PUA_DOWNAD.GA

Publish date: 22 de enero de 2018

Análisis realizado por : John Anthony Banes

Plataforma:

Windows

Riesgo general:

Potencial de destrucción:

Potencial de distribución:

Infección divulgada:

Revelación de la información:

Bajo

Medio

High

Crítico

Tipo de malware
Potentially Unwanted Application
Destructivo?
No
Cifrado
In the Wild:
Sí

Resumen y descripción

Puede haberlo instalado manualmente un usuario.

Detalles técnicos

Tamaño del archivo 14,937,152 bytes

Tipo de archivo EXE

Residente en memoria No

Fecha de recepción de las muestras iniciales 15 de enero de 2018

Detalles de entrada

Puede haberlo instalado manualmente un usuario.

Instalación

Infiltra los archivos siguientes:

%Application Data%\ESTsoft\ALUpdate\Log\ALUpdate.log
%Application Data%\ESTsoft\Cooperation\shopping_zum.ico
%Program Files%\ESTsoft\ALUpdate\알툴즈 업데이트.lnk
%Program Files%\ESTsoft\ALUpdate\ALAd.dll
%Program Files%\ESTsoft\ALUpdate\ALUpdate.exe
%Program Files%\ESTsoft\ALUpdate\ALUpdateEx.dll
%Program Files%\ESTsoft\ALUpdate\ALUpExt.exe
%Program Files%\ESTsoft\ALUpdate\ALUpProduct.exe
%Program Files%\ESTsoft\ALUpdate\AZMain.dll
%Program Files%\ESTsoft\ALUpdate\Banner.ini
%Program Files%\ESTsoft\ALUpdate\cacerts.pem
%Program Files%\ESTsoft\ALUpdate\eausvc.exe
%Program Files%\ESTsoft\ALUpdate\ezt.exe
%Program Files%\ESTsoft\ALUpdate\ko-kr.dll
%Program Files%\ESTsoft\ALUpdate\ns{random characters}.tmp
%Program Files%\ESTsoft\ALUpdate\Simple_ALUpdate.gif
%Program Files%\ESTsoft\ALUpdate\Simple_Co.gif
%Program Files%\ESTsoft\ALUpdate\Simple_Public.gif
%Program Files%\ESTsoft\ALUpdate\unins000.exe
%Program Files%\ESTsoft\ALZip\알집.lnk
%Program Files%\ESTsoft\ALZip\7za.dll
%Program Files%\ESTsoft\ALZip\About.swf
%Program Files%\ESTsoft\ALZip\ALAd.dll
%Program Files%\ESTsoft\ALZip\ALMountConn.dll
%Program Files%\ESTsoft\ALZip\ALMountDrv.sys
%Program Files%\ESTsoft\ALZip\ALMountDrv64.sys
%Program Files%\ESTsoft\ALZip\ALMountService.exe
%Program Files%\ESTsoft\ALZip\ALMountTray.exe
%Program Files%\ESTsoft\ALZip\ALSTS.dll
%Program Files%\ESTsoft\ALZip\ALUpdate.dll
%Program Files%\ESTsoft\ALZip\ALZip.exe
%Program Files%\ESTsoft\ALZip\ALZipCon.exe
%Program Files%\ESTsoft\ALZip\ALZipIcon.dll
%Program Files%\ESTsoft\ALZip\AZCTM.dll
%Program Files%\ESTsoft\ALZip\AZCTM64.dll
%Program Files%\ESTsoft\ALZip\Banner\DefBanner2.gif
%Program Files%\ESTsoft\ALZip\Banner\DefBanner3.gif
%Program Files%\ESTsoft\ALZip\Cabinet.dll
%Program Files%\ESTsoft\ALZip\Coders\AZO.dll
%Program Files%\ESTsoft\ALZip\Coders\BZ2.dll
%Program Files%\ESTsoft\ALZip\Coders\Coder7z.dll
%Program Files%\ESTsoft\ALZip\Coders\Deflate.dll
%Program Files%\ESTsoft\ALZip\Coders\Implode.dll
%Program Files%\ESTsoft\ALZip\Coders\LZH.dll
%Program Files%\ESTsoft\ALZip\Coders\LZMA.dll
%Program Files%\ESTsoft\ALZip\Coders\PPMD.dll
%Program Files%\ESTsoft\ALZip\dbghelp.dll
%Program Files%\ESTsoft\ALZip\ECRSC.dll
%Program Files%\ESTsoft\ALZip\ECRSC_KR.dll
%Program Files%\ESTsoft\ALZip\EGGSFX.sfx
%Program Files%\ESTsoft\ALZip\EULA.rtf
%Program Files%\ESTsoft\ALZip\Formats\7z.dll
%Program Files%\ESTsoft\ALZip\Formats\Ace.dll
%Program Files%\ESTsoft\ALZip\Formats\Alz.dll
%Program Files%\ESTsoft\ALZip\Formats\BZip.dll
%Program Files%\ESTsoft\ALZip\Formats\Cab.dll
%Program Files%\ESTsoft\ALZip\Formats\CDImage.dll
%Program Files%\ESTsoft\ALZip\Formats\Egg.dll
%Program Files%\ESTsoft\ALZip\Formats\ETC.dll
%Program Files%\ESTsoft\ALZip\Formats\GZip.dll
%Program Files%\ESTsoft\ALZip\Formats\Lha.dll
%Program Files%\ESTsoft\ALZip\Formats\Rar.dll
%Program Files%\ESTsoft\ALZip\Formats\Tar.dll
%Program Files%\ESTsoft\ALZip\Formats\Zip.dll
%Program Files%\ESTsoft\ALZip\gdiplus.dll
%Program Files%\ESTsoft\ALZip\icudt42.dll
%Program Files%\ESTsoft\ALZip\icuuc42.dll
%Program Files%\ESTsoft\ALZip\LGPL.txt
%Program Files%\ESTsoft\ALZip\libETC.dll
%Program Files%\ESTsoft\ALZip\License.txt
%Program Files%\ESTsoft\ALZip\MFC90KOR.dll
%Program Files%\ESTsoft\ALZip\mfc90u.dll
%Program Files%\ESTsoft\ALZip\Microsoft.VC90.CRT.manifest
%Program Files%\ESTsoft\ALZip\Microsoft.VC90.MFC.manifest
%Program Files%\ESTsoft\ALZip\Microsoft.VC90.MFCLOC.manifest
%Program Files%\ESTsoft\ALZip\msvcp90.dll
%Program Files%\ESTsoft\ALZip\msvcr90.dll
%Program Files%\ESTsoft\ALZip\NewEgg.dat
%Program Files%\ESTsoft\ALZip\NewZip.dat
%Program Files%\ESTsoft\ALZip\ns{random characters}.tmp
%Program Files%\ESTsoft\ALZip\readme.txt
%Program Files%\ESTsoft\ALZip\splash.bmp
%Program Files%\ESTsoft\ALZip\Styles\Office2013.dll
%Program Files%\ESTsoft\ALZip\ToolkitPro.ResourceKo.dll
%Program Files%\ESTsoft\ALZip\ToolkitPro1640vc90U.dll
%Program Files%\ESTsoft\ALZip\unacev2.dll
%Program Files%\ESTsoft\ALZip\unins000.exe
%Program Files%\ESTsoft\ALZip\unrar.dll
%Program Files%\ESTsoft\Common\ALSTSCollector.exe
%Program Files%\ESTsoft\Common\ezt.exe
%Program Files%\ESTsoft\Common\ns{random characters}.tmp
%Start Menu%\알집.lnk
%System Root%\Users\Public\Desktop\알집.lnk
%User Temp%\ns{random characters}.tmD\EstUrl.dll
%User Temp%\ns{random characters}.tmD\newadvsplash.dll
%User Temp%\ns{random characters}.tmD\PromotionSetter.dll
%User Temp%\ns{random characters}.tmD\StartInfo.htm
%User Temp%\ns{random characters}.tmD\stext
%User Temp%\ns{random characters}.tmp

(Nota: %Application Data% es la carpeta Application Data del usuario activo, que en el caso de Windows 98 y ME suele estar ubicada en C:\Windows\Profiles\{nombre de usuario}\Application Data, en el caso de Windows NT en C:\WINNT\Profiles\{nombre de usuario}\Application Data y en el caso de Windows 2000, XP y Server 2003 en C:\Documents and Settings\{nombre de usuario}\Local Settings\Application Data).

. %Program Files% es la carpeta Archivos de programa predeterminada, que suele estar en C:\Archivos de programa).

. %Start Menu% es la carpeta Menú Inicio del usuario activo, que en el caso de Windows 98 y ME suele estar ubicada en C:\Windows\Profiles\{nombre de usuario}\Menú Inicio, en el caso de Windows NT en C:\WINNT\Profiles\{nombre de usuario}\Menú Inicio y en el caso de Windows 2000, XP y Server 2003 en C:\Documents and Settings\{nombre de usuario}\Menú Inicio).

. %System Root% es la carpeta raíz, normalmente C:\. También es la ubicación del sistema operativo).

. %User Temp% es la carpeta Temp del usuario activo, que en el caso de Windows 2000, XP y Server 2003 suele estar en C:\Documents and Settings\{nombre de usuario}\Local Settings\Temp).

)

Crea las carpetas siguientes:

%Application Data%\ESTsoft
%Application Data%\ESTsoft\ALUpdate
%Application Data%\ESTsoft\ALUpdate\Log
%Application Data%\ESTsoft\Cooperation
%Program Files%\ESTsoft
%Program Files%\ESTsoft\ALUpdate
%Program Files%\ESTsoft\ALZip
%Program Files%\ESTsoft\ALZip\Banner
%Program Files%\ESTsoft\ALZip\Coders
%Program Files%\ESTsoft\ALZip\Formats
%Program Files%\ESTsoft\ALZip\Styles
%Program Files%\ESTsoft\Common
%User Temp%\ns{random characters}.tmD

. %Program Files% es la carpeta Archivos de programa predeterminada, que suele estar en C:\Archivos de programa).

. %User Temp% es la carpeta Temp del usuario activo, que en el caso de Windows 2000, XP y Server 2003 suele estar en C:\Documents and Settings\{nombre de usuario}\Local Settings\Temp).

)

Otras modificaciones del sistema

Agrega las siguientes entradas de registro como parte de la rutina de instalación:

HKEY_CURRENT_USER\Software\ESTsoft

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.001

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.7z

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.ace

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.alz

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.arc

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.arj

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.b64

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bh

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bhx

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bin

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bz

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bz2

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.cab

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.ear

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.egg

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.enc

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.gz

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.ha

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.hqx

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.ice

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.img

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.iso

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.jar

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.lcd

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.lha

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.lzh

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.mim

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.nrg

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.pak

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.rar

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tar

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tbz

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tbz2

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tgz

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.uu

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.uue

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.war

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.xxe

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.xz

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.z

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.zip

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.zoo

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SOFTWARE\ESTsoft\ALZip

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALBanner

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALSTS

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALUpdate

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities

Agrega las siguientes entradas de registro:

HKEY_CURRENT_USER\Software\ESTsoft\
ALUpdate
(Default) = ""

HKEY_CURRENT_USER\Software\ESTsoft\
ALUpdate
language = "ko-KR"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip
(Default) = ""

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip
LanguageResource = ""

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip
RootDir = "%Program Files%\ESTsoft\ALZip"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip
Version = "10.73"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
AutoCloseCompress = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
AutoCloseExtract = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
AutoTestResultType = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
AutoTestType = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
CascadedContextMenu = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
CheckUsedIcon = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
CompressionTempPath = ""

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
CompressionTempPathType = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuExtra1 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuExtra1_2 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuExtra1_3 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuExtra2 = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuExtra2_2 = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuExtra2_3 = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuExtra3 = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuExtra3_2 = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuExtra3_3 = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuExtra4 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuExtra4_2 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuExtra4_3 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuExtra5 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuExtra5_2 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuExtra5_3 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive1 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive1_2 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive1_3 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive2 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive2_2 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive2_3 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive3 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive3_2 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive3_3 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive4 = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive4_2 = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive4_3 = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive5 = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive5_2 = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive5_3 = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive6 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive6_2 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive6_3 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive7 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive7_2 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive7_3 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnFiles1 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnFiles1_2 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnFiles1_3 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnFiles2 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnFiles2_2 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnFiles2_3 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnFiles3 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnFiles3_2 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnFiles3_3 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
CreateFilenameFolderUnderSelectedFolder = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
DefaultArchiveFormat = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
DefaultProgram = ""

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
DefaultSplitSizeType = "2"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ExecuteDefPrgIfNotRegisteredPrg = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ExtensionCheckRule = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ExtractLastPath = ""

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
LastCompressFormat = "zip"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
LastThreadCount = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ListViewSortIndex = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ListViewStyle = "3"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
MainBottomSectionSize = "100"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
MainLeftSectionSize = "206"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
MyDefaultFolder = "."

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
MyDefaultFolderType = "3"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
NewArchiveDialogExpanded = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
NoMsgDeletingTempFiles = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
NoShowAttachMailMsg = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
OpenDialogIncFullPath = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
OpenDialogIncSubFolders = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
OpenFolderAfterExtract = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ReplaceDialogAll = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ReplaceDialogDoType = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ReplaceDialogOverwriteType = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ScanVirusOnExtracting = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
SearchIgnoreCase = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ShowArchiveComment = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ShowColumnAttribute = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ShowColumnComment = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ShowColumnCRC = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ShowColumnDirectory = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ShowColumnMethod = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ShowColumnModifiedDate = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ShowColumnPackedSize = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ShowColumnRatio = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ShowColumnType = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ShowColumnUnpackedSize = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ShowColumnVolume = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ShowLeftSection = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ShowStatusBar = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ShowToolBar = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
SmartTarGz = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
SortColumn = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
SpecifiedProgram = "notepad.exe"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
SpeedExtractorType = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
UnassociateExtensions = ""

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
UseContextMenu = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
UseFullRowSelect = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
UsePasswordMask = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
UseSmartHeaderCheck = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
VirusScanner = ""

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
VirusScannerParam = ""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip
(Default) = ""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.001\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,34"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.001\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.001\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.7z\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,35"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.7z\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.7z\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.ace\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,3"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.ace\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.ace\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.alz\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,1"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.alz\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.alz\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.alz\ShellEx\DropHandler
(Default) = "{4EB37360-49E8-11D3-95B5-004033382980}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.arc\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,4"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.arc\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.arc\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.arj\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,5"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.arj\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.arj\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.b64\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,6"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.b64\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.b64\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bh\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,7"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bh\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bh\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bhx\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,8"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bhx\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bhx\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bin\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,9"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bin\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bin\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bz\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,38"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bz\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bz\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bz2\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,10"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bz2\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bz2\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.cab\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,11"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.cab\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.cab\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.ear\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,12"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.ear\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.ear\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.egg\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,36"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.egg\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.egg\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.egg\ShellEx\DropHandler
(Default) = "{4EB37360-49E8-11D3-95B5-004033382980}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.enc\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,13"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.enc\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.enc\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.gz\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,14"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.gz\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.gz\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.ha\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,15"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.ha\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.ha\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.hqx\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,16"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.hqx\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.hqx\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.ice\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,17"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.ice\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.ice\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.img\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,39"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.img\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.img\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.iso\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,18"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.iso\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.iso\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.jar\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,19"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.jar\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.jar\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.jar\ShellEx\DropHandler
(Default) = "{4EB37360-49E8-11D3-95B5-004033382980}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.lcd\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,20"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.lcd\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.lcd\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.lha\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,21"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.lha\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.lha\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.lha\ShellEx\DropHandler
(Default) = "{GUID}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.lzh\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,22"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.lzh\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.lzh\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.lzh\ShellEx\DropHandler
(Default) = "{GUID}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.mim\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,23"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.mim\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.mim\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.nrg\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,40"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.nrg\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.nrg\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.pak\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,24"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.pak\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.pak\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.rar\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,25"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.rar\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.rar\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tar\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,26"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tar\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tar\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tar\ShellEx\DropHandler
(Default) = "{GUID}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tbz\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,37"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tbz\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tbz\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tbz\ShellEx\DropHandler
(Default) = "{GUID}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tbz2\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,37"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tbz2\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tbz2\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tbz2\ShellEx\DropHandler
(Default) = "{GUID}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tgz\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,27"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tgz\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tgz\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tgz\ShellEx\DropHandler
(Default) = "{GUID}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.uu\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,28"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.uu\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.uu\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.uue\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,28"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.uue\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.uue\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.war\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,29"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.war\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.war\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.xxe\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,30"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.xxe\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.xxe\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.xz\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,41"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.xz\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.xz\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.z\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,31"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.z\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.z\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.zip\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,32"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.zip\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.zip\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.zip\ShellEx\DropHandler
(Default) = "{GUID}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.zoo\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,33"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.zoo\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.zoo\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SOFTWARE\ESTsoft\ALZip
(Default) = ""

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALBanner
Locale = "ko-KR"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALSTS
(Default) = ""

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALSTS
Locale = "ko-KR"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALSTS
RootDir = "%Program Files%\ESTsoft\Common"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALSTS
WebService = "http://{BLOCKED}R.{BLOCKED}S.altools.com/ALSTSService.asmx"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALUpdate
(Default) = ""

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALUpdate
language = "ko-KR"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALUpdate
RootDir = "%Program Files%\ESTsoft\ALUpdate"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALUpdate
WebService = "http://ko-KR.alupdate.altools.com/UpdateService.asmx"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip
(Default) = ""

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip
AdditionalVersion = ""

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip
ALUpdatePlan = "U"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip
EULAVersion = "38"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip
FullVersion = "10.73.0.1"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip
LanguageResource = ""

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip
Locale = "ko-KR"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip
ProductNo = "0"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip
RootDir = "%Program Files%\ESTsoft\ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip
Version = "10.73"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities
ApplicationName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.001 = "ALZip.001"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.7z = "ALZip.7z"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.ace = "ALZip.ace"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.alz = "ALZip.alz"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.arc = "ALZip.arc"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.arj = "ALZip.arj"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.b64 = "ALZip.b64"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.bh = "ALZip.bh"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.bhx = "ALZip.bhx"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.bin = "ALZip.bin"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.bz = "ALZip.bz"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.bz2 = "ALZip.bz2"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.cab = "ALZip.cab"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.ear = "ALZip.ear"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.egg = "ALZip.egg"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.enc = "ALZip.enc"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.gz = "ALZip.gz"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.ha = "ALZip.ha"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.hqx = "ALZip.hqx"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.ice = "ALZip.ice"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.img = "ALZip.img"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.iso = "ALZip.iso"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.jar = "ALZip.jar"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.lcd = "ALZip.lcd"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.lha = "ALZip.lha"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.lzh = "ALZip.lzh"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.mim = "ALZip.mim"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.nrg = "ALZip.nrg"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.pak = "ALZip.pak"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.rar = "ALZip.rar"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.tar = "ALZip.tar"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.tbz = "ALZip.tbz"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.tbz2 = "ALZip.tbz2"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.tgz = "ALZip.tgz"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.uu = "ALZip.uu"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.uue = "ALZip.uue"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.war = "ALZip.war"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.xxe = "ALZip.xxe"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.xz = "ALZip.xz"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.z = "ALZip.z"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.zip = "ALZip.zip"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.zoo = "ALZip.zoo"

Soluciones

Motor de exploración mínimo 9.850

Step 1

Los usuarios de Windows ME y XP, antes de llevar a cabo cualquier exploración, deben comprobar que tienen desactivada la opción Restaurar sistema para permitir la exploración completa del equipo.

Step 3

Identificar y terminar los archivos detectados como PUA_DOWNAD.GA

[ aprenda más ]

Para los usuarios de Windows 98 y ME, puede que el Administrador de tareas de Windows no muestre todos los procesos en ejecución. En tal caso, utilice un visor de procesos de una tercera parte (preferiblemente, el Explorador de procesos) para terminar el archivo de malware/grayware/spyware. Puede descargar la herramienta en cuestión aquí.
Si el archivo detectado aparece en el Administrador de tareas o en el Explorador de procesos, pero no puede eliminarlo, reinicie el equipo en modo seguro. Para ello, consulte este enlace para obtener todos los pasos necesarios.
Si el archivo detectado no se muestra en el Administrador de tareas o el Explorador de procesos, prosiga con los pasos que se indican a continuación.

Step 4

Quitar PUA_DOWNAD.GA por medio de su propia opción de desinstalación

[ aprenda más ]

Para desinstalar el proceso de grayware

Step 5

Explorar el equipo con su producto de Trend Micro para eliminar los archivos detectados como PUA_DOWNAD.GA En caso de que el producto de Trend Micro ya haya limpiado, eliminado o puesto en cuarentena los archivos detectados, no serán necesarios más pasos. Puede optar simplemente por eliminar los archivos en cuarentena. Consulte esta página de Base de conocimientos para obtener más información.

Rellene nuestra encuesta!

PUA_DOWNAD.GA

Resumen y descripción

Detalles técnicos

Soluciones

Recursos

Soporte

Acerca de Trend

PUA_DOWNAD.GA

Resumen y descripción

Detalles técnicos

Soluciones

Recursos

Soporte

Acerca de Trend

América

Oriente Medio y África

Europa

Asia-Pacífico