TSPY_BB.A
Adware:Win32/Exact.C (Microsoft); [2.nsis]:Adware-ExactSearch., [3.nsis]:Adware-BB., [5.nsis\6.nsis]:Adware-BB., [5.nsis\7.nsis]:Adwar (McAfee); Adware.BargainBuddy (Symantec); ARC:NSIS, ARC:[adp8040_YUBILEE_CC.exe]:NSIS, ARC:[nls8039_YUBILEE_CC.exe]:NSIS, ARC:[cb8040_YUBILEE_ (Kaspersky); eXact.BargainBuddy (Sunbelt); Dropped:Adware.Generic.32944 (FSecure)
Windows 2000, Windows XP, Windows Server 2003
- マルウェアタイプ: スパイウェア
- 破壊活動の有無: なし
- 暗号化:
- 感染報告の有無: はい
概要
スパイウェアは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。
詳細
侵入方法
スパイウェアは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。
インストール
スパイウェアは、以下のフォルダを作成します。
- %Program Files%\BullsEye Network
- %Program Files%\BullsEye Network\bin
- %Program Files%\NaviSearch
- %Program Files%\NaviSearch\bin
- %Program Files%\CashBack
- %Program Files%\CashBack\bin
- %System Root%\temp
(註:%Program Files%は、標準設定では "C:\Program Files" です。. %System Root%は、標準設定では "C:" です。また、オペレーティングシステムが存在する場所です。)
自動実行方法
スパイウェアは、自身のコピーがWindows起動時に自動実行されるよう以下のレジストリ値を追加します。
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
BullsEye Network = "%Program Files%\BullsEye Network\bin\bargains.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
NaviSearch = "%Program Files%\NaviSearch\bin\nls.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
CashBack = "%Program Files%\CashBack\bin\cashback.exe"
スパイウェアは、以下のレジストリキーを追加し、自身をBrowser Helper Object(BHO)として登録します。これにより、Internet Explorer(IE)が起動するとスパイウェアが自動実行されます。
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\
Browser Helper Objects\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\
Browser Helper Objects\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\
Browser Helper Objects\{CE188402-6EE7-4022-8868-AB25173A3E14}
他のシステム変更
スパイウェアは、以下のファイルを削除します。
- %User Temp%\nsa1.tmp
- %User Temp%\nsc3.tmp
- %User Temp%\nso5.tmp
- %Program Files%\BullsEye Network\t1325477942.dec
- %User Temp%\nst7.tmp
- %System Root%\temp\exTmp0.html
- %System Root%\temp\exTmp1.html
(註:%User Temp%はWindowsの種類とインストール時の設定などにより異なります。標準設定では、Windows 98 および MEの場合、"C:\Windows\Temp"、Windows NT の場合、"C:\Profiles\<ユーザー名>\TEMP"、Windows 2000、XP、Server 2003 の場合、"C:\Documents and Settings\<ユーザー名>\Local Settings\TEMP" です。. %Program Files%は、標準設定では "C:\Program Files" です。. %System Root%は、標準設定では "C:" です。また、オペレーティングシステムが存在する場所です。)
スパイウェアは、以下のフォルダを削除します。
- %Program Files%\Bargain Buddy\bin2
- %Program Files%\Bargain Buddy\bin
- %Program Files%\Bargain Buddy
(註:%Program Files%は、標準設定では "C:\Program Files" です。)
スパイウェアは、以下のレジストリキーを追加します。
HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil
HKEY_LOCAL_MACHINE\SOFTWARE\Bargains
HKEY_CLASSES_ROOT\ADP.UrlCatcher.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ADP.UrlCatcher.1\CLSID
HKEY_CLASSES_ROOT\ADP.UrlCatcher
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ADP.UrlCatcher\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\
Browser Helper Objects
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516B2C3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516B2C3}\1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516B2C3}\1.0\
FLAGS
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516B2C3}\1.0\
0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516B2C3}\1.0\
0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516B2C3}\1.0\
HELPDIR
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{C6906A23-4717-4E1F-B6FD-F06EBED15678}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{C6906A23-4717-4E1F-B6FD-F06EBED15678}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{C6906A23-4717-4E1F-B6FD-F06EBED15678}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{C6906A23-4717-4E1F-B6FD-F06EBED15678}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E5678}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E5678}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E5678}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E5678}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
BargainBuddy
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
HKEY_CLASSES_ROOT\NLS.UrlCatcher.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
NLS.UrlCatcher.1\CLSID
HKEY_CLASSES_ROOT\NLS.UrlCatcher
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
NLS.UrlCatcher\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516C2E3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516C2E3}\1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516C2E3}\1.0\
FLAGS
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516C2E3}\1.0\
0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516C2E3}\1.0\
0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516C2E3}\1.0\
HELPDIR
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{C6906A23-4717-4E1F-B6FD-F06EBED11357}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{C6906A23-4717-4E1F-B6FD-F06EBED11357}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{C6906A23-4717-4E1F-B6FD-F06EBED11357}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{C6906A23-4717-4E1F-B6FD-F06EBED11357}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E1357}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E1357}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E1357}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E1357}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
NaviSearch
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
HKEY_CLASSES_ROOT\CB.UrlCatcher.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CB.UrlCatcher.1\CLSID
HKEY_CLASSES_ROOT\CB.UrlCatcher
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CB.UrlCatcher\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{CE188402-6EE7-4022-8868-AB25173A3E14}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{CE188402-6EE7-4022-8868-AB25173A3E14}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{CE188402-6EE7-4022-8868-AB25173A3E14}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{CE188402-6EE7-4022-8868-AB25173A3E14}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{CE188402-6EE7-4022-8868-AB25173A3E14}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516E2A3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516E2A3}\1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516E2A3}\1.0\
FLAGS
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516E2A3}\1.0\
0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516E2A3}\1.0\
0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516E2A3}\1.0\
HELPDIR
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{C6906A23-4717-4E1F-B6FD-F06EBED12468}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{C6906A23-4717-4E1F-B6FD-F06EBED12468}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{C6906A23-4717-4E1F-B6FD-F06EBED12468}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{C6906A23-4717-4E1F-B6FD-F06EBED12468}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E2468}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E2468}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E2468}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E2468}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
CashBack
スパイウェアは、以下のレジストリ値を追加します。
HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil
BuildNumber = "1f67"
HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil
FirstHitUrl = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil
UninstallUrl = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil
UniqueKeyUrl = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil
UtilFolder = "%System%"
HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil
InstallOccurUrl = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil
AlreadyInstalledUrl = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil
ETServer = "www.xctrk.com"
HKEY_LOCAL_MACHINE\SOFTWARE\Bargains
DelayPopTime = "12c"
HKEY_LOCAL_MACHINE\SOFTWARE\Bargains
DelayPopUrl = "www.yubilee.com/welcome/cc_wel.html"
HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil
PartnerID = "21b"
HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil
NewPartnerName = "YUBILEE_CC"
HKEY_LOCAL_MACHINE\SOFTWARE\Bargains
FirstHit = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
FirstHit = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
FirstHit = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Bargains
MainDir = "%Program Files%\BullsEye Network"
HKEY_LOCAL_MACHINE\SOFTWARE\Bargains
Binary = "bin"
HKEY_LOCAL_MACHINE\SOFTWARE\Bargains
ConfigUpdateQueryUrl = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\Bargains
ADDataUpdateQueryUrl = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\Bargains
SoftwareUpdateQueryUrl = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\Bargains
ServerName = "service.bargain-buddy.net"
HKEY_LOCAL_MACHINE\SOFTWARE\Bargains
ServerPath = "/scripts/adpopper/webservice.main?type=upload"
HKEY_LOCAL_MACHINE\SOFTWARE\Bargains
SliderLegalText = "Bullseye Network Offer"
HKEY_LOCAL_MACHINE\SOFTWARE\Bargains
ServerPort = "5"
HKEY_LOCAL_MACHINE\SOFTWARE\Bargains
UpdateQueryDuration = "1518"
HKEY_LOCAL_MACHINE\SOFTWARE\Bargains
UpdateQueryFailedDuration = "4b"
HKEY_LOCAL_MACHINE\SOFTWARE\Bargains
BuildNumber = "1f68"
HKEY_LOCAL_MACHINE\SOFTWARE\Bargains
AdvDelaySec = "1e"
HKEY_LOCAL_MACHINE\SOFTWARE\Bargains
TrackingFileFlag = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Bargains
RestartADPDuration = "1c2"
HKEY_LOCAL_MACHINE\SOFTWARE\Bargains
TimeOutInterval = "1388"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\InprocServer32
ThreadingModel = "Apartment"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{C6906A23-4717-4E1F-B6FD-F06EBED15678}\TypeLib
Version = "1.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E5678}\TypeLib
Version = "1.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
BargainBuddy
DisplayName = "The BullsEye Network"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
BargainBuddy
UninstallString = "%Program Files%\BullsEye Network\Uninstall.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
BargainBuddy
Publisher = "eXact Advertising"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
BargainBuddy
URLInfoAbout = "http://www.{BLOCKED}dvertising.com"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
BargainBuddy
DisplayVersion = "8.0.4.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
BargainBuddy
DisplayIcon = "%Program Files%\BullsEye Network\bin\bargains.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
BargainBuddy
NoModify = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
BargainBuddy
NoRepair = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Bargains
LastADPRestart = "4f1332"
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
MainDir = "%Program Files%\NaviSearch"
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
Binary = "bin"
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
ConfigUpdateQueryUrl = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
ADDataUpdateQueryUrl = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
SoftwareUpdateQueryUrl = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
ServerName = "service.bargain-buddy.net"
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
ServerPath = "/scripts/adpopper/webservice.main?type=upload"
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
TrackingServerPath = "/scripts/adpopper/webservice.main?type=tracking"
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
TrackingGIFURL = "http://www.{BLOCKED}ye-network.com/dcs_trk/YUBILEE_CC/nls/nls_install.gif"
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
ADDataVersion = "64"
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
ServerPort = "5"
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
UpdateQueryDuration = "1518"
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
UpdateQueryFailedDuration = "e1"
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
BuildNumber = "1f67"
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
TrackingURLCount = "2"
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
TrackingURLEnable = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
TrackingFileFlag = "1"
HKEY_CURRENT_USER\Software\Microsoft\
Internet Explorer\Main
Use Search Asst = "no"
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
SearchAssistant = "http://ie.{BLOCKED}h.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
ErrLandingURL = "http://search.{BLOCKED}ox.com/search.php"
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
ErrLandingQuery = "?keyword=%s&partner=BB"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}\InprocServer32
ThreadingModel = "Apartment"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{C6906A23-4717-4E1F-B6FD-F06EBED11357}\TypeLib
Version = "1.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E1357}\TypeLib
Version = "1.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
NaviSearch
DisplayName = "NaviSearch"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
NaviSearch
UninstallString = "%Program Files%\NaviSearch\Uninstall.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
NaviSearch
Publisher = "eXact Advertising"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
NaviSearch
DisplayVersion = "8.0.3.9"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
NaviSearch
URLInfoAbout = "http://www.{BLOCKED}dvertising.com"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
NaviSearch
Readme = "http://www.{BLOCKED}dvertising.com"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
NaviSearch
DisplayIcon = "%Program Files%\NaviSearch\bin\nls.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
NaviSearch
HelpLink = "http://www.{BLOCKED}dvertising.com"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
NaviSearch
NoModify = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
NaviSearch
NoRepair = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Bargains
PartnerID = "21b"
HKEY_LOCAL_MACHINE\SOFTWARE\Bargains
SystemInstallTime = "4f1334"
HKEY_LOCAL_MACHINE\SOFTWARE\Bargains
TempUniqueKey = "1325477947:000029859"
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
MainDir = "%Program Files%\CashBack"
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
Binary = "bin"
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
ConfigUpdateQueryUrl = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
ADDataUpdateQueryUrl = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
SoftwareUpdateQueryUrl = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
ServerName = "service.bargain-buddy.net"
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
ServerPath = "/scripts/adpopper/webservice.main?type=upload"
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
TrackingServerPath = "/scripts/adpopper/webservice.main?type=tracking"
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
TrackingGIFURL = "http://www.{BLOCKED}ye-network.com/dcs_trk/YUBILEE_CC/cb/cb_install.gif"
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
AffiliateURLUID = "p002%s"
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
AutoFlashParam = "10 2 %s 300 140 1 0 1 5 1 0"
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
AutoSwfURL = "bb_auto_wider.swf"
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
ClickFlashParam = "10 3 %s 300 140 1 0 1 25 1 0"
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
ClickSwfURL = "bb_click_wider.swf"
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
CBUpdateAccParam = "email=%s&pass=%s"
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
CBSignupWelcomeParam = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
CBBalance = "0.0"
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
SliderHTML00 = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
SliderHTML01 = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
SliderHTML02 = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
SliderHTML03 = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
SliderHTML05 = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
SliderHTML06 = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
SliderHTML07 = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
SliderHTML08 = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
SliderHTML09 = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
CBSignUpURL = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
CBServer = "www.cashbackbuddy.com"
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
ServerPort = "5"
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
Referral = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
UpdateQueryDuration = "1518"
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
UpdateQueryFailedDuration = "4b"
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
BuildNumber = "1f68"
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
CBSignupFailedDuration = "4b"
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
CBIconAnimationEnable = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
CBSliderEnable = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
CBBalloonMsgEnable = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
CBSignUpDelay = "258"
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
TrackingFileFlag = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{CE188402-6EE7-4022-8868-AB25173A3E14}\InprocServer32
ThreadingModel = "Apartment"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{C6906A23-4717-4E1F-B6FD-F06EBED12468}\TypeLib
Version = "1.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E2468}\TypeLib
Version = "1.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
CashBack
DisplayName = "CashBackBuddy"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
CashBack
UninstallString = "%Program Files%\CashBack\Uninstall.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
CashBack
Publisher = "eXact Advertising"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
CashBack
DisplayVersion = "8.0.4.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
CashBack
URLInfoAbout = "http://www.{BLOCKED}dvertising.com"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
CashBack
Readme = "http://www.{BLOCKED}ckbuddy.com"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
CashBack
HelpLink = "http://www.{BLOCKED}ckbuddy.com"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
CashBack
DisplayIcon = "%Program Files%\CashBack\bin\cb.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
CashBack
NoModify = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
CashBack
NoRepair = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Bargains
PartnerName = "YUBILEE_CC"
HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil
System = "1,2,3"
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
PartnerName = "YUBILEE_CC"
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
PartnerName = "YUBILEE_CC"
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
PartnerID = "21b"
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
SystemInstallTime = "4f1342"
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
CBID = "0539-00658707828-510"
HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
CBPW = "154256141611"
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
PartnerID = "21b"
HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
SystemInstallTime = "4f1341"
スパイウェアは、以下のレジストリ値を変更します。
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Search
SearchAssistant = "http://www.{BLOCKED}earch.net/sidesearch"
(註:変更前の上記レジストリ値は、「http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm」となります。)
作成活動
スパイウェアは、以下のファイルを作成します。
- %User Temp%\nsa2.tmp
- %Windows%\exdl.exe
- %Windows%\exul.exe
- %Windows%\bbchk.exe
- %Windows%\exclean.exe
- %Windows%\adp8040_YUBILEE_CC.exe
- %Windows%\nls8039_YUBILEE_CC.exe
- %Windows%\cb8040_YUBILEE_CC.exe
- %User Temp%\nsr4.tmp
- %Program Files%\BullsEye Network\bargains.exe
- %Program Files%\BullsEye Network\adv.exe
- %Program Files%\BullsEye Network\adx.exe
- %Program Files%\BullsEye Network\msbe.dll
- %System%\msbe.dll
- %Program Files%\BullsEye Network\Uninstall.exe
- %User Temp%\nse6.tmp
- %Program Files%\NaviSearch\nvms.dll
- %Program Files%\NaviSearch\nls.exe
- %Program Files%\NaviSearch\ad-nls.dat
- %System%\nvms.dll
- %Program Files%\NaviSearch\Uninstall.exe
- t1325477942.dec
- %User Temp%\nst8.tmp
- %Program Files%\CashBack\mscb.dll
- %Program Files%\CashBack\cashback.exe
- %Program Files%\CashBack\cb.exe
- %Program Files%\CashBack\flash.exe
- %Program Files%\CashBack\template.html
- %Program Files%\CashBack\template2.html
- %Program Files%\CashBack\bb_click_wider.swf
- %Program Files%\CashBack\bb_auto_wider.swf
- %Program Files%\CashBack\bb_welcome.html
- %Program Files%\CashBack\bb_welcome1.swf
- %Program Files%\CashBack\blank.gif
- %Program Files%\CashBack\icon.gif
- %Program Files%\CashBack\logo.gif
- %System%\mscb.dll
- %Program Files%\CashBack\Uninstall.exe
- t1325477956.dec
- %System%\exdl1.exe
- %System%\exdl3.exe
- %System%\exdl2.exe
(註:%User Temp%はWindowsの種類とインストール時の設定などにより異なります。標準設定では、Windows 98 および MEの場合、"C:\Windows\Temp"、Windows NT の場合、"C:\Profiles\<ユーザー名>\TEMP"、Windows 2000、XP、Server 2003 の場合、"C:\Documents and Settings\<ユーザー名>\Local Settings\TEMP" です。. %Windows%はWindowsの種類とインストール時の設定などにより異なります。標準設定では、Windows9x、Me、XP、Server 2003の場合、"C:\Window"、WindowsNT および 2000の場合、"C:\WINNT" です。. %Program Files%は、標準設定では "C:\Program Files" です。. %System%はWindowsの種類とインストール時の設定などにより異なります。標準設定では、Windows 98 および MEの場合、"C:\Windows\System"、Windows NT および 2000 の場合、"C:\WinNT\System32"、Windows XP および Server 2003 の場合、"C:\Windows\System32" です。)
その他
スパイウェアは、以下の不正なWebサイトにアクセスします。
- http://adpopper.{BLOCKED}ze.com/scripts/adpopper/webservice.main?{random characters}
このウイルス情報は、自動解析システムにより作成されました。
対応方法
手順 1
Windows XP および Windows Server 2003 のユーザは、コンピュータからマルウェアもしくはアドウェア等を完全に削除するために、ウイルス検索の実行前には必ず「システムの復元」を無効にしてください。
手順 2
Windowsをセーフモードで再起動します。
手順 3
起動中ブラウザのウインドウを全て閉じてください。
手順 4
このレジストリキーを削除します。
警告:レジストリはWindowsの構成情報が格納されているデータベースであり、レジストリの編集内容に問題があると、システムが正常に動作しなくなる場合があります。
レジストリの編集はお客様の責任で行っていただくようお願いいたします。弊社ではレジストリの編集による如何なる問題に対しても補償いたしかねます。
レジストリの編集前にこちらをご参照ください。
- In HKEY_LOCAL_MACHINE\SOFTWARE
- eXactUtil
- In HKEY_LOCAL_MACHINE\SOFTWARE
- Bargains
- In HKEY_CLASSES_ROOT
- ADP.UrlCatcher.1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher.1
- CLSID
- In HKEY_CLASSES_ROOT
- ADP.UrlCatcher
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADP.UrlCatcher
- CLSID
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID
- {F4E04583-354E-4076-BE7D-ED6A80FD66DA}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}
- ProgID
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}
- VersionIndependentProgID
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}
- Programmable
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}
- InprocServer32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
- Browser Helper Objects
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib
- {4EB7BBE8-2E15-424B-9DDB-2CDB9516B2C3}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516B2C3}
- 1.0
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516B2C3}\1.0
- FLAGS
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516B2C3}\1.0
- 0
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516B2C3}\1.0\0
- win32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516B2C3}\1.0
- HELPDIR
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
- {C6906A23-4717-4E1F-B6FD-F06EBED15678}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C6906A23-4717-4E1F-B6FD-F06EBED15678}
- ProxyStubClsid
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C6906A23-4717-4E1F-B6FD-F06EBED15678}
- ProxyStubClsid32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C6906A23-4717-4E1F-B6FD-F06EBED15678}
- TypeLib
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
- {8EEE58D5-130E-4CBD-9C83-35A0564E5678}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E5678}
- ProxyStubClsid
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E5678}
- ProxyStubClsid32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E5678}
- TypeLib
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
- BargainBuddy
- In HKEY_LOCAL_MACHINE\SOFTWARE
- NaviSearch
- In HKEY_CLASSES_ROOT
- NLS.UrlCatcher.1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NLS.UrlCatcher.1
- CLSID
- In HKEY_CLASSES_ROOT
- NLS.UrlCatcher
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\NLS.UrlCatcher
- CLSID
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID
- {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}
- ProgID
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}
- VersionIndependentProgID
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}
- Programmable
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}
- InprocServer32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib
- {4EB7BBE8-2E15-424B-9DDB-2CDB9516C2E3}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516C2E3}
- 1.0
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516C2E3}\1.0
- FLAGS
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516C2E3}\1.0
- 0
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516C2E3}\1.0\0
- win32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516C2E3}\1.0
- HELPDIR
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
- {C6906A23-4717-4E1F-B6FD-F06EBED11357}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C6906A23-4717-4E1F-B6FD-F06EBED11357}
- ProxyStubClsid
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C6906A23-4717-4E1F-B6FD-F06EBED11357}
- ProxyStubClsid32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C6906A23-4717-4E1F-B6FD-F06EBED11357}
- TypeLib
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
- {8EEE58D5-130E-4CBD-9C83-35A0564E1357}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E1357}
- ProxyStubClsid
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E1357}
- ProxyStubClsid32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E1357}
- TypeLib
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
- NaviSearch
- In HKEY_LOCAL_MACHINE\SOFTWARE
- CashBack
- In HKEY_CLASSES_ROOT
- CB.UrlCatcher.1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CB.UrlCatcher.1
- CLSID
- In HKEY_CLASSES_ROOT
- CB.UrlCatcher
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CB.UrlCatcher
- CLSID
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID
- {CE188402-6EE7-4022-8868-AB25173A3E14}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CE188402-6EE7-4022-8868-AB25173A3E14}
- ProgID
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CE188402-6EE7-4022-8868-AB25173A3E14}
- VersionIndependentProgID
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CE188402-6EE7-4022-8868-AB25173A3E14}
- Programmable
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CE188402-6EE7-4022-8868-AB25173A3E14}
- InprocServer32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib
- {4EB7BBE8-2E15-424B-9DDB-2CDB9516E2A3}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516E2A3}
- 1.0
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516E2A3}\1.0
- FLAGS
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516E2A3}\1.0
- 0
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516E2A3}\1.0\0
- win32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516E2A3}\1.0
- HELPDIR
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
- {C6906A23-4717-4E1F-B6FD-F06EBED12468}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C6906A23-4717-4E1F-B6FD-F06EBED12468}
- ProxyStubClsid
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C6906A23-4717-4E1F-B6FD-F06EBED12468}
- ProxyStubClsid32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C6906A23-4717-4E1F-B6FD-F06EBED12468}
- TypeLib
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
- {8EEE58D5-130E-4CBD-9C83-35A0564E2468}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E2468}
- ProxyStubClsid
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E2468}
- ProxyStubClsid32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E2468}
- TypeLib
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
- CashBack
手順 5
このレジストリ値を削除します。
警告:レジストリはWindowsの構成情報が格納されているデータベースであり、レジストリの編集内容に問題があると、システムが正常に動作しなくなる場合があります。
レジストリの編集はお客様の責任で行っていただくようお願いいたします。弊社ではレジストリの編集による如何なる問題に対しても補償いたしかねます。
レジストリの編集前にこちらをご参照ください。
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- BullsEye Network = "%Program Files%\BullsEye Network\bin\bargains.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- NaviSearch = "%Program Files%\NaviSearch\bin\nls.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- CashBack = "%Program Files%\CashBack\bin\cashback.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil
- BuildNumber = "1f67"
- In HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil
- FirstHitUrl = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil
- UninstallUrl = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil
- UniqueKeyUrl = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil
- UtilFolder = "%System%"
- In HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil
- InstallOccurUrl = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil
- AlreadyInstalledUrl = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil
- ETServer = "www.xctrk.com"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Bargains
- DelayPopTime = "12c"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Bargains
- DelayPopUrl = "www.yubilee.com/welcome/cc_wel.html"
- In HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil
- PartnerID = "21b"
- In HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil
- NewPartnerName = "YUBILEE_CC"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Bargains
- FirstHit = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
- FirstHit = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
- FirstHit = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Bargains
- MainDir = "%Program Files%\BullsEye Network"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Bargains
- Binary = "bin"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Bargains
- ConfigUpdateQueryUrl = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Bargains
- ADDataUpdateQueryUrl = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Bargains
- SoftwareUpdateQueryUrl = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Bargains
- ServerName = "service.bargain-buddy.net"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Bargains
- ServerPath = "/scripts/adpopper/webservice.main?type=upload"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Bargains
- SliderLegalText = "Bullseye Network Offer"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Bargains
- ServerPort = "5"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Bargains
- UpdateQueryDuration = "1518"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Bargains
- UpdateQueryFailedDuration = "4b"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Bargains
- BuildNumber = "1f68"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Bargains
- AdvDelaySec = "1e"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Bargains
- TrackingFileFlag = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Bargains
- RestartADPDuration = "1c2"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Bargains
- TimeOutInterval = "1388"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}\InprocServer32
- ThreadingModel = "Apartment"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C6906A23-4717-4E1F-B6FD-F06EBED15678}\TypeLib
- Version = "1.0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E5678}\TypeLib
- Version = "1.0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy
- DisplayName = "The BullsEye Network"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy
- UninstallString = "%Program Files%\BullsEye Network\Uninstall.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy
- Publisher = "eXact Advertising"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy
- URLInfoAbout = "http://www.{BLOCKED}dvertising.com"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy
- DisplayVersion = "8.0.4.0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy
- DisplayIcon = "%Program Files%\BullsEye Network\bin\bargains.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy
- NoModify = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy
- NoRepair = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Bargains
- LastADPRestart = "4f1332"
- In HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
- MainDir = "%Program Files%\NaviSearch"
- In HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
- Binary = "bin"
- In HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
- ConfigUpdateQueryUrl = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
- ADDataUpdateQueryUrl = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
- SoftwareUpdateQueryUrl = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
- ServerName = "service.bargain-buddy.net"
- In HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
- ServerPath = "/scripts/adpopper/webservice.main?type=upload"
- In HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
- TrackingServerPath = "/scripts/adpopper/webservice.main?type=tracking"
- In HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
- TrackingGIFURL = "http://www.{BLOCKED}ye-network.com/dcs_trk/YUBILEE_CC/nls/nls_install.gif"
- In HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
- ADDataVersion = "64"
- In HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
- ServerPort = "5"
- In HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
- UpdateQueryDuration = "1518"
- In HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
- UpdateQueryFailedDuration = "e1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
- BuildNumber = "1f67"
- In HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
- TrackingURLCount = "2"
- In HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
- TrackingURLEnable = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
- TrackingFileFlag = "1"
- In HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
- Use Search Asst = "no"
- In HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
- SearchAssistant = "http://ie.{BLOCKED}h.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
- In HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
- ErrLandingURL = "http://search.{BLOCKED}ox.com/search.php"
- In HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
- ErrLandingQuery = "?keyword=%s&partner=BB"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}\InprocServer32
- ThreadingModel = "Apartment"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C6906A23-4717-4E1F-B6FD-F06EBED11357}\TypeLib
- Version = "1.0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E1357}\TypeLib
- Version = "1.0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch
- DisplayName = "NaviSearch"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch
- UninstallString = "%Program Files%\NaviSearch\Uninstall.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch
- Publisher = "eXact Advertising"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch
- DisplayVersion = "8.0.3.9"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch
- URLInfoAbout = "http://www.{BLOCKED}dvertising.com"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch
- Readme = "http://www.{BLOCKED}dvertising.com"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch
- DisplayIcon = "%Program Files%\NaviSearch\bin\nls.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch
- HelpLink = "http://www.{BLOCKED}dvertising.com"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch
- NoModify = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch
- NoRepair = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Bargains
- PartnerID = "21b"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Bargains
- SystemInstallTime = "4f1334"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Bargains
- TempUniqueKey = "1325477947:000029859"
- In HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
- MainDir = "%Program Files%\CashBack"
- In HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
- Binary = "bin"
- In HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
- ConfigUpdateQueryUrl = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
- ADDataUpdateQueryUrl = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
- SoftwareUpdateQueryUrl = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
- ServerName = "service.bargain-buddy.net"
- In HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
- ServerPath = "/scripts/adpopper/webservice.main?type=upload"
- In HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
- TrackingServerPath = "/scripts/adpopper/webservice.main?type=tracking"
- In HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
- TrackingGIFURL = "http://www.{BLOCKED}ye-network.com/dcs_trk/YUBILEE_CC/cb/cb_install.gif"
- In HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
- AffiliateURLUID = "p002%s"
- In HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
- AutoFlashParam = "10 2 %s 300 140 1 0 1 5 1 0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
- AutoSwfURL = "bb_auto_wider.swf"
- In HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
- ClickFlashParam = "10 3 %s 300 140 1 0 1 25 1 0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
- ClickSwfURL = "bb_click_wider.swf"
- In HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
- CBUpdateAccParam = "email=%s&pass=%s"
- In HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
- CBSignupWelcomeParam = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
- CBBalance = "0.0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
- SliderHTML00 = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
- SliderHTML01 = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
- SliderHTML02 = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
- SliderHTML03 = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
- SliderHTML05 = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
- SliderHTML06 = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
- SliderHTML07 = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
- SliderHTML08 = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
- SliderHTML09 = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
- CBSignUpURL = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
- CBServer = "www.cashbackbuddy.com"
- In HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
- ServerPort = "5"
- In HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
- Referral = "0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
- UpdateQueryDuration = "1518"
- In HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
- UpdateQueryFailedDuration = "4b"
- In HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
- BuildNumber = "1f68"
- In HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
- CBSignupFailedDuration = "4b"
- In HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
- CBIconAnimationEnable = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
- CBSliderEnable = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
- CBBalloonMsgEnable = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
- CBSignUpDelay = "258"
- In HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
- TrackingFileFlag = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CE188402-6EE7-4022-8868-AB25173A3E14}\InprocServer32
- ThreadingModel = "Apartment"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C6906A23-4717-4E1F-B6FD-F06EBED12468}\TypeLib
- Version = "1.0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E2468}\TypeLib
- Version = "1.0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CashBack
- DisplayName = "CashBackBuddy"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CashBack
- UninstallString = "%Program Files%\CashBack\Uninstall.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CashBack
- Publisher = "eXact Advertising"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CashBack
- DisplayVersion = "8.0.4.0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CashBack
- URLInfoAbout = "http://www.{BLOCKED}dvertising.com"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CashBack
- Readme = "http://www.{BLOCKED}ckbuddy.com"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CashBack
- HelpLink = "http://www.{BLOCKED}ckbuddy.com"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CashBack
- DisplayIcon = "%Program Files%\CashBack\bin\cb.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CashBack
- NoModify = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CashBack
- NoRepair = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Bargains
- PartnerName = "YUBILEE_CC"
- In HKEY_LOCAL_MACHINE\SOFTWARE\eXactUtil
- System = "1,2,3"
- In HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
- PartnerName = "YUBILEE_CC"
- In HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
- PartnerName = "YUBILEE_CC"
- In HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
- PartnerID = "21b"
- In HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
- SystemInstallTime = "4f1342"
- In HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
- CBID = "0539-00658707828-510"
- In HKEY_LOCAL_MACHINE\SOFTWARE\CashBack
- CBPW = "154256141611"
- In HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
- PartnerID = "21b"
- In HKEY_LOCAL_MACHINE\SOFTWARE\NaviSearch
- SystemInstallTime = "4f1341"
手順 6
変更されたレジストリ値を修正します。
警告:レジストリはWindowsの構成情報が格納されているデータベースであり、レジストリの編集内容に問題があると、システムが正常に動作しなくなる場合があります。
レジストリの編集はお客様の責任で行っていただくようお願いいたします。弊社ではレジストリの編集による如何なる問題に対しても補償いたしかねます。
レジストリの編集前にこちらをご参照ください。
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search
- From: SearchAssistant = "http://www.{BLOCKED}earch.net/sidesearch"
To: SearchAssistant = ""http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm""
- From: SearchAssistant = "http://www.{BLOCKED}earch.net/sidesearch"
手順 7
以下のファイルを検索し削除します。
- %User Temp%\nsa2.tmp
- %Windows%\exdl.exe
- %Windows%\exul.exe
- %Windows%\bbchk.exe
- %Windows%\exclean.exe
- %Windows%\adp8040_YUBILEE_CC.exe
- %Windows%\nls8039_YUBILEE_CC.exe
- %Windows%\cb8040_YUBILEE_CC.exe
- %User Temp%\nsr4.tmp
- %Program Files%\BullsEye Network\bargains.exe
- %Program Files%\BullsEye Network\adv.exe
- %Program Files%\BullsEye Network\adx.exe
- %Program Files%\BullsEye Network\msbe.dll
- %System%\msbe.dll
- %Program Files%\BullsEye Network\Uninstall.exe
- %User Temp%\nse6.tmp
- %Program Files%\NaviSearch\nvms.dll
- %Program Files%\NaviSearch\nls.exe
- %Program Files%\NaviSearch\ad-nls.dat
- %System%\nvms.dll
- %Program Files%\NaviSearch\Uninstall.exe
- t1325477942.dec
- %User Temp%\nst8.tmp
- %Program Files%\CashBack\mscb.dll
- %Program Files%\CashBack\cashback.exe
- %Program Files%\CashBack\cb.exe
- %Program Files%\CashBack\flash.exe
- %Program Files%\CashBack\template.html
- %Program Files%\CashBack\template2.html
- %Program Files%\CashBack\bb_click_wider.swf
- %Program Files%\CashBack\bb_auto_wider.swf
- %Program Files%\CashBack\bb_welcome.html
- %Program Files%\CashBack\bb_welcome1.swf
- %Program Files%\CashBack\blank.gif
- %Program Files%\CashBack\icon.gif
- %Program Files%\CashBack\logo.gif
- %System%\mscb.dll
- %Program Files%\CashBack\Uninstall.exe
- t1325477956.dec
- %System%\exdl1.exe
- %System%\exdl3.exe
- %System%\exdl2.exe
手順 8
以下のフォルダを検索し削除します。
- %Program Files%\BullsEye Network
- %Program Files%\BullsEye Network\bin
- %Program Files%\NaviSearch
- %Program Files%\NaviSearch\bin
- %Program Files%\CashBack
- %Program Files%\CashBack\bin
- %System Root%\temp
手順 9
コンピュータを通常モードで再起動し、最新のバージョン(エンジン、パターンファイル)を導入したウイルス対策製品を用い、「TSPY_BB.A」と検出したファイルの検索を実行してください。 検出されたファイルが、弊社ウイルス対策製品により既に駆除、隔離またはファイル削除の処理が実行された場合、ウイルスの処理は完了しており、他の削除手順は特にありません。
手順 10
以下のファイルをバックアップを用いて修復します。なお、マイクロソフト製品に関連したファイルのみ修復されます。このマルウェア/グレイウェア/スパイウェアが同社製品以外のプログラムをも削除した場合には、該当プログラムを再度インストールする必要があります。
- %User Temp%\nsa1.tmp
- %User Temp%\nsc3.tmp
- %User Temp%\nso5.tmp
- %Program Files%\BullsEye Network\t1325477942.dec
- %User Temp%\nst7.tmp
- %System Root%\temp\exTmp0.html
- %System Root%\temp\exTmp1.html
ご利用はいかがでしたか? アンケートにご協力ください