Author: Joselyn Canuela   

 

PUA.Downloader (Symantec), Adware.Solvusoft (Zoner), ADWARE/Solvusoft.utnzl (Avira), PUP/Multitoolbar (Panda)

 PLATFORM:

Windows

 OVER ALL RISK RATING:
 DAMAGE POTENTIAL::
 DISTRIBUTION POTENTIAL::
 REPORTED INFECTION:
 INFORMATION EXPOSURE:
Low
Medium
High
Critical

  • Threat Type:
    Potentially Unwanted Application

  • Destructiveness:
    No

  • Encrypted:
    No

  • In the wild::
    Yes

  OVERVIEW

INFECTION CHANNEL: Descargado de Internet, Eliminado por otro tipo de malware

Puede haberlo instalado manualmente un usuario.

Este malware modifica la configuración de zona de Internet Explorer.

  TECHNICAL DETAILS

File size: 1,838,144 bytes
File type: EXE
Memory resident: No
INITIAL SAMPLES RECEIVED DATE: 07 października 2016
PAYLOAD: Connects to URLs/IPs, Downloads files

Detalles de entrada

Puede haberlo instalado manualmente un usuario.

Instalación

Agrega las carpetas siguientes:

  • %AppDataLocal%\FileViewPro
  • %Program Files%\FileViewPro
  • %User Temp%\ns{5 random characters}.tmp
  • %System Root%\Spacekace
  • %All Users Profile%\{4B36989F-BE86-4A21-94B1-AC154A69EA65}
  • %Program Files%\Solvusoft
  • %AppDataLocal%\IIIQF
  • %All Users Profile%\Solvusoft

(Nota: %Program Files% es la carpeta Archivos de programa predeterminada, que suele estar en C:\Archivos de programa).

. %User Temp% es la carpeta Temp del usuario activo, que en el caso de Windows 2000, XP y Server 2003 suele estar en C:\Documents and Settings\{nombre de usuario}\Local Settings\Temp).

. %System Root% es la carpeta raíz, normalmente C:\. También es la ubicación del sistema operativo).

)

Agrega las siguientes exclusiones mutuas para garantizar que solo se ejecuta una de sus copias en todo momento:

  • FileViewPro
  • Global\rdkatfwtpvtxbmjnx0bumpg53tpf22wt
  • Global\log-%System Root%_Users_{User Profile}_AppData_Local_Temp_FighterSuiteLight
  • Global\log-%System Root%_Users_{User Profile}_AppData_Roaming_Solvusoft_Solvusoft Suite_Logs_MachineId
  • SF_Solvusoft_RCPRO

(Nota: %System Root% es la carpeta raíz, normalmente C:\. También es la ubicación del sistema operativo).

)

Técnica de inicio automático

Este malware infiltra el/los archivo(s) siguiente(s) en la carpeta de inicio común de Windows para permitir su ejecución automática cada vez que se inicia el sistema:

  • %Common Startup%\FileViewPro.lnk
  • %Common Startup%\Uninstall\FileViewPro.lnk
  • %All Users Startup%\FileViewPro\FileViewPro.lnk
  • %All Users Startup%\FileViewPro\Uninstall\FileViewPro.lnk
  • %All Users Profile%\Microsoft\Windows\Start Menu\Programs\Solvusoft\WinThruster\FAQ and License Agreement\License Agreement.lnk
  • %All Users Profile%\Microsoft\Windows\Start Menu\Programs\Solvusoft\WinThruster\FAQ and License Agreement\Frequently Asked Questions.lnk
  • %All Users Profile%\Microsoft\Windows\Start Menu\Programs\Solvusoft\WinThruster\Support Tools\Collect Log Files.lnk
  • %All Users Profile%\Microsoft\Windows\Start Menu\Programs\Solvusoft\WinThruster\Support Tools\Request Support.lnk
  • %All Users Profile%\Microsoft\Windows\Start Menu\Programs\Solvusoft\WinThruster\Support Tools\Log Files.lnk

(Nota: %Common Startup% es la carpeta de inicio común del sistema, que en el caso de Windows 98 y ME suele estar en C:\Windows\Menú Inicio\Programas\Inicio, en el caso de Windows NT en C:\WINNT\Profiles\All Users\Programas\Inicio y en el caso de Windows 2000, XP y Server 2003 en C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio).

)

Otras modificaciones del sistema

Agrega las siguientes entradas de registro como parte de la rutina de instalación:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
FileViewPro_is1

HKEY_LOCAL_MACHINE\SOFTWARE\Solvusoft Corporation

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{80107F16-CB2E-42AB-AB9D-6C11540D5A8B}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
WinThruster

HKEY_CURRENT_USER\Software\Solvusoft

Agrega las siguientes entradas de registro:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
FileViewPro_is1
InstallLocation = "%Program Files%\FileViewPro\"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
FileViewPro_is1
Inno Setup: Icon Group = "FileViewPro"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
FileViewPro_is1
Inno Setup: User = "{User Profile}"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
FileViewPro_is1
Inno Setup: Selected Tasks = "desktopicon"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
FileViewPro_is1
Inno Setup: Deselected Tasks = "quicklaunchicon"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
FileViewPro_is1
Inno Setup: Language = "{Language Selected}"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
FileViewPro_is1
DisplayName = "FileViewPro"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
FileViewPro_is1
DisplayIcon = "%Program Files%\FileViewPro\FileViewPro.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
FileViewPro_is1
UninstallString = ""%Program Files%\FileViewPro\unins000.exe""

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
FileViewPro_is1
QuietUninstallString = ""%Program Files%\FileViewPro\unins000.exe"" /SILENT"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
FileViewPro_is1
DisplayVersion = "1.1.0.0"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
FileViewPro_is1
Publisher = "Solvusoft Corporation"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
FileViewPro_is1
NoModify = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
FileViewPro_is1
NoRepair = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
FileViewPro_is1
InstallDate = "{Install Date}"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
FileViewPro_is1
MajorVersion = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
FileViewPro_is1
MinorVersion = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
FileViewPro_is1
EstimatedSize = "59819"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Applications\Offer1.exe
IsHostApp = ""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Applications\WinThrusterSetup.exe
IsHostApp = ""

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{80107F16-CB2E-42AB-AB9D-6C11540D5A8B}
UninstallString = "%All Users Profile%\{Machine ID}\WinThrusterSetup.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
WinThruster
DisplayIcon = %All Users Profile%\{Machine ID}\WinThrusterSetup.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
WinThruster
DisplayName = "WinThruster"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
WinThruster
UninstallString = ""%All Users Profile%\{Machine ID}\WinThrusterSetup.exe"" REMOVE=TRUE MODIFY=FALSE"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
WinThruster
ModifyPath = "%All Users Profile%\{Machine ID}\WinThrusterSetup.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
WinThruster
Publisher = "Solvusoft Corporation"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
WinThruster
Contact = "SPAMfighter ApS"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
WinThruster
HelpLink = "http://www.spamfighter.com/SLOW-PCfighter/"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
WinThruster
URLUpdateInfo = "http://www.spamfighter.com/SLOW-PCfighter/"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
WinThruster
Comments = "All rights reserved"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
WinThruster
DisplayVersion = "1.16.7"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
WinThruster
VersionMajor = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
WinThruster
VersionMinor = "16"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
WinThruster
InstallLocation = "%Program Files%\Solvusoft\WinThruster"

HKEY_CURRENT_USER\Software\Solvusoft\
RCPRO
SyncScheduled = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\Solvusoft\
RCPRO
FLRevision = "4"

HKEY_LOCAL_MACHINE\SOFTWARE\Solvusoft\
RCPRO
lastScan =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Schedule\
TaskCache\Tasks\{Unique ID}
DynamicInfo = "{Hex Values}"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Schedule\
CompatibilityAdapter\Signatures
WinThruster-{%User Profile%}-Notification.job = "{Hex Values}"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Schedule\
CompatibilityAdapter\Signatures
WinThruster-{%User Profile%}-Notification.job.fp = "3062502989"

HKEY_LOCAL_MACHINE\SOFTWARE\Solvusoft Corporation\
FileViewPro
vid = "vid={32 random characters}"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
FileViewPro_is1
Inno Setup: Setup Version = "5.5.4 (u)"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
FileViewPro_is1
Inno Setup: App Path = "%Program Files%\FileViewPro"

Modificación de la página de inicio y de la página de búsqueda del explorador Web

Este malware modifica la configuración de zona de Internet Explorer.

Rutina de descarga

Guarda los archivos que descarga con los nombres siguientes:

  • %AppDataLocal%\FileViewPro\FileViewPro.exe_Url_jn4xqozlzppxcht2yt2wvho2bxkp31wm\1.1.0.0\2x5ni3k1.tmp
  • %AppDataLocal%\FileViewPro\FileViewPro.exe_Url_jn4xqozlzppxcht2yt2wvho2bxkp31wm\1.1.0.0\2x5ni3k1.newcfg
  • %AppDataLocal%\FileViewPro\FileViewPro.exe_Url_jn4xqozlzppxcht2yt2wvho2bxkp31wm\1.1.0.0\user.config
  • %AppDataLocal%\FileViewPro\FileViewPro.exe_Url_jn4xqozlzppxcht2yt2wvho2bxkp31wm\1.1.0.0\sjovrhsk.tmp
  • %AppDataLocal%\FileViewPro\FileViewPro.exe_Url_jn4xqozlzppxcht2yt2wvho2bxkp31wm\1.1.0.0\sjovrhsk.newcfg
  • %Application Data%\IsolatedStorage\StrongName.bgmpn5dvvxnsjnlw3sxxbpwozkllh5eq\identity.dat
  • %All Users Profile%\IsolatedStorage\dl14bzox.yks\r25l3we3.owo\StrongName.bgmpn5dvvxnsjnlw3sxxbpwozkllh5eq\identity.dat
  • %AppDataLocal%\FileViewPro\FileViewPro.exe_Url_jn4xqozlzppxcht2yt2wvho2bxkp31wm\1.1.0.0\njz4g1e1.tmp
  • %AppDataLocal%\FileViewPro\FileViewPro.exe_Url_jn4xqozlzppxcht2yt2wvho2bxkp31wm\1.1.0.0\njz4g1e1.newcfg
  • %Program Files%\Solvusoft\WinThruster\CommonToolkitSuite.cts
  • %All Users Profile%\Solvusoft\Tray\Configurations\RCPRO.xml
  • %User Temp%\FighterSuiteLight.log.txt
  • %Application Data%\Solvusoft\Solvusoft Suite\Logs\MachineId.log.txt
  • %All Users Profile%\Solvusoft\WinThruster\wxfdata.wxf.part
  • %All Users Profile%\Solvusoft\WinThruster\wxfdata.wxf.part.details
  • %All Users Profile%\Solvusoft\WinThruster\wxfdata.wxf
  • %Program Files%\FileViewPro\7z\7z.dll
  • %Program Files%\FileViewPro\Aspose.Slides.lic
  • %Program Files%\FileViewPro\Be.Windows.Forms.HexBox.dll
  • %Program Files%\FileViewPro\Code\Extended\Patch-Mode.xshd
  • %Program Files%\FileViewPro\Code\Extended\Python-Mode.xshd
  • %Program Files%\FileViewPro\Code\Extended\SQL-Mode.xshd
  • %Program Files%\FileViewPro\Cursors\PanToolCursor.cur
  • %Program Files%\FileViewPro\de\DevExpress.Data.v12.1.resources.dll
  • %Program Files%\FileViewPro\de\DevExpress.Printing.v12.1.Core.resources.dll
  • %Program Files%\FileViewPro\de\DevExpress.RichEdit.v12.1.Core.resources.dll
  • %Program Files%\FileViewPro\de\DevExpress.Utils.v12.1.resources.dll
  • %Program Files%\FileViewPro\de\DevExpress.XtraBars.v12.1.resources.dll
  • %Program Files%\FileViewPro\de\DevExpress.XtraEditors.v12.1.resources.dll
  • %Program Files%\FileViewPro\de\DevExpress.XtraGrid.v12.1.resources.dll
  • %Program Files%\FileViewPro\de\DevExpress.XtraPrinting.v12.1.resources.dll
  • %Program Files%\FileViewPro\Declarations.dll
  • %Program Files%\FileViewPro\DevExpress.Data.v12.1.dll
  • %Program Files%\FileViewPro\DevExpress.Data.v12.1.xml
  • %Program Files%\FileViewPro\DevExpress.Office.v12.1.Core.dll
  • %Program Files%\FileViewPro\DevExpress.Office.v12.1.Core.xml
  • %Program Files%\FileViewPro\DevExpress.Printing.v12.1.Core.dll
  • %Program Files%\FileViewPro\DevExpress.Printing.v12.1.Core.xml
  • %Program Files%\FileViewPro\DevExpress.RichEdit.v12.1.Core.dll
  • %Program Files%\FileViewPro\DevExpress.RichEdit.v12.1.Core.xml
  • %Program Files%\FileViewPro\DevExpress.Utils.v12.1.dll
  • %Program Files%\FileViewPro\DevExpress.Utils.v12.1.xml
  • %Program Files%\FileViewPro\DevExpress.XtraBars.v12.1.dll
  • %Program Files%\FileViewPro\DevExpress.XtraBars.v12.1.xml
  • %Program Files%\FileViewPro\DevExpress.XtraEditors.v12.1.dll
  • %Program Files%\FileViewPro\DevExpress.XtraEditors.v12.1.xml
  • %Program Files%\FileViewPro\DevExpress.XtraGrid.v12.1.dll
  • %Program Files%\FileViewPro\DevExpress.XtraGrid.v12.1.xml
  • %Program Files%\FileViewPro\DevExpress.XtraPrinting.v12.1.dll
  • %Program Files%\FileViewPro\DevExpress.XtraPrinting.v12.1.xml
  • %Program Files%\FileViewPro\DevExpress.XtraRichEdit.v12.1.Design.dll
  • %Program Files%\FileViewPro\DevExpress.XtraRichEdit.v12.1.dll
  • %Program Files%\FileViewPro\DevExpress.XtraRichEdit.v12.1.Extensions.dll
  • %Program Files%\FileViewPro\DevExpress.XtraRichEdit.v12.1.Printing.dll 11KB
  • %Program Files%\FileViewPro\DevExpress.XtraRichEdit.v12.1.xml
  • %Program Files%\FileViewPro\es\DevExpress.Data.v12.1.resources.dll
  • %Program Files%\FileViewPro\es\DevExpress.Printing.v12.1.Core.resources.dll
  • %Program Files%\FileViewPro\es\DevExpress.RichEdit.v12.1.Core.resources.dll
  • %Program Files%\FileViewPro\es\DevExpress.Utils.v12.1.resources.dll
  • %Program Files%\FileViewPro\es\DevExpress.XtraBars.v12.1.resources.dll
  • %Program Files%\FileViewPro\es\DevExpress.XtraEditors.v12.1.resources.dll
  • %Program Files%\FileViewPro\es\DevExpress.XtraGrid.v12.1.resources.dll
  • %Program Files%\FileViewPro\es\DevExpress.XtraPrinting.v12.1.resources.dll
  • %Program Files%\FileViewPro\EULA_FileViewPro.rtf
  • %Program Files%\FileViewPro\Facebook.dll
  • %Program Files%\FileViewPro\Facebook.pdb
  • %Program Files%\FileViewPro\FileViewPro.Common.dll
  • %Program Files%\FileViewPro\FileViewPro.Common.pdb
  • %Program Files%\FileViewPro\FileViewPro.exe - detected as PUA_Solvusoft.GB
  • %Program Files%\FileViewPro\FileViewPro.exe.config
  • %Program Files%\FileViewPro\FileViewPro.Facebook.dll
  • %Program Files%\FileViewPro\FileViewPro.Facebook.pdb
  • %Program Files%\FileViewPro\FileViewPro.Licensing.dll
  • %Program Files%\FileViewPro\FileViewPro.Licensing.pdb
  • %Program Files%\FileViewPro\FileViewPro.Localization.dll
  • %Program Files%\FileViewPro\FileViewPro.Localization.pdb
  • %Program Files%\FileViewPro\FileViewPro.pdb
  • %Program Files%\FileViewPro\FileViewPro.Strings.3.resources
  • %Program Files%\FileViewPro\FileViewPro.Views.dll
  • %Program Files%\FileViewPro\FileViewPro.Views.Document.dll
  • %Program Files%\FileViewPro\FileViewPro.Views.Document.pdb
  • %Program Files%\FileViewPro\FileViewPro.Views.Media.dll
  • %Program Files%\FileViewPro\FileViewPro.Views.Media.pdb
  • %Program Files%\FileViewPro\FileViewPro.Views.Message.dll
  • %Program Files%\FileViewPro\FileViewPro.Views.Message.pdb
  • %Program Files%\FileViewPro\FileViewPro.Views.Mime.dll
  • %Program Files%\FileViewPro\FileViewPro.Views.Mime.pdb
  • %Program Files%\FileViewPro\FileViewPro.Views.pdb
  • %Program Files%\FileViewPro\FileViewPro.Views.Pdf.dll
  • %Program Files%\FileViewPro\FileViewPro.Views.Pdf.pdb
  • %Program Files%\FileViewPro\FileViewPro.Views.Torrent.dll
  • %Program Files%\FileViewPro\FileViewPro.Views.Torrent.pdb
  • %Program Files%\FileViewPro\FileViewPro.Views.Wpd.dll
  • %Program Files%\FileViewPro\FileViewPro.Views.Wpd.pdb
  • %Program Files%\FileViewPro\FileViewPro.Views.Wps.dll
  • %Program Files%\FileViewPro\FileViewPro.Views.Wps.pdb
  • %Program Files%\FileViewPro\FileViewPro.Views.Xps.dll
  • %Program Files%\FileViewPro\FileViewPro.Views.Xps.pdb
  • %Program Files%\FileViewPro\FileViewPro.vshost.exe
  • %Program Files%\FileViewPro\FileViewPro.vshost.exe.config
  • %Program Files%\FileViewPro\FileViewPro.vshost.exe.manifest
  • %Program Files%\FileViewPro\ICSharpCode.SharpZipLib.dll
  • %Program Files%\FileViewPro\ICSharpCode.TextEditor.dll
  • %Program Files%\FileViewPro\ImageView.dll
  • %Program Files%\FileViewPro\ImageView.pdb
  • %Program Files%\FileViewPro\Implementation.dll
  • %Program Files%\FileViewPro\Interop.WIA.dll
  • %Program Files%\FileViewPro\IsLicense50.dll
  • %Program Files%\FileViewPro\it
  • %Program Files%\FileViewPro\ja\DevExpress.Data.v12.1.resources.dll
  • %Program Files%\FileViewPro\ja\DevExpress.Printing.v12.1.Core.resources.dll
  • %Program Files%\FileViewPro\ja\DevExpress.RichEdit.v12.1.Core.resources.dll
  • %Program Files%\FileViewPro\ja\DevExpress.Utils.v12.1.resources.dll
  • %Program Files%\FileViewPro\ja\DevExpress.XtraBars.v12.1.resources.dll
  • %Program Files%\FileViewPro\ja\DevExpress.XtraEditors.v12.1.resources.dll
  • %Program Files%\FileViewPro\ja\DevExpress.XtraGrid.v12.1.resources.dll
  • %Program Files%\FileViewPro\ja\DevExpress.XtraPrinting.v12.1.resources.dll
  • %Program Files%\FileViewPro\Langs\ar.xml
  • %Program Files%\FileViewPro\Langs\cs.xml
  • %Program Files%\FileViewPro\Langs\da.xml
  • %Program Files%\FileViewPro\Langs\de.xml
  • %Program Files%\FileViewPro\Langs\el.xml
  • %Program Files%\FileViewPro\Langs\en-US.xml
  • %Program Files%\FileViewPro\Langs\en.xml
  • %Program Files%\FileViewPro\Langs\es.xml
  • %Program Files%\FileViewPro\Langs\fi.xml
  • %Program Files%\FileViewPro\Langs\fr.xml
  • %Program Files%\FileViewPro\Langs\hi.xml
  • %Program Files%\FileViewPro\Langs\hu.xml
  • %Program Files%\FileViewPro\Langs\it.xml
  • %Program Files%\FileViewPro\Langs\ja.xml
  • %Program Files%\FileViewPro\Langs\ko.xml
  • %Program Files%\FileViewPro\Langs\nl.xml
  • %Program Files%\FileViewPro\Langs\no.xml
  • %Program Files%\FileViewPro\Langs\pl.xml
  • %Program Files%\FileViewPro\Langs\pt-br.xml
  • %Program Files%\FileViewPro\Langs\pt-pt.xml
  • %Program Files%\FileViewPro\Langs\ro.xml
  • %Program Files%\FileViewPro\Langs\ru.xml
  • %Program Files%\FileViewPro\Langs\sv.xml
  • %Program Files%\FileViewPro\Langs\tr.xml
  • %Program Files%\FileViewPro\Langs\zh-cn.xml
  • %Program Files%\FileViewPro\Langs\zh-tw.xml
  • %Program Files%\FileViewPro\LibVlcWrapper.dll
  • %Program Files%\FileViewPro\licenses.licx
  • %Program Files%\FileViewPro\Microsoft.CSharp.dll
  • %Program Files%\FileViewPro\new_icon.ico
  • %Program Files%\FileViewPro\NLog.dll
  • %Program Files%\FileViewPro\O2S.Components.PDFRender4NET.dll
  • %Program Files%\FileViewPro\O2S.Components.PDFRender4NET.xml
  • %Program Files%\FileViewPro\O2S.Components.PDFView4NET.dll
  • %Program Files%\FileViewPro\O2S.Components.PDFView4NET.xml
  • %Program Files%\FileViewPro\PaintDotNet.Base.dll
  • %Program Files%\FileViewPro\PaintDotNet.Core.dll
  • %Program Files%\FileViewPro\PaintDotNet.Data.dll
  • %Program Files%\FileViewPro\PaintDotNet.dll
  • %Program Files%\FileViewPro\PaintDotNet.Effects.dll
  • %Program Files%\FileViewPro\PaintDotNet.Resources.dll
  • %Program Files%\FileViewPro\PaintDotNet.SystemLayer.dll
  • %Program Files%\FileViewPro\PluginInstaller.exe
  • %Program Files%\FileViewPro\Plugins.xml
  • %Program Files%\FileViewPro\QlmControls.dll
  • %Program Files%\FileViewPro\QlmLicenseLib.dll
  • %Program Files%\FileViewPro\Raw\dcraw.exe
  • %Program Files%\FileViewPro\ru\DevExpress.Data.v12.1.resources.dll
  • %Program Files%\FileViewPro\ru\DevExpress.Printing.v12.1.Core.resources.dll
  • %Program Files%\FileViewPro\ru\DevExpress.RichEdit.v12.1.Core.resources.dll
  • %Program Files%\FileViewPro\ru\DevExpress.Utils.v12.1.resources.dll
  • %Program Files%\FileViewPro\ru\DevExpress.XtraBars.v12.1.resources.dll
  • %Program Files%\FileViewPro\ru\DevExpress.XtraEditors.v12.1.resources.dll
  • %Program Files%\FileViewPro\ru\DevExpress.XtraGrid.v12.1.resources.dll
  • %Program Files%\FileViewPro\ru\DevExpress.XtraPrinting.v12.1.resources.dll
  • %Program Files%\FileViewPro\SDL.dll
  • %Program Files%\FileViewPro\SevenZipSharp.dll
  • %Program Files%\FileViewPro\SimplePsd.dll
  • %Program Files%\FileViewPro\SocialExplorer.FastDBF.dll
  • %Program Files%\FileViewPro\SocialExplorer.FastDBF.pdb
  • %Program Files%\FileViewPro\Svg.dll
  • %Program Files%\FileViewPro\Svg.pdb
  • %Program Files%\FileViewPro\swscale-0.dll
  • %Program Files%\FileViewPro\System.Windows.Forms.dll
  • %Program Files%\FileViewPro\TorrentParser.dll
  • %Program Files%\FileViewPro\unassoc.bat
  • %Program Files%\FileViewPro\unins000.dat
  • %Program Files%\FileViewPro\unins000.exe
  • %Program Files%\FileViewPro\unins000.msg
  • %Program Files%\FileViewPro\Wps\wps2html.exe
  • %Program Files%\Solvusoft\WinThruster\LogFilesCollector.exe
  • %Program Files%\Solvusoft\WinThruster\MachineId.exe
  • %Program Files%\Solvusoft\WinThruster\MachineIdGateway.dll
  • %Program Files%\Solvusoft\WinThruster\MsgSys.exe
  • %Program Files%\Solvusoft\WinThruster\OEMData.pkt
  • %Program Files%\Solvusoft\WinThruster\sfhtml.dll
  • %Program Files%\Solvusoft\WinThruster\Sync.exe
  • %Program Files%\Solvusoft\WinThruster\UpDates.exe
  • %Program Files%\Solvusoft\WinThruster\WinThruster.exe - detected as PUA_Solvusoft.GB
  • %Program Files%\Solvusoft\WinThruster\CommonToolkitSuite.cts
  • %Program Files%\Solvusoft\WinThruster\CommonToolkitSuiteLight.dll
  • %Program Files%\Solvusoft\WinThruster\Documents\LicenseEN.rtf
  • %Program Files%\Solvusoft\WinThruster\Languages\Language_JA.xml
  • %Program Files%\Solvusoft\WinThruster\Languages\Language_KO.xml
  • %Program Files%\Solvusoft\WinThruster\Languages\Language_NL.xml
  • %Program Files%\Solvusoft\WinThruster\Languages\Language_NO.xml
  • %Program Files%\Solvusoft\WinThruster\Languages\Language_PL.xml
  • %Program Files%\Solvusoft\WinThruster\Languages\Language_PT.xml
  • %Program Files%\Solvusoft\WinThruster\Languages\Language_RO.xml
  • %Program Files%\Solvusoft\WinThruster\Languages\Language_RU.xml
  • %Program Files%\Solvusoft\WinThruster\Languages\Language_SV.xml
  • %Program Files%\Solvusoft\WinThruster\Languages\Language_TH.xml
  • %Program Files%\Solvusoft\WinThruster\Languages\Language_TR.xml
  • %Program Files%\Solvusoft\WinThruster\Languages\Language_TW.xml
  • %Program Files%\Solvusoft\WinThruster\Languages\Language_ZH.xml
  • %Program Files%\Solvusoft\WinThruster\Languages\Language_BG.xml
  • %Program Files%\Solvusoft\WinThruster\Languages\Language_CS.xml
  • %Program Files%\Solvusoft\WinThruster\Languages\Language_DA.xml
  • %Program Files%\Solvusoft\WinThruster\Languages\Language_DE.xml
  • %Program Files%\Solvusoft\WinThruster\Languages\Language_EL.xml
  • %Program Files%\Solvusoft\WinThruster\Languages\Language_EN.xml
  • %Program Files%\Solvusoft\WinThruster\Languages\Language_EN-US.xml
  • %Program Files%\Solvusoft\WinThruster\Languages\Language_ES.xml
  • %Program Files%\Solvusoft\WinThruster\Languages\Language_FI.xml
  • %Program Files%\Solvusoft\WinThruster\Languages\Language_FR.xml
  • %Program Files%\Solvusoft\WinThruster\Languages\Language_HR.xml
  • %Program Files%\Solvusoft\WinThruster\Languages\Language_HU.xml
  • %Program Files%\Solvusoft\WinThruster\Languages\Language_ID.xml
  • %Program Files%\Solvusoft\WinThruster\Languages\Language_IT.xml
  • %Program Files%\Solvusoft\Tray\Translations
  • %Program Files%\Solvusoft\Tray\MsgSys.exe
  • %Program Files%\Solvusoft\Tray\sfhtml.dll
  • %Program Files%\Solvusoft\Tray\SolvusoftTray.exe
  • %Program Files%\Solvusoft\Tray\SuiteClient.dll
  • %Program Files%\Solvusoft\Tray\HTML
  • %Program Files%\Solvusoft\Tray\notification
  • %Program Files%\Solvusoft\Tray\HTML\popup.css
  • %Program Files%\Solvusoft\Tray\HTML\popup.html
  • %Program Files%\Solvusoft\Tray\HTML\restart_lightbox.html
  • %Program Files%\Solvusoft\Tray\HTML\update_manager.css
  • %Program Files%\Solvusoft\Tray\HTML\Update_Manager.html
  • %Program Files%\Solvusoft\Tray\HTML\uptodate_lightbox.html
  • %Program Files%\Solvusoft\Tray\HTML\whitelabel.css
  • %Program Files%\Solvusoft\Tray\HTML\gfx - contains images used for the UI
  • %Program Files%\Solvusoft\Tray\HTML\baloon-tip.html
  • %Program Files%\Solvusoft\Tray\HTML\checking_for_updates.html
  • %Program Files%\Solvusoft\Tray\HTML\done_lightbox.html
  • %Program Files%\Solvusoft\Tray\HTML\error_lightbox.html
  • %Program Files%\Solvusoft\Tray\notification\gfx - contains icons
  • %Program Files%\Solvusoft\Tray\Translations\Language_TH.xml
  • %Program Files%\Solvusoft\Tray\Translations\Language_TR.xml
  • %Program Files%\Solvusoft\Tray\Translations\Language_TW.xml
  • %Program Files%\Solvusoft\Tray\Translations\Language_VI.xml
  • %Program Files%\Solvusoft\Tray\Translations\Language_ZH.xml
  • %Program Files%\Solvusoft\Tray\Translations\Language_AR.xml
  • %Program Files%\Solvusoft\Tray\Translations\Language_BG.xml
  • %Program Files%\Solvusoft\Tray\Translations\Language_CS.xml
  • %Program Files%\Solvusoft\Tray\Translations\Language_DA.xml
  • %Program Files%\Solvusoft\Tray\Translations\Language_DE.xml
  • %Program Files%\Solvusoft\Tray\Translations\Language_EL.xml
  • %Program Files%\Solvusoft\Tray\Translations\Language_EN.xml
  • %Program Files%\Solvusoft\Tray\Translations\Language_ES.xml
  • %Program Files%\Solvusoft\Tray\Translations\Language_FI.xml
  • %Program Files%\Solvusoft\Tray\Translations\Language_FR.xml
  • %Program Files%\Solvusoft\Tray\Translations\Language_HE.xml
  • %Program Files%\Solvusoft\Tray\Translations\Language_HR.xml
  • %Program Files%\Solvusoft\Tray\Translations\Language_HU.xml
  • %Program Files%\Solvusoft\Tray\Translations\Language_ID.xml
  • %Program Files%\Solvusoft\Tray\Translations\Language_IT.xml
  • %Program Files%\Solvusoft\Tray\Translations\Language_JA.xml
  • %Desktop%\FileViewPro.lnk
  • %All Users Profile%\{4B36989F-BE86-4A21-94B1-AC154A69EA65}\{80107F16-CB2E-42AB-AB9D-6C11540D5A8B}
  • %All Users Profile%\{4B36989F-BE86-4A21-94B1-AC154A69EA65}\WinThrusterSetup.exe
  • %All Users Profile%\{4B36989F-BE86-4A21-94B1-AC154A69EA65}\WinThrusterSetup.msi
  • %All Users Profile%\{4B36989F-BE86-4A21-94B1-AC154A69EA65}\WinThrusterSetup.res
  • %All Users Profile%\{4B36989F-BE86-4A21-94B1-AC154A69EA65}\mia.lib
  • %All Users Profile%\{4B36989F-BE86-4A21-94B1-AC154A69EA65}\setup.bmp
  • %All Users Profile%\{4B36989F-BE86-4A21-94B1-AC154A69EA65}\WinThrusterSetup.dat
  • %All Users Profile%\{4B36989F-BE86-4A21-94B1-AC154A69EA65}\WinThrusterSetup.par
  • %All Users Profile%\{4B36989F-BE86-4A21-94B1-AC154A69EA65}\WinThrusterSetup.lnk
  • %All Users Profile%\{4B36989F-BE86-4A21-94B1-AC154A69EA65}\instance.dat
  • %All Users Profile%\Solvusoft\Tray\Configurations\TKTRAY.xml
  • %Program Files%\Solvusoft\Tray\notification\popup.css
  • %Program Files%\Solvusoft\Tray\notification\popup.html
  • %Program Files%\Solvusoft\Tray\Translations\Language_KO.xml
  • %Program Files%\Solvusoft\Tray\Translations\Language_NL.xml
  • %Program Files%\Solvusoft\Tray\Translations\Language_NO.xml
  • %Program Files%\Solvusoft\Tray\Translations\Language_PL.xml
  • %Program Files%\Solvusoft\Tray\Translations\Language_PT.xml
  • %Program Files%\Solvusoft\Tray\Translations\Language_RO.xml
  • %Program Files%\Solvusoft\Tray\Translations\Language_RU.xml
  • %Program Files%\Solvusoft\Tray\Translations\Language_SV.xml

(Nota: %Application Data% es la carpeta Application Data del usuario activo, que en el caso de Windows 98 y ME suele estar ubicada en C:\Windows\Profiles\{nombre de usuario}\Application Data, en el caso de Windows NT en C:\WINNT\Profiles\{nombre de usuario}\Application Data y en el caso de Windows 2000, XP y Server 2003 en C:\Documents and Settings\{nombre de usuario}\Local Settings\Application Data).

. %Program Files% es la carpeta Archivos de programa predeterminada, que suele estar en C:\Archivos de programa).

. %User Temp% es la carpeta Temp del usuario activo, que en el caso de Windows 2000, XP y Server 2003 suele estar en C:\Documents and Settings\{nombre de usuario}\Local Settings\Temp).

. %Desktop% es la carpeta Escritorio del usuario activo, que en el caso de Windows 98 y ME suele estar en C:\Windows\Profiles\{nombre de usuario}\Escritorio, en el caso de Windows NT en C:\WINNT\Profiles\{nombre de usuario}\Escritorio y en el caso de Windows 2000, XP y Server 2003 en C:\Documents and Settings\{nombre de usuario}\Escritorio).

)

  SOLUTION

Minimum scan engine: 9.850
SSAPI Pattern-Datei: 1.821.00
SSAPI Pattern veröffentlicht am: 22 de marca de 2017

Step 1

Los usuarios de Windows ME y XP, antes de llevar a cabo cualquier exploración, deben comprobar que tienen desactivada la opción Restaurar sistema para permitir la exploración completa del equipo.

Step 3

Eliminar esta clave del Registro

[ learnMore ]

Importante: si modifica el Registro de Windows incorrectamente, podría hacer que el sistema funcione mal de manera irreversible. Lleve a cabo este paso solo si sabe cómo hacerlo o si puede contar con ayuda de su administrador del sistema. De lo contrario, lea este artículo de Microsoft antes de modificar el Registro del equipo.

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileViewPro_is1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Solvusoft Corporation
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{80107F16-CB2E-42AB-AB9D-6C11540D5A8B}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinThruster
  • HKEY_CURRENT_USER\Software\Solvusoft

Step 4

Eliminar este valor del Registro

[ learnMore ]

Importante: si modifica el Registro de Windows incorrectamente, podría hacer que el sistema funcione mal de manera irreversible. Lleve a cabo este paso solo si sabe cómo hacerlo o si puede contar con ayuda de su administrador del sistema. De lo contrario, lea este artículo de Microsoft antes de modificar el Registro del equipo.

  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\Offer1.exe
    • IsHostApp = ""
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\WinThrusterSetup.exe
    • IsHostApp = ""
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures
    • WinThruster-{%User Profile%}-Notification.job = "{Hex Values}"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures
    • WinThruster-{%User Profile%}-Notification.job.fp = "3062502989"

Step 5

Deleting Scheduled Tasks

  1. Abra el Administrador de tareas de Windows. Haga clic en Inicio>Programas>Accesorios>
    Herramientas del sistema>Administrador de tareas.
  2. Busque las tareas que tengan el siguiente valor en la columna Programa:
    !!!REPLACE THIS!!!
  3. Haga clic con el botón derecho del ratón en el archivo o archivos que tengan el valor indicado.
  4. Haga clic en Propiedades. En el campo Ejecutar, busque la siguiente cadena:
    Cmd /c /rd /s /q C:
  5. Si la encuentra, elimine la tarea.

Step 6

Buscar y eliminar esta carpeta

[ learnMore ]
Asegúrese de que tiene activada la casilla Buscar archivos y carpetas ocultos en la opción Más opciones avanzadas para que el resultado de la búsqueda incluya todas las carpetas ocultas.
  • %All Users Profile%\{4B36989F-BE86-4A21-94B1-AC154A69EA65}
  • %All Users Profile%\Solvusoft
  • %AppDataLocal%\FileViewPro
  • %AppDataLocal%\IIIQF
  • %Program Files%\FileViewPro
  • %Program Files%\Solvusoft
  • %User Temp%\ns{5 random characters}.tmp
  • %System Root%\Spacekace

Step 7

Buscar y eliminar estos archivos

[ learnMore ]
Puede que algunos de los archivos del componente estén ocultos. Asegúrese de que tiene activada la casilla Buscar archivos y carpetas ocultos en la opción "Más opciones avanzadas" para que el resultado de la búsqueda incluya todos los archivos y carpetas ocultos.
  • %Common Startup%\FileViewPro.lnk
  • %Common Startup%\Uninstall\FileViewPro.lnk
  • %All Users Startup%\FileViewPro\FileViewPro.lnk
  • %All Users Startup%\FileViewPro\Uninstall\FileViewPro.lnk
  • %All Users Profile%\Microsoft\Windows\Start Menu\Programs\Solvusoft\WinThruster\FAQ and License Agreement\License Agreement.lnk
  • %All Users Profile%\Microsoft\Windows\Start Menu\Programs\Solvusoft\WinThruster\FAQ and License Agreement\Frequently Asked Questions.lnk
  • %All Users Profile%\Microsoft\Windows\Start Menu\Programs\Solvusoft\WinThruster\Support Tools\Collect Log Files.lnk
  • %All Users Profile%\Microsoft\Windows\Start Menu\Programs\Solvusoft\WinThruster\Support Tools\Request Support.lnk
  • %All Users Profile%\Microsoft\Windows\Start Menu\Programs\Solvusoft\WinThruster\Support Tools\Log Files.lnk
  • %Desktop%\FileViewPro.lnk
  • %Windows%\Tasks\WinThruster-{%User Profile%}-Startup.job
  • %Windows%\Tasks\WinThruster-{%User Profile%}-Notification.job
  • %System%\Tasks\WinThruster-{%User Profile%}-Notification
  • %System%\Tasks\WinThruster-{%User Profile%}-Startup
DATA_GENERIC_FILENAME_1
  • En la lista desplegable Buscar en, seleccione Mi PC y pulse Intro.
  • Una vez haya encontrado el archivo, selecciónelo y, a continuación, pulse MAYÚS+SUPR para eliminarlo definitivamente.
  • Repita los pasos 2 a 4 con el resto de archivos:
      • %Common Startup%\FileViewPro.lnk
      • %Common Startup%\Uninstall\FileViewPro.lnk
      • %All Users Startup%\FileViewPro\FileViewPro.lnk
      • %All Users Startup%\FileViewPro\Uninstall\FileViewPro.lnk
      • %All Users Profile%\Microsoft\Windows\Start Menu\Programs\Solvusoft\WinThruster\FAQ and License Agreement\License Agreement.lnk
      • %All Users Profile%\Microsoft\Windows\Start Menu\Programs\Solvusoft\WinThruster\FAQ and License Agreement\Frequently Asked Questions.lnk
      • %All Users Profile%\Microsoft\Windows\Start Menu\Programs\Solvusoft\WinThruster\Support Tools\Collect Log Files.lnk
      • %All Users Profile%\Microsoft\Windows\Start Menu\Programs\Solvusoft\WinThruster\Support Tools\Request Support.lnk
      • %All Users Profile%\Microsoft\Windows\Start Menu\Programs\Solvusoft\WinThruster\Support Tools\Log Files.lnk
      • %Desktop%\FileViewPro.lnk
      • %Windows%\Tasks\WinThruster-{%User Profile%}-Startup.job
      • %Windows%\Tasks\WinThruster-{%User Profile%}-Notification.job
      • %System%\Tasks\WinThruster-{%User Profile%}-Notification
      • %System%\Tasks\WinThruster-{%User Profile%}-Startup
  • Step 8

    Restablecer la configuración de seguridad de Internet

    [ learnMore ]

    Step 10

    Explorar el equipo con su producto de Trend Micro para eliminar los archivos detectados como PUA_SOLVUSOFT.GB En caso de que el producto de Trend Micro ya haya limpiado, eliminado o puesto en cuarentena los archivos detectados, no serán necesarios más pasos. Puede optar simplemente por eliminar los archivos en cuarentena. Consulte esta página de Base de conocimientos para obtener más información.


    Did this description help? Tell us how we did.