To\MergeAllJobs.js
- %Program Files%\PDFCreator\COM Scripts\JS Scripts\How To\PdfSecuritySettings.js
- %Program Files%\PDFCreator\COM Scripts\JS Scripts\How To\PdfSignatureSettings.js
- %Program Files%\PDFCreator\DataStorage.dll
- %Program Files%\PDFCreator\DeleteMonitorDll.exe
- %Program Files%\PDFCreator\Donate to PDFCreator.url
- %Program Files%\PDFCreator\DynamicTranslator.dll
- %Program Files%\PDFCreator\ErrorReport.exe
- %Program Files%\PDFCreator\ftplib.dll
- %Program Files%\PDFCreator\Ghostscript\Bin\gsdll32.dll
- %Program Files%\PDFCreator\Ghostscript\Bin\gsdll32.lib
- %Program Files%\PDFCreator\Ghostscript\Bin\gswin32c.exe
- %Program Files%\PDFCreator\Ghostscript\Lib\acctest.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\addxchar.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\afmdiff.awk
- %Program Files%\PDFCreator\Ghostscript\Lib\align.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\bj8.rpd
- %Program Files%\PDFCreator\Ghostscript\Lib\bj8gc12f.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\bj8hg12f.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\bj8oh06n.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\bj8pa06n.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\bj8pp12f.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\bj8ts06n.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\bjc610a0.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\bjc610a1.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\bjc610a2.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\bjc610a3.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\bjc610a4.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\bjc610a5.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\bjc610a6.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\bjc610a7.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\bjc610a8.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\bjc610b1.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\bjc610b2.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\bjc610b3.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\bjc610b4.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\bjc610b6.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\bjc610b7.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\bjc610b8.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\caption.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\cat.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\cbjc600.ppd
- %Program Files%\PDFCreator\Ghostscript\Lib\cbjc800.ppd
- %Program Files%\PDFCreator\Ghostscript\Lib\cdj550.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\cdj690.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\cdj690ec.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\cid2code.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\cidfmap
- %Program Files%\PDFCreator\Ghostscript\Lib\decrypt.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\dnj750c.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\dnj750m.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\docie.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\dvipdf
- %Program Files%\PDFCreator\Ghostscript\Lib\EndOfTask.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\eps2eps
- %Program Files%\PDFCreator\Ghostscript\Lib\eps2eps.bat
- %Program Files%\PDFCreator\Ghostscript\Lib\eps2eps.cmd
- %Program Files%\PDFCreator\Ghostscript\Lib\FAPIconfig-FCO
- %Program Files%\PDFCreator\Ghostscript\Lib\FCOfontmap-PCLPS3
- %Program Files%\PDFCreator\Ghostscript\Lib\FCOfontmap-PS3
- %Program Files%\PDFCreator\Ghostscript\Lib\font2c
- %Program Files%\PDFCreator\Ghostscript\Lib\font2c.bat
- %Program Files%\PDFCreator\Ghostscript\Lib\font2c.cmd
- %Program Files%\PDFCreator\Ghostscript\Lib\font2c.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\font2pcl.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\Fontmap.ATB
- %Program Files%\PDFCreator\Ghostscript\Lib\Fontmap.ATM
- %Program Files%\PDFCreator\Ghostscript\Lib\Fontmap.OS2
- %Program Files%\PDFCreator\Ghostscript\Lib\Fontmap.OSF
- %Program Files%\PDFCreator\Ghostscript\Lib\Fontmap.SGI
- %Program Files%\PDFCreator\Ghostscript\Lib\Fontmap.Sol
- %Program Files%\PDFCreator\Ghostscript\Lib\Fontmap.Ult
- %Program Files%\PDFCreator\Ghostscript\Lib\Fontmap.URW-136.T1
- %Program Files%\PDFCreator\Ghostscript\Lib\Fontmap.URW-136.TT
- %Program Files%\PDFCreator\Ghostscript\Lib\Fontmap.VMS
- %Program Files%\PDFCreator\Ghostscript\Lib\ghostpdf.inf
- %Program Files%\PDFCreator\Ghostscript\Lib\ghostpdf.ppd
- %Program Files%\PDFCreator\Ghostscript\Lib\gs_ce_e.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\gs_cmdl.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\gs_il2_e.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\gs_kanji.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\gs_ksb_e.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\gs_l.xbm
- %Program Files%\PDFCreator\Ghostscript\Lib\gs_l.xpm
- %Program Files%\PDFCreator\Ghostscript\Lib\gs_l_m.xbm
- %Program Files%\PDFCreator\Ghostscript\Lib\gs_lgo_e.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\gs_lgx_e.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\gs_m.xbm
- %Program Files%\PDFCreator\Ghostscript\Lib\gs_m.xpm
- %Program Files%\PDFCreator\Ghostscript\Lib\gs_m_m.xbm
- %Program Files%\PDFCreator\Ghostscript\Lib\gs_pfile.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\gs_rdlin.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\gs_s.xbm
- %Program Files%\PDFCreator\Ghostscript\Lib\gs_s.xpm
- %Program Files%\PDFCreator\Ghostscript\Lib\gs_s_m.xbm
- %Program Files%\PDFCreator\Ghostscript\Lib\gs_t.xbm
- %Program Files%\PDFCreator\Ghostscript\Lib\gs_t.xpm
- %Program Files%\PDFCreator\Ghostscript\Lib\gs_t_m.xbm
- %Program Files%\PDFCreator\Ghostscript\Lib\gs_wl1_e.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\gs_wl2_e.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\gs_wl5_e.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\gsbj
- %Program Files%\PDFCreator\Ghostscript\Lib\gsbj.bat
- %Program Files%\PDFCreator\Ghostscript\Lib\gsdj
- %Program Files%\PDFCreator\Ghostscript\Lib\gsdj.bat
- %Program Files%\PDFCreator\Ghostscript\Lib\gsdj500
- %Program Files%\PDFCreator\Ghostscript\Lib\gsdj500.bat
- %Program Files%\PDFCreator\Ghostscript\Lib\gslj
- %Program Files%\PDFCreator\Ghostscript\Lib\gslj.bat
- %Program Files%\PDFCreator\Ghostscript\Lib\gslp
- %Program Files%\PDFCreator\Ghostscript\Lib\gslp.bat
- %Program Files%\PDFCreator\Ghostscript\Lib\gslp.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\gsnd
- %Program Files%\PDFCreator\Ghostscript\Lib\gsnd.bat
- %Program Files%\PDFCreator\Ghostscript\Lib\gsndt.bat
- %Program Files%\PDFCreator\Ghostscript\Lib\gsnup.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\gssetgs.bat
- %Program Files%\PDFCreator\Ghostscript\Lib\gssetgs32.bat
- %Program Files%\PDFCreator\Ghostscript\Lib\gssetgs64.bat
- %Program Files%\PDFCreator\Ghostscript\Lib\gst.bat
- %Program Files%\PDFCreator\Ghostscript\Lib\gstt.bat
- %Program Files%\PDFCreator\Ghostscript\Lib\ht_ccsto.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\image-qa.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\impath.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\Info-macos.plist
- %Program Files%\PDFCreator\Ghostscript\Lib\jispaper.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\jobseparator.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\landscap.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\level1.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\lines.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\lp386.bat
- %Program Files%\PDFCreator\Ghostscript\Lib\lp386r2.bat
- %Program Files%\PDFCreator\Ghostscript\Lib\lpgs.bat
- %Program Files%\PDFCreator\Ghostscript\Lib\lpr2.bat
- %Program Files%\PDFCreator\Ghostscript\Lib\lprsetup.sh
- %Program Files%\PDFCreator\Ghostscript\Lib\markhint.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\markpath.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\mkcidfm.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\necp2x.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\necp2x6.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\opdfread.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\packfile.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\pcharstr.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\pdf2dsc
- %Program Files%\PDFCreator\Ghostscript\Lib\pdf2dsc.bat
- %Program Files%\PDFCreator\Ghostscript\Lib\pdf2dsc.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\pdf2ps
- %Program Files%\PDFCreator\Ghostscript\Lib\pdf2ps.bat
- %Program Files%\PDFCreator\Ghostscript\Lib\pdf2ps.cmd
- %Program Files%\PDFCreator\Ghostscript\Lib\PDFA_def.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\pdfwrite.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\PDFX_def.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\pf2afm
- %Program Files%\PDFCreator\Ghostscript\Lib\pf2afm.bat
- %Program Files%\PDFCreator\Ghostscript\Lib\pf2afm.cmd
- %Program Files%\PDFCreator\Ghostscript\Lib\pf2afm.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\pfbtopfa
- %Program Files%\PDFCreator\Ghostscript\Lib\pfbtopfa.bat
- %Program Files%\PDFCreator\Ghostscript\Lib\pfbtopfa.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\pftogsf.bat
- %Program Files%\PDFCreator\Ghostscript\Lib\ppath.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\pphs
- %Program Files%\PDFCreator\Ghostscript\Lib\pphs.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\prfont.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\printafm
- %Program Files%\PDFCreator\Ghostscript\Lib\printafm.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\ps2ai.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\ps2ascii
- %Program Files%\PDFCreator\Ghostscript\Lib\ps2ascii.bat
- %Program Files%\PDFCreator\Ghostscript\Lib\ps2ascii.cmd
- %Program Files%\PDFCreator\Ghostscript\Lib\ps2ascii.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\ps2epsi
- %Program Files%\PDFCreator\Ghostscript\Lib\ps2epsi.bat
- %Program Files%\PDFCreator\Ghostscript\Lib\ps2epsi.cmd
- %Program Files%\PDFCreator\Ghostscript\Lib\ps2epsi.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\ps2pdf
- %Program Files%\PDFCreator\Ghostscript\Lib\ps2pdf.bat
- %Program Files%\PDFCreator\Ghostscript\Lib\ps2pdf.cmd
- %Program Files%\PDFCreator\Ghostscript\Lib\ps2pdf12
- %Program Files%\PDFCreator\Ghostscript\Lib\ps2pdf12.bat
- %Program Files%\PDFCreator\Ghostscript\Lib\ps2pdf12.cmd
- %Program Files%\PDFCreator\Ghostscript\Lib\ps2pdf13
- %Program Files%\PDFCreator\Ghostscript\Lib\ps2pdf13.bat
- %Program Files%\PDFCreator\Ghostscript\Lib\ps2pdf13.cmd
- %Program Files%\PDFCreator\Ghostscript\Lib\ps2pdf14
- %Program Files%\PDFCreator\Ghostscript\Lib\ps2pdf14.bat
- %Program Files%\PDFCreator\Ghostscript\Lib\ps2pdf14.cmd
- %Program Files%\PDFCreator\Ghostscript\Lib\ps2pdfwr
- %Program Files%\PDFCreator\Ghostscript\Lib\ps2pdfxx.bat
- %Program Files%\PDFCreator\Ghostscript\Lib\ps2ps
- %Program Files%\PDFCreator\Ghostscript\Lib\ps2ps.bat
- %Program Files%\PDFCreator\Ghostscript\Lib\ps2ps.cmd
- %Program Files%\PDFCreator\Ghostscript\Lib\ps2ps2
- %Program Files%\PDFCreator\Ghostscript\Lib\ps2ps2.bat
- %Program Files%\PDFCreator\Ghostscript\Lib\ps2ps2.cmd
- %Program Files%\PDFCreator\Ghostscript\Lib\quit.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\ras1.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\ras24.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\ras3.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\ras32.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\ras4.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\ras8m.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\rinkj-2200-setup
- %Program Files%\PDFCreator\Ghostscript\Lib\rollconv.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\showchar.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\showpage.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\st640ih.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\st640ihg.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\st640p.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\st640pg.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\st640pl.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\st640plg.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\stc.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\stc1520h.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\stc2.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\stc200_h.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\stc2_h.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\stc2s_h.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\stc300.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\stc300bl.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\stc300bm.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\stc500p.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\stc500ph.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\stc600ih.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\stc600p.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\stc600pl.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\stc640p.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\stc800ih.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\stc800p.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\stc800pl.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\stc_h.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\stc_l.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\stcany.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\stcany_h.upp
- %Program Files%\PDFCreator\Ghostscript\Lib\stcinfo.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\stcolor.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\stocht.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\traceimg.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\traceop.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\type1enc.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\type1ops.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\uninfo.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\unix-lpr.sh
- %Program Files%\PDFCreator\Ghostscript\Lib\unprot.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\viewcmyk.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\viewgif.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\viewjpeg.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\viewmiff.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\viewpbm.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\viewpcx.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\viewps2a.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\viewrgb.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\wftopfa
- %Program Files%\PDFCreator\Ghostscript\Lib\wftopfa.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\winmaps.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\wmakebat.bat
- %Program Files%\PDFCreator\Ghostscript\Lib\wrfont.ps
- %Program Files%\PDFCreator\Ghostscript\Lib\zeroline.ps
- %Program Files%\PDFCreator\Images2PDF\Images2PDF.exe
- %Program Files%\PDFCreator\Images2PDF\Images2PDFC.exe
- %Program Files%\PDFCreator\Images2PDF\Languages\dutch.ini
- %Program Files%\PDFCreator\Images2PDF\Languages\english.ini
- %Program Files%\PDFCreator\Images2PDF\Languages\german.ini
- %Program Files%\PDFCreator\Images2PDF\Languages\italian.ini
- %Program Files%\PDFCreator\Images2PDF\Languages\portuguese_br.ini
- %Program Files%\PDFCreator\Images2PDF\Languages\russian.ini
- %Program Files%\PDFCreator\Images2PDF\Languages\ukrainian.ini
- %Program Files%\PDFCreator\itextsharp.dll
- %Program Files%\PDFCreator\languages\Chinese (Simplified).ini
- %Program Files%\PDFCreator\languages\Chinese (Traditional).ini
- %Program Files%\PDFCreator\languages\Corsican (France).ini
- %Program Files%\PDFCreator\languages\Czech.ini
- %Program Files%\PDFCreator\languages\Dutch.ini
- %Program Files%\PDFCreator\languages\English.ini
- %Program Files%\PDFCreator\languages\French.ini
- %Program Files%\PDFCreator\languages\German.ini
- %Program Files%\PDFCreator\languages\Italian.ini
- %Program Files%\PDFCreator\languages\Lithuanian.ini
- %Program Files%\PDFCreator\languages\Polish.ini
- %Program Files%\PDFCreator\languages\Portuguese (Brazil).ini
- %Program Files%\PDFCreator\languages\Spanish.ini
- %Program Files%\PDFCreator\NLog.dll
- %Program Files%\PDFCreator\PayPal.ico
- %Program Files%\PDFCreator\PDFCreator.Core.dll
- %Program Files%\PDFCreator\PDFCreator.exe
- %Program Files%\PDFCreator\PDFCreator.Mail.dll
- %Program Files%\PDFCreator\PDFCreator.Settings.dll
- %Program Files%\PDFCreator\PDFCreator.url
- %Program Files%\PDFCreator\PDFCreator.Utilities.dll
- %Program Files%\PDFCreator\PDFCreator_english.chm
- %Program Files%\PDFCreator\PDFCreator_german.chm
- %Program Files%\PDFCreator\pdfforge.ico
- %Program Files%\PDFCreator\PDFProcessing.dll
- %Program Files%\PDFCreator\PrinterHelper.exe
- %Program Files%\PDFCreator\ProcessPrivileges.dll
- %Program Files%\PDFCreator\RepairFolderPermissions.exe
- %Program Files%\PDFCreator\SetupHelper.exe
- %Program Files%\PDFCreator\SetupLog.txt
- %Program Files%\PDFCreator\SystemInterface.dll
- %Program Files%\PDFCreator\SystemWrapper.dll
- %Program Files%\PDFCreator\TrueTypeFontInfo.dll
- %Program Files%\PDFCreator\unins000.dat
- %Program Files%\PDFCreator\unins000.exe
- %ProgramData%\PDF Architect 2\Installation\PDFArchitect2Installer.exe
- %ProgramData%\PDF Architect 2\Installation\statistic.xml
- %System%\pdfcmon.dll
(註:%Application Data%フォルダは、現在ログオンしているユーザのアプリケーションデータフォルダです。Windows 2000、XP、Server 2003の場合、通常 "C:\Documents and Settings\<ユーザ名>\Local Settings\Application Data" です。また、Windows Vista、7、8の場合、通常 "C:\Users\<ユーザ名>\AppData\Roaming" です。. %Common Programs%フォルダは、共通プログラムグループが含まれるフォルダです。Windows 2000、XP、Server 2003の場合、通常 "C:\Documents and Settings\All Users\Start Menu\Programs" です。また、Windows Vista、7、8の場合、通常 "C:\ProgramData\Microsoft\Windows\Start Menu\Programs" です。. %Desktop%フォルダは、現在ログオンしているユーザのデスクトップです。Windows 2000、XP、Server 2003の場合、通常 "C:\Documents and Settings\<ユーザ名>\Desktop" です。また、Windows Vista、7、8の場合、通常 "C:\Users\<ユーザ名>\Desktop" です。. %Program Files%フォルダは、デフォルトのプログラムファイルフォルダです。Windows 2000、Server 2003、XP(32-bit),Vista(32-bit)、7(32-bit)、8(32-bit)の場合、通常 "C:\Program Files"です。また、Windows XP(64-bit)、Vista(64-bit)、7(64-bit)、8(64-bit)の場合、通常 "C:\Program Files(x86)" です。. %ProgramData%フォルダは、マルチユーザーシステムにおいて任意のユーザがプログラムに変更を加えることができるプログラムファイルフォルダのバージョンです。これには、すべてのユーザのアプリケーションデータが含まれます。Windows Vista、7、8の場合、通常 "C:\ProgramData" です。. %System%フォルダは、システムフォルダで、いずれのオペレーティングシステム(OS)でも通常、"C:\Windows\System32" です。.)
他のシステム変更
プログラムは、以下のレジストリキーを追加します。
HKEY_CURRENT_USER\Software\PDF Architect 2
HKEY_CURRENT_USER\Software\PDF Architect 2\
Options
HKEY_CURRENT_USER\Software\PDF Architect 2\
Options\General
HKEY_CURRENT_USER\Software\PDF Architect 2\
Installation
HKEY_LOCAL_MACHINE\SOFTWARE\PDF Architect 2\
Installation
HKEY_LOCAL_MACHINE\SOFTWARE\PDF Architect 2
HKEY_LOCAL_MACHINE\SOFTWARE\PDF Architect 2\
Links
HKEY_LOCAL_MACHINE\SOFTWARE\PDFCreator.net
HKEY_LOCAL_MACHINE\SOFTWARE\PDFCreator.net\
Program
HKEY_CURRENT_USER\Software\PDFCreator.net
HKEY_CURRENT_USER\Software\PDFCreator.net\
Settings
HKEY_CURRENT_USER\Software\PDFCreator.net\
Settings\ApplicationSettings
プログラムは、以下のレジストリ値を追加します。
HKEY_LOCAL_MACHINE\SOFTWARE\PDFCreator.net\
Program
ApplicationPath = %Program Files%\PDFCreator
HKEY_CURRENT_USER\Software\PDFCreator.net\
Settings\ApplicationSettings
Language = English
HKEY_LOCAL_MACHINE\SOFTWARE\PDF Architect 2\
Links
cmp = default
HKEY_LOCAL_MACHINE\SOFTWARE\PDF Architect 2\
Links
DOWNLOAD_LINK = download20.{BLOCKED}hitect.org/module/
HKEY_LOCAL_MACHINE\SOFTWARE\PDF Architect 2\
Links
key1 = default
HKEY_LOCAL_MACHINE\SOFTWARE\PDF Architect 2\
Links
key2 = {installation date}
HKEY_LOCAL_MACHINE\SOFTWARE\PDF Architect 2\
Links
params = id={uid}&ref=pdfarchitect.org&cmp=default&key1=default&key2={installation date}&mkey1=default
HKEY_LOCAL_MACHINE\SOFTWARE\PDF Architect 2\
Links
partner = default
HKEY_LOCAL_MACHINE\SOFTWARE\PDF Architect 2\
Links
redirector_link = http://paygw.{BLOCKED}hitect.org/redirect/
HKEY_LOCAL_MACHINE\SOFTWARE\PDF Architect 2\
Links
ref = pdfarchitect.org
HKEY_LOCAL_MACHINE\SOFTWARE\PDF Architect 2\
Links
uid = {uid}
HKEY_LOCAL_MACHINE\SOFTWARE\PDF Architect 2\
Installation
INSTALL_FOLDER = %Program Files%\PDF Architect 2
HKEY_LOCAL_MACHINE\SOFTWARE\PDF Architect 2\
Installation
INSTALL_FOLDER = %Program Files%\PDF Architect 2
HKEY_CURRENT_USER\Software\PDF Architect 2
locale = en
HKEY_CURRENT_USER\Software\PDF Architect 2\
Options\General
Allow Automatic Updates = 1
HKEY_CURRENT_USER\Software\PDF Architect 2\
Installation
Desktop Shortcut = %Desktop%\PDF Architect 2.lnk
HKEY_LOCAL_MACHINE\SOFTWARE\PDFCreator.net\
Program
ApplicationVersion = 2.0.1.714
その他
プログラムは、以下の不正なWebサイトにアクセスします。
- http://update.{BLOCKED}ge.org/pdfcreator/op
- http://wsgeoip.{BLOCKED}ft.com/ipservice.asmx
対応方法
手順 1
Windows XP、Windows Vista および Windows 7 のユーザは、コンピュータからマルウェアもしくはアドウェア等を完全に削除するために、ウイルス検索の実行前には必ず「システムの復元」を無効にしてください。
手順 2
このマルウェアもしくはアドウェア等の実行により、手順中に記載されたすべてのファイル、フォルダおよびレジストリキーや値がコンピュータにインストールされるとは限りません。インストールが不完全である場合の他、オペレーティングシステム(OS)の条件によりインストールがされない場合が考えられます。手順中に記載されたファイル/フォルダ/レジストリ情報が確認されない場合、該当の手順の操作は不要ですので、次の手順に進んでください。
手順 3
自身のアンインストールオプションを使用し、「PUA.Win32.WebCompanion.AA」を削除します。
手順 4
以下のファイルを検索し削除します。
- %Desktop%\PDF Architect 2.lnk
- %ProgramData%\PDF Architect 2\Installation\PDFArchitect2Installer.exe
- %ProgramData%\PDF Architect 2\Installation\statistic.xml
手順 5
最新のバージョン(エンジン、パターンファイル)を導入したウイルス対策製品を用い、ウイルス検索を実行してください。「PUA.Win32.WebCompanion.AA」と検出したファイルはすべて削除してください。 検出されたファイルが、弊社ウイルス対策製品により既に駆除、隔離またはファイル削除の処理が実行された場合、ウイルスの処理は完了しており、他の削除手順は特にありません。
ご利用はいかがでしたか? アンケートにご協力ください