WORM_NEERIS.VRX
Worm:Win32/Neeris.AN (Microsoft); W32/Virut.n.gen (McAfee); Backdoor.Sdbot (Symantec); Backdoor.Win32.IRCBot.jwy (Kaspersky); W32/Scribble-B (Sophos); Virus.Win32.Virut.ce (v) (Sunbelt); Backdoor:W32/SdBot.CNG (FSecure); Worm/AutoRun.IN (AVG)
Windows
- マルウェアタイプ: ワーム
- 破壊活動の有無: なし
- 暗号化:
- 感染報告の有無: はい
概要
ワームは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。
詳細
侵入方法
ワームは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。
インストール
ワームは、感染したコンピュータ内に以下のように自身のコピーを作成します。
- %System%\csrsc.exe
(註:%System%フォルダは、システムフォルダで、いずれのオペレーティングシステム(OS)でも通常、"C:\Windows\System32" です。.)
ワームは、以下のフォルダを作成します。
- %User Profile%\Application Data\VMware
- %User Profile%\VMware\VMware Tools
(註:%User Profile% フォルダは、Windows 2000、XP および Server 2003 の場合、通常、"C:\Documents and Settings\<ユーザ名>"、Windows Vista 、 7 、8、8.1 、Server 2008 および Server 2012の場合、"C:\Users\<ユーザ名>" です。.)
他のシステム変更
ワームは、以下のレジストリキーを追加します。
HKEY_CURRENT_USER\Software\Wilbert914\
1926745233
ワームは、以下のレジストリ値を追加します。
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Internet Settings
GlobalUserOffline = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\policies\
system
EnableLUA = "0"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\SharedAccess\Parameters\
FirewallPolicy\StandardProfile\AuthorizedApplications\
List
{malware path and file name} = "{malware path and file name}:*:enabled:ipsec"
HKEY_CURRENT_USER\Software\Wilbert914\
1926745233
1651272023 = "2c"
HKEY_CURRENT_USER\Software\Wilbert914\
1926745233
-992423250 = "0"
HKEY_CURRENT_USER\Software\Wilbert914\
1926745233
658848773 = "0"
HKEY_CURRENT_USER\Software\Wilbert914\
1926745233
-1984846500 = "23"
HKEY_CURRENT_USER\Software\Wilbert914\
1926745233
-333574477 = "9f"
HKEY_CURRENT_USER\Software\Wilbert914\
1926745233
1317697546 = "{random characters}"
HKEY_CURRENT_USER\Software\Wilbert914\
1926745233
-1325997727 = "{random characters}"
HKEY_CURRENT_USER\Software\Wilbert914
W1_0 = "cc96283a"
HKEY_CURRENT_USER\Software\Wilbert914
W2_0 = "158d"
HKEY_CURRENT_USER\Software\Wilbert914
W3_0 = "136641"
HKEY_CURRENT_USER\Software\Wilbert914
W4_0 = "0"
HKEY_CURRENT_USER\Software\Wilbert914
W1_1 = "adf66c83"
HKEY_CURRENT_USER\Software\Wilbert914
W2_1 = "626c7795"
HKEY_CURRENT_USER\Software\Wilbert914
W3_1 = "636ff16"
HKEY_CURRENT_USER\Software\Wilbert914
W4_1 = "626c6957"
HKEY_CURRENT_USER\Software\Wilbert914
W1_2 = "baa3afc"
HKEY_CURRENT_USER\Software\Wilbert914
W2_2 = "c4d8c934"
HKEY_CURRENT_USER\Software\Wilbert914
W3_2 = "c5dbb4ef"
HKEY_CURRENT_USER\Software\Wilbert914
W4_2 = "c4d8d2ae"
HKEY_CURRENT_USER\Software\Wilbert914
W1_3 = "b2e36ec6"
HKEY_CURRENT_USER\Software\Wilbert914
W2_3 = "2745252d"
HKEY_CURRENT_USER\Software\Wilbert914
W3_3 = "26465a44"
HKEY_CURRENT_USER\Software\Wilbert914
W4_3 = "27453c5"
HKEY_CURRENT_USER\Software\Wilbert914
W1_4 = "c9b7911"
HKEY_CURRENT_USER\Software\Wilbert914
W2_4 = "89b1bc17"
HKEY_CURRENT_USER\Software\Wilbert914
W3_4 = "88b2c31d"
HKEY_CURRENT_USER\Software\Wilbert914
W4_4 = "89b1a55c"
HKEY_CURRENT_USER\Software\Wilbert914
W1_5 = "141ded72"
HKEY_CURRENT_USER\Software\Wilbert914
W2_5 = "ec1e1192"
HKEY_CURRENT_USER\Software\Wilbert914
W3_5 = "ed1d68f2"
HKEY_CURRENT_USER\Software\Wilbert914
W4_5 = "ec1eeb3"
HKEY_CURRENT_USER\Software\Wilbert914
W1_6 = "d5da642"
HKEY_CURRENT_USER\Software\Wilbert914
W2_6 = "4e8a643f"
HKEY_CURRENT_USER\Software\Wilbert914
W3_6 = "4f891e4b"
HKEY_CURRENT_USER\Software\Wilbert914
W4_6 = "4e8a78a"
HKEY_CURRENT_USER\Software\Wilbert914
W1_7 = "be85c38"
HKEY_CURRENT_USER\Software\Wilbert914
W2_7 = "bf6f3d"
HKEY_CURRENT_USER\Software\Wilbert914
W3_7 = "b1f5872"
HKEY_CURRENT_USER\Software\Wilbert914
W4_7 = "bf6e161"
HKEY_CURRENT_USER\Software\Wilbert914
W1_8 = "8dc226ec"
HKEY_CURRENT_USER\Software\Wilbert914
W2_8 = "13635e9"
HKEY_CURRENT_USER\Software\Wilbert914
W3_8 = "1262cf9"
HKEY_CURRENT_USER\Software\Wilbert914
W4_8 = "13634ab8"
HKEY_CURRENT_USER\Software\Wilbert914
W1_9 = "64ff1dda"
HKEY_CURRENT_USER\Software\Wilbert914
W2_9 = "75cfa692"
HKEY_CURRENT_USER\Software\Wilbert914
W3_9 = "74ccd24e"
HKEY_CURRENT_USER\Software\Wilbert914
W4_9 = "75cfb4f"
HKEY_CURRENT_USER\Software\Wilbert914
W1_10 = "9e93522"
HKEY_CURRENT_USER\Software\Wilbert914
W2_10 = "d83c895"
HKEY_CURRENT_USER\Software\Wilbert914
W3_10 = "d93f7b27"
HKEY_CURRENT_USER\Software\Wilbert914
W4_10 = "d83c1d66"
HKEY_CURRENT_USER\Software\Wilbert914
W1_11 = "2811dd69"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Shell Extensions
onstared = "{malware path and file name}"
HKEY_CURRENT_USER\Software\Wilbert914
W2_11 = "3aa8935"
HKEY_CURRENT_USER\Software\Wilbert914
W3_11 = "3babefc"
HKEY_CURRENT_USER\Software\Wilbert914
W4_11 = "3aa886bd"
HKEY_CURRENT_USER\Software\Wilbert914
W1_12 = "deb63445"
HKEY_CURRENT_USER\Software\Wilbert914
W2_12 = "9d14ea2"
HKEY_CURRENT_USER\Software\Wilbert914
W3_12 = "9c179655"
HKEY_CURRENT_USER\Software\Wilbert914
W4_12 = "9d14f14"
HKEY_CURRENT_USER\Software\Wilbert914
W1_13 = "bf8ec25"
HKEY_CURRENT_USER\Software\Wilbert914
W2_13 = "ff8141e3"
HKEY_CURRENT_USER\Software\Wilbert914
W3_13 = "fe823f2a"
HKEY_CURRENT_USER\Software\Wilbert914
W4_13 = "ff81596b"
HKEY_CURRENT_USER\Software\Wilbert914
W1_14 = "da139b"
HKEY_CURRENT_USER\Software\Wilbert914
W2_14 = "61edd7f9"
HKEY_CURRENT_USER\Software\Wilbert914
W3_14 = "6eea483"
HKEY_CURRENT_USER\Software\Wilbert914
W4_14 = "61edc2c2"
HKEY_CURRENT_USER\Software\Wilbert914
W1_15 = "e415df4a"
HKEY_CURRENT_USER\Software\Wilbert914
W2_15 = "c45a3825"
HKEY_CURRENT_USER\Software\Wilbert914
W3_15 = "c5594a58"
HKEY_CURRENT_USER\Software\Wilbert914
W4_15 = "c45a2c19"
HKEY_CURRENT_USER\Software\Wilbert914
W1_16 = "b66d637"
HKEY_CURRENT_USER\Software\Wilbert914
W2_16 = "26c6844c"
HKEY_CURRENT_USER\Software\Wilbert914
W3_16 = "27c5f331"
HKEY_CURRENT_USER\Software\Wilbert914
W4_16 = "26c6957"
HKEY_CURRENT_USER\Software\Wilbert914
W1_17 = "a84413bc"
HKEY_CURRENT_USER\Software\Wilbert914
W2_17 = "8932eafb"
HKEY_CURRENT_USER\Software\Wilbert914
W3_17 = "88319886"
HKEY_CURRENT_USER\Software\Wilbert914
W4_17 = "8932fec7"
HKEY_CURRENT_USER\Software\Wilbert914
W1_18 = "184e8465"
HKEY_CURRENT_USER\Software\Wilbert914
W2_18 = "eb9f7ed6"
HKEY_CURRENT_USER\Software\Wilbert914
W3_18 = "ea9ce5f"
HKEY_CURRENT_USER\Software\Wilbert914
W4_18 = "eb9f681e"
HKEY_CURRENT_USER\Software\Wilbert914
W1_19 = "469122e"
HKEY_CURRENT_USER\Software\Wilbert914
W2_19 = "4ebc731"
HKEY_CURRENT_USER\Software\Wilbert914
W3_19 = "4f8b734"
HKEY_CURRENT_USER\Software\Wilbert914
W4_19 = "4ebd175"
HKEY_CURRENT_USER\Software\Wilbert914
W1_20 = "7e331d82"
HKEY_CURRENT_USER\Software\Wilbert914
W2_20 = "b78226"
HKEY_CURRENT_USER\Software\Wilbert914
W3_20 = "b17b5c8d"
HKEY_CURRENT_USER\Software\Wilbert914
W4_20 = "b783acc"
HKEY_CURRENT_USER\Software\Wilbert914
W1_21 = "524e8d7a"
HKEY_CURRENT_USER\Software\Wilbert914
W2_21 = "12e4bd68"
HKEY_CURRENT_USER\Software\Wilbert914
W3_21 = "13e7c262"
HKEY_CURRENT_USER\Software\Wilbert914
W4_21 = "12e4a423"
HKEY_CURRENT_USER\Software\Wilbert914
W1_22 = "23b861e4"
HKEY_CURRENT_USER\Software\Wilbert914
W2_22 = "75511b3d"
HKEY_CURRENT_USER\Software\Wilbert914
W3_22 = "74526b3b"
HKEY_CURRENT_USER\Software\Wilbert914
W4_22 = "7551d7a"
HKEY_CURRENT_USER\Software\Wilbert914
W1_23 = "eda4e9aa"
HKEY_CURRENT_USER\Software\Wilbert914
W2_23 = "d7bd6259"
HKEY_CURRENT_USER\Software\Wilbert914
W3_23 = "d6be19"
HKEY_CURRENT_USER\Software\Wilbert914
W4_23 = "d7bd76d1"
HKEY_CURRENT_USER\Software\Wilbert914
W1_24 = "4f3a8a7e"
HKEY_CURRENT_USER\Software\Wilbert914
W2_24 = "3a29f25"
HKEY_CURRENT_USER\Software\Wilbert914
W3_24 = "3b2a8669"
HKEY_CURRENT_USER\Software\Wilbert914
W4_24 = "3a29e28"
HKEY_CURRENT_USER\Software\Wilbert914
W1_25 = "b2f97f23"
HKEY_CURRENT_USER\Software\Wilbert914
W2_25 = "9c96539"
HKEY_CURRENT_USER\Software\Wilbert914
W3_25 = "9d952f3e"
HKEY_CURRENT_USER\Software\Wilbert914
W4_25 = "9c96497f"
HKEY_CURRENT_USER\Software\Wilbert914
W1_26 = "c5bbe92"
HKEY_CURRENT_USER\Software\Wilbert914
W2_26 = "ff2a76e"
HKEY_CURRENT_USER\Software\Wilbert914
W3_26 = "fe1d497"
HKEY_CURRENT_USER\Software\Wilbert914
W4_26 = "ff2b2d6"
HKEY_CURRENT_USER\Software\Wilbert914
W1_27 = "8dfe8f7f"
HKEY_CURRENT_USER\Software\Wilbert914
W2_27 = "616f85"
HKEY_CURRENT_USER\Software\Wilbert914
W3_27 = "66c7a6c"
HKEY_CURRENT_USER\Software\Wilbert914
W4_27 = "616f1c2d"
HKEY_CURRENT_USER\Software\Wilbert914
W1_28 = "c23dd4c9"
HKEY_CURRENT_USER\Software\Wilbert914
W2_28 = "c3db9d3"
HKEY_CURRENT_USER\Software\Wilbert914
W3_28 = "c2d8e3c5"
HKEY_CURRENT_USER\Software\Wilbert914
W4_28 = "c3db8584"
HKEY_CURRENT_USER\Software\Wilbert914
W1_29 = "4e6b8be5"
HKEY_CURRENT_USER\Software\Wilbert914
W2_29 = "2647fa18"
HKEY_CURRENT_USER\Software\Wilbert914
W3_29 = "2744889a"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\SharedAccess\Parameters\
FirewallPolicy\StandardProfile\AuthorizedApplications\
List
%System%\csrsc.exe = "%System%\csrsc.exe:*:Enabled:Microsoft Enabled"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\SharedAccess\Parameters\
FirewallPolicy\StandardProfile\AuthorizedApplications\
List
%Program Files%\VMware\VMware Tools\vmtoolsd.exe = "{random characters}"
HKEY_CURRENT_USER\Software\Wilbert914
W4_0 = "ffffffff"
HKEY_CURRENT_USER\Software\Wilbert914
W4_1 = "9d9396a8"
HKEY_CURRENT_USER\Software\Wilbert914
W4_2 = "3b272d51"
HKEY_CURRENT_USER\Software\Wilbert914
W4_3 = "d8bac3fa"
HKEY_CURRENT_USER\Software\Wilbert914
W4_4 = "764e5aa3"
HKEY_CURRENT_USER\Software\Wilbert914
W4_5 = "13e1f14c"
HKEY_CURRENT_USER\Software\Wilbert914
W4_6 = "b17587f5"
HKEY_CURRENT_USER\Software\Wilbert914
W4_7 = "4f91e9e"
HKEY_CURRENT_USER\Software\Wilbert914
W4_8 = "ec9cb547"
HKEY_CURRENT_USER\Software\Wilbert914
W4_9 = "8a34bf"
HKEY_CURRENT_USER\Software\Wilbert914
W4_10 = "27c3e299"
HKEY_CURRENT_USER\Software\Wilbert914
W4_11 = "c5577942"
HKEY_CURRENT_USER\Software\Wilbert914
W4_12 = "62ebfeb"
HKEY_CURRENT_USER\Software\Wilbert914
W4_13 = "7ea694"
HKEY_CURRENT_USER\Software\Wilbert914
W4_14 = "9e123d3d"
HKEY_CURRENT_USER\Software\Wilbert914
W4_15 = "3ba5d3e6"
HKEY_CURRENT_USER\Software\Wilbert914
W4_16 = "d9396a8f"
HKEY_CURRENT_USER\Software\Wilbert914
W4_17 = "76cd138"
HKEY_CURRENT_USER\Software\Wilbert914
W4_18 = "14697e1"
HKEY_CURRENT_USER\Software\Wilbert914
W4_19 = "b1f42e8a"
HKEY_CURRENT_USER\Software\Wilbert914
W4_20 = "4f87c533"
HKEY_CURRENT_USER\Software\Wilbert914
W4_21 = "ed1b5bdc"
HKEY_CURRENT_USER\Software\Wilbert914
W4_22 = "8aaef285"
HKEY_CURRENT_USER\Software\Wilbert914
W4_23 = "2842892e"
HKEY_CURRENT_USER\Software\Wilbert914
W4_24 = "c5d61fd7"
HKEY_CURRENT_USER\Software\Wilbert914
W4_25 = "6369b68"
HKEY_CURRENT_USER\Software\Wilbert914
W4_26 = "fd4d29"
HKEY_CURRENT_USER\Software\Wilbert914
W4_27 = "9e9e3d2"
HKEY_CURRENT_USER\Software\Wilbert914
W4_28 = "3c247a7b"
HKEY_CURRENT_USER\Software\Wilbert914
W4_29 = "d9b81124"
HKEY_CURRENT_USER\Software\Wilbert914
W1_30 = "bda296f"
HKEY_CURRENT_USER\Software\Wilbert914
W2_30 = "88b44a24"
HKEY_CURRENT_USER\Software\Wilbert914
W3_30 = "89b73e73"
HKEY_CURRENT_USER\Software\Wilbert914
W4_30 = "774ba7cd"
HKEY_CURRENT_USER\Software\Wilbert914
W1_31 = "c2bafc"
HKEY_CURRENT_USER\Software\Wilbert914
W2_31 = "eb2d79"
HKEY_CURRENT_USER\Software\Wilbert914
W3_31 = "ea23a7c8"
HKEY_CURRENT_USER\Software\Wilbert914
W4_31 = "14df3e76"
HKEY_CURRENT_USER\Software\Wilbert914
W1_32 = "ac26de"
HKEY_CURRENT_USER\Software\Wilbert914
W2_32 = "4d8d38e"
HKEY_CURRENT_USER\Software\Wilbert914
W3_32 = "4c8e4ca1"
HKEY_CURRENT_USER\Software\Wilbert914
W4_32 = "b272d51f"
HKEY_CURRENT_USER\Software\Wilbert914
W1_33 = "533ef364"
HKEY_CURRENT_USER\Software\Wilbert914
W2_33 = "aff98d3d"
HKEY_CURRENT_USER\Software\Wilbert914
W3_33 = "aefaf276"
HKEY_CURRENT_USER\Software\Wilbert914
W4_33 = "566bc8"
HKEY_CURRENT_USER\Software\Wilbert914
W1_34 = "62ee3efb"
HKEY_CURRENT_USER\Software\Wilbert914
W2_34 = "1265ee56"
HKEY_CURRENT_USER\Software\Wilbert914
W3_34 = "13669bcf"
HKEY_CURRENT_USER\Software\Wilbert914
W4_34 = "ed9a271"
HKEY_CURRENT_USER\Software\Wilbert914
W1_35 = "5149d7b8"
HKEY_CURRENT_USER\Software\Wilbert914
W2_35 = "74d2782b"
HKEY_CURRENT_USER\Software\Wilbert914
W3_35 = "75d1a4"
HKEY_CURRENT_USER\Software\Wilbert914
W4_35 = "8b2d991a"
HKEY_CURRENT_USER\Software\Wilbert914
W1_36 = "4ae7fe65"
HKEY_CURRENT_USER\Software\Wilbert914
W2_36 = "d73ec414"
HKEY_CURRENT_USER\Software\Wilbert914
W3_36 = "d63db67d"
HKEY_CURRENT_USER\Software\Wilbert914
W4_36 = "28c12fc3"
HKEY_CURRENT_USER\Software\Wilbert914
W1_37 = "8eec342e"
HKEY_CURRENT_USER\Software\Wilbert914
W2_37 = "39ab275d"
HKEY_CURRENT_USER\Software\Wilbert914
W3_37 = "38a85fd2"
HKEY_CURRENT_USER\Software\Wilbert914
W4_37 = "c654c66c"
HKEY_CURRENT_USER\Software\Wilbert914
W1_38 = "9a97bce"
HKEY_CURRENT_USER\Software\Wilbert914
W2_38 = "9c17b358"
HKEY_CURRENT_USER\Software\Wilbert914
W3_38 = "9d14c4ab"
HKEY_CURRENT_USER\Software\Wilbert914
W4_38 = "63e85d15"
HKEY_CURRENT_USER\Software\Wilbert914
W1_39 = "b572e28"
HKEY_CURRENT_USER\Software\Wilbert914
W2_39 = "fe8415a"
HKEY_CURRENT_USER\Software\Wilbert914
W3_39 = "ff876a"
HKEY_CURRENT_USER\Software\Wilbert914
W4_39 = "17bf3be"
HKEY_CURRENT_USER\Software\Wilbert914
W1_40 = "8ab4825"
HKEY_CURRENT_USER\Software\Wilbert914
W2_40 = "6f6a3"
HKEY_CURRENT_USER\Software\Wilbert914
W3_40 = "61f313d9"
HKEY_CURRENT_USER\Software\Wilbert914
W4_40 = "9ff8a67"
HKEY_CURRENT_USER\Software\Wilbert914
W1_41 = "911abfa1"
HKEY_CURRENT_USER\Software\Wilbert914
W2_41 = "c35cc8f7"
HKEY_CURRENT_USER\Software\Wilbert914
W3_41 = "c25fb8ae"
HKEY_CURRENT_USER\Software\Wilbert914
W4_41 = "3ca3211"
HKEY_CURRENT_USER\Software\Wilbert914
W1_42 = "3c13ba8f"
HKEY_CURRENT_USER\Software\Wilbert914
W2_42 = "25c9592a"
HKEY_CURRENT_USER\Software\Wilbert914
W3_42 = "24ca2e7"
HKEY_CURRENT_USER\Software\Wilbert914
W4_42 = "da36b7b9"
HKEY_CURRENT_USER\Software\Wilbert914
W1_43 = "78c6d56"
HKEY_CURRENT_USER\Software\Wilbert914
W2_43 = "8835ab6"
HKEY_CURRENT_USER\Software\Wilbert914
W3_43 = "8936d7dc"
HKEY_CURRENT_USER\Software\Wilbert914
W4_43 = "77ca4e62"
HKEY_CURRENT_USER\Software\Wilbert914
W1_44 = "3392d3a1"
HKEY_CURRENT_USER\Software\Wilbert914
W2_44 = "eaa235a"
HKEY_CURRENT_USER\Software\Wilbert914
W3_44 = "eba17cb5"
HKEY_CURRENT_USER\Software\Wilbert914
W4_44 = "155de5b"
HKEY_CURRENT_USER\Software\Wilbert914
W1_45 = "7f81b631"
HKEY_CURRENT_USER\Software\Wilbert914
W2_45 = "4de95"
HKEY_CURRENT_USER\Software\Wilbert914
W3_45 = "4cde2a"
HKEY_CURRENT_USER\Software\Wilbert914
W4_45 = "b2f17bb4"
HKEY_CURRENT_USER\Software\Wilbert914
W1_46 = "e53c96de"
HKEY_CURRENT_USER\Software\Wilbert914
W2_46 = "af7afe6a"
HKEY_CURRENT_USER\Software\Wilbert914
W3_46 = "ae798be3"
HKEY_CURRENT_USER\Software\Wilbert914
W4_46 = "585125d"
HKEY_CURRENT_USER\Software\Wilbert914
W1_47 = "4489add"
HKEY_CURRENT_USER\Software\Wilbert914
W2_47 = "11e74385"
HKEY_CURRENT_USER\Software\Wilbert914
W3_47 = "1e43b8"
HKEY_CURRENT_USER\Software\Wilbert914
W4_47 = "ee18a96"
HKEY_CURRENT_USER\Software\Wilbert914
W1_48 = "43ba911d"
HKEY_CURRENT_USER\Software\Wilbert914
W2_48 = "7453d654"
HKEY_CURRENT_USER\Software\Wilbert914
W3_48 = "755a611"
HKEY_CURRENT_USER\Software\Wilbert914
W4_48 = "8bac3faf"
HKEY_CURRENT_USER\Software\Wilbert914
W1_49 = "7bf18c72"
HKEY_CURRENT_USER\Software\Wilbert914
W2_49 = "d6c3ffb"
HKEY_CURRENT_USER\Software\Wilbert914
W3_49 = "d7c34fe6"
HKEY_CURRENT_USER\Software\Wilbert914
W4_49 = "293fd658"
HKEY_CURRENT_USER\Software\Wilbert914
W1_50 = "aaeb7a7"
HKEY_CURRENT_USER\Software\Wilbert914
W2_50 = "392c835e"
HKEY_CURRENT_USER\Software\Wilbert914
W3_50 = "382ff4bf"
HKEY_CURRENT_USER\Software\Wilbert914
W4_50 = "c6d36d1"
HKEY_CURRENT_USER\Software\Wilbert914
W1_51 = "512a9d3"
HKEY_CURRENT_USER\Software\Wilbert914
W2_51 = "9b98e87c"
HKEY_CURRENT_USER\Software\Wilbert914
W3_51 = "9a9b9a14"
HKEY_CURRENT_USER\Software\Wilbert914
W4_51 = "64673aa"
HKEY_CURRENT_USER\Software\Wilbert914
W1_52 = "ce11df12"
HKEY_CURRENT_USER\Software\Wilbert914
W2_52 = "fe57a8d"
HKEY_CURRENT_USER\Software\Wilbert914
W3_52 = "ff63ed"
HKEY_CURRENT_USER\Software\Wilbert914
W4_52 = "1fa9a53"
HKEY_CURRENT_USER\Software\Wilbert914
W1_53 = "94dda555"
HKEY_CURRENT_USER\Software\Wilbert914
W2_53 = "671d8c6"
HKEY_CURRENT_USER\Software\Wilbert914
W3_53 = "6172a942"
HKEY_CURRENT_USER\Software\Wilbert914
W4_53 = "9f8e3fc"
HKEY_CURRENT_USER\Software\Wilbert914
W1_54 = "9e99c4"
HKEY_CURRENT_USER\Software\Wilbert914
W2_54 = "c2de2ffa"
HKEY_CURRENT_USER\Software\Wilbert914
W3_54 = "c3dd5e1b"
HKEY_CURRENT_USER\Software\Wilbert914
W4_54 = "3d21c7a5"
HKEY_CURRENT_USER\Software\Wilbert914
W1_55 = "85b536e9"
HKEY_CURRENT_USER\Software\Wilbert914
W2_55 = "254abefb"
HKEY_CURRENT_USER\Software\Wilbert914
W3_55 = "2449c7f"
HKEY_CURRENT_USER\Software\Wilbert914
W4_55 = "dab55e4e"
HKEY_CURRENT_USER\Software\Wilbert914
W1_56 = "19d1ed1"
HKEY_CURRENT_USER\Software\Wilbert914
W2_56 = "87b71f21"
HKEY_CURRENT_USER\Software\Wilbert914
W3_56 = "86b46d49"
HKEY_CURRENT_USER\Software\Wilbert914
W4_56 = "7848f4f7"
HKEY_CURRENT_USER\Software\Wilbert914
W1_57 = "ec86497"
HKEY_CURRENT_USER\Software\Wilbert914
W2_57 = "ea2361a1"
HKEY_CURRENT_USER\Software\Wilbert914
W3_57 = "eb2121e"
HKEY_CURRENT_USER\Software\Wilbert914
W4_57 = "15dc8ba"
HKEY_CURRENT_USER\Software\Wilbert914
W1_58 = "e1dbd8d"
HKEY_CURRENT_USER\Software\Wilbert914
W2_58 = "4c8fcb36"
HKEY_CURRENT_USER\Software\Wilbert914
W3_58 = "4d8cbbf7"
HKEY_CURRENT_USER\Software\Wilbert914
W4_58 = "b372249"
HKEY_CURRENT_USER\Software\Wilbert914
W1_59 = "4bc58"
HKEY_CURRENT_USER\Software\Wilbert914
W2_59 = "aefc62c7"
HKEY_CURRENT_USER\Software\Wilbert914
W3_59 = "afff214c"
HKEY_CURRENT_USER\Software\Wilbert914
W4_59 = "513b8f2"
HKEY_CURRENT_USER\Software\Wilbert914
W1_60 = "9f84e26"
HKEY_CURRENT_USER\Software\Wilbert914
W2_60 = "1168a69a"
HKEY_CURRENT_USER\Software\Wilbert914
W3_60 = "16bd625"
HKEY_CURRENT_USER\Software\Wilbert914
W4_60 = "ee974f9b"
ワームは、以下のレジストリ値を変更します。
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer\
Advanced
Hidden = "2"
(註:変更前の上記レジストリ値は、「2」となります。)
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Applets\
SysTray
Services = "1f"
(註:変更前の上記レジストリ値は、「1f」となります。)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Tracing\
Microsoft\Imapi
LogSessionName = "stdout"
(註:変更前の上記レジストリ値は、「{random values}」となります。)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Tracing\
Microsoft\Imapi
Active = "1"
(註:変更前の上記レジストリ値は、「1」となります。)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Tracing\
Microsoft\Imapi
ControlFlags = "1"
(註:変更前の上記レジストリ値は、「1」となります。)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Tracing\
Microsoft\Imapi\ImapiSvc
Guid = "8107d8e9-e323-49f5-bba2-abc35c243dca"
(註:変更前の上記レジストリ値は、「8107d8e9-e323-49f5-bba2-abc35c243dca」となります。)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Tracing\
Microsoft\Imapi\ImapiSvc
BitNames = "{random characters}"
(註:変更前の上記レジストリ値は、「 ImapiDebugError ImapiDebugWarning ImapiDebugTrace ImapiDebugInfo ImapiDebugX ImapiDebugSort」となります。)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control
WaitToKillServiceTimeout = "7000"
(註:変更前の上記レジストリ値は、「20000」となります。)
ワームは、以下のレジストリキーを削除します。
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
AppMgmt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
Base
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
Boot Bus Extender
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
Boot file system
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
CryptSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
DcomLaunch
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
dmadmin
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
dmboot.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
dmio.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
dmload.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
dmserver
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
EventLog
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
File system
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
Filter
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
HelpSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
Netlogon
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
PCI Configuration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
PlugPlay
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
PNP Filter
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
Primary disk
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
RpcSs
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
SCSI Class
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
sermouse.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
sr.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
SRService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
System Bus Extender
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
vga.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
vgasave.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
WinMgmt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
{36FC9E60-C465-11CF-8056-444553540000}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
{4D36E965-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
{4D36E967-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
{4D36E969-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
{4D36E96A-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
{4D36E96B-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
{4D36E96F-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
{4D36E977-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
{4D36E97B-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
{4D36E97D-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
{4D36E980-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
{71A27CDD-812A-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
AFD
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
AppMgmt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
Base
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
Boot Bus Extender
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
Boot file system
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
Browser
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
CryptSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
DcomLaunch
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
Dhcp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
dmadmin
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
dmboot.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
dmio.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
dmload.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
dmserver
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
DnsCache
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
EventLog
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
File system
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
Filter
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
HelpSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
ip6fw.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
ipnat.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
LanmanServer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
LanmanWorkstation
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
LmHosts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
Messenger
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
NDIS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
NDIS Wrapper
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
Ndisuio
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
NetBIOS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
NetBIOSGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
NetBT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
NetDDEGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
Netlogon
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
NetMan
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
Network
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
NetworkProvider
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
NtLmSsp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
PCI Configuration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
PlugPlay
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
PNP Filter
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
PNP_TDI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
Primary disk
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
rdpcdd.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
rdpdd.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
rdpwd.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
rdsessmgr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
RpcSs
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
SCSI Class
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
sermouse.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
SharedAccess
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
sr.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
SRService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
Streams Drivers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
System Bus Extender
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
Tcpip
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
TDI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
tdpipe.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
tdtcp.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
termservice
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
vga.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
vgasave.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
WinMgmt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
WZCSVC
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
{36FC9E60-C465-11CF-8056-444553540000}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
{4D36E965-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
{4D36E967-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
{4D36E969-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
{4D36E96A-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
{4D36E96B-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
{4D36E96F-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
{4D36E972-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
{4D36E973-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
{4D36E974-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
{4D36E975-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
{4D36E977-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
{4D36E97B-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
{4D36E97D-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
{4D36E980-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
{71A27CDD-812A-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network
作成活動
ワームは、以下のファイルを作成します。
- %User Temp%\qjjgbj.exe
- %User Temp%\xfkr.exe
- %System Root%\181ec
- D:\18661
- E:\18ab6
- %System%\drivers\iphop.sys
- F:\18f0c
- G:\19352
- H:\19778
- I:\19c3b
- J:\1a081
- K:\1a497
- L:\1a8be
- M:\1ace4
- N:\1b10b
- O:\1b531
- P:\1b948
- Q:\1bd50
- R:\1c157
- S:\1c639
- T:\1ca7f
- U:\1ce76
- V:\1d2cc
- %User Temp%\dirqi.exe
- %User Temp%\nymqn.exe
- %User Temp%\winidkwg.exe
- W:\1d6f2
- X:\1db67
- Y:\1df9d
- Z:\1e402
- %User Temp%\winslkhyd.exe
- %User Temp%\winkcdik.exe
- %User Temp%\uijif.exe
- VMWARE SHARED FOLDERS\24145
- MICROSOFT TERMINAL SERVICES\268c2
- %User Temp%\winxmlqu.exe
- %User Temp%\jfhmi.exe
- %User Temp%\winhlsoqp.exe
- MICROSOFT WINDOWS NETWORK\2afdd
- WORKGROUP\2c5b7
- \CWS06EX04\2db04
- %Temp%\dhm3lm9a.TMP
(註:%User Temp%フォルダは、ユーザの一時フォルダで、Windows 2000、XP および Server 2003 の場合、通常、"C:\Documents and Settings\<ユーザー名>\Local Settings\Temp"、Windows Vista 、 7 、8、8.1 、Server 2008 および Server 2012の場合、"C:\Users\<ユーザ名>\AppData\Local\Temp" です。.. %System Root%フォルダは、オペレーティングシステム(OS)が存在する場所で、いずれのOSでも通常、 "C:" です。.. %System%フォルダは、システムフォルダで、いずれのオペレーティングシステム(OS)でも通常、"C:\Windows\System32" です。.. %Temp%フォルダは、一時的にファイルが保存されるフォルダで、いずれのオペレーティングシステム(OS)でも通常、 "C:\Windows\Temp" です。.)
その他
ワームは、以下の不正なWebサイトにアクセスします。
- http://www.{BLOCKED}fqwieluoi.info/?111cd=350465
- http://{BLOCKED}x.ru/logos.gif?12824=682308
- http://{BLOCKED}ustnet777.info/?166d3=734872
- http://macedonia.{BLOCKED}1.ru/mainh.gif?16d4b=374060
- http://jrsx.{BLOCKED}e.net.cn/logos.gif?179ee=967500
- http://steamboy.{BLOCKED}7.ru/mainf.gif?1cc53=942744
- http://www.{BLOCKED}t.org/mainf.gif?1d0a9=951624
- http://{BLOCKED}x.ru/logos.gif?1d2eb=358593
- http://macedonia.{BLOCKED}1.ru/mainh.gif?1d4a0=599840
- http://jrsx.{BLOCKED}e.net.cn/logos.gif?1d9b1=970120
- http://steamboy.{BLOCKED}7.ru/mainf.gif?22c46=996842
- http://www.{BLOCKED}t.org/mainf.gif?230da=287156
- http://{BLOCKED}x.ru/logos.gif?23195=431295
- http://macedonia.{BLOCKED}1.ru/mainh.gif?2329f=576124
- http://jrsx.{BLOCKED}e.net.cn/logos.gif?234e1=1156872
- http://steamboy.{BLOCKED}7.ru/mainf.gif?287c4=994968
- http://www.{BLOCKED}t.org/mainf.gif?28c67=334030
- http://{BLOCKED}x.ru/logos.gif?28ec9=1508625
- http://macedonia.{BLOCKED}1.ru/mainh.gif?28fd2=503670
- {BLOCKED}8.24.97
- {BLOCKED}6.243.2
- {BLOCKED}.196.143
- {BLOCKED}6.222.250
- {BLOCKED}0.1
- {BLOCKED}.135.199
このウイルス情報は、自動解析システムにより作成されました。
対応方法
手順 1
Windows XP、Windows Vista および Windows 7 のユーザは、コンピュータからマルウェアもしくはアドウェア等を完全に削除するために、ウイルス検索の実行前には必ず「システムの復元」を無効にしてください。
手順 2
不明なレジストリ値を削除します。
警告:レジストリはWindowsの構成情報が格納されているデータベースであり、レジストリの編集内容に問題があると、システムが正常に動作しなくなる場合があります。
レジストリの編集はお客様の責任で行っていただくようお願いいたします。弊社ではレジストリの編集による如何なる問題に対しても補償いたしかねます。
レジストリの編集前にこちらをご参照ください。
- In HKEY_CURRENT_USER\Software\Wilbert914
- 1926745233
手順 3
このレジストリ値を削除します。
警告:レジストリはWindowsの構成情報が格納されているデータベースであり、レジストリの編集内容に問題があると、システムが正常に動作しなくなる場合があります。
レジストリの編集はお客様の責任で行っていただくようお願いいたします。弊社ではレジストリの編集による如何なる問題に対しても補償いたしかねます。
レジストリの編集前にこちらをご参照ください。
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
- GlobalUserOffline = "0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
- EnableLUA = "0"
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
- {malware path and file name} = "{malware path and file name}:*:enabled:ipsec"
- In HKEY_CURRENT_USER\Software\Wilbert914\1926745233
- 1651272023 = "2c"
- In HKEY_CURRENT_USER\Software\Wilbert914\1926745233
- -992423250 = "0"
- In HKEY_CURRENT_USER\Software\Wilbert914\1926745233
- 658848773 = "0"
- In HKEY_CURRENT_USER\Software\Wilbert914\1926745233
- -1984846500 = "23"
- In HKEY_CURRENT_USER\Software\Wilbert914\1926745233
- -333574477 = "9f"
- In HKEY_CURRENT_USER\Software\Wilbert914\1926745233
- 1317697546 = "{random characters}"
- In HKEY_CURRENT_USER\Software\Wilbert914\1926745233
- -1325997727 = "{random characters}"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_0 = "cc96283a"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_0 = "158d"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_0 = "136641"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_0 = "0"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_1 = "adf66c83"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_1 = "626c7795"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_1 = "636ff16"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_1 = "626c6957"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_2 = "baa3afc"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_2 = "c4d8c934"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_2 = "c5dbb4ef"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_2 = "c4d8d2ae"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_3 = "b2e36ec6"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_3 = "2745252d"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_3 = "26465a44"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_3 = "27453c5"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_4 = "c9b7911"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_4 = "89b1bc17"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_4 = "88b2c31d"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_4 = "89b1a55c"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_5 = "141ded72"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_5 = "ec1e1192"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_5 = "ed1d68f2"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_5 = "ec1eeb3"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_6 = "d5da642"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_6 = "4e8a643f"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_6 = "4f891e4b"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_6 = "4e8a78a"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_7 = "be85c38"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_7 = "bf6f3d"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_7 = "b1f5872"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_7 = "bf6e161"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_8 = "8dc226ec"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_8 = "13635e9"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_8 = "1262cf9"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_8 = "13634ab8"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_9 = "64ff1dda"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_9 = "75cfa692"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_9 = "74ccd24e"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_9 = "75cfb4f"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_10 = "9e93522"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_10 = "d83c895"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_10 = "d93f7b27"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_10 = "d83c1d66"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_11 = "2811dd69"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions
- onstared = "{malware path and file name}"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_11 = "3aa8935"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_11 = "3babefc"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_11 = "3aa886bd"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_12 = "deb63445"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_12 = "9d14ea2"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_12 = "9c179655"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_12 = "9d14f14"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_13 = "bf8ec25"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_13 = "ff8141e3"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_13 = "fe823f2a"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_13 = "ff81596b"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_14 = "da139b"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_14 = "61edd7f9"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_14 = "6eea483"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_14 = "61edc2c2"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_15 = "e415df4a"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_15 = "c45a3825"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_15 = "c5594a58"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_15 = "c45a2c19"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_16 = "b66d637"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_16 = "26c6844c"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_16 = "27c5f331"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_16 = "26c6957"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_17 = "a84413bc"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_17 = "8932eafb"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_17 = "88319886"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_17 = "8932fec7"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_18 = "184e8465"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_18 = "eb9f7ed6"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_18 = "ea9ce5f"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_18 = "eb9f681e"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_19 = "469122e"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_19 = "4ebc731"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_19 = "4f8b734"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_19 = "4ebd175"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_20 = "7e331d82"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_20 = "b78226"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_20 = "b17b5c8d"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_20 = "b783acc"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_21 = "524e8d7a"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_21 = "12e4bd68"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_21 = "13e7c262"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_21 = "12e4a423"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_22 = "23b861e4"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_22 = "75511b3d"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_22 = "74526b3b"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_22 = "7551d7a"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_23 = "eda4e9aa"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_23 = "d7bd6259"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_23 = "d6be19"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_23 = "d7bd76d1"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_24 = "4f3a8a7e"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_24 = "3a29f25"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_24 = "3b2a8669"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_24 = "3a29e28"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_25 = "b2f97f23"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_25 = "9c96539"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_25 = "9d952f3e"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_25 = "9c96497f"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_26 = "c5bbe92"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_26 = "ff2a76e"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_26 = "fe1d497"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_26 = "ff2b2d6"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_27 = "8dfe8f7f"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_27 = "616f85"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_27 = "66c7a6c"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_27 = "616f1c2d"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_28 = "c23dd4c9"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_28 = "c3db9d3"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_28 = "c2d8e3c5"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_28 = "c3db8584"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_29 = "4e6b8be5"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_29 = "2647fa18"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_29 = "2744889a"
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
- %System%\csrsc.exe = "%System%\csrsc.exe:*:Enabled:Microsoft Enabled"
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
- %Program Files%\VMware\VMware Tools\vmtoolsd.exe = "{random characters}"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_0 = "ffffffff"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_1 = "9d9396a8"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_2 = "3b272d51"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_3 = "d8bac3fa"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_4 = "764e5aa3"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_5 = "13e1f14c"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_6 = "b17587f5"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_7 = "4f91e9e"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_8 = "ec9cb547"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_9 = "8a34bf"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_10 = "27c3e299"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_11 = "c5577942"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_12 = "62ebfeb"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_13 = "7ea694"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_14 = "9e123d3d"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_15 = "3ba5d3e6"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_16 = "d9396a8f"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_17 = "76cd138"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_18 = "14697e1"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_19 = "b1f42e8a"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_20 = "4f87c533"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_21 = "ed1b5bdc"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_22 = "8aaef285"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_23 = "2842892e"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_24 = "c5d61fd7"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_25 = "6369b68"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_26 = "fd4d29"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_27 = "9e9e3d2"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_28 = "3c247a7b"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_29 = "d9b81124"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_30 = "bda296f"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_30 = "88b44a24"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_30 = "89b73e73"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_30 = "774ba7cd"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_31 = "c2bafc"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_31 = "eb2d79"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_31 = "ea23a7c8"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_31 = "14df3e76"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_32 = "ac26de"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_32 = "4d8d38e"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_32 = "4c8e4ca1"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_32 = "b272d51f"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_33 = "533ef364"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_33 = "aff98d3d"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_33 = "aefaf276"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_33 = "566bc8"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_34 = "62ee3efb"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_34 = "1265ee56"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_34 = "13669bcf"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_34 = "ed9a271"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_35 = "5149d7b8"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_35 = "74d2782b"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_35 = "75d1a4"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_35 = "8b2d991a"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_36 = "4ae7fe65"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_36 = "d73ec414"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_36 = "d63db67d"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_36 = "28c12fc3"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_37 = "8eec342e"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_37 = "39ab275d"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_37 = "38a85fd2"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_37 = "c654c66c"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_38 = "9a97bce"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_38 = "9c17b358"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_38 = "9d14c4ab"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_38 = "63e85d15"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_39 = "b572e28"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_39 = "fe8415a"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_39 = "ff876a"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_39 = "17bf3be"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_40 = "8ab4825"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_40 = "6f6a3"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_40 = "61f313d9"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_40 = "9ff8a67"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_41 = "911abfa1"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_41 = "c35cc8f7"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_41 = "c25fb8ae"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_41 = "3ca3211"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_42 = "3c13ba8f"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_42 = "25c9592a"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_42 = "24ca2e7"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_42 = "da36b7b9"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_43 = "78c6d56"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_43 = "8835ab6"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_43 = "8936d7dc"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_43 = "77ca4e62"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_44 = "3392d3a1"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_44 = "eaa235a"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_44 = "eba17cb5"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_44 = "155de5b"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_45 = "7f81b631"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_45 = "4de95"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_45 = "4cde2a"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_45 = "b2f17bb4"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_46 = "e53c96de"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_46 = "af7afe6a"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_46 = "ae798be3"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_46 = "585125d"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_47 = "4489add"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_47 = "11e74385"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_47 = "1e43b8"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_47 = "ee18a96"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_48 = "43ba911d"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_48 = "7453d654"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_48 = "755a611"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_48 = "8bac3faf"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_49 = "7bf18c72"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_49 = "d6c3ffb"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_49 = "d7c34fe6"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_49 = "293fd658"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_50 = "aaeb7a7"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_50 = "392c835e"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_50 = "382ff4bf"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_50 = "c6d36d1"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_51 = "512a9d3"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_51 = "9b98e87c"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_51 = "9a9b9a14"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_51 = "64673aa"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_52 = "ce11df12"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_52 = "fe57a8d"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_52 = "ff63ed"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_52 = "1fa9a53"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_53 = "94dda555"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_53 = "671d8c6"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_53 = "6172a942"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_53 = "9f8e3fc"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_54 = "9e99c4"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_54 = "c2de2ffa"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_54 = "c3dd5e1b"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_54 = "3d21c7a5"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_55 = "85b536e9"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_55 = "254abefb"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_55 = "2449c7f"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_55 = "dab55e4e"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_56 = "19d1ed1"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_56 = "87b71f21"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_56 = "86b46d49"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_56 = "7848f4f7"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_57 = "ec86497"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_57 = "ea2361a1"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_57 = "eb2121e"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_57 = "15dc8ba"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_58 = "e1dbd8d"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_58 = "4c8fcb36"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_58 = "4d8cbbf7"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_58 = "b372249"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_59 = "4bc58"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_59 = "aefc62c7"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_59 = "afff214c"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_59 = "513b8f2"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W1_60 = "9f84e26"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W2_60 = "1168a69a"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W3_60 = "16bd625"
- In HKEY_CURRENT_USER\Software\Wilbert914
- W4_60 = "ee974f9b"
手順 4
変更されたレジストリ値を修正します。
警告:レジストリはWindowsの構成情報が格納されているデータベースであり、レジストリの編集内容に問題があると、システムが正常に動作しなくなる場合があります。
事前に意図的に対象の設定を変更していた場合は、意図するオリジナルの設定に戻してください。変更する値が分からない場合は、システム管理者にお尋ねいただき、レジストリの編集はお客様の責任として行なって頂くようお願いいたします。弊社ではレジストリの編集による如何なる問題に対しても補償いたしかねます。
レジストリの編集前にこちらをご参照ください。
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
- From: Hidden = "2"
To: Hidden = ""2""
- From: Hidden = "2"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\SysTray
- From: Services = "1f"
To: Services = ""1f""
- From: Services = "1f"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\Imapi
- From: LogSessionName = "stdout"
To: LogSessionName = ""{random values}""
- From: LogSessionName = "stdout"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\Imapi
- From: Active = "1"
To: Active = ""1""
- From: Active = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\Imapi
- From: ControlFlags = "1"
To: ControlFlags = ""1""
- From: ControlFlags = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\Imapi\ImapiSvc
- From: Guid = "8107d8e9-e323-49f5-bba2-abc35c243dca"
To: Guid = ""8107d8e9-e323-49f5-bba2-abc35c243dca""
- From: Guid = "8107d8e9-e323-49f5-bba2-abc35c243dca"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\Imapi\ImapiSvc
- From: BitNames = "{random characters}"
To: BitNames = "" ImapiDebugError ImapiDebugWarning ImapiDebugTrace ImapiDebugInfo ImapiDebugX ImapiDebugSort""
- From: BitNames = "{random characters}"
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control
- From: WaitToKillServiceTimeout = "7000"
To: WaitToKillServiceTimeout = ""20000""
- From: WaitToKillServiceTimeout = "7000"
手順 5
以下のファイルを検索し削除します。
- %User Temp%\qjjgbj.exe
- %User Temp%\xfkr.exe
- %System Root%\181ec
- D:\18661
- E:\18ab6
- %System%\drivers\iphop.sys
- F:\18f0c
- G:\19352
- H:\19778
- I:\19c3b
- J:\1a081
- K:\1a497
- L:\1a8be
- M:\1ace4
- N:\1b10b
- O:\1b531
- P:\1b948
- Q:\1bd50
- R:\1c157
- S:\1c639
- T:\1ca7f
- U:\1ce76
- V:\1d2cc
- %User Temp%\dirqi.exe
- %User Temp%\nymqn.exe
- %User Temp%\winidkwg.exe
- W:\1d6f2
- X:\1db67
- Y:\1df9d
- Z:\1e402
- %User Temp%\winslkhyd.exe
- %User Temp%\winkcdik.exe
- %User Temp%\uijif.exe
- VMWARE SHARED FOLDERS\24145
- MICROSOFT TERMINAL SERVICES\268c2
- %User Temp%\winxmlqu.exe
- %User Temp%\jfhmi.exe
- %User Temp%\winhlsoqp.exe
- MICROSOFT WINDOWS NETWORK\2afdd
- WORKGROUP\2c5b7
- \CWS06EX04\2db04
- %Temp%\dhm3lm9a.TMP
手順 6
以下のフォルダを検索し削除します。
- %User Profile%\Application Data\VMware
- %User Profile%\VMware\VMware Tools
手順 7
最新のバージョン(エンジン、パターンファイル)を導入したウイルス対策製品を用い、ウイルス検索を実行してください。「WORM_NEERIS.VRX」と検出したファイルはすべて削除してください。 検出されたファイルが、弊社ウイルス対策製品により既に駆除、隔離またはファイル削除の処理が実行された場合、ウイルスの処理は完了しており、他の削除手順は特にありません。
手順 8
以下の削除されたレジストリキーまたはレジストリ値をバックアップを用いて修復します。
※註:マイクロソフト製品に関連したレジストリキーおよびレジストリ値のみが修復されます。このマルウェアもしくはアドウェア等が同社製品以外のプログラムも削除した場合には、該当プログラムを再度インストールする必要があります。
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- AppMgmt
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- Base
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- Boot Bus Extender
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- Boot file system
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- CryptSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- DcomLaunch
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- dmadmin
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- dmboot.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- dmio.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- dmload.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- dmserver
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- EventLog
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- File system
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- Filter
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- HelpSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- Netlogon
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- PCI Configuration
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- PlugPlay
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- PNP Filter
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- Primary disk
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- RpcSs
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- SCSI Class
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- sermouse.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- sr.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- SRService
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- System Bus Extender
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- vga.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- vgasave.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- WinMgmt
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- {36FC9E60-C465-11CF-8056-444553540000}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- {4D36E965-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- {4D36E967-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- {4D36E969-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- {4D36E96A-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- {4D36E96B-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- {4D36E96F-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- {4D36E977-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- {4D36E97B-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- {4D36E97D-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- {4D36E980-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- {71A27CDD-812A-11D0-BEC7-08002BE2092F}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot
- Minimal
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- AFD
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- AppMgmt
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- Base
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- Boot Bus Extender
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- Boot file system
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- Browser
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- CryptSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- DcomLaunch
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- Dhcp
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- dmadmin
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- dmboot.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- dmio.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- dmload.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- dmserver
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- DnsCache
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- EventLog
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- File system
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- Filter
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- HelpSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- ip6fw.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- ipnat.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- LanmanServer
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- LanmanWorkstation
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- LmHosts
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- Messenger
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- NDIS
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- NDIS Wrapper
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- Ndisuio
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- NetBIOS
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- NetBIOSGroup
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- NetBT
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- NetDDEGroup
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- Netlogon
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- NetMan
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot
- Network
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- NetworkProvider
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- NtLmSsp
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- PCI Configuration
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- PlugPlay
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- PNP Filter
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- PNP_TDI
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- Primary disk
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- rdpcdd.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- rdpdd.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- rdpwd.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- rdsessmgr
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- RpcSs
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- SCSI Class
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- sermouse.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- SharedAccess
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- sr.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- SRService
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- Streams Drivers
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- System Bus Extender
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- Tcpip
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- TDI
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- tdpipe.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- tdtcp.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- termservice
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- vga.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- vgasave.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- WinMgmt
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- WZCSVC
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- {36FC9E60-C465-11CF-8056-444553540000}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- {4D36E965-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- {4D36E967-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- {4D36E969-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- {4D36E96A-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- {4D36E96B-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- {4D36E96F-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- {4D36E972-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- {4D36E973-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- {4D36E974-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- {4D36E975-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- {4D36E977-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- {4D36E97B-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- {4D36E97D-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- {4D36E980-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- {71A27CDD-812A-11D0-BEC7-08002BE2092F}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot
- Network
ご利用はいかがでしたか? アンケートにご協力ください