Trojan.Win32.FAREIT.UHBAZCLIG
Trojan.Win32.Generic!BT (Sunbelt)
Windows
Tipo de malware
Trojan
Destructivo?
No
Cifrado
In the Wild:
Sí
Resumen y descripción
It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Detalles técnicos
Detalles de entrada
It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Otras modificaciones del sistema
Agrega las siguientes entradas de registro:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{DBCDFB21-E896-4B0B-B9B0-84F9AB755F5E}
(Default) = "_ATXmlFormNode"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{DBCDFB21-E896-4B0B-B9B0-84F9AB755F5E}\
ProxyStubClsid32
(Default) = "{00020424-0000-0000-C000-000000000046}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{DBCDFB21-E896-4B0B-B9B0-84F9AB755F5E}\
TypeLib
(Default) = "{F5AF018C-2993-4F60-B186-72AE59CCD1E3}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{DBCDFB21-E896-4B0B-B9B0-84F9AB755F5E}\
TypeLib
Version = "2.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{6CAAD269-40AA-4122-A8DB-860B452D23F7}
(Default) = "_ATXmlIndexNode"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{6CAAD269-40AA-4122-A8DB-860B452D23F7}\
ProxyStubClsid32
(Default) = "{00020424-0000-0000-C000-000000000046}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{6CAAD269-40AA-4122-A8DB-860B452D23F7}\
TypeLib
(Default) = "{F5AF018C-2993-4F60-B186-72AE59CCD1E3}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{6CAAD269-40AA-4122-A8DB-860B452D23F7}\
TypeLib
Version = "2.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{A051CF9E-DE19-4190-961D-C0131CB19D55}
(Default) = "_ATXmlParseError"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{A051CF9E-DE19-4190-961D-C0131CB19D55}\
ProxyStubClsid32
(Default) = "{00020424-0000-0000-C000-000000000046}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{A051CF9E-DE19-4190-961D-C0131CB19D55}\
TypeLib
(Default) = "{F5AF018C-2993-4F60-B186-72AE59CCD1E3}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{A051CF9E-DE19-4190-961D-C0131CB19D55}\
TypeLib
Version = "2.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{421B6D3E-4B0C-4615-B456-5C2AE7C23D3C}
(Default) = "_ATXmlRangeNode"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{421B6D3E-4B0C-4615-B456-5C2AE7C23D3C}\
ProxyStubClsid32
(Default) = "{00020424-0000-0000-C000-000000000046}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{421B6D3E-4B0C-4615-B456-5C2AE7C23D3C}\
TypeLib
(Default) = "{F5AF018C-2993-4F60-B186-72AE59CCD1E3}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{421B6D3E-4B0C-4615-B456-5C2AE7C23D3C}\
TypeLib
Version = "2.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{118B1C3F-83C8-466F-9996-8CCB80359E32}
(Default) = "_ATXmlTabNode"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{118B1C3F-83C8-466F-9996-8CCB80359E32}\
ProxyStubClsid32
(Default) = "{00020424-0000-0000-C000-000000000046}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{118B1C3F-83C8-466F-9996-8CCB80359E32}\
TypeLib
(Default) = "{F5AF018C-2993-4F60-B186-72AE59CCD1E3}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{118B1C3F-83C8-466F-9996-8CCB80359E32}\
TypeLib
Version = "2.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{A8713635-724C-4CCD-BA0C-F2F58EB0BFBE}
(Default) = "_ATXmlDataNode"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{A8713635-724C-4CCD-BA0C-F2F58EB0BFBE}\
ProxyStubClsid32
(Default) = "{00020424-0000-0000-C000-000000000046}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{A8713635-724C-4CCD-BA0C-F2F58EB0BFBE}\
TypeLib
(Default) = "{F5AF018C-2993-4F60-B186-72AE59CCD1E3}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{A8713635-724C-4CCD-BA0C-F2F58EB0BFBE}\
TypeLib
Version = "2.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{4C2BE82C-FBE6-4D5F-BB69-8486E231927D}
(Default) = "_ATXmlDOMDocument"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{4C2BE82C-FBE6-4D5F-BB69-8486E231927D}\
ProxyStubClsid32
(Default) = "{00020424-0000-0000-C000-000000000046}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{4C2BE82C-FBE6-4D5F-BB69-8486E231927D}\
TypeLib
(Default) = "{F5AF018C-2993-4F60-B186-72AE59CCD1E3}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{4C2BE82C-FBE6-4D5F-BB69-8486E231927D}\
TypeLib
Version = "2.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{30744E3C-24A7-45C0-BD32-FDA5448BA9D1}
(Default) = "_ATXmlReturnNode"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{30744E3C-24A7-45C0-BD32-FDA5448BA9D1}\
ProxyStubClsid32
(Default) = "{00020424-0000-0000-C000-000000000046}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{30744E3C-24A7-45C0-BD32-FDA5448BA9D1}\
TypeLib
(Default) = "{F5AF018C-2993-4F60-B186-72AE59CCD1E3}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{30744E3C-24A7-45C0-BD32-FDA5448BA9D1}\
TypeLib
Version = "2.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{C7BCC8D3-B191-4ED4-B46A-B2277861C015}
(Default) = "_ATXmlClientNode"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{C7BCC8D3-B191-4ED4-B46A-B2277861C015}\
ProxyStubClsid32
(Default) = "{00020424-0000-0000-C000-000000000046}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{C7BCC8D3-B191-4ED4-B46A-B2277861C015}\
TypeLib
(Default) = "{F5AF018C-2993-4F60-B186-72AE59CCD1E3}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{C7BCC8D3-B191-4ED4-B46A-B2277861C015}\
TypeLib
Version = "2.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{9F790079-8315-4F94-B839-0EE7C3819F12}
(Default) = "_ATXmlFormSetNode"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{9F790079-8315-4F94-B839-0EE7C3819F12}\
ProxyStubClsid32
(Default) = "{00020424-0000-0000-C000-000000000046}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{9F790079-8315-4F94-B839-0EE7C3819F12}\
TypeLib
(Default) = "{F5AF018C-2993-4F60-B186-72AE59CCD1E3}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{9F790079-8315-4F94-B839-0EE7C3819F12}\
TypeLib
Version = "2.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{1476A3D2-6A76-45CF-8A0B-983E4F259098}
(Default) = "_clsATXPrint"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{1476A3D2-6A76-45CF-8A0B-983E4F259098}\
ProxyStubClsid32
(Default) = "{00020424-0000-0000-C000-000000000046}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{1476A3D2-6A76-45CF-8A0B-983E4F259098}\
TypeLib
(Default) = "{F5AF018C-2993-4F60-B186-72AE59CCD1E3}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{1476A3D2-6A76-45CF-8A0B-983E4F259098}\
TypeLib
Version = "2.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{E4946C33-031F-47E5-A655-5DFF4A3E6EE2}
(Default) = "_clsEFILE"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{E4946C33-031F-47E5-A655-5DFF4A3E6EE2}\
ProxyStubClsid32
(Default) = "{00020424-0000-0000-C000-000000000046}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{E4946C33-031F-47E5-A655-5DFF4A3E6EE2}\
TypeLib
(Default) = "{F5AF018C-2993-4F60-B186-72AE59CCD1E3}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{E4946C33-031F-47E5-A655-5DFF4A3E6EE2}\
TypeLib
Version = "2.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{322E61AA-53A2-498D-8644-03B53A2105C9}
(Default) = "_clsReturn"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{322E61AA-53A2-498D-8644-03B53A2105C9}\
ProxyStubClsid32
(Default) = "{00020424-0000-0000-C000-000000000046}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{322E61AA-53A2-498D-8644-03B53A2105C9}\
TypeLib
(Default) = "{F5AF018C-2993-4F60-B186-72AE59CCD1E3}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{322E61AA-53A2-498D-8644-03B53A2105C9}\
TypeLib
Version = "2.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{28A55B1F-C3F4-4A28-8FD3-39280F6CFAB3}
(Default) = "_IMain"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{28A55B1F-C3F4-4A28-8FD3-39280F6CFAB3}\
ProxyStubClsid32
(Default) = "{00020424-0000-0000-C000-000000000046}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{28A55B1F-C3F4-4A28-8FD3-39280F6CFAB3}\
TypeLib
(Default) = "{F5AF018C-2993-4F60-B186-72AE59CCD1E3}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{28A55B1F-C3F4-4A28-8FD3-39280F6CFAB3}\
TypeLib
Version = "2.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{E3F7EF3D-CF41-48BD-93D5-D1925DFEC795}
(Default) = "ATXml06.clsEFILE"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{E3F7EF3D-CF41-48BD-93D5-D1925DFEC795}\
ProgID
(Default) = "ATXml06.clsEFILE"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{E3F7EF3D-CF41-48BD-93D5-D1925DFEC795}\
LocalServer32
(Default) = "{malware file path and name}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{E3F7EF3D-CF41-48BD-93D5-D1925DFEC795}\
TypeLib
(Default) = "{F5AF018C-2993-4F60-B186-72AE59CCD1E3}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{E3F7EF3D-CF41-48BD-93D5-D1925DFEC795}\
VERSION
(Default) = "2.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ATXml06.clsEFILE
(Default) = "ATXml06.clsEFILE"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ATXml06.clsEFILE\Clsid
(Default) = "{E3F7EF3D-CF41-48BD-93D5-D1925DFEC795}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{E4946C33-031F-47E5-A655-5DFF4A3E6EE2}
(Default) = "clsEFILE"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{E4946C33-031F-47E5-A655-5DFF4A3E6EE2}\
ProxyStubClsid
(Default) = "{00020424-0000-0000-C000-000000000046}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{B280B23B-7E53-4577-8FD5-7FC81B1739F0}
(Default) = "ATXml06.clsATXPrint"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{B280B23B-7E53-4577-8FD5-7FC81B1739F0}\
ProgID
(Default) = "ATXml06.clsATXPrint"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{B280B23B-7E53-4577-8FD5-7FC81B1739F0}\
LocalServer32
(Default) = "{malware file path and name}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{B280B23B-7E53-4577-8FD5-7FC81B1739F0}\
TypeLib
(Default) = "{F5AF018C-2993-4F60-B186-72AE59CCD1E3}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{B280B23B-7E53-4577-8FD5-7FC81B1739F0}\
VERSION
(Default) = "2.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ATXml06.clsATXPrint
(Default) = "ATXml06.clsATXPrint"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ATXml06.clsATXPrint\Clsid
(Default) = "{B280B23B-7E53-4577-8FD5-7FC81B1739F0}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{1476A3D2-6A76-45CF-8A0B-983E4F259098}
(Default) = "clsATXPrint"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{1476A3D2-6A76-45CF-8A0B-983E4F259098}\
ProxyStubClsid
(Default) = "{00020424-0000-0000-C000-000000000046}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{B72B32D5-9B6F-4630-8F99-DCE75A0BCB47}
(Default) = "ATXml06.IMain"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{B72B32D5-9B6F-4630-8F99-DCE75A0BCB47}\
ProgID
(Default) = "ATXml06.IMain"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{B72B32D5-9B6F-4630-8F99-DCE75A0BCB47}\
LocalServer32
(Default) = "{malware file path and name}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{B72B32D5-9B6F-4630-8F99-DCE75A0BCB47}\
TypeLib
(Default) = "{F5AF018C-2993-4F60-B186-72AE59CCD1E3}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{B72B32D5-9B6F-4630-8F99-DCE75A0BCB47}\
VERSION
(Default) = "2.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ATXml06.IMain
(Default) = "ATXml06.IMain"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ATXml06.IMain\Clsid
(Default) = "{B72B32D5-9B6F-4630-8F99-DCE75A0BCB47}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{28A55B1F-C3F4-4A28-8FD3-39280F6CFAB3}
(Default) = "IMain"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{28A55B1F-C3F4-4A28-8FD3-39280F6CFAB3}\
ProxyStubClsid
(Default) = "{00020424-0000-0000-C000-000000000046}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{9A89175F-8D8D-4846-ACFF-49EC7DC1FF0D}
(Default) = "ATXml06.clsReturn"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{9A89175F-8D8D-4846-ACFF-49EC7DC1FF0D}\
ProgID
(Default) = "ATXml06.clsReturn"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{9A89175F-8D8D-4846-ACFF-49EC7DC1FF0D}\
TypeLib
(Default) = "{F5AF018C-2993-4F60-B186-72AE59CCD1E3}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{9A89175F-8D8D-4846-ACFF-49EC7DC1FF0D}\
VERSION
(Default) = "2.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ATXml06.clsReturn
(Default) = "ATXml06.clsReturn"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ATXml06.clsReturn\Clsid
(Default) = "{9A89175F-8D8D-4846-ACFF-49EC7DC1FF0D}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{322E61AA-53A2-498D-8644-03B53A2105C9}
(Default) = "clsReturn"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{322E61AA-53A2-498D-8644-03B53A2105C9}\
ProxyStubClsid
(Default) = "{00020424-0000-0000-C000-000000000046}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{35849DFA-D9D3-40F1-8117-4BAB84DEB2AE}
(Default) = "ATXml06.ATXmlFormSetNode"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{35849DFA-D9D3-40F1-8117-4BAB84DEB2AE}\
ProgID
(Default) = "ATXml06.ATXmlFormSetNode"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{35849DFA-D9D3-40F1-8117-4BAB84DEB2AE}\
LocalServer32
(Default) = "{malware file path and name}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{35849DFA-D9D3-40F1-8117-4BAB84DEB2AE}\
TypeLib
(Default) = "{F5AF018C-2993-4F60-B186-72AE59CCD1E3}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{35849DFA-D9D3-40F1-8117-4BAB84DEB2AE}\
VERSION
(Default) = "2.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ATXml06.ATXmlFormSetNode
(Default) = "ATXml06.ATXmlFormSetNode"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ATXml06.ATXmlFormSetNode\Clsid
(Default) = "{35849DFA-D9D3-40F1-8117-4BAB84DEB2AE}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{9F790079-8315-4F94-B839-0EE7C3819F12}
(Default) = "ATXmlFormSetNode"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{9F790079-8315-4F94-B839-0EE7C3819F12}\
ProxyStubClsid
(Default) = "{00020424-0000-0000-C000-000000000046}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{4017EC2C-56FA-4C9A-A598-9D880B76D3D7}
(Default) = "ATXml06.ATXmlClientNode"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{4017EC2C-56FA-4C9A-A598-9D880B76D3D7}\
ProgID
(Default) = "ATXml06.ATXmlClientNode"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{4017EC2C-56FA-4C9A-A598-9D880B76D3D7}\
LocalServer32
(Default) = "{malware file path and name}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{4017EC2C-56FA-4C9A-A598-9D880B76D3D7}\
TypeLib
(Default) = "{F5AF018C-2993-4F60-B186-72AE59CCD1E3}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{4017EC2C-56FA-4C9A-A598-9D880B76D3D7}\
VERSION
(Default) = "2.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ATXml06.ATXmlClientNode
(Default) = "ATXml06.ATXmlClientNode"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ATXml06.ATXmlClientNode\Clsid
(Default) = "{4017EC2C-56FA-4C9A-A598-9D880B76D3D7}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{C7BCC8D3-B191-4ED4-B46A-B2277861C015}
(Default) = "ATXmlClientNode"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{C7BCC8D3-B191-4ED4-B46A-B2277861C015}\
ProxyStubClsid
(Default) = "{00020424-0000-0000-C000-000000000046}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{CA2333E8-3255-4C72-93B1-25463753DD3F}
(Default) = "ATXml06.ATXmlReturnNode"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{CA2333E8-3255-4C72-93B1-25463753DD3F}\
ProgID
(Default) = "ATXml06.ATXmlReturnNode"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{CA2333E8-3255-4C72-93B1-25463753DD3F}\
LocalServer32
(Default) = "{malware file path and name}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{CA2333E8-3255-4C72-93B1-25463753DD3F}\
TypeLib
(Default) = "{F5AF018C-2993-4F60-B186-72AE59CCD1E3}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{CA2333E8-3255-4C72-93B1-25463753DD3F}\
VERSION
(Default) = "2.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ATXml06.ATXmlReturnNode
(Default) = "ATXml06.ATXmlReturnNode"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ATXml06.ATXmlReturnNode\Clsid
(Default) = "{CA2333E8-3255-4C72-93B1-25463753DD3F}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{30744E3C-24A7-45C0-BD32-FDA5448BA9D1}
(Default) = "ATXmlReturnNode"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{30744E3C-24A7-45C0-BD32-FDA5448BA9D1}\
ProxyStubClsid
(Default) = "{00020424-0000-0000-C000-000000000046}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{7BFDF3AD-3C06-4F9C-BD14-8802431EAB9D}
(Default) = "ATXml06.ATXmlDOMDocument"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{7BFDF3AD-3C06-4F9C-BD14-8802431EAB9D}\
ProgID
(Default) = "ATXml06.ATXmlDOMDocument"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{7BFDF3AD-3C06-4F9C-BD14-8802431EAB9D}\
LocalServer32
(Default) = "{malware file path and name}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{7BFDF3AD-3C06-4F9C-BD14-8802431EAB9D}\
TypeLib
(Default) = "{F5AF018C-2993-4F60-B186-72AE59CCD1E3}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{7BFDF3AD-3C06-4F9C-BD14-8802431EAB9D}\
VERSION
(Default) = "2.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ATXml06.ATXmlDOMDocument
(Default) = "ATXml06.ATXmlDOMDocument"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ATXml06.ATXmlDOMDocument\Clsid
(Default) = "{7BFDF3AD-3C06-4F9C-BD14-8802431EAB9D}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{4C2BE82C-FBE6-4D5F-BB69-8486E231927D}
(Default) = "ATXmlDOMDocument"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{4C2BE82C-FBE6-4D5F-BB69-8486E231927D}\
ProxyStubClsid
(Default) = "{00020424-0000-0000-C000-000000000046}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{E5742954-02BA-4107-8453-04473C31B49A}
(Default) = "ATXml06.ATXmlDataNode"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{E5742954-02BA-4107-8453-04473C31B49A}\
ProgID
(Default) = "ATXml06.ATXmlDataNode"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{E5742954-02BA-4107-8453-04473C31B49A}\
LocalServer32
(Default) = "{malware file path and name}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{E5742954-02BA-4107-8453-04473C31B49A}\
TypeLib
(Default) = "{F5AF018C-2993-4F60-B186-72AE59CCD1E3}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{E5742954-02BA-4107-8453-04473C31B49A}\
VERSION
(Default) = "2.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ATXml06.ATXmlDataNode
(Default) = "ATXml06.ATXmlDataNode"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ATXml06.ATXmlDataNode\Clsid
(Default) = "{E5742954-02BA-4107-8453-04473C31B49A}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{A8713635-724C-4CCD-BA0C-F2F58EB0BFBE}
(Default) = "ATXmlDataNode"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{A8713635-724C-4CCD-BA0C-F2F58EB0BFBE}\
ProxyStubClsid
(Default) = "{00020424-0000-0000-C000-000000000046}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{506C91FD-BA31-44F5-A4C3-A5E65C7CF4DC}
(Default) = "ATXml06.ATXmlTabNode"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{506C91FD-BA31-44F5-A4C3-A5E65C7CF4DC}\
ProgID
(Default) = "ATXml06.ATXmlTabNode"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{506C91FD-BA31-44F5-A4C3-A5E65C7CF4DC}\
LocalServer32
(Default) = "{malware file path and name}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{506C91FD-BA31-44F5-A4C3-A5E65C7CF4DC}\
TypeLib
(Default) = "{F5AF018C-2993-4F60-B186-72AE59CCD1E3}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{506C91FD-BA31-44F5-A4C3-A5E65C7CF4DC}\
VERSION
(Default) = "2.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ATXml06.ATXmlTabNode
(Default) = "ATXml06.ATXmlTabNode"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ATXml06.ATXmlTabNode\Clsid
(Default) = "{506C91FD-BA31-44F5-A4C3-A5E65C7CF4DC}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{118B1C3F-83C8-466F-9996-8CCB80359E32}
(Default) = "ATXmlTabNode"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{118B1C3F-83C8-466F-9996-8CCB80359E32}\
ProxyStubClsid
(Default) = "{00020424-0000-0000-C000-000000000046}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{90804A8E-0E10-4780-99E0-600F4273FC7C}
(Default) = "ATXml06.ATXmlRangeNode"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{90804A8E-0E10-4780-99E0-600F4273FC7C}\
ProgID
(Default) = "ATXml06.ATXmlRangeNode"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{90804A8E-0E10-4780-99E0-600F4273FC7C}\
LocalServer32
(Default) = "{malware file path and name}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{90804A8E-0E10-4780-99E0-600F4273FC7C}\
TypeLib
(Default) = "{F5AF018C-2993-4F60-B186-72AE59CCD1E3}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{90804A8E-0E10-4780-99E0-600F4273FC7C}\
VERSION
(Default) = "2.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ATXml06.ATXmlRangeNode
(Default) = "ATXml06.ATXmlRangeNode"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ATXml06.ATXmlRangeNode\Clsid
(Default) = "{90804A8E-0E10-4780-99E0-600F4273FC7C}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{421B6D3E-4B0C-4615-B456-5C2AE7C23D3C}
(Default) = "ATXmlRangeNode"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{421B6D3E-4B0C-4615-B456-5C2AE7C23D3C}\
ProxyStubClsid
(Default) = "{00020424-0000-0000-C000-000000000046}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{417D8B2B-B8AA-41C5-B3B9-91FCA194C145}
(Default) = "ATXml06.ATXmlParseError"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{417D8B2B-B8AA-41C5-B3B9-91FCA194C145}\
ProgID
(Default) = "ATXml06.ATXmlParseError"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{417D8B2B-B8AA-41C5-B3B9-91FCA194C145}\
LocalServer32
(Default) = "{malware file path and name}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{417D8B2B-B8AA-41C5-B3B9-91FCA194C145}\
TypeLib
(Default) = "{F5AF018C-2993-4F60-B186-72AE59CCD1E3}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{417D8B2B-B8AA-41C5-B3B9-91FCA194C145}\
VERSION
(Default) = "2.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ATXml06.ATXmlParseError
(Default) = "ATXml06.ATXmlParseError"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ATXml06.ATXmlParseError\Clsid
(Default) = "{417D8B2B-B8AA-41C5-B3B9-91FCA194C145}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{A051CF9E-DE19-4190-961D-C0131CB19D55}
(Default) = "ATXmlParseError"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{A051CF9E-DE19-4190-961D-C0131CB19D55}\
ProxyStubClsid
(Default) = "{00020424-0000-0000-C000-000000000046}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{271BBCFA-A2CA-45F3-816B-23AD8485D43B}
(Default) = "ATXml06.ATXmlIndexNode"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{271BBCFA-A2CA-45F3-816B-23AD8485D43B}\
ProgID
(Default) = "ATXml06.ATXmlIndexNode"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{271BBCFA-A2CA-45F3-816B-23AD8485D43B}\
LocalServer32
(Default) = "{malware file path and name}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{271BBCFA-A2CA-45F3-816B-23AD8485D43B}\
TypeLib
(Default) = "{F5AF018C-2993-4F60-B186-72AE59CCD1E3}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{271BBCFA-A2CA-45F3-816B-23AD8485D43B}\
VERSION
(Default) = "2.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ATXml06.ATXmlIndexNode
(Default) = "ATXml06.ATXmlIndexNode"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ATXml06.ATXmlIndexNode\Clsid
(Default) = "{271BBCFA-A2CA-45F3-816B-23AD8485D43B}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{6CAAD269-40AA-4122-A8DB-860B452D23F7}
(Default) = "ATXmlIndexNode"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{6CAAD269-40AA-4122-A8DB-860B452D23F7}\
ProxyStubClsid
(Default) = "{00020424-0000-0000-C000-000000000046}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{A8E1F7FF-02BC-4692-BCC1-8650AA5864D1}
(Default) = "ATXml06.ATXmlFormNode"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{A8E1F7FF-02BC-4692-BCC1-8650AA5864D1}\
ProgID
(Default) = "ATXml06.ATXmlFormNode"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{A8E1F7FF-02BC-4692-BCC1-8650AA5864D1}\
LocalServer32
(Default) = "{malware file path and name}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{A8E1F7FF-02BC-4692-BCC1-8650AA5864D1}\
TypeLib
(Default) = "{F5AF018C-2993-4F60-B186-72AE59CCD1E3}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{A8E1F7FF-02BC-4692-BCC1-8650AA5864D1}\
VERSION
(Default) = "2.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ATXml06.ATXmlFormNode
(Default) = "ATXml06.ATXmlFormNode"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ATXml06.ATXmlFormNode\Clsid
(Default) = "{A8E1F7FF-02BC-4692-BCC1-8650AA5864D1}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{DBCDFB21-E896-4B0B-B9B0-84F9AB755F5E}
(Default) = "ATXmlFormNode"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{DBCDFB21-E896-4B0B-B9B0-84F9AB755F5E}\
ProxyStubClsid
(Default) = "{00020424-0000-0000-C000-000000000046}"
Elimina las siguientes claves de registro:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{E3F7EF3D-CF41-48BD-93D5-D1925DFEC795}\
LocalServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{B280B23B-7E53-4577-8FD5-7FC81B1739F0}\
LocalServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{B72B32D5-9B6F-4630-8F99-DCE75A0BCB47}\
LocalServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{35849DFA-D9D3-40F1-8117-4BAB84DEB2AE}\
LocalServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{4017EC2C-56FA-4C9A-A598-9D880B76D3D7}\
LocalServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{CA2333E8-3255-4C72-93B1-25463753DD3F}\
LocalServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{7BFDF3AD-3C06-4F9C-BD14-8802431EAB9D}\
LocalServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{E5742954-02BA-4107-8453-04473C31B49A}\
LocalServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{506C91FD-BA31-44F5-A4C3-A5E65C7CF4DC}\
LocalServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{90804A8E-0E10-4780-99E0-600F4273FC7C}\
LocalServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{417D8B2B-B8AA-41C5-B3B9-91FCA194C145}\
LocalServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{271BBCFA-A2CA-45F3-816B-23AD8485D43B}\
LocalServer32\ThreadingModel
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{A8E1F7FF-02BC-4692-BCC1-8650AA5864D1}\
LocalServer32\ThreadingModel
Soluciones
Step 1
Los usuarios de Windows ME y XP, antes de llevar a cabo cualquier exploración, deben comprobar que tienen desactivada la opción Restaurar sistema para permitir la exploración completa del equipo.
Step 2
Eliminar este valor del Registro
Importante: si modifica el Registro de Windows incorrectamente, podría hacer que el sistema funcione mal de manera irreversible. Lleve a cabo este paso solo si sabe cómo hacerlo o si puede contar con ayuda de su administrador del sistema. De lo contrario, lea este artículo de Microsoft antes de modificar el Registro del equipo.
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DBCDFB21-E896-4B0B-B9B0-84F9AB755F5E}
- (Default) = "_ATXmlFormNode"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DBCDFB21-E896-4B0B-B9B0-84F9AB755F5E}\ProxyStubClsid32
- (Default) = "{00020424-0000-0000-C000-000000000046}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DBCDFB21-E896-4B0B-B9B0-84F9AB755F5E}\TypeLib
- (Default) = "{F5AF018C-2993-4F60-B186-72AE59CCD1E3}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DBCDFB21-E896-4B0B-B9B0-84F9AB755F5E}\TypeLib
- Version = "2.1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6CAAD269-40AA-4122-A8DB-860B452D23F7}
- (Default) = "_ATXmlIndexNode"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6CAAD269-40AA-4122-A8DB-860B452D23F7}\ProxyStubClsid32
- (Default) = "{00020424-0000-0000-C000-000000000046}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6CAAD269-40AA-4122-A8DB-860B452D23F7}\TypeLib
- (Default) = "{F5AF018C-2993-4F60-B186-72AE59CCD1E3}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6CAAD269-40AA-4122-A8DB-860B452D23F7}\TypeLib
- Version = "2.1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A051CF9E-DE19-4190-961D-C0131CB19D55}
- (Default) = "_ATXmlParseError"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A051CF9E-DE19-4190-961D-C0131CB19D55}\ProxyStubClsid32
- (Default) = "{00020424-0000-0000-C000-000000000046}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A051CF9E-DE19-4190-961D-C0131CB19D55}\TypeLib
- (Default) = "{F5AF018C-2993-4F60-B186-72AE59CCD1E3}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A051CF9E-DE19-4190-961D-C0131CB19D55}\TypeLib
- Version = "2.1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{421B6D3E-4B0C-4615-B456-5C2AE7C23D3C}
- (Default) = "_ATXmlRangeNode"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{421B6D3E-4B0C-4615-B456-5C2AE7C23D3C}\ProxyStubClsid32
- (Default) = "{00020424-0000-0000-C000-000000000046}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{421B6D3E-4B0C-4615-B456-5C2AE7C23D3C}\TypeLib
- (Default) = "{F5AF018C-2993-4F60-B186-72AE59CCD1E3}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{421B6D3E-4B0C-4615-B456-5C2AE7C23D3C}\TypeLib
- Version = "2.1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{118B1C3F-83C8-466F-9996-8CCB80359E32}
- (Default) = "_ATXmlTabNode"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{118B1C3F-83C8-466F-9996-8CCB80359E32}\ProxyStubClsid32
- (Default) = "{00020424-0000-0000-C000-000000000046}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{118B1C3F-83C8-466F-9996-8CCB80359E32}\TypeLib
- (Default) = "{F5AF018C-2993-4F60-B186-72AE59CCD1E3}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{118B1C3F-83C8-466F-9996-8CCB80359E32}\TypeLib
- Version = "2.1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A8713635-724C-4CCD-BA0C-F2F58EB0BFBE}
- (Default) = "_ATXmlDataNode"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A8713635-724C-4CCD-BA0C-F2F58EB0BFBE}\ProxyStubClsid32
- (Default) = "{00020424-0000-0000-C000-000000000046}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A8713635-724C-4CCD-BA0C-F2F58EB0BFBE}\TypeLib
- (Default) = "{F5AF018C-2993-4F60-B186-72AE59CCD1E3}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A8713635-724C-4CCD-BA0C-F2F58EB0BFBE}\TypeLib
- Version = "2.1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4C2BE82C-FBE6-4D5F-BB69-8486E231927D}
- (Default) = "_ATXmlDOMDocument"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4C2BE82C-FBE6-4D5F-BB69-8486E231927D}\ProxyStubClsid32
- (Default) = "{00020424-0000-0000-C000-000000000046}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4C2BE82C-FBE6-4D5F-BB69-8486E231927D}\TypeLib
- (Default) = "{F5AF018C-2993-4F60-B186-72AE59CCD1E3}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4C2BE82C-FBE6-4D5F-BB69-8486E231927D}\TypeLib
- Version = "2.1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{30744E3C-24A7-45C0-BD32-FDA5448BA9D1}
- (Default) = "_ATXmlReturnNode"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{30744E3C-24A7-45C0-BD32-FDA5448BA9D1}\ProxyStubClsid32
- (Default) = "{00020424-0000-0000-C000-000000000046}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{30744E3C-24A7-45C0-BD32-FDA5448BA9D1}\TypeLib
- (Default) = "{F5AF018C-2993-4F60-B186-72AE59CCD1E3}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{30744E3C-24A7-45C0-BD32-FDA5448BA9D1}\TypeLib
- Version = "2.1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C7BCC8D3-B191-4ED4-B46A-B2277861C015}
- (Default) = "_ATXmlClientNode"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C7BCC8D3-B191-4ED4-B46A-B2277861C015}\ProxyStubClsid32
- (Default) = "{00020424-0000-0000-C000-000000000046}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C7BCC8D3-B191-4ED4-B46A-B2277861C015}\TypeLib
- (Default) = "{F5AF018C-2993-4F60-B186-72AE59CCD1E3}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C7BCC8D3-B191-4ED4-B46A-B2277861C015}\TypeLib
- Version = "2.1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9F790079-8315-4F94-B839-0EE7C3819F12}
- (Default) = "_ATXmlFormSetNode"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9F790079-8315-4F94-B839-0EE7C3819F12}\ProxyStubClsid32
- (Default) = "{00020424-0000-0000-C000-000000000046}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9F790079-8315-4F94-B839-0EE7C3819F12}\TypeLib
- (Default) = "{F5AF018C-2993-4F60-B186-72AE59CCD1E3}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9F790079-8315-4F94-B839-0EE7C3819F12}\TypeLib
- Version = "2.1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1476A3D2-6A76-45CF-8A0B-983E4F259098}
- (Default) = "_clsATXPrint"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1476A3D2-6A76-45CF-8A0B-983E4F259098}\ProxyStubClsid32
- (Default) = "{00020424-0000-0000-C000-000000000046}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1476A3D2-6A76-45CF-8A0B-983E4F259098}\TypeLib
- (Default) = "{F5AF018C-2993-4F60-B186-72AE59CCD1E3}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1476A3D2-6A76-45CF-8A0B-983E4F259098}\TypeLib
- Version = "2.1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E4946C33-031F-47E5-A655-5DFF4A3E6EE2}
- (Default) = "_clsEFILE"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E4946C33-031F-47E5-A655-5DFF4A3E6EE2}\ProxyStubClsid32
- (Default) = "{00020424-0000-0000-C000-000000000046}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E4946C33-031F-47E5-A655-5DFF4A3E6EE2}\TypeLib
- (Default) = "{F5AF018C-2993-4F60-B186-72AE59CCD1E3}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E4946C33-031F-47E5-A655-5DFF4A3E6EE2}\TypeLib
- Version = "2.1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{322E61AA-53A2-498D-8644-03B53A2105C9}
- (Default) = "_clsReturn"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{322E61AA-53A2-498D-8644-03B53A2105C9}\ProxyStubClsid32
- (Default) = "{00020424-0000-0000-C000-000000000046}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{322E61AA-53A2-498D-8644-03B53A2105C9}\TypeLib
- (Default) = "{F5AF018C-2993-4F60-B186-72AE59CCD1E3}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{322E61AA-53A2-498D-8644-03B53A2105C9}\TypeLib
- Version = "2.1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{28A55B1F-C3F4-4A28-8FD3-39280F6CFAB3}
- (Default) = "_IMain"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{28A55B1F-C3F4-4A28-8FD3-39280F6CFAB3}\ProxyStubClsid32
- (Default) = "{00020424-0000-0000-C000-000000000046}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{28A55B1F-C3F4-4A28-8FD3-39280F6CFAB3}\TypeLib
- (Default) = "{F5AF018C-2993-4F60-B186-72AE59CCD1E3}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{28A55B1F-C3F4-4A28-8FD3-39280F6CFAB3}\TypeLib
- Version = "2.1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E3F7EF3D-CF41-48BD-93D5-D1925DFEC795}
- (Default) = "ATXml06.clsEFILE"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E3F7EF3D-CF41-48BD-93D5-D1925DFEC795}\ProgID
- (Default) = "ATXml06.clsEFILE"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E3F7EF3D-CF41-48BD-93D5-D1925DFEC795}\LocalServer32
- (Default) = "{malware file path and name}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E3F7EF3D-CF41-48BD-93D5-D1925DFEC795}\TypeLib
- (Default) = "{F5AF018C-2993-4F60-B186-72AE59CCD1E3}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E3F7EF3D-CF41-48BD-93D5-D1925DFEC795}\VERSION
- (Default) = "2.1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ATXml06.clsEFILE
- (Default) = "ATXml06.clsEFILE"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ATXml06.clsEFILE\Clsid
- (Default) = "{E3F7EF3D-CF41-48BD-93D5-D1925DFEC795}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E4946C33-031F-47E5-A655-5DFF4A3E6EE2}
- (Default) = "clsEFILE"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E4946C33-031F-47E5-A655-5DFF4A3E6EE2}\ProxyStubClsid
- (Default) = "{00020424-0000-0000-C000-000000000046}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B280B23B-7E53-4577-8FD5-7FC81B1739F0}
- (Default) = "ATXml06.clsATXPrint"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B280B23B-7E53-4577-8FD5-7FC81B1739F0}\ProgID
- (Default) = "ATXml06.clsATXPrint"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B280B23B-7E53-4577-8FD5-7FC81B1739F0}\LocalServer32
- (Default) = "{malware file path and name}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B280B23B-7E53-4577-8FD5-7FC81B1739F0}\TypeLib
- (Default) = "{F5AF018C-2993-4F60-B186-72AE59CCD1E3}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B280B23B-7E53-4577-8FD5-7FC81B1739F0}\VERSION
- (Default) = "2.1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ATXml06.clsATXPrint
- (Default) = "ATXml06.clsATXPrint"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ATXml06.clsATXPrint\Clsid
- (Default) = "{B280B23B-7E53-4577-8FD5-7FC81B1739F0}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1476A3D2-6A76-45CF-8A0B-983E4F259098}
- (Default) = "clsATXPrint"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1476A3D2-6A76-45CF-8A0B-983E4F259098}\ProxyStubClsid
- (Default) = "{00020424-0000-0000-C000-000000000046}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B72B32D5-9B6F-4630-8F99-DCE75A0BCB47}
- (Default) = "ATXml06.IMain"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B72B32D5-9B6F-4630-8F99-DCE75A0BCB47}\ProgID
- (Default) = "ATXml06.IMain"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B72B32D5-9B6F-4630-8F99-DCE75A0BCB47}\LocalServer32
- (Default) = "{malware file path and name}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B72B32D5-9B6F-4630-8F99-DCE75A0BCB47}\TypeLib
- (Default) = "{F5AF018C-2993-4F60-B186-72AE59CCD1E3}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B72B32D5-9B6F-4630-8F99-DCE75A0BCB47}\VERSION
- (Default) = "2.1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ATXml06.IMain
- (Default) = "ATXml06.IMain"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ATXml06.IMain\Clsid
- (Default) = "{B72B32D5-9B6F-4630-8F99-DCE75A0BCB47}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{28A55B1F-C3F4-4A28-8FD3-39280F6CFAB3}
- (Default) = "IMain"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{28A55B1F-C3F4-4A28-8FD3-39280F6CFAB3}\ProxyStubClsid
- (Default) = "{00020424-0000-0000-C000-000000000046}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9A89175F-8D8D-4846-ACFF-49EC7DC1FF0D}
- (Default) = "ATXml06.clsReturn"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9A89175F-8D8D-4846-ACFF-49EC7DC1FF0D}\ProgID
- (Default) = "ATXml06.clsReturn"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9A89175F-8D8D-4846-ACFF-49EC7DC1FF0D}\TypeLib
- (Default) = "{F5AF018C-2993-4F60-B186-72AE59CCD1E3}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9A89175F-8D8D-4846-ACFF-49EC7DC1FF0D}\VERSION
- (Default) = "2.1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ATXml06.clsReturn
- (Default) = "ATXml06.clsReturn"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ATXml06.clsReturn\Clsid
- (Default) = "{9A89175F-8D8D-4846-ACFF-49EC7DC1FF0D}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{322E61AA-53A2-498D-8644-03B53A2105C9}
- (Default) = "clsReturn"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{322E61AA-53A2-498D-8644-03B53A2105C9}\ProxyStubClsid
- (Default) = "{00020424-0000-0000-C000-000000000046}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{35849DFA-D9D3-40F1-8117-4BAB84DEB2AE}
- (Default) = "ATXml06.ATXmlFormSetNode"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{35849DFA-D9D3-40F1-8117-4BAB84DEB2AE}\ProgID
- (Default) = "ATXml06.ATXmlFormSetNode"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{35849DFA-D9D3-40F1-8117-4BAB84DEB2AE}\LocalServer32
- (Default) = "{malware file path and name}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{35849DFA-D9D3-40F1-8117-4BAB84DEB2AE}\TypeLib
- (Default) = "{F5AF018C-2993-4F60-B186-72AE59CCD1E3}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{35849DFA-D9D3-40F1-8117-4BAB84DEB2AE}\VERSION
- (Default) = "2.1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ATXml06.ATXmlFormSetNode
- (Default) = "ATXml06.ATXmlFormSetNode"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ATXml06.ATXmlFormSetNode\Clsid
- (Default) = "{35849DFA-D9D3-40F1-8117-4BAB84DEB2AE}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9F790079-8315-4F94-B839-0EE7C3819F12}
- (Default) = "ATXmlFormSetNode"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9F790079-8315-4F94-B839-0EE7C3819F12}\ProxyStubClsid
- (Default) = "{00020424-0000-0000-C000-000000000046}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4017EC2C-56FA-4C9A-A598-9D880B76D3D7}
- (Default) = "ATXml06.ATXmlClientNode"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4017EC2C-56FA-4C9A-A598-9D880B76D3D7}\ProgID
- (Default) = "ATXml06.ATXmlClientNode"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4017EC2C-56FA-4C9A-A598-9D880B76D3D7}\LocalServer32
- (Default) = "{malware file path and name}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4017EC2C-56FA-4C9A-A598-9D880B76D3D7}\TypeLib
- (Default) = "{F5AF018C-2993-4F60-B186-72AE59CCD1E3}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4017EC2C-56FA-4C9A-A598-9D880B76D3D7}\VERSION
- (Default) = "2.1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ATXml06.ATXmlClientNode
- (Default) = "ATXml06.ATXmlClientNode"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ATXml06.ATXmlClientNode\Clsid
- (Default) = "{4017EC2C-56FA-4C9A-A598-9D880B76D3D7}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C7BCC8D3-B191-4ED4-B46A-B2277861C015}
- (Default) = "ATXmlClientNode"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C7BCC8D3-B191-4ED4-B46A-B2277861C015}\ProxyStubClsid
- (Default) = "{00020424-0000-0000-C000-000000000046}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CA2333E8-3255-4C72-93B1-25463753DD3F}
- (Default) = "ATXml06.ATXmlReturnNode"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CA2333E8-3255-4C72-93B1-25463753DD3F}\ProgID
- (Default) = "ATXml06.ATXmlReturnNode"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CA2333E8-3255-4C72-93B1-25463753DD3F}\LocalServer32
- (Default) = "{malware file path and name}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CA2333E8-3255-4C72-93B1-25463753DD3F}\TypeLib
- (Default) = "{F5AF018C-2993-4F60-B186-72AE59CCD1E3}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CA2333E8-3255-4C72-93B1-25463753DD3F}\VERSION
- (Default) = "2.1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ATXml06.ATXmlReturnNode
- (Default) = "ATXml06.ATXmlReturnNode"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ATXml06.ATXmlReturnNode\Clsid
- (Default) = "{CA2333E8-3255-4C72-93B1-25463753DD3F}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{30744E3C-24A7-45C0-BD32-FDA5448BA9D1}
- (Default) = "ATXmlReturnNode"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{30744E3C-24A7-45C0-BD32-FDA5448BA9D1}\ProxyStubClsid
- (Default) = "{00020424-0000-0000-C000-000000000046}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7BFDF3AD-3C06-4F9C-BD14-8802431EAB9D}
- (Default) = "ATXml06.ATXmlDOMDocument"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7BFDF3AD-3C06-4F9C-BD14-8802431EAB9D}\ProgID
- (Default) = "ATXml06.ATXmlDOMDocument"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7BFDF3AD-3C06-4F9C-BD14-8802431EAB9D}\LocalServer32
- (Default) = "{malware file path and name}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7BFDF3AD-3C06-4F9C-BD14-8802431EAB9D}\TypeLib
- (Default) = "{F5AF018C-2993-4F60-B186-72AE59CCD1E3}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7BFDF3AD-3C06-4F9C-BD14-8802431EAB9D}\VERSION
- (Default) = "2.1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ATXml06.ATXmlDOMDocument
- (Default) = "ATXml06.ATXmlDOMDocument"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ATXml06.ATXmlDOMDocument\Clsid
- (Default) = "{7BFDF3AD-3C06-4F9C-BD14-8802431EAB9D}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4C2BE82C-FBE6-4D5F-BB69-8486E231927D}
- (Default) = "ATXmlDOMDocument"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4C2BE82C-FBE6-4D5F-BB69-8486E231927D}\ProxyStubClsid
- (Default) = "{00020424-0000-0000-C000-000000000046}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E5742954-02BA-4107-8453-04473C31B49A}
- (Default) = "ATXml06.ATXmlDataNode"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E5742954-02BA-4107-8453-04473C31B49A}\ProgID
- (Default) = "ATXml06.ATXmlDataNode"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E5742954-02BA-4107-8453-04473C31B49A}\LocalServer32
- (Default) = "{malware file path and name}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E5742954-02BA-4107-8453-04473C31B49A}\TypeLib
- (Default) = "{F5AF018C-2993-4F60-B186-72AE59CCD1E3}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E5742954-02BA-4107-8453-04473C31B49A}\VERSION
- (Default) = "2.1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ATXml06.ATXmlDataNode
- (Default) = "ATXml06.ATXmlDataNode"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ATXml06.ATXmlDataNode\Clsid
- (Default) = "{E5742954-02BA-4107-8453-04473C31B49A}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A8713635-724C-4CCD-BA0C-F2F58EB0BFBE}
- (Default) = "ATXmlDataNode"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A8713635-724C-4CCD-BA0C-F2F58EB0BFBE}\ProxyStubClsid
- (Default) = "{00020424-0000-0000-C000-000000000046}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{506C91FD-BA31-44F5-A4C3-A5E65C7CF4DC}
- (Default) = "ATXml06.ATXmlTabNode"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{506C91FD-BA31-44F5-A4C3-A5E65C7CF4DC}\ProgID
- (Default) = "ATXml06.ATXmlTabNode"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{506C91FD-BA31-44F5-A4C3-A5E65C7CF4DC}\LocalServer32
- (Default) = "{malware file path and name}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{506C91FD-BA31-44F5-A4C3-A5E65C7CF4DC}\TypeLib
- (Default) = "{F5AF018C-2993-4F60-B186-72AE59CCD1E3}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{506C91FD-BA31-44F5-A4C3-A5E65C7CF4DC}\VERSION
- (Default) = "2.1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ATXml06.ATXmlTabNode
- (Default) = "ATXml06.ATXmlTabNode"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ATXml06.ATXmlTabNode\Clsid
- (Default) = "{506C91FD-BA31-44F5-A4C3-A5E65C7CF4DC}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{118B1C3F-83C8-466F-9996-8CCB80359E32}
- (Default) = "ATXmlTabNode"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{118B1C3F-83C8-466F-9996-8CCB80359E32}\ProxyStubClsid
- (Default) = "{00020424-0000-0000-C000-000000000046}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{90804A8E-0E10-4780-99E0-600F4273FC7C}
- (Default) = "ATXml06.ATXmlRangeNode"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{90804A8E-0E10-4780-99E0-600F4273FC7C}\ProgID
- (Default) = "ATXml06.ATXmlRangeNode"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{90804A8E-0E10-4780-99E0-600F4273FC7C}\LocalServer32
- (Default) = "{malware file path and name}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{90804A8E-0E10-4780-99E0-600F4273FC7C}\TypeLib
- (Default) = "{F5AF018C-2993-4F60-B186-72AE59CCD1E3}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{90804A8E-0E10-4780-99E0-600F4273FC7C}\VERSION
- (Default) = "2.1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ATXml06.ATXmlRangeNode
- (Default) = "ATXml06.ATXmlRangeNode"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ATXml06.ATXmlRangeNode\Clsid
- (Default) = "{90804A8E-0E10-4780-99E0-600F4273FC7C}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{421B6D3E-4B0C-4615-B456-5C2AE7C23D3C}
- (Default) = "ATXmlRangeNode"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{421B6D3E-4B0C-4615-B456-5C2AE7C23D3C}\ProxyStubClsid
- (Default) = "{00020424-0000-0000-C000-000000000046}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{417D8B2B-B8AA-41C5-B3B9-91FCA194C145}
- (Default) = "ATXml06.ATXmlParseError"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{417D8B2B-B8AA-41C5-B3B9-91FCA194C145}\ProgID
- (Default) = "ATXml06.ATXmlParseError"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{417D8B2B-B8AA-41C5-B3B9-91FCA194C145}\LocalServer32
- (Default) = "{malware file path and name}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{417D8B2B-B8AA-41C5-B3B9-91FCA194C145}\TypeLib
- (Default) = "{F5AF018C-2993-4F60-B186-72AE59CCD1E3}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{417D8B2B-B8AA-41C5-B3B9-91FCA194C145}\VERSION
- (Default) = "2.1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ATXml06.ATXmlParseError
- (Default) = "ATXml06.ATXmlParseError"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ATXml06.ATXmlParseError\Clsid
- (Default) = "{417D8B2B-B8AA-41C5-B3B9-91FCA194C145}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A051CF9E-DE19-4190-961D-C0131CB19D55}
- (Default) = "ATXmlParseError"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A051CF9E-DE19-4190-961D-C0131CB19D55}\ProxyStubClsid
- (Default) = "{00020424-0000-0000-C000-000000000046}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{271BBCFA-A2CA-45F3-816B-23AD8485D43B}
- (Default) = "ATXml06.ATXmlIndexNode"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{271BBCFA-A2CA-45F3-816B-23AD8485D43B}\ProgID
- (Default) = "ATXml06.ATXmlIndexNode"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{271BBCFA-A2CA-45F3-816B-23AD8485D43B}\LocalServer32
- (Default) = "{malware file path and name}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{271BBCFA-A2CA-45F3-816B-23AD8485D43B}\TypeLib
- (Default) = "{F5AF018C-2993-4F60-B186-72AE59CCD1E3}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{271BBCFA-A2CA-45F3-816B-23AD8485D43B}\VERSION
- (Default) = "2.1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ATXml06.ATXmlIndexNode
- (Default) = "ATXml06.ATXmlIndexNode"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ATXml06.ATXmlIndexNode\Clsid
- (Default) = "{271BBCFA-A2CA-45F3-816B-23AD8485D43B}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6CAAD269-40AA-4122-A8DB-860B452D23F7}
- (Default) = "ATXmlIndexNode"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6CAAD269-40AA-4122-A8DB-860B452D23F7}\ProxyStubClsid
- (Default) = "{00020424-0000-0000-C000-000000000046}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A8E1F7FF-02BC-4692-BCC1-8650AA5864D1}
- (Default) = "ATXml06.ATXmlFormNode"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A8E1F7FF-02BC-4692-BCC1-8650AA5864D1}\ProgID
- (Default) = "ATXml06.ATXmlFormNode"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A8E1F7FF-02BC-4692-BCC1-8650AA5864D1}\LocalServer32
- (Default) = "{malware file path and name}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A8E1F7FF-02BC-4692-BCC1-8650AA5864D1}\TypeLib
- (Default) = "{F5AF018C-2993-4F60-B186-72AE59CCD1E3}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A8E1F7FF-02BC-4692-BCC1-8650AA5864D1}\VERSION
- (Default) = "2.1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ATXml06.ATXmlFormNode
- (Default) = "ATXml06.ATXmlFormNode"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ATXml06.ATXmlFormNode\Clsid
- (Default) = "{A8E1F7FF-02BC-4692-BCC1-8650AA5864D1}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DBCDFB21-E896-4B0B-B9B0-84F9AB755F5E}
- (Default) = "ATXmlFormNode"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DBCDFB21-E896-4B0B-B9B0-84F9AB755F5E}\ProxyStubClsid
- (Default) = "{00020424-0000-0000-C000-000000000046}"
Step 3
Explorar el equipo con su producto de Trend Micro para eliminar los archivos detectados como Trojan.Win32.FAREIT.UHBAZCLIG En caso de que el producto de Trend Micro ya haya limpiado, eliminado o puesto en cuarentena los archivos detectados, no serán necesarios más pasos. Puede optar simplemente por eliminar los archivos en cuarentena. Consulte esta página de Base de conocimientos para obtener más información.
Step 4
Restore these deleted registry keys/values from backup
*Note: Only Microsoft-related keys/values will be restored. If the malware/grayware also deleted registry keys/values related to programs that are not from Microsoft, please reinstall those programs on your computer.
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E3F7EF3D-CF41-48BD-93D5-D1925DFEC795}\LocalServer32
- ThreadingModel
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B280B23B-7E53-4577-8FD5-7FC81B1739F0}\LocalServer32
- ThreadingModel
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B72B32D5-9B6F-4630-8F99-DCE75A0BCB47}\LocalServer32
- ThreadingModel
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{35849DFA-D9D3-40F1-8117-4BAB84DEB2AE}\LocalServer32
- ThreadingModel
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4017EC2C-56FA-4C9A-A598-9D880B76D3D7}\LocalServer32
- ThreadingModel
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CA2333E8-3255-4C72-93B1-25463753DD3F}\LocalServer32
- ThreadingModel
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7BFDF3AD-3C06-4F9C-BD14-8802431EAB9D}\LocalServer32
- ThreadingModel
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E5742954-02BA-4107-8453-04473C31B49A}\LocalServer32
- ThreadingModel
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{506C91FD-BA31-44F5-A4C3-A5E65C7CF4DC}\LocalServer32
- ThreadingModel
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{90804A8E-0E10-4780-99E0-600F4273FC7C}\LocalServer32
- ThreadingModel
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{417D8B2B-B8AA-41C5-B3B9-91FCA194C145}\LocalServer32
- ThreadingModel
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{271BBCFA-A2CA-45F3-816B-23AD8485D43B}\LocalServer32
- ThreadingModel
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A8E1F7FF-02BC-4692-BCC1-8650AA5864D1}\LocalServer32
- ThreadingModel
Rellene nuestra encuesta!