TROJ_ANONOPS.A

マルウェアは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。

侵入方法

マルウェアは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。

インストール

マルウェアは、感染したコンピュータ内に以下のように自身のコピーを作成します。

• %Application Data%\Diagnostics\diag.exe

(註：%Application Data%フォルダは、Windows 2000、XP および Server 2003 の場合、通常 "C:\Documents and Settings\＜ユーザ名＞\Local Settings\Application Data"、Windows Vista および 7 の場合、"C:\Users\＜ユーザ名＞\AppData\Roaming" です。)

マルウェアは、以下のフォルダを作成します。

• %Application Data%\Diagnostics

(註：%Application Data%フォルダは、Windows 2000、XP および Server 2003 の場合、通常 "C:\Documents and Settings\＜ユーザ名＞\Local Settings\Application Data"、Windows Vista および 7 の場合、"C:\Users\＜ユーザ名＞\AppData\Roaming" です。)

自動実行方法

マルウェアは、自身のコピーがWindows起動時に自動実行されるよう以下のレジストリ値を追加します。

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Windows Diagnostics = "%Application Data%\Diagnostics\diag.exe -re"

他のシステム変更

マルウェアは、以下のファイルを削除します。

• %System Root%\AN3SO29CI0S99X43RHPPBYT60T9VUBZNX3GUZHSF
• %System Root%\JYZ0TJMIY5PR
• %System Root%\WCMYG891
• %System Root%\WP8QFO3TV0
• %User Profile%\Security\V2VRM44LQPFA8191PAS6
• %User Profile%\{AC76BA86-7AD7-1033-7B44-AA0000000001}\05EK8Q3UE
• %User Profile%\{AC76BA86-7AD7-1033-7B44-AA0000000001}\69XKLC13AK0T
• %User Profile%\{AC76BA86-7AD7-1033-7B44-AA0000000001}\3JUY55ERN
• %User Profile%\{AC76BA86-7AD7-1033-7B44-AA0000000001}\setup.exe
• %User Profile%\{AC76BA86-7AD7-1033-7B44-AA0000000001}\W8Q242PIA
• %User Profile%\Application Data\P220RT7OUR7
• %User Profile%\S-1-5-18\2235UE12HTE1GQR2F7N9NCTSRUW1IY6YND7UCLU1R1T2U1Q04PSYXZBWEZZBG236VC9AU
• %User Profile%\Media Player\UMR460T36E65X204LXOX
• %User Profile%\Media Player\AKL9B0OJVLOQ7ZRXTW3OUGOTH
• %User Profile%\Pbk\36C1W3LTPDQ1
• %User Profile%\Pbk\IDRAF549URXENSEF
• %User Profile%\Default Pictures\YNB487Z0A7LS
• %User Profile%\Default Pictures\8Q7C5FK6RKHA8
• %User Profile%\Default Pictures\H1BS2NYC
• %User Profile%\Default Pictures\Y0YX7F1KX
• %User Profile%\Default Pictures\RC7074JIWAIAA
• %User Profile%\Default Pictures\KHH2YK1
• %User Profile%\Default Pictures\HEYK94Z
• %User Profile%\Default Pictures\USLIVSEN4
• %User Profile%\Default Pictures\AR8N1KH2URBB4
• %User Profile%\Default Pictures\AR8N1KH
• %User Profile%\Default Pictures\N5ULNH4L
• %User Profile%\Default Pictures\33HQS9ZT
• %User Profile%\Default Pictures\NECAG3BX
• %User Profile%\Default Pictures\0SQ83SYG
• %User Profile%\Default Pictures\0SQ83SYG0B
• %User Profile%\Default Pictures\GRLD8KTWPI
• %User Profile%\Default Pictures\WP8IDBW3
• %User Profile%\Default Pictures\WP8IDBW3FP0J
• %User Profile%\Default Pictures\93UG00JMPODW9
• %User Profile%\Default Pictures\PUHT5SE2EVVHBSX
• %User Profile%\Default Pictures\Z5L028Z8V8RRQM
• %User Profile%\Default Pictures\CJ0YXXERX7
• %User Profile%\Default Pictures\SHV32PH6MEEO3
• %User Profile%\User Account Pictures\LU4EU6Z5L
• %User Profile%\User Account Pictures\LU4EU6Z5LK1
• %User Profile%\Documents\K7R6TMTP883
• %User Profile%\My Music\RXN7FSY6ADC
• %User Profile%\Sample Music\ACFU9GWQFV4HB73N91OFUGX41O025NR8PYD8MAA1
• %User Profile%\Sample Music\CRSD6DRVNDO
• %User Profile%\Sample Music\TQFIB5U2DK5I5U2GWSRUN4JKOIG8G7R
• %User Profile%\0008044E\V6S002Y7T3P
• %User Profile%\0008044E\PI23SIG5K9BV
• %User Profile%\0008044E\LFBD22ESZNU0
• %User Profile%\0008044E\YTYBXRTB9E8D
• %User Profile%\0008044E\EKKO2IWRYLHY
• %User Profile%\0008044E\R67LPFBA0KVB
• %User Profile%\0008044E\8WUQU7EHPR4V
• %User Profile%\0008044E\8WUQU7EHPR4
• %User Profile%\0008044E\19BTMOWGHWZ
• %User Profile%\0008044E\AK79JW9M59W
• %User Profile%\0008044E\KN3HGCU0MMS
• %User Profile%\0008044E\0MYML4Q8CT1
• %User Profile%\0008044E\D0CJFTCRDKF
• %User Profile%\0008044E\TY7WLK863RO
• %User Profile%\0008044E\WED79HBBJAG
• %User Profile%\My Pictures\99HUPS46NU8
• %User Profile%\Sample Pictures\1RDPOPOW9XXSOZ
• %User Profile%\Sample Pictures\E50NBEBFBOJ
• %User Profile%\Sample Pictures\XR0A539RHD
• %User Profile%\Sample Pictures\075T104VXWVLT2LL
• %User Profile%\Sample Pictures\VCF7PMJQR9
• %User Profile%\My Videos\8Q14CJ6918P
• %User Profile%\DRM\R4TS6Z4TY
• %User Profile%\DRM\73O5BR71O
• %Start Menu%\US7A3W7YF99
• %Start Menu%\Programs\Accessories\Accessibility\D67YXL6AKQA43XQJ1E5967K0
• %Start Menu%\Programs\Accessories\Accessibility\IJ7GBTJV3DS
• %Start Menu%\Programs\Accessories\EBM106WYIU6Q4F
• %Start Menu%\Programs\Accessories\Communications\VI1L6ED9YG7
• %Start Menu%\Programs\Accessories\Communications\XY633BGE6QQC1LJYQ
• %Start Menu%\Programs\Accessories\Communications\M32RK5J8CLRMJNHFLC0L9IK
• %Start Menu%\Programs\Accessories\Communications\ZTCH5AZI987KZ6QGQ94GNNP0
• %Start Menu%\Programs\Accessories\Communications\IGC57ZY27Y8KT1P9DS73OBJG9
• %Start Menu%\Programs\Accessories\Communications\XJLAC7U2RTJI0YDOGBY869JJ8321G
• %Start Menu%\Programs\Accessories\Communications\GXMYENTEPJKJ2SD94U2VZXDSWPA8R069S
• %Start Menu%\Programs\Accessories\CX0JU1EH40Q
• %Start Menu%\Programs\Accessories\Entertainment\SOVO0S9PL70
• %Start Menu%\Programs\Accessories\Entertainment\5AIMUPWFV6DTKUBQZ5
• %Start Menu%\Programs\Accessories\Entertainment\2ZRW59U3AJWZX4TLE4
• %Start Menu%\Programs\Accessories\FDEURY9LC
• %Start Menu%\Programs\Accessories\System Tools\YREHLM8YH8
• %Start Menu%\Programs\Accessories\System Tools\0FJ0IBB2XJURUZJCZ
• %Start Menu%\Programs\Accessories\System Tools\I9BRPAPMI8S
• %Start Menu%\Programs\Accessories\System Tools\YZYWV2T28F2X4U7P
• %Start Menu%\Programs\Accessories\System Tools\RC7ZMJB0ZLPVHQG5XQUFR
• %Start Menu%\Programs\Accessories\System Tools\NMC94I379VALQTVE888IHF01PM06H4EM2XOY82
• %Start Menu%\Programs\Accessories\System Tools\GQLCWZL50T5J3H4VQM8
• %Start Menu%\Programs\Accessories\System Tools\XP8H1ROLQ0E35MVXYMO
• %Start Menu%\Programs\Accessories\System Tools\Q2HKTF6CH611II45NSW738
• %Start Menu%\Programs\Accessories\System Tools\60CXY71R6DBMKFV7VR
• %Start Menu%\Programs\Accessories\ZDLZQNJI6IY
• %Start Menu%\Programs\Administrative Tools\THU2Q41GXOLHAZDW3JCVO9
• %Start Menu%\Programs\Administrative Tools\C3VPKTZ026DHDUKHQ2GAHP3
• %Start Menu%\Programs\Administrative Tools\L6R5H1L6JJIZSNKRO8WPI14
• %Start Menu%\Programs\Administrative Tools\VINDEHYC0WE
• %Start Menu%\Programs\Administrative Tools\VINDEHYC0WEH7HJ1
• %Start Menu%\Programs\Administrative Tools\8W9B86LVAVSUI82PVR4FN7J19
• %Start Menu%\Programs\Administrative Tools\HZDQ5F69R7OCX11
• %Start Menu%\Programs\Administrative Tools\XX0VA61HGEYX
• %Start Menu%\Programs\RA9Y2VJF7KKULU19JI
• %Start Menu%\Programs\78W37NMNXRU
• %Start Menu%\Programs\Games\KMJ1UB1E7IF
• %Start Menu%\Programs\Games\0L5EZ34MWPPD
• %Start Menu%\Programs\Games\GB0J4VZTLW
• %Start Menu%\Programs\Games\M2OJR84JN1Z0Q8J9O8WZN6T
• %Start Menu%\Programs\Games\JZ611S3YUFI5UI8447ROB
• %Start Menu%\Programs\Games\WDSZOHHP3EVI51IKELC
• %Start Menu%\Programs\Games\S229Y0GCIRENHC7ETL74
• %Start Menu%\Programs\Games\MFJCQPY2AX1LU8GVJQ7
• %Start Menu%\Programs\Games\842PIMYZ01JGLKZ
• %Start Menu%\Programs\Games\I7YXFUJ5HEF
• %Start Menu%\Programs\Games\RIUDCBWB6RCGF
• %Start Menu%\Programs\Games\KVBG3RMAXXZDS37M47K6
• %Start Menu%\Programs\UY7N8ZZ
• %Common Startup%\NBGY0OHED7Q
• %Start Menu%\Programs\39335GLM2EZEUX67RQNTH
• %Start Menu%\Programs\NKYFLAWQ7157NHDMPJYSTXA
• %Start Menu%\Programs\WinPcap\GX7QLREPZZS405M3FPY9MEM8E2C
• %Start Menu%\Programs\WinPcap\GX7QLREPZZS405M3FPY9
• %Start Menu%\WVUVQJHWO61PAADXNPE8U9BY2YLHKREVRA7
• %Start Menu%\BKL1AOHTFIBK1UVUUHM
• %Start Menu%\RB7EFFD14PL430LO2G
• %User Profile%\Application Data\WEQ711BASIV
• %User Profile%\Internet Explorer\Z2WPPYEF81F
• %User Profile%\Internet Explorer\FSQUVQ9MY8O
• %User Profile%\Cookies\5XEIBKCOW
• %Application Data%\Microsoft\Media Player\HOO85PTYTQD0OMH8L225KHGQ
• %Application Data%\Microsoft\Windows Media\9.0\DL5QF9RM84W
• %Application Data%\Microsoft\Windows Media\9.0\QZSO2YE5IV9
• %User Profile%\Local Settings\PCFG1E8W5RC
• %User Profile%\History\VFXHN8651LM
• %User Profile%\History.IE5\1F372ZQZXB2
• %User Profile%\History.IE5\HEYCZRLEM
• %Temporary Internet Files%\Content.IE5\09RWHJQN\4VGIRWT3DUT
• %Temporary Internet Files%\Content.IE5\BVLBNMKH\KU3VWOOJ213
• %Temporary Internet Files%\Content.IE5\0N33FA66KBZ
• %Temporary Internet Files%\Content.IE5\9YZJCIRC1
• %Temporary Internet Files%\Content.IE5\ZDGZNKA5\JAVQ9R4IH00
• %Temporary Internet Files%\Content.IE5\ZSGKJKO6\Z0QVEQ8Y77A
• %Temporary Internet Files%\8BMBBZL4WK6
• %User Profile%\1OVE3F33NQ
• %User Profile%\IMIJ876ACX2TNF
• %User Profile%\SendTo\XGIZSTOYU77LRNROFMO03A4PZFIXEKM0FDAGEU0Y2
• %User Profile%\SendTo\XGIZSTOYU77LRNROFMO03A4PZFIXEKM0FD
• %User Profile%\SendTo\EF54XKJDKDH
• %User Profile%\SendTo\UDRH2CML9KQRVQGJVMJQRSB
• %Start Menu%\7REFP99CBJ4
• %Start Menu%\Programs\Accessories\Accessibility\A7JPMY4GRUN
• %Start Menu%\Programs\Accessories\Accessibility\Q5E2RQ7OH1W48
• %Start Menu%\Programs\Accessories\Accessibility\6417WH3V686P
• %Start Menu%\Programs\Accessories\Accessibility\CNX8BV7L7DEZZNGG73GLA9
• %Start Menu%\Programs\Accessories\Accessibility\TLJDGN3SXKOJ1T7AF2W
• %Start Menu%\Programs\Accessories\2WOSDVOZDXKUGM6KDG
• %Start Menu%\Programs\Accessories\V9XVDJ6X527
• %Start Menu%\Programs\Accessories\Entertainment\5CTBASJ3TF3
• %Start Menu%\Programs\Accessories\Entertainment\5CTBASJ3TF39GBFBSZ0FX11N
• %Start Menu%\Programs\Accessories\806LYPM81QN
• %Start Menu%\Programs\Accessories\14GWY5461WIMLPXBYXOK3JH66RIAIZEL
• %Start Menu%\Programs\Accessories\H3213XZEQ3R7NUV
• %Start Menu%\Programs\Accessories\D0CB6GY15HAD05D8DWZ
• %Start Menu%\Programs\Accessories\UQ7OB81HVOKX2A39LVEZ
• %Start Menu%\Programs\APTTG0WOCUT
• %Start Menu%\Programs\N3GRBPJ7MT7VFYCIB1EG0
• %User Startup%\GFPU3D15DZU
• %Start Menu%\Programs\WECZ85WL363DURCS1F2N0C6Z
• %User Profile%\Templates\MF3JA5LZHI
• %User Profile%\Templates\95LP1ALWZ
• %User Profile%\Templates\P38272G3P1
• %User Profile%\Templates\P38272G3P
• %User Profile%\Templates\I8H5YJY2O7NT
• %User Profile%\Templates\Y6CA4A19EDXE
• %User Profile%\Templates\Y6CA4A19EDX
• %User Profile%\Templates\Y6CA4A19ED
• %User Profile%\Templates\SJLCVZJ85JK
• %User Profile%\Templates\LVVNNF16WP69
• %User Profile%\Templates\1UISS7WEMWGT
• %User Profile%\Cookies\index.dat
• %Application Data%\XM4DHLHHTDU7WB9WWXEJ
• %Application Data%\Microsoft\Windows\UsrClass.dat
• %Application Data%\Microsoft\Windows\UsrClass.dat.LOG
• %User Profile%\Local Settings\DLRIMCDPIK4
• %User Profile%\History\QZEG91ZFSJH
• %User Profile%\History.IE5\QZEG91ZFSJH
• %User Profile%\History.IE5\index.dat
• %Temporary Internet Files%\Content.IE5\246FT6TD\7P0LETVNIQR
• %Temporary Internet Files%\Content.IE5\9STOYKO4\TFJZ6Y3K0T0
• %Temporary Internet Files%\Content.IE5\9DE43QYSQ0I
• %Temporary Internet Files%\Content.IE5\index.dat
• %Temporary Internet Files%\Content.IE5\NF72HY20\9DE43QYSQ0I
• %Temporary Internet Files%\Content.IE5\PHOM4UYK\PC098IT7F7R
• %Temporary Internet Files%\PC098IT7F7R
• %User Profile%\NTUSER.DAT
• %User Profile%\ntuser.dat.LOG
• %User Profile%\2QN637GQP6
• %User Profile%\Local Settings\FGWWPCW1M2L
• %User Profile%\History\B56FZVVO1G4
• %User Profile%\History.IE5\B56FZVVO1G4
• %Temporary Internet Files%\Content.IE5\09RWHJQN\OKSCUSH73FH
• %Temporary Internet Files%\Content.IE5\BVLBNMKH\4IFHZKDMSMZ
• %Temporary Internet Files%\Content.IE5\4IFHZKDMSMZ
• %Temporary Internet Files%\Content.IE5\ZDGZNKA5\4IFHZKDMSMZ
• %Temporary Internet Files%\Content.IE5\ZSGKJKO6\HW2FL9Z5UDC
• %Temporary Internet Files%\HW2FL9Z5UDC
• %User Profile%\ETJXWSYT9Q
• %User Profile%\Application Data\ETJXWSYT9QV
• %User Profile%\Internet Explorer\0A22FXYPZ25
• %User Profile%\Internet Explorer\H9P7KPTXP9E
• %User Profile%\Internet Explorer\6AFSNP9JVTK
• %User Profile%\Quick Launch\6N2LU5B3QHU
• %User Profile%\Quick Launch\6N2LU5B3QHUGEH1AGV8DDYH456T8YLLBWC2Q
• %User Profile%\Quick Launch\Z0CVMMT1HNHES5AR
• %User Profile%\MMC\Z0CVMM
• %User Profile%\Themes\VSQHAZE4PCOR
• %User Profile%\Cookies\BRLMFR9CE
• %Favorites%\RP8RLJCR3QF
• %Favorites%\Links\U5D99G8WJ0Y41AIDYHG
• %Favorites%\Links\7J07W5UFLZBHC10T
• %Favorites%\Links\7J07W5UFLZBHC10TGV0UI3E
• %Favorites%\Links\NHVC1WQMB6L2E6RMO
• %Favorites%\Links\NHVC1WQMB6L
• %Favorites%\GU4F1L8LAC8
• %Favorites%\XSRS6DB0ZJHKU0Q4L94TR2W
• %Application Data%\XSRS6DB0ZJHK
• %Application Data%\Microsoft\Internet Explorer\Z8W2V265829Z
• %Application Data%\Microsoft\Media Player\G7R70T9DX9IKWUYP9SZGSQQK
• %Application Data%\Microsoft\G7R70T9DX9IKWU
• %Application Data%\Microsoft\Windows Media\9.0\9J0ISIRBW75
• %User Profile%\Local Settings\MXNGF76UY6I
• %User Profile%\History\2W9LKZ99ODS
• %User Profile%\History.IE5\2W9LKZ99ODS
• %User Profile%\History.IE5\2W9LKZ99O
• %User Temp%\V0JNKFR0FI
• %User Temp%\V0JNKFR0FIFC
• %User Temp%\CZ5SP7MG4POX
• %User Temp%\SX05UYQNUWYI356QEH3B6
• %User Temp%\5CF3HVCE4VBVFWO6WVWTJ
• %User Temp%\YOO69CU5V16SSKXEM9WA3
• %User Temp%\KI1CZQOT82I8MW5QOBGLIOSVKY07
• %User Temp%\GFBMA9MGNF1EQ7UL4ABB76
• %User Temp%\WQTREHJG8JLCXCB87TAFO4ZL
• %User Temp%\29OS0UOX9GLMLJ2W7D3ELFXHJ1WJEM85B01O54RZ7HMJL22S
• %User Temp%\SJ7D3U4JFZZPAH185QYKU
• %User Temp%\XMQ5OO3S3T2KVWIQ7TAX1
• %User Temp%\QRZ8G5LI2ZPH8KRZP7BE
• %User Temp%\JGWBF249P1M0P8Q2AVU0GQUCECYZN2TN
• %User Temp%\2UWZ9Q3LMJF0SVXNYEYN96OS1YEDXUMH
• %User Temp%\LGWM3715S8G1MQW7L6T23UH0PRTSGE
• %User Temp%\0AOVMTJSAICLPYOEIV2H1H8MX6C
• %User Temp%\9YF3RQYQLSJO9RLA3R9235
• %User Temp%\VSK9H3Z7ZS3443TLEUT5IM
• %User Temp%\BQ7ENVVNOZDP68SFMU84Y
• %User Temp%\43GHEBDLF50NJW1W479LJ
• %User Temp%\E6KWBSYR4IW5YQ061DWSJ2C4V2OHS0RJDAFATC
• %User Temp%\NHG480BXLMTNLR0GRRC0
• %User Temp%\DJ7PB0RJR6
• %User Temp%\6VGSAP99QC
• %User Temp%\2OVDR2VCY100TRH9K74SKCNMRHP6HIJH3MYFAE2H28WFWB0V8IN9RZUKG2EGP2Z59JEDGX8AU4ZIJ8
• %User Temp%\EE53L7BNVONQ0AXAX48NYIS23PIFTOT6YAMWR1NS4UHBPMLIRLOXS5TX3ERA4BE1WFR5NHZQHK3JFFITU1
• %User Temp%\VDRGQZE3KVXB2FO353OE659SQDQ61HCUYCO970CPRPYYZSD55ACRTEIQ
• %User Temp%\H2ILAWES3776TZ6TCNOCJBXL3MW2XFA4JGH0RBFHOG7W5GDVDD0NQM5ZC0UA7KACOZR2LGCMCP91CPZ70OKEXNUNB9
• %User Temp%\ERR3KODFILQB52NOSNR17T38E76KB15WKBRZNIRIQZX5PKQX5QKP03HCI5NZ28KW51ZQEU3XOWQ0
• %User Temp%\Q5E1FDRYRC3OGT
• %User Temp%\Q5E1FDRYRC3OGT5BATCJCNQBFWIN6TBNTYADZ
• %User Temp%\7416K4VDHJL9IYW5ASSISAF12LREDM
• %User Temp%\KIN46T9WJIYLTHEKS7C054143B3H0ESB3MB4R
• %User Temp%\KIN46T9WJIYLTHEKS7C054143B3H0ESB3MB4
• %User Temp%\KIN46T9WJIYLTHEKS7C054143B3H0
• %User Temp%\0GA9CLCC8O76VM5M06SRDZQ1Q7C8F7B64GCP
• %User Temp%\QI1UETTPE
• %User Temp%\3WNR0I8GO
• %User Temp%\{835818DD-220C-4ABD-946E-0D8660B95E29}\3WNR0I8GO7RMNC
• %Temporary Internet Files%\Content.IE5\09RWHJQN\5KT2X7BL4QA2NTUWV9W
• %Temporary Internet Files%\Content.IE5\09RWHJQN\MAOF2YETMXKMPYLX29C2
• %Temporary Internet Files%\Content.IE5\09RWHJQN\FNXIUNWRLVEK
• %Temporary Internet Files%\Content.IE5\09RWHJQN\VLKNZFRZA2O
• %Temporary Internet Files%\Content.IE5\09RWHJQN\VLKNZFRZA2O450L8
• %Temporary Internet Files%\Content.IE5\BVLBNMKH\LNA72F8KHLU7
• %Temporary Internet Files%\Content.IE5\BVLBNMKH\1LXC76BS6S3
• %Temporary Internet Files%\Content.IE5\BVLBNMKH\UY6FZVTQXYQQ9RBU
• %Temporary Internet Files%\Content.IE5\BVLBNMKH\BWTS4NOYN50ABX9N35YM
• %Temporary Internet Files%\Content.IE5\BWTS4NOYN50
• %Temporary Internet Files%\Content.IE5\OBGQYCBPX
• %Temporary Internet Files%\Content.IE5\ZDGZNKA5\492V436WMBN8OLI4L
• %Temporary Internet Files%\Content.IE5\ZDGZNKA5\K0X01V9CBIWT
• %Temporary Internet Files%\Content.IE5\ZDGZNKA5\K0X01V9CBIW
• %Temporary Internet Files%\Content.IE5\ZDGZNKA5\XECYVKOVDHA51HRDBOZ
• %Temporary Internet Files%\Content.IE5\ZDGZNKA5\XECYVKOVDHA51HRDB
• %Temporary Internet Files%\Content.IE5\ZSGKJKO6\UBTG63MISV1
• %Temporary Internet Files%\Content.IE5\ZSGKJKO6\7PGDS091UMENGAR
• %Temporary Internet Files%\Content.IE5\ZSGKJKO6\7PGDS091UMENGARN12
• %Temporary Internet Files%\Content.IE5\ZSGKJKO6\NN3IYS4HKTO8IFHO8
• %Temporary Internet Files%\NN3IYS4HKTO
• %User Profile%\My Documents\01PGKHRZTS1
• %User Profile%\My Music\01PGKHRZTS1
• %User Profile%\My Music\G0CLP9M7JZA6W3Q5
• %User Profile%\My Pictures\G0CLP9M7JZA
• %User Profile%\My Pictures\WQZQV0QN85KI69HZ67I
• %User Profile%\94LOHP46A4
• %User Profile%\Recent\Q3G1MH8L0B7
• %User Profile%\SendTo\6136SH3TPIG1L2H9WL6XQCHIW0PEM8KMMMTHXI7B5
• %User Profile%\SendTo\JGP4M6QCRHUDWTZOERQNU63LWP1H80IDWH
• %User Profile%\SendTo\ZEC9RXLRGO3
• %User Profile%\SendTo\CSZ6EM8AQNHB9H8535RVNVF
• %User Profile%\SendTo\SRLBJE3QGUQVBMZZB46
• %Start Menu%\8H8OO66X518
• %Start Menu%\Programs\Accessories\Accessibility\LVVMBULG70L
• %Start Menu%\Programs\Accessories\Accessibility\2UHRGMOWW7VEQ
• %Start Menu%\Programs\Accessories\Accessibility\V6ZU8B6UO5HB
• %Start Menu%\Programs\Accessories\Accessibility\OJ8X8ROLNB49G0G6H2VZ1S
• %Start Menu%\Programs\Accessories\Accessibility\4HV25JR0CIETQ5F0H1A
• %Start Menu%\Programs\Accessories\L8IFABM82PNESA61
• %Start Menu%\Programs\Accessories\UJMMFR8EJ1KW845CM7
• %Start Menu%\Programs\Accessories\H840ZO8B9D2
• %Start Menu%\Programs\Accessories\Entertainment\XZR54G3JZKB
• %Start Menu%\Programs\Accessories\Entertainment\ADE2R5Q90BPPBCWIJ4E3GAJT
• %Start Menu%\Programs\Accessories\9Q0VYLJTV8R
• %Start Menu%\Programs\Accessories\22AYQA1SNEE7T0VDW16XAA5ZRXALK7T2
• %Start Menu%\Programs\Accessories\CD6DNIMY3QIP8T3
• %Start Menu%\Programs\Accessories\PRSB971PDPW2JKD2CL6
• %Start Menu%\Programs\Accessories\LGALKQ0CS3F8NU3XKK1C
• %Start Menu%\Programs\Administrative Tools\VR61P7LI98B
• %Start Menu%\Programs\O4F4GN3G0EY
• %Start Menu%\Programs\1I213CPZADB0Y3U4HAAQ2
• %Start Menu%\Programs\37X9LV0GLHILT9042MO
• %Start Menu%\Programs\DITHI4LM1UE39AZM0Z4K7
• %User Startup%\6V2KIK3K1S1
• %Start Menu%\Programs\MTPXNKYSQZBLO4ZWY5SS065H
• %User Profile%\Templates\GYYZF1GQH5
• %User Profile%\Templates\IMCA3QJVX
• %User Profile%\Templates\ZKYN9PE3NU
• %User Profile%\Templates\ZKYN9PE3N
• %User Profile%\Templates\SP8Q06W1E0LH
• %User Profile%\Templates\SP8Q06W1E0L
• %User Profile%\Templates\53UNVVJSGZ
• %User Profile%\Templates\EEQVS3WY54V
• %User Profile%\Templates\BB8D2UVLKIEH
• %System Root%\OPUBPJ
• %System Root%\4GHGUBDCB
• %System Root%\4GHGUBDCBO1F
• %System Root%\N2H3W
• %System Root%\pagefile.sys
• Documents and Settings\LocalService\Cookies\index.dat
• Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
• Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
• Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat
• Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat
• Documents and Settings\LocalService\NTUSER.DAT
• Documents and Settings\LocalService\ntuser.dat.LOG
• Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
• Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
• Documents and Settings\NetworkService\NTUSER.DAT
• Documents and Settings\NetworkService\ntuser.dat.LOG
• Documents and Settings\Wilbert\Local Settings\Application Data\Diagnostics\ha.bmp
• Documents and Settings\Wilbert\Local Settings\Application Data\Diagnostics\ha.bmp1
• Documents and Settings\Wilbert\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
• Documents and Settings\Wilbert\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
• Documents and Settings\Wilbert\NTUSER.DAT
• Documents and Settings\Wilbert\ntuser.dat.LOG
• pagefile.sys

(註：%System Root%フォルダは、標準設定では "C:" です。また、オペレーティングシステムが存在する場所です。. %User Profile% フォルダは、Windows 2000、XP および Server 2003 の場合、通常、"C:\Documents and Settings\＜ユーザ名＞"、Windows Vista および 7 の場合、"C:\Users\＜ユーザ名＞" です。. %Start Menu%フォルダは、Windows 2000、XP および Server 2003 の場合、通常、"C:\Windows\Start Menu" または "C:\Documents and Settings\＜ユーザ名＞\Start Menu"、Windows Vista および 7 の場合、"C:\Users\＜ユーザ名＞\AppData\Roaming\Microsoft\Windows\Start Menu" です。. %Common Startup%フォルダは、Windows 2000、XP および Server 2003 の場合、通常 "C:\Documents and Settings\All Users\Start Menu\Programs\Startup" です。. %Application Data%フォルダは、Windows 2000、XP および Server 2003 の場合、通常 "C:\Documents and Settings\＜ユーザ名＞\Local Settings\Application Data"、Windows Vista および 7 の場合、"C:\Users\＜ユーザ名＞\AppData\Roaming" です。. %Temporary Internet Files%フォルダは、Windows 2000、XP および Server 2003 の場合、通常、"C:\Documents and Settings\＜ユーザ名＞\Local Settings\Temporary Internet Files"、Windows Vista および 7 の場合、"C:\Users\＜ユーザ名＞\AppData\Local\Microsoft\Windows\Temporary Internet Files" です。. %User Startup%フォルダは、Windows 98 および ME の場合、通常、"C:\Windows\Profiles\＜ユーザ名＞\Start Menu\Programs\Startup"、Windows NT の場合、"C:\WINNT\Profiles\＜ユーザ名＞\Start Menu\Programs\Startup" および "C:\Documents and Settings\＜ユーザ名＞\Start Menu\Programs\Startup" です。. %Favorites%フォルダは、Windows 2000、XP および Server 2003 の場合、通常 "C:\Documents and Settings\＜ユーザ名＞\Favorites"、Windows Vista および 7 の場合、"C:\Users\＜ユーザ名＞\Favorites" です。. %User Temp%フォルダはWindowsの種類とインストール時の設定などにより異なります。標準設定では、Windows 2000、XP および Server 2003 の場合、"C:\Documents and Settings\＜ユーザー名＞\Local Settings\Temp"、Windows Vista および 7 の場合、"C:\Users\＜ユーザ名＞\AppData\Local\Temp" です。)

マルウェアは、以下のフォルダを削除します。

• %User Profile%\Replicate\Security
• %User Profile%\10.0\Replicate
• %User Profile%\Acrobat\10.0
• %User Profile%\Adobe\Acrobat
• %User Profile%\Setup\{AC76BA86-7AD7-1033-7B44-AA0000000001}
• %User Profile%\Adobe\Setup
• %User Profile%\Application Data\Adobe
• %User Profile%\DSS\MachineKeys
• %User Profile%\Crypto\DSS
• %User Profile%\RSA\MachineKeys
• %User Profile%\RSA\S-1-5-18
• %User Profile%\Microsoft\HTML Help
• %User Profile%\Microsoft\Media Index
• %User Profile%\Microsoft\Media Player
• %User Profile%\Connections\Cm
• %User Profile%\Connections\Pbk
• %User Profile%\Network\Connections
• %User Profile%\Microsoft\Network
• %User Profile%\User Account Pictures\Default Pictures
• %User Profile%\Microsoft\User Account Pictures
• %User Profile%\Application Data
• %User Profile%\My Music\My Playlists
• %User Profile%\My Music\Sample Music
• %User Profile%\Sample Playlists\0008044E
• %User Profile%\My Music\Sample Playlists
• %User Profile%\Documents\My Music
• %User Profile%\My Pictures\Sample Pictures
• %User Profile%\Documents\My Pictures
• %User Profile%\Documents\My Videos
• %User Profile%\Documents
• %User Profile%\DRM
• %Start Menu%\Programs\Accessories\Accessibility
• %Start Menu%\Programs\Accessories\Communications
• %Start Menu%\Programs\Accessories\Entertainment
• %Start Menu%\Programs\Accessories\System Tools
• %Start Menu%\Programs\Accessories
• %Start Menu%\Programs\Administrative Tools
• %Start Menu%\Programs\Games
• %Start Menu%\Programs\WinPcap
• %Start Menu%\Programs
• %User Profile%\Templates
• %System Root%\Documents and Settings\All Users
• %User Profile%\Microsoft\Internet Explorer
• %User Profile%\My\Certificates
• %User Profile%\My\CRLs
• %User Profile%\My\CTLs
• %User Profile%\SystemCertificates\My
• %User Profile%\Microsoft\SystemCertificates
• %User Profile%\Cookies
• %Application Data%\Microsoft\Media Player
• %Application Data%\Microsoft\Windows Media\9.0
• %Application Data%\Microsoft\Windows Media
• %Application Data%\Microsoft
• %User Profile%\History\History.IE5
• %User Profile%\Local Settings\History
• %Temporary Internet Files%\Content.IE5\09RWHJQN
• %Temporary Internet Files%\Content.IE5\BVLBNMKH
• %Temporary Internet Files%\Content.IE5\ZDGZNKA5
• %Temporary Internet Files%\Content.IE5\ZSGKJKO6
• %Temporary Internet Files%\Content.IE5
• %User Profile%\Local Settings
• %User Profile%\My Documents
• %User Profile%\NetHood
• %User Profile%\PrintHood
• %User Profile%\Recent
• %User Profile%\SendTo
• %System Root%\Documents and Settings\Default User
• %User Profile%\Credentials\S-1-5-19
• %User Profile%\Microsoft\Credentials
• %Application Data%\Microsoft\Credentials\S-1-5-19
• %Application Data%\Microsoft\Credentials
• %Application Data%\Microsoft\Windows
• %Temporary Internet Files%\Content.IE5\246FT6TD
• %Temporary Internet Files%\Content.IE5\9STOYKO4
• %Temporary Internet Files%\Content.IE5\NF72HY20
• %Temporary Internet Files%\Content.IE5\PHOM4UYK
• %System Root%\Documents and Settings\LocalService
• %User Profile%\Credentials\S-1-5-20
• %Application Data%\Microsoft\Credentials\S-1-5-20
• %System Root%\Documents and Settings\NetworkService
• %User Profile%\Identities\{8A24C031-62FE-4BF5-94F0-BFD4FBCD674B}
• %User Profile%\Application Data\Identities
• %User Profile%\Credentials\S-1-5-21-1645522239-1292428093-682003330-1003
• %User Profile%\Internet Explorer\Quick Launch
• %User Profile%\Microsoft\MMC
• %User Profile%\Windows\Themes
• %User Profile%\Microsoft\Windows
• %Favorites%\Links
• %Application Data%\Microsoft\CD Burning
• %Application Data%\Microsoft\Credentials\S-1-5-21-1645522239-1292428093-682003330-1003
• %Application Data%\Microsoft\Internet Explorer
• %User Temp%\Microsoft .NET Framework 4 Setup_4.0.30319
• %User Temp%\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.30319
• %User Temp%\{835818DD-220C-4ABD-946E-0D8660B95E29}
• %User Profile%\My Documents\My Music
• %User Profile%\My Documents\My Pictures
• %System Root%\Documents and Settings\Wilbert
• %System Root%\Documents and Settings
• %System Root%\System Volume Information
• Documents and Settings\All Users\Application Data
• Documents and Settings\All Users\Documents\My Music\Sample Music
• Documents and Settings\All Users\Documents\My Music
• Documents and Settings\All Users\Documents\My Pictures\Sample Pictures
• Documents and Settings\All Users\Documents\My Pictures
• Documents and Settings\All Users\Documents\My Videos
• Documents and Settings\All Users\Documents
• Documents and Settings\All Users\Start Menu\Programs\Accessories\Accessibility
• Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications
• Documents and Settings\All Users\Start Menu\Programs\Accessories\Entertainment
• Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools
• Documents and Settings\All Users\Start Menu\Programs\Accessories
• Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
• Documents and Settings\All Users\Start Menu\Programs\Games
• Documents and Settings\All Users\Start Menu\Programs\Startup
• Documents and Settings\All Users\Start Menu\Programs
• Documents and Settings\All Users\Start Menu
• Documents and Settings\All Users
• Documents and Settings\Default User\Application Data
• Documents and Settings\Default User\Local Settings
• Documents and Settings\Default User\SendTo
• Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility
• Documents and Settings\Default User\Start Menu\Programs\Accessories\Entertainment
• Documents and Settings\Default User\Start Menu\Programs\Accessories
• Documents and Settings\Default User\Start Menu\Programs\Startup
• Documents and Settings\Default User\Start Menu\Programs
• Documents and Settings\Default User\Start Menu
• Documents and Settings\Default User
• Documents and Settings\LocalService\Cookies
• Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows
• Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
• Documents and Settings\LocalService\Local Settings\Application Data
• Documents and Settings\LocalService\Local Settings\History\History.IE5
• Documents and Settings\LocalService\Local Settings\History
• Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5
• Documents and Settings\LocalService\Local Settings\Temporary Internet Files
• Documents and Settings\LocalService\Local Settings
• Documents and Settings\LocalService
• Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows
• Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
• Documents and Settings\NetworkService\Local Settings\Application Data
• Documents and Settings\NetworkService\Local Settings
• Documents and Settings\NetworkService
• Documents and Settings\Wilbert\Application Data\Microsoft\Internet Explorer\Quick Launch
• Documents and Settings\Wilbert\Application Data\Microsoft\Internet Explorer
• Documents and Settings\Wilbert\Application Data\Microsoft
• Documents and Settings\Wilbert\Application Data
• Documents and Settings\Wilbert\Favorites
• Documents and Settings\Wilbert\Local Settings\Application Data\Diagnostics
• Documents and Settings\Wilbert\Local Settings\Application Data\Microsoft\Windows
• Documents and Settings\Wilbert\Local Settings\Application Data\Microsoft
• Documents and Settings\Wilbert\Local Settings\Application Data
• Documents and Settings\Wilbert\Local Settings\Temp
• Documents and Settings\Wilbert\Local Settings
• Documents and Settings\Wilbert\My Documents\My Music
• Documents and Settings\Wilbert\My Documents\My Pictures
• Documents and Settings\Wilbert\My Documents
• Documents and Settings\Wilbert\Recent
• Documents and Settings\Wilbert\SendTo
• Documents and Settings\Wilbert\Start Menu\Programs\Accessories\Accessibility
• Documents and Settings\Wilbert\Start Menu\Programs\Accessories\Entertainment
• Documents and Settings\Wilbert\Start Menu\Programs\Accessories
• Documents and Settings\Wilbert\Start Menu\Programs\Administrative Tools
• Documents and Settings\Wilbert\Start Menu\Programs\Startup
• Documents and Settings\Wilbert\Start Menu\Programs
• Documents and Settings\Wilbert\Start Menu
• Documents and Settings\Wilbert
• Documents and Settings

(註：%User Profile% フォルダは、Windows 2000、XP および Server 2003 の場合、通常、"C:\Documents and Settings\＜ユーザ名＞"、Windows Vista および 7 の場合、"C:\Users\＜ユーザ名＞" です。. %Start Menu%フォルダは、Windows 2000、XP および Server 2003 の場合、通常、"C:\Windows\Start Menu" または "C:\Documents and Settings\＜ユーザ名＞\Start Menu"、Windows Vista および 7 の場合、"C:\Users\＜ユーザ名＞\AppData\Roaming\Microsoft\Windows\Start Menu" です。. %System Root%フォルダは、標準設定では "C:" です。また、オペレーティングシステムが存在する場所です。. %Application Data%フォルダは、Windows 2000、XP および Server 2003 の場合、通常 "C:\Documents and Settings\＜ユーザ名＞\Local Settings\Application Data"、Windows Vista および 7 の場合、"C:\Users\＜ユーザ名＞\AppData\Roaming" です。. %Temporary Internet Files%フォルダは、Windows 2000、XP および Server 2003 の場合、通常、"C:\Documents and Settings\＜ユーザ名＞\Local Settings\Temporary Internet Files"、Windows Vista および 7 の場合、"C:\Users\＜ユーザ名＞\AppData\Local\Microsoft\Windows\Temporary Internet Files" です。. %Favorites%フォルダは、Windows 2000、XP および Server 2003 の場合、通常 "C:\Documents and Settings\＜ユーザ名＞\Favorites"、Windows Vista および 7 の場合、"C:\Users\＜ユーザ名＞\Favorites" です。. %User Temp%フォルダはWindowsの種類とインストール時の設定などにより異なります。標準設定では、Windows 2000、XP および Server 2003 の場合、"C:\Documents and Settings\＜ユーザー名＞\Local Settings\Temp"、Windows Vista および 7 の場合、"C:\Users\＜ユーザ名＞\AppData\Local\Temp" です。)

作成活動

マルウェアは、以下のファイルを作成します。

• %Application Data%\Diagnostics\ha.bmp1
• %Application Data%\Diagnostics\ha.bmp
• %Application Data%\Diagnostics\smss.exe

(註：%Application Data%フォルダは、Windows 2000、XP および Server 2003 の場合、通常 "C:\Documents and Settings\＜ユーザ名＞\Local Settings\Application Data"、Windows Vista および 7 の場合、"C:\Users\＜ユーザ名＞\AppData\Roaming" です。)

その他

マルウェアは、以下の不正なWebサイトにアクセスします。

• {BLOCKED}7.39.29

このウイルス情報は、自動解析システムにより作成されました。