Trend Micro Security

TROJ_DLOADER.ZA

2014年4月9日
 解析者: Christopher Daniel So   

 プラットフォーム:

Windows 2000, Windows XP, Windows Server 2003

 危険度:
 ダメージ度:
 感染力:
 感染確認数:


  • マルウェアタイプ: トロイの木馬型
  • 破壊活動の有無: なし
  • 暗号化:  
  • 感染報告の有無: はい

  概要


マルウェアは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。


  詳細

ファイルサイズ 2,934,400 bytes
タイプ EXE
メモリ常駐 なし
発見日 2014年4月8日

侵入方法

マルウェアは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。

インストール

マルウェアは、以下のフォルダを作成します。

  • %User Temp%\is-5POVM.tmp
  • %User Temp%\is-A8UHB.tmp
  • %User Temp%\is-A8UHB.tmp\_isetup
  • %Program Files%\WinSCP
  • %Program Files%\WinSCP\PuTTY
  • %Start Menu%\Programs\WinSCP
  • %Start Menu%\Programs\WinSCP\Key tools

(註:%User Temp%フォルダはWindowsの種類とインストール時の設定などにより異なります。標準設定では、Windows 2000、XP および Server 2003 の場合、"C:\Documents and Settings\<ユーザー名>\Local Settings\Temp"、Windows Vista および 7 の場合、"C:\Users\<ユーザ名>\AppData\Local\Temp" です。. %Program Files%フォルダは、Windows 2000、Server 2003、XP (32ビット)、通常 Vista (32ビット) および 7 (32ビット) の場合、通常 "C:\Program Files"、Windows XP (64ビット)、Vista (64ビット) および 7 (64ビット) の場合、通常 "C:\Program Files (x86)" です。. %Start Menu%フォルダは、Windows 2000、XP および Server 2003 の場合、通常、"C:\Windows\Start Menu" または "C:\Documents and Settings\<ユーザ名>\Start Menu"、Windows Vista および 7 の場合、"C:\Users\<ユーザ名>\AppData\Roaming\Microsoft\Windows\Start Menu" です。)

他のシステム変更

マルウェアは、以下のファイルを削除します。

  • %Start Menu%\Programs\WinSCP\WinSCP.pif
  • %Start Menu%\Programs\WinSCP\WinSCP.url
  • %Start Menu%\Programs\WinSCP\WinSCP Web Site.lnk
  • %Start Menu%\Programs\WinSCP\WinSCP Web Site.pif
  • %Start Menu%\Programs\WinSCP\Support forum.lnk
  • %Start Menu%\Programs\WinSCP\Support forum.pif
  • %Start Menu%\Programs\WinSCP\Documentation.lnk
  • %Start Menu%\Programs\WinSCP\Documentation.pif
  • %Start Menu%\Programs\WinSCP\Key tools\PuTTYgen.pif
  • %Start Menu%\Programs\WinSCP\Key tools\PuTTYgen.url
  • %Start Menu%\Programs\WinSCP\Key tools\PuTTYgen Manual.pif
  • %Start Menu%\Programs\WinSCP\Key tools\PuTTYgen Manual.url
  • %Start Menu%\Programs\WinSCP\Key tools\Pageant.pif
  • %Start Menu%\Programs\WinSCP\Key tools\Pageant.url
  • %Start Menu%\Programs\WinSCP\Key tools\Pageant Manual.pif
  • %Start Menu%\Programs\WinSCP\Key tools\Pageant Manual.url
  • %Start Menu%\Programs\WinSCP\Key tools\PuTTY Web Site.lnk
  • %Start Menu%\Programs\WinSCP\Key tools\PuTTY Web Site.pif
  • %Desktop%\WinSCP.pif
  • %Desktop%\WinSCP.url
  • %User Profile%\SendTo\WinSCP (for upload).pif
  • %User Profile%\SendTo\WinSCP (for upload).url

(註:%Start Menu%フォルダは、Windows 2000、XP および Server 2003 の場合、通常、"C:\Windows\Start Menu" または "C:\Documents and Settings\<ユーザ名>\Start Menu"、Windows Vista および 7 の場合、"C:\Users\<ユーザ名>\AppData\Roaming\Microsoft\Windows\Start Menu" です。. %Desktop%フォルダは、Windows 2000、XP および Server 2003 の場合、通常 "C:\Documents and Settings\<ユーザ名>\デスクトップ"、Windows Vista および 7 の場合、"C:\Users\<ユーザ名>\デスクトップ" です。. %User Profile% フォルダは、Windows 2000、XP および Server 2003 の場合、通常、"C:\Documents and Settings\<ユーザ名>"、Windows Vista および 7 の場合、"C:\Users\<ユーザ名>" です。)

マルウェアは、以下のレジストリキーを追加します。

HKEY_CURRENT_USER\Software\Martin Prikryl

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface

HKEY_LOCAL_MACHINE\Software\Martin Prikryl\
WinSCP 2

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Updates

HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{E15E1D68-0D1C-49F7-BEB8-812B1E00FA60}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{E15E1D68-0D1C-49F7-BEB8-812B1E00FA60}\InProcServer32

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
directory\shellex\CopyHookHandlers\
WinSCPCopyHook

HKEY_LOCAL_MACHINE\Software\Martin Prikryl\
WinSCP 2\DragExt

HKEY_CLASSES_ROOT\SCP

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SCP\DefaultIcon

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SCP\shell

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SCP\shell\open

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SCP\shell\open\
command

HKEY_CLASSES_ROOT\SFTP

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SFTP\DefaultIcon

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SFTP\shell

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SFTP\shell\open

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SFTP\shell\open\
command

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Logging

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
NewDirectory

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
SynchronizeChecklist

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
FindFile

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
ConsoleWin

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\History

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\HistoryParams

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
QueueView

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Explorer

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander\LocalPanel

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander\RemotePanel

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Security

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Bookmarks

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Bookmarks\
Local

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Bookmarks\
Remote

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Bookmarks\
ShortCuts

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Bookmarks\
Options

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor\0

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor\1

マルウェアは、以下のレジストリ値を追加します。

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
Interface = "0"

HKEY_LOCAL_MACHINE\SOFTWARE\Martin Prikryl\
WinSCP 2
DefaultInterfaceInterface = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
ShowAdvancedLoginOptions = "0"

HKEY_LOCAL_MACHINE\SOFTWARE\Martin Prikryl\
WinSCP 2
DefaultInterfaceShowAdvancedLoginOptions = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
DDExtEnabled = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Updates
Period = "7"

HKEY_LOCAL_MACHINE\SOFTWARE\Martin Prikryl\
WinSCP 2
DefaultUpdatesPeriod = "7"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
Inno Setup: Setup Version = "5.2.3"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
Inno Setup: App Path = "%Program Files%\WinSCP"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
InstallLocation = "%Program Files%\WinSCP"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
Inno Setup: Icon Group = "WinSCP"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
Inno Setup: User = "Wilbert"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
Inno Setup: Setup Type = "full"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
Inno Setup: Selected Components = "main,shellext,pageant,puttygen,transl,transl\eng"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
Inno Setup: Deselected Components = "{random characters}"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
Inno Setup: Selected Tasks = "enableupdates,desktopicon,desktopicon\user,sendtohook,urlhandler"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
Inno Setup: Deselected Tasks = "desktopicon\common,quicklaunchicon,searchpath"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
DisplayName = "WinSCP 4.2.5"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
DisplayIcon = "%Program Files%\WinSCP\WinSCP.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
UninstallString = "%Program Files%\WinSCP\unins000.exe "

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
QuietUninstallString = "%Program Files%\WinSCP\unins000.exe /SILENT"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
DisplayVersion = "4.2.5"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
Publisher = "Martin Prikryl"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
URLInfoAbout = "http://{BLOCKED}p.net"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
HelpLink = "http://{BLOCKED}p.net/forum"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
URLUpdateInfo = "http://{BLOCKED}p.net/eng/download.php"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
NoModify = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
NoRepair = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
InstallDate = "20140330"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
Inno Setup CodeFile: SetupType = "custom"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{E15E1D68-0D1C-49F7-BEB8-812B1E00FA60}\InProcServer32
ThreadingModel = "Apartment"

HKEY_LOCAL_MACHINE\SOFTWARE\Martin Prikryl\
WinSCP 2\DragExt
Enable = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SCP
EditFlags = "2"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SCP
BrowserFlags = "8"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SFTP
EditFlags = "2"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SFTP
BrowserFlags = "8"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
RandomSeedFile = "%25APPDATA%25%5Cwinscp.rnd"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
PuttyRegistryStorageKey = "Software%5CSimonTatham%5CPuTTY"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
ConfirmOverwriting = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
ConfirmResume = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
AutoReadDirectoryAfterOp = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
SessionReopenAuto = "1388"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
SessionReopenBackground = "7d"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
SessionReopenTimeout = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
TunnelLocalPortNumberLow = "c35"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
TunnelLocalPortNumberHigh = "c3b3"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
CacheDirectoryChangesMaxSize = "64"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
ShowFtpWelcomeMessage = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Logging
Logging = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Logging
LogFileAppend = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Logging
LogWindowLines = "64"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Logging
LogProtocol = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Logging
LogActions = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
ContinueOnError = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
ConfirmCommandSession = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
SynchronizeParams = "42"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
SynchronizeOptions = "5"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
SynchronizeModeAuto = "ffffffff"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
SynchronizeMode = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
MaxWatchDirectories = "1f4"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
QueueTransfersLimit = "2"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
QueueAutoPopup = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
QueueRememberPassword = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
PuttySession = "WinSCP%20temporary%20session"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
PuttyPath = "%25PROGRAMFILES%25%5CPuTTY%5Cputty.exe"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
PuttyPassword = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
TelnetForFtpInPutty = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
IgnoreCancelBeforeFinish = "{random values}"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
BeepOnFinish = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
BeepOnFinishAfter = "{random values}"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
SynchronizeBrowsing = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
KeepUpToDateChangeDelay = "1f4"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
ChecksumAlg = "md5"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
SessionReopenAutoIdle = "1388"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
AddXToDirectories = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
Masks = "{random characters}"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
FileNameCase = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
PreserveReadOnly = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
PreserveTime = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
PreserveRights = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
IgnorePermErrors = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
Text = "rw-r--r--"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
TransferMode = "2"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
ResumeSupport = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
ResumeThreshold = "{random values}"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
ReplaceInvalidChars = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
LocalInvalidChars = "/%5%System Root%%2A%3F"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
CalculateSize = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
NegativeExclude = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
ClearArchive = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
CPSLimit = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
Queue = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
QueueNoConfirmation = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
QueueIndividually = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
NewerOnly = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
CopyParamList = "ffffffff"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
NewDirectory
Valid = "{random values}"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
ConfirmExitOnCompletion = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Logging
LogView = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
SynchronizeChecklist
WindowParams = "0;-1;-1;600;450;0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
SynchronizeChecklist
ListParams = "1;1150,1;100,1;80,1;130,1;25,1;100,1;80,1;130,10;1;2;3;4;5;6;7"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
FindFile
WindowParams = "646,481"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
FindFile
ListParams = "3;1125,1;181,1;80,1;122,10;1;2;3"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
ConsoleWin
WindowSize = "570,430"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
CopyOnDoubleClick = "2"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
CopyOnDoubleClickConfirmation = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
DDAllowMove = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
DDAllowMoveInit = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
DDTransferConfirmation = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
DDWarnLackOfTempSpace = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
DDWarnLackOfTempSpaceRatio = "{random values}"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
DeleteToRecycleBin = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
DimmHiddenFiles = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
RenameWholeName = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
SelectDirectories = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
SelectMask = "%2A.%2A"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
ShowHiddenFiles = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
ShowInaccesibleDirectories = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
ConfirmTransferring = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
ConfirmDeleting = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
ConfirmRecycling = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
ConfirmClosingSession = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
UseLocationProfiles = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
UseSharedBookmarks = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
LocaleSafe = "49"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
DDExtTimeout = "3e8"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
DefaultDirIsHome = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
TemporaryDirectoryAppendSession = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
TemporaryDirectoryAppendPath = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
TemporaryDirectoryCleanup = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
ConfirmTemporaryDirectoryCleanup = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
PreservePanelState = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
Theme = "OfficeXP"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
PathInCaption = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
MinimizeToTray = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
BalloonNotifications = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
NotificationsTimeout = "a"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
NotificationsStickTime = "2"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
CopyParamAutoSelectNotice = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
SessionToolbarAutoShown = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
LockToolbars = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
AutoOpenInPutty = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
LastMonitor = "ffffffff"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
VersionHistory = "40205624,stable"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor
FontName = "Courier%20New"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor
FontHeight = "fffffff4"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor
FontStyle = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor
FontCharset = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor
WordWrap = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor
FindMatchCase = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor
FindWholeWord = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor
FindDown = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor
TabSize = "7"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor
MaxEditors = "1f4"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor
EarlyClose = "2"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor
SDIShellEditor = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
QueueView
Height = "64"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
QueueView
Layout = "70,160,160,80,80,80"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
QueueView
Show = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
QueueView
LastHideShow = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
QueueView
ToolBar = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Updates
LastCheck = "{random values}"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Updates
HaveResults = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Updates
ShownResults = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Updates
BetaVersions = "2"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Updates
ConnectionType = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Updates
ProxyPort = "1f9"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Updates
ForVersion = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Updates
Version = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Updates
Critical = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Updates
Disabled = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Explorer
ToolbarsLayout = "{random characters}"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Explorer
DirViewParams = "0;1;0150,1;70,1;101,1;79,1;62,1;55,1;20,0;150,0;125,00;1;8;2;3;4;5;6;7"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Explorer
LastLocalTargetDirectory = "%System Root%%5CDocuments%20and%20Settings%5CWilbert%5CMy%20Documents"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Explorer
StatusBar = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Explorer
WindowParams = "-1;-1;600;400;0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Explorer
ViewStyle = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Explorer
ShowFullAddress = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Explorer
DriveView = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Explorer
DriveViewWidth = "b4"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander
CurrentPanel = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander
LocalPanelWidth = "{random values}"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander
SwappedPanels = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander
StatusBar = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander
WindowParams = "-1;-1;600;400;0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander
ExplorerStyleSelection = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander
PreserveLocalDirectory = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander
CompareByTime = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander
CompareBySize = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander
FullRowSelect = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander
TreeOnLeft = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander\LocalPanel
DirViewParams = "0;1;0150,1;70,1;101,1;79,1;62,1;55,00;1;2;3;4;5"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander\LocalPanel
StatusBar = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander\LocalPanel
DriveView = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander\LocalPanel
DriveViewHeight = "64"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander\LocalPanel
DriveViewWidth = "64"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander\RemotePanel
DirViewParams = "0;1;0150,1;70,1;101,1;79,1;62,1;55,0;20,0;150,0;125,00;1;8;2;3;4;5;6;7"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander\RemotePanel
StatusBar = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander\RemotePanel
DriveView = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander\RemotePanel
DriveViewHeight = "64"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander\RemotePanel
DriveViewWidth = "64"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Logging
LogWindowOnStartup = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Logging
LogWindowParams = "-1;-1;500;400"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Security
UseMasterPassword = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor\0
FileMask = "%2A.%2A"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor\0
Editor = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor\0
ExternalEditorText = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor\0
SDIExternalEditor = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor\0
DetectMDIExternalEditor = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor\1
FileMask = "%2A.%2A"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor\1
Editor = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor\1
ExternalEditor = "notepad.exe"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor\1
ExternalEditorText = "1"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor\1
SDIExternalEditor = "0"

HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor\1
DetectMDIExternalEditor = "0"

マルウェアは、以下のレジストリ値を変更します。

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
DirectDraw\MostRecentApplication
Name = "iexplore.exe"

(註:変更前の上記レジストリ値は、「iexplore.exe」となります。)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
DirectDraw\MostRecentApplication
ID = "4117b81"

(註:変更前の上記レジストリ値は、「41107b81」となります。)

マルウェアは、以下のレジストリキーを削除します。

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1

作成活動

マルウェアは、以下のファイルを作成します。

  • %User Temp%\is-5povm.tmp\{malware file name}.tmp
  • %User Temp%\is-A8UHB.tmp\_isetup\_RegDLL.tmp
  • %User Temp%\is-A8UHB.tmp\_isetup\_shfoldr.dll
  • %User Temp%\is-A8UHB.tmp\OCSetupHlp.dll
  • %Program Files%\WinSCP\unins000.dat
  • %Program Files%\WinSCP\is-VLP8F.tmp
  • %Program Files%\WinSCP\is-B3TB7.tmp
  • %Program Files%\WinSCP\is-87I57.tmp
  • %Program Files%\WinSCP\is-TV44J.tmp
  • %Program Files%\WinSCP\is-QKNJJ.tmp
  • %Program Files%\WinSCP\is-9Q0PU.tmp
  • %Program Files%\WinSCP\PuTTY\is-BLU1T.tmp
  • %Program Files%\WinSCP\PuTTY\is-UP4J0.tmp
  • %Program Files%\WinSCP\PuTTY\is-0GIMO.tmp
  • %Program Files%\WinSCP\PuTTY\is-K14GO.tmp
  • %Start Menu%\Programs\WinSCP\WinSCP.lnk
  • %Start Menu%\Programs\WinSCP\WinSCP Web Site.url
  • %Start Menu%\Programs\WinSCP\Support forum.url
  • %Start Menu%\Programs\WinSCP\Documentation.url
  • %Start Menu%\Programs\WinSCP\Key tools\PuTTYgen.lnk
  • %Start Menu%\Programs\WinSCP\Key tools\PuTTYgen Manual.lnk
  • %Start Menu%\Programs\WinSCP\Key tools\Pageant.lnk
  • %Start Menu%\Programs\WinSCP\Key tools\Pageant Manual.lnk
  • %Start Menu%\Programs\WinSCP\Key tools\PuTTY Web Site.url
  • %Desktop%\WinSCP.lnk
  • %User Profile%\SendTo\WinSCP (for upload).lnk
  • %User Profile%\Application Data\winscp.rnd

(註:%User Temp%フォルダはWindowsの種類とインストール時の設定などにより異なります。標準設定では、Windows 2000、XP および Server 2003 の場合、"C:\Documents and Settings\<ユーザー名>\Local Settings\Temp"、Windows Vista および 7 の場合、"C:\Users\<ユーザ名>\AppData\Local\Temp" です。. %Program Files%フォルダは、Windows 2000、Server 2003、XP (32ビット)、通常 Vista (32ビット) および 7 (32ビット) の場合、通常 "C:\Program Files"、Windows XP (64ビット)、Vista (64ビット) および 7 (64ビット) の場合、通常 "C:\Program Files (x86)" です。. %Start Menu%フォルダは、Windows 2000、XP および Server 2003 の場合、通常、"C:\Windows\Start Menu" または "C:\Documents and Settings\<ユーザ名>\Start Menu"、Windows Vista および 7 の場合、"C:\Users\<ユーザ名>\AppData\Roaming\Microsoft\Windows\Start Menu" です。. %Desktop%フォルダは、Windows 2000、XP および Server 2003 の場合、通常 "C:\Documents and Settings\<ユーザ名>\デスクトップ"、Windows Vista および 7 の場合、"C:\Users\<ユーザ名>\デスクトップ" です。. %User Profile% フォルダは、Windows 2000、XP および Server 2003 の場合、通常、"C:\Documents and Settings\<ユーザ名>"、Windows Vista および 7 の場合、"C:\Users\<ユーザ名>" です。)

このウイルス情報は、自動解析システムにより作成されました。


  対応方法

対応検索エンジン: 9.300

手順 1

Windows XP、Windows Vista および Windows 7 のユーザは、コンピュータからマルウェアもしくはアドウェア等を完全に削除するために、ウイルス検索の実行前には必ず「システムの復元」を無効にしてください。

手順 2

不明なレジストリ値を削除します。

[ 詳細 ]

警告:レジストリはWindowsの構成情報が格納されているデータベースであり、レジストリの編集内容に問題があると、システムが正常に動作しなくなる場合があります。
レジストリの編集はお客様の責任で行っていただくようお願いいたします。弊社ではレジストリの編集による如何なる問題に対しても補償いたしかねます。
レジストリの編集前にこちらをご参照ください。

  • In HKEY_CURRENT_USER\Software
    • Martin Prikryl
  • In HKEY_CURRENT_USER\Software\Martin Prikryl
    • WinSCP 2
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration
    • Interface
  • In HKEY_LOCAL_MACHINE\Software\Martin Prikryl
    • WinSCP 2
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • Updates
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
    • winscp3_is1
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID
    • {E15E1D68-0D1C-49F7-BEB8-812B1E00FA60}
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E15E1D68-0D1C-49F7-BEB8-812B1E00FA60}
    • InProcServer32
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\directory\shellex\CopyHookHandlers
    • WinSCPCopyHook
  • In HKEY_LOCAL_MACHINE\Software\Martin Prikryl\WinSCP 2
    • DragExt
  • In HKEY_CLASSES_ROOT
    • SCP
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SCP
    • DefaultIcon
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SCP
    • shell
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SCP\shell
    • open
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SCP\shell\open
    • command
  • In HKEY_CLASSES_ROOT
    • SFTP
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SFTP
    • DefaultIcon
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SFTP
    • shell
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SFTP\shell
    • open
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SFTP\shell\open
    • command
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration
    • Logging
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • CopyParam
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • NewDirectory
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • SynchronizeChecklist
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • FindFile
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • ConsoleWin
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration
    • History
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration
    • HistoryParams
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • Editor
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • QueueView
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • Explorer
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • Commander
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Commander
    • LocalPanel
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Commander
    • RemotePanel
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration
    • Security
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration
    • Bookmarks
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Bookmarks
    • Local
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Bookmarks
    • Remote
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Bookmarks
    • ShortCuts
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Bookmarks
    • Options
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Editor
    • 0
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Editor
    • 1

手順 3

このレジストリ値を削除します。

[ 詳細 ]

警告:レジストリはWindowsの構成情報が格納されているデータベースであり、レジストリの編集内容に問題があると、システムが正常に動作しなくなる場合があります。
レジストリの編集はお客様の責任で行っていただくようお願いいたします。弊社ではレジストリの編集による如何なる問題に対しても補償いたしかねます。
レジストリの編集前にこちらをご参照ください。

  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • Interface = "0"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Martin Prikryl\WinSCP 2
    • DefaultInterfaceInterface = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • ShowAdvancedLoginOptions = "0"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Martin Prikryl\WinSCP 2
    • DefaultInterfaceShowAdvancedLoginOptions = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • DDExtEnabled = "1"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Updates
    • Period = "7"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Martin Prikryl\WinSCP 2
    • DefaultUpdatesPeriod = "7"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winscp3_is1
    • Inno Setup: Setup Version = "5.2.3"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winscp3_is1
    • Inno Setup: App Path = "%Program Files%\WinSCP"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winscp3_is1
    • InstallLocation = "%Program Files%\WinSCP"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winscp3_is1
    • Inno Setup: Icon Group = "WinSCP"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winscp3_is1
    • Inno Setup: User = "Wilbert"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winscp3_is1
    • Inno Setup: Setup Type = "full"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winscp3_is1
    • Inno Setup: Selected Components = "main,shellext,pageant,puttygen,transl,transl\eng"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winscp3_is1
    • Inno Setup: Deselected Components = "{random characters}"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winscp3_is1
    • Inno Setup: Selected Tasks = "enableupdates,desktopicon,desktopicon\user,sendtohook,urlhandler"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winscp3_is1
    • Inno Setup: Deselected Tasks = "desktopicon\common,quicklaunchicon,searchpath"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winscp3_is1
    • DisplayName = "WinSCP 4.2.5"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winscp3_is1
    • DisplayIcon = "%Program Files%\WinSCP\WinSCP.exe"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winscp3_is1
    • UninstallString = "%Program Files%\WinSCP\unins000.exe "
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winscp3_is1
    • QuietUninstallString = "%Program Files%\WinSCP\unins000.exe /SILENT"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winscp3_is1
    • DisplayVersion = "4.2.5"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winscp3_is1
    • Publisher = "Martin Prikryl"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winscp3_is1
    • URLInfoAbout = "http://{BLOCKED}p.net"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winscp3_is1
    • HelpLink = "http://{BLOCKED}p.net/forum"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winscp3_is1
    • URLUpdateInfo = "http://{BLOCKED}p.net/eng/download.php"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winscp3_is1
    • NoModify = "1"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winscp3_is1
    • NoRepair = "1"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winscp3_is1
    • InstallDate = "20140330"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winscp3_is1
    • Inno Setup CodeFile: SetupType = "custom"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E15E1D68-0D1C-49F7-BEB8-812B1E00FA60}\InProcServer32
    • ThreadingModel = "Apartment"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Martin Prikryl\WinSCP 2\DragExt
    • Enable = "1"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SCP
    • EditFlags = "2"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SCP
    • BrowserFlags = "8"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SFTP
    • EditFlags = "2"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SFTP
    • BrowserFlags = "8"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • RandomSeedFile = "%25APPDATA%25%5Cwinscp.rnd"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • PuttyRegistryStorageKey = "Software%5CSimonTatham%5CPuTTY"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • ConfirmOverwriting = "1"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • ConfirmResume = "1"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • AutoReadDirectoryAfterOp = "1"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • SessionReopenAuto = "1388"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • SessionReopenBackground = "7d"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • SessionReopenTimeout = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • TunnelLocalPortNumberLow = "c35"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • TunnelLocalPortNumberHigh = "c3b3"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • CacheDirectoryChangesMaxSize = "64"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • ShowFtpWelcomeMessage = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Logging
    • Logging = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Logging
    • LogFileAppend = "1"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Logging
    • LogWindowLines = "64"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Logging
    • LogProtocol = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Logging
    • LogActions = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • ContinueOnError = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • ConfirmCommandSession = "1"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • SynchronizeParams = "42"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • SynchronizeOptions = "5"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • SynchronizeModeAuto = "ffffffff"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • SynchronizeMode = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • MaxWatchDirectories = "1f4"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • QueueTransfersLimit = "2"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • QueueAutoPopup = "1"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • QueueRememberPassword = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • PuttySession = "WinSCP%20temporary%20session"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • PuttyPath = "%25PROGRAMFILES%25%5CPuTTY%5Cputty.exe"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • PuttyPassword = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • TelnetForFtpInPutty = "1"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • IgnoreCancelBeforeFinish = "{random values}"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • BeepOnFinish = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • BeepOnFinishAfter = "{random values}"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • SynchronizeBrowsing = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • KeepUpToDateChangeDelay = "1f4"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • ChecksumAlg = "md5"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • SessionReopenAutoIdle = "1388"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\CopyParam
    • AddXToDirectories = "1"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\CopyParam
    • Masks = "{random characters}"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\CopyParam
    • FileNameCase = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\CopyParam
    • PreserveReadOnly = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\CopyParam
    • PreserveTime = "1"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\CopyParam
    • PreserveRights = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\CopyParam
    • IgnorePermErrors = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\CopyParam
    • Text = "rw-r--r--"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\CopyParam
    • TransferMode = "2"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\CopyParam
    • ResumeSupport = "1"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\CopyParam
    • ResumeThreshold = "{random values}"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\CopyParam
    • ReplaceInvalidChars = "1"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\CopyParam
    • LocalInvalidChars = "/%5%System Root%%2A%3F"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\CopyParam
    • CalculateSize = "1"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\CopyParam
    • NegativeExclude = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\CopyParam
    • ClearArchive = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\CopyParam
    • CPSLimit = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\CopyParam
    • Queue = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\CopyParam
    • QueueNoConfirmation = "1"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\CopyParam
    • QueueIndividually = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\CopyParam
    • NewerOnly = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\CopyParam
    • CopyParamList = "ffffffff"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\NewDirectory
    • Valid = "{random values}"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • ConfirmExitOnCompletion = "1"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Logging
    • LogView = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\SynchronizeChecklist
    • WindowParams = "0;-1;-1;600;450;0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\SynchronizeChecklist
    • ListParams = "1;1150,1;100,1;80,1;130,1;25,1;100,1;80,1;130,10;1;2;3;4;5;6;7"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\FindFile
    • WindowParams = "646,481"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\FindFile
    • ListParams = "3;1125,1;181,1;80,1;122,10;1;2;3"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\ConsoleWin
    • WindowSize = "570,430"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • CopyOnDoubleClick = "2"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • CopyOnDoubleClickConfirmation = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • DDAllowMove = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • DDAllowMoveInit = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • DDTransferConfirmation = "1"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • DDWarnLackOfTempSpace = "1"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • DDWarnLackOfTempSpaceRatio = "{random values}"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • DeleteToRecycleBin = "1"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • DimmHiddenFiles = "1"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • RenameWholeName = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • SelectDirectories = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • SelectMask = "%2A.%2A"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • ShowHiddenFiles = "1"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • ShowInaccesibleDirectories = "1"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • ConfirmTransferring = "1"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • ConfirmDeleting = "1"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • ConfirmRecycling = "1"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • ConfirmClosingSession = "1"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • UseLocationProfiles = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • UseSharedBookmarks = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • LocaleSafe = "49"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • DDExtTimeout = "3e8"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • DefaultDirIsHome = "1"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • TemporaryDirectoryAppendSession = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • TemporaryDirectoryAppendPath = "1"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • TemporaryDirectoryCleanup = "1"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • ConfirmTemporaryDirectoryCleanup = "1"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • PreservePanelState = "1"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • Theme = "OfficeXP"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • PathInCaption = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • MinimizeToTray = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • BalloonNotifications = "1"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • NotificationsTimeout = "a"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • NotificationsStickTime = "2"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • CopyParamAutoSelectNotice = "1"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • SessionToolbarAutoShown = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • LockToolbars = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • AutoOpenInPutty = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • LastMonitor = "ffffffff"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
    • VersionHistory = "40205624,stable"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Editor
    • FontName = "Courier%20New"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Editor
    • FontHeight = "fffffff4"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Editor
    • FontStyle = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Editor
    • FontCharset = "1"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Editor
    • WordWrap = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Editor
    • FindMatchCase = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Editor
    • FindWholeWord = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Editor
    • FindDown = "1"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Editor
    • TabSize = "7"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Editor
    • MaxEditors = "1f4"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Editor
    • EarlyClose = "2"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Editor
    • SDIShellEditor = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\QueueView
    • Height = "64"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\QueueView
    • Layout = "70,160,160,80,80,80"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\QueueView
    • Show = "1"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\QueueView
    • LastHideShow = "1"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\QueueView
    • ToolBar = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Updates
    • LastCheck = "{random values}"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Updates
    • HaveResults = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Updates
    • ShownResults = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Updates
    • BetaVersions = "2"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Updates
    • ConnectionType = "1"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Updates
    • ProxyPort = "1f9"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Updates
    • ForVersion = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Updates
    • Version = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Updates
    • Critical = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Updates
    • Disabled = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Explorer
    • ToolbarsLayout = "{random characters}"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Explorer
    • DirViewParams = "0;1;0150,1;70,1;101,1;79,1;62,1;55,1;20,0;150,0;125,00;1;8;2;3;4;5;6;7"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Explorer
    • LastLocalTargetDirectory = "%System Root%%5CDocuments%20and%20Settings%5CWilbert%5CMy%20Documents"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Explorer
    • StatusBar = "1"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Explorer
    • WindowParams = "-1;-1;600;400;0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Explorer
    • ViewStyle = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Explorer
    • ShowFullAddress = "1"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Explorer
    • DriveView = "1"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Explorer
    • DriveViewWidth = "b4"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Commander
    • CurrentPanel = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Commander
    • LocalPanelWidth = "{random values}"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Commander
    • SwappedPanels = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Commander
    • StatusBar = "1"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Commander
    • WindowParams = "-1;-1;600;400;0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Commander
    • ExplorerStyleSelection = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Commander
    • PreserveLocalDirectory = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Commander
    • CompareByTime = "1"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Commander
    • CompareBySize = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Commander
    • FullRowSelect = "1"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Commander
    • TreeOnLeft = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Commander\LocalPanel
    • DirViewParams = "0;1;0150,1;70,1;101,1;79,1;62,1;55,00;1;2;3;4;5"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Commander\LocalPanel
    • StatusBar = "1"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Commander\LocalPanel
    • DriveView = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Commander\LocalPanel
    • DriveViewHeight = "64"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Commander\LocalPanel
    • DriveViewWidth = "64"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Commander\RemotePanel
    • DirViewParams = "0;1;0150,1;70,1;101,1;79,1;62,1;55,0;20,0;150,0;125,00;1;8;2;3;4;5;6;7"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Commander\RemotePanel
    • StatusBar = "1"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Commander\RemotePanel
    • DriveView = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Commander\RemotePanel
    • DriveViewHeight = "64"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Commander\RemotePanel
    • DriveViewWidth = "64"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Logging
    • LogWindowOnStartup = "1"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Logging
    • LogWindowParams = "-1;-1;500;400"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Security
    • UseMasterPassword = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Editor\0
    • FileMask = "%2A.%2A"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Editor\0
    • Editor = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Editor\0
    • ExternalEditorText = "1"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Editor\0
    • SDIExternalEditor = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Editor\0
    • DetectMDIExternalEditor = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Editor\1
    • FileMask = "%2A.%2A"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Editor\1
    • Editor = "1"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Editor\1
    • ExternalEditor = "notepad.exe"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Editor\1
    • ExternalEditorText = "1"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Editor\1
    • SDIExternalEditor = "0"
  • In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Editor\1
    • DetectMDIExternalEditor = "0"

手順 4

変更されたレジストリ値を修正します。

[ 詳細 ]

警告:レジストリはWindowsの構成情報が格納されているデータベースであり、レジストリの編集内容に問題があると、システムが正常に動作しなくなる場合があります。
事前に意図的に対象の設定を変更していた場合は、意図するオリジナルの設定に戻してください。変更する値が分からない場合は、システム管理者にお尋ねいただき、レジストリの編集はお客様の責任として行なって頂くようお願いいたします。弊社ではレジストリの編集による如何なる問題に対しても補償いたしかねます。
レジストリの編集前にこちらをご参照ください。

  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
    • From: Name = "iexplore.exe"
      To: Name = ""iexplore.exe""
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication
    • From: ID = "4117b81"
      To: ID = ""41107b81""

手順 5

以下のファイルを検索し削除します。

[ 詳細 ]
コンポーネントファイルが隠しファイル属性の場合があります。[詳細設定オプション]をクリックし、[隠しファイルとフォルダの検索]のチェックボックスをオンにし、検索結果に隠しファイルとフォルダが含まれるようにしてください。
  • %User Temp%\is-5povm.tmp\{malware file name}.tmp
  • %User Temp%\is-A8UHB.tmp\_isetup\_RegDLL.tmp
  • %User Temp%\is-A8UHB.tmp\_isetup\_shfoldr.dll
  • %User Temp%\is-A8UHB.tmp\OCSetupHlp.dll
  • %Program Files%\WinSCP\unins000.dat
  • %Program Files%\WinSCP\is-VLP8F.tmp
  • %Program Files%\WinSCP\is-B3TB7.tmp
  • %Program Files%\WinSCP\is-87I57.tmp
  • %Program Files%\WinSCP\is-TV44J.tmp
  • %Program Files%\WinSCP\is-QKNJJ.tmp
  • %Program Files%\WinSCP\is-9Q0PU.tmp
  • %Program Files%\WinSCP\PuTTY\is-BLU1T.tmp
  • %Program Files%\WinSCP\PuTTY\is-UP4J0.tmp
  • %Program Files%\WinSCP\PuTTY\is-0GIMO.tmp
  • %Program Files%\WinSCP\PuTTY\is-K14GO.tmp
  • %Start Menu%\Programs\WinSCP\WinSCP.lnk
  • %Start Menu%\Programs\WinSCP\WinSCP Web Site.url
  • %Start Menu%\Programs\WinSCP\Support forum.url
  • %Start Menu%\Programs\WinSCP\Documentation.url
  • %Start Menu%\Programs\WinSCP\Key tools\PuTTYgen.lnk
  • %Start Menu%\Programs\WinSCP\Key tools\PuTTYgen Manual.lnk
  • %Start Menu%\Programs\WinSCP\Key tools\Pageant.lnk
  • %Start Menu%\Programs\WinSCP\Key tools\Pageant Manual.lnk
  • %Start Menu%\Programs\WinSCP\Key tools\PuTTY Web Site.url
  • %Desktop%\WinSCP.lnk
  • %User Profile%\SendTo\WinSCP (for upload).lnk
  • %User Profile%\Application Data\winscp.rnd

手順 6

以下のフォルダを検索し削除します。

[ 詳細 ]
フォルダが隠しフォルダ属性に設定されている場合があります。[詳細設定オプション]をクリックし、[隠しファイルとフォルダの検索]のチェックボックスをオンにし、検索結果に隠しファイルとフォルダが含まれるようにしてください。
  • %User Temp%\is-5POVM.tmp
  • %User Temp%\is-A8UHB.tmp
  • %User Temp%\is-A8UHB.tmp\_isetup
  • %Program Files%\WinSCP
  • %Program Files%\WinSCP\PuTTY
  • %Start Menu%\Programs\WinSCP
  • %Start Menu%\Programs\WinSCP\Key tools

手順 7

最新のバージョン(エンジン、パターンファイル)を導入したウイルス対策製品を用い、ウイルス検索を実行してください。「TROJ_DLOADER.ZA」と検出したファイルはすべて削除してください。 検出されたファイルが、弊社ウイルス対策製品により既に駆除、隔離またはファイル削除の処理が実行された場合、ウイルスの処理は完了しており、他の削除手順は特にありません。

手順 8

以下のファイルをバックアップを用いて修復します。なお、マイクロソフト製品に関連したファイルのみ修復されます。このマルウェア/グレイウェア/スパイウェアが同社製品以外のプログラムをも削除した場合には、該当プログラムを再度インストールする必要があります。

  • %Start Menu%\Programs\WinSCP\WinSCP.pif
  • %Start Menu%\Programs\WinSCP\WinSCP.url
  • %Start Menu%\Programs\WinSCP\WinSCP Web Site.lnk
  • %Start Menu%\Programs\WinSCP\WinSCP Web Site.pif
  • %Start Menu%\Programs\WinSCP\Support forum.lnk
  • %Start Menu%\Programs\WinSCP\Support forum.pif
  • %Start Menu%\Programs\WinSCP\Documentation.lnk
  • %Start Menu%\Programs\WinSCP\Documentation.pif
  • %Start Menu%\Programs\WinSCP\Key tools\PuTTYgen.pif
  • %Start Menu%\Programs\WinSCP\Key tools\PuTTYgen.url
  • %Start Menu%\Programs\WinSCP\Key tools\PuTTYgen Manual.pif
  • %Start Menu%\Programs\WinSCP\Key tools\PuTTYgen Manual.url
  • %Start Menu%\Programs\WinSCP\Key tools\Pageant.pif
  • %Start Menu%\Programs\WinSCP\Key tools\Pageant.url
  • %Start Menu%\Programs\WinSCP\Key tools\Pageant Manual.pif
  • %Start Menu%\Programs\WinSCP\Key tools\Pageant Manual.url
  • %Start Menu%\Programs\WinSCP\Key tools\PuTTY Web Site.lnk
  • %Start Menu%\Programs\WinSCP\Key tools\PuTTY Web Site.pif
  • %Desktop%\WinSCP.pif
  • %Desktop%\WinSCP.url
  • %User Profile%\SendTo\WinSCP (for upload).pif
  • %User Profile%\SendTo\WinSCP (for upload).url

手順 9

以下の削除されたレジストリキーまたはレジストリ値をバックアップを用いて修復します。

※註:マイクロソフト製品に関連したレジストリキーおよびレジストリ値のみが修復されます。このマルウェアもしくはアドウェア等が同社製品以外のプログラムも削除した場合には、該当プログラムを再度インストールする必要があります。

  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall
    • winscp3_is1


ご利用はいかがでしたか? アンケートにご協力ください