Trend Micro Security

Trojan.Win32.MALREP.THBACBO

2020年2月14日

 プラットフォーム:

Windows

 危険度:
 ダメージ度:
 感染力:
 感染確認数:


  • マルウェアタイプ: トロイの木馬型
  • 破壊活動の有無: なし
  • 暗号化:  
  • 感染報告の有無: はい

  概要


マルウェアは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。


  詳細

ファイルサイズ 147,456 bytes
タイプ EXE
メモリ常駐 はい
発見日 2020年2月14日

侵入方法

マルウェアは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。

インストール

マルウェアは、以下のプロセスを追加します。

  • cmd.exe /c vssadmin resize shadowstorage /for=A: /on=A: /maxsize=401MB
  • cmd.exe /c vssadmin resize shadowstorage /for=A: /on=A: /maxsize=unbounded
  • cmd.exe /c vssadmin resize shadowstorage /for=%System Root% /on=%System Root% /maxsize=401MB
  • cmd.exe /c vssadmin resize shadowstorage /for=%System Root% /on=%System Root% /maxsize=unbounded
  • cmd.exe /c vssadmin resize shadowstorage /for=F: /on=F: /maxsize=401MB
  • cmd.exe /c vssadmin resize shadowstorage /for=F: /on=F: /maxsize=unbounded
  • cmd.exe /c taskkill /f /im sql.* & taskkill /f /im winword.* & taskkill /f /im wordpad.* & taskkill /f /im outlook.* & taskkill /f /im thunderbird.* & taskkill /f /im oracle.* & taskkill /f /im excel.* & taskkill /f /im onenote.* & taskkill /f /im virtualboxvm.* & taskkill /f /im node.* & taskkill /f /im QBW32.* & taskkill /f /im WBGX.* & taskkill /f /im Teams.* & taskkill /f /im Flow.*
  • cmd.exe /c net stop DbxSvc & net stop OracleXETNSListener & net stop OracleServiceXE & net stop AcrSch2Svc & net stop AcronisAgent & net stop Apache2.4 & net stop SQLWriter & net stop MSSQL$SQLEXPRESS & net stop MSSQLServerADHelper100 & net stop MongoDB & net stop SQLAgent$SQLEXPRESS & net stop SQLBrowser & net stop CobianBackup11 & net stop cbVSCService11 & net stop QBCFMontorService & net stop QBVSS
  • cmd.exe /c bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet & wmic shadowcopy delete
  • powershell.exe -e RwBlAHQALQBXAG0AaQBPAGIAagBlAGMAdAAgAFcAaQBuADMAMgBfAFMAaABhAGQAbwB3AGMAbwBwAHkAIAB8ACAARgBvAHIARQBhAGMAaAAtAE8AYgBqAGUAYwB0ACAAewAkAF8ALgBEAGUAbABlAHQAZQAoACkAOwB9AA==
  • vssadmin resize shadowstorage /for=A: /on=A: /maxsize=401MB
  • vssadmin resize shadowstorage /for=A: /on=A: /maxsize=unbounded
  • vssadmin resize shadowstorage /for=%System Root% /on=%System Root% /maxsize=401MB
  • vssadmin resize shadowstorage /for=%System Root% /on=%System Root% /maxsize=unbounded
  • vssadmin resize shadowstorage /for=F: /on=F: /maxsize=401MB
  • vssadmin resize shadowstorage /for=F: /on=F: /maxsize=unbounded
  • net stop DbxSvc
  • net stop OracleXETNSListener
  • net stop OracleServiceXE
  • net stop AcrSch2Svc
  • net stop AcronisAgent
  • net stop Apache2.4
  • net stop SQLWriter
  • net stop MSSQL$SQLEXPRESS
  • net stop MSSQLServerADHelper100
  • net stop MongoDB
  • net stop SQLAgent$SQLEXPRESS
  • net stop SQLBrowser
  • taskkill /f /im sql.*
  • taskkill /f /im winword.*
  • %System%\net1 stop DbxSvc
  • %System%\net1 stop OracleXETNSListener
  • %System%\net1 stop OracleServiceXE
  • %System%\net1 stop AcrSch2Svc
  • %System%\net1 stop AcronisAgent
  • %System%\net1 stop Apache2.4
  • %System%\net1 stop SQLWriter
  • %System%\net1 stop MSSQL$SQLEXPRESS
  • %System%\net1 stop MSSQLServerADHelper100
  • %System%\net1 stop MongoDB
  • %System%\net1 stop SQLAgent$SQLEXPRESS
  • %System%\net1 stop SQLBrowser

(註:%System Root%フォルダは、オペレーティングシステム(OS)が存在する場所で、いずれのOSでも通常、 "C:" です。.. %System%フォルダは、システムフォルダで、いずれのオペレーティングシステム(OS)でも通常、"C:\Windows\System32" です。.)

他のシステム変更

マルウェアは、以下のファイルを改変します。

  • %System Root%\pagefile.sys
  • %System Root%\Python27\include\descrobject.h
  • %System Root%\Python27\include\node.h
  • %System Root%\powerpoint2k\PPT2KE05.ppt
  • %System Root%\Python27\include\pgen.h
  • %System Root%\Python27\DLLs\_sqlite3.pyd
  • %System Root%\Python27\include\longobject.h
  • %System Root%\excel2k\XLS2KE01.xls
  • %System Root%\Python27\include\ceval.h
  • %System Root%\excel2k\XLS2KE05.xls
  • %System Root%\Python27\include\boolobject.h
  • %System Root%\Python27\include\iterobject.h
  • %System Root%\Python27\DLLs\winsound.pyd
  • %System Root%\Python27\include\patchlevel.h
  • %System Root%\Python27\include\methodobject.h
  • %System Root%\Python27\include\frameobject.h
  • %System Root%\Python27\include\bytes_methods.h
  • %System Root%\Python27\include\memoryobject.h
  • %System Root%\Python27\DLLs\_bsddb.pyd
  • %System Root%\Python27\DLLs\_tkinter.pyd
  • F:\wlines.zip
  • %System Root%\powerpoint2k\PPT2KExx.PPT
  • %System Root%\Python27\include\object.h
  • %System Root%\Python27\include\cellobject.h
  • %System Root%\Python27\include\dtoa.h
  • %System Root%\powerpoint2k\PPT2KE00.pot
  • %System Root%\excel2k\XLS2KE02.xls
  • %System Root%\Python27\include\genobject.h
  • %System Root%\Python27\include\cStringIO.h
  • %System Root%\Python27\include\fileobject.h
  • %System Root%\Python27\include\floatobject.h
  • F:\data\photos\long_exposure.jpg
  • %System Root%\Python27\DLLs\_msi.pyd
  • %System Root%\Python27\include\opcode.h
  • %System Root%\Python27\include\intrcheck.h
  • %System Root%\Python27\include\objimpl.h
  • %System Root%\Python27\include\compile.h
  • F:\data\photos\stunning.jpg
  • %System Root%\Python27\DLLs\_ctypes_test.pyd
  • %System Root%\powerpoint2k\PPT2KE03.ppt
  • F:\data\dolist.txt
  • %System Root%\excel2k\XLS2KExx.xls
  • %System Root%\Python27\include\grammar.h
  • %System Root%\Python27\DLLs\_multiprocessing.pyd
  • %System Root%\Python27\include\graminit.h
  • %System Root%\powerpoint2k\PPT2KE01.ppt
  • %System Root%\Python27\include\ast.h
  • %System Root%\Python27\include\code.h
  • %System Root%\Python27\include\complexobject.h
  • %System Root%\Python27\include\marshal.h
  • %System Root%\Python27\include\classobject.h
  • %System Root%\Python27\DLLs\pyc.ico
  • %System Root%\Python27\include\pycapsule.h
  • %System Root%\powerpoint2k\PPT2KE04.ppt
  • %System Root%\Python27\DLLs\_elementtree.pyd
  • F:\data\tmp.doc
  • %System Root%\Email and Password List.vbs
  • %System Root%\Python27\include\longintrepr.h
  • %System Root%\Python27\include\moduleobject.h
  • %System Root%\Python27\include\intobject.h
  • %System Root%\powerpoint2k\PPT2KE02.ppt
  • %System Root%\Python27\include\bitset.h
  • %System Root%\Python27\include\asdl.h
  • %System Root%\Python27\include\osdefs.h
  • %System Root%\excel2k\XLS2KE03.xls
  • %System Root%\Python27\include\abstract.h
  • %System Root%\Python27\include\bytearrayobject.h
  • %System Root%\Python27\DLLs\py.ico
  • %System Root%\Python27\include\listobject.h
  • %System Root%\Python27\include\cobject.h
  • %System Root%\Python27\include\funcobject.h
  • %System Root%\Python27\DLLs\unicodedata.pyd
  • %System Root%\Python27\include\pyarena.h
  • %System Root%\Python27\include\errcode.h
  • %System Root%\Python27\DLLs\_testcapi.pyd
  • %System Root%\Python27\include\enumobject.h
  • %System Root%\Python27\include\codecs.h
  • %System Root%\Python27\include\metagrammar.h
  • %System Root%\Python27\include\modsupport.h
  • %System Root%\Python27\include\eval.h
  • %System Root%\Python27\include\parsetok.h
  • %System Root%\Python27\include\dictobject.h
  • %System Root%\Email and Password List.htm
  • %System Root%\Python27\include\datetime.h
  • %System Root%\excel2k\XLS2KE04.xls
  • %System Root%\Python27\include\import.h
  • %System Root%\excel2k\XLS2KE00.xlt
  • %System Root%\Python27\include\bytesobject.h
  • %System Root%\Email and Password List.txt
  • %System Root%\Python27\Doc\python2715.chm
  • %System Root%\Email and Password List.js
  • %System Root%\Python27\include\pgenheaders.h
  • %System Root%\Python27\include\bufferobject.h

(註:%System Root%フォルダは、オペレーティングシステム(OS)が存在する場所で、いずれのOSでも通常、 "C:" です。.)

マルウェアは、以下のファイルを削除します。

  • \{computername}\Users\{username}\Documents\Email and Password List.vbs
  • \{computername}\Users\{username}\Desktop\Transmag.doc
  • \{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE02.ppt
  • \{computername}\Users\{username}\Desktop\word2k\DOC2KE04.doc
  • \{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE05.ppt
  • \{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE01.ppt
  • \{computername}\Users\{username}\Desktop\excel2k\XLS2KE01.xls
  • \{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\flashplayer18_0r0_203_winax.msi
  • \{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\flashplayer18_0r0_203_mac.dmg
  • \{computername}\Users\{username}\Desktop\excel2k\XLS2KE00.xlt
  • \{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KExx.PPT
  • \{computername}\Users\{username}\Documents\word2k\DOC2KE03.doc
  • \{computername}\Users\{username}\Desktop\word2k\DOC2KE02.doc
  • \{computername}\Users\{username}\Desktop\Email and Password List.txt
  • \{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE05.ppt
  • \{computername}\Users\{username}\Documents\word2k\DOC2KE02.doc
  • \{computername}\Users\{username}\Desktop\note.txt
  • \{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE03.ppt
  • \{computername}\Users\{username}\Desktop\excel2k\XLS2KE03.xls
  • \{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\uninstall_flashplayer18_0r0_203_mac.dmg
  • \{computername}\Users\{username}\Desktop\Email and Password List.htm
  • \{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\flashplayer18_0r0_203_mac_pkg.dmg
  • \{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203_debug\flashplayer18_0r0_200_macpep_debug.dmg
  • \{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE01.ppt
  • \{computername}\Users\{username}\Documents\excel2k\XLS2KE02.xls
  • \{computername}\Users\{username}\Documents\word2k\DOC2KExx.doc
  • \{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\flashplayer18_0r0_200_macpep.dmg
  • \{computername}\Users\{username}\NTUSER.DAT{{GUID}}.TM.blf
  • \{computername}\Users\{username}\Documents\excel2k\XLS2KE00.xlt
  • \{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE00.pot
  • \{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203_debug\flashplayer18_0r0_203_mac_debug.dmg
  • \{computername}\Users\{username}\Desktop\excel2k\XLS2KE04.xls
  • \{computername}\Users\{username}\NTUSER.DAT{{GUID}}.TMContainer00000000000000000001.regtrans-ms
  • \{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE04.ppt
  • \{computername}\Users\{username}\Documents\word2k\DOC2KE00.dot
  • \{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE04.ppt
  • \{computername}\Users\{username}\Documents\excel2k\XLS2KE05.xls
  • \{computername}\Users\{username}\Desktop\excel2k\XLS2KE02.xls
  • \{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE00.pot
  • \{computername}\Users\{username}\Desktop\excel2k\XLS2KExx.xls
  • \{computername}\Users\{username}\Desktop\word2k\DOC2KE03.doc
  • \{computername}\Users\{username}\Documents\excel2k\XLS2KE04.xls
  • \{computername}\Users\{username}\Documents\Email and Password List.js
  • \{computername}\Users\{username}\Documents\word2k\DOC2KE05.doc
  • \{computername}\Users\{username}\Desktop\word2k\DOC2KE01.doc
  • \{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203_debug\flashplayer18_0r0_203_mac_sa_debug.dmg
  • \{computername}\Users\{username}\Documents\word2k\DOC2KE01.doc
  • \{computername}\Users\{username}\Documents\Email and Password List.txt
  • \{computername}\Users\{username}\Documents\powerpoint2k\PPT2KExx.PPT
  • \{computername}\Users\{username}\usb_drive.img
  • \{computername}\Users\{username}\Desktop\word2k\DOC2KE05.doc
  • \{computername}\Users\{username}\Documents\agent.pyw
  • \{computername}\Users\{username}\Contacts\{username}.contact
  • \{computername}\Users\{username}\ntuser.dat.LOG2
  • \{computername}\Users\{username}\Searches\Indexed Locations.search-ms
  • \{computername}\Users\{username}\Searches\Everywhere.search-ms
  • \{computername}\Users\{username}\Documents\excel2k\XLS2KE03.xls
  • \{computername}\Users\{username}\Desktop\word2k\DOC2KE00.dot
  • \{computername}\Users\{username}\Documents\fp_18.0.0.203_archive.zip
  • \{computername}\Users\{username}\Desktop\Email and Password List.vbs
  • %System Root%/pagefile.sys
  • \{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE02.ppt
  • \{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\flashplayer18_0r0_203_win.msi
  • \{computername}\Users\{username}\Desktop\excel2k\XLS2KE05.xls
  • \{computername}\Users\{username}\Desktop\Email and Password List.js
  • \{computername}\Users\{username}\NTUSER.DAT{{GUID}}.TMContainer00000000000000000002.regtrans-ms
  • \{computername}\Users\{username}\Documents\Email and Password List.htm
  • \{computername}\Users\{username}\ntuser.dat.LOG1
  • \{computername}\Users\{username}\Documents\word2k\DOC2KE04.doc
  • \{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE03.ppt
  • \{computername}\Users\{username}\Documents\excel2k\XLS2KExx.xls
  • \{computername}\Users\{username}\Desktop\AAljoOV.jpg
  • \{computername}\Users\{username}\Desktop\word2k\DOC2KExx.doc
  • \{computername}\Users\{username}\Documents\excel2k\XLS2KE01.xls

(註:%System Root%フォルダは、オペレーティングシステム(OS)が存在する場所で、いずれのOSでも通常、 "C:" です。.)

マルウェアは、以下のレジストリ値を追加します。

HKEY_CURRENT_USER\Software\NEMTY
fid = "NEMTY_YT6OE9L"

HKEY_CURRENT_USER\Software\NEMTY
pbkey = "{random characters}"

HKEY_CURRENT_USER\Software\NEMTY
cfg = "{random characters}"

作成活動

マルウェアは、以下のファイルを作成します。

  • \{computername}\Users\{username}\ntuser.dat.LOG1.NEMTY_YT6OE9L
  • %System Root%\excel2k\NEMTY_YT6OE9L-DECRYPT.txt
  • %System Root%\Python27\include\descrobject.h
  • \{computername}\Users\{username}\Searches\Indexed Locations.search-ms.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE04.ppt.NEMTY_YT6OE9L
  • %System Root%\powerpoint2k\PPT2KE05.ppt
  • \{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE04.ppt.NEMTY_YT6OE9L
  • %System Root%\Python27\include\pgen.h
  • \{computername}\Users\{username}\Documents\word2k\DOC2KE02.doc.NEMTY_YT6OE9L
  • %System Root%\Python27\DLLs\_sqlite3.pyd
  • \{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE03.ppt.NEMTY_YT6OE9L
  • %System Root%\Python27\DLLs\bz2.pyd.NEMTY_YT6OE9L
  • %System Root%\Python27\include\bytearrayobject.h.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE02.ppt.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Desktop\excel2k\XLS2KExx.xls.NEMTY_YT6OE9L
  • %System Root%\Python27\include\fileobject.h.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Desktop\excel2k\XLS2KE02.xls.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE00.pot.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Documents\excel2k\XLS2KExx.xls.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Desktop\Email and Password List.txt.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\usb_drive.img.NEMTY_YT6OE9L
  • %System Root%\Email and Password List.js.NEMTY_YT6OE9L
  • %System Root%\Python27\include\bytesobject.h.NEMTY_YT6OE9L
  • %System Root%\excel2k\XLS2KE05.xls
  • %System Root%\Python27\include\grammar.h.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Documents\excel2k\XLS2KE04.xls.NEMTY_YT6OE9L
  • %System Root%\Python27\include\boolobject.h
  • \{computername}\Users\{username}\NTUSER.DAT{{GUID}}.TM.blf.NEMTY_YT6OE9L
  • %System Root%\Python27\DLLs\_hashlib.pyd
  • \{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KExx.PPT.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Documents\excel2k\XLS2KE01.xls.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\ntuser.dat.LOG2.NEMTY_YT6OE9L
  • %System Root%\Python27\include\floatobject.h.NEMTY_YT6OE9L
  • %System Root%\excel2k\XLS2KE03.xls.NEMTY_YT6OE9L
  • %System Root%\Python27\DLLs\winsound.pyd
  • %System Root%\Python27\include\patchlevel.h
  • \{computername}\Users\{username}\Documents\word2k\DOC2KExx.doc.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Documents\powerpoint2k\PPT2KExx.PPT.NEMTY_YT6OE9L
  • %System Root%\excel2k\XLS2KE04.xls.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE05.ppt.NEMTY_YT6OE9L
  • %System Root%\powerpoint2k\PPT2KE03.ppt.NEMTY_YT6OE9L
  • %System Root%\Python27\include\methodobject.h
  • \{computername}\Users\{username}\Documents\excel2k\XLS2KE00.xlt.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Desktop\word2k\DOC2KExx.doc.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE01.ppt.NEMTY_YT6OE9L
  • %System Root%\Python27\include\import.h.NEMTY_YT6OE9L
  • %System Root%\Python27\DLLs\NEMTY_YT6OE9L-DECRYPT.txt
  • %System Root%\Python27\include\modsupport.h.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE03.ppt.NEMTY_YT6OE9L
  • F:\data\dolist.txt.NEMTY_YT6OE9L
  • %System Root%\Python27\include\bytes_methods.h
  • F:\data\photos\NEMTY_YT6OE9L-DECRYPT.txt
  • %System Root%\powerpoint2k\PPT2KE01.ppt.NEMTY_YT6OE9L
  • %System Root%\Python27\DLLs\_bsddb.pyd
  • \{computername}\Users\{username}\NTUSER.DAT{{GUID}}.TMContainer00000000000000000002.regtrans-ms.NEMTY_YT6OE9L
  • F:\wlines.zip
  • %System Root%\excel2k\XLS2KExx.xls.NEMTY_YT6OE9L
  • %System Root%\excel2k\XLS2KE05.xls.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Desktop\Email and Password List.vbs.NEMTY_YT6OE9L
  • F:\NEMTY_YT6OE9L-DECRYPT.txt
  • %System Root%\Python27\include\object.h
  • \{computername}\Users\{username}\Documents\word2k\DOC2KE03.doc.NEMTY_YT6OE9L
  • %System Root%\powerpoint2k\PPT2KE00.pot
  • %System Root%\Python27\include\longintrepr.h.NEMTY_YT6OE9L
  • %System Root%\Python27\include\genobject.h
  • %System Root%\Python27\include\ast.h.NEMTY_YT6OE9L
  • %System Root%\Python27\include\cStringIO.h
  • %System Root%\Python27\include\floatobject.h
  • %System Root%\Python27\include\genobject.h.NEMTY_YT6OE9L
  • F:\data\photos\long_exposure.jpg
  • %System Root%\Python27\include\errcode.h.NEMTY_YT6OE9L
  • %System Root%\Python27\include\opcode.h
  • %System Root%\Python27\include\intrcheck.h
  • %System Root%\Python27\include\compile.h
  • \{computername}\Users\{username}\Desktop\note.txt.NEMTY_YT6OE9L
  • %System Root%\Python27\NEMTY_YT6OE9L-DECRYPT.txt
  • \{computername}\Users\{username}\Desktop\word2k\DOC2KE02.doc.NEMTY_YT6OE9L
  • %System Root%\Python27\include\abstract.h.NEMTY_YT6OE9L
  • A:\NEMTY_YT6OE9L-DECRYPT.txt
  • %System Root%\Python27\include\pgenheaders.h.NEMTY_YT6OE9L
  • %System Root%\Python27\DLLs\winsound.pyd.NEMTY_YT6OE9L
  • %System Root%\Python27\DLLs\pyc.ico.NEMTY_YT6OE9L
  • %System Root%\Python27\include\object.h.NEMTY_YT6OE9L
  • F:\data\dolist.txt
  • %System Root%\Python27\include\pyarena.h.NEMTY_YT6OE9L
  • F:\data\photos\stunning.jpg.NEMTY_YT6OE9L
  • %System Root%\Python27\include\datetime.h.NEMTY_YT6OE9L
  • %System Root%\powerpoint2k\PPT2KE02.ppt.NEMTY_YT6OE9L
  • %System Root%\Python27\include\graminit.h
  • %System Root%\Python27\DLLs\py.ico.NEMTY_YT6OE9L
  • %System Root%\excel2k\XLS2KE00.xlt.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Searches\Everywhere.search-ms.NEMTY_YT6OE9L
  • %System Root%\Python27\include\complexobject.h
  • %System Root%\Python27\include\intrcheck.h.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203_debug\flashplayer18_0r0_203_mac_debug.dmg.NEMTY_YT6OE9L
  • %System Root%\Python27\DLLs\_ctypes_test.pyd.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\flashplayer18_0r0_203_win.msi.NEMTY_YT6OE9L
  • %System Root%\Python27\include\classobject.h
  • %System Root%\Python27\DLLs\pyc.ico
  • %System Root%\Python27\include\opcode.h.NEMTY_YT6OE9L
  • %System Root%\Python27\include\pycapsule.h
  • \{computername}\Users\{username}\Documents\fp_18.0.0.203_archive.zip.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Desktop\word2k\DOC2KE05.doc.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Desktop\word2k\DOC2KE01.doc.NEMTY_YT6OE9L
  • %System Root%\powerpoint2k\PPT2KExx.PPT.NEMTY_YT6OE9L
  • F:\data\tmp.doc
  • F:\data\NEMTY_YT6OE9L-DECRYPT.txt
  • %System Root%\Python27\include\longintrepr.h
  • \{computername}\Users\{username}\Desktop\excel2k\XLS2KE00.xlt.NEMTY_YT6OE9L
  • %System Root%\Python27\DLLs\_testcapi.pyd.NEMTY_YT6OE9L
  • %System Root%\Python27\include\marshal.h.NEMTY_YT6OE9L
  • %System Root%\powerpoint2k\PPT2KE02.ppt
  • %Program Files%\NEMTY_YT6OE9L-DECRYPT.txt
  • %System Root%\Python27\include\asdl.h
  • %System Root%\Python27\include\osdefs.h
  • %System Root%\Python27\include\abstract.h
  • %System Root%\Python27\include\bytearrayobject.h
  • %System Root%\Documents and Settings\NEMTY_YT6OE9L-DECRYPT.txt
  • \{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE00.pot.NEMTY_YT6OE9L
  • %System Root%\powerpoint2k\PPT2KE04.ppt.NEMTY_YT6OE9L
  • %System Root%\Python27\include\cobject.h
  • %System Root%\Python27\include\errcode.h
  • %System Root%\Python27\include\code.h.NEMTY_YT6OE9L
  • %System Root%\Python27\DLLs\_testcapi.pyd
  • \{computername}\Users\{username}\Documents\Email and Password List.htm.NEMTY_YT6OE9L
  • %System Root%\Python27\include\listobject.h.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203_debug\flashplayer18_0r0_200_macpep_debug.dmg.NEMTY_YT6OE9L
  • %System Root%\Python27\DLLs\_hashlib.pyd.NEMTY_YT6OE9L
  • %System Root%\Python27\include\modsupport.h
  • %System Root%\Python27\include\methodobject.h.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE01.ppt.NEMTY_YT6OE9L
  • %System Root%\Python27\include\eval.h
  • %System Root%\Python27\include\classobject.h.NEMTY_YT6OE9L
  • %System Root%\Python27\include\cobject.h.NEMTY_YT6OE9L
  • %System Root%\Python27\include\parsetok.h
  • %System Root%\Python27\include\bitset.h.NEMTY_YT6OE9L
  • %System Root%\Python27\include\dictobject.h
  • \{computername}\Users\{username}\Desktop\AAljoOV.jpg.NEMTY_YT6OE9L
  • %System Root%\Python27\include\datetime.h
  • \{computername}\Users\{username}\Desktop\excel2k\XLS2KE05.xls.NEMTY_YT6OE9L
  • %System Root%\Python27\include\complexobject.h.NEMTY_YT6OE9L
  • %System Root%\Python27\DLLs\_msi.pyd.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Documents\Email and Password List.vbs.NEMTY_YT6OE9L
  • %System Root%\Email and Password List.htm.NEMTY_YT6OE9L
  • %System Root%\excel2k\XLS2KE00.xlt
  • %System Root%\Python27\DLLs\_ctypes.pyd
  • %System Root%\Python27\DLLs\bz2.pyd
  • %System Root%\Python27\include\bytesobject.h
  • %System Root%\Python27\include\pycapsule.h.NEMTY_YT6OE9L
  • %System Root%\Email and Password List.txt
  • %System Root%\Python27\include\longobject.h.NEMTY_YT6OE9L
  • %System Root%\Email and Password List.js
  • %System Root%\Python27\include\bufferobject.h
  • %System Root%\Python27\include\node.h.NEMTY_YT6OE9L
  • %System Root%\Python27\include\pgen.h.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\flashplayer18_0r0_203_mac_pkg.dmg.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Desktop\Email and Password List.js.NEMTY_YT6OE9L
  • %System Root%\Email and Password List.txt.NEMTY_YT6OE9L
  • %System Root%\Python27\DLLs\_ssl.pyd
  • %System Root%\Python27\include\node.h
  • %System Root%\powerpoint2k\PPT2KE05.ppt.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Desktop\word2k\DOC2KE04.doc.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Documents\Email and Password List.txt.NEMTY_YT6OE9L
  • F:\data\tmp.doc.NEMTY_YT6OE9L
  • %System Root%\Python27\include\longobject.h
  • %System Root%\excel2k\XLS2KE01.xls
  • %System Root%\Python27\include\ceval.h
  • \{computername}\Users\{username}\Documents\excel2k\XLS2KE05.xls.NEMTY_YT6OE9L
  • %System Root%\Python27\DLLs\_ctypes.pyd.NEMTY_YT6OE9L
  • %System Root%\Python27\DLLs\_sqlite3.pyd.NEMTY_YT6OE9L
  • %System Root%\Python27\include\compile.h.NEMTY_YT6OE9L
  • %System Root%\Python27\include\codecs.h.NEMTY_YT6OE9L
  • %System Root%\Python27\include\metagrammar.h.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Desktop\word2k\DOC2KE00.dot.NEMTY_YT6OE9L
  • %System Root%\Python27\DLLs\pyexpat.pyd.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Desktop\Transmag.doc.NEMTY_YT6OE9L
  • %System Root%\Python27\include\iterobject.h
  • %System Root%\Python27\include\frameobject.h.NEMTY_YT6OE9L
  • %System Root%\Python27\include\memoryobject.h.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\NTUSER.DAT{{GUID}}.TMContainer00000000000000000001.regtrans-ms.NEMTY_YT6OE9L
  • %System Root%\Python27\include\bytes_methods.h.NEMTY_YT6OE9L
  • %System Root%\Python27\include\frameobject.h
  • \{computername}\Users\{username}\Documents\agent.pyw.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Desktop\excel2k\XLS2KE01.xls.NEMTY_YT6OE9L
  • %System Root%\Python27\DLLs\_multiprocessing.pyd.NEMTY_YT6OE9L
  • %System Root%\excel2k\XLS2KE01.xls.NEMTY_YT6OE9L
  • %System Root%\PerfLogs\Admin\NEMTY_YT6OE9L-DECRYPT.txt
  • %System Root%\Python27\include\memoryobject.h
  • \{computername}\Users\{username}\Desktop\Email and Password List.htm.NEMTY_YT6OE9L
  • %System Root%\Python27\Doc\python2715.chm.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Desktop\word2k\DOC2KE03.doc.NEMTY_YT6OE9L
  • %System Root%\Python27\DLLs\_tkinter.pyd
  • %System Root%\Python27\include\dictobject.h.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE02.ppt.NEMTY_YT6OE9L
  • %System Root%\Program Files\NEMTY_YT6OE9L-DECRYPT.txt
  • %System Root%\powerpoint2k\PPT2KExx.PPT
  • \{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\flashplayer18_0r0_203_winax.msi.NEMTY_YT6OE9L
  • %System Root%\Python27\include\cellobject.h
  • %System Root%\Python27\include\dtoa.h
  • %System Root%\Python27\include\graminit.h.NEMTY_YT6OE9L
  • %System Root%\Python27\include\funcobject.h.NEMTY_YT6OE9L
  • %System Root%\excel2k\XLS2KE02.xls
  • %System Root%\Python27\DLLs\_ssl.pyd.NEMTY_YT6OE9L
  • %System Root%\Python27\include\fileobject.h
  • \{computername}\Users\{username}\Desktop\excel2k\XLS2KE03.xls.NEMTY_YT6OE9L
  • %System Root%\Python27\DLLs\_msi.pyd
  • %System Root%\Python27\include\bufferobject.h.NEMTY_YT6OE9L
  • %System Root%\Email and Password List.vbs.NEMTY_YT6OE9L
  • %System Root%\Python27\include\objimpl.h
  • F:\data\photos\stunning.jpg
  • %System Root%\Python27\DLLs\unicodedata.pyd.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\uninstall_flashplayer18_0r0_203_mac.dmg.NEMTY_YT6OE9L
  • %System Root%\Python27\DLLs\_ctypes_test.pyd
  • %System Root%\powerpoint2k\PPT2KE03.ppt
  • %System Root%\excel2k\XLS2KExx.xls
  • %System Root%\Python27\include\dtoa.h.NEMTY_YT6OE9L
  • %System Root%\Python27\include\objimpl.h.NEMTY_YT6OE9L
  • %System Root%\Python27\include\grammar.h
  • %System Root%\Python27\DLLs\_multiprocessing.pyd
  • %System Root%\Python27\DLLs\select.pyd.NEMTY_YT6OE9L
  • %System Root%\powerpoint2k\PPT2KE01.ppt
  • %System Root%\Python27\include\ast.h
  • %System Root%\Python27\include\cellobject.h.NEMTY_YT6OE9L
  • %System Root%\Python27\include\code.h
  • \{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\flashplayer18_0r0_200_macpep.dmg.NEMTY_YT6OE9L
  • %System Root%\Python27\include\marshal.h
  • \{computername}\Users\{username}\Documents\word2k\DOC2KE00.dot.NEMTY_YT6OE9L
  • %System Root%\PerfLogs\NEMTY_YT6OE9L-DECRYPT.txt
  • \{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203_debug\flashplayer18_0r0_203_mac_sa_debug.dmg.NEMTY_YT6OE9L
  • F:\data\photos\long_exposure.jpg.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Documents\excel2k\XLS2KE03.xls.NEMTY_YT6OE9L
  • %System Root%\Python27\include\NEMTY_YT6OE9L-DECRYPT.txt
  • %System Root%\Python27\DLLs\_tkinter.pyd.NEMTY_YT6OE9L
  • %System Root%/pagefile.sys.NEMTY_YT6OE9L
  • %System Root%\powerpoint2k\PPT2KE04.ppt
  • %System Root%\Python27\DLLs\_socket.pyd.NEMTY_YT6OE9L
  • %System Root%\Python27\include\patchlevel.h.NEMTY_YT6OE9L
  • %System Root%\Python27\DLLs\_elementtree.pyd
  • %System Root%\Email and Password List.vbs
  • %System Root%\Python27\include\moduleobject.h
  • F:\wlines.zip.NEMTY_YT6OE9L
  • %System Root%\Python27\include\intobject.h
  • %System Root%\Python27\include\bitset.h
  • %System Root%\powerpoint2k\PPT2KE00.pot.NEMTY_YT6OE9L
  • %System Root%\Python27\DLLs\_socket.pyd
  • %System Root%\excel2k\XLS2KE03.xls
  • \{computername}\Users\{username}\Contacts\{username}.contact.NEMTY_YT6OE9L
  • %System Root%\Python27\DLLs\select.pyd
  • %System Root%\Python27\include\parsetok.h.NEMTY_YT6OE9L
  • %System Root%\Python27\include\cStringIO.h.NEMTY_YT6OE9L
  • %System Root%\Python27\DLLs\py.ico
  • \{computername}\Users\{username}\Documents\word2k\DOC2KE04.doc.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE05.ppt.NEMTY_YT6OE9L
  • %System Root%\Python27\include\listobject.h
  • \{computername}\Users\{username}\Documents\word2k\DOC2KE01.doc.NEMTY_YT6OE9L
  • %System Root%\Python27\include\funcobject.h
  • %System Root%\Python27\DLLs\unicodedata.pyd
  • %System Root%\Python27\include\pyarena.h
  • %System Root%\powerpoint2k\NEMTY_YT6OE9L-DECRYPT.txt
  • \{computername}\Users\{username}\Documents\Email and Password List.js.NEMTY_YT6OE9L
  • %System Root%\Python27\include\enumobject.h
  • %System Root%\Python27\include\osdefs.h.NEMTY_YT6OE9L
  • %System Root%\Python27\include\boolobject.h.NEMTY_YT6OE9L
  • %System Root%\Python27\include\codecs.h
  • %System Root%\Python27\include\metagrammar.h
  • %System Root%\NEMTY_YT6OE9L-DECRYPT.txt
  • %System Root%\Python27\include\eval.h.NEMTY_YT6OE9L
  • %System Root%\excel2k\XLS2KE02.xls.NEMTY_YT6OE9L
  • %System Root%\Python27\include\enumobject.h.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Documents\excel2k\XLS2KE02.xls.NEMTY_YT6OE9L
  • %System Root%\Email and Password List.htm
  • %System Root%\Python27\DLLs\_bsddb.pyd.NEMTY_YT6OE9L
  • %System Root%\excel2k\XLS2KE04.xls
  • %System Root%\Python27\DLLs\_elementtree.pyd.NEMTY_YT6OE9L
  • %System Root%\Python27\include\iterobject.h.NEMTY_YT6OE9L
  • %System Root%\Python27\Doc\NEMTY_YT6OE9L-DECRYPT.txt
  • %System Root%\Python27\include\import.h
  • %System Root%\Python27\include\intobject.h.NEMTY_YT6OE9L
  • %System Root%\Python27\include\moduleobject.h.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\flashplayer18_0r0_203_mac.dmg.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Documents\word2k\DOC2KE05.doc.NEMTY_YT6OE9L
  • %System Root%\Python27\include\descrobject.h.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Desktop\excel2k\XLS2KE04.xls.NEMTY_YT6OE9L
  • %System Root%\Python27\include\asdl.h.NEMTY_YT6OE9L
  • %System Root%\Python27\Doc\python2715.chm
  • %System Root%\Python27\include\pgenheaders.h
  • %System Root%\Python27\DLLs\pyexpat.pyd
  • %System Root%\Python27\include\ceval.h.NEMTY_YT6OE9L

(註:%System Root%フォルダは、オペレーティングシステム(OS)が存在する場所で、いずれのOSでも通常、 "C:" です。.. %Program Files%フォルダは、デフォルトのプログラムファイルフォルダです。C:\Program Files in Windows 2000(32-bit)、Server 2003(32-bit)、XP、Vista(64-bit)、7、8、8.1、2008(64-bit)、2012(64-bit)、10(64-bit)の場合、通常 "C:\Program Files"です。また、Windows XP(64-bit)、Vista(64-bit)、7(64-bit)、8(64-bit)、8.1(64-bit)、2008(64-bit)、2012(64-bit)、10(64-bit)の場合、通常 "C:\Program Files(x86)" です。)

このウイルス情報は、自動解析システムにより作成されました。


  対応方法

対応検索エンジン: 9.850

手順 1

Windows XP、Windows Vista および Windows 7 のユーザは、コンピュータからマルウェアもしくはアドウェア等を完全に削除するために、ウイルス検索の実行前には必ず「システムの復元」を無効にしてください。

手順 2

「Trojan.Win32.MALREP.THBACBO」で検出したファイル名を確認し、そのファイルを終了します。

[ 詳細 ]

  • すべての実行中プロセスが、Windows のタスクマネージャに表示されない場合があります。この場合、"Process Explorer" などのツールを使用しマルウェアのファイルを終了してください。"Process Explorer" については、こちらをご参照下さい。
  • 検出ファイルが、Windows のタスクマネージャまたは "Process Explorer" に表示されるものの、削除できない場合があります。この場合、コンピュータをセーフモードで再起動してください。
    セーフモードについては、こちらをご参照下さい。
  • 検出ファイルがタスクマネージャ上で表示されない場合、次の手順にお進みください。

手順 3

このレジストリ値を削除します。

[ 詳細 ]

警告:レジストリはWindowsの構成情報が格納されているデータベースであり、レジストリの編集内容に問題があると、システムが正常に動作しなくなる場合があります。
レジストリの編集はお客様の責任で行っていただくようお願いいたします。弊社ではレジストリの編集による如何なる問題に対しても補償いたしかねます。
レジストリの編集前にこちらをご参照ください。

  • In HKEY_CURRENT_USER\Software\NEMTY
    • fid = "NEMTY_YT6OE9L"
  • In HKEY_CURRENT_USER\Software\NEMTY
    • pbkey = "{random characters}"
  • In HKEY_CURRENT_USER\Software\NEMTY
    • cfg = "{random characters}"

手順 4

以下のファイルを検索し削除します。

[ 詳細 ]
コンポーネントファイルが隠しファイル属性の場合があります。[詳細設定オプション]をクリックし、[隠しファイルとフォルダの検索]のチェックボックスをオンにし、検索結果に隠しファイルとフォルダが含まれるようにしてください。
  • \{computername}\Users\{username}\ntuser.dat.LOG1.NEMTY_YT6OE9L
  • %System Root%\excel2k\NEMTY_YT6OE9L-DECRYPT.txt
  • %System Root%\Python27\include\descrobject.h
  • \{computername}\Users\{username}\Searches\Indexed Locations.search-ms.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE04.ppt.NEMTY_YT6OE9L
  • %System Root%\powerpoint2k\PPT2KE05.ppt
  • \{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE04.ppt.NEMTY_YT6OE9L
  • %System Root%\Python27\include\pgen.h
  • \{computername}\Users\{username}\Documents\word2k\DOC2KE02.doc.NEMTY_YT6OE9L
  • %System Root%\Python27\DLLs\_sqlite3.pyd
  • \{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE03.ppt.NEMTY_YT6OE9L
  • %System Root%\Python27\DLLs\bz2.pyd.NEMTY_YT6OE9L
  • %System Root%\Python27\include\bytearrayobject.h.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE02.ppt.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Desktop\excel2k\XLS2KExx.xls.NEMTY_YT6OE9L
  • %System Root%\Python27\include\fileobject.h.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Desktop\excel2k\XLS2KE02.xls.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE00.pot.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Documents\excel2k\XLS2KExx.xls.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Desktop\Email and Password List.txt.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\usb_drive.img.NEMTY_YT6OE9L
  • %System Root%\Email and Password List.js.NEMTY_YT6OE9L
  • %System Root%\Python27\include\bytesobject.h.NEMTY_YT6OE9L
  • %System Root%\excel2k\XLS2KE05.xls
  • %System Root%\Python27\include\grammar.h.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Documents\excel2k\XLS2KE04.xls.NEMTY_YT6OE9L
  • %System Root%\Python27\include\boolobject.h
  • \{computername}\Users\{username}\NTUSER.DAT{{GUID}}.TM.blf.NEMTY_YT6OE9L
  • %System Root%\Python27\DLLs\_hashlib.pyd
  • \{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KExx.PPT.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Documents\excel2k\XLS2KE01.xls.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\ntuser.dat.LOG2.NEMTY_YT6OE9L
  • %System Root%\Python27\include\floatobject.h.NEMTY_YT6OE9L
  • %System Root%\excel2k\XLS2KE03.xls.NEMTY_YT6OE9L
  • %System Root%\Python27\DLLs\winsound.pyd
  • %System Root%\Python27\include\patchlevel.h
  • \{computername}\Users\{username}\Documents\word2k\DOC2KExx.doc.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Documents\powerpoint2k\PPT2KExx.PPT.NEMTY_YT6OE9L
  • %System Root%\excel2k\XLS2KE04.xls.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE05.ppt.NEMTY_YT6OE9L
  • %System Root%\powerpoint2k\PPT2KE03.ppt.NEMTY_YT6OE9L
  • %System Root%\Python27\include\methodobject.h
  • \{computername}\Users\{username}\Documents\excel2k\XLS2KE00.xlt.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Desktop\word2k\DOC2KExx.doc.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE01.ppt.NEMTY_YT6OE9L
  • %System Root%\Python27\include\import.h.NEMTY_YT6OE9L
  • %System Root%\Python27\DLLs\NEMTY_YT6OE9L-DECRYPT.txt
  • %System Root%\Python27\include\modsupport.h.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE03.ppt.NEMTY_YT6OE9L
  • F:\data\dolist.txt.NEMTY_YT6OE9L
  • %System Root%\Python27\include\bytes_methods.h
  • F:\data\photos\NEMTY_YT6OE9L-DECRYPT.txt
  • %System Root%\powerpoint2k\PPT2KE01.ppt.NEMTY_YT6OE9L
  • %System Root%\Python27\DLLs\_bsddb.pyd
  • \{computername}\Users\{username}\NTUSER.DAT{{GUID}}.TMContainer00000000000000000002.regtrans-ms.NEMTY_YT6OE9L
  • F:\wlines.zip
  • %System Root%\excel2k\XLS2KExx.xls.NEMTY_YT6OE9L
  • %System Root%\excel2k\XLS2KE05.xls.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Desktop\Email and Password List.vbs.NEMTY_YT6OE9L
  • F:\NEMTY_YT6OE9L-DECRYPT.txt
  • %System Root%\Python27\include\object.h
  • \{computername}\Users\{username}\Documents\word2k\DOC2KE03.doc.NEMTY_YT6OE9L
  • %System Root%\powerpoint2k\PPT2KE00.pot
  • %System Root%\Python27\include\longintrepr.h.NEMTY_YT6OE9L
  • %System Root%\Python27\include\genobject.h
  • %System Root%\Python27\include\ast.h.NEMTY_YT6OE9L
  • %System Root%\Python27\include\cStringIO.h
  • %System Root%\Python27\include\floatobject.h
  • %System Root%\Python27\include\genobject.h.NEMTY_YT6OE9L
  • F:\data\photos\long_exposure.jpg
  • %System Root%\Python27\include\errcode.h.NEMTY_YT6OE9L
  • %System Root%\Python27\include\opcode.h
  • %System Root%\Python27\include\intrcheck.h
  • %System Root%\Python27\include\compile.h
  • \{computername}\Users\{username}\Desktop\note.txt.NEMTY_YT6OE9L
  • %System Root%\Python27\NEMTY_YT6OE9L-DECRYPT.txt
  • \{computername}\Users\{username}\Desktop\word2k\DOC2KE02.doc.NEMTY_YT6OE9L
  • %System Root%\Python27\include\abstract.h.NEMTY_YT6OE9L
  • A:\NEMTY_YT6OE9L-DECRYPT.txt
  • %System Root%\Python27\include\pgenheaders.h.NEMTY_YT6OE9L
  • %System Root%\Python27\DLLs\winsound.pyd.NEMTY_YT6OE9L
  • %System Root%\Python27\DLLs\pyc.ico.NEMTY_YT6OE9L
  • %System Root%\Python27\include\object.h.NEMTY_YT6OE9L
  • F:\data\dolist.txt
  • %System Root%\Python27\include\pyarena.h.NEMTY_YT6OE9L
  • F:\data\photos\stunning.jpg.NEMTY_YT6OE9L
  • %System Root%\Python27\include\datetime.h.NEMTY_YT6OE9L
  • %System Root%\powerpoint2k\PPT2KE02.ppt.NEMTY_YT6OE9L
  • %System Root%\Python27\include\graminit.h
  • %System Root%\Python27\DLLs\py.ico.NEMTY_YT6OE9L
  • %System Root%\excel2k\XLS2KE00.xlt.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Searches\Everywhere.search-ms.NEMTY_YT6OE9L
  • %System Root%\Python27\include\complexobject.h
  • %System Root%\Python27\include\intrcheck.h.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203_debug\flashplayer18_0r0_203_mac_debug.dmg.NEMTY_YT6OE9L
  • %System Root%\Python27\DLLs\_ctypes_test.pyd.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\flashplayer18_0r0_203_win.msi.NEMTY_YT6OE9L
  • %System Root%\Python27\include\classobject.h
  • %System Root%\Python27\DLLs\pyc.ico
  • %System Root%\Python27\include\opcode.h.NEMTY_YT6OE9L
  • %System Root%\Python27\include\pycapsule.h
  • \{computername}\Users\{username}\Documents\fp_18.0.0.203_archive.zip.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Desktop\word2k\DOC2KE05.doc.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Desktop\word2k\DOC2KE01.doc.NEMTY_YT6OE9L
  • %System Root%\powerpoint2k\PPT2KExx.PPT.NEMTY_YT6OE9L
  • F:\data\tmp.doc
  • F:\data\NEMTY_YT6OE9L-DECRYPT.txt
  • %System Root%\Python27\include\longintrepr.h
  • \{computername}\Users\{username}\Desktop\excel2k\XLS2KE00.xlt.NEMTY_YT6OE9L
  • %System Root%\Python27\DLLs\_testcapi.pyd.NEMTY_YT6OE9L
  • %System Root%\Python27\include\marshal.h.NEMTY_YT6OE9L
  • %System Root%\powerpoint2k\PPT2KE02.ppt
  • %Program Files%\NEMTY_YT6OE9L-DECRYPT.txt
  • %System Root%\Python27\include\asdl.h
  • %System Root%\Python27\include\osdefs.h
  • %System Root%\Python27\include\abstract.h
  • %System Root%\Python27\include\bytearrayobject.h
  • %System Root%\Documents and Settings\NEMTY_YT6OE9L-DECRYPT.txt
  • \{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE00.pot.NEMTY_YT6OE9L
  • %System Root%\powerpoint2k\PPT2KE04.ppt.NEMTY_YT6OE9L
  • %System Root%\Python27\include\cobject.h
  • %System Root%\Python27\include\errcode.h
  • %System Root%\Python27\include\code.h.NEMTY_YT6OE9L
  • %System Root%\Python27\DLLs\_testcapi.pyd
  • \{computername}\Users\{username}\Documents\Email and Password List.htm.NEMTY_YT6OE9L
  • %System Root%\Python27\include\listobject.h.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203_debug\flashplayer18_0r0_200_macpep_debug.dmg.NEMTY_YT6OE9L
  • %System Root%\Python27\DLLs\_hashlib.pyd.NEMTY_YT6OE9L
  • %System Root%\Python27\include\modsupport.h
  • %System Root%\Python27\include\methodobject.h.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE01.ppt.NEMTY_YT6OE9L
  • %System Root%\Python27\include\eval.h
  • %System Root%\Python27\include\classobject.h.NEMTY_YT6OE9L
  • %System Root%\Python27\include\cobject.h.NEMTY_YT6OE9L
  • %System Root%\Python27\include\parsetok.h
  • %System Root%\Python27\include\bitset.h.NEMTY_YT6OE9L
  • %System Root%\Python27\include\dictobject.h
  • \{computername}\Users\{username}\Desktop\AAljoOV.jpg.NEMTY_YT6OE9L
  • %System Root%\Python27\include\datetime.h
  • \{computername}\Users\{username}\Desktop\excel2k\XLS2KE05.xls.NEMTY_YT6OE9L
  • %System Root%\Python27\include\complexobject.h.NEMTY_YT6OE9L
  • %System Root%\Python27\DLLs\_msi.pyd.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Documents\Email and Password List.vbs.NEMTY_YT6OE9L
  • %System Root%\Email and Password List.htm.NEMTY_YT6OE9L
  • %System Root%\excel2k\XLS2KE00.xlt
  • %System Root%\Python27\DLLs\_ctypes.pyd
  • %System Root%\Python27\DLLs\bz2.pyd
  • %System Root%\Python27\include\bytesobject.h
  • %System Root%\Python27\include\pycapsule.h.NEMTY_YT6OE9L
  • %System Root%\Email and Password List.txt
  • %System Root%\Python27\include\longobject.h.NEMTY_YT6OE9L
  • %System Root%\Email and Password List.js
  • %System Root%\Python27\include\bufferobject.h
  • %System Root%\Python27\include\node.h.NEMTY_YT6OE9L
  • %System Root%\Python27\include\pgen.h.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\flashplayer18_0r0_203_mac_pkg.dmg.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Desktop\Email and Password List.js.NEMTY_YT6OE9L
  • %System Root%\Email and Password List.txt.NEMTY_YT6OE9L
  • %System Root%\Python27\DLLs\_ssl.pyd
  • %System Root%\Python27\include\node.h
  • %System Root%\powerpoint2k\PPT2KE05.ppt.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Desktop\word2k\DOC2KE04.doc.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Documents\Email and Password List.txt.NEMTY_YT6OE9L
  • F:\data\tmp.doc.NEMTY_YT6OE9L
  • %System Root%\Python27\include\longobject.h
  • %System Root%\excel2k\XLS2KE01.xls
  • %System Root%\Python27\include\ceval.h
  • \{computername}\Users\{username}\Documents\excel2k\XLS2KE05.xls.NEMTY_YT6OE9L
  • %System Root%\Python27\DLLs\_ctypes.pyd.NEMTY_YT6OE9L
  • %System Root%\Python27\DLLs\_sqlite3.pyd.NEMTY_YT6OE9L
  • %System Root%\Python27\include\compile.h.NEMTY_YT6OE9L
  • %System Root%\Python27\include\codecs.h.NEMTY_YT6OE9L
  • %System Root%\Python27\include\metagrammar.h.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Desktop\word2k\DOC2KE00.dot.NEMTY_YT6OE9L
  • %System Root%\Python27\DLLs\pyexpat.pyd.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Desktop\Transmag.doc.NEMTY_YT6OE9L
  • %System Root%\Python27\include\iterobject.h
  • %System Root%\Python27\include\frameobject.h.NEMTY_YT6OE9L
  • %System Root%\Python27\include\memoryobject.h.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\NTUSER.DAT{{GUID}}.TMContainer00000000000000000001.regtrans-ms.NEMTY_YT6OE9L
  • %System Root%\Python27\include\bytes_methods.h.NEMTY_YT6OE9L
  • %System Root%\Python27\include\frameobject.h
  • \{computername}\Users\{username}\Documents\agent.pyw.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Desktop\excel2k\XLS2KE01.xls.NEMTY_YT6OE9L
  • %System Root%\Python27\DLLs\_multiprocessing.pyd.NEMTY_YT6OE9L
  • %System Root%\excel2k\XLS2KE01.xls.NEMTY_YT6OE9L
  • %System Root%\PerfLogs\Admin\NEMTY_YT6OE9L-DECRYPT.txt
  • %System Root%\Python27\include\memoryobject.h
  • \{computername}\Users\{username}\Desktop\Email and Password List.htm.NEMTY_YT6OE9L
  • %System Root%\Python27\Doc\python2715.chm.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Desktop\word2k\DOC2KE03.doc.NEMTY_YT6OE9L
  • %System Root%\Python27\DLLs\_tkinter.pyd
  • %System Root%\Python27\include\dictobject.h.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE02.ppt.NEMTY_YT6OE9L
  • %System Root%\Program Files\NEMTY_YT6OE9L-DECRYPT.txt
  • %System Root%\powerpoint2k\PPT2KExx.PPT
  • \{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\flashplayer18_0r0_203_winax.msi.NEMTY_YT6OE9L
  • %System Root%\Python27\include\cellobject.h
  • %System Root%\Python27\include\dtoa.h
  • %System Root%\Python27\include\graminit.h.NEMTY_YT6OE9L
  • %System Root%\Python27\include\funcobject.h.NEMTY_YT6OE9L
  • %System Root%\excel2k\XLS2KE02.xls
  • %System Root%\Python27\DLLs\_ssl.pyd.NEMTY_YT6OE9L
  • %System Root%\Python27\include\fileobject.h
  • \{computername}\Users\{username}\Desktop\excel2k\XLS2KE03.xls.NEMTY_YT6OE9L
  • %System Root%\Python27\DLLs\_msi.pyd
  • %System Root%\Python27\include\bufferobject.h.NEMTY_YT6OE9L
  • %System Root%\Email and Password List.vbs.NEMTY_YT6OE9L
  • %System Root%\Python27\include\objimpl.h
  • F:\data\photos\stunning.jpg
  • %System Root%\Python27\DLLs\unicodedata.pyd.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\uninstall_flashplayer18_0r0_203_mac.dmg.NEMTY_YT6OE9L
  • %System Root%\Python27\DLLs\_ctypes_test.pyd
  • %System Root%\powerpoint2k\PPT2KE03.ppt
  • %System Root%\excel2k\XLS2KExx.xls
  • %System Root%\Python27\include\dtoa.h.NEMTY_YT6OE9L
  • %System Root%\Python27\include\objimpl.h.NEMTY_YT6OE9L
  • %System Root%\Python27\include\grammar.h
  • %System Root%\Python27\DLLs\_multiprocessing.pyd
  • %System Root%\Python27\DLLs\select.pyd.NEMTY_YT6OE9L
  • %System Root%\powerpoint2k\PPT2KE01.ppt
  • %System Root%\Python27\include\ast.h
  • %System Root%\Python27\include\cellobject.h.NEMTY_YT6OE9L
  • %System Root%\Python27\include\code.h
  • \{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\flashplayer18_0r0_200_macpep.dmg.NEMTY_YT6OE9L
  • %System Root%\Python27\include\marshal.h
  • \{computername}\Users\{username}\Documents\word2k\DOC2KE00.dot.NEMTY_YT6OE9L
  • %System Root%\PerfLogs\NEMTY_YT6OE9L-DECRYPT.txt
  • \{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203_debug\flashplayer18_0r0_203_mac_sa_debug.dmg.NEMTY_YT6OE9L
  • F:\data\photos\long_exposure.jpg.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Documents\excel2k\XLS2KE03.xls.NEMTY_YT6OE9L
  • %System Root%\Python27\include\NEMTY_YT6OE9L-DECRYPT.txt
  • %System Root%\Python27\DLLs\_tkinter.pyd.NEMTY_YT6OE9L
  • %System Root%/pagefile.sys.NEMTY_YT6OE9L
  • %System Root%\powerpoint2k\PPT2KE04.ppt
  • %System Root%\Python27\DLLs\_socket.pyd.NEMTY_YT6OE9L
  • %System Root%\Python27\include\patchlevel.h.NEMTY_YT6OE9L
  • %System Root%\Python27\DLLs\_elementtree.pyd
  • %System Root%\Email and Password List.vbs
  • %System Root%\Python27\include\moduleobject.h
  • F:\wlines.zip.NEMTY_YT6OE9L
  • %System Root%\Python27\include\intobject.h
  • %System Root%\Python27\include\bitset.h
  • %System Root%\powerpoint2k\PPT2KE00.pot.NEMTY_YT6OE9L
  • %System Root%\Python27\DLLs\_socket.pyd
  • %System Root%\excel2k\XLS2KE03.xls
  • \{computername}\Users\{username}\Contacts\{username}.contact.NEMTY_YT6OE9L
  • %System Root%\Python27\DLLs\select.pyd
  • %System Root%\Python27\include\parsetok.h.NEMTY_YT6OE9L
  • %System Root%\Python27\include\cStringIO.h.NEMTY_YT6OE9L
  • %System Root%\Python27\DLLs\py.ico
  • \{computername}\Users\{username}\Documents\word2k\DOC2KE04.doc.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE05.ppt.NEMTY_YT6OE9L
  • %System Root%\Python27\include\listobject.h
  • \{computername}\Users\{username}\Documents\word2k\DOC2KE01.doc.NEMTY_YT6OE9L
  • %System Root%\Python27\include\funcobject.h
  • %System Root%\Python27\DLLs\unicodedata.pyd
  • %System Root%\Python27\include\pyarena.h
  • %System Root%\powerpoint2k\NEMTY_YT6OE9L-DECRYPT.txt
  • \{computername}\Users\{username}\Documents\Email and Password List.js.NEMTY_YT6OE9L
  • %System Root%\Python27\include\enumobject.h
  • %System Root%\Python27\include\osdefs.h.NEMTY_YT6OE9L
  • %System Root%\Python27\include\boolobject.h.NEMTY_YT6OE9L
  • %System Root%\Python27\include\codecs.h
  • %System Root%\Python27\include\metagrammar.h
  • %System Root%\NEMTY_YT6OE9L-DECRYPT.txt
  • %System Root%\Python27\include\eval.h.NEMTY_YT6OE9L
  • %System Root%\excel2k\XLS2KE02.xls.NEMTY_YT6OE9L
  • %System Root%\Python27\include\enumobject.h.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Documents\excel2k\XLS2KE02.xls.NEMTY_YT6OE9L
  • %System Root%\Email and Password List.htm
  • %System Root%\Python27\DLLs\_bsddb.pyd.NEMTY_YT6OE9L
  • %System Root%\excel2k\XLS2KE04.xls
  • %System Root%\Python27\DLLs\_elementtree.pyd.NEMTY_YT6OE9L
  • %System Root%\Python27\include\iterobject.h.NEMTY_YT6OE9L
  • %System Root%\Python27\Doc\NEMTY_YT6OE9L-DECRYPT.txt
  • %System Root%\Python27\include\import.h
  • %System Root%\Python27\include\intobject.h.NEMTY_YT6OE9L
  • %System Root%\Python27\include\moduleobject.h.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\flashplayer18_0r0_203_mac.dmg.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Documents\word2k\DOC2KE05.doc.NEMTY_YT6OE9L
  • %System Root%\Python27\include\descrobject.h.NEMTY_YT6OE9L
  • \{computername}\Users\{username}\Desktop\excel2k\XLS2KE04.xls.NEMTY_YT6OE9L
  • %System Root%\Python27\include\asdl.h.NEMTY_YT6OE9L
  • %System Root%\Python27\Doc\python2715.chm
  • %System Root%\Python27\include\pgenheaders.h
  • %System Root%\Python27\DLLs\pyexpat.pyd
  • %System Root%\Python27\include\ceval.h.NEMTY_YT6OE9L

手順 5

最新のバージョン(エンジン、パターンファイル)を導入したウイルス対策製品を用い、ウイルス検索を実行してください。「Trojan.Win32.MALREP.THBACBO」と検出したファイルはすべて削除してください。 検出されたファイルが、弊社ウイルス対策製品により既に駆除、隔離またはファイル削除の処理が実行された場合、ウイルスの処理は完了しており、他の削除手順は特にありません。

手順 6

以下のファイルをバックアップを用いて修復します。マイクロソフト製品に関連したファイルのみに修復されます。このマルウェアが同社製品以外のプログラムをも削除した場合には、該当プログラムを再度インストールする必要があります。

  • %System Root%\pagefile.sys
  • %System Root%\Python27\include\descrobject.h
  • %System Root%\Python27\include\node.h
  • %System Root%\powerpoint2k\PPT2KE05.ppt
  • %System Root%\Python27\include\pgen.h
  • %System Root%\Python27\DLLs\_sqlite3.pyd
  • %System Root%\Python27\include\longobject.h
  • %System Root%\excel2k\XLS2KE01.xls
  • %System Root%\Python27\include\ceval.h
  • %System Root%\excel2k\XLS2KE05.xls
  • %System Root%\Python27\include\boolobject.h
  • %System Root%\Python27\include\iterobject.h
  • %System Root%\Python27\DLLs\winsound.pyd
  • %System Root%\Python27\include\patchlevel.h
  • %System Root%\Python27\include\methodobject.h
  • %System Root%\Python27\include\frameobject.h
  • %System Root%\Python27\include\bytes_methods.h
  • %System Root%\Python27\include\memoryobject.h
  • %System Root%\Python27\DLLs\_bsddb.pyd
  • %System Root%\Python27\DLLs\_tkinter.pyd
  • F:\wlines.zip
  • %System Root%\powerpoint2k\PPT2KExx.PPT
  • %System Root%\Python27\include\object.h
  • %System Root%\Python27\include\cellobject.h
  • %System Root%\Python27\include\dtoa.h
  • %System Root%\powerpoint2k\PPT2KE00.pot
  • %System Root%\excel2k\XLS2KE02.xls
  • %System Root%\Python27\include\genobject.h
  • %System Root%\Python27\include\cStringIO.h
  • %System Root%\Python27\include\fileobject.h
  • %System Root%\Python27\include\floatobject.h
  • F:\data\photos\long_exposure.jpg
  • %System Root%\Python27\DLLs\_msi.pyd
  • %System Root%\Python27\include\opcode.h
  • %System Root%\Python27\include\intrcheck.h
  • %System Root%\Python27\include\objimpl.h
  • %System Root%\Python27\include\compile.h
  • F:\data\photos\stunning.jpg
  • %System Root%\Python27\DLLs\_ctypes_test.pyd
  • %System Root%\powerpoint2k\PPT2KE03.ppt
  • F:\data\dolist.txt
  • %System Root%\excel2k\XLS2KExx.xls
  • %System Root%\Python27\include\grammar.h
  • %System Root%\Python27\DLLs\_multiprocessing.pyd
  • %System Root%\Python27\include\graminit.h
  • %System Root%\powerpoint2k\PPT2KE01.ppt
  • %System Root%\Python27\include\ast.h
  • %System Root%\Python27\include\code.h
  • %System Root%\Python27\include\complexobject.h
  • %System Root%\Python27\include\marshal.h
  • %System Root%\Python27\include\classobject.h
  • %System Root%\Python27\DLLs\pyc.ico
  • %System Root%\Python27\include\pycapsule.h
  • %System Root%\powerpoint2k\PPT2KE04.ppt
  • %System Root%\Python27\DLLs\_elementtree.pyd
  • F:\data\tmp.doc
  • %System Root%\Email and Password List.vbs
  • %System Root%\Python27\include\longintrepr.h
  • %System Root%\Python27\include\moduleobject.h
  • %System Root%\Python27\include\intobject.h
  • %System Root%\powerpoint2k\PPT2KE02.ppt
  • %System Root%\Python27\include\bitset.h
  • %System Root%\Python27\include\asdl.h
  • %System Root%\Python27\include\osdefs.h
  • %System Root%\excel2k\XLS2KE03.xls
  • %System Root%\Python27\include\abstract.h
  • %System Root%\Python27\include\bytearrayobject.h
  • %System Root%\Python27\DLLs\py.ico
  • %System Root%\Python27\include\listobject.h
  • %System Root%\Python27\include\cobject.h
  • %System Root%\Python27\include\funcobject.h
  • %System Root%\Python27\DLLs\unicodedata.pyd
  • %System Root%\Python27\include\pyarena.h
  • %System Root%\Python27\include\errcode.h
  • %System Root%\Python27\DLLs\_testcapi.pyd
  • %System Root%\Python27\include\enumobject.h
  • %System Root%\Python27\include\codecs.h
  • %System Root%\Python27\include\metagrammar.h
  • %System Root%\Python27\include\modsupport.h
  • %System Root%\Python27\include\eval.h
  • %System Root%\Python27\include\parsetok.h
  • %System Root%\Python27\include\dictobject.h
  • %System Root%\Email and Password List.htm
  • %System Root%\Python27\include\datetime.h
  • %System Root%\excel2k\XLS2KE04.xls
  • %System Root%\Python27\include\import.h
  • %System Root%\excel2k\XLS2KE00.xlt
  • %System Root%\Python27\include\bytesobject.h
  • %System Root%\Email and Password List.txt
  • %System Root%\Python27\Doc\python2715.chm
  • %System Root%\Email and Password List.js
  • %System Root%\Python27\include\pgenheaders.h
  • %System Root%\Python27\include\bufferobject.h

手順 7

以下のファイルをバックアップを用いて修復します。なお、マイクロソフト製品に関連したファイルのみ修復されます。このマルウェア/グレイウェア/スパイウェアが同社製品以外のプログラムをも削除した場合には、該当プログラムを再度インストールする必要があります。

  • \{computername}\Users\{username}\Documents\Email and Password List.vbs
  • \{computername}\Users\{username}\Desktop\Transmag.doc
  • \{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE02.ppt
  • \{computername}\Users\{username}\Desktop\word2k\DOC2KE04.doc
  • \{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE05.ppt
  • \{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE01.ppt
  • \{computername}\Users\{username}\Desktop\excel2k\XLS2KE01.xls
  • \{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\flashplayer18_0r0_203_winax.msi
  • \{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\flashplayer18_0r0_203_mac.dmg
  • \{computername}\Users\{username}\Desktop\excel2k\XLS2KE00.xlt
  • \{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KExx.PPT
  • \{computername}\Users\{username}\Documents\word2k\DOC2KE03.doc
  • \{computername}\Users\{username}\Desktop\word2k\DOC2KE02.doc
  • \{computername}\Users\{username}\Desktop\Email and Password List.txt
  • \{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE05.ppt
  • \{computername}\Users\{username}\Documents\word2k\DOC2KE02.doc
  • \{computername}\Users\{username}\Desktop\note.txt
  • \{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE03.ppt
  • \{computername}\Users\{username}\Desktop\excel2k\XLS2KE03.xls
  • \{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\uninstall_flashplayer18_0r0_203_mac.dmg
  • \{computername}\Users\{username}\Desktop\Email and Password List.htm
  • \{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\flashplayer18_0r0_203_mac_pkg.dmg
  • \{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203_debug\flashplayer18_0r0_200_macpep_debug.dmg
  • \{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE01.ppt
  • \{computername}\Users\{username}\Documents\excel2k\XLS2KE02.xls
  • \{computername}\Users\{username}\Documents\word2k\DOC2KExx.doc
  • \{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\flashplayer18_0r0_200_macpep.dmg
  • \{computername}\Users\{username}\NTUSER.DAT{{GUID}}.TM.blf
  • \{computername}\Users\{username}\Documents\excel2k\XLS2KE00.xlt
  • \{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE00.pot
  • \{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203_debug\flashplayer18_0r0_203_mac_debug.dmg
  • \{computername}\Users\{username}\Desktop\excel2k\XLS2KE04.xls
  • \{computername}\Users\{username}\NTUSER.DAT{{GUID}}.TMContainer00000000000000000001.regtrans-ms
  • \{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE04.ppt
  • \{computername}\Users\{username}\Documents\word2k\DOC2KE00.dot
  • \{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE04.ppt
  • \{computername}\Users\{username}\Documents\excel2k\XLS2KE05.xls
  • \{computername}\Users\{username}\Desktop\excel2k\XLS2KE02.xls
  • \{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE00.pot
  • \{computername}\Users\{username}\Desktop\excel2k\XLS2KExx.xls
  • \{computername}\Users\{username}\Desktop\word2k\DOC2KE03.doc
  • \{computername}\Users\{username}\Documents\excel2k\XLS2KE04.xls
  • \{computername}\Users\{username}\Documents\Email and Password List.js
  • \{computername}\Users\{username}\Documents\word2k\DOC2KE05.doc
  • \{computername}\Users\{username}\Desktop\word2k\DOC2KE01.doc
  • \{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203_debug\flashplayer18_0r0_203_mac_sa_debug.dmg
  • \{computername}\Users\{username}\Documents\word2k\DOC2KE01.doc
  • \{computername}\Users\{username}\Documents\Email and Password List.txt
  • \{computername}\Users\{username}\Documents\powerpoint2k\PPT2KExx.PPT
  • \{computername}\Users\{username}\usb_drive.img
  • \{computername}\Users\{username}\Desktop\word2k\DOC2KE05.doc
  • \{computername}\Users\{username}\Documents\agent.pyw
  • \{computername}\Users\{username}\Contacts\{username}.contact
  • \{computername}\Users\{username}\ntuser.dat.LOG2
  • \{computername}\Users\{username}\Searches\Indexed Locations.search-ms
  • \{computername}\Users\{username}\Searches\Everywhere.search-ms
  • \{computername}\Users\{username}\Documents\excel2k\XLS2KE03.xls
  • \{computername}\Users\{username}\Desktop\word2k\DOC2KE00.dot
  • \{computername}\Users\{username}\Documents\fp_18.0.0.203_archive.zip
  • \{computername}\Users\{username}\Desktop\Email and Password List.vbs
  • %System Root%/pagefile.sys
  • \{computername}\Users\{username}\Documents\powerpoint2k\PPT2KE02.ppt
  • \{computername}\Users\{username}\Documents\fp_18.0.0.203_archive\18_0_r0_203\flashplayer18_0r0_203_win.msi
  • \{computername}\Users\{username}\Desktop\excel2k\XLS2KE05.xls
  • \{computername}\Users\{username}\Desktop\Email and Password List.js
  • \{computername}\Users\{username}\NTUSER.DAT{{GUID}}.TMContainer00000000000000000002.regtrans-ms
  • \{computername}\Users\{username}\Documents\Email and Password List.htm
  • \{computername}\Users\{username}\ntuser.dat.LOG1
  • \{computername}\Users\{username}\Documents\word2k\DOC2KE04.doc
  • \{computername}\Users\{username}\Desktop\powerpoint2k\PPT2KE03.ppt
  • \{computername}\Users\{username}\Documents\excel2k\XLS2KExx.xls
  • \{computername}\Users\{username}\Desktop\AAljoOV.jpg
  • \{computername}\Users\{username}\Desktop\word2k\DOC2KExx.doc
  • \{computername}\Users\{username}\Documents\excel2k\XLS2KE01.xls


ご利用はいかがでしたか? アンケートにご協力ください