PUA_DOWNAD.GA
Windows
- マルウェアタイプ: 潜在的に迷惑なアプリケーション
- 破壊活動の有無: なし
- 暗号化:
- 感染報告の有無: はい
概要
プログラムは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。 プログラムは、ユーザの手動インストールにより、コンピュータに侵入します。
詳細
侵入方法
プログラムは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。
プログラムは、ユーザの手動インストールにより、コンピュータに侵入します。
インストール
プログラムは、以下のファイルを作成します。
- %Application Data%\ESTsoft\ALUpdate\Log\ALUpdate.log
- %Application Data%\ESTsoft\Cooperation\shopping_zum.ico
- %Program Files%\ESTsoft\ALUpdate\알툴즈 업데이트.lnk
- %Program Files%\ESTsoft\ALUpdate\ALAd.dll
- %Program Files%\ESTsoft\ALUpdate\ALUpdate.exe
- %Program Files%\ESTsoft\ALUpdate\ALUpdateEx.dll
- %Program Files%\ESTsoft\ALUpdate\ALUpExt.exe
- %Program Files%\ESTsoft\ALUpdate\ALUpProduct.exe
- %Program Files%\ESTsoft\ALUpdate\AZMain.dll
- %Program Files%\ESTsoft\ALUpdate\Banner.ini
- %Program Files%\ESTsoft\ALUpdate\cacerts.pem
- %Program Files%\ESTsoft\ALUpdate\eausvc.exe
- %Program Files%\ESTsoft\ALUpdate\ezt.exe
- %Program Files%\ESTsoft\ALUpdate\ko-kr.dll
- %Program Files%\ESTsoft\ALUpdate\ns{random characters}.tmp
- %Program Files%\ESTsoft\ALUpdate\Simple_ALUpdate.gif
- %Program Files%\ESTsoft\ALUpdate\Simple_Co.gif
- %Program Files%\ESTsoft\ALUpdate\Simple_Public.gif
- %Program Files%\ESTsoft\ALUpdate\unins000.exe
- %Program Files%\ESTsoft\ALZip\알집.lnk
- %Program Files%\ESTsoft\ALZip\7za.dll
- %Program Files%\ESTsoft\ALZip\About.swf
- %Program Files%\ESTsoft\ALZip\ALAd.dll
- %Program Files%\ESTsoft\ALZip\ALMountConn.dll
- %Program Files%\ESTsoft\ALZip\ALMountDrv.sys
- %Program Files%\ESTsoft\ALZip\ALMountDrv64.sys
- %Program Files%\ESTsoft\ALZip\ALMountService.exe
- %Program Files%\ESTsoft\ALZip\ALMountTray.exe
- %Program Files%\ESTsoft\ALZip\ALSTS.dll
- %Program Files%\ESTsoft\ALZip\ALUpdate.dll
- %Program Files%\ESTsoft\ALZip\ALZip.exe
- %Program Files%\ESTsoft\ALZip\ALZipCon.exe
- %Program Files%\ESTsoft\ALZip\ALZipIcon.dll
- %Program Files%\ESTsoft\ALZip\AZCTM.dll
- %Program Files%\ESTsoft\ALZip\AZCTM64.dll
- %Program Files%\ESTsoft\ALZip\Banner\DefBanner2.gif
- %Program Files%\ESTsoft\ALZip\Banner\DefBanner3.gif
- %Program Files%\ESTsoft\ALZip\Cabinet.dll
- %Program Files%\ESTsoft\ALZip\Coders\AZO.dll
- %Program Files%\ESTsoft\ALZip\Coders\BZ2.dll
- %Program Files%\ESTsoft\ALZip\Coders\Coder7z.dll
- %Program Files%\ESTsoft\ALZip\Coders\Deflate.dll
- %Program Files%\ESTsoft\ALZip\Coders\Implode.dll
- %Program Files%\ESTsoft\ALZip\Coders\LZH.dll
- %Program Files%\ESTsoft\ALZip\Coders\LZMA.dll
- %Program Files%\ESTsoft\ALZip\Coders\PPMD.dll
- %Program Files%\ESTsoft\ALZip\dbghelp.dll
- %Program Files%\ESTsoft\ALZip\ECRSC.dll
- %Program Files%\ESTsoft\ALZip\ECRSC_KR.dll
- %Program Files%\ESTsoft\ALZip\EGGSFX.sfx
- %Program Files%\ESTsoft\ALZip\EULA.rtf
- %Program Files%\ESTsoft\ALZip\Formats\7z.dll
- %Program Files%\ESTsoft\ALZip\Formats\Ace.dll
- %Program Files%\ESTsoft\ALZip\Formats\Alz.dll
- %Program Files%\ESTsoft\ALZip\Formats\BZip.dll
- %Program Files%\ESTsoft\ALZip\Formats\Cab.dll
- %Program Files%\ESTsoft\ALZip\Formats\CDImage.dll
- %Program Files%\ESTsoft\ALZip\Formats\Egg.dll
- %Program Files%\ESTsoft\ALZip\Formats\ETC.dll
- %Program Files%\ESTsoft\ALZip\Formats\GZip.dll
- %Program Files%\ESTsoft\ALZip\Formats\Lha.dll
- %Program Files%\ESTsoft\ALZip\Formats\Rar.dll
- %Program Files%\ESTsoft\ALZip\Formats\Tar.dll
- %Program Files%\ESTsoft\ALZip\Formats\Zip.dll
- %Program Files%\ESTsoft\ALZip\gdiplus.dll
- %Program Files%\ESTsoft\ALZip\icudt42.dll
- %Program Files%\ESTsoft\ALZip\icuuc42.dll
- %Program Files%\ESTsoft\ALZip\LGPL.txt
- %Program Files%\ESTsoft\ALZip\libETC.dll
- %Program Files%\ESTsoft\ALZip\License.txt
- %Program Files%\ESTsoft\ALZip\MFC90KOR.dll
- %Program Files%\ESTsoft\ALZip\mfc90u.dll
- %Program Files%\ESTsoft\ALZip\Microsoft.VC90.CRT.manifest
- %Program Files%\ESTsoft\ALZip\Microsoft.VC90.MFC.manifest
- %Program Files%\ESTsoft\ALZip\Microsoft.VC90.MFCLOC.manifest
- %Program Files%\ESTsoft\ALZip\msvcp90.dll
- %Program Files%\ESTsoft\ALZip\msvcr90.dll
- %Program Files%\ESTsoft\ALZip\NewEgg.dat
- %Program Files%\ESTsoft\ALZip\NewZip.dat
- %Program Files%\ESTsoft\ALZip\ns{random characters}.tmp
- %Program Files%\ESTsoft\ALZip\readme.txt
- %Program Files%\ESTsoft\ALZip\splash.bmp
- %Program Files%\ESTsoft\ALZip\Styles\Office2013.dll
- %Program Files%\ESTsoft\ALZip\ToolkitPro.ResourceKo.dll
- %Program Files%\ESTsoft\ALZip\ToolkitPro1640vc90U.dll
- %Program Files%\ESTsoft\ALZip\unacev2.dll
- %Program Files%\ESTsoft\ALZip\unins000.exe
- %Program Files%\ESTsoft\ALZip\unrar.dll
- %Program Files%\ESTsoft\Common\ALSTSCollector.exe
- %Program Files%\ESTsoft\Common\ezt.exe
- %Program Files%\ESTsoft\Common\ns{random characters}.tmp
- %Start Menu%\알집.lnk
- %System Root%\Users\Public\Desktop\알집.lnk
- %User Temp%\ns{random characters}.tmD\EstUrl.dll
- %User Temp%\ns{random characters}.tmD\newadvsplash.dll
- %User Temp%\ns{random characters}.tmD\PromotionSetter.dll
- %User Temp%\ns{random characters}.tmD\StartInfo.htm
- %User Temp%\ns{random characters}.tmD\stext
- %User Temp%\ns{random characters}.tmp
(註:%Application Data%フォルダは、Windows 2000、XP および Server 2003 の場合、通常 "C:\Documents and Settings\<ユーザ名>\Local Settings\Application Data"、Windows Vista 、 7 、8、8.1 、Server 2008 および Server 2012の場合、"C:\Users\<ユーザ名>\AppData\Roaming" です。.. %Program Files%フォルダは、プログラムファイルのフォルダで、いずれのオペレーティングシステム(OS)でも通常、 "C:\Program Files"、64bitのOS上で32bitのアプリケーションを実行している場合、 "C:\Program Files (x86)" です。.. %Start Menu%フォルダは、Windows 2000、XP および Server 2003 の場合、通常、"C:\Windows\Start Menu" または "C:\Documents and Settings\<ユーザ名>\Start Menu"、Windows Vista 、 7 、8、8.1 、Server 2008 および Server 2012の場合、"C:\Users\<ユーザ名>\AppData\Roaming\Microsoft\Windows\Start Menu" です。.. %System Root%フォルダは、オペレーティングシステム(OS)が存在する場所で、いずれのOSでも通常、 "C:" です。.. %User Temp%フォルダは、ユーザの一時フォルダで、Windows 2000、XP および Server 2003 の場合、通常、"C:\Documents and Settings\<ユーザー名>\Local Settings\Temp"、Windows Vista 、 7 、8、8.1 、Server 2008 および Server 2012の場合、"C:\Users\<ユーザ名>\AppData\Local\Temp" です。.)
プログラムは、以下のフォルダを作成します。
- %Application Data%\ESTsoft
- %Application Data%\ESTsoft\ALUpdate
- %Application Data%\ESTsoft\ALUpdate\Log
- %Application Data%\ESTsoft\Cooperation
- %Program Files%\ESTsoft
- %Program Files%\ESTsoft\ALUpdate
- %Program Files%\ESTsoft\ALZip
- %Program Files%\ESTsoft\ALZip\Banner
- %Program Files%\ESTsoft\ALZip\Coders
- %Program Files%\ESTsoft\ALZip\Formats
- %Program Files%\ESTsoft\ALZip\Styles
- %Program Files%\ESTsoft\Common
- %User Temp%\ns{random characters}.tmD
(註:%Application Data%フォルダは、Windows 2000、XP および Server 2003 の場合、通常 "C:\Documents and Settings\<ユーザ名>\Local Settings\Application Data"、Windows Vista 、 7 、8、8.1 、Server 2008 および Server 2012の場合、"C:\Users\<ユーザ名>\AppData\Roaming" です。.. %Program Files%フォルダは、プログラムファイルのフォルダで、いずれのオペレーティングシステム(OS)でも通常、 "C:\Program Files"、64bitのOS上で32bitのアプリケーションを実行している場合、 "C:\Program Files (x86)" です。.. %User Temp%フォルダは、ユーザの一時フォルダで、Windows 2000、XP および Server 2003 の場合、通常、"C:\Documents and Settings\<ユーザー名>\Local Settings\Temp"、Windows Vista 、 7 、8、8.1 、Server 2008 および Server 2012の場合、"C:\Users\<ユーザ名>\AppData\Local\Temp" です。.)
他のシステム変更
プログラムは、以下のレジストリキーを追加します。
HKEY_CURRENT_USER\Software\ESTsoft
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.001
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.7z
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.ace
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.alz
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.arc
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.arj
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.b64
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bh
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bhx
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bin
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bz
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bz2
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.cab
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.ear
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.egg
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.enc
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.gz
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.ha
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.hqx
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.ice
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.img
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.iso
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.jar
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.lcd
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.lha
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.lzh
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.mim
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.nrg
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.pak
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.rar
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tar
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tbz
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tbz2
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tgz
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.uu
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.uue
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.war
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.xxe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.xz
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.z
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.zip
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.zoo
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SOFTWARE\ESTsoft\ALZip
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALBanner
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALSTS
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALUpdate
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities
プログラムは、以下のレジストリ値を追加します。
HKEY_CURRENT_USER\Software\ESTsoft\
ALUpdate
(Default) = ""
HKEY_CURRENT_USER\Software\ESTsoft\
ALUpdate
language = "ko-KR"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip
(Default) = ""
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip
LanguageResource = ""
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip
RootDir = "%Program Files%\ESTsoft\ALZip"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip
Version = "10.73"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
AutoCloseCompress = "0"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
AutoCloseExtract = "0"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
AutoTestResultType = "0"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
AutoTestType = "1"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
CascadedContextMenu = "0"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
CheckUsedIcon = "0"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
CompressionTempPath = ""
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
CompressionTempPathType = "1"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuExtra1 = "1"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuExtra1_2 = "1"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuExtra1_3 = "1"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuExtra2 = "0"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuExtra2_2 = "0"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuExtra2_3 = "0"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuExtra3 = "0"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuExtra3_2 = "0"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuExtra3_3 = "0"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuExtra4 = "1"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuExtra4_2 = "1"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuExtra4_3 = "1"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuExtra5 = "1"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuExtra5_2 = "1"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuExtra5_3 = "1"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive1 = "1"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive1_2 = "1"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive1_3 = "1"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive2 = "1"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive2_2 = "1"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive2_3 = "1"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive3 = "1"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive3_2 = "1"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive3_3 = "1"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive4 = "0"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive4_2 = "0"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive4_3 = "0"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive5 = "0"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive5_2 = "0"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive5_3 = "0"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive6 = "1"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive6_2 = "1"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive6_3 = "1"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive7 = "1"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive7_2 = "1"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive7_3 = "1"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnFiles1 = "1"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnFiles1_2 = "1"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnFiles1_3 = "1"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnFiles2 = "1"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnFiles2_2 = "1"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnFiles2_3 = "1"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnFiles3 = "1"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnFiles3_2 = "1"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnFiles3_3 = "1"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
CreateFilenameFolderUnderSelectedFolder = "1"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
DefaultArchiveFormat = "0"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
DefaultProgram = ""
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
DefaultSplitSizeType = "2"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ExecuteDefPrgIfNotRegisteredPrg = "0"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ExtensionCheckRule = "0"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ExtractLastPath = ""
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
LastCompressFormat = "zip"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
LastThreadCount = "1"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ListViewSortIndex = "0"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ListViewStyle = "3"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
MainBottomSectionSize = "100"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
MainLeftSectionSize = "206"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
MyDefaultFolder = "."
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
MyDefaultFolderType = "3"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
NewArchiveDialogExpanded = "0"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
NoMsgDeletingTempFiles = "0"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
NoShowAttachMailMsg = "0"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
OpenDialogIncFullPath = "0"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
OpenDialogIncSubFolders = "1"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
OpenFolderAfterExtract = "1"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ReplaceDialogAll = "0"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ReplaceDialogDoType = "1"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ReplaceDialogOverwriteType = "0"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ScanVirusOnExtracting = "0"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
SearchIgnoreCase = "1"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ShowArchiveComment = "0"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ShowColumnAttribute = "0"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ShowColumnComment = "1"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ShowColumnCRC = "0"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ShowColumnDirectory = "0"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ShowColumnMethod = "0"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ShowColumnModifiedDate = "1"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ShowColumnPackedSize = "1"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ShowColumnRatio = "1"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ShowColumnType = "1"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ShowColumnUnpackedSize = "1"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ShowColumnVolume = "0"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ShowLeftSection = "1"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ShowStatusBar = "1"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ShowToolBar = "1"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
SmartTarGz = "1"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
SortColumn = "0"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
SpecifiedProgram = "notepad.exe"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
SpeedExtractorType = "0"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
UnassociateExtensions = ""
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
UseContextMenu = "1"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
UseFullRowSelect = "0"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
UsePasswordMask = "1"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
UseSmartHeaderCheck = "0"
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
VirusScanner = ""
HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
VirusScannerParam = ""
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip
(Default) = ""
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.001\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,34"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.001\Shell\Open
FriendlyAppName = "ALZip"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.001\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.7z\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,35"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.7z\Shell\Open
FriendlyAppName = "ALZip"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.7z\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.ace\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,3"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.ace\Shell\Open
FriendlyAppName = "ALZip"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.ace\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.alz\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.alz\Shell\Open
FriendlyAppName = "ALZip"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.alz\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.alz\ShellEx\DropHandler
(Default) = "{4EB37360-49E8-11D3-95B5-004033382980}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.arc\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,4"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.arc\Shell\Open
FriendlyAppName = "ALZip"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.arc\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.arj\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,5"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.arj\Shell\Open
FriendlyAppName = "ALZip"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.arj\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.b64\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,6"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.b64\Shell\Open
FriendlyAppName = "ALZip"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.b64\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bh\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,7"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bh\Shell\Open
FriendlyAppName = "ALZip"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bh\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bhx\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,8"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bhx\Shell\Open
FriendlyAppName = "ALZip"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bhx\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bin\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,9"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bin\Shell\Open
FriendlyAppName = "ALZip"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bin\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bz\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,38"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bz\Shell\Open
FriendlyAppName = "ALZip"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bz\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bz2\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,10"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bz2\Shell\Open
FriendlyAppName = "ALZip"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bz2\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.cab\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,11"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.cab\Shell\Open
FriendlyAppName = "ALZip"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.cab\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.ear\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,12"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.ear\Shell\Open
FriendlyAppName = "ALZip"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.ear\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.egg\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,36"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.egg\Shell\Open
FriendlyAppName = "ALZip"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.egg\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.egg\ShellEx\DropHandler
(Default) = "{4EB37360-49E8-11D3-95B5-004033382980}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.enc\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,13"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.enc\Shell\Open
FriendlyAppName = "ALZip"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.enc\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.gz\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,14"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.gz\Shell\Open
FriendlyAppName = "ALZip"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.gz\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.ha\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,15"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.ha\Shell\Open
FriendlyAppName = "ALZip"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.ha\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.hqx\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,16"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.hqx\Shell\Open
FriendlyAppName = "ALZip"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.hqx\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.ice\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,17"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.ice\Shell\Open
FriendlyAppName = "ALZip"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.ice\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.img\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,39"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.img\Shell\Open
FriendlyAppName = "ALZip"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.img\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.iso\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,18"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.iso\Shell\Open
FriendlyAppName = "ALZip"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.iso\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.jar\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,19"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.jar\Shell\Open
FriendlyAppName = "ALZip"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.jar\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.jar\ShellEx\DropHandler
(Default) = "{4EB37360-49E8-11D3-95B5-004033382980}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.lcd\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,20"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.lcd\Shell\Open
FriendlyAppName = "ALZip"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.lcd\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.lha\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,21"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.lha\Shell\Open
FriendlyAppName = "ALZip"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.lha\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.lha\ShellEx\DropHandler
(Default) = "{GUID}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.lzh\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,22"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.lzh\Shell\Open
FriendlyAppName = "ALZip"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.lzh\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.lzh\ShellEx\DropHandler
(Default) = "{GUID}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.mim\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,23"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.mim\Shell\Open
FriendlyAppName = "ALZip"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.mim\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.nrg\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,40"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.nrg\Shell\Open
FriendlyAppName = "ALZip"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.nrg\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.pak\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,24"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.pak\Shell\Open
FriendlyAppName = "ALZip"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.pak\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.rar\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,25"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.rar\Shell\Open
FriendlyAppName = "ALZip"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.rar\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tar\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,26"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tar\Shell\Open
FriendlyAppName = "ALZip"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tar\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tar\ShellEx\DropHandler
(Default) = "{GUID}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tbz\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,37"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tbz\Shell\Open
FriendlyAppName = "ALZip"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tbz\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tbz\ShellEx\DropHandler
(Default) = "{GUID}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tbz2\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,37"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tbz2\Shell\Open
FriendlyAppName = "ALZip"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tbz2\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tbz2\ShellEx\DropHandler
(Default) = "{GUID}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tgz\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,27"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tgz\Shell\Open
FriendlyAppName = "ALZip"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tgz\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tgz\ShellEx\DropHandler
(Default) = "{GUID}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.uu\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,28"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.uu\Shell\Open
FriendlyAppName = "ALZip"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.uu\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.uue\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,28"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.uue\Shell\Open
FriendlyAppName = "ALZip"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.uue\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.war\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,29"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.war\Shell\Open
FriendlyAppName = "ALZip"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.war\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.xxe\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,30"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.xxe\Shell\Open
FriendlyAppName = "ALZip"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.xxe\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.xz\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,41"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.xz\Shell\Open
FriendlyAppName = "ALZip"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.xz\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.z\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,31"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.z\Shell\Open
FriendlyAppName = "ALZip"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.z\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.zip\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,32"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.zip\Shell\Open
FriendlyAppName = "ALZip"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.zip\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.zip\ShellEx\DropHandler
(Default) = "{GUID}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.zoo\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,33"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.zoo\Shell\Open
FriendlyAppName = "ALZip"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.zoo\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SOFTWARE\ESTsoft\ALZip
(Default) = ""
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALBanner
Locale = "ko-KR"
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALSTS
(Default) = ""
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALSTS
Locale = "ko-KR"
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALSTS
RootDir = "%Program Files%\ESTsoft\Common"
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALSTS
WebService = "http://{BLOCKED}R.{BLOCKED}S.altools.com/ALSTSService.asmx"
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALUpdate
(Default) = ""
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALUpdate
language = "ko-KR"
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALUpdate
RootDir = "%Program Files%\ESTsoft\ALUpdate"
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALUpdate
WebService = "http://ko-KR.alupdate.altools.com/UpdateService.asmx"
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip
(Default) = ""
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip
AdditionalVersion = ""
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip
ALUpdatePlan = "U"
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip
EULAVersion = "38"
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip
FullVersion = "10.73.0.1"
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip
LanguageResource = ""
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip
Locale = "ko-KR"
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip
ProductNo = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip
RootDir = "%Program Files%\ESTsoft\ALZip"
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip
Version = "10.73"
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities
ApplicationName = "ALZip"
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.001 = "ALZip.001"
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.7z = "ALZip.7z"
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.ace = "ALZip.ace"
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.alz = "ALZip.alz"
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.arc = "ALZip.arc"
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.arj = "ALZip.arj"
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.b64 = "ALZip.b64"
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.bh = "ALZip.bh"
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.bhx = "ALZip.bhx"
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.bin = "ALZip.bin"
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.bz = "ALZip.bz"
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.bz2 = "ALZip.bz2"
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.cab = "ALZip.cab"
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.ear = "ALZip.ear"
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.egg = "ALZip.egg"
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.enc = "ALZip.enc"
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.gz = "ALZip.gz"
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.ha = "ALZip.ha"
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.hqx = "ALZip.hqx"
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.ice = "ALZip.ice"
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.img = "ALZip.img"
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.iso = "ALZip.iso"
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.jar = "ALZip.jar"
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.lcd = "ALZip.lcd"
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.lha = "ALZip.lha"
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.lzh = "ALZip.lzh"
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.mim = "ALZip.mim"
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.nrg = "ALZip.nrg"
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.pak = "ALZip.pak"
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.rar = "ALZip.rar"
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.tar = "ALZip.tar"
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.tbz = "ALZip.tbz"
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.tbz2 = "ALZip.tbz2"
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.tgz = "ALZip.tgz"
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.uu = "ALZip.uu"
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.uue = "ALZip.uue"
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.war = "ALZip.war"
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.xxe = "ALZip.xxe"
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.xz = "ALZip.xz"
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.z = "ALZip.z"
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.zip = "ALZip.zip"
HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.zoo = "ALZip.zoo"
その他
プログラムは、以下の不正なWebサイトにアクセスします。
- http://{BLOCKED}R.{BLOCKED}sinst.altools.com/show/public_addin.aspx
- http://{BLOCKED}R.{BLOCKED}sinst.altools.com/show/public_addin2.aspx
- http://{BLOCKED}R.{BLOCKED}sinst.altools.com/start/setupset.aspx
- http://{BLOCKED}r.{BLOCKED}sinst.altools.com/show/public_run.aspx
- http://{BLOCKED}r.{BLOCKED}sinst.altools.com/show/public_end_normal.aspx
- http://{BLOCKED}r.{BLOCKED}sinst.altools.com/show/public_end_addin.aspx
- http://{BLOCKED}n.{BLOCKED}s.co.kr/Ex_image/EndBanner/partnership/nsis.html
- http://{BLOCKED}r.{BLOCKED}l.altools.com/InstallerPattern.aspx?url=0&no=2&pd=ALZip&cr=0&sr=0&cv=2.0&ov=8.2.6.1&ch=
- http://{BLOCKED}n.{BLOCKED}s.co.kr/Ex_image/EndBanner/partnership/css/common.css
- http://{BLOCKED}n.altools.co.kr/Ex_image/EndBanner/partnership/css/common.css
- http://{BLOCKED}n.{BLOCKED}ls.co.kr/Ex_image/EndBanner/partnership/images/nisi_bn.png
- http://{BLOCKED}r.{BLOCKED}teadd.altools.com/icon/shopping_zum.ico
- http://{BLOCKED}R.{BLOCKED}sinst.altools.com/data/SetData.aspx
- http://{BLOCKED}r.{BLOCKED}sinst.altools.com/show/public_run.aspx
対応方法
手順 1
Windows XP、Windows Vista および Windows 7 のユーザは、コンピュータからマルウェアもしくはアドウェア等を完全に削除するために、ウイルス検索の実行前には必ず「システムの復元」を無効にしてください。
手順 2
このマルウェアもしくはアドウェア等の実行により、手順中に記載されたすべてのファイル、フォルダおよびレジストリキーや値がコンピュータにインストールされるとは限りません。インストールが不完全である場合の他、オペレーティングシステム(OS)の条件によりインストールがされない場合が考えられます。手順中に記載されたファイル/フォルダ/レジストリ情報が確認されない場合、該当の手順の操作は不要ですので、次の手順に進んでください。
手順 3
「PUA_DOWNAD.GA」で検出したファイル名を確認し、そのファイルを終了します。
- すべての実行中プロセスが、Windows のタスクマネージャに表示されない場合があります。この場合、"Process Explorer" などのツールを使用しマルウェアのファイルを終了してください。"Process Explorer" については、こちらをご参照下さい。
- 検出ファイルが、Windows のタスクマネージャまたは "Process Explorer" に表示されるものの、削除できない場合があります。この場合、コンピュータをセーフモードで再起動してください。
セーフモードについては、こちらをご参照下さい。 - 検出ファイルがタスクマネージャ上で表示されない場合、次の手順にお進みください。
手順 4
自身のアンインストールオプションを使用し、「PUA_DOWNAD.GA」を削除します。
手順 5
最新のバージョン(エンジン、パターンファイル)を導入したウイルス対策製品を用い、ウイルス検索を実行してください。「PUA_DOWNAD.GA」と検出したファイルはすべて削除してください。 検出されたファイルが、弊社ウイルス対策製品により既に駆除、隔離またはファイル削除の処理が実行された場合、ウイルスの処理は完了しており、他の削除手順は特にありません。
ご利用はいかがでしたか? アンケートにご協力ください