PUA.Win32.SysCeo.A
GenericR-ETA!814EF8E2DF03 (McAfee); Trojan.Gen (Symantec); Trojan.Win32.SelfDel.bfgu (Kaspersky); Trojan.Win32.Generic!BT (Sunbelt)
Windows
Tipo de malware
Potentially Unwanted Application
Destructivo?
No
Cifrado
In the Wild:
Sí
Resumen y descripción
Este malware se elimina tras la ejecución.
Detalles técnicos
Instalación
Agrega los procesos siguientes:
- %Windows%\temp\~sckuvc.tmp\sczip.sc X "vc2005.7z" -R -Y
- cmd /c msiexec /i "%Windows%\temp\~sckuvc.tmp\VC2005\vcredist.msi" /qn
- cmd /c ping 127.0.0.1 & del /f /q "%User Temp%\73d796e591b38c8d20ed9297ab3490bda1a911bb.exe"
- msiexec /i "%Windows%\temp\~sckuvc.tmp\VC2005\vcredist.msi" /qn
- %System%\PING.EXE ping 127.0.0.1
(Nota: %Windows% es la carpeta de Windows, que suele estar en C:\Windows o C:\WINNT).
. %User Temp% es la carpeta Temp del usuario activo, que en el caso de Windows 2000(32-bit), XP y Server 2003(32-bit) suele estar en C:\Documents and Settings\{nombre de usuario}\Local Settings\Temp y en el case de Windows Vista, 7, 8, 8.1, 2008(64-bit), 2012(64-bit) y 10(64-bit) en C:\Users\{nombre de usuario}\AppData\Local\Temp).. %System% es la carpeta del sistema de Windows, que en el caso de Windows 98 y ME suele estar en C:\Windows\System, en el caso de Windows NT y 2000 en C:\WINNT\System32 y en el caso de Windows 2000(32-bit), XP, Server 2003(32-bit), Vista, 7, 8, 8.1, 2008(64-bit), 2012(64bit) y 10(64-bit) en C:\Windows\System32).)Crea las carpetas siguientes:
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Policies\u1sw1o0k.9hi
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Policies\m3oqdoe3.l2
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Policies
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Manifests
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\53t3z6j5.7ag
- %Windows%\Temp\~sckuvc.tmp\VC2005\Program Files\Common Files\Microsoft Shared
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\t9qi6zyr.zqi
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\vxgs54we.kj4
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\fd6uew4i.4ha
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\n3oqdoe3.l2
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\b2rg91xw.1p4
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\v9qi6zyr.zqi
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Policies\ed6uew4i.4ha
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\73t3z6j5.7ag
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Policies\i4auwzcy.rsh
- %Windows%\Temp\~sckuvc.tmp\VC2005\Program Files\Common Files
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\7z1v718o.6n8
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Policies\uxgs54we.kj4
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\refn04mk.ve6
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\92rg91xw.1p4
- %Windows%\Temp\~sckuvc.tmp\VC2005\Program Files
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\system32
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\system32\Ansi
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\j4auwzcy.rsh
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\pefn04mk.ve6
- %Windows%\Temp\~sckuvc.tmp
- %Windows%\Temp\~sckuvc.tmp\VC2005
- %Windows%\Temp\~sckuvc.tmp\VC2005\Program Files\Common Files\Microsoft Shared\VC
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\5z1v718o.6n8
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\v1sw1o0k.9hi
(Nota: %Windows% es la carpeta de Windows, que suele estar en C:\Windows o C:\WINNT).
)Rutina de infiltración
Infiltra los archivos siguientes:
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\b2rg91xw.1p4\msvcp80.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Manifests\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6229_x-ww_6ad2c555.manifest
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Manifests\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.6229_x-ww_45a306ec.manifest
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\b2rg91xw.1p4\msvcr80.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\pefn04mk.ve6\mfc80ITA.dll
- %Windows%\Temp\~sckuvc.tmp\vc2005.7z
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\92rg91xw.1p4\msvcp80.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\7z1v718o.6n8\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6229_x-ww_1583ac57.manifest
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\vxgs54we.kj4\8.0.50727.6229.policy
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\pefn04mk.ve6\mfc80CHS.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\j4auwzcy.rsh\8.0.50727.6229.policy
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\fd6uew4i.4ha
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\refn04mk.ve6\mfc80ESP.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\v1sw1o0k.9hi\8.0.50727.6229.cat
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\pefn04mk.ve6\mfc80FRA.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\refn04mk.ve6\mfc80FRA.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\92rg91xw.1p4\msvcm80.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\system32\msvcm80.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Policies\i4auwzcy.rsh
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\pefn04mk.ve6\mfc80CHT.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\refn04mk.ve6\mfc80JPN.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\pefn04mk.ve6\mfc80ESP.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\system32\Ansi\ATL80.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Policies\uxgs54we.kj4
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\refn04mk.ve6
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Policies\ed6uew4i.4ha\8.0.50727.6229.policy
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\system32\mfc80JPN.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\system32\mfc80CHS.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\system32\msvcp80.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Policies\m3oqdoe3.l2\8.0.50727.6229.cat
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\refn04mk.ve6\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6229_x-ww_6ad2c555.manifest
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Manifests\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6229_x-ww_449d3952.manifest
- %Windows%\Temp\~sckuvc.tmp\VC2005\vcredist.msi
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Policies\i4auwzcy.rsh\8.0.50727.6229.policy
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\system32\mfc80ENU.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\v9qi6zyr.zqi\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.6229_x-ww_45a306ec.cat
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Manifests\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6229_x-ww_a53d26c6.cat
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\system32\Ansi
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Manifests\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6229_x-ww_449d3952.cat
- %Windows%\Temp\~sckuvc.tmp\VC2005
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\refn04mk.ve6\mfc80CHT.dll
- %Windows%\Temp\~sckuvc.tmp\sczip.sc
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\7z1v718o.6n8\mfc80u.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Policies\u1sw1o0k.9hi
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\system32\msvcr80.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Policies\m3oqdoe3.l2
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Policies
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\j4auwzcy.rsh\8.0.50727.6229.cat
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Manifests\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6229_x-ww_a53d26c6.manifest
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\53t3z6j5.7ag
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\system32\mfcm80u.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\t9qi6zyr.zqi
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Policies\ed6uew4i.4ha\8.0.50727.6229.cat
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\refn04mk.ve6\mfc80ITA.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Policies\i4auwzcy.rsh\8.0.50727.6229.cat
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\b2rg91xw.1p4
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\system32\mfc80.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\fd6uew4i.4ha\8.0.50727.6229.policy
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\73t3z6j5.7ag
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\v9qi6zyr.zqi\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.6229_x-ww_45a306ec.manifest
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Manifests\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6229_x-ww_1583ac57.cat
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\7z1v718o.6n8
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Manifests\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6229_x-ww_6ad2c555.cat
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\92rg91xw.1p4
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\7z1v718o.6n8\mfcm80.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\92rg91xw.1p4\msvcr80.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\refn04mk.ve6\mfc80DEU.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\b2rg91xw.1p4\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6229_x-ww_449d3952.cat
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\v9qi6zyr.zqi\vcomp.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\pefn04mk.ve6\mfc80ENU.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\system32
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\v1sw1o0k.9hi\8.0.50727.6229.policy
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\refn04mk.ve6\mfc80ENU.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\refn04mk.ve6\mfc80CHS.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\system32\mfcm80.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Policies\uxgs54we.kj4\8.0.50727.6229.cat
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\5z1v718o.6n8\mfc80u.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\73t3z6j5.7ag\ATL80.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\system32\mfc80KOR.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Program Files\Common Files\Microsoft Shared\VC\msdia80.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Policies\m3oqdoe3.l2\8.0.50727.6229.policy
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\73t3z6j5.7ag\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6229_x-ww_a53d26c6.manifest
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\refn04mk.ve6\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6229_x-ww_6ad2c555.cat
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\vxgs54we.kj4
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\n3oqdoe3.l2
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Policies\ed6uew4i.4ha
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\system32\mfc80DEU.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\system32\mfc80ITA.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\7z1v718o.6n8\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6229_x-ww_1583ac57.cat
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Manifests\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6229_x-ww_1583ac57.manifest
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Policies\uxgs54we.kj4\8.0.50727.6229.policy
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\5z1v718o.6n8\mfcm80.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Manifests\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.6229_x-ww_45a306ec.cat
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\7z1v718o.6n8\mfc80.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\5z1v718o.6n8\mfc80.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Program Files
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\n3oqdoe3.l2\8.0.50727.6229.cat
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\pefn04mk.ve6\mfc80JPN.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\v1sw1o0k.9hi
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\pefn04mk.ve6\mfc80KOR.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\pefn04mk.ve6\mfc80DEU.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\system32\mfc80CHT.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\system32\ATL80.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Manifests
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\b2rg91xw.1p4\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6229_x-ww_449d3952.manifest
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\refn04mk.ve6\mfc80KOR.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Program Files\Common Files\Microsoft Shared
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\73t3z6j5.7ag\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6229_x-ww_a53d26c6.cat
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\system32\mfc80ESP.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\v9qi6zyr.zqi
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\system32\mfc80u.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\5z1v718o.6n8\mfcm80u.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Policies\u1sw1o0k.9hi\8.0.50727.6229.cat
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\system32\vcomp.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\fd6uew4i.4ha\8.0.50727.6229.cat
- %Windows%\Temp\~sckuvc.tmp\VC2005\Program Files\Common Files
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\t9qi6zyr.zqi\vcomp.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\53t3z6j5.7ag\ATL80.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\b2rg91xw.1p4\msvcm80.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\system32\mfc80FRA.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Policies\u1sw1o0k.9hi\8.0.50727.6229.policy
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\n3oqdoe3.l2\8.0.50727.6229.policy
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\7z1v718o.6n8\mfcm80u.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\j4auwzcy.rsh
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\vxgs54we.kj4\8.0.50727.6229.cat
- %Windows%\Temp\~sckuvc.tmp\VC2005\Program Files\Common Files\Microsoft Shared\VC
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\5z1v718o.6n8
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\pefn04mk.ve6
(Nota: %Windows% es la carpeta de Windows, que suele estar en C:\Windows o C:\WINNT).
)Otros detalles
Este malware se elimina tras la ejecución.
Soluciones
Step 1
Los usuarios de Windows ME y XP, antes de llevar a cabo cualquier exploración, deben comprobar que tienen desactivada la opción Restaurar sistema para permitir la exploración completa del equipo.
Step 2
Identificar y terminar los archivos detectados como PUA.Win32.SysCeo.A
- Para los usuarios de Windows 98 y ME, puede que el Administrador de tareas de Windows no muestre todos los procesos en ejecución. En tal caso, utilice un visor de procesos de una tercera parte (preferiblemente, el Explorador de procesos) para terminar el archivo de malware/grayware/spyware. Puede descargar la herramienta en cuestión aquí.
- Si el archivo detectado aparece en el Administrador de tareas o en el Explorador de procesos, pero no puede eliminarlo, reinicie el equipo en modo seguro. Para ello, consulte este enlace para obtener todos los pasos necesarios.
- Si el archivo detectado no se muestra en el Administrador de tareas o el Explorador de procesos, prosiga con los pasos que se indican a continuación.
Step 3
Buscar y eliminar estos archivos
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\b2rg91xw.1p4\msvcp80.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Manifests\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6229_x-ww_6ad2c555.manifest
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Manifests\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.6229_x-ww_45a306ec.manifest
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\b2rg91xw.1p4\msvcr80.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\pefn04mk.ve6\mfc80ITA.dll
- %Windows%\Temp\~sckuvc.tmp\vc2005.7z
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\92rg91xw.1p4\msvcp80.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\7z1v718o.6n8\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6229_x-ww_1583ac57.manifest
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\vxgs54we.kj4\8.0.50727.6229.policy
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\pefn04mk.ve6\mfc80CHS.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\j4auwzcy.rsh\8.0.50727.6229.policy
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\fd6uew4i.4ha
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\refn04mk.ve6\mfc80ESP.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\v1sw1o0k.9hi\8.0.50727.6229.cat
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\pefn04mk.ve6\mfc80FRA.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\refn04mk.ve6\mfc80FRA.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\92rg91xw.1p4\msvcm80.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\system32\msvcm80.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Policies\i4auwzcy.rsh
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\pefn04mk.ve6\mfc80CHT.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\refn04mk.ve6\mfc80JPN.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\pefn04mk.ve6\mfc80ESP.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\system32\Ansi\ATL80.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Policies\uxgs54we.kj4
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\refn04mk.ve6
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Policies\ed6uew4i.4ha\8.0.50727.6229.policy
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\system32\mfc80JPN.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\system32\mfc80CHS.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\system32\msvcp80.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Policies\m3oqdoe3.l2\8.0.50727.6229.cat
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\refn04mk.ve6\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6229_x-ww_6ad2c555.manifest
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Manifests\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6229_x-ww_449d3952.manifest
- %Windows%\Temp\~sckuvc.tmp\VC2005\vcredist.msi
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Policies\i4auwzcy.rsh\8.0.50727.6229.policy
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\system32\mfc80ENU.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\v9qi6zyr.zqi\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.6229_x-ww_45a306ec.cat
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Manifests\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6229_x-ww_a53d26c6.cat
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\system32\Ansi
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Manifests\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6229_x-ww_449d3952.cat
- %Windows%\Temp\~sckuvc.tmp\VC2005
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\refn04mk.ve6\mfc80CHT.dll
- %Windows%\Temp\~sckuvc.tmp\sczip.sc
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\7z1v718o.6n8\mfc80u.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Policies\u1sw1o0k.9hi
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\system32\msvcr80.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Policies\m3oqdoe3.l2
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Policies
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\j4auwzcy.rsh\8.0.50727.6229.cat
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Manifests\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6229_x-ww_a53d26c6.manifest
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\53t3z6j5.7ag
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\system32\mfcm80u.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\t9qi6zyr.zqi
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Policies\ed6uew4i.4ha\8.0.50727.6229.cat
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\refn04mk.ve6\mfc80ITA.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Policies\i4auwzcy.rsh\8.0.50727.6229.cat
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\b2rg91xw.1p4
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\system32\mfc80.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\fd6uew4i.4ha\8.0.50727.6229.policy
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\73t3z6j5.7ag
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\v9qi6zyr.zqi\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.6229_x-ww_45a306ec.manifest
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Manifests\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6229_x-ww_1583ac57.cat
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\7z1v718o.6n8
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Manifests\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6229_x-ww_6ad2c555.cat
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\92rg91xw.1p4
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\7z1v718o.6n8\mfcm80.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\92rg91xw.1p4\msvcr80.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\refn04mk.ve6\mfc80DEU.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\b2rg91xw.1p4\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6229_x-ww_449d3952.cat
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\v9qi6zyr.zqi\vcomp.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\pefn04mk.ve6\mfc80ENU.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\system32
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\v1sw1o0k.9hi\8.0.50727.6229.policy
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\refn04mk.ve6\mfc80ENU.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\refn04mk.ve6\mfc80CHS.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\system32\mfcm80.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Policies\uxgs54we.kj4\8.0.50727.6229.cat
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\5z1v718o.6n8\mfc80u.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\73t3z6j5.7ag\ATL80.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\system32\mfc80KOR.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Program Files\Common Files\Microsoft Shared\VC\msdia80.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Policies\m3oqdoe3.l2\8.0.50727.6229.policy
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\73t3z6j5.7ag\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6229_x-ww_a53d26c6.manifest
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\refn04mk.ve6\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6229_x-ww_6ad2c555.cat
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\vxgs54we.kj4
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\n3oqdoe3.l2
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Policies\ed6uew4i.4ha
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\system32\mfc80DEU.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\system32\mfc80ITA.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\7z1v718o.6n8\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6229_x-ww_1583ac57.cat
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Manifests\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6229_x-ww_1583ac57.manifest
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Policies\uxgs54we.kj4\8.0.50727.6229.policy
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\5z1v718o.6n8\mfcm80.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Manifests\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.6229_x-ww_45a306ec.cat
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\7z1v718o.6n8\mfc80.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\5z1v718o.6n8\mfc80.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Program Files
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\n3oqdoe3.l2\8.0.50727.6229.cat
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\pefn04mk.ve6\mfc80JPN.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\v1sw1o0k.9hi
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\pefn04mk.ve6\mfc80KOR.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\pefn04mk.ve6\mfc80DEU.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\system32\mfc80CHT.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\system32\ATL80.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Manifests
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\b2rg91xw.1p4\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6229_x-ww_449d3952.manifest
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\refn04mk.ve6\mfc80KOR.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Program Files\Common Files\Microsoft Shared
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\73t3z6j5.7ag\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6229_x-ww_a53d26c6.cat
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\system32\mfc80ESP.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\v9qi6zyr.zqi
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\system32\mfc80u.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\5z1v718o.6n8\mfcm80u.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Policies\u1sw1o0k.9hi\8.0.50727.6229.cat
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\system32\vcomp.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\fd6uew4i.4ha\8.0.50727.6229.cat
- %Windows%\Temp\~sckuvc.tmp\VC2005\Program Files\Common Files
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\t9qi6zyr.zqi\vcomp.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\53t3z6j5.7ag\ATL80.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\b2rg91xw.1p4\msvcm80.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\system32\mfc80FRA.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Policies\u1sw1o0k.9hi\8.0.50727.6229.policy
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\n3oqdoe3.l2\8.0.50727.6229.policy
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\7z1v718o.6n8\mfcm80u.dll
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\j4auwzcy.rsh
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\vxgs54we.kj4\8.0.50727.6229.cat
- %Windows%\Temp\~sckuvc.tmp\VC2005\Program Files\Common Files\Microsoft Shared\VC
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\5z1v718o.6n8
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\pefn04mk.ve6
Step 4
Buscar y eliminar estas carpetas
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Policies\u1sw1o0k.9hi
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Policies\m3oqdoe3.l2
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Policies
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Manifests
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\53t3z6j5.7ag
- %Windows%\Temp\~sckuvc.tmp\VC2005\Program Files\Common Files\Microsoft Shared
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\t9qi6zyr.zqi
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\vxgs54we.kj4
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\fd6uew4i.4ha
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\n3oqdoe3.l2
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\b2rg91xw.1p4
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\v9qi6zyr.zqi
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Policies\ed6uew4i.4ha
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\73t3z6j5.7ag
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Policies\i4auwzcy.rsh
- %Windows%\Temp\~sckuvc.tmp\VC2005\Program Files\Common Files
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\7z1v718o.6n8
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\Policies\uxgs54we.kj4
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\refn04mk.ve6
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\92rg91xw.1p4
- %Windows%\Temp\~sckuvc.tmp\VC2005\Program Files
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\system32
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\system32\Ansi
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\j4auwzcy.rsh
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\pefn04mk.ve6
- %Windows%\Temp\~sckuvc.tmp
- %Windows%\Temp\~sckuvc.tmp\VC2005
- %Windows%\Temp\~sckuvc.tmp\VC2005\Program Files\Common Files\Microsoft Shared\VC
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\5z1v718o.6n8
- %Windows%\Temp\~sckuvc.tmp\VC2005\Windows\winsxs\v1sw1o0k.9hi
Step 5
Explorar el equipo con su producto de Trend Micro para eliminar los archivos detectados como PUA.Win32.SysCeo.A En caso de que el producto de Trend Micro ya haya limpiado, eliminado o puesto en cuarentena los archivos detectados, no serán necesarios más pasos. Puede optar simplemente por eliminar los archivos en cuarentena. Consulte esta página de Base de conocimientos para obtener más información.
Rellene nuestra encuesta!