TSPY_RANSOM.BXU

2012年10月12日

別名:

Ransom-O (McAfee); PAK:UPX (Kaspersky); Trojan.Win32.Generic!BT (Sunbelt); Trojan.Generic.KDV.599596 (FSecure)

プラットフォーム:

Windows 2000, Windows XP, Windows Server 2003

危険度:

感染確認数:

システムへの影響:

情報漏えい:

マルウェアタイプ: スパイウェア
破壊活動の有無: なし
暗号化:
感染報告の有無: はい

概要

スパイウェアは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。

詳細

ファイルサイズ 36,352 bytes

タイプ EXE

メモリ常駐はい

発見日 2012年4月18日

侵入方法

スパイウェアは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。

インストール

スパイウェアは、感染したコンピュータ内に以下のように自身のコピーを作成します。

%User Temp%\t5JPTM68io8eV4E.exe

(註：%User Temp%はWindowsの種類とインストール時の設定などにより異なります。標準設定では、Windows 98 および MEの場合、"C:\Windows\Temp"、Windows NT の場合、"C:\Profiles\＜ユーザー名＞\TEMP"、Windows 2000、XP、Server 2003 の場合、"C:\Documents and Settings\＜ユーザー名＞\Local Settings\TEMP" です。)

自動実行方法

スパイウェアは、自身のコピーがWindows起動時に自動実行されるよう以下のレジストリ値を追加します。

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Alcmeter = "%User Temp%\t5JPTM68io8eV4E.exe"

他のシステム変更

スパイウェアは、以下のレジストリキーを追加します。

HKEY_CLASSES_ROOT\.EnCiPhErEd

HKEY_CLASSES_ROOT\TTWJFKXKEEYEITY

HKEY_CLASSES_ROOT\TTWJFKXKEEYEITY\DefaultIcon

HKEY_CLASSES_ROOT\TTWJFKXKEEYEITY\shell\
open\command

作成活動

スパイウェアは、以下のファイルを作成します。

%System Root%\HOW TO DECRYPT FILES.txt
%User Profile%\Application Data\HOW TO DECRYPT FILES.txt
%User Profile%\Address Book\HOW TO DECRYPT FILES.txt
%User Profile%\Internet Explorer\HOW TO DECRYPT FILES.txt
%User Profile%\Quick Launch\HOW TO DECRYPT FILES.txt
%User Profile%\Themes\HOW TO DECRYPT FILES.txt
%User Profile%\Cookies\HOW TO DECRYPT FILES.txt
%Favorites%\HOW TO DECRYPT FILES.txt
%Favorites%\Links\HOW TO DECRYPT FILES.txt
%Application Data%\HOW TO DECRYPT FILES.txt
%Application Data%\Identities\{341F68BA-C841-4200-A7B4-3D5CFF202166}\Microsoft\Outlook Express\HOW TO DECRYPT FILES.txt
%Application Data%\Microsoft\Internet Explorer\HOW TO DECRYPT FILES.txt
%Application Data%\Microsoft\Media Player\HOW TO DECRYPT FILES.txt
%Application Data%\Microsoft\Windows\HOW TO DECRYPT FILES.txt
%Application Data%\Microsoft\Windows Media\9.0\HOW TO DECRYPT FILES.txt
%User Profile%\Local Settings\HOW TO DECRYPT FILES.txt
%User Profile%\History\HOW TO DECRYPT FILES.txt
%User Profile%\History.IE5\HOW TO DECRYPT FILES.txt
%User Profile%\MSHist012010121320101220\HOW TO DECRYPT FILES.txt
%User Profile%\MSHist012010122820101229\HOW TO DECRYPT FILES.txt
%User Profile%\MSHist012010122920101230\HOW TO DECRYPT FILES.txt
%User Profile%\MSHist012011010220110103\HOW TO DECRYPT FILES.txt
%User Temp%\HOW TO DECRYPT FILES.txt
%User Temp%\_$Df\HOW TO DECRYPT FILES.txt
%Temporary Internet Files%\Content.IE5\2TPM8950\HOW TO DECRYPT FILES.txt
%Temporary Internet Files%\Content.IE5\4H9MXTT9\HOW TO DECRYPT FILES.txt
%Temporary Internet Files%\Content.IE5\HOW TO DECRYPT FILES.txt
%Temporary Internet Files%\Content.IE5\SMCZPN4M\HOW TO DECRYPT FILES.txt
%Temporary Internet Files%\Content.IE5\X9QQH2D9\HOW TO DECRYPT FILES.txt
%Temporary Internet Files%\HOW TO DECRYPT FILES.txt
%User Profile%\My Documents\HOW TO DECRYPT FILES.txt
%User Profile%\My Music\HOW TO DECRYPT FILES.txt
%User Profile%\My Pictures\HOW TO DECRYPT FILES.txt
%User Profile%\HOW TO DECRYPT FILES.txt
%User Profile%\Recent\HOW TO DECRYPT FILES.txt
%User Profile%\SendTo\HOW TO DECRYPT FILES.txt
%Start Menu%\HOW TO DECRYPT FILES.txt
%Start Menu%\Programs\Accessories\Accessibility\HOW TO DECRYPT FILES.txt
%Start Menu%\Programs\Accessories\HOW TO DECRYPT FILES.txt
%Start Menu%\Programs\Accessories\Entertainment\HOW TO DECRYPT FILES.txt
%Start Menu%\Programs\HOW TO DECRYPT FILES.txt
%User Startup%\HOW TO DECRYPT FILES.txt
%User Profile%\Templates\HOW TO DECRYPT FILES.txt
%User Profile%\S-1-5-18\HOW TO DECRYPT FILES.txt
%User Profile%\Media Player\HOW TO DECRYPT FILES.txt
%User Profile%\Pbk\HOW TO DECRYPT FILES.txt
%User Profile%\Downloader\HOW TO DECRYPT FILES.txt
%User Profile%\User Account Pictures\HOW TO DECRYPT FILES.txt
%User Profile%\Default Pictures\HOW TO DECRYPT FILES.txt
%User Profile%\Documents\HOW TO DECRYPT FILES.txt
%User Profile%\Sample Music\HOW TO DECRYPT FILES.txt
%User Profile%\002BDCF1\HOW TO DECRYPT FILES.txt
%User Profile%\Sample Pictures\HOW TO DECRYPT FILES.txt
%User Profile%\My Videos\HOW TO DECRYPT FILES.txt
%User Profile%\DRM\HOW TO DECRYPT FILES.txt
%Start Menu%\Programs\Accessories\Communications\HOW TO DECRYPT FILES.txt
%Start Menu%\Programs\Accessories\System Tools\HOW TO DECRYPT FILES.txt
%Start Menu%\Programs\Administrative Tools\HOW TO DECRYPT FILES.txt
%Start Menu%\Programs\Games\HOW TO DECRYPT FILES.txt
%Common Startup%\HOW TO DECRYPT FILES.txt
%Start Menu%\Programs\WinPcap\HOW TO DECRYPT FILES.txt
%Desktop%\HOW TO DECRYPT FILES.txt
%User Profile%\MSHist012010120620101213\HOW TO DECRYPT FILES.txt
%User Profile%\MSHist012010121320101214\HOW TO DECRYPT FILES.txt
%Temporary Internet Files%\Content.IE5\2BAREZOP\HOW TO DECRYPT FILES.txt
%Temporary Internet Files%\Content.IE5\IX09SXE9\HOW TO DECRYPT FILES.txt
%Temporary Internet Files%\Content.IE5\M94XI96V\HOW TO DECRYPT FILES.txt
%Temporary Internet Files%\Content.IE5\O7EHUPCN\HOW TO DECRYPT FILES.txt
%Application Data%\Identities\{736CCBC7-ECC5-4A94-8856-77115D1B5FF1}\Microsoft\Outlook Express\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\Microsoft Shared\DAO\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\Microsoft Shared\MSInfo\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\Microsoft Shared\Speech\1033\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\Microsoft Shared\Speech\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\Microsoft Shared\Stationery\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\Microsoft Shared\TextConv\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\Microsoft Shared\Triedit\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\Microsoft Shared\VC\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\Microsoft Shared\VGX\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\Microsoft Shared\Web Folders\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\Microsoft Shared\web server extensions\40\bin\1033\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\Microsoft Shared\web server extensions\40\bin\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\MSSoap\Binaries\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\MSSoap\Binaries\Resources\1033\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\Services\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\SpeechEngines\Microsoft\Lexicon\1033\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\SpeechEngines\Microsoft\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\SpeechEngines\Microsoft\TTS\1033\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\System\ado\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\System\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\System\msadc\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\System\Ole DB\HOW TO DECRYPT FILES.txt
%Program Files%\Internet Explorer\Connection Wizard\HOW TO DECRYPT FILES.txt
%Program Files%\Internet Explorer\HOW TO DECRYPT FILES.txt
%Program Files%\Internet Explorer\SIGNUP\HOW TO DECRYPT FILES.txt
%Program Files%\Messenger\HOW TO DECRYPT FILES.txt
%Program Files%\Movie Maker\HOW TO DECRYPT FILES.txt
%Program Files%\Movie Maker\MUI\0409\HOW TO DECRYPT FILES.txt
%Program Files%\Movie Maker\Shared\HOW TO DECRYPT FILES.txt
%Program Files%\Movie Maker\Shared\Profiles\HOW TO DECRYPT FILES.txt
%Program Files%\MSN\MSNCoreFiles\Install\HOW TO DECRYPT FILES.txt
%Program Files%\MSN\MSNCoreFiles\Install\MSN9Components\HOW TO DECRYPT FILES.txt
%Program Files%\MSN\MSNCoreFiles\OOBE\HOW TO DECRYPT FILES.txt
%Program Files%\MSN Gaming Zone\Windows\HOW TO DECRYPT FILES.txt
%Program Files%\NetMeeting\HOW TO DECRYPT FILES.txt
%Program Files%\Online Services\HOW TO DECRYPT FILES.txt
%Program Files%\Outlook Express\HOW TO DECRYPT FILES.txt
%Program Files%\Windows Media Player\HOW TO DECRYPT FILES.txt
%Program Files%\Windows Media Player\Skins\HOW TO DECRYPT FILES.txt
%Program Files%\Windows NT\Accessories\HOW TO DECRYPT FILES.txt
%Program Files%\Windows NT\HOW TO DECRYPT FILES.txt
%Program Files%\Windows NT\Pinball\HOW TO DECRYPT FILES.txt
%Program Files%\WinPcap\HOW TO DECRYPT FILES.txt
%System Root%\RECYCLER\S-1-5-21-436374069-362288127-839522115-1003\HOW TO DECRYPT FILES.txt
%System Root%\RECYCLER\S-1-5-21-436374069-362288127-839522115-500\HOW TO DECRYPT FILES.txt
%Windows%\HOW TO DECRYPT FILES.txt
%Windows%\AppPatch\HOW TO DECRYPT FILES.txt
%Windows%\Cursors\HOW TO DECRYPT FILES.txt
%Windows%\Debug\HOW TO DECRYPT FILES.txt
%Windows%\Debug\UserMode\HOW TO DECRYPT FILES.txt
%Windows%\Downloaded Program Files\HOW TO DECRYPT FILES.txt
%Windows%\Driver Cache\i386\HOW TO DECRYPT FILES.txt
%Windows%\ehome\HOW TO DECRYPT FILES.txt
%Windows%\Fonts\HOW TO DECRYPT FILES.txt
%Windows%\Help\HOW TO DECRYPT FILES.txt
%Windows%\Help\Tours\htmlTour\HOW TO DECRYPT FILES.txt
%Windows%\Help\Tours\mmTour\HOW TO DECRYPT FILES.txt
%Windows%\Help\Tours\WindowsMediaPlayer\Audio\HOW TO DECRYPT FILES.txt
%Windows%\Help\Tours\WindowsMediaPlayer\Audio\Wav\HOW TO DECRYPT FILES.txt
%Windows%\Help\Tours\WindowsMediaPlayer\Cnt\HOW TO DECRYPT FILES.txt
%Windows%\Help\Tours\WindowsMediaPlayer\Css\HOW TO DECRYPT FILES.txt
%Windows%\Help\Tours\WindowsMediaPlayer\Img\Btn\HOW TO DECRYPT FILES.txt
%Windows%\Help\Tours\WindowsMediaPlayer\Img\HOW TO DECRYPT FILES.txt
%Windows%\Help\Tours\WindowsMediaPlayer\Img\WMarks\HOW TO DECRYPT FILES.txt
%Windows%\Help\Tours\WindowsMediaPlayer\Scr\HOW TO DECRYPT FILES.txt
%Windows%\Help\Tours\WindowsMediaPlayer\Video\HOW TO DECRYPT FILES.txt
%Windows%\Help\Tours\WindowsMediaPlayer\HOW TO DECRYPT FILES.txt
%Windows%\ime\HOW TO DECRYPT FILES.txt
%Windows%\inf\HOW TO DECRYPT FILES.txt
%Windows%\Installer\HOW TO DECRYPT FILES.txt
%Windows%\Installer\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}\HOW TO DECRYPT FILES.txt
%Windows%\Installer\{FE2F6A2C-196E-4210-9C04-2B1BC21F07EF}\HOW TO DECRYPT FILES.txt
%Windows%\Media\HOW TO DECRYPT FILES.txt
%Windows%\msagent\HOW TO DECRYPT FILES.txt
%Windows%\msagent\chars\HOW TO DECRYPT FILES.txt
%Windows%\msagent\intl\HOW TO DECRYPT FILES.txt
%Windows%\mui\HOW TO DECRYPT FILES.txt
%Windows%\Offline Web Pages\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\binaries\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\Config\Cache\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\Config\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\Database\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\DataColl\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\Indices\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\Logs\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\OfflineCache\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\OfflineCache\Professional_32#0409\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\PackageStore\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\blurbs\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\CompatCtr\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\css\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\dialogs\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\DVDUpgrd\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\ErrMsg\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\errors\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\images\16x16\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\images\24x24\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\images\32x32\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\images\48x48\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\images\Centers\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\images\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\images\Expando\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\NetDiag\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\panels\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\panels\subpanels\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\rc\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\Remote Assistance\Common\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\Remote Assistance\Css\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\Remote Assistance\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\Remote Assistance\Interaction\Client\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\Remote Assistance\Interaction\Common\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\Remote Assistance\Interaction\Server\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\scripts\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\sysinfo\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\sysinfo\graphics\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\UpdateCtr\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Css\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Unsolicited\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\UploadLB\Binaries\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\UploadLB\Config\HOW TO DECRYPT FILES.txt
%Windows%\PeerNet\HOW TO DECRYPT FILES.txt
%Windows%\Prefetch\HOW TO DECRYPT FILES.txt
%Windows%\Provisioning\Schemas\HOW TO DECRYPT FILES.txt
%Windows%\pss\HOW TO DECRYPT FILES.txt
%Windows%\Registration\HOW TO DECRYPT FILES.txt
%Windows%\repair\HOW TO DECRYPT FILES.txt
%Windows%\Resources\Themes\Luna\HOW TO DECRYPT FILES.txt
%Windows%\Resources\Themes\Luna\Shell\Homestead\HOW TO DECRYPT FILES.txt
%Windows%\Resources\Themes\Luna\Shell\Metallic\HOW TO DECRYPT FILES.txt
%Windows%\Resources\Themes\Luna\Shell\NormalColor\HOW TO DECRYPT FILES.txt
%Windows%\Resources\Themes\HOW TO DECRYPT FILES.txt
%Windows%\security\Database\HOW TO DECRYPT FILES.txt
%Windows%\security\logs\HOW TO DECRYPT FILES.txt
%Windows%\security\templates\HOW TO DECRYPT FILES.txt
%Windows%\SoftwareDistribution\DataStore\HOW TO DECRYPT FILES.txt
%Windows%\SoftwareDistribution\DataStore\Logs\HOW TO DECRYPT FILES.txt
%Windows%\SoftwareDistribution\HOW TO DECRYPT FILES.txt
%Windows%\srchasst\chars\HOW TO DECRYPT FILES.txt
%Windows%\srchasst\HOW TO DECRYPT FILES.txt
%Windows%\srchasst\mui\0409\HOW TO DECRYPT FILES.txt
%System%\HOW TO DECRYPT FILES.txt
%System%\1033\HOW TO DECRYPT FILES.txt
%System%\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\HOW TO DECRYPT FILES.txt
%System%\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\HOW TO DECRYPT FILES.txt
%System%\CatRoot2\HOW TO DECRYPT FILES.txt
%System%\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\HOW TO DECRYPT FILES.txt
%System%\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\HOW TO DECRYPT FILES.txt
%System%\Com\HOW TO DECRYPT FILES.txt
%System%\config\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Application Data\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Application Data\Microsoft\Address Book\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Application Data\Microsoft\Internet Explorer\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Application Data\Microsoft\Windows\Themes\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Cookies\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Desktop\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Favorites\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Favorites\Links\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\Application Data\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\Application Data\Identities\{341F68BA-C841-4200-A7B4-3D5CFF202166}\Microsoft\Outlook Express\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\Application Data\Microsoft\Media Player\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\9.0\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\History\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\History\History.IE5\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\History\History.IE5\MSHist012010120620101213\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\History\History.IE5\MSHist012010121320101214\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\History\History.IE5\MSHist012010122820101229\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\Temp\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\Temp\_$Df\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0XIJ0DEZ\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2TPM8950\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4H9MXTT9\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8XQVK9U7\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\K96JWPA7\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OLQ78TEZ\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\SMCZPN4M\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\X9QQH2D9\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\Temporary Internet Files\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\My Documents\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\My Documents\My Music\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\My Documents\My Pictures\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Recent\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\SendTo\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Start Menu\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Start Menu\Programs\Accessories\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Start Menu\Programs\Accessories\Entertainment\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Start Menu\Programs\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Start Menu\Programs\Startup\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Templates\HOW TO DECRYPT FILES.txt
%System%\DirectX\Dinput\HOW TO DECRYPT FILES.txt

(註：%System Root%は、標準設定では "C:" です。また、オペレーティングシステムが存在する場所です。. %User Profile% フォルダは、Windows 98 および MEの場合、"C:\Windows\Profiles\＜ユーザ名＞"、Windows NTでは、"C:\WINNT\Profiles\＜ユーザ名＞"、Windows 2000, XP, Server 2003の場合は、"C:\Documents and Settings\＜ユーザ名＞" です。. %Application Data%フォルダは、 Windows 2000、XP、Server 2003 の場合 "C:\Documents and Settings\＜ユーザ名＞\Local Settings\Application Data" 、 Windows NTの場合 "C:\WINNT\Profiles\＜ユーザ名＞\Application Data"、Windows 98 および MEの場合、"C:\Windows\Profiles\＜ユーザ名＞\Application Data" です。. %User Temp%はWindowsの種類とインストール時の設定などにより異なります。標準設定では、Windows 98 および MEの場合、"C:\Windows\Temp"、Windows NT の場合、"C:\Profiles\＜ユーザー名＞\TEMP"、Windows 2000、XP、Server 2003 の場合、"C:\Documents and Settings\＜ユーザー名＞\Local Settings\TEMP" です。. %Start Menu%フォルダは、通常、Windows 98 および MEの場合、"C:\Windows\Profiles\＜ユーザ名＞\Start Menu" 、Windows NTの場合、"C:\WINNT\Profiles\＜ユーザ名＞\Start Menu "、Windows 2000、XP、Server 2003の場合、"C:\Windows\Start Menu" および "C:\Documents and Settings\＜ユーザ名＞\Start Menu " です。. %User Startup%フォルダは、通常、Windows 98 および MEの場合、"C:\Windows\Profiles\＜ユーザ名＞\Start Menu\Programs\Startup" 、Windows NTの場合、"C:\WINNT\Profiles\＜ユーザ名＞\Start Menu\Programs\Startup"、Windows 2000、XP、Server 2003の場合、"C:\Documents and Settings\＜ユーザ名＞\Start Menu\Programs\Startup " です。. %Common Startup%フォルダは、Windows 2000、XP、Server 2003 の場合 "C:\Documents and Settings\All Users\スタートメニュー\プログラム\スタートアップ" 、 Windows NTの場合 "C:\WINNT\Profiles\All Users\プログラム\スタートアップ"、Windows 98 および MEの場合、"C:\Windows\スタートメニュー\プログラム\スタートアップ" です。. %Desktop%フォルダは、Windows 98 および MEの場合、通常 "C:\Windows\Profiles\＜ユーザ名＞\デスクトップ" です。 Windows NTの場合、"C:\WINNT\Profiles\＜ユーザ名＞\デスクトップ"、Windows 2000、XP、Server 2003の場合は "C:\Documents and Settings\＜ユーザ名＞\デスクトップ" です。. %Program Files%は、標準設定では "C:\Program Files" です。. %Windows%はWindowsの種類とインストール時の設定などにより異なります。標準設定では、Windows9x、Me、XP、Server 2003の場合、"C:\Window"、WindowsNT および 2000の場合、"C:\WINNT" です。. %System%はWindowsの種類とインストール時の設定などにより異なります。標準設定では、Windows 98 および MEの場合、"C:\Windows\System"、Windows NT および 2000 の場合、"C:\WinNT\System32"、Windows XP および Server 2003 の場合、"C:\Windows\System32" です。)

このウイルス情報は、自動解析システムにより作成されました。

対応方法

対応検索エンジン: 9.200

手順 1

Windows XP および Windows Server 2003 のユーザは、コンピュータからマルウェアもしくはアドウェア等を完全に削除するために、ウイルス検索の実行前には必ず「システムの復元」を無効にしてください。

手順 2

Windowsをセーフモードで再起動します。

[ 詳細 ]

手順 3

このレジストリキーを削除します。

[ 詳細 ]

警告：レジストリはWindowsの構成情報が格納されているデータベースであり、レジストリの編集内容に問題があると、システムが正常に動作しなくなる場合があります。
レジストリの編集はお客様の責任で行っていただくようお願いいたします。弊社ではレジストリの編集による如何なる問題に対しても補償いたしかねます。
レジストリの編集前にこちらをご参照ください。

In HKEY_CLASSES_ROOT
- .EnCiPhErEd

In HKEY_CLASSES_ROOT
- TTWJFKXKEEYEITY

In HKEY_CLASSES_ROOT\TTWJFKXKEEYEITY
- DefaultIcon

In HKEY_CLASSES_ROOT\TTWJFKXKEEYEITY\shell\open
- command

手順 4

このレジストリ値を削除します。

[ 詳細 ]

In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- Alcmeter = "%User Temp%\t5JPTM68io8eV4E.exe"

手順 5

以下のファイルを検索し削除します。

[ 詳細 ]

コンポーネントファイルが隠しファイル属性の場合があります。[詳細設定オプション]をクリックし、[隠しファイルとフォルダの検索]のチェックボックスをオンにし、検索結果に隠しファイルとフォルダが含まれるようにしてください。

%System Root%\HOW TO DECRYPT FILES.txt
%User Profile%\Application Data\HOW TO DECRYPT FILES.txt
%User Profile%\Address Book\HOW TO DECRYPT FILES.txt
%User Profile%\Internet Explorer\HOW TO DECRYPT FILES.txt
%User Profile%\Quick Launch\HOW TO DECRYPT FILES.txt
%User Profile%\Themes\HOW TO DECRYPT FILES.txt
%User Profile%\Cookies\HOW TO DECRYPT FILES.txt
%Favorites%\HOW TO DECRYPT FILES.txt
%Favorites%\Links\HOW TO DECRYPT FILES.txt
%Application Data%\HOW TO DECRYPT FILES.txt
%Application Data%\Identities\{341F68BA-C841-4200-A7B4-3D5CFF202166}\Microsoft\Outlook Express\HOW TO DECRYPT FILES.txt
%Application Data%\Microsoft\Internet Explorer\HOW TO DECRYPT FILES.txt
%Application Data%\Microsoft\Media Player\HOW TO DECRYPT FILES.txt
%Application Data%\Microsoft\Windows\HOW TO DECRYPT FILES.txt
%Application Data%\Microsoft\Windows Media\9.0\HOW TO DECRYPT FILES.txt
%User Profile%\Local Settings\HOW TO DECRYPT FILES.txt
%User Profile%\History\HOW TO DECRYPT FILES.txt
%User Profile%\History.IE5\HOW TO DECRYPT FILES.txt
%User Profile%\MSHist012010121320101220\HOW TO DECRYPT FILES.txt
%User Profile%\MSHist012010122820101229\HOW TO DECRYPT FILES.txt
%User Profile%\MSHist012010122920101230\HOW TO DECRYPT FILES.txt
%User Profile%\MSHist012011010220110103\HOW TO DECRYPT FILES.txt
%User Temp%\HOW TO DECRYPT FILES.txt
%User Temp%\_$Df\HOW TO DECRYPT FILES.txt
%Temporary Internet Files%\Content.IE5\2TPM8950\HOW TO DECRYPT FILES.txt
%Temporary Internet Files%\Content.IE5\4H9MXTT9\HOW TO DECRYPT FILES.txt
%Temporary Internet Files%\Content.IE5\HOW TO DECRYPT FILES.txt
%Temporary Internet Files%\Content.IE5\SMCZPN4M\HOW TO DECRYPT FILES.txt
%Temporary Internet Files%\Content.IE5\X9QQH2D9\HOW TO DECRYPT FILES.txt
%Temporary Internet Files%\HOW TO DECRYPT FILES.txt
%User Profile%\My Documents\HOW TO DECRYPT FILES.txt
%User Profile%\My Music\HOW TO DECRYPT FILES.txt
%User Profile%\My Pictures\HOW TO DECRYPT FILES.txt
%User Profile%\HOW TO DECRYPT FILES.txt
%User Profile%\Recent\HOW TO DECRYPT FILES.txt
%User Profile%\SendTo\HOW TO DECRYPT FILES.txt
%Start Menu%\HOW TO DECRYPT FILES.txt
%Start Menu%\Programs\Accessories\Accessibility\HOW TO DECRYPT FILES.txt
%Start Menu%\Programs\Accessories\HOW TO DECRYPT FILES.txt
%Start Menu%\Programs\Accessories\Entertainment\HOW TO DECRYPT FILES.txt
%Start Menu%\Programs\HOW TO DECRYPT FILES.txt
%User Startup%\HOW TO DECRYPT FILES.txt
%User Profile%\Templates\HOW TO DECRYPT FILES.txt
%User Profile%\S-1-5-18\HOW TO DECRYPT FILES.txt
%User Profile%\Media Player\HOW TO DECRYPT FILES.txt
%User Profile%\Pbk\HOW TO DECRYPT FILES.txt
%User Profile%\Downloader\HOW TO DECRYPT FILES.txt
%User Profile%\User Account Pictures\HOW TO DECRYPT FILES.txt
%User Profile%\Default Pictures\HOW TO DECRYPT FILES.txt
%User Profile%\Documents\HOW TO DECRYPT FILES.txt
%User Profile%\Sample Music\HOW TO DECRYPT FILES.txt
%User Profile%\002BDCF1\HOW TO DECRYPT FILES.txt
%User Profile%\Sample Pictures\HOW TO DECRYPT FILES.txt
%User Profile%\My Videos\HOW TO DECRYPT FILES.txt
%User Profile%\DRM\HOW TO DECRYPT FILES.txt
%Start Menu%\Programs\Accessories\Communications\HOW TO DECRYPT FILES.txt
%Start Menu%\Programs\Accessories\System Tools\HOW TO DECRYPT FILES.txt
%Start Menu%\Programs\Administrative Tools\HOW TO DECRYPT FILES.txt
%Start Menu%\Programs\Games\HOW TO DECRYPT FILES.txt
%Common Startup%\HOW TO DECRYPT FILES.txt
%Start Menu%\Programs\WinPcap\HOW TO DECRYPT FILES.txt
%Desktop%\HOW TO DECRYPT FILES.txt
%User Profile%\MSHist012010120620101213\HOW TO DECRYPT FILES.txt
%User Profile%\MSHist012010121320101214\HOW TO DECRYPT FILES.txt
%Temporary Internet Files%\Content.IE5\2BAREZOP\HOW TO DECRYPT FILES.txt
%Temporary Internet Files%\Content.IE5\IX09SXE9\HOW TO DECRYPT FILES.txt
%Temporary Internet Files%\Content.IE5\M94XI96V\HOW TO DECRYPT FILES.txt
%Temporary Internet Files%\Content.IE5\O7EHUPCN\HOW TO DECRYPT FILES.txt
%Application Data%\Identities\{736CCBC7-ECC5-4A94-8856-77115D1B5FF1}\Microsoft\Outlook Express\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\Microsoft Shared\DAO\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\Microsoft Shared\MSInfo\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\Microsoft Shared\Speech\1033\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\Microsoft Shared\Speech\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\Microsoft Shared\Stationery\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\Microsoft Shared\TextConv\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\Microsoft Shared\Triedit\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\Microsoft Shared\VC\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\Microsoft Shared\VGX\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\Microsoft Shared\Web Folders\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\Microsoft Shared\web server extensions\40\bin\1033\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\Microsoft Shared\web server extensions\40\bin\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\MSSoap\Binaries\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\MSSoap\Binaries\Resources\1033\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\Services\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\SpeechEngines\Microsoft\Lexicon\1033\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\SpeechEngines\Microsoft\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\SpeechEngines\Microsoft\TTS\1033\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\System\ado\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\System\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\System\msadc\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\System\Ole DB\HOW TO DECRYPT FILES.txt
%Program Files%\Internet Explorer\Connection Wizard\HOW TO DECRYPT FILES.txt
%Program Files%\Internet Explorer\HOW TO DECRYPT FILES.txt
%Program Files%\Internet Explorer\SIGNUP\HOW TO DECRYPT FILES.txt
%Program Files%\Messenger\HOW TO DECRYPT FILES.txt
%Program Files%\Movie Maker\HOW TO DECRYPT FILES.txt
%Program Files%\Movie Maker\MUI\0409\HOW TO DECRYPT FILES.txt
%Program Files%\Movie Maker\Shared\HOW TO DECRYPT FILES.txt
%Program Files%\Movie Maker\Shared\Profiles\HOW TO DECRYPT FILES.txt
%Program Files%\MSN\MSNCoreFiles\Install\HOW TO DECRYPT FILES.txt
%Program Files%\MSN\MSNCoreFiles\Install\MSN9Components\HOW TO DECRYPT FILES.txt
%Program Files%\MSN\MSNCoreFiles\OOBE\HOW TO DECRYPT FILES.txt
%Program Files%\MSN Gaming Zone\Windows\HOW TO DECRYPT FILES.txt
%Program Files%\NetMeeting\HOW TO DECRYPT FILES.txt
%Program Files%\Online Services\HOW TO DECRYPT FILES.txt
%Program Files%\Outlook Express\HOW TO DECRYPT FILES.txt
%Program Files%\Windows Media Player\HOW TO DECRYPT FILES.txt
%Program Files%\Windows Media Player\Skins\HOW TO DECRYPT FILES.txt
%Program Files%\Windows NT\Accessories\HOW TO DECRYPT FILES.txt
%Program Files%\Windows NT\HOW TO DECRYPT FILES.txt
%Program Files%\Windows NT\Pinball\HOW TO DECRYPT FILES.txt
%Program Files%\WinPcap\HOW TO DECRYPT FILES.txt
%System Root%\RECYCLER\S-1-5-21-436374069-362288127-839522115-1003\HOW TO DECRYPT FILES.txt
%System Root%\RECYCLER\S-1-5-21-436374069-362288127-839522115-500\HOW TO DECRYPT FILES.txt
%Windows%\HOW TO DECRYPT FILES.txt
%Windows%\AppPatch\HOW TO DECRYPT FILES.txt
%Windows%\Cursors\HOW TO DECRYPT FILES.txt
%Windows%\Debug\HOW TO DECRYPT FILES.txt
%Windows%\Debug\UserMode\HOW TO DECRYPT FILES.txt
%Windows%\Downloaded Program Files\HOW TO DECRYPT FILES.txt
%Windows%\Driver Cache\i386\HOW TO DECRYPT FILES.txt
%Windows%\ehome\HOW TO DECRYPT FILES.txt
%Windows%\Fonts\HOW TO DECRYPT FILES.txt
%Windows%\Help\HOW TO DECRYPT FILES.txt
%Windows%\Help\Tours\htmlTour\HOW TO DECRYPT FILES.txt
%Windows%\Help\Tours\mmTour\HOW TO DECRYPT FILES.txt
%Windows%\Help\Tours\WindowsMediaPlayer\Audio\HOW TO DECRYPT FILES.txt
%Windows%\Help\Tours\WindowsMediaPlayer\Audio\Wav\HOW TO DECRYPT FILES.txt
%Windows%\Help\Tours\WindowsMediaPlayer\Cnt\HOW TO DECRYPT FILES.txt
%Windows%\Help\Tours\WindowsMediaPlayer\Css\HOW TO DECRYPT FILES.txt
%Windows%\Help\Tours\WindowsMediaPlayer\Img\Btn\HOW TO DECRYPT FILES.txt
%Windows%\Help\Tours\WindowsMediaPlayer\Img\HOW TO DECRYPT FILES.txt
%Windows%\Help\Tours\WindowsMediaPlayer\Img\WMarks\HOW TO DECRYPT FILES.txt
%Windows%\Help\Tours\WindowsMediaPlayer\Scr\HOW TO DECRYPT FILES.txt
%Windows%\Help\Tours\WindowsMediaPlayer\Video\HOW TO DECRYPT FILES.txt
%Windows%\Help\Tours\WindowsMediaPlayer\HOW TO DECRYPT FILES.txt
%Windows%\ime\HOW TO DECRYPT FILES.txt
%Windows%\inf\HOW TO DECRYPT FILES.txt
%Windows%\Installer\HOW TO DECRYPT FILES.txt
%Windows%\Installer\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}\HOW TO DECRYPT FILES.txt
%Windows%\Installer\{FE2F6A2C-196E-4210-9C04-2B1BC21F07EF}\HOW TO DECRYPT FILES.txt
%Windows%\Media\HOW TO DECRYPT FILES.txt
%Windows%\msagent\HOW TO DECRYPT FILES.txt
%Windows%\msagent\chars\HOW TO DECRYPT FILES.txt
%Windows%\msagent\intl\HOW TO DECRYPT FILES.txt
%Windows%\mui\HOW TO DECRYPT FILES.txt
%Windows%\Offline Web Pages\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\binaries\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\Config\Cache\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\Config\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\Database\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\DataColl\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\Indices\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\Logs\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\OfflineCache\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\OfflineCache\Professional_32#0409\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\PackageStore\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\blurbs\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\CompatCtr\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\css\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\dialogs\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\DVDUpgrd\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\ErrMsg\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\errors\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\images\16x16\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\images\24x24\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\images\32x32\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\images\48x48\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\images\Centers\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\images\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\images\Expando\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\NetDiag\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\panels\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\panels\subpanels\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\rc\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\Remote Assistance\Common\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\Remote Assistance\Css\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\Remote Assistance\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\Remote Assistance\Interaction\Client\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\Remote Assistance\Interaction\Common\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\Remote Assistance\Interaction\Server\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\scripts\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\sysinfo\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\sysinfo\graphics\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\UpdateCtr\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Css\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Unsolicited\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\UploadLB\Binaries\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\UploadLB\Config\HOW TO DECRYPT FILES.txt
%Windows%\PeerNet\HOW TO DECRYPT FILES.txt
%Windows%\Prefetch\HOW TO DECRYPT FILES.txt
%Windows%\Provisioning\Schemas\HOW TO DECRYPT FILES.txt
%Windows%\pss\HOW TO DECRYPT FILES.txt
%Windows%\Registration\HOW TO DECRYPT FILES.txt
%Windows%\repair\HOW TO DECRYPT FILES.txt
%Windows%\Resources\Themes\Luna\HOW TO DECRYPT FILES.txt
%Windows%\Resources\Themes\Luna\Shell\Homestead\HOW TO DECRYPT FILES.txt
%Windows%\Resources\Themes\Luna\Shell\Metallic\HOW TO DECRYPT FILES.txt
%Windows%\Resources\Themes\Luna\Shell\NormalColor\HOW TO DECRYPT FILES.txt
%Windows%\Resources\Themes\HOW TO DECRYPT FILES.txt
%Windows%\security\Database\HOW TO DECRYPT FILES.txt
%Windows%\security\logs\HOW TO DECRYPT FILES.txt
%Windows%\security\templates\HOW TO DECRYPT FILES.txt
%Windows%\SoftwareDistribution\DataStore\HOW TO DECRYPT FILES.txt
%Windows%\SoftwareDistribution\DataStore\Logs\HOW TO DECRYPT FILES.txt
%Windows%\SoftwareDistribution\HOW TO DECRYPT FILES.txt
%Windows%\srchasst\chars\HOW TO DECRYPT FILES.txt
%Windows%\srchasst\HOW TO DECRYPT FILES.txt
%Windows%\srchasst\mui\0409\HOW TO DECRYPT FILES.txt
%System%\HOW TO DECRYPT FILES.txt
%System%\1033\HOW TO DECRYPT FILES.txt
%System%\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\HOW TO DECRYPT FILES.txt
%System%\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\HOW TO DECRYPT FILES.txt
%System%\CatRoot2\HOW TO DECRYPT FILES.txt
%System%\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\HOW TO DECRYPT FILES.txt
%System%\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\HOW TO DECRYPT FILES.txt
%System%\Com\HOW TO DECRYPT FILES.txt
%System%\config\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Application Data\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Application Data\Microsoft\Address Book\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Application Data\Microsoft\Internet Explorer\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Application Data\Microsoft\Windows\Themes\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Cookies\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Desktop\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Favorites\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Favorites\Links\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\Application Data\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\Application Data\Identities\{341F68BA-C841-4200-A7B4-3D5CFF202166}\Microsoft\Outlook Express\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\Application Data\Microsoft\Media Player\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\9.0\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\History\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\History\History.IE5\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\History\History.IE5\MSHist012010120620101213\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\History\History.IE5\MSHist012010121320101214\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\History\History.IE5\MSHist012010122820101229\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\Temp\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\Temp\_$Df\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0XIJ0DEZ\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2TPM8950\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4H9MXTT9\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8XQVK9U7\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\K96JWPA7\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OLQ78TEZ\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\SMCZPN4M\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\X9QQH2D9\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\Temporary Internet Files\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\My Documents\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\My Documents\My Music\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\My Documents\My Pictures\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Recent\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\SendTo\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Start Menu\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Start Menu\Programs\Accessories\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Start Menu\Programs\Accessories\Entertainment\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Start Menu\Programs\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Start Menu\Programs\Startup\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Templates\HOW TO DECRYPT FILES.txt
%System%\DirectX\Dinput\HOW TO DECRYPT FILES.txt

マルウェアのコンポーネントファイルの削除：

[スタート]-[検索]-[ファイルとフォルダすべて]を選択します。
註：Windowsのバージョンによって異なります。
[ファイル名のすべてまたは一部]に以下を入力してください。

%System Root%\HOW TO DECRYPT FILES.txt
%User Profile%\Application Data\HOW TO DECRYPT FILES.txt
%User Profile%\Address Book\HOW TO DECRYPT FILES.txt
%User Profile%\Internet Explorer\HOW TO DECRYPT FILES.txt
%User Profile%\Quick Launch\HOW TO DECRYPT FILES.txt
%User Profile%\Themes\HOW TO DECRYPT FILES.txt
%User Profile%\Cookies\HOW TO DECRYPT FILES.txt
%Favorites%\HOW TO DECRYPT FILES.txt
%Favorites%\Links\HOW TO DECRYPT FILES.txt
%Application Data%\HOW TO DECRYPT FILES.txt
%Application Data%\Identities\{341F68BA-C841-4200-A7B4-3D5CFF202166}\Microsoft\Outlook Express\HOW TO DECRYPT FILES.txt
%Application Data%\Microsoft\Internet Explorer\HOW TO DECRYPT FILES.txt
%Application Data%\Microsoft\Media Player\HOW TO DECRYPT FILES.txt
%Application Data%\Microsoft\Windows\HOW TO DECRYPT FILES.txt
%Application Data%\Microsoft\Windows Media\9.0\HOW TO DECRYPT FILES.txt
%User Profile%\Local Settings\HOW TO DECRYPT FILES.txt
%User Profile%\History\HOW TO DECRYPT FILES.txt
%User Profile%\History.IE5\HOW TO DECRYPT FILES.txt
%User Profile%\MSHist012010121320101220\HOW TO DECRYPT FILES.txt
%User Profile%\MSHist012010122820101229\HOW TO DECRYPT FILES.txt
%User Profile%\MSHist012010122920101230\HOW TO DECRYPT FILES.txt
%User Profile%\MSHist012011010220110103\HOW TO DECRYPT FILES.txt
%User Temp%\HOW TO DECRYPT FILES.txt
%User Temp%\_$Df\HOW TO DECRYPT FILES.txt
%Temporary Internet Files%\Content.IE5\2TPM8950\HOW TO DECRYPT FILES.txt
%Temporary Internet Files%\Content.IE5\4H9MXTT9\HOW TO DECRYPT FILES.txt
%Temporary Internet Files%\Content.IE5\HOW TO DECRYPT FILES.txt
%Temporary Internet Files%\Content.IE5\SMCZPN4M\HOW TO DECRYPT FILES.txt
%Temporary Internet Files%\Content.IE5\X9QQH2D9\HOW TO DECRYPT FILES.txt
%Temporary Internet Files%\HOW TO DECRYPT FILES.txt
%User Profile%\My Documents\HOW TO DECRYPT FILES.txt
%User Profile%\My Music\HOW TO DECRYPT FILES.txt
%User Profile%\My Pictures\HOW TO DECRYPT FILES.txt
%User Profile%\HOW TO DECRYPT FILES.txt
%User Profile%\Recent\HOW TO DECRYPT FILES.txt
%User Profile%\SendTo\HOW TO DECRYPT FILES.txt
%Start Menu%\HOW TO DECRYPT FILES.txt
%Start Menu%\Programs\Accessories\Accessibility\HOW TO DECRYPT FILES.txt
%Start Menu%\Programs\Accessories\HOW TO DECRYPT FILES.txt
%Start Menu%\Programs\Accessories\Entertainment\HOW TO DECRYPT FILES.txt
%Start Menu%\Programs\HOW TO DECRYPT FILES.txt
%User Startup%\HOW TO DECRYPT FILES.txt
%User Profile%\Templates\HOW TO DECRYPT FILES.txt
%User Profile%\S-1-5-18\HOW TO DECRYPT FILES.txt
%User Profile%\Media Player\HOW TO DECRYPT FILES.txt
%User Profile%\Pbk\HOW TO DECRYPT FILES.txt
%User Profile%\Downloader\HOW TO DECRYPT FILES.txt
%User Profile%\User Account Pictures\HOW TO DECRYPT FILES.txt
%User Profile%\Default Pictures\HOW TO DECRYPT FILES.txt
%User Profile%\Documents\HOW TO DECRYPT FILES.txt
%User Profile%\Sample Music\HOW TO DECRYPT FILES.txt
%User Profile%\002BDCF1\HOW TO DECRYPT FILES.txt
%User Profile%\Sample Pictures\HOW TO DECRYPT FILES.txt
%User Profile%\My Videos\HOW TO DECRYPT FILES.txt
%User Profile%\DRM\HOW TO DECRYPT FILES.txt
%Start Menu%\Programs\Accessories\Communications\HOW TO DECRYPT FILES.txt
%Start Menu%\Programs\Accessories\System Tools\HOW TO DECRYPT FILES.txt
%Start Menu%\Programs\Administrative Tools\HOW TO DECRYPT FILES.txt
%Start Menu%\Programs\Games\HOW TO DECRYPT FILES.txt
%Common Startup%\HOW TO DECRYPT FILES.txt
%Start Menu%\Programs\WinPcap\HOW TO DECRYPT FILES.txt
%Desktop%\HOW TO DECRYPT FILES.txt
%User Profile%\MSHist012010120620101213\HOW TO DECRYPT FILES.txt
%User Profile%\MSHist012010121320101214\HOW TO DECRYPT FILES.txt
%Temporary Internet Files%\Content.IE5\2BAREZOP\HOW TO DECRYPT FILES.txt
%Temporary Internet Files%\Content.IE5\IX09SXE9\HOW TO DECRYPT FILES.txt
%Temporary Internet Files%\Content.IE5\M94XI96V\HOW TO DECRYPT FILES.txt
%Temporary Internet Files%\Content.IE5\O7EHUPCN\HOW TO DECRYPT FILES.txt
%Application Data%\Identities\{736CCBC7-ECC5-4A94-8856-77115D1B5FF1}\Microsoft\Outlook Express\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\Microsoft Shared\DAO\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\Microsoft Shared\MSInfo\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\Microsoft Shared\Speech\1033\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\Microsoft Shared\Speech\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\Microsoft Shared\Stationery\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\Microsoft Shared\TextConv\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\Microsoft Shared\Triedit\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\Microsoft Shared\VC\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\Microsoft Shared\VGX\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\Microsoft Shared\Web Folders\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\Microsoft Shared\web server extensions\40\bin\1033\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\Microsoft Shared\web server extensions\40\bin\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\MSSoap\Binaries\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\MSSoap\Binaries\Resources\1033\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\Services\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\SpeechEngines\Microsoft\Lexicon\1033\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\SpeechEngines\Microsoft\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\SpeechEngines\Microsoft\TTS\1033\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\System\ado\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\System\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\System\msadc\HOW TO DECRYPT FILES.txt
%Program Files%\Common Files\System\Ole DB\HOW TO DECRYPT FILES.txt
%Program Files%\Internet Explorer\Connection Wizard\HOW TO DECRYPT FILES.txt
%Program Files%\Internet Explorer\HOW TO DECRYPT FILES.txt
%Program Files%\Internet Explorer\SIGNUP\HOW TO DECRYPT FILES.txt
%Program Files%\Messenger\HOW TO DECRYPT FILES.txt
%Program Files%\Movie Maker\HOW TO DECRYPT FILES.txt
%Program Files%\Movie Maker\MUI\0409\HOW TO DECRYPT FILES.txt
%Program Files%\Movie Maker\Shared\HOW TO DECRYPT FILES.txt
%Program Files%\Movie Maker\Shared\Profiles\HOW TO DECRYPT FILES.txt
%Program Files%\MSN\MSNCoreFiles\Install\HOW TO DECRYPT FILES.txt
%Program Files%\MSN\MSNCoreFiles\Install\MSN9Components\HOW TO DECRYPT FILES.txt
%Program Files%\MSN\MSNCoreFiles\OOBE\HOW TO DECRYPT FILES.txt
%Program Files%\MSN Gaming Zone\Windows\HOW TO DECRYPT FILES.txt
%Program Files%\NetMeeting\HOW TO DECRYPT FILES.txt
%Program Files%\Online Services\HOW TO DECRYPT FILES.txt
%Program Files%\Outlook Express\HOW TO DECRYPT FILES.txt
%Program Files%\Windows Media Player\HOW TO DECRYPT FILES.txt
%Program Files%\Windows Media Player\Skins\HOW TO DECRYPT FILES.txt
%Program Files%\Windows NT\Accessories\HOW TO DECRYPT FILES.txt
%Program Files%\Windows NT\HOW TO DECRYPT FILES.txt
%Program Files%\Windows NT\Pinball\HOW TO DECRYPT FILES.txt
%Program Files%\WinPcap\HOW TO DECRYPT FILES.txt
%System Root%\RECYCLER\S-1-5-21-436374069-362288127-839522115-1003\HOW TO DECRYPT FILES.txt
%System Root%\RECYCLER\S-1-5-21-436374069-362288127-839522115-500\HOW TO DECRYPT FILES.txt
%Windows%\HOW TO DECRYPT FILES.txt
%Windows%\AppPatch\HOW TO DECRYPT FILES.txt
%Windows%\Cursors\HOW TO DECRYPT FILES.txt
%Windows%\Debug\HOW TO DECRYPT FILES.txt
%Windows%\Debug\UserMode\HOW TO DECRYPT FILES.txt
%Windows%\Downloaded Program Files\HOW TO DECRYPT FILES.txt
%Windows%\Driver Cache\i386\HOW TO DECRYPT FILES.txt
%Windows%\ehome\HOW TO DECRYPT FILES.txt
%Windows%\Fonts\HOW TO DECRYPT FILES.txt
%Windows%\Help\HOW TO DECRYPT FILES.txt
%Windows%\Help\Tours\htmlTour\HOW TO DECRYPT FILES.txt
%Windows%\Help\Tours\mmTour\HOW TO DECRYPT FILES.txt
%Windows%\Help\Tours\WindowsMediaPlayer\Audio\HOW TO DECRYPT FILES.txt
%Windows%\Help\Tours\WindowsMediaPlayer\Audio\Wav\HOW TO DECRYPT FILES.txt
%Windows%\Help\Tours\WindowsMediaPlayer\Cnt\HOW TO DECRYPT FILES.txt
%Windows%\Help\Tours\WindowsMediaPlayer\Css\HOW TO DECRYPT FILES.txt
%Windows%\Help\Tours\WindowsMediaPlayer\Img\Btn\HOW TO DECRYPT FILES.txt
%Windows%\Help\Tours\WindowsMediaPlayer\Img\HOW TO DECRYPT FILES.txt
%Windows%\Help\Tours\WindowsMediaPlayer\Img\WMarks\HOW TO DECRYPT FILES.txt
%Windows%\Help\Tours\WindowsMediaPlayer\Scr\HOW TO DECRYPT FILES.txt
%Windows%\Help\Tours\WindowsMediaPlayer\Video\HOW TO DECRYPT FILES.txt
%Windows%\Help\Tours\WindowsMediaPlayer\HOW TO DECRYPT FILES.txt
%Windows%\ime\HOW TO DECRYPT FILES.txt
%Windows%\inf\HOW TO DECRYPT FILES.txt
%Windows%\Installer\HOW TO DECRYPT FILES.txt
%Windows%\Installer\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}\HOW TO DECRYPT FILES.txt
%Windows%\Installer\{FE2F6A2C-196E-4210-9C04-2B1BC21F07EF}\HOW TO DECRYPT FILES.txt
%Windows%\Media\HOW TO DECRYPT FILES.txt
%Windows%\msagent\HOW TO DECRYPT FILES.txt
%Windows%\msagent\chars\HOW TO DECRYPT FILES.txt
%Windows%\msagent\intl\HOW TO DECRYPT FILES.txt
%Windows%\mui\HOW TO DECRYPT FILES.txt
%Windows%\Offline Web Pages\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\binaries\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\Config\Cache\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\Config\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\Database\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\DataColl\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\Indices\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\Logs\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\OfflineCache\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\OfflineCache\Professional_32#0409\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\PackageStore\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\blurbs\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\CompatCtr\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\css\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\dialogs\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\DVDUpgrd\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\ErrMsg\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\errors\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\images\16x16\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\images\24x24\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\images\32x32\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\images\48x48\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\images\Centers\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\images\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\images\Expando\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\NetDiag\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\panels\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\panels\subpanels\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\rc\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\Remote Assistance\Common\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\Remote Assistance\Css\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\Remote Assistance\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\Remote Assistance\Interaction\Client\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\Remote Assistance\Interaction\Common\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\Remote Assistance\Interaction\Server\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\scripts\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\sysinfo\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\sysinfo\graphics\33x16pie\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\sysinfo\graphics\47x24pie\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\sysinfo\graphics\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\System\UpdateCtr\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Css\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Unsolicited\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\UploadLB\Binaries\HOW TO DECRYPT FILES.txt
%Windows%\pchealth\UploadLB\Config\HOW TO DECRYPT FILES.txt
%Windows%\PeerNet\HOW TO DECRYPT FILES.txt
%Windows%\Prefetch\HOW TO DECRYPT FILES.txt
%Windows%\Provisioning\Schemas\HOW TO DECRYPT FILES.txt
%Windows%\pss\HOW TO DECRYPT FILES.txt
%Windows%\Registration\HOW TO DECRYPT FILES.txt
%Windows%\repair\HOW TO DECRYPT FILES.txt
%Windows%\Resources\Themes\Luna\HOW TO DECRYPT FILES.txt
%Windows%\Resources\Themes\Luna\Shell\Homestead\HOW TO DECRYPT FILES.txt
%Windows%\Resources\Themes\Luna\Shell\Metallic\HOW TO DECRYPT FILES.txt
%Windows%\Resources\Themes\Luna\Shell\NormalColor\HOW TO DECRYPT FILES.txt
%Windows%\Resources\Themes\HOW TO DECRYPT FILES.txt
%Windows%\security\Database\HOW TO DECRYPT FILES.txt
%Windows%\security\logs\HOW TO DECRYPT FILES.txt
%Windows%\security\templates\HOW TO DECRYPT FILES.txt
%Windows%\SoftwareDistribution\DataStore\HOW TO DECRYPT FILES.txt
%Windows%\SoftwareDistribution\DataStore\Logs\HOW TO DECRYPT FILES.txt
%Windows%\SoftwareDistribution\HOW TO DECRYPT FILES.txt
%Windows%\srchasst\chars\HOW TO DECRYPT FILES.txt
%Windows%\srchasst\HOW TO DECRYPT FILES.txt
%Windows%\srchasst\mui\0409\HOW TO DECRYPT FILES.txt
%System%\HOW TO DECRYPT FILES.txt
%System%\1033\HOW TO DECRYPT FILES.txt
%System%\CatRoot\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\HOW TO DECRYPT FILES.txt
%System%\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\HOW TO DECRYPT FILES.txt
%System%\CatRoot2\HOW TO DECRYPT FILES.txt
%System%\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\HOW TO DECRYPT FILES.txt
%System%\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\HOW TO DECRYPT FILES.txt
%System%\Com\HOW TO DECRYPT FILES.txt
%System%\config\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Application Data\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Application Data\Microsoft\Address Book\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Application Data\Microsoft\Internet Explorer\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Application Data\Microsoft\Windows\Themes\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Cookies\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Desktop\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Favorites\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Favorites\Links\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\Application Data\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\Application Data\Identities\{341F68BA-C841-4200-A7B4-3D5CFF202166}\Microsoft\Outlook Express\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\Application Data\Microsoft\Media Player\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\Application Data\Microsoft\Windows\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\Application Data\Microsoft\Windows Media\9.0\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\History\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\History\History.IE5\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\History\History.IE5\MSHist012010120620101213\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\History\History.IE5\MSHist012010121320101214\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\History\History.IE5\MSHist012010122820101229\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\Temp\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\Temp\_$Df\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0XIJ0DEZ\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2TPM8950\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4H9MXTT9\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8XQVK9U7\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\K96JWPA7\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OLQ78TEZ\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\SMCZPN4M\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\X9QQH2D9\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Local Settings\Temporary Internet Files\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\My Documents\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\My Documents\My Music\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\My Documents\My Pictures\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Recent\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\SendTo\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Start Menu\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Start Menu\Programs\Accessories\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Start Menu\Programs\Accessories\Entertainment\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Start Menu\Programs\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Start Menu\Programs\Startup\HOW TO DECRYPT FILES.txt
%System%\config\systemprofile\Templates\HOW TO DECRYPT FILES.txt
%System%\DirectX\Dinput\HOW TO DECRYPT FILES.txt
[探す場所]の一覧から[マイコンピュータ]を選択し、[検索]を押します。
検索が終了したら、ファイルを選択し、SHIFT+DELETEを押します。これにより、ファイルが完全に削除されます。
残りのファイルに対して、このマルウェアのコンポーネントファイルの削除の手順2.）から4.）を繰り返してください。

手順 6

コンピュータを通常モードで再起動し、最新のバージョン（エンジン、パターンファイル）を導入したウイルス対策製品を用い、「TSPY_RANSOM.BXU」と検出したファイルの検索を実行してください。検出されたファイルが、弊社ウイルス対策製品により既に駆除、隔離またはファイル削除の処理が実行された場合、ウイルスの処理は完了しており、他の削除手順は特にありません。

ご利用はいかがでしたか？　アンケートにご協力ください