解析者: John Anthony Banes   
 プラットフォーム:

Windows

 危険度:
 ダメージ度:
 感染力:
 感染確認数:
 情報漏えい:

  • マルウェアタイプ:
    潜在的に迷惑なアプリケーション

  • 破壊活動の有無:
    なし

  • 暗号化:
     

  • 感染報告の有無 :
    はい

  概要

プログラムは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。 プログラムは、ユーザの手動インストールにより、コンピュータに侵入します。

  詳細

ファイルサイズ 14,937,152 bytes
タイプ EXE
メモリ常駐 なし
発見日 2018年1月15日

侵入方法

プログラムは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。

プログラムは、ユーザの手動インストールにより、コンピュータに侵入します。

インストール

プログラムは、以下のファイルを作成します。

  • %Application Data%\ESTsoft\ALUpdate\Log\ALUpdate.log
  • %Application Data%\ESTsoft\Cooperation\shopping_zum.ico
  • %Program Files%\ESTsoft\ALUpdate\알툴즈 업데이트.lnk
  • %Program Files%\ESTsoft\ALUpdate\ALAd.dll
  • %Program Files%\ESTsoft\ALUpdate\ALUpdate.exe
  • %Program Files%\ESTsoft\ALUpdate\ALUpdateEx.dll
  • %Program Files%\ESTsoft\ALUpdate\ALUpExt.exe
  • %Program Files%\ESTsoft\ALUpdate\ALUpProduct.exe
  • %Program Files%\ESTsoft\ALUpdate\AZMain.dll
  • %Program Files%\ESTsoft\ALUpdate\Banner.ini
  • %Program Files%\ESTsoft\ALUpdate\cacerts.pem
  • %Program Files%\ESTsoft\ALUpdate\eausvc.exe
  • %Program Files%\ESTsoft\ALUpdate\ezt.exe
  • %Program Files%\ESTsoft\ALUpdate\ko-kr.dll
  • %Program Files%\ESTsoft\ALUpdate\ns{random characters}.tmp
  • %Program Files%\ESTsoft\ALUpdate\Simple_ALUpdate.gif
  • %Program Files%\ESTsoft\ALUpdate\Simple_Co.gif
  • %Program Files%\ESTsoft\ALUpdate\Simple_Public.gif
  • %Program Files%\ESTsoft\ALUpdate\unins000.exe
  • %Program Files%\ESTsoft\ALZip\알집.lnk
  • %Program Files%\ESTsoft\ALZip\7za.dll
  • %Program Files%\ESTsoft\ALZip\About.swf
  • %Program Files%\ESTsoft\ALZip\ALAd.dll
  • %Program Files%\ESTsoft\ALZip\ALMountConn.dll
  • %Program Files%\ESTsoft\ALZip\ALMountDrv.sys
  • %Program Files%\ESTsoft\ALZip\ALMountDrv64.sys
  • %Program Files%\ESTsoft\ALZip\ALMountService.exe
  • %Program Files%\ESTsoft\ALZip\ALMountTray.exe
  • %Program Files%\ESTsoft\ALZip\ALSTS.dll
  • %Program Files%\ESTsoft\ALZip\ALUpdate.dll
  • %Program Files%\ESTsoft\ALZip\ALZip.exe
  • %Program Files%\ESTsoft\ALZip\ALZipCon.exe
  • %Program Files%\ESTsoft\ALZip\ALZipIcon.dll
  • %Program Files%\ESTsoft\ALZip\AZCTM.dll
  • %Program Files%\ESTsoft\ALZip\AZCTM64.dll
  • %Program Files%\ESTsoft\ALZip\Banner\DefBanner2.gif
  • %Program Files%\ESTsoft\ALZip\Banner\DefBanner3.gif
  • %Program Files%\ESTsoft\ALZip\Cabinet.dll
  • %Program Files%\ESTsoft\ALZip\Coders\AZO.dll
  • %Program Files%\ESTsoft\ALZip\Coders\BZ2.dll
  • %Program Files%\ESTsoft\ALZip\Coders\Coder7z.dll
  • %Program Files%\ESTsoft\ALZip\Coders\Deflate.dll
  • %Program Files%\ESTsoft\ALZip\Coders\Implode.dll
  • %Program Files%\ESTsoft\ALZip\Coders\LZH.dll
  • %Program Files%\ESTsoft\ALZip\Coders\LZMA.dll
  • %Program Files%\ESTsoft\ALZip\Coders\PPMD.dll
  • %Program Files%\ESTsoft\ALZip\dbghelp.dll
  • %Program Files%\ESTsoft\ALZip\ECRSC.dll
  • %Program Files%\ESTsoft\ALZip\ECRSC_KR.dll
  • %Program Files%\ESTsoft\ALZip\EGGSFX.sfx
  • %Program Files%\ESTsoft\ALZip\EULA.rtf
  • %Program Files%\ESTsoft\ALZip\Formats\7z.dll
  • %Program Files%\ESTsoft\ALZip\Formats\Ace.dll
  • %Program Files%\ESTsoft\ALZip\Formats\Alz.dll
  • %Program Files%\ESTsoft\ALZip\Formats\BZip.dll
  • %Program Files%\ESTsoft\ALZip\Formats\Cab.dll
  • %Program Files%\ESTsoft\ALZip\Formats\CDImage.dll
  • %Program Files%\ESTsoft\ALZip\Formats\Egg.dll
  • %Program Files%\ESTsoft\ALZip\Formats\ETC.dll
  • %Program Files%\ESTsoft\ALZip\Formats\GZip.dll
  • %Program Files%\ESTsoft\ALZip\Formats\Lha.dll
  • %Program Files%\ESTsoft\ALZip\Formats\Rar.dll
  • %Program Files%\ESTsoft\ALZip\Formats\Tar.dll
  • %Program Files%\ESTsoft\ALZip\Formats\Zip.dll
  • %Program Files%\ESTsoft\ALZip\gdiplus.dll
  • %Program Files%\ESTsoft\ALZip\icudt42.dll
  • %Program Files%\ESTsoft\ALZip\icuuc42.dll
  • %Program Files%\ESTsoft\ALZip\LGPL.txt
  • %Program Files%\ESTsoft\ALZip\libETC.dll
  • %Program Files%\ESTsoft\ALZip\License.txt
  • %Program Files%\ESTsoft\ALZip\MFC90KOR.dll
  • %Program Files%\ESTsoft\ALZip\mfc90u.dll
  • %Program Files%\ESTsoft\ALZip\Microsoft.VC90.CRT.manifest
  • %Program Files%\ESTsoft\ALZip\Microsoft.VC90.MFC.manifest
  • %Program Files%\ESTsoft\ALZip\Microsoft.VC90.MFCLOC.manifest
  • %Program Files%\ESTsoft\ALZip\msvcp90.dll
  • %Program Files%\ESTsoft\ALZip\msvcr90.dll
  • %Program Files%\ESTsoft\ALZip\NewEgg.dat
  • %Program Files%\ESTsoft\ALZip\NewZip.dat
  • %Program Files%\ESTsoft\ALZip\ns{random characters}.tmp
  • %Program Files%\ESTsoft\ALZip\readme.txt
  • %Program Files%\ESTsoft\ALZip\splash.bmp
  • %Program Files%\ESTsoft\ALZip\Styles\Office2013.dll
  • %Program Files%\ESTsoft\ALZip\ToolkitPro.ResourceKo.dll
  • %Program Files%\ESTsoft\ALZip\ToolkitPro1640vc90U.dll
  • %Program Files%\ESTsoft\ALZip\unacev2.dll
  • %Program Files%\ESTsoft\ALZip\unins000.exe
  • %Program Files%\ESTsoft\ALZip\unrar.dll
  • %Program Files%\ESTsoft\Common\ALSTSCollector.exe
  • %Program Files%\ESTsoft\Common\ezt.exe
  • %Program Files%\ESTsoft\Common\ns{random characters}.tmp
  • %Start Menu%\알집.lnk
  • %System Root%\Users\Public\Desktop\알집.lnk
  • %User Temp%\ns{random characters}.tmD\EstUrl.dll
  • %User Temp%\ns{random characters}.tmD\newadvsplash.dll
  • %User Temp%\ns{random characters}.tmD\PromotionSetter.dll
  • %User Temp%\ns{random characters}.tmD\StartInfo.htm
  • %User Temp%\ns{random characters}.tmD\stext
  • %User Temp%\ns{random characters}.tmp

(註:%Application Data%フォルダは、Windows 2000、XP および Server 2003 の場合、通常 "C:\Documents and Settings\<ユーザ名>\Local Settings\Application Data"、Windows Vista 、 7 、8、8.1 、Server 2008 および Server 2012の場合、"C:\Users\<ユーザ名>\AppData\Roaming" です。.. %Program Files%フォルダは、プログラムファイルのフォルダで、いずれのオペレーティングシステム(OS)でも通常、 "C:\Program Files"、64bitのOS上で32bitのアプリケーションを実行している場合、 "C:\Program Files (x86)" です。.. %Start Menu%フォルダは、Windows 2000、XP および Server 2003 の場合、通常、"C:\Windows\Start Menu" または "C:\Documents and Settings\<ユーザ名>\Start Menu"、Windows Vista 、 7 、8、8.1 、Server 2008 および Server 2012の場合、"C:\Users\<ユーザ名>\AppData\Roaming\Microsoft\Windows\Start Menu" です。.. %System Root%フォルダは、オペレーティングシステム(OS)が存在する場所で、いずれのOSでも通常、 "C:" です。.. %User Temp%フォルダは、ユーザの一時フォルダで、Windows 2000、XP および Server 2003 の場合、通常、"C:\Documents and Settings\<ユーザー名>\Local Settings\Temp"、Windows Vista 、 7 、8、8.1 、Server 2008 および Server 2012の場合、"C:\Users\<ユーザ名>\AppData\Local\Temp" です。.)

プログラムは、以下のフォルダを作成します。

  • %Application Data%\ESTsoft
  • %Application Data%\ESTsoft\ALUpdate
  • %Application Data%\ESTsoft\ALUpdate\Log
  • %Application Data%\ESTsoft\Cooperation
  • %Program Files%\ESTsoft
  • %Program Files%\ESTsoft\ALUpdate
  • %Program Files%\ESTsoft\ALZip
  • %Program Files%\ESTsoft\ALZip\Banner
  • %Program Files%\ESTsoft\ALZip\Coders
  • %Program Files%\ESTsoft\ALZip\Formats
  • %Program Files%\ESTsoft\ALZip\Styles
  • %Program Files%\ESTsoft\Common
  • %User Temp%\ns{random characters}.tmD

(註:%Application Data%フォルダは、Windows 2000、XP および Server 2003 の場合、通常 "C:\Documents and Settings\<ユーザ名>\Local Settings\Application Data"、Windows Vista 、 7 、8、8.1 、Server 2008 および Server 2012の場合、"C:\Users\<ユーザ名>\AppData\Roaming" です。.. %Program Files%フォルダは、プログラムファイルのフォルダで、いずれのオペレーティングシステム(OS)でも通常、 "C:\Program Files"、64bitのOS上で32bitのアプリケーションを実行している場合、 "C:\Program Files (x86)" です。.. %User Temp%フォルダは、ユーザの一時フォルダで、Windows 2000、XP および Server 2003 の場合、通常、"C:\Documents and Settings\<ユーザー名>\Local Settings\Temp"、Windows Vista 、 7 、8、8.1 、Server 2008 および Server 2012の場合、"C:\Users\<ユーザ名>\AppData\Local\Temp" です。.)

他のシステム変更

プログラムは、以下のレジストリキーを追加します。

HKEY_CURRENT_USER\Software\ESTsoft

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.001

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.7z

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.ace

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.alz

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.arc

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.arj

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.b64

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bh

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bhx

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bin

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bz

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bz2

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.cab

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.ear

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.egg

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.enc

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.gz

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.ha

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.hqx

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.ice

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.img

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.iso

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.jar

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.lcd

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.lha

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.lzh

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.mim

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.nrg

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.pak

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.rar

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tar

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tbz

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tbz2

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tgz

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.uu

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.uue

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.war

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.xxe

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.xz

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.z

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.zip

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.zoo

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SOFTWARE\ESTsoft\ALZip

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALBanner

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALSTS

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALUpdate

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities

プログラムは、以下のレジストリ値を追加します。

HKEY_CURRENT_USER\Software\ESTsoft\
ALUpdate
(Default) = ""

HKEY_CURRENT_USER\Software\ESTsoft\
ALUpdate
language = "ko-KR"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip
(Default) = ""

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip
LanguageResource = ""

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip
RootDir = "%Program Files%\ESTsoft\ALZip"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip
Version = "10.73"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
AutoCloseCompress = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
AutoCloseExtract = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
AutoTestResultType = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
AutoTestType = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
CascadedContextMenu = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
CheckUsedIcon = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
CompressionTempPath = ""

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
CompressionTempPathType = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuExtra1 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuExtra1_2 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuExtra1_3 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuExtra2 = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuExtra2_2 = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuExtra2_3 = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuExtra3 = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuExtra3_2 = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuExtra3_3 = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuExtra4 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuExtra4_2 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuExtra4_3 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuExtra5 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuExtra5_2 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuExtra5_3 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive1 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive1_2 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive1_3 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive2 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive2_2 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive2_3 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive3 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive3_2 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive3_3 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive4 = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive4_2 = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive4_3 = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive5 = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive5_2 = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive5_3 = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive6 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive6_2 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive6_3 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive7 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive7_2 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnArchive7_3 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnFiles1 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnFiles1_2 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnFiles1_3 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnFiles2 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnFiles2_2 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnFiles2_3 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnFiles3 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnFiles3_2 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ContextMenuOnFiles3_3 = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
CreateFilenameFolderUnderSelectedFolder = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
DefaultArchiveFormat = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
DefaultProgram = ""

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
DefaultSplitSizeType = "2"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ExecuteDefPrgIfNotRegisteredPrg = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ExtensionCheckRule = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ExtractLastPath = ""

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
LastCompressFormat = "zip"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
LastThreadCount = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ListViewSortIndex = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ListViewStyle = "3"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
MainBottomSectionSize = "100"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
MainLeftSectionSize = "206"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
MyDefaultFolder = "."

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
MyDefaultFolderType = "3"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
NewArchiveDialogExpanded = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
NoMsgDeletingTempFiles = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
NoShowAttachMailMsg = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
OpenDialogIncFullPath = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
OpenDialogIncSubFolders = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
OpenFolderAfterExtract = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ReplaceDialogAll = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ReplaceDialogDoType = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ReplaceDialogOverwriteType = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ScanVirusOnExtracting = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
SearchIgnoreCase = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ShowArchiveComment = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ShowColumnAttribute = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ShowColumnComment = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ShowColumnCRC = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ShowColumnDirectory = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ShowColumnMethod = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ShowColumnModifiedDate = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ShowColumnPackedSize = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ShowColumnRatio = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ShowColumnType = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ShowColumnUnpackedSize = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ShowColumnVolume = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ShowLeftSection = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ShowStatusBar = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
ShowToolBar = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
SmartTarGz = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
SortColumn = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
SpecifiedProgram = "notepad.exe"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
SpeedExtractorType = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
UnassociateExtensions = ""

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
UseContextMenu = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
UseFullRowSelect = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
UsePasswordMask = "1"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
UseSmartHeaderCheck = "0"

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
VirusScanner = ""

HKEY_CURRENT_USER\Software\ESTsoft\
ALZip\Config
VirusScannerParam = ""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip
(Default) = ""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.001\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,34"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.001\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.001\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.7z\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,35"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.7z\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.7z\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.ace\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,3"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.ace\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.ace\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.alz\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,1"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.alz\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.alz\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.alz\ShellEx\DropHandler
(Default) = "{4EB37360-49E8-11D3-95B5-004033382980}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.arc\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,4"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.arc\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.arc\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.arj\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,5"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.arj\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.arj\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.b64\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,6"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.b64\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.b64\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bh\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,7"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bh\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bh\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bhx\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,8"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bhx\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bhx\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bin\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,9"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bin\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bin\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bz\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,38"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bz\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bz\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bz2\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,10"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bz2\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.bz2\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.cab\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,11"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.cab\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.cab\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.ear\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,12"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.ear\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.ear\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.egg\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,36"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.egg\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.egg\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.egg\ShellEx\DropHandler
(Default) = "{4EB37360-49E8-11D3-95B5-004033382980}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.enc\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,13"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.enc\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.enc\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.gz\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,14"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.gz\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.gz\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.ha\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,15"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.ha\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.ha\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.hqx\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,16"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.hqx\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.hqx\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.ice\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,17"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.ice\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.ice\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.img\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,39"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.img\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.img\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.iso\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,18"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.iso\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.iso\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.jar\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,19"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.jar\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.jar\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.jar\ShellEx\DropHandler
(Default) = "{4EB37360-49E8-11D3-95B5-004033382980}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.lcd\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,20"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.lcd\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.lcd\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.lha\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,21"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.lha\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.lha\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.lha\ShellEx\DropHandler
(Default) = "{GUID}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.lzh\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,22"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.lzh\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.lzh\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.lzh\ShellEx\DropHandler
(Default) = "{GUID}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.mim\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,23"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.mim\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.mim\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.nrg\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,40"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.nrg\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.nrg\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.pak\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,24"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.pak\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.pak\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.rar\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,25"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.rar\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.rar\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tar\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,26"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tar\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tar\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tar\ShellEx\DropHandler
(Default) = "{GUID}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tbz\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,37"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tbz\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tbz\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tbz\ShellEx\DropHandler
(Default) = "{GUID}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tbz2\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,37"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tbz2\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tbz2\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tbz2\ShellEx\DropHandler
(Default) = "{GUID}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tgz\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,27"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tgz\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tgz\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.tgz\ShellEx\DropHandler
(Default) = "{GUID}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.uu\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,28"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.uu\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.uu\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.uue\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,28"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.uue\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.uue\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.war\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,29"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.war\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.war\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.xxe\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,30"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.xxe\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.xxe\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.xz\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,41"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.xz\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.xz\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.z\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,31"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.z\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.z\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.zip\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,32"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.zip\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.zip\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.zip\ShellEx\DropHandler
(Default) = "{GUID}"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.zoo\DefaultIcon
(Default) = "%Program Files%\ESTsoft\ALZip\ALZipIcon.dll,33"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.zoo\Shell\Open
FriendlyAppName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ALZip.zoo\Shell\Open\
Command
(Default) = "%Program Files%\ESTsoft\ALZip\ALZip.exe "%1""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SOFTWARE\ESTsoft\ALZip
(Default) = ""

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALBanner
Locale = "ko-KR"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALSTS
(Default) = ""

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALSTS
Locale = "ko-KR"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALSTS
RootDir = "%Program Files%\ESTsoft\Common"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALSTS
WebService = "http://{BLOCKED}R.{BLOCKED}S.altools.com/ALSTSService.asmx"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALUpdate
(Default) = ""

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALUpdate
language = "ko-KR"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALUpdate
RootDir = "%Program Files%\ESTsoft\ALUpdate"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALUpdate
WebService = "http://ko-KR.alupdate.altools.com/UpdateService.asmx"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip
(Default) = ""

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip
AdditionalVersion = ""

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip
ALUpdatePlan = "U"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip
EULAVersion = "38"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip
FullVersion = "10.73.0.1"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip
LanguageResource = ""

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip
Locale = "ko-KR"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip
ProductNo = "0"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip
RootDir = "%Program Files%\ESTsoft\ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip
Version = "10.73"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities
ApplicationName = "ALZip"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.001 = "ALZip.001"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.7z = "ALZip.7z"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.ace = "ALZip.ace"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.alz = "ALZip.alz"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.arc = "ALZip.arc"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.arj = "ALZip.arj"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.b64 = "ALZip.b64"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.bh = "ALZip.bh"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.bhx = "ALZip.bhx"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.bin = "ALZip.bin"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.bz = "ALZip.bz"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.bz2 = "ALZip.bz2"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.cab = "ALZip.cab"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.ear = "ALZip.ear"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.egg = "ALZip.egg"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.enc = "ALZip.enc"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.gz = "ALZip.gz"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.ha = "ALZip.ha"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.hqx = "ALZip.hqx"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.ice = "ALZip.ice"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.img = "ALZip.img"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.iso = "ALZip.iso"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.jar = "ALZip.jar"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.lcd = "ALZip.lcd"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.lha = "ALZip.lha"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.lzh = "ALZip.lzh"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.mim = "ALZip.mim"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.nrg = "ALZip.nrg"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.pak = "ALZip.pak"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.rar = "ALZip.rar"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.tar = "ALZip.tar"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.tbz = "ALZip.tbz"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.tbz2 = "ALZip.tbz2"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.tgz = "ALZip.tgz"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.uu = "ALZip.uu"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.uue = "ALZip.uue"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.war = "ALZip.war"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.xxe = "ALZip.xxe"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.xz = "ALZip.xz"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.z = "ALZip.z"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.zip = "ALZip.zip"

HKEY_LOCAL_MACHINE\SOFTWARE\ESTsoft\
ALZip\Capabilities\FileAssociations
.zoo = "ALZip.zoo"

その他

プログラムは、以下の不正なWebサイトにアクセスします。

  • http://{BLOCKED}R.{BLOCKED}sinst.altools.com/show/public_addin.aspx
  • http://{BLOCKED}R.{BLOCKED}sinst.altools.com/show/public_addin2.aspx
  • http://{BLOCKED}R.{BLOCKED}sinst.altools.com/start/setupset.aspx
  • http://{BLOCKED}r.{BLOCKED}sinst.altools.com/show/public_run.aspx
  • http://{BLOCKED}r.{BLOCKED}sinst.altools.com/show/public_end_normal.aspx
  • http://{BLOCKED}r.{BLOCKED}sinst.altools.com/show/public_end_addin.aspx
  • http://{BLOCKED}n.{BLOCKED}s.co.kr/Ex_image/EndBanner/partnership/nsis.html
  • http://{BLOCKED}r.{BLOCKED}l.altools.com/InstallerPattern.aspx?url=0&no=2&pd=ALZip&cr=0&sr=0&cv=2.0&ov=8.2.6.1&ch=
  • http://{BLOCKED}n.{BLOCKED}s.co.kr/Ex_image/EndBanner/partnership/css/common.css
  • http://{BLOCKED}n.altools.co.kr/Ex_image/EndBanner/partnership/css/common.css
  • http://{BLOCKED}n.{BLOCKED}ls.co.kr/Ex_image/EndBanner/partnership/images/nisi_bn.png
  • http://{BLOCKED}r.{BLOCKED}teadd.altools.com/icon/shopping_zum.ico
  • http://{BLOCKED}R.{BLOCKED}sinst.altools.com/data/SetData.aspx
  • http://{BLOCKED}r.{BLOCKED}sinst.altools.com/show/public_run.aspx

  対応方法

対応検索エンジン: 9.850

手順 1

Windows XP、Windows Vista および Windows 7 のユーザは、コンピュータからマルウェアもしくはアドウェア等を完全に削除するために、ウイルス検索の実行前には必ず「システムの復元」を無効にしてください。

手順 2

このマルウェアもしくはアドウェア等の実行により、手順中に記載されたすべてのファイル、フォルダおよびレジストリキーや値がコンピュータにインストールされるとは限りません。インストールが不完全である場合の他、オペレーティングシステム(OS)の条件によりインストールがされない場合が考えられます。手順中に記載されたファイル/フォルダ/レジストリ情報が確認されない場合、該当の手順の操作は不要ですので、次の手順に進んでください。

手順 3

「PUA_DOWNAD.GA」で検出したファイル名を確認し、そのファイルを終了します。

[ 詳細 ]

  • すべての実行中プロセスが、Windows のタスクマネージャに表示されない場合があります。この場合、"Process Explorer" などのツールを使用しマルウェアのファイルを終了してください。"Process Explorer" については、こちらをご参照下さい。
  • 検出ファイルが、Windows のタスクマネージャまたは "Process Explorer" に表示されるものの、削除できない場合があります。この場合、コンピュータをセーフモードで再起動してください。
    セーフモードについては、こちらをご参照下さい。
  • 検出ファイルがタスクマネージャ上で表示されない場合、次の手順にお進みください。

手順 4

自身のアンインストールオプションを使用し、「PUA_DOWNAD.GA」を削除します。

[ 詳細 ]
マルウェアのプロセスの削除

手順 5

最新のバージョン(エンジン、パターンファイル)を導入したウイルス対策製品を用い、ウイルス検索を実行してください。「PUA_DOWNAD.GA」と検出したファイルはすべて削除してください。 検出されたファイルが、弊社ウイルス対策製品により既に駆除、隔離またはファイル削除の処理が実行された場合、ウイルスの処理は完了しており、他の削除手順は特にありません。


ご利用はいかがでしたか? アンケートにご協力ください