PUA.Win32.Silentall.A
Windows
Tipo di minaccia informatica:
Potentially Unwanted Application
Distruttivo?:
No
Crittografato?:
In the wild::
Sì
Panoramica e descrizione
It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Elimina archivos para impedir la ejecución correcta de programas y aplicaciones.
Dettagli tecnici
Detalles de entrada
It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Instalación
Agrega los procesos siguientes:
- %System Root%\~kficfbj.tmp /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP-
- "%User Temp%\is-KALQC.tmp\~kficfbj.tmp" /SL5="$30164,16125842,188928,%System Root%\~kficfbj.tmp" /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP-
- "%System%\regsvr32.exe" /s "%System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll"
- "rundll32.exe " SETUPAPI.DLL,InstallHinfSection DefaultInstall 132 %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\revoflt.inf
- "%System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\ruplp.exe" /regserver /NOREDIRECT
- "%System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe" /bc
- "%System%\runonce.exe" -r
- "%System%\grpconv.exe" -o
- "%Program Files%\Internet Explorer\IEXPLORE.EXE" SCODEF:2840 CREDAT:275457 /prefetch:2
(Nota: %System Root% es la carpeta raíz, normalmente C:\. También es la ubicación del sistema operativo).
. %User Temp% es la carpeta Temp del usuario activo, que en el caso de Windows 2000(32-bit), XP y Server 2003(32-bit) suele estar en C:\Documents and Settings\{nombre de usuario}\Local Settings\Temp y en el case de Windows Vista, 7, 8, 8.1, 2008(64-bit), 2012(64-bit) y 10(64-bit) en C:\Users\{nombre de usuario}\AppData\Local\Temp).. %System% es la carpeta del sistema de Windows, que en el caso de Windows 98 y ME suele estar en C:\Windows\System, en el caso de Windows NT y 2000 en C:\WINNT\System32 y en el caso de Windows 2000(32-bit), XP, Server 2003(32-bit), Vista, 7, 8, 8.1, 2008(64-bit), 2012(64bit) y 10(64-bit) en C:\Windows\System32).. %Program Files% es la carpeta Archivos de programa predeterminada, que suele estar en C:\Archivos de programa).)Crea las carpetas siguientes:
- %AppDataLocal%\Microsoft\Internet Explorer\Recovery\High\Active
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro
- %All Users Profile%\VS Revo Group
- %AppDataLocal%\VS Revo Group\Revo Uninstaller Pro
- %All Users Profile%\VS Revo Group\Revo Uninstaller Pro
- %All Users Profile%\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
- %AppDataLocal%\VS Revo Group
- %AppDataLocal%\VS Revo Group\Revo Uninstaller Pro\data
- %Application Data%\Microsoft\Windows\IECompatUACache
- %User Temp%\is-0378N.tmp\_isetup
- %AppDataLocal%\Microsoft\Windows\Explorer
- %Application Data%\Microsoft\Windows\IECompatCache
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang
- %Application Data%\Microsoft\Windows\DNTException
- %AppDataLocal%\Microsoft\Internet Explorer\DomainSuggestions
- %Application Data%\Microsoft\Windows\PrivacIE
- %System Root%\Program Files\VS Revo Group
(Nota: %System Root% es la carpeta raíz, normalmente C:\. También es la ubicación del sistema operativo).
. %Application Data% es la carpeta Application Data del usuario activo, que en el caso de Windows 98 y ME suele estar ubicada en C:\Windows\Profiles\{nombre de usuario}\Application Data, en el caso de Windows NT en C:\WINNT\Profiles\{nombre de usuario}\Application Data, en el caso de Windows 2000(32-bit), XP y Server 2003(32-bit) en C:\Documents and Settings\{nombre de usuario}\Local Settings\Application Data y en el caso de Windows Vista, 7, 8, 8.1, 2008(64-bit), 2012(64-bit) y 10(64-bit) en C:\Users\{nombre de usuario}\AppData\Roaming.).. %User Temp% es la carpeta Temp del usuario activo, que en el caso de Windows 2000(32-bit), XP y Server 2003(32-bit) suele estar en C:\Documents and Settings\{nombre de usuario}\Local Settings\Temp y en el case de Windows Vista, 7, 8, 8.1, 2008(64-bit), 2012(64-bit) y 10(64-bit) en C:\Users\{nombre de usuario}\AppData\Local\Temp).)Técnica de inicio automático
Agrega las siguientes entradas de registro para permitir su ejecución automática cada vez que se inicia el sistema:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\RunOnce
GrpConv = "grpconv -o"
Otras modificaciones del sistema
Modifica los archivos siguientes:
- %AppDataLocal%\Microsoft\Windows\Explorer\ExplorerStartupLog_RunOnce.etl
Elimina los archivos siguientes:
- %All Users Profile%\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Revo Uninstaller Pro Help.url
- %System Root%\Users\Public\Desktop\Revo Uninstaller Pro.url
- %Application Data%\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.url
- %All Users Profile%\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Revo Uninstaller Pro on the Web.lnk
- %All Users Profile%\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Uninstall Revo Uninstaller Pro.url
- %All Users Profile%\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Revo Uninstaller Pro.url
- %Application Data%\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.pif
- %System Root%\Users\Public\Desktop\Revo Uninstaller Pro.pif
- %All Users Profile%\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Revo Uninstaller Pro Help.pif
- %All Users Profile%\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Revo Uninstaller Pro.pif
- %All Users Profile%\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Uninstall Revo Uninstaller Pro.pif
- %All Users Profile%\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Revo Uninstaller Pro on the Web.pif
- %AppDataLocal%Low\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
(Nota: %System Root% es la carpeta raíz, normalmente C:\. También es la ubicación del sistema operativo).
. %Application Data% es la carpeta Application Data del usuario activo, que en el caso de Windows 98 y ME suele estar ubicada en C:\Windows\Profiles\{nombre de usuario}\Application Data, en el caso de Windows NT en C:\WINNT\Profiles\{nombre de usuario}\Application Data, en el caso de Windows 2000(32-bit), XP y Server 2003(32-bit) en C:\Documents and Settings\{nombre de usuario}\Local Settings\Application Data y en el caso de Windows Vista, 7, 8, 8.1, 2008(64-bit), 2012(64-bit) y 10(64-bit) en C:\Users\{nombre de usuario}\AppData\Roaming.).)Agrega las siguientes entradas de registro:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{FB562550-BBE6-4298-861A-5C0A6562C272}
(Default) = "Revo Uninstaller Pro"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{FB562550-BBE6-4298-861A-5C0A6562C272}
InfoTip = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{FB562550-BBE6-4298-861A-5C0A6562C272}
{305CA226-D286-468e-B848-2B2E8E697B74} 2 = "8"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{FB562550-BBE6-4298-861A-5C0A6562C272}\DefaultIcon
(Default) = "%System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe,0"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{FB562550-BBE6-4298-861A-5C0A6562C272}\Shell\
Open\command
(Default) = "%System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{FB562550-BBE6-4298-861A-5C0A6562C272}\ShellFolder
Attributes = "48"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\
ControlPanel\NameSpace\{FB562550-BBE6-4298-861A-5C0A6562C272}
(Default) = "Revo Uninstaller Pro"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\App Paths\
RevoUninPro.exe
(Default) = "%System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
.ruel
(Default) = "RevoUninstallerPro.ruel"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
RevoUninstallerPro.ruel\DefaultIcon
(Default) = "%System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe,0"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
RevoUninstallerPro.ruel\shell\open\
command
(Default) = "{random characters}"
HKEY_CURRENT_USER\Software\VS Revo Group\
Revo Uninstaller Pro\General
Aff = "https://www.{BLOCKED}installer.com/buy-now-btn"
HKEY_CURRENT_USER\Software\VS Revo Group\
Revo Uninstaller Pro\General
USRenewLink = "https://www.{BLOCKED}installer.com/buy-update-subscription-btn"
HKEY_CURRENT_USER\Software\VS Revo Group\
Revo Uninstaller Pro\General
Anchor = "www.revouninstaller.com"
HKEY_CURRENT_USER\Software\VS Revo Group\
Revo Uninstaller Pro\General
AffHome = "https://www.{BLOCKED}installer.com"
HKEY_CURRENT_USER\Software\VS Revo Group\
Revo Uninstaller Pro\General
LDBURL = "https://www.{BLOCKED}installerpro.com/db/ilogs"
HKEY_CURRENT_USER\Software\VS Revo Group\
Revo Uninstaller Pro\General
WebLang = "ENG"
HKEY_CURRENT_USER\Software\VS Revo Group\
Revo Uninstaller Pro\General
Language file = "english.ini"
HKEY_CURRENT_USER\Software\VS Revo Group\
Revo Uninstaller Pro\View
Theme = "6"
HKEY_CURRENT_USER\Software\VS Revo Group\
Revo Uninstaller Pro\General
Ver4 = "4"
HKEY_CURRENT_USER\Software\VS Revo Group\
Revo Uninstaller Pro\General
VFR = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1
Inno Setup: Setup Version = "5.6.1 (u)"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1
Inno Setup: App Path = "%System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1
InstallLocation = "%System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1
Inno Setup: Icon Group = "Revo Uninstaller Pro"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1
Inno Setup: User = "{username}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1
Inno Setup: Selected Tasks = "desktopicon,quicklaunchicon"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1
Inno Setup: Deselected Tasks = ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1
Inno Setup: Language = "ENG"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1
DisplayName = "Revo Uninstaller Pro 4.2.3"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1
DisplayIcon = "%System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1
UninstallString = "%System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\unins000.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1
QuietUninstallString = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1
DisplayVersion = "4.2.3"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1
Publisher = "VS Revo Group, Ltd."
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1
URLInfoAbout = "http://www.{BLOCKED}installer.com"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1
HelpLink = "https://www.{BLOCKED}installer.com/support"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1
URLUpdateInfo = "https://www.{BLOCKED}installer.com/products/revo-uninstaller-pro"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1
NoModify = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1
NoRepair = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1
InstallDate = "20191207"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1
MajorVersion = "4"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1
MinorVersion = "2"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1
VersionMajor = "4"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1
VersionMinor = "2"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1
EstimatedSize = "64470"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Shell Extensions\
Approved
{2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} = "Revo Uninstaller Pro Extension"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{1D928D64-60D3-4FAC-B810-C4D9D8A680CF}
(Default) = "RUExt"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\RUExt.DLL
AppID = "{1D928D64-60D3-4FAC-B810-C4D9D8A680CF}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{2C5515DC-2A7E-4BFD-B813-CACC2B685EB7}
(Default) = "RUShellExt Class"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{2C5515DC-2A7E-4BFD-B813-CACC2B685EB7}\InprocServer32
(Default) = "%System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{2C5515DC-2A7E-4BFD-B813-CACC2B685EB7}\InprocServer32
ThreadingModel = "Apartment"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
exefile\shellex\ContextMenuHandlers\
RUShellExt
(Default) = "{2C5515DC-2A7E-4BFD-B813-CACC2B685EB7}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Msi.Package\shellex\ContextMenuHandlers\
RUShellExt
(Default) = "{2C5515DC-2A7E-4BFD-B813-CACC2B685EB7}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
lnkfile\shellex\ContextMenuHandlers\
RUShellExt
(Default) = "{2C5515DC-2A7E-4BFD-B813-CACC2B685EB7}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Folder\ShellEx\ContextMenuHandlers\
RUShellExt
(Default) = "{2C5515DC-2A7E-4BFD-B813-CACC2B685EB7}"
HKEY_LOCAL_MACHINE\SYSTEM\Setup\
SetupapiLogStatus
setupapi.app.log = "4096"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
services\Revoflt\Instances
DefaultInstance = "Revoflt - Top Instance"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
services\Revoflt\Instances\
Revoflt - Top Instance
Altitude = "370330"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
services\Revoflt\Instances\
Revoflt - Top Instance
Flags = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer
GlobalAssocChangedCounter = "41"
HKEY_CURRENT_USER\Software\Mirage\
LicenceProtector\Log
LoggingEnabled = "0"
HKEY_CURRENT_USER\Software\Mirage\
LicenceProtector\Log
ErrorShowEnabled = "1"
HKEY_CURRENT_USER\Software\Mirage\
LicenceProtector\Log
LogLevel = "256"
HKEY_CURRENT_USER\Software\Mirage\
LicenceProtector\Log
LogPath = "%System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\log"
HKEY_CURRENT_USER\Software\Mirage\
LicenceProtector\Log
LogFileNameHeader = ""
HKEY_CURRENT_USER\Software\Mirage\
LicenceProtector\Log
LogFileNameDateFormat = "yyyy-mm-dd-hh"
HKEY_CURRENT_USER\Software\Mirage\
LicenceProtector\Log
LogFileNameEnding = ".log"
HKEY_CURRENT_USER\Software\Mirage\
LicenceProtector\Log
MinLogFiles = "10"
HKEY_CURRENT_USER\Software\Mirage\
LicenceProtector\Log
MinLogDays = "50"
HKEY_CURRENT_USER\Software\Mirage\
LicenceProtector\Log
MaxLogSpaceInKB = "3000"
HKEY_CURRENT_USER\Software\Mirage\
LicenceProtector\Log
IntervalDaysCheckLog = "7"
HKEY_CURRENT_USER\Software\Mirage\
LicenceProtector\Log
AutoDeleteLogFiles = "0"
HKEY_CURRENT_USER\Software\Mirage\
LicenceProtector\Log
LogTimer = "1"
HKEY_CURRENT_USER\Software\Mirage\
LicenceProtector\Log
LogDebugError = "1"
HKEY_CURRENT_USER\Software\Mirage\
LicenceProtector\Log
ShowDebugError = "1"
HKEY_CURRENT_USER\Software\Mirage\
LicenceProtector\Log
LogInfoError = "1"
HKEY_CURRENT_USER\Software\Mirage\
LicenceProtector\Log
ShowInfoError = "1"
HKEY_CURRENT_USER\Software\Mirage\
LicenceProtector\Log
LogNormalError = "1"
HKEY_CURRENT_USER\Software\Mirage\
LicenceProtector\Log
ShowNormalError = "1"
HKEY_CURRENT_USER\Software\Mirage\
LicenceProtector\Log
LogBadError = "1"
HKEY_CURRENT_USER\Software\Mirage\
LicenceProtector\Log
ShowBadError = "1"
HKEY_CURRENT_USER\Software\Mirage\
LicenceProtector\Log
LogInternalError = "1"
HKEY_CURRENT_USER\Software\Mirage\
LicenceProtector\Log
ShowInternalError = "1"
HKEY_CURRENT_USER\Software\Mirage\
LicenceProtector\Log
LogCriticalError = "1"
HKEY_CURRENT_USER\Software\Mirage\
LicenceProtector\Log
ShowCriticalError = "1"
HKEY_CURRENT_USER\Software\Mirage\
LicenceProtector\Log
LogDeadlyError = "1"
HKEY_CURRENT_USER\Software\Mirage\
LicenceProtector\Log
ShowDeadlyError = "1"
HKEY_CURRENT_USER\Software\Mirage\
LicenceProtector\Log
LogDebug = "1"
HKEY_CURRENT_USER\Software\Mirage\
LicenceProtector\Log
LogInformation = "1"
HKEY_CURRENT_USER\Software\Mirage\
LicenceProtector\Log
LogUserAction = "1"
HKEY_CURRENT_USER\Software\Mirage\
LicenceProtector\Log
LogWarn = "1"
HKEY_CURRENT_USER\Software\Mirage\
LicenceProtector\Log
LogError = "1"
HKEY_CURRENT_USER\Software\Mirage\
LicenceProtector\Log
LogCallstack = "0"
HKEY_CURRENT_USER\Software\Mirage\
LicenceProtector\Log
StacksizeMax = "200"
HKEY_CURRENT_USER\Software\Mirage\
LicenceProtector\Log
StacksizeMin = "50"
HKEY_CURRENT_USER\Software\Mirage\
LicenceProtector\Log
StacksizeDel = "100"
HKEY_CURRENT_USER\Software\Mirage\
LicenceProtector\Log
StackRemoved = "**REMOVED**"
HKEY_CURRENT_USER\Software\Mirage\
LicenceProtector\Log
StackSearch = "20"
HKEY_CURRENT_USER\Software\Mirage\
LicenceProtector\Log
UseIndention = "1"
HKEY_CURRENT_USER\Software\Mirage\
LicenceProtector\Log
Indention = " "
HKEY_CURRENT_USER\Software\Mirage\
LicenceProtector\Log
StackStep = "20"
HKEY_CURRENT_USER\Software\Mirage\
LicenceProtector\Log
DebugS = ""
HKEY_CURRENT_USER\Software\Mirage\
LicenceProtector\Log
NextLogCheck = "\x00\x00\x00\x00\xa0d\xe5@"
HKEY_CURRENT_USER\Software\Mirage\
LicenceProtector\Log
RollingMode = "2"
HKEY_CURRENT_USER\Software\Mirage\
LicenceProtector\Log
NoOfRollingFilesToKeep = "10"
HKEY_CURRENT_USER\Software\Mirage\
LicenceProtector\Log
LogPath = "%Application Data%\ruplp\log"
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\
Microsoft\Lptr
LastUsedLM = "\x00\x00\x00\x00\x00\x00\x00\x00"
HKEY_CURRENT_USER\Software\Mirage\
LicenceProtector
UseMAPI = "0"
HKEY_CURRENT_USER\Software\Microsoft\
Lptr
LastUsedCU = "\x00\x00\x00\x00\x00\x00\x00\x00"
HKEY_CURRENT_USER\Software\Mirage\
LicenceProtector
ShowModuleIDinViewer = "0"
HKEY_CURRENT_USER\Software\Mirage\
LicenceProtector
MaxCharsForMailTo = "3000"
HKEY_CURRENT_USER\Software\Mirage\
LicenceProtector
LPColor = "10736554"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{58DF91C9-795D-4356-9568-7F149ED299B4}
(Default) = "ILicProtectorEXE510"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{58DF91C9-795D-4356-9568-7F149ED299B4}\
ProxyStubClsid32
(Default) = "{00020424-0000-0000-C000-000000000046}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{58DF91C9-795D-4356-9568-7F149ED299B4}\
TypeLib
(Default) = "{37B86290-9C1A-453F-BFA7-CB6EC9CEC00F}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\Interface\{58DF91C9-795D-4356-9568-7F149ED299B4}\
TypeLib
Version = "5.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{DD72B942-27D2-4A3C-9353-FA0441FBABA0}
(Default) = "LicProtector Object"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{DD72B942-27D2-4A3C-9353-FA0441FBABA0}\
LocalServer32
(Default) = "%System Root%\PROGRA~1\VSREVO~1\REVOUN~1\ruplp.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
LicProtector.LicProtectorEXE510
(Default) = "LicProtector Object"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
LicProtector.LicProtectorEXE510\Clsid
(Default) = "{DD72B942-27D2-4A3C-9353-FA0441FBABA0}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{DD72B942-27D2-4A3C-9353-FA0441FBABA0}\
ProgID
(Default) = "LicProtector.LicProtectorEXE510"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{DD72B942-27D2-4A3C-9353-FA0441FBABA0}\
Version
(Default) = "5.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Wow6432Node\CLSID\{DD72B942-27D2-4A3C-9353-FA0441FBABA0}\
TypeLib
(Default) = "{37B86290-9C1A-453F-BFA7-CB6EC9CEC00F}"
HKEY_CURRENT_USER\Software\VS Revo Group\
Revo Uninstaller Pro\Uninstaller\RunCache
Run Version = "1"
HKEY_CURRENT_USER\Software\VS Revo Group\
Revo Uninstaller Pro\View
Show Startup Splash = "1"
HKEY_CURRENT_USER\Software\VS Revo Group\
Revo Uninstaller Pro\General
VFR = "0"
HKEY_CURRENT_USER\Software\VS Revo Group\
Revo Uninstaller Pro\RUExt
in = "Install with Revo Uninstaller Pro"
HKEY_CURRENT_USER\Software\VS Revo Group\
Revo Uninstaller Pro\RUExt
inh = "Install selected program with Revo Uninstaller Pro"
HKEY_CURRENT_USER\Software\VS Revo Group\
Revo Uninstaller Pro\RUExt
un = "Uninstall with Revo Uninstaller Pro"
HKEY_CURRENT_USER\Software\VS Revo Group\
Revo Uninstaller Pro\RUExt
unh = "Uninstall selected program with Revo Uninstaller Pro"
HKEY_CURRENT_USER\Software\VS Revo Group\
Revo Uninstaller Pro\General
SUQ = "{random characters}"
HKEY_CURRENT_USER\Software\VS Revo Group\
Revo Uninstaller Pro\Uninstaller
New programs type = "0"
HKEY_CURRENT_USER\Software\VS Revo Group\
Revo Uninstaller Pro\Uninstaller
New Days = "7"
HKEY_CURRENT_USER\Software\VS Revo Group\
Revo Uninstaller Pro\Uninstaller\AllProgs
Use Reg Install Date = "0"
HKEY_CURRENT_USER\Software\VS Revo Group\
Revo Uninstaller Pro\Uninstaller\AppBar
LogsDir = "%AppDataLocal%\VS Revo Group\Revo Uninstaller Pro\Logs"
HKEY_CURRENT_USER\Software\VS Revo Group\
Revo Uninstaller Pro\Uninstaller\AllProgs\
FolderExclude\%AppDataLocal%\VS Revo Group\
Revo Uninstaller Pro
Logs = "1"
Modifica las siguientes entradas de registro:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\GroupOrderList
FSFilter Activity Monitor = "\x02\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00"
(Note: The default value data of the said registry entry is {random values}.)
Elimina las siguientes claves de registro:
HKEY_CURRENT_USER\Software\VS Revo Group\
Revo Uninstaller Pro\General\TE
HKEY_CURRENT_USER\Software\VS Revo Group\
Revo Uninstaller Pro\General\TED
HKEY_CURRENT_USER\Software\VS Revo Group\
Revo Uninstaller Pro\General\TEM
HKEY_CURRENT_USER\Software\VS Revo Group\
Revo Uninstaller Pro\General\TEY
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\RunOnce\
GrpConv
Rutina de infiltración
Infiltra los archivos siguientes:
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\english.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\unins000.dat
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\hungarian.ini
- %AppDataLocal%\Microsoft\Internet Explorer\Recovery\High\Active\{062CADCC-1876-11EA-B077-005056BC6DD2}.dat
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\bulgarian.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\russian.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-8523F.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-1MOTQ.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\traditionalchinese.ini
- %All Users Profile%\VS Revo Group\Revo Uninstaller Pro\is-VNRT4.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\persian.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\czech.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-LHLEP.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\japanese.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-BJ27F.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\serbianLatin.ini
- %All Users Profile%\VS Revo Group\Revo Uninstaller Pro\revouninstallerpro4.lic
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\polish.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-LUVIR.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-BM5FC.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\macedonian.ini
- %AppDataLocal%\Microsoft\Internet Explorer\DomainSuggestions\en-US.6
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-S4HU7.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\hellenic.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-A8IA1.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoAppBar.exe
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-SMIT9.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\is-UC4OR.tmp
- %All Users Profile%\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Revo Uninstaller Pro.lnk
- %AppDataLocal%\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FB717DF6-1875-11EA-B077-005056BC6DD2}.dat
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\albanian.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-RAAK3.tmp
- %All Users Profile%\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Uninstall Revo Uninstaller Pro.lnk
- %System Root%\~kficfbj.tmp
- %All Users Profile%\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Revo Uninstaller Pro Help.lnk
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\hindi.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\german.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\is-FFJNS.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-2C36M.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\dutch.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-1DFAH.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-Q0KFM.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\is-U61A6.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\is-CSSK9.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-N594B.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\rupilogs.rupldb
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-V1OTL.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-CMARQ.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\danish.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\revoflt.sys
- %System Root%\Users\Public\Desktop\Revo Uninstaller Pro.lnk
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\spanish.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\turkish.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\License.txt
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\simplifiedchinese.ini
- %AppDataLocal%\VS Revo Group\Revo Uninstaller Pro\data\cachedata.dat
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\serbian.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\bengali.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\swedish.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-A8G32.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-1HG1Q.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\is-V0AU7.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\unins000.exe
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-AV1TR.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-G0ACT.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\finnish.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\portuguesebrazil.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoCmd.exe
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\portuguese_standard.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-PJT6J.tmp
- %AppDataLocal%\Microsoft\Internet Explorer\MSIMGSIZ.DAT
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\armenian.ini
- %All Users Profile%\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Revo Uninstaller Pro on the Web.url
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-JN7OV.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\estonian.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-2GPMB.tmp
- %AppDataLocal%\Microsoft\Internet Explorer\DOMStore\3UYAQU1F\www.revouninstaller[1].xml
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\hebrew.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-3857Q.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-OHN8T.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-TILPE.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-C080K.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\Revo Uninstaller Pro Help.pdf
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-IVVQO.tmp
- %Application Data%\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\ukrainian.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\norwegian.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\romanian.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\is-GLS0P.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-B6OMB.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\ruplp.exe
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\kurdish.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\slovenian.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-29NIS.tmp
- %AppDataLocal%\Microsoft\Internet Explorer\imagestore\joppu72\imagestore.dat
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\reg_lp.bat
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-31831.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\arabic.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-89N4B.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\revoflt.inf
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-4CU3T.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\azerbaijani.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-B52M6.tmp
- %Windows%\inf\setupapi.app.log
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-FU5UD.tmp
- %AppDataLocal%\Microsoft\Windows\Explorer\ExplorerStartupLog_RunOnce.etl
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\is-PPR02.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-67EM9.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-FFMQ0.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-KFLL8.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\is-PIJPR.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-85I06.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\portuguese.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\italiano.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\french.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-L7L5U.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\is-CF2G9.tmp
- %AppDataLocal%\Microsoft\Internet Explorer\Recovery\High\Active\{FB717DF8-1875-11EA-B077-005056BC6DD2}.dat
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\vietnamese.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\is-6EVHH.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\korean.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\hrvatski.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\is-6G55D.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\indonesian.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-RQEUR.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\slovak.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-DM6MG.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\is-ODML9.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-FQQ0I.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-P4BAK.tmp
Otros detalles
It connects to the following possibly malicious URL:
- http://www.{BLOCKED}oft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- http://go.{BLOCKED}oft.com
- http://www.{BLOCKED}installer.com
- http://api.{BLOCKED}g.com
- http://www.{BLOCKED}g.com
- http://d3860daa530760e9774c-b8b4be769824aed485c8a30c6b0f6406.{BLOCKED}l.cf1.rackcdn.com
- http://www.{BLOCKED}tagmanager.com
- http://www.{BLOCKED}-analytics.com
- http://app.{BLOCKED}t.com
- http://assets.{BLOCKED}k.com
- http://static.{BLOCKED}ts.com
- http://f057a20f961f56a72089-b74530d2d26278124f446233f95622ef.{BLOCKED}l.cf1.rackcdn.com
- http://fonts.{BLOCKED}apis.com
- http://ekr.{BLOCKED}ts.com
- http://vsrevogroup.{BLOCKED}k.com
- http://widget-mediator.{BLOCKED}m.com
- http://sqm.{BLOCKED}try.microsoft.com
- http://ieonline.{BLOCKED}oft.com
Soluzioni
Step 1
Los usuarios de Windows ME y XP, antes de llevar a cabo cualquier exploración, deben comprobar que tienen desactivada la opción Restaurar sistema para permitir la exploración completa del equipo.
Step 2
Reiniciar en modo seguro
Step 3
Identificar y terminar los archivos detectados como PUA.Win32.Silentall.A
- Para los usuarios de Windows 98 y ME, puede que el Administrador de tareas de Windows no muestre todos los procesos en ejecución. En tal caso, utilice un visor de procesos de una tercera parte (preferiblemente, el Explorador de procesos) para terminar el archivo de malware/grayware/spyware. Puede descargar la herramienta en cuestión aquí.
- Si el archivo detectado aparece en el Administrador de tareas o en el Explorador de procesos, pero no puede eliminarlo, reinicie el equipo en modo seguro. Para ello, consulte este enlace para obtener todos los pasos necesarios.
- Si el archivo detectado no se muestra en el Administrador de tareas o el Explorador de procesos, prosiga con los pasos que se indican a continuación.
Step 4
Eliminar este valor del Registro
Importante: si modifica el Registro de Windows incorrectamente, podría hacer que el sistema funcione mal de manera irreversible. Lleve a cabo este paso solo si sabe cómo hacerlo o si puede contar con ayuda de su administrador del sistema. De lo contrario, lea este artículo de Microsoft antes de modificar el Registro del equipo.
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
- GrpConv = "grpconv -o"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB562550-BBE6-4298-861A-5C0A6562C272}
- (Default) = "Revo Uninstaller Pro"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB562550-BBE6-4298-861A-5C0A6562C272}
- InfoTip = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB562550-BBE6-4298-861A-5C0A6562C272}
- {305CA226-D286-468e-B848-2B2E8E697B74} 2 = "8"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB562550-BBE6-4298-861A-5C0A6562C272}\DefaultIcon
- (Default) = "%System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe,0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB562550-BBE6-4298-861A-5C0A6562C272}\Shell\Open\command
- (Default) = "%System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB562550-BBE6-4298-861A-5C0A6562C272}\ShellFolder
- Attributes = "48"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{FB562550-BBE6-4298-861A-5C0A6562C272}
- (Default) = "Revo Uninstaller Pro"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\RevoUninPro.exe
- (Default) = "%System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.ruel
- (Default) = "RevoUninstallerPro.ruel"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RevoUninstallerPro.ruel\DefaultIcon
- (Default) = "%System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe,0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RevoUninstallerPro.ruel\shell\open\command
- (Default) = "{random characters}"
- In HKEY_CURRENT_USER\Software\VS Revo Group\Revo Uninstaller Pro\General
- Aff = "https://www.{BLOCKED}installer.com/buy-now-btn"
- In HKEY_CURRENT_USER\Software\VS Revo Group\Revo Uninstaller Pro\General
- USRenewLink = "https://www.{BLOCKED}installer.com/buy-update-subscription-btn"
- In HKEY_CURRENT_USER\Software\VS Revo Group\Revo Uninstaller Pro\General
- Anchor = "www.revouninstaller.com"
- In HKEY_CURRENT_USER\Software\VS Revo Group\Revo Uninstaller Pro\General
- AffHome = "https://www.{BLOCKED}installer.com"
- In HKEY_CURRENT_USER\Software\VS Revo Group\Revo Uninstaller Pro\General
- LDBURL = "https://www.{BLOCKED}installerpro.com/db/ilogs"
- In HKEY_CURRENT_USER\Software\VS Revo Group\Revo Uninstaller Pro\General
- WebLang = "ENG"
- In HKEY_CURRENT_USER\Software\VS Revo Group\Revo Uninstaller Pro\General
- Language file = "english.ini"
- In HKEY_CURRENT_USER\Software\VS Revo Group\Revo Uninstaller Pro\View
- Theme = "6"
- In HKEY_CURRENT_USER\Software\VS Revo Group\Revo Uninstaller Pro\General
- Ver4 = "4"
- In HKEY_CURRENT_USER\Software\VS Revo Group\Revo Uninstaller Pro\General
- VFR = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1
- Inno Setup: Setup Version = "5.6.1 (u)"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1
- Inno Setup: App Path = "%System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1
- InstallLocation = "%System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1
- Inno Setup: Icon Group = "Revo Uninstaller Pro"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1
- Inno Setup: User = "{username}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1
- Inno Setup: Selected Tasks = "desktopicon,quicklaunchicon"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1
- Inno Setup: Deselected Tasks = ""
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1
- Inno Setup: Language = "ENG"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1
- DisplayName = "Revo Uninstaller Pro 4.2.3"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1
- DisplayIcon = "%System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1
- UninstallString = "%System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\unins000.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1
- QuietUninstallString = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1
- DisplayVersion = "4.2.3"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1
- Publisher = "VS Revo Group, Ltd."
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1
- URLInfoAbout = "http://www.{BLOCKED}installer.com"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1
- HelpLink = "https://www.{BLOCKED}installer.com/support"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1
- URLUpdateInfo = "https://www.{BLOCKED}installer.com/products/revo-uninstaller-pro"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1
- NoModify = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1
- NoRepair = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1
- InstallDate = "20191207"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1
- MajorVersion = "4"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1
- MinorVersion = "2"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1
- VersionMajor = "4"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1
- VersionMinor = "2"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1
- EstimatedSize = "64470"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
- {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} = "Revo Uninstaller Pro Extension"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1D928D64-60D3-4FAC-B810-C4D9D8A680CF}
- (Default) = "RUExt"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\RUExt.DLL
- AppID = "{1D928D64-60D3-4FAC-B810-C4D9D8A680CF}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C5515DC-2A7E-4BFD-B813-CACC2B685EB7}
- (Default) = "RUShellExt Class"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C5515DC-2A7E-4BFD-B813-CACC2B685EB7}\InprocServer32
- (Default) = "%System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C5515DC-2A7E-4BFD-B813-CACC2B685EB7}\InprocServer32
- ThreadingModel = "Apartment"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers\RUShellExt
- (Default) = "{2C5515DC-2A7E-4BFD-B813-CACC2B685EB7}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Msi.Package\shellex\ContextMenuHandlers\RUShellExt
- (Default) = "{2C5515DC-2A7E-4BFD-B813-CACC2B685EB7}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\RUShellExt
- (Default) = "{2C5515DC-2A7E-4BFD-B813-CACC2B685EB7}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\RUShellExt
- (Default) = "{2C5515DC-2A7E-4BFD-B813-CACC2B685EB7}"
- In HKEY_LOCAL_MACHINE\SYSTEM\Setup\SetupapiLogStatus
- setupapi.app.log = "4096"
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Revoflt\Instances
- DefaultInstance = "Revoflt - Top Instance"
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Revoflt\Instances\Revoflt - Top Instance
- Altitude = "370330"
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Revoflt\Instances\Revoflt - Top Instance
- Flags = "0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
- GlobalAssocChangedCounter = "41"
- In HKEY_CURRENT_USER\Software\Mirage\LicenceProtector\Log
- LoggingEnabled = "0"
- In HKEY_CURRENT_USER\Software\Mirage\LicenceProtector\Log
- ErrorShowEnabled = "1"
- In HKEY_CURRENT_USER\Software\Mirage\LicenceProtector\Log
- LogLevel = "256"
- In HKEY_CURRENT_USER\Software\Mirage\LicenceProtector\Log
- LogPath = "%System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\log"
- In HKEY_CURRENT_USER\Software\Mirage\LicenceProtector\Log
- LogFileNameHeader = ""
- In HKEY_CURRENT_USER\Software\Mirage\LicenceProtector\Log
- LogFileNameDateFormat = "yyyy-mm-dd-hh"
- In HKEY_CURRENT_USER\Software\Mirage\LicenceProtector\Log
- LogFileNameEnding = ".log"
- In HKEY_CURRENT_USER\Software\Mirage\LicenceProtector\Log
- MinLogFiles = "10"
- In HKEY_CURRENT_USER\Software\Mirage\LicenceProtector\Log
- MinLogDays = "50"
- In HKEY_CURRENT_USER\Software\Mirage\LicenceProtector\Log
- MaxLogSpaceInKB = "3000"
- In HKEY_CURRENT_USER\Software\Mirage\LicenceProtector\Log
- IntervalDaysCheckLog = "7"
- In HKEY_CURRENT_USER\Software\Mirage\LicenceProtector\Log
- AutoDeleteLogFiles = "0"
- In HKEY_CURRENT_USER\Software\Mirage\LicenceProtector\Log
- LogTimer = "1"
- In HKEY_CURRENT_USER\Software\Mirage\LicenceProtector\Log
- LogDebugError = "1"
- In HKEY_CURRENT_USER\Software\Mirage\LicenceProtector\Log
- ShowDebugError = "1"
- In HKEY_CURRENT_USER\Software\Mirage\LicenceProtector\Log
- LogInfoError = "1"
- In HKEY_CURRENT_USER\Software\Mirage\LicenceProtector\Log
- ShowInfoError = "1"
- In HKEY_CURRENT_USER\Software\Mirage\LicenceProtector\Log
- LogNormalError = "1"
- In HKEY_CURRENT_USER\Software\Mirage\LicenceProtector\Log
- ShowNormalError = "1"
- In HKEY_CURRENT_USER\Software\Mirage\LicenceProtector\Log
- LogBadError = "1"
- In HKEY_CURRENT_USER\Software\Mirage\LicenceProtector\Log
- ShowBadError = "1"
- In HKEY_CURRENT_USER\Software\Mirage\LicenceProtector\Log
- LogInternalError = "1"
- In HKEY_CURRENT_USER\Software\Mirage\LicenceProtector\Log
- ShowInternalError = "1"
- In HKEY_CURRENT_USER\Software\Mirage\LicenceProtector\Log
- LogCriticalError = "1"
- In HKEY_CURRENT_USER\Software\Mirage\LicenceProtector\Log
- ShowCriticalError = "1"
- In HKEY_CURRENT_USER\Software\Mirage\LicenceProtector\Log
- LogDeadlyError = "1"
- In HKEY_CURRENT_USER\Software\Mirage\LicenceProtector\Log
- ShowDeadlyError = "1"
- In HKEY_CURRENT_USER\Software\Mirage\LicenceProtector\Log
- LogDebug = "1"
- In HKEY_CURRENT_USER\Software\Mirage\LicenceProtector\Log
- LogInformation = "1"
- In HKEY_CURRENT_USER\Software\Mirage\LicenceProtector\Log
- LogUserAction = "1"
- In HKEY_CURRENT_USER\Software\Mirage\LicenceProtector\Log
- LogWarn = "1"
- In HKEY_CURRENT_USER\Software\Mirage\LicenceProtector\Log
- LogError = "1"
- In HKEY_CURRENT_USER\Software\Mirage\LicenceProtector\Log
- LogCallstack = "0"
- In HKEY_CURRENT_USER\Software\Mirage\LicenceProtector\Log
- StacksizeMax = "200"
- In HKEY_CURRENT_USER\Software\Mirage\LicenceProtector\Log
- StacksizeMin = "50"
- In HKEY_CURRENT_USER\Software\Mirage\LicenceProtector\Log
- StacksizeDel = "100"
- In HKEY_CURRENT_USER\Software\Mirage\LicenceProtector\Log
- StackRemoved = "**REMOVED**"
- In HKEY_CURRENT_USER\Software\Mirage\LicenceProtector\Log
- StackSearch = "20"
- In HKEY_CURRENT_USER\Software\Mirage\LicenceProtector\Log
- UseIndention = "1"
- In HKEY_CURRENT_USER\Software\Mirage\LicenceProtector\Log
- Indention = " "
- In HKEY_CURRENT_USER\Software\Mirage\LicenceProtector\Log
- StackStep = "20"
- In HKEY_CURRENT_USER\Software\Mirage\LicenceProtector\Log
- DebugS = ""
- In HKEY_CURRENT_USER\Software\Mirage\LicenceProtector\Log
- NextLogCheck = "\x00\x00\x00\x00\xa0d\xe5@"
- In HKEY_CURRENT_USER\Software\Mirage\LicenceProtector\Log
- RollingMode = "2"
- In HKEY_CURRENT_USER\Software\Mirage\LicenceProtector\Log
- NoOfRollingFilesToKeep = "10"
- In HKEY_CURRENT_USER\Software\Mirage\LicenceProtector\Log
- LogPath = "%Application Data%\ruplp\log"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Lptr
- LastUsedLM = "\x00\x00\x00\x00\x00\x00\x00\x00"
- In HKEY_CURRENT_USER\Software\Mirage\LicenceProtector
- UseMAPI = "0"
- In HKEY_CURRENT_USER\Software\Microsoft\Lptr
- LastUsedCU = "\x00\x00\x00\x00\x00\x00\x00\x00"
- In HKEY_CURRENT_USER\Software\Mirage\LicenceProtector
- ShowModuleIDinViewer = "0"
- In HKEY_CURRENT_USER\Software\Mirage\LicenceProtector
- MaxCharsForMailTo = "3000"
- In HKEY_CURRENT_USER\Software\Mirage\LicenceProtector
- LPColor = "10736554"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{58DF91C9-795D-4356-9568-7F149ED299B4}
- (Default) = "ILicProtectorEXE510"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{58DF91C9-795D-4356-9568-7F149ED299B4}\ProxyStubClsid32
- (Default) = "{00020424-0000-0000-C000-000000000046}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{58DF91C9-795D-4356-9568-7F149ED299B4}\TypeLib
- (Default) = "{37B86290-9C1A-453F-BFA7-CB6EC9CEC00F}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{58DF91C9-795D-4356-9568-7F149ED299B4}\TypeLib
- Version = "5.1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DD72B942-27D2-4A3C-9353-FA0441FBABA0}
- (Default) = "LicProtector Object"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DD72B942-27D2-4A3C-9353-FA0441FBABA0}\LocalServer32
- (Default) = "%System Root%\PROGRA~1\VSREVO~1\REVOUN~1\ruplp.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LicProtector.LicProtectorEXE510
- (Default) = "LicProtector Object"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\LicProtector.LicProtectorEXE510\Clsid
- (Default) = "{DD72B942-27D2-4A3C-9353-FA0441FBABA0}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DD72B942-27D2-4A3C-9353-FA0441FBABA0}\ProgID
- (Default) = "LicProtector.LicProtectorEXE510"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DD72B942-27D2-4A3C-9353-FA0441FBABA0}\Version
- (Default) = "5.1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DD72B942-27D2-4A3C-9353-FA0441FBABA0}\TypeLib
- (Default) = "{37B86290-9C1A-453F-BFA7-CB6EC9CEC00F}"
- In HKEY_CURRENT_USER\Software\VS Revo Group\Revo Uninstaller Pro\Uninstaller\RunCache
- Run Version = "1"
- In HKEY_CURRENT_USER\Software\VS Revo Group\Revo Uninstaller Pro\View
- Show Startup Splash = "1"
- In HKEY_CURRENT_USER\Software\VS Revo Group\Revo Uninstaller Pro\General
- VFR = "0"
- In HKEY_CURRENT_USER\Software\VS Revo Group\Revo Uninstaller Pro\RUExt
- in = "Install with Revo Uninstaller Pro"
- In HKEY_CURRENT_USER\Software\VS Revo Group\Revo Uninstaller Pro\RUExt
- inh = "Install selected program with Revo Uninstaller Pro"
- In HKEY_CURRENT_USER\Software\VS Revo Group\Revo Uninstaller Pro\RUExt
- un = "Uninstall with Revo Uninstaller Pro"
- In HKEY_CURRENT_USER\Software\VS Revo Group\Revo Uninstaller Pro\RUExt
- unh = "Uninstall selected program with Revo Uninstaller Pro"
- In HKEY_CURRENT_USER\Software\VS Revo Group\Revo Uninstaller Pro\General
- SUQ = "{random characters}"
- In HKEY_CURRENT_USER\Software\VS Revo Group\Revo Uninstaller Pro\Uninstaller
- New programs type = "0"
- In HKEY_CURRENT_USER\Software\VS Revo Group\Revo Uninstaller Pro\Uninstaller
- New Days = "7"
- In HKEY_CURRENT_USER\Software\VS Revo Group\Revo Uninstaller Pro\Uninstaller\AllProgs
- Use Reg Install Date = "0"
- In HKEY_CURRENT_USER\Software\VS Revo Group\Revo Uninstaller Pro\Uninstaller\AppBar
- LogsDir = "%AppDataLocal%\VS Revo Group\Revo Uninstaller Pro\Logs"
- In HKEY_CURRENT_USER\Software\VS Revo Group\Revo Uninstaller Pro\Uninstaller\AllProgs\FolderExclude\%AppDataLocal%\VS Revo Group\Revo Uninstaller Pro
- Logs = "1"
Step 5
Restaurar este valor del Registro modificado
Importante: si modifica el Registro de Windows incorrectamente, podría hacer que el sistema funcione mal de manera irreversible. Lleve a cabo este paso solo si sabe cómo hacerlo o si puede contar con ayuda de su administrador del sistema. De lo contrario, lea este artículo de Microsoft antes de modificar el Registro del equipo.
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\GroupOrderList
- From: FSFilter Activity Monitor = "\x02\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00"
To: FSFilter Activity Monitor = ""{random values}""
- From: FSFilter Activity Monitor = "\x02\x00\x00\x00\x01\x00\x00\x00\x02\x00\x00\x00"
Step 6
Buscar y eliminar estos archivos
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\english.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\unins000.dat
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\hungarian.ini
- %AppDataLocal%\Microsoft\Internet Explorer\Recovery\High\Active\{062CADCC-1876-11EA-B077-005056BC6DD2}.dat
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\bulgarian.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\russian.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-8523F.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-1MOTQ.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\traditionalchinese.ini
- %All Users Profile%\VS Revo Group\Revo Uninstaller Pro\is-VNRT4.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\persian.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\czech.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-LHLEP.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\japanese.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-BJ27F.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\serbianLatin.ini
- %All Users Profile%\VS Revo Group\Revo Uninstaller Pro\revouninstallerpro4.lic
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\polish.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-LUVIR.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-BM5FC.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\macedonian.ini
- %AppDataLocal%\Microsoft\Internet Explorer\DomainSuggestions\en-US.6
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-S4HU7.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\hellenic.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-A8IA1.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoAppBar.exe
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-SMIT9.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\is-UC4OR.tmp
- %All Users Profile%\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Revo Uninstaller Pro.lnk
- %AppDataLocal%\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FB717DF6-1875-11EA-B077-005056BC6DD2}.dat
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\albanian.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-RAAK3.tmp
- %All Users Profile%\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Uninstall Revo Uninstaller Pro.lnk
- %System Root%\~kficfbj.tmp
- %All Users Profile%\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Revo Uninstaller Pro Help.lnk
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\hindi.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\german.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\is-FFJNS.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-2C36M.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\dutch.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-1DFAH.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-Q0KFM.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\is-U61A6.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\is-CSSK9.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-N594B.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\rupilogs.rupldb
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-V1OTL.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-CMARQ.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\danish.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\revoflt.sys
- %System Root%\Users\Public\Desktop\Revo Uninstaller Pro.lnk
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\spanish.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\turkish.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\License.txt
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\simplifiedchinese.ini
- %AppDataLocal%\VS Revo Group\Revo Uninstaller Pro\data\cachedata.dat
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\serbian.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\bengali.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\swedish.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-A8G32.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-1HG1Q.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\is-V0AU7.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\unins000.exe
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-AV1TR.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-G0ACT.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\finnish.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\portuguesebrazil.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoCmd.exe
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\portuguese_standard.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-PJT6J.tmp
- %AppDataLocal%\Microsoft\Internet Explorer\MSIMGSIZ.DAT
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\armenian.ini
- %All Users Profile%\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Revo Uninstaller Pro on the Web.url
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-JN7OV.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\estonian.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-2GPMB.tmp
- %AppDataLocal%\Microsoft\Internet Explorer\DOMStore\3UYAQU1F\www.revouninstaller[1].xml
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\hebrew.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-3857Q.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-OHN8T.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-TILPE.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-C080K.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\Revo Uninstaller Pro Help.pdf
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-IVVQO.tmp
- %Application Data%\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\ukrainian.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\norwegian.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\romanian.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\is-GLS0P.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-B6OMB.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\ruplp.exe
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\kurdish.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\slovenian.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-29NIS.tmp
- %AppDataLocal%\Microsoft\Internet Explorer\imagestore\joppu72\imagestore.dat
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\reg_lp.bat
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-31831.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\arabic.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-89N4B.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\revoflt.inf
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-4CU3T.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\azerbaijani.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-B52M6.tmp
- %Windows%\inf\setupapi.app.log
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-FU5UD.tmp
- %AppDataLocal%\Microsoft\Windows\Explorer\ExplorerStartupLog_RunOnce.etl
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\is-PPR02.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-67EM9.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-FFMQ0.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-KFLL8.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\is-PIJPR.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-85I06.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\portuguese.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\italiano.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\french.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-L7L5U.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\is-CF2G9.tmp
- %AppDataLocal%\Microsoft\Internet Explorer\Recovery\High\Active\{FB717DF8-1875-11EA-B077-005056BC6DD2}.dat
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\vietnamese.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\is-6EVHH.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\korean.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\hrvatski.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\is-6G55D.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\indonesian.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-RQEUR.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\slovak.ini
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-DM6MG.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\is-ODML9.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-FQQ0I.tmp
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang\is-P4BAK.tmp
Step 7
Buscar y eliminar estas carpetas
- %AppDataLocal%\Microsoft\Internet Explorer\Recovery\High\Active
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro
- %All Users Profile%\VS Revo Group
- %AppDataLocal%\VS Revo Group\Revo Uninstaller Pro
- %All Users Profile%\VS Revo Group\Revo Uninstaller Pro
- %All Users Profile%\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
- %AppDataLocal%\VS Revo Group
- %AppDataLocal%\VS Revo Group\Revo Uninstaller Pro\data
- %Application Data%\Microsoft\Windows\IECompatUACache
- %User Temp%\is-0378N.tmp\_isetup
- %AppDataLocal%\Microsoft\Windows\Explorer
- %Application Data%\Microsoft\Windows\IECompatCache
- %System Root%\Program Files\VS Revo Group\Revo Uninstaller Pro\lang
- %Application Data%\Microsoft\Windows\DNTException
- %AppDataLocal%\Microsoft\Internet Explorer\DomainSuggestions
- %Application Data%\Microsoft\Windows\PrivacIE
- %System Root%\Program Files\VS Revo Group
Step 8
Reinicie en modo normal y explore el equipo con su producto de Trend Micro para buscar los archivos identificados como PUA.Win32.Silentall.A En caso de que el producto de Trend Micro ya haya limpiado, eliminado o puesto en cuarentena los archivos detectados, no serán necesarios más pasos. Puede optar simplemente por eliminar los archivos en cuarentena. Consulte esta página de Base de conocimientos para obtener más información.
Step 9
Restaurar este archivo a partir de una copia de seguridad Solo se pueden restaurar los archivos relacionados con Microsoft. En caso de que este malware/grayware/spyware también haya eliminado archivos relativos a programas que no sean de Microsoft, vuelva a instalar los programas en cuestión en el equipo.
- %AppDataLocal%\Microsoft\Windows\Explorer\ExplorerStartupLog_RunOnce.etl
Step 10
Restore this file from backup only Microsoft-related files will be restored. If this malware/grayware also deleted files related to programs that are not from Microsoft, please reinstall those programs on you computer again.
- %All Users Profile%\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Revo Uninstaller Pro Help.url
- %System Root%\Users\Public\Desktop\Revo Uninstaller Pro.url
- %Application Data%\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.url
- %All Users Profile%\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Revo Uninstaller Pro on the Web.lnk
- %All Users Profile%\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Uninstall Revo Uninstaller Pro.url
- %All Users Profile%\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Revo Uninstaller Pro.url
- %Application Data%\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.pif
- %System Root%\Users\Public\Desktop\Revo Uninstaller Pro.pif
- %All Users Profile%\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Revo Uninstaller Pro Help.pif
- %All Users Profile%\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Revo Uninstaller Pro.pif
- %All Users Profile%\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Uninstall Revo Uninstaller Pro.pif
- %All Users Profile%\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Revo Uninstaller Pro on the Web.pif
- %AppDataLocal%Low\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
Step 11
Restore these deleted registry keys/values from backup
*Note: Only Microsoft-related keys/values will be restored. If the malware/grayware also deleted registry keys/values related to programs that are not from Microsoft, please reinstall those programs on your computer.
- In HKEY_CURRENT_USER\Software\VS Revo Group\Revo Uninstaller Pro\General
- TE
- In HKEY_CURRENT_USER\Software\VS Revo Group\Revo Uninstaller Pro\General
- TED
- In HKEY_CURRENT_USER\Software\VS Revo Group\Revo Uninstaller Pro\General
- TEM
- In HKEY_CURRENT_USER\Software\VS Revo Group\Revo Uninstaller Pro\General
- TEY
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
- GrpConv
Sondaggio