WORM_AUTORUN.GYF
プラットフォーム:
Windows 2000, Windows XP, Windows Server 2003
危険度:
ダメージ度:
感染力:
感染確認数:
マルウェアタイプ:
ワーム
破壊活動の有無:
なし
暗号化:
なし
感染報告の有無 :
はい
概要
ワームは、リムーバブルドライブを介してコンピュータに侵入します。 ワームは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。
ワームは、タスクマネージャやレジストリエディタ、フォルダオプションを無効にします。 ワームは、レジストリ値を変更し、システムファイルおよび読み取り専用属性のファイルを非表示にします。
ワームは、すべてのリムーバブルドライブ内に自身のコピーを作成します。 ワームは、ユーザが感染コンピュータ上のドライブへアクセスすると自身のコピーが自動実行するように、"AUTORUN.INF" を作成します。
ワームは、ユーザのInternet Explorer(IE)のスタートページを特定のWebサイトに変更します。これにより、特定のマルウェアを含むWebサイトが表示され、感染コンピュータは、さらなる脅威にさらされる恐れがあります。 ワームは、ユーザのInternet Explorer(IE)の検索ページを特定のWebサイトに変更します。これにより、特定のマルウェアを含むWebサイトが表示され、感染コンピュータは、さらなる脅威にさらされる恐れがあります。
ワームは、ユーザが特定のWebサイトにアクセスできないように、感染コンピュータのHOSTSファイルを改変します。
詳細
ファイルサイズ 66,560 bytes
タイプ EXE
メモリ常駐 はい
発見日 2011年11月3日
侵入方法
ワームは、リムーバブルドライブを介してコンピュータに侵入します。
ワームは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。
インストール
ワームは、感染したコンピュータ内に以下のように自身のコピーを作成します。
- %User Profile%\{Random Characters}\winlogon.exe
(註:%User Profile% フォルダは、Windows 98 および MEの場合、"C:\Windows\Profiles\<ユーザ名>"、Windows NTでは、"C:\WINNT\Profiles\<ユーザ名>"、Windows 2000, XP, Server 2003の場合は、"C:\Documents and Settings\<ユーザ名>" です。)
ワームは、以下のフォルダを作成します。
- %User Profile%\{Random Characters}
(註:%User Profile% フォルダは、Windows 98 および MEの場合、"C:\Windows\Profiles\<ユーザ名>"、Windows NTでは、"C:\WINNT\Profiles\<ユーザ名>"、Windows 2000, XP, Server 2003の場合は、"C:\Documents and Settings\<ユーザ名>" です。)
自動実行方法
ワームは、自身のコピーがWindows起動時に自動実行されるよう以下のレジストリ値を追加します。
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
{Random Characters} = "%User Profile%\{Random Characters}\winlogon.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
{Random Characters} = "%User Profile%\{Random Characters}\winlogon.exe"
他のシステム変更
ワームは、インストールの過程で、以下のレジストリ値を追加します。
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
Layers
%User Profile%\{Random Characters}\winlogon.exe = "RUNASADMIN"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Image File Execution Options\
{Application Name}
Debugger = ""%User Profile%\{Random Characters}\winlogon.exe""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows Script Host\Settings
Enabled = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\
Microsoft\WindowsFirewall\DomainProfile
EnableFirewall = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\
Microsoft\WindowsFirewall\StandardProfile
EnableFirewall = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\
Microsoft\Windows\WindowsUpdate\
AU
NoAutoRebootWithLoggedOnUsers = 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\SharedAccess\Parameters\
FirewallPolicy\DomainProfile
DisableNotifications = 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\SharedAccess\Parameters\
FirewallPolicy\DomainProfile
DoNotAllowExceptions = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\SharedAccess\Parameters\
FirewallPolicy\DomainProfile
EnableFirewall = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\SharedAccess\Parameters\
FirewallPolicy\StandardProfile
DisableNotifications = 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\SharedAccess\Parameters\
FirewallPolicy\StandardProfile
DoNotAllowExceptions = 0
HKEY_CURRENT_USER\Software\Microsoft\
Internet Explorer\Download
RunInvalidSignatures = 1
HKEY_CURRENT_USER\Software\Microsoft\
Internet Explorer\Main
Default_Search_URL = "http://25hpuq24qnn61t8.directorio-w.com"
HKEY_CURRENT_USER\Software\Microsoft\
Internet Explorer\Main
Default_Page_URL = "http://82c04i133wv5dz1.directorio-w.com"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Policies\
Associations
LowRiskFileTypes = ".exe"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Policies\
Explorer
NoRun = 1
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Policies\
Explorer
NoFile = 1
HKEY_CURRENT_USER\Software\Microsoft\
Windows NT\CurrentVersion\AppCompatFlags\
Layers
%User Profile%\{Random Characters}\winlogon.exe = "RUNASADMIN"
HKEY_CURRENT_USER\Software\Policies\
Microsoft\Internet Explorer\Control Panel
HomePage = 1
HKEY_CURRENT_USER\Software\Policies\
Microsoft\Windows\System
DisableCMD = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Security Center
UacDisableNotify = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Security Center
AntiSpyWareDisableNotify = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Security Center
AntiVirusDisableNotify = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Security Center
AntiVirusOverride = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Security Center
AutoUpdateDisableNotify = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Security Center
cval = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Security Center
FirewallDisableNotify = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Security Center
InternetSettingsDisableNotify = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Security Center\Monitoring
DisableMonitoring = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Security Center\Monitoring\SymantecAntiVirus
DisableMonitoring = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Security Center\Monitoring\SymantecFirewall
DisableMonitoring = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Security Center\Svc
AntiVirusDisableNotify = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Security Center\Svc
AntiVirusOverride = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Security Center\Svc
FirewallDisableNotify = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Security Center\Svc
FirewallOverride = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Security Center\Svc
FirstRunDisabled = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Security Center\Svc
UpdatesDisableNotify = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Security Center\Svc
UacDisableNotify = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Security Center\Svc
AntiSpywareOverride = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\policies\
Explorer
NoFolderOptions = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\policies\
system
ConsentPromptBehaviorAdmin = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\policies\
system
EnableLUA = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\policies\
system
PromptOnSecureDesktop = 1
ワームは、インストールの過程で以下のレジストリキーまたはレジストリ値を変更します。
HKEY_CLASSES_ROOT\ftp\shell\
open\command
(Default) = ""%Program Files%\Internet Explorer\iexplore.exe""
(註:変更前の上記レジストリ値は、「""%Program Files%\Internet Explorer\iexplore.exe" %1"」となります。)
HKEY_CLASSES_ROOT\http\shell\
open\command
(Default) = ""%Program Files%\Internet Explorer\iexplore.exe""
(註:変更前の上記レジストリ値は、「""%Program Files%\Internet Explorer\iexplore.exe" -nohome"」となります。)
HKEY_CLASSES_ROOT\https\shell\
open\command
(Default) = ""%Program Files%\Internet Explorer\iexplore.exe""
(註:変更前の上記レジストリ値は、「""%Program Files%\Internet Explorer\iexplore.exe" -nohome"」となります。)
HKEY_CURRENT_USER\Control Panel\Sound
Beep = "no"
(註:変更前の上記レジストリ値は、「"yes"」となります。)
HKEY_CURRENT_USER\Software\Microsoft\
Internet Explorer\Download
CheckExeSignatures = "no"
(註:変更前の上記レジストリ値は、「"yes"」となります。)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\wscsvc
Start = 4
(註:変更前の上記レジストリ値は、「2」となります。)
ワームは、以下のレジストリ値を追加し、タスクマネージャやレジストリエディタ、フォルダオプションを無効にします。
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Policies\
System
DisableRegistryTools = 1
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Policies\
System
DisableTaskMgr = 1
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Policies\
Explorer
NoFolderOptions = 1
ワームは、以下のレジストリ値を変更し、システムファイルおよび読み取り専用属性のファイルを非表示にします。
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer\
Advanced
Hidden = 2
(註:変更前の上記レジストリ値は、「1」となります。)
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer\
Advanced
HideFileExt = 3
(註:変更前の上記レジストリ値は、「0」となります。)
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer\
Advanced
ShowSuperHidden = 0
(註:変更前の上記レジストリ値は、「1」となります。)
ワームは、以下のレジストリ値を作成し、Windowsのファイアウォールを回避します。
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\SharedAccess\Parameters\
FirewallPolicy\StandardProfile\AuthorizedApplications\
List
%User Profile%\{Random Characters}\winlogon.exe = "%User Profile%\{Random Characters}\winlogon.exe:*:Enabled:@xpsp2res.dll,-7895004"
<アプリケーション名>には以下のいずれかが該当します。
- BullGuard.exe
- ChromeSetup.exe
- ComboFix.exe
- Diskmon.exe
- EHttpSrv.exe
- FPAVServer.exe
- Filemon.exe
- FirewallControlPanel.exe
- FirewallSettings.exe
- GenericRenosFix.exe
- GoogleToolbarInstaller_download_signed.exe
- HJTInstall.exe
- HelpPane.exe
- HiJackThis.exe
- HostsChk.exe
- IEDFix.exe
- MSASCui.exe
- Netscape.exe
- Opera_964_int_Setup.exe
- Process.exe
- Procmon.exe
- Regmon.exe
- Restart.exe
- Safari.exe
- SandboxieBITS.exe
- SandboxieCrypto.exe
- SandboxieDcomLaunch.exe
- SandboxieRpcSs.exe
- SandboxieWUAU.exe
- SbieCtrl.exe
- SbieSvc.exe
- SmitfraudFix.exe
- SrchSTS.exe
- UCCLSID.exe
- UI0Detect.exe
- UserAccountControlSettings.exe
- VACFix.exe
- WS2Fix.exe
- WerFault.exe
- _avp.exe
- _avp32.exe
- _avpcc.exe
- _avpm.exe
- _findviru.exe
- a2servic.exe
- ackwin32.exe
- acs.exe
- advxdwin.exe
- agentsvr.exe
- agentw.exe
- ahnsd.exe
- alerter.exe
- alertsvc.exe
- alogserv.exe
- amon.exe
- amon9x.exe
- anti-trojan.exe
- antigen.exe
- antivirus.exe
- ants.exe
- apimonitor.exe
- aplica32.exe
- apvxdwin.exe
- ashWebSv.exe
- atcon.exe
- atguard.exe
- atro55en.exe
- atupdater.exe
- atwatch.exe
- aupdate.exe
- autodown.exe
- autotrace.exe
- autoupdate.exe
- avcenter.exe
- avconfig.exe
- avconsol.exe
- ave32.exe
- avgcc32.exe
- avgctrl.exe
- avgemc.exe
- avgnt.exe
- avgserv.exe
- avgserv9.exe
- avguard.exe
- avgw.exe
- avkpop.exe
- avkserv.exe
- avkservice.exe
- avkwcl9.exe
- avkwctl9.exe
- avnotify.exe
- avnt.exe
- avp.exe
- avp32.exe
- avpcc.exe
- avpdos32.exe
- avpexec.exe
- avpinst.exe
- avpm.exe
- avpmon.exe
- avpnt.exe
- avptc32.exe
- avpupd.exe
- avrescue.exe
- avscanavshadow.exe
- avsched32.exe
- avsynmgr.exe
- avupgsvc.exe
- avwebloader.exe
- avwin95.exe
- avwinnt.exe
- avwsc.exe
- avwupd32.exe
- avxmonitor9x.exe
- avxmonitornt.exe
- avxquar.exe
- avxw.exe
- azonealarm.exe
- bd_professional.exe
- bidef.exe
- bidserver.exe
- bipcp.exe
- bipcpevalsetup.exe
- bisp.exe
- blackd.exe
- blackice.exe
- boot.exe
- bootwarn.exe
- borg2.exe
- bs120.exe
- callmsi.exe
- ccapp.exe
- ccevtmgr.exe
- cclaw.exe
- ccpxysvc.exe
- ccsetmgr.exe
- ccshtdwn.exe
- cdp.exe
- cfgwiz.exe
- cfiadmin.exe
- cfiaudit.exe
- cfind.exe
- cfinet.exe
- cfinet32.exe
- clamauto.exe
- claw95.exe
- claw95cf.exe
- claw95ct.exe
- clean.exe
- cleaner.exe
- cleaner3.exe
- cleanpc.exe
- cmd.exe
- cmgrdian.exe
- cmon016.exe
- connectionmonitor.exe
- cpd.exe
- cpdclnt.exe
- cpf.exe
- cpf9x206.exe
- cpfnt206.exe
- csinject.exe
- csinsm32.exe
- css1631.exe
- ctfmon.exe
- ctrl.exe
- cv.exe
- cwnb181.exe
- cwntdwmo.exe
- defalert.exe
- defscangui.exe
- defwatch.exe
- deputy.exe
- doors.exe
- dpf.exe
- drvins32.exe
- drwatson.exe
- drweb32.exe
- dumphive.exe
- dv95.exe
- dv95_o.exe
- dvp95.exe
- dvp95_0.exe
- earthagent.exe
- ecengine.exe
- ecls.exe
- ecmd.exe
- edi.exe
- efinet32.exe
- efpeadm.exe
- egui.exe
- ekrn.exe
- ent.exe
- esafe.exe
- escanh95.exe
- escanhnt.exe
- escanv95.exe
- espwatch.exe
- etrustcipe.exe
- evpn.exe
- ewido.exe
- exantivirus-cnet.exe
- exit.exe
- expert.exe
- explored.exe
- f-agnt95.exe
- f-prot.exe
- f-prot95.exe
- f-stopw.exe
- fa-setup.exe
- fact.exe
- fameh32.exe
- fast.exe
- fch32.exe
- fih32.exe
- findviru.exe
- firewall.exe
- fix-it.exe
- flowprotector.exe
- fnrb32.exe
- fp-win.exe
- fp-win_trial.exe
- fprot.exe
- fprot95.exe
- frw.exe
- fsaa.exe
- fsav.exe
- fsav32.exe
- fsav530stbyb.exe
- fsav530wtbyb.exe
- fsav95.exe
- fsave32.exe
- fsgk32.exe
- fslaunch.exe
- fsm32.exe
- fsma32.exe
- fsmb32.exe
- fssm32.exe
- fwenc.exe
- fwinstall.exe
- gbmenu.exe
- gbpoll.exe
- generics.exe
- gibe.exe
- gpedit.exe
- guard.exe
- guarddog.exe
- guardgui.exe
- guardhlp.exe
- hacktracersetup.exe
- hidec.exe
- htlog.exe
- hwpe.exe
- iamapp.exe
- iamserv.exe
- iamstats.exe
- ibmasn.exe
- ibmavsp.exe
- icload95.exe
- icloadnt.exe
- icmon.exe
- icmoon.exe
- icssuppnt.exe
- icsupp.exe
- icsupp95.exe
- icsuppnt.exe
- iface.exe
- ifw2000.exe
- iomon98.exe
- iparmor.exe
- iris.exe
- isrv95.exe
- jammer.exe
- jed.exe
- jedi.exe
- kav8.0.0.357es.exe
- kavlite40eng.exe
- kavpers40eng.exe
- kavsvc.exe
- kerio-pf-213-en-win.exe
- kerio-wrl-421-en-win.exe
- kerio-wrp-421-en-win.exe
- killprocesssetup161.exe
- kis8.0.0.506latam.exe
- kpf.exe
- kpfw32.exe
- ldnetmon.exe
- ldpro.exe
- ldpromenu.exe
- ldscan.exe
- licmgr.exe
- localnet.exe
- lockdown.exe
- lockdown2000.exe
- lookout.exe
- lsetup.exe
- luall.exe
- luau.exe
- lucomserver.exe
- luinit.exe
- luspt.exe
- mbam.exe
- mbamgui.exe
- mbamservice.exe
- mcagent.exe
- mcmnhdlr.exe
- mcshield.exe
- mctool.exe
- mcuimgr.exe
- mcupdate.exe
- mcvsrte.exe
- mcvsshld.exe
- mdll.exe
- mfw2en.exe
- mfweng3.02d30.exe
- mgavrtcl.exe
- mgavrte.exe
- mghtml.exe
- mgui.exe
- minilog.exe
- monitor.exe
- monsys32.exe
- monsysnt.exe
- monwow.exe
- moolive.exe
- mpfagent.exe
- mpfservice.exe
- mpftray.exe
- mrflux.exe
- msblast.exe
- msconfig.exe
- msinfo32.exe
- msn.exe
- mspatch.exe
- mssmmc32.exe
- mu0311ad.exe
- mwatch.exe
- mxtask.exe
- n32scan.exe
- n32scanw.exe
- nai_vs_stat.exe
- nav32_loader.exe
- nav80try.exe
- navap.exe
- navapsvc.exe
- navapw32.exe
- navauto-protect.exe
- navdx.exe
- naveng.exe
- navengnavex15.exe
- navex15.exe
- navlu32.exe
- navnt.exe
- navrunr.exe
- navsched.exe
- navstub.exe
- navw.exe
- navw32.exe
- navwnt.exe
- nc2000.exe
- ncinst4.exe
- nd98spst.exe
- ndd32.exe
- ndntspst.exe
- neomonitor.exe
- neowatchlog.exe
- netarmor.exe
- netcfg.exe
- netinfo.exe
- netmon.exe
- netscanpro.exe
- netspyhunter-1.2.exe
- netstat.exe
- netutils.exe
- nisserv.exe
- nisum.exe
- nmain.exe
- nod32.exe
- normist.exe
- norton_internet_secu_3.0_407.exe
- notstart.exe
- npf40_tw_98_nt_me_2k.exe
- npfmessenger.exe
- nprotect.exe
- npscheck.exe
- npssvc.exe
- nsched32.exe
- ntdetect.exe
- ntrtscan.exe
- ntxconfig.exe
- nui.exe
- nupdate.exe
- nupgrade.exe
- nvapsvc.exe
- nvarch16.exe
- nvc95.exe
- nvlaunch.exe
- nvsvc32.exe
- nwinst4.exe
- nwservice.exe
- nwtool16.exe
- offguard.exe
- ogrc.exe
- opera.exe
- ostronet.exe
- outpost.exe
- outpostinstall.exe
- outpostproinstall.exe
- padmin.exe
- panixk.exe
- pathping.exe
- pavcl.exe
- pavproxy.exe
- pavsched.exe
- pavw.exe
- pcc2002s902.exe
- pcc2k_76_1436.exe
- pccclient.exe
- pccguide.exe
- pcciomon.exe
- pccmain.exe
- pccntmon.exe
- pccpfw.exe
- pccwin97.exe
- pccwin98.exe
- pcdsetup.exe
- pcfwallicon.exe
- pcip10117_0.exe
- pcscan.exe
- pcscanpdsetup.exe
- penis32.exe
- periscope.exe
- persfw.exe
- perswf.exe
- pev.exe
- pf2.exe
- pfwadmin.exe
- ping.exe
- pingscan.exe
- platin.exe
- pop3trap.exe
- poproxy.exe
- popscan.exe
- portdetective.exe
- portmon.exe
- portmonitor.exe
- ppinupdt.exe
- pptbc.exe
- ppvstop.exe
- prckiller.exe
- processmonitor.exe
- procexp.exe
- procexplorerv1.0.exe
- programauditor.exe
- proport.exe
- protectx.exe
- pspf.exe
- purge.exe
- pview.exe
- pview95.exe
- qconsole.exe
- qserver.exe
- rapapp.exe
- rav.exe
- rav7.exe
- rav7win.exe
- rav8win32eng.exe
- realmon.exe
- regedit.exe
- regedt32.exe
- rescue.exe
- rescue32.exe
- route.exe
- routemon.exe
- rrguard.exe
- rshell.exe
- rstrui.exe
- rtvscn95.exe
- rulaunch.exe
- safeweb.exe
- sbserv.exe
- scan32.exe
- scan95.exe
- scanpm.exe
- sched.exe
- schedapp.exe
- scrscan.exe
- scvhosl.exe
- sd.exe
- sdclt.exe
- serv95.exe
- setup_flowprotector_us.exe
- setupvameeval.exe
- sgssfw32.exe
- sh.exe
- sharedaccess.exe
- shellspyinstall.exe
- shn.exe
- smc.exe
- sofi.exe
- spf.exe
- sphinx.exe
- spider.exe
- spysweeper.exe
- spyxx.exe
- srwatch.exe
- ss3edit.exe
- st2.exe
- supftrl.exe
- supporter5.exe
- sweep.exe
- sweep95.exe
- sweepnet.exe
- sweepsrv.sys.exe
- swnetsup.exe
- swreg.exe
- swsc.exe
- swxcacls.exe
- symproxysvc.exe
- symtray.exe
- sysdoc32.exe
- syshelp.exe
- taskkill.exe
- tasklist.exe
- taskmgr.exe
- taskmon.exe
- taumon.exe
- tauscan.exe
- tbscan.exe
- tc.exe
- tca.exe
- tcm.exe
- tcpsvs32.exe
- tds-3.exe
- tds2-98.exe
- tds2-nt.exe
- tds2.exe
- tfak.exe
- tfak5.exe
- tftpd.exe
- tgbob.exe
- titanin.exe
- titaninxp.exe
- tmlisten.exe
- tmntsrv.exe
- tracerpt.exe
- tracert.exe
- trjscan.exe
- trjsetup.exe
- trojantrap3.exe
- undoboot.exe
- unzip.exe
- update.exe
- vbcmserv.exe
- vbcons.exe
- vbust.exe
- vbwin9x.exe
- vbwinntw.exe
- vccmserv.exe
- vcleaner.exe
- vcontrol.exe
- vcsetup.exe
- vet32.exe
- vet95.exe
- vet98.exe
- vettray.exe
- vfsetup.exe
- vir-help.exe
- virusmdpersonalfirewall.exe
- vmsrvc.exe
- vnlan300.exe
- vnpc3000.exe
- vpc32.exe
- vpc42.exe
- vpcmap.exe
- vpfw30s.exe
- vptray.exe
- vscan.exe
- vscan40.exe
- vscenu6.02d30.exe
- vsched.exe
- vsecomr.exe
- vshwin32.exe
- vsisetup.exe
- vsmain.exe
- vsmon.exe
- vsscan40.exe
- vsstat.exe
- vswin9xe.exe
- vswinntse.exe
- vswinperse.exe
- vvstat.exe
- w32dsm89.exe
- w9x.exe
- watchdog.exe
- webscan.exe
- webscanx.exe
- webtrap.exe
- wfindv32.exe
- wgfe95.exe
- whoswatchingme.exe
- wimmun32.exe
- wingate.exe
- winhlpp32.exe
- wink.exe
- winmgm32.exe
- winppr32.exe
- winrecon.exe
- winroute.exe
- winservices.exe
- winsfcm.exe
- wmias.exe
- wmiav.exe
- wnt.exe
- wradmin.exe
- wrctrl.exe
- wsbgate.exe
- wuauclt.exe
- wyvernworksfirewall.exe
- xpf202en.exe
- xscan.exe
- zapro.exe
- zapsetup3001.exe
- zatutor.exe
- zatutorzauinst.exe
- zauinst.exe
- zlh.exe
- zonalarm.exe
- zonalm2601.exe
- zonealarm.exe
感染活動
ワームは、すべてのリムーバブルドライブ内に自身のコピーを作成します。
ワームは、ユーザが感染コンピュータ上のドライブへアクセスすると自身のコピーが自動実行するように、"AUTORUN.INF" を作成します。
上記INFファイルには、以下の文字列が含まれています。
;{Garbage Characters}
[autorun]
;{Garbage Characters}
open=Sl0zPz1458syhXV8z54flEE05yzL4uFQe3F\S-1-3-01-4631104401-7414418267-104546834-1055\uIaU3k3kzmh4Otjy73o.exe
;{Garbage Characters}
icon=%SystemRoot%\system32\SHELL32.dll,4
;{Garbage Characters}
action=Abrir la carpeta para ver los archivos
;{Garbage Characters}
shell\open=Open
;{Garbage Characters}
shell\open\command=Sl0zPz1458syhXV8z54flEE05yzL4uFQe3F\S-1-3-01-4631104401-7414418267-104546834-1055\uIaU3k3kzmh4Otjy73o.exe
;{Garbage Characters}
shell\open\default=1
;{Garbage Characters}
shell\open\default=1
;{Garbage Characters}
Webブラウザのホームページおよび検索ページの変更
ワームは、ユーザのIEのスタートページを以下のWebサイトに変更します。
- http://u1n15y543n9k6hp.directorio-w.com
- http://x4ndyy9498p1206.directorio-w.com
ワームは、ユーザのIEの検索ページを以下のWebサイトに変更します。
- http://5538d19dc60vfxv.directorio-w.com
HOSTSファイルの改変
ワームは、ユーザが以下のWebサイトにアクセスできないように、感染コンピュータのHOSTSファイルを改変します。
- {BLOCKED}8.247.79 www.pandasecurity.com
- {BLOCKED}8.247.79 go.mcafee.com
- {BLOCKED}.240.135 malwarecity.netmalwarecity.org
- {BLOCKED}.240.135 download4.emsisoft.com
- {BLOCKED}.240.135 www.antiy.net
- {BLOCKED}.240.135 45pounds.com
- {BLOCKED}3.155.0 www.esafe.com
- {BLOCKED}4.161.131 smbstore.trendmicro.com
- {BLOCKED}4.161.131 sophos.com
- {BLOCKED}6.250.109 www.globalhauri.com
- {BLOCKED}6.250.109 seasonsecurity.com
- {BLOCKED}3.83.127 www.npin.co.kr
- {BLOCKED}0.76.184 archive.bitdefender.com
- {BLOCKED}0.76.184 www.emsisoft.net
- {BLOCKED}0.76.184 lists.clamav.net
- {BLOCKED}0.76.184 fortinet.com
- {BLOCKED}0.76.184 natsko.com
- {BLOCKED}.165.41 www.iseclab.org
- {BLOCKED}8.179.236 chickensroamfree.com
- {BLOCKED}8.179.236 kaspersky.com
- {BLOCKED}9.253.180 antivirus.sunbeltsoftware.com
- {BLOCKED}9.253.180 go.trendmicro.com
- {BLOCKED}.100.232 download5.emsisoft.com
- {BLOCKED}.100.232 linux.bitdefender.com
- {BLOCKED}.100.232 ribbonwarehouse.com
- {BLOCKED}.100.232 www.ahnlab.com
- {BLOCKED}8.175.107 www.engyro.com
- {BLOCKED}.161.168 www.secure-elements.com
- {BLOCKED}.161.168 new-partners.drweb.com
- {BLOCKED}.1.21 kioskea.net
- {BLOCKED}.82.96 www.hxproduction.com
- {BLOCKED}.82.96 www.bitdefende.de
- {BLOCKED}.82.96 www.barder.com
- {BLOCKED}.82.96 www.ikarus.at
- {BLOCKED}.157.228 www.exchangeyourcareer.com
- {BLOCKED}0.253.148 network.drweb.com
- {BLOCKED}0.253.148 www.fortinet.ch
- {BLOCKED}1.4.92 www.trendmicro.com
- {BLOCKED}3.93.69 anubis.iseclab.org
- {BLOCKED}7.37 canada.karuna-shechen.org
- {BLOCKED}7.37 www.bitdefender.com.au
- {BLOCKED}7.37 www.professorbeyer.com
- {BLOCKED}7.37 www.norman.com
- {BLOCKED}7.37 buscafacil.com
- {BLOCKED}91.30 tecniservicioslys.com
- {BLOCKED}92.237 mop.pandasecurity.com
- {BLOCKED}92.237 nai.com
- {BLOCKED}106.150 virusfreezone.info
- {BLOCKED}187.157 cacomvip.ca.com
- {BLOCKED}194.33 jp.trendmicro.com
- {BLOCKED}194.33 www.freerav.com
- {BLOCKED}116.217 together.pctools.com
- {BLOCKED}116.217 www.mcafee.at
- {BLOCKED}109.85 www.antivirus-tools.com
- {BLOCKED}109.85 www.gokidding.com
- {BLOCKED}109.85 www.f-secure.com
- {BLOCKED}109.85 www.willsee.com
- {BLOCKED}102.22 fortinet.co.at
- {BLOCKED}102.22 drweb.com
- {BLOCKED}8.198 viruschief.com
- {BLOCKED}23.206 latin.bitdefender.com
- {BLOCKED}23.206 www.emsisoft.com
- {BLOCKED}23.206 www.mamutu.de
- {BLOCKED}23.206 www.smf.org
- {BLOCKED}8.149 cou85.com
- {BLOCKED}94.2 global.jiangmin.com
- {BLOCKED}94.2 secure.av-desk.com
- {BLOCKED}01.201 marian.symantec.com
- {BLOCKED}115.254 www.contentverification.com
- {BLOCKED}115.254 scan.anti-trojan.net
- {BLOCKED}115.254 buy.bitdefender.de
- {BLOCKED}115.254 rising-global.com
- {BLOCKED}115.254 www.2xlgames.com
- {BLOCKED}34.179 www.tecniservicioslys.com
- {BLOCKED}190.129 www.nprotect.com
- {BLOCKED}.16.43 configurarequipos.com
- {BLOCKED}30.50 usa.kaspersky.com
- {BLOCKED}30.50 drwebinside.com
- {BLOCKED}.37.182 housecall60.trendmicro.com
- {BLOCKED}.37.182 www.retento.com
- {BLOCKED}.207.46 www.bitdefender.fr
- {BLOCKED}.207.46 www.authentium.com
- {BLOCKED}.207.46 www.sophos.com
- {BLOCKED}.207.46 authentium.com
- {BLOCKED}.207.46 welkam.co.jp
- {BLOCKED}.214.177 reg.eset.es
- {BLOCKED}.200.170 updates.drweb.com
- {BLOCKED}.200.170 fortilog.com
- {BLOCKED}.40.91 www.jotti.org
- {BLOCKED}.122.166 www.cambridge-steiner-school.co.uk
- {BLOCKED}.122.166 www.sunbeltsoftware.com
- {BLOCKED}.122.166 asap.authentium.com
- {BLOCKED}.122.166 www.bitdefender.hk
- {BLOCKED}.122.166 avast.com
- {BLOCKED}.197.42 www.eugrantsadvisor.com
- {BLOCKED}36.219 products.drweb.com
- {BLOCKED}36.219 www.fortiid.com
- {BLOCKED}111.94 sun.symantec.com
- {BLOCKED}214.214 www.internationalservicecheck.com
- {BLOCKED}214.214 www.stadiumpage.com
- {BLOCKED}214.214 nl.bitdefender.com
- {BLOCKED}214.214 www.avg.com
- {BLOCKED}132.139 www.scan4you.net
- {BLOCKED}33.90 www.microsoft.com
- {BLOCKED}33.90 www.prevx1.com
- {BLOCKED}.115.4 www.softfaq.com
- {BLOCKED}128.11 support.drweb.com
- {BLOCKED}128.11 www.virus.fi
- {BLOCKED}135.142 search.symantec.com
- {BLOCKED}.43.131 www.ca.com
- {BLOCKED}.124.138 networkassociates.com
- {BLOCKED}.124.138 biz.nprotect.com
- {BLOCKED}50.195 www.rising-global.com
- {BLOCKED}50.195 www.bitdefender.es
- {BLOCKED}50.195 bobbondart.com
- {BLOCKED}50.195 ruben.bzin.net
- {BLOCKED}50.195 antiy.net
- {BLOCKED}.207.52 esecurity.livecall.co.kr
- {BLOCKED}.207.52 ibusca.me
- {BLOCKED}.227.190 go.symantec.com
- {BLOCKED}.32.59 www.flairweddings.co.uk
- {BLOCKED}.32.59 www.comodoantispam.com
- {BLOCKED}.32.59 bitdefender.org
- {BLOCKED}.32.59 kaspersky.com
- {BLOCKED}.32.59 mamutu.com
- {BLOCKED}.210.55 firewall.sunbeltsoftware.com
- {BLOCKED}.210.55 shop.trendmicro.com
- {BLOCKED}.135.179 support.mcafee.com
- {BLOCKED}.135.179 www.aks.com
- {BLOCKED}.56.107 neunet.orgnews.bitdefender.com
- {BLOCKED}.56.107 www.hackshields.com
- {BLOCKED}.56.107 roysephotos.com
- {BLOCKED}.56.107 www.avast.com
- {BLOCKED}.231.32 static.yoreparo.com
- {BLOCKED}131.239 eugrantsadvisor.de
- {BLOCKED}.213.220 www.mygeekside.com
- {BLOCKED}227.159 company.drweb.com
- {BLOCKED}227.159 www.fortinet.com
- {BLOCKED}46.103 www.sunbeltsoftware.com
- {BLOCKED}46.103 store.trendmicro.com
- {BLOCKED}.209.24 training.drweb.com
- {BLOCKED}.209.24 arwww.fortinet.cz
- {BLOCKED}148.155 us.bitdefender.com
- {BLOCKED}148.155 www.aladdin.com
- {BLOCKED}148.155 www.owen.org
- {BLOCKED}148.155 pvtc.org
- {BLOCKED}223.31 15660808.co.kr
- {BLOCKED}.49.201 www.threatexpert.com
- {BLOCKED}.69.83 education.symantec.com
- {BLOCKED}.131.20 www.anti-trojan-software.net
- {BLOCKED}.131.20 ixostore.ixomodels.com
- {BLOCKED}.131.20 backup.comodo.com
- {BLOCKED}.131.20 bitdefender.com
- {BLOCKED}.131.20 jiangmin.com
- {BLOCKED}.52.203 vos.symantec.com
- {BLOCKED}.233.72 internetsecurity.comodo.com
- {BLOCKED}.233.72 frisk-software.com
- {BLOCKED}.223.68 onlinecheck.emsisoft.com
- {BLOCKED}.223.68 bitdefenderusa.com
- {BLOCKED}.223.68 pandasecurity.com
- {BLOCKED}.223.68 www.trustix.com
- {BLOCKED}.223.68 bestofewan.com
- {BLOCKED}.73.249 virusbuster.hu
- {BLOCKED}.229.199 exchangeyourcareer.net
- {BLOCKED}9.120 www.fortinet.com
- {BLOCKED}9.120 store.drweb.com
- {BLOCKED}56.113 scanner.novirusthanks.org
- {BLOCKED}144.252 eval.symantec.com
- {BLOCKED}144.252 www.vba.com.by
- {BLOCKED}.52.240 forum.kaspersky.com
- {BLOCKED}.52.240 daniloff.net
- {BLOCKED}247.48 www.nottinghampoetryseries.com
- {BLOCKED}247.48 avx.rob-have.net
- {BLOCKED}247.48 www.emsisoft.it
- {BLOCKED}247.48 bugs.clamav.net
- {BLOCKED}247.48 gdata.es
- {BLOCKED}65.247 eos.eset.es
- {BLOCKED}.148.161 spycheck.es
- {BLOCKED}.196 www.pichincha.com
- {BLOCKED}.196 pichincha.com
- {BLOCKED}.229.236 www.deborahshelton.net
- {BLOCKED}.229.236 www.bitdefender.de
- {BLOCKED}.229.236 elblogdemanu.com
- {BLOCKED}.229.236 www.prevx.com
- {BLOCKED}.229.236 antivir.es
- {BLOCKED}168.44 www4.symantec.com
- {BLOCKED}.150.164 esupport.trendmicro.com
- {BLOCKED}.150.164 superboy2010.com.au
- {BLOCKED}.144.33 i-vault.comodo.com
- {BLOCKED}.144.33 www.f-prot.com
- {BLOCKED}.65.216 www.bitdefender-es.com
- {BLOCKED}.65.216 www.wellgousa.com
- {BLOCKED}.65.216 www.jiangmin.com
- {BLOCKED}.65.216 www.antivir.es
- {BLOCKED}.239.209 www.virusbuster.hu
- {BLOCKED}.239.209 www.inicioid.com
- {BLOCKED}.72.160 spywarefiles.prevx.com
- {BLOCKED}.72.160 privacy.microsoft.com
- {BLOCKED}.242.212 enterprisesecur.symantec.com
- {BLOCKED}.242.212 bg.virusblokada.com
- {BLOCKED}.168.13 fsecure.nlwebyard.com
- {BLOCKED}.168.13 www.nsclean.com
- {BLOCKED}154.74 www.virus.org
- {BLOCKED}150.201 www.kaspersky.com
- {BLOCKED}150.201 www.freedrweb.ru
- {BLOCKED}.89.9 futurenow.bitdefender.com
- {BLOCKED}.89.9 onlinecheck.emsisoft.net
- {BLOCKED}.89.9 online-backup.comodo.com
- {BLOCKED}.89.9 trackingtheworld.com
- {BLOCKED}.89.9 symantec.com
- {BLOCKED}64.140 cybercrime.pandasecurity.com
- {BLOCKED}64.140 jp.mcafee.com
- {BLOCKED}246.54 intranet.cidiroax.ipn.mx
- {BLOCKED}78.193 servicenews.symantec.com
- {BLOCKED}72.129 www.testmypcsecurity.com
- {BLOCKED}72.129 www.reviewsofbooks.com
- {BLOCKED}72.129 it.bitdefender.com
- {BLOCKED}72.129 hacksoft.com.pe
- {BLOCKED}72.129 blitzblank.com
- {BLOCKED}.249.125 support.rising-global.com
- {BLOCKED}.249.125 itw.trendmicro.com
- {BLOCKED}.242.181 me.kaspersky.com
- {BLOCKED}.242.181 ealaddin.net
- {BLOCKED}.82.102 www.spycheck.co.uk
- {BLOCKED}.163.177 www.malwarecity.com
- {BLOCKED}.163.177 www.mtr-design.com
- {BLOCKED}.163.177 www.trendmicro.com
- {BLOCKED}.163.177 quickheal.com
- {BLOCKED}.163.177 www.avast.com
- {BLOCKED}.170.53 fsc.norman.com
- {BLOCKED}.85.105 ru.trendmicro.com
- {BLOCKED}.85.105 kr.sophos.com
- {BLOCKED}.10.229 new-solutions.drweb.com
- {BLOCKED}.10.229 jiangmin.com
- {BLOCKED}52.222 virus.org
- {BLOCKED}249.94 customers.drweb.com
- {BLOCKED}249.94 www.fortinet.co.il
- {BLOCKED}.255.225 onlinecheck.emsisoft.org
- {BLOCKED}.255.225 sunbeltsoftware.com
- {BLOCKED}.255.225 fr.bitdefender.com
- {BLOCKED}.255.225 basetendencies.com
- {BLOCKED}.255.225 www.comodo.tv
- {BLOCKED}.6.101 schemas.microsoft.com
- {BLOCKED}88.15 iseclab.org
- {BLOCKED}177.153 www.rising-global.com
- {BLOCKED}177.153 de.trendmicro.com
- {BLOCKED}170.90 www.latin-mass-society.org
- {BLOCKED}170.90 store.bitdefender.com
- {BLOCKED}170.90 pineleafboys.com
- {BLOCKED}170.90 www.comodo.com
- {BLOCKED}.85.142 vms.drweb.com
- {BLOCKED}.85.142 fortinet.com
- {BLOCKED}91.18 hostedmailsecur.symantec.com
- {BLOCKED}.180.63 www.viruschief.com
- {BLOCKED}.6.70 www.1stavenuelimousines.co.uk
- {BLOCKED}.6.70 www.bitdefenderme.com
- {BLOCKED}.6.70 www.hacksoft.com.pe
- {BLOCKED}.6.70 bitdefender.com
- {BLOCKED}.6.70 avast.com
- {BLOCKED}.13.13 nprotect.seoul.go.kr
- {BLOCKED}.13.13 mx.mcafee.com
- {BLOCKED}.95.183 virobot.co.kr
- {BLOCKED}.95.183 inicioid.com
- {BLOCKED}.183.66 tms.symantec.com
- {BLOCKED}.176.190 www.ealaddin.com
- {BLOCKED}.98.118 sarahmcconnellphotography.net
- {BLOCKED}.98.118 malwarescan.emsisoft.com
- {BLOCKED}.98.118 lurker.clamav.net
- {BLOCKED}.98.118 www.grisoft.com
- {BLOCKED}.98.118 f-prot.com
- {BLOCKED}.105.250 www.eugrantsadvisor.ie
- {BLOCKED}187.231 www.configurarequipos.com
- {BLOCKED}187.231 company.hauri.net
- {BLOCKED}.19.114 ushousecall02.trendmicro.com
- {BLOCKED}.19.114 antispam.sunbeltsoftware.com
- {BLOCKED}12.238 square.bitdefender.com
- {BLOCKED}12.238 www.indielisboa.com
- {BLOCKED}12.238 www.beautybar.com
- {BLOCKED}12.238 www.clamav.net
- {BLOCKED}190.234 antispyware.sunbeltsoftware.com
- {BLOCKED}190.234 subwiz.trendmicro.com
- {BLOCKED}183.35 www.fortinet.sg
- {BLOCKED}183.35 free.drweb.com
- {BLOCKED}23.211 in.answers.yahoo.com
- {BLOCKED}.179.162 liveprotect.net
- {BLOCKED}.179.162 au.mcafee.com
- {BLOCKED}104.31 www.fortinet.com
- {BLOCKED}104.31 defalcos.com
- {BLOCKED}104.31 halmapr.com
- {BLOCKED}104.31 www.avx.ro
- {BLOCKED}.5.76 es.answers.yahoo.com
- {BLOCKED}.19.83 www.ealaddin.com
- {BLOCKED}.19.83 home.mcafee.com
- {BLOCKED}26.26 www.hacksoft.pe
- {BLOCKED}.196.79 renewals.bitdefender.com
- {BLOCKED}.196.79 www.elvis-express.com
- {BLOCKED}.196.79 www.bitdefender.com
- {BLOCKED}.196.79 www.irangoals.com
- {BLOCKED}.203.210 pandasecurity.com
- {BLOCKED}.203.210 obscgi.mcafee.com
- {BLOCKED}.111.199 de.bitdefender.com
- {BLOCKED}.111.199 www.trojaner.info
- {BLOCKED}.111.199 idauthority.com
- {BLOCKED}.111.199 kimzimmer.net
- {BLOCKED}.111.199 sophos.com
- {BLOCKED}.29.124 www.novirusthanks.org
- {BLOCKED}.118.7 oem.sunbeltsoftware.com
- {BLOCKED}.118.7 trial.trendmicro.com
- {BLOCKED}00.127 et.symantec.com
- {BLOCKED}00.127 www.hauri.co.kr
- {BLOCKED}.39.2 us.mcafee.com
- {BLOCKED}.39.2 nprotect.net
- {BLOCKED}25.251 www.fortinet.nl
- {BLOCKED}25.251 cureit.ru
- {BLOCKED}121.172 www.forospyware.com
- {BLOCKED}22.123 vicentevirtual.com
- {BLOCKED}203.247 bitdefenderchina.com
- {BLOCKED}203.247 easy-vpn.comodo.com
- {BLOCKED}203.247 www.fimasys.com
- {BLOCKED}203.247 www.emsisoft.es
- {BLOCKED}203.247 mcafee.com
- {BLOCKED}7.104.36 www.computing.net
- {BLOCKED}.124.175 hacksoft.pe
- {BLOCKED}.117.44 new-forum.drweb.com
- {BLOCKED}.117.44 www.ikarus.at
- {BLOCKED}2.39.227 www.manchester-offices.co.uk
- {BLOCKED}2.39.227 hishomeforchildren.com
- {BLOCKED}2.39.227 www.bitdefender.co.uk
- {BLOCKED}2.39.227 www.microsoft.com
- {BLOCKED}2.39.227 buscalo.in
- {BLOCKED}3.114.171 eugrantsadvisor.cz
- {BLOCKED}5.21.92 www.phoenixtrikeworks.com
- {BLOCKED}5.21.92 www.bitdefender.com
- {BLOCKED}5.21.92 saverssite.com
- {BLOCKED}5.21.92 www.buscalo.in
- {BLOCKED}5.21.92 www.eset.es
- {BLOCKED}1.196.85 novirusthanks.org
- {BLOCKED}0.216.223 emea.trendmicro.com
- {BLOCKED}124.212 pda.drweb.com
- {BLOCKED}124.212 fortihero.com
- {BLOCKED}7.137.151 shop.pandasecurity.com
- {BLOCKED}7.137.151 service.mcafee.com
- {BLOCKED}4.199.88 investor.symantec.com
- {BLOCKED}4.199.88 www.hauri.net
- {BLOCKED}.220.65 jotti.org
- {BLOCKED}.45.140 ccslaughterspdx.com
- {BLOCKED}.45.140 kb.bitdefender.de
- {BLOCKED}.45.140 www.mamutu.com
- {BLOCKED}.45.140 hauri.net
- {BLOCKED}3.120.15 soporte.pandasecurity.com
- {BLOCKED}3.120.15 br.mcafee.com
- {BLOCKED}4.202.253 computing.net
- {BLOCKED}.35.136 dell.symantec.com
- {BLOCKED}.216.192 www.comodopartners.com
- {BLOCKED}.216.192 www.frisk.is
- {BLOCKED}.137.188 www.brightoctober.com
- {BLOCKED}.137.188 www.iniciorapido.info
- {BLOCKED}.137.188 www.bitdefender.cl
- {BLOCKED}.137.188 www.dr-bull.com
- {BLOCKED}.137.188 www.mcafee.com
- {BLOCKED}0.212.64 webadmin.norman.no
- {BLOCKED}3.120.52 www.emsisoft.com
- {BLOCKED}3.120.52 www.clamav.net
- {BLOCKED}3.120.52 www.avg.com
- {BLOCKED}3.120.52 aladdin.com
- {BLOCKED}3.120.52 etrr.co.uk
- {BLOCKED}9.38.233 softfaq.com
- {BLOCKED}.59.116 beta.anti-virus.by
- {BLOCKED}.59.116 symantec.com
- {BLOCKED}8.222.105 support.kaspersky.co
- {BLOCKED}8.222.105 drweb-inside.com
- {BLOCKED}5.236.112 cloudprotection.pandasecurity.com
- {BLOCKED}5.236.112 cn.mcafee.com
- {BLOCKED}1.41.48 training.trendmicro.com
- {BLOCKED}1.41.48 go.sunbeltsoftware.com
- {BLOCKED}3.62.26 www.spycheck.es
- {BLOCKED}0.218.232 www.xmlsoap.org
- {BLOCKED}7.212.101 kb.bitdefender.com
- {BLOCKED}7.212.101 www.renningers.com
- {BLOCKED}7.212.101 www.emsisoft.jp
- {BLOCKED}7.212.101 anti-virus.by
- {BLOCKED}1.45.146 forospyware.com
- {BLOCKED}6.133.28 es.trendmicro.com
- {BLOCKED}6.133.28 www.sophos.com
- {BLOCKED}.58.153 www.apsecure.com
- {BLOCKED}.58.153 my.drweb.com
- {BLOCKED}5.54.24 register.norman.com
- {BLOCKED}.236.81 www.authentium.com
- {BLOCKED}.236.81 isotopecomics.com
- {BLOCKED}.236.81 global.ahnlab.com
- {BLOCKED}.236.81 malwarepedia.com
- {BLOCKED}0.218.13 www.peterhearnwaste.co.uk
- {BLOCKED}0.218.13 www.virusbuster.hu
- {BLOCKED}0.218.13 www.quickheal.com
- {BLOCKED}0.218.13 drweb.com
- {BLOCKED}0.218.13 avg.com
- {BLOCKED}6.137.194 scan4you.net
- {BLOCKED}.157.77 www.symantec.com
- {BLOCKED}6.65.65 www.safenet-inc.com
- {BLOCKED}2.146.5 siren24.nprotect.com
- {BLOCKED}9.140.197 visualtracking.symantec.com
- {BLOCKED}0.229.242 removetrojanvirus.org
- {BLOCKED}0.229.242 hauri.co.kr
- {BLOCKED}8.61.193 grv.microsoft.com
- {BLOCKED}4.54.249 b-have.orgbitdefender-ar.com
- {BLOCKED}4.54.249 system-cleaner.comodo.com
- {BLOCKED}4.54.249 www.sheffieldmind.co.uk
- {BLOCKED}4.54.249 www.emsisoft.de
- {BLOCKED}4.54.249 ikarus.at
- {BLOCKED}3.231.245 channelpartner.trendmicro.com
- {BLOCKED}3.231.245 shop.sunbeltsoftware.com
- {BLOCKED}0.157.46 news.drweb.com
- {BLOCKED}0.157.46 fortiwifi.com
- {BLOCKED}2.153.173 www.eugrantsadvisor.de
- {BLOCKED}78.41 www.malwarecity.fr
- {BLOCKED}78.41 www.anti-virus.by
- {BLOCKED}78.41 dev.depeuter.org
- {BLOCKED}78.41 files.avast.com
- {BLOCKED}78.41 clamav.net
- {BLOCKED}7.61.162 blog.titanium-jewelry.com
- {BLOCKED}7.61.162 www.bitdefender.be
- {BLOCKED}7.61.162 iniciorapido.info
- {BLOCKED}7.61.162 www.kaspersky.com
- {BLOCKED}7.61.162 www.buraka.tv
- {BLOCKED}.67.37 smallbiz.symantec.com
- {BLOCKED}3.235.87 es.kioskea.net
- {BLOCKED}3.231.214 www.hasp.se
- {BLOCKED}6.238.158 us.trendmicro.com
- {BLOCKED}.245.221 encarta.msn.com
- {BLOCKED}8.71.135 www.seasonsecurity.com
- {BLOCKED}8.71.135 shop.hauri.co.kr
- {BLOCKED}5.159.86 free.pandasecurity.com
- {BLOCKED}5.159.86 mcafeeb2b.com
- {BLOCKED}2.153.210 www.mountainlakeslodge.com
- {BLOCKED}2.153.210 store.de.bitdefender.com
- {BLOCKED}2.153.210 www.drweb.com
- {BLOCKED}2.153.210 www.arpia.be
- {BLOCKED}1.74.138 feeds.trendmicro.com
- {BLOCKED}1.74.138 sunbeltsoftware.com
- {BLOCKED}8.255.6 www.ccssforum.org
- {BLOCKED}8.255.6 cai.com
- {BLOCKED}9.251.134 networkassociates.nai.com
- {BLOCKED}9.251.134 chollian.nprotect.co.kr
- {BLOCKED}6.244.2 www.livepcsupport.com
- {BLOCKED}6.244.2 bitdefendertaiwan.com
- {BLOCKED}6.244.2 vivo-austin.com
- {BLOCKED}6.244.2 www.emsisoft.fr
- {BLOCKED}6.244.2 norman.com
- {BLOCKED}.91.54 auwww.ealaddin.nl
- {BLOCKED}5.166.186 service1.symantec.com
- {BLOCKED}5.166.186 www.anti-virus.by
- {BLOCKED}.77.47 www.kioskea.net
- {BLOCKED}.74.175 www.jiangmin.com.cn
- {BLOCKED}.74.175 new-www.drweb.com
- {BLOCKED}4.87.182 descargas.eset.es
- {BLOCKED}.80.50 housecall65.trendmicro.com
- {BLOCKED}5.169.96 www.virusfreezone.info
- {BLOCKED}2.2.46 blogs.protegerse.com
- {BLOCKED}9.251.103 www.residentphotography.com
- {BLOCKED}9.251.103 www.bitdefender.com.tw
- {BLOCKED}9.251.103 www.pandasecurity.com
- {BLOCKED}9.251.103 www.imddomains.co.uk
- {BLOCKED}9.251.103 emsisoft.com
- {BLOCKED}8.172.99 www.risingav.com.au
- {BLOCKED}8.172.99 it.trendmicro.com
- {BLOCKED}5.166.223 www.fortinetuk.com
- {BLOCKED}5.166.223 info.drweb.com
- {BLOCKED}7.94.94 info.prevx.com
- {BLOCKED}7.94.94 it.mcafee.com
- {BLOCKED}4.87.151 bitdefendermalaysia.com
- {BLOCKED}4.87.151 ww.emsisoft.com
- {BLOCKED}4.87.151 ztl.comodo.com
- {BLOCKED}4.87.151 qqjkw.net
- {BLOCKED}4.87.151 eset.es
- {BLOCKED}.176.8 scanner.virus.org
- {BLOCKED}2.8.147 housecall.trendmicro.com
- {BLOCKED}9.189.203 f-secure.frf-secure.hk
- {BLOCKED}9.189.203 timestamp.wosign.com
- {BLOCKED}.172.67 f-secure.nlfsecure.com
- {BLOCKED}.172.67 rover800.gaima.co.uk
- {BLOCKED}.179.11 securitycheck.symantec.com
- {BLOCKED}1.186.75 demos.eset.es
- {BLOCKED}2.12.244 virustotal.com
- {BLOCKED}6.93.63 www.secondchanceboxer.com
- {BLOCKED}6.93.63 www.bitdefender.com.sg
- {BLOCKED}6.93.63 developmentdrums.org
- {BLOCKED}6.93.63 www.buscafacil.com
- {BLOCKED}6.93.63 www.nprotect.com
- {BLOCKED}.168.195 www.nprotect.co.kr
- {BLOCKED}5.15.59 sfdoccentral.symantec.com
- {BLOCKED}2.8.116 latam.kaspersky.com
- {BLOCKED}2.8.116 alladdin.ru
- {BLOCKED}4.192.243 mcafeeretail.com
- {BLOCKED}4.192.243 www.prevx.com
- {BLOCKED}1.185.112 www.authentium.com.au
- {BLOCKED}1.185.112 www.bitdefender.us
- {BLOCKED}1.185.112 naturesimages.net
- {BLOCKED}1.185.112 www.symantec.com
- {BLOCKED}1.185.112 avg.com
- {BLOCKED}.18.157 spycheck.co.uk
- {BLOCKED}0.107.39 la.trendmicro.com
- {BLOCKED}0.107.39 cn.sophos.com
- {BLOCKED}7.32.164 secure-email.comodo.com
- {BLOCKED}7.32.164 f-secure.com
- {BLOCKED}2.14.28 www.fortinet-apac.com
- {BLOCKED}2.14.28 promotions.drweb.com
- {BLOCKED}.89.160 uk.trendmicro.com
- {BLOCKED}.89.160 tw.sophos.com
- {BLOCKED}8.28.35 specs.xmlsoap.org
- {BLOCKED}8.28.35 howsafeismypc.com
- {BLOCKED}.192.24 www.tomorrowsedge.net
- {BLOCKED}.192.24 sales.bitdefender.com
- {BLOCKED}.192.24 www.quickheal.com
- {BLOCKED}.192.24 ixomodels.com
- {BLOCKED}.110.205 www.avhide.com
- {BLOCKED}.11.156 global.nprotect.com
- {BLOCKED}.106.76 brazil.kaspersky.com
- {BLOCKED}.106.76 aladdin.com
- {BLOCKED}.113.208 sitedirector.symantec.com
- {BLOCKED}8.28.4 malwarescan.emsisoft.es
- {BLOCKED}8.28.4 www.briarhurst.com
- {BLOCKED}8.28.4 kb.bitdefender.us
- {BLOCKED}8.28.4 virusbuster.hu
- {BLOCKED}.103.204 www.nprotect.com.br
- {BLOCKED}.103.204 tr.mcafee.com
- {BLOCKED}8.117.117 company.hauri.co.kr
- {BLOCKED}8.117.117 busco.in
- {BLOCKED}7.205.0 tw.trendmicro.com
- {BLOCKED}7.205.0 esp.sophos.com
- {BLOCKED}4.198.57 www.aladdin.com
- {BLOCKED}4.198.57 msr.mcafee.com
- {BLOCKED}8.105.79 scotiaenlinea.scotiabank.com.pe
- {BLOCKED}8.105.79 www.bbvabancocontinental.com
- {BLOCKED}8.105.79 www.peb1.bbvanetlatam.com
- {BLOCKED}8.105.79 bcpzonasegura.viabcp.com
- {BLOCKED}8.105.79 bbvabancocontinental.com
- {BLOCKED}8.105.79 zonasegura1.bn.com.pe
- {BLOCKED}8.105.79 www.scotiabank.com.pe
- {BLOCKED}8.105.79 peb1.bbvanetlatam.com
- {BLOCKED}8.105.79 scotiabank.com.pe
- {BLOCKED}8.105.79 www.viabcp.com
- {BLOCKED}8.105.79 www.bn.com.pe
- {BLOCKED}8.105.79 viabcp.com
- {BLOCKED}8.105.79 bn.com.pe
- {BLOCKED}0.113.245 new-support.drweb.com
- {BLOCKED}0.113.245 www.fortimail.com
- {BLOCKED}1.188.120 threatinfo.trendmicro.com
- {BLOCKED}1.188.120 security.symantec.com
- {BLOCKED}6.127.184 sandbox.norman.com
- {BLOCKED}.34.173 www.anti-trojan.net
- {BLOCKED}.34.173 www.avoncourt.com
- {BLOCKED}.34.173 cgi.clamav.net
- {BLOCKED}.34.173 grisoft.com
- {BLOCKED}.34.173 ca.com
- {BLOCKED}.209.98 avhide.com
- {BLOCKED}109.116 www.eset.es
- {BLOCKED}.205.225 license.drweb.com
- {BLOCKED}.205.225 www.fortinet.net
- {BLOCKED}.24.169 liveupdate.symantec.com
- {BLOCKED}.201.96 www.eugrantsadvisor.se
- {BLOCKED}.126.221 baristamagazine.com
- {BLOCKED}.126.221 wedoantivirus.com
- {BLOCKED}.126.221 www.f-prot.com
- {BLOCKED}.126.221 www.zarya.info
- {BLOCKED}5.27.10 mall.hauri.co.kr
- {BLOCKED}5.27.10 www.ibusca.me
- {BLOCKED}4.48.149 www.hacksoft.com.pe
- {BLOCKED}1.41.17 www.fortifed.com
- {BLOCKED}1.41.17 buy.drweb.com
- {BLOCKED}7.211.138 timestamp.comodoca.com
- {BLOCKED}7.211.138 www.frisk-software.com
- {BLOCKED}8.30.81 fr.trendmicro.com
- {BLOCKED}8.30.81 www.symantec.com
- {BLOCKED}3.225.145 support.pandasecurity.com
- {BLOCKED}3.225.145 uk.mcafee.com
- {BLOCKED}.51.58 scanner2.novirusthanks.or
- {BLOCKED}133.133 speedtest.comodo.com
- {BLOCKED}133.133 buy.bitdefender.com
- {BLOCKED}133.133 www.emsisoft.org
- {BLOCKED}133.133 cowsmo.com
- {BLOCKED}133.133 prevx.com
- {BLOCKED}7.208.9 pandalabs.pandasecurity.com
- {BLOCKED}7.208.9 de.mcafee.com
- {BLOCKED}1.47.186 www3.safenet-inc.com
- {BLOCKED}.122.61 definitions.symantec.com
- {BLOCKED}.122.61 www.bg.virusblokada.com
- {BLOCKED}.143.107 www.removetrojanvirus.org
- {BLOCKED}.143.107 pg.hauri.net
- {BLOCKED}.43.57 reg-int.nod32-es.com
- {BLOCKED}.225.114 www.prdouglas.co.uk
- {BLOCKED}.225.114 virusscanonline.net
- {BLOCKED}.225.114 bhsbees.com
- {BLOCKED}.225.114 www.ca.com
- {BLOCKED}4.126.227 antivirus.hispavista.com
- {BLOCKED}.139.234 new-company.drweb.com
- {BLOCKED}.139.234 www.gdata.es
- {BLOCKED}.146.109 live.sunbeltsoftware.com
- {BLOCKED}.146.109 wtc.trendmicro.com
- {BLOCKED}4.54.98 new-beta.drweb.com
- {BLOCKED}4.54.98 ikarus.at
- {BLOCKED}5.129.230 br.trendmicro.com
- {BLOCKED}5.129.230 feeds.sophos.com
- {BLOCKED}.135.105 research.pandasecurity.com
- {BLOCKED}.135.105 fr.mcafee.com
- {BLOCKED}1.43.26 www.handwritingforkids.com
- {BLOCKED}1.43.26 disk-encryption.comodo.com
- {BLOCKED}1.43.26 onlinecheck.emsisoft.de
- {BLOCKED}1.43.26 buy.bitdefender-es.com
- {BLOCKED}1.43.26 pctools.com
- {BLOCKED}7.218.19 mygeekside.com
- {BLOCKED}4.50.226 schemas.xmlsoap.org
- {BLOCKED}4.50.226 shield.prevx.com
- {BLOCKED}9.146.146 new-estore.drweb.com
- {BLOCKED}9.146.146 www.fsecure.com
- {BLOCKED}0.221.22 blog.trendmicro.com
- {BLOCKED}.242.255 www.virscan.org
- {BLOCKED}9.142.206 pedidos.protegerse.com
- {BLOCKED}.67.74 www.collectedcurios.com
- {BLOCKED}.67.74 jobs.bitdefender.com
- {BLOCKED}.67.74 www.emsisoft.at
- {BLOCKED}.67.74 trendmicro.com
- {BLOCKED}.224.120 virusscan.jotti.org
- {BLOCKED}.56.70 sea.symantec.com
- {BLOCKED}238.127 drweb.net
- {BLOCKED}238.127 gdata.es
- {BLOCKED}1.220.247 www.mcafee.com
- {BLOCKED}1.220.247 secureme.com
- {BLOCKED}.234.254 nprobeta.norman.com
- {BLOCKED}.159.122 bitdefenderuruguay.com
- {BLOCKED}.159.122 www.freeality.com
- {BLOCKED}.159.122 www.whichssl.com
- {BLOCKED}.159.122 www.emsisoft.nl
- {BLOCKED}.159.122 nprotect.com
- {BLOCKED}0.142.243 www.emeraldclassic.co.uk
- {BLOCKED}0.142.243 download535.avast.com
- {BLOCKED}0.142.243 quickheal.com
- {BLOCKED}0.142.243 www.hauri.net
- {BLOCKED}0.142.243 comodo.com
- {BLOCKED}1.148.118 spywaredlls.prevx.com
- {BLOCKED}1.148.118 tempuri.org
- {BLOCKED}4.60.168 www.midescargas.com
- {BLOCKED}6.244.39 www.contentverification.com
- {BLOCKED}6.244.39 www.f-secure.com
- {BLOCKED}7.63.171 podcasts.sophos.com
- {BLOCKED}7.63.171 apac.trendmicro.com
- {BLOCKED}84.216 virscan.org
- {BLOCKED}6.240.167 www.sysinternals.com
- {BLOCKED}3.234.35 www.bitdefender.com.vn
- {BLOCKED}3.234.35 woottonfootball.com
- {BLOCKED}3.234.35 www.pctools.com
- {BLOCKED}3.234.35 cutlines.org
- {BLOCKED}3.234.35 ahnlab.com
- {BLOCKED}.67.80 threatexpert.com
- {BLOCKED}1.80.87 solutions.drweb.com
- {BLOCKED}1.80.87 fortiprotect.com
- {BLOCKED}155.219 securityrespons.symantec.com
- {BLOCKED}.76.215 free.prevx.com
- {BLOCKED}.76.215 tw.mcafee.com
- {BLOCKED}.1.15 download1.emsisoft.com
- {BLOCKED}.1.15 www.garryowen.com
- {BLOCKED}.1.15 malwarecity.com
- {BLOCKED}.1.15 www.antivir.es
- {BLOCKED}.63.208 ealaddin.orgeshop.aladdin.com
- {BLOCKED}.63.208 images.kaspersky.com
- {BLOCKED}3.158.128 midescargas.com
- {BLOCKED}9.174.144 antivirus-tools.com
- {BLOCKED}9.174.144 forum.emsisoft.com
- {BLOCKED}9.174.144 www.ixomodels.com
- {BLOCKED}9.174.144 wwws.clamav.net
- {BLOCKED}9.174.144 f-secure.com
- {BLOCKED}0.181.20 timeforyourbusi.pandasecurity.com
- {BLOCKED}0.181.20 www.entercept.com
- {BLOCKED}9.7.190 www.virustotal.com
- {BLOCKED}5.21.197 www.netegrity.com
- {BLOCKED}6.96.72 edm.symantec.com
- {BLOCKED}5.17.68 research.microsoft.com
- {BLOCKED}.4.61 search.ca.com
- {BLOCKED}2.10.125 bitdefenderguatemala.com
- {BLOCKED}2.10.125 malwarescan.emsisoft.de
- {BLOCKED}2.10.125 www.trustlogo.com
- {BLOCKED}2.10.125 microsoft.com
- {BLOCKED}2.10.125 cohartuk.com
- {BLOCKED}.99.238 haurijapan.com
- {BLOCKED}.99.238 www.busco.in
- {BLOCKED}.181.57 www.celticmerchant.com
- {BLOCKED}.181.57 www.bit-defender.de
- {BLOCKED}.181.57 karuna-shechen.org
- {BLOCKED}.181.57 www.gdata.es
- {BLOCKED}.0.188 www.norman.com
- {BLOCKED}8.102.241 securityrespons.symantec.com
- {BLOCKED}8.102.241 newsletters.trendmicro.com
- {BLOCKED}.95.109 www.av-desk.com
- {BLOCKED}.95.109 jiangmin.com.cn
対応方法
対応検索エンジン: 9.200
初回 VSAPI パターンバージョン 8.544.04
初回 VSAPI パターンリリース日 2011年11月3日
手順 1
Windows XP および Windows Server 2003 のユーザは、コンピュータからマルウェアもしくはアドウェア等を完全に削除するために、ウイルス検索の実行前には必ず「システムの復元」を無効にしてください。
手順 2
「WORM_AUTORUN.GYF」で検出したファイル名を確認し、そのファイルを終了します。
[ 詳細 ]
- 検出ファイルが、Windows のタスクマネージャに表示されるものの、削除できない場合があります。この場合、コンピュータをセーフモードで再起動してください。
セーフモードについては、こちらをご参照下さい。 - 検出ファイルがタスクマネージャ上で表示されない場合、次の手順にお進みください。
手順 3
このレジストリ値を削除します。
[ 詳細 ]
警告:レジストリはWindowsの構成情報が格納されているデータベースであり、レジストリの編集内容に問題があると、システムが正常に動作しなくなる場合があります。
レジストリの編集はお客様の責任で行っていただくようお願いいたします。弊社ではレジストリの編集による如何なる問題に対しても補償いたしかねます。
レジストリの編集前にこちらをご参照ください。
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- {Random Characters} = "%User Profile%\{Random Characters}\winlogon.exe"
- {Random Characters} = "%User Profile%\{Random Characters}\winlogon.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- {Random Characters} = "%User Profile%\{Random Characters}\winlogon.exe"
- {Random Characters} = "%User Profile%\{Random Characters}\winlogon.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
- %User Profile%\{Random Characters}\winlogon.exe = "RUNASADMIN"
- %User Profile%\{Random Characters}\winlogon.exe = "RUNASADMIN"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\{Application Name}
- Debugger = ""%User Profile%\{Random Characters}\winlogon.exe""
- Debugger = ""%User Profile%\{Random Characters}\winlogon.exe""
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings
- Enabled = "0"
- Enabled = "0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile
- EnableFirewall = 0
- EnableFirewall = 0
- In HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile
- EnableFirewall = 0
- EnableFirewall = 0
- In HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
- NoAutoRebootWithLoggedOnUsers = 1
- NoAutoRebootWithLoggedOnUsers = 1
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
- DisableNotifications = 1
- DisableNotifications = 1
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
- DoNotAllowExceptions = 0
- DoNotAllowExceptions = 0
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
- EnableFirewall = 0
- EnableFirewall = 0
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
- DisableNotifications = 1
- DisableNotifications = 1
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
- DoNotAllowExceptions = 0
- DoNotAllowExceptions = 0
- In HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download
- RunInvalidSignatures = 1
- RunInvalidSignatures = 1
- In HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
- Default_Search_URL = "http://25hpuq24qnn61t8.directorio-w.com"
- Default_Search_URL = "http://25hpuq24qnn61t8.directorio-w.com"
- In HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
- Default_Page_URL = "http://82c04i133wv5dz1.directorio-w.com"
- Default_Page_URL = "http://82c04i133wv5dz1.directorio-w.com"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
- LowRiskFileTypes = ".exe"
- LowRiskFileTypes = ".exe"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
- NoRun = 1
- NoRun = 1
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
- NoFile = 1
- NoFile = 1
- In HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
- %User Profile%\{Random Characters}\winlogon.exe = "RUNASADMIN"
- %User Profile%\{Random Characters}\winlogon.exe = "RUNASADMIN"
- In HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel
- HomePage = 1
- HomePage = 1
- In HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
- DisableCMD = 1
- DisableCMD = 1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
- UacDisableNotify = 1
- UacDisableNotify = 1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
- AntiSpyWareDisableNotify = 1
- AntiSpyWareDisableNotify = 1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
- AntiVirusDisableNotify = 1
- AntiVirusDisableNotify = 1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
- AntiVirusOverride = 0
- AntiVirusOverride = 0
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
- AutoUpdateDisableNotify = 1
- AutoUpdateDisableNotify = 1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
- cval = 1
- cval = 1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
- FirewallDisableNotify = 1
- FirewallDisableNotify = 1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
- InternetSettingsDisableNotify = 1
- InternetSettingsDisableNotify = 1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring
- DisableMonitoring = 1
- DisableMonitoring = 1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus
- DisableMonitoring = 1
- DisableMonitoring = 1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall
- DisableMonitoring = 1
- DisableMonitoring = 1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc
- AntiVirusDisableNotify = 1
- AntiVirusDisableNotify = 1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc
- AntiVirusOverride = 0
- AntiVirusOverride = 0
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc
- FirewallDisableNotify = 1
- FirewallDisableNotify = 1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc
- FirewallOverride = 0
- FirewallOverride = 0
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc
- FirstRunDisabled = 1
- FirstRunDisabled = 1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc
- UpdatesDisableNotify = 1
- UpdatesDisableNotify = 1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc
- UacDisableNotify = 1
- UacDisableNotify = 1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc
- AntiSpywareOverride = 0
- AntiSpywareOverride = 0
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- NoFolderOptions = 1
- NoFolderOptions = 1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
- ConsentPromptBehaviorAdmin = 0
- ConsentPromptBehaviorAdmin = 0
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
- EnableLUA = 0
- EnableLUA = 0
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
- PromptOnSecureDesktop = 1
- PromptOnSecureDesktop = 1
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
- DisableRegistryTools = 1
- DisableRegistryTools = 1
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
- DisableTaskMgr = 1
- DisableTaskMgr = 1
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
- NoFolderOptions = 1
- NoFolderOptions = 1
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
- %User Profile%\{Random Characters}\winlogon.exe = "%User Profile%\{Random Characters}\winlogon.exe:*:Enabled:@xpsp2res.dll,-7895004"
- %User Profile%\{Random Characters}\winlogon.exe = "%User Profile%\{Random Characters}\winlogon.exe:*:Enabled:@xpsp2res.dll,-7895004"
手順 4
変更されたレジストリ値を修正します。
[ 詳細 ]
警告:レジストリはWindowsの構成情報が格納されているデータベースであり、レジストリの編集内容に問題があると、システムが正常に動作しなくなる場合があります。
レジストリの編集はお客様の責任で行っていただくようお願いいたします。弊社ではレジストリの編集による如何なる問題に対しても補償いたしかねます。
レジストリの編集前にこちらをご参照ください。
- In HKEY_CLASSES_ROOT\ftp\shell\open\command
- From: (Default) = ""%Program Files%\Internet Explorer\iexplore.exe""
To: (Default) = ""%Program Files%\Internet Explorer\iexplore.exe" %1"
- From: (Default) = ""%Program Files%\Internet Explorer\iexplore.exe""
- In HKEY_CLASSES_ROOT\http\shell\open\command
- From: (Default) = ""%Program Files%\Internet Explorer\iexplore.exe""
To: (Default) = ""%Program Files%\Internet Explorer\iexplore.exe" -nohome"
- From: (Default) = ""%Program Files%\Internet Explorer\iexplore.exe""
- In HKEY_CLASSES_ROOT\https\shell\open\command
- From: (Default) = ""%Program Files%\Internet Explorer\iexplore.exe""
To: (Default) = ""%Program Files%\Internet Explorer\iexplore.exe" -nohome"
- From: (Default) = ""%Program Files%\Internet Explorer\iexplore.exe""
- In HKEY_CURRENT_USER\Control Panel\Sound
- From: Beep = "no"
To: Beep = "yes"
- From: Beep = "no"
- In HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download
- From: CheckExeSignatures = "no"
To: CheckExeSignatures = "yes"
- From: CheckExeSignatures = "no"
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc
- From: Start = 4
To: Start = 2
- From: Start = 4
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
- From: Hidden = 2
To: Hidden = 1
- From: Hidden = 2
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
- From: HideFileExt = 3
To: HideFileExt = 0
- From: HideFileExt = 3
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
- From: ShowSuperHidden = 0
To: ShowSuperHidden = 1
- From: ShowSuperHidden = 0
手順 5
「WORM_AUTORUN.GYF」が作成した AUTORUN.INF を検索し削除します。このファイルには、以下の文字列が含まれています。
[ 詳細 ]
;{Garbage Characters}
[autorun]
;{Garbage Characters}
open=Sl0zPz1458syhXV8z54flEE05yzL4uFQe3F\S-1-3-01-4631104401-7414418267-104546834-1055\uIaU3k3kzmh4Otjy73o.exe
;{Garbage Characters}
icon=%SystemRoot%\system32\SHELL32.dll,4
;{Garbage Characters}
action=Abrir la carpeta para ver los archivos
;{Garbage Characters}
shell\open=Open
;{Garbage Characters}
shell\open\command=Sl0zPz1458syhXV8z54flEE05yzL4uFQe3F\S-1-3-01-4631104401-7414418267-104546834-1055\uIaU3k3kzmh4Otjy73o.exe
;{Garbage Characters}
shell\open\default=1
;{Garbage Characters}
shell\open\default=1
;{Garbage Characters}
手順 6
以下のフォルダを検索し削除します。
[ 詳細 ]
フォルダが隠しフォルダ属性に設定されている場合があります。[詳細設定オプション]をクリックし、[隠しファイルとフォルダの検索]のチェックボックスをオンにし、検索結果に隠しファイルとフォルダが含まれるようにしてください。 %User Profile%\{Random Characters}手順 7
不正プログラム/グレイウェア/スパイウェアがHOSTSファイルに追加した文字列を削除します。
[ 詳細 ]
{BLOCKED}7.37 canada.karuna-shechen.org
{BLOCKED}7.37 www.bitdefender.com.au
{BLOCKED}7.37 www.professorbeyer.com
{BLOCKED}7.37 www.norman.com
{BLOCKED}7.37 buscafacil.com
{BLOCKED}91.30 tecniservicioslys.com
{BLOCKED}92.237 mop.pandasecurity.com
{BLOCKED}92.237 nai.com
{BLOCKED}106.150 virusfreezone.info
{BLOCKED}187.157 cacomvip.ca.com
{BLOCKED}194.33 jp.trendmicro.com
{BLOCKED}194.33 www.freerav.com
{BLOCKED}116.217 together.pctools.com
{BLOCKED}116.217 www.mcafee.at
{BLOCKED}109.85 www.antivirus-tools.com
{BLOCKED}109.85 www.gokidding.com
{BLOCKED}109.85 www.f-secure.com
{BLOCKED}109.85 www.willsee.com
{BLOCKED}102.22 fortinet.co.at
{BLOCKED}102.22 drweb.com
{BLOCKED}8.198 viruschief.com
{BLOCKED}23.206 latin.bitdefender.com
{BLOCKED}23.206 www.emsisoft.com
{BLOCKED}23.206 www.mamutu.de
{BLOCKED}23.206 www.smf.org
{BLOCKED}8.149 cou85.com
{BLOCKED}94.2 global.jiangmin.com
{BLOCKED}94.2 secure.av-desk.com
{BLOCKED}01.201 marian.symantec.com
{BLOCKED}115.254 www.contentverification.com
{BLOCKED}115.254 scan.anti-trojan.net
{BLOCKED}115.254 buy.bitdefender.de
{BLOCKED}115.254 rising-global.com
{BLOCKED}115.254 www.2xlgames.com
{BLOCKED}34.179 www.tecniservicioslys.com
{BLOCKED}190.129 www.nprotect.com
{BLOCKED}.16.43 configurarequipos.com
{BLOCKED}30.50 usa.kaspersky.com
{BLOCKED}30.50 drwebinside.com
{BLOCKED}.37.182 housecall60.trendmicro.com
{BLOCKED}.37.182 www.retento.com
{BLOCKED}.207.46 www.bitdefender.fr
{BLOCKED}.207.46 www.authentium.com
{BLOCKED}.207.46 www.sophos.com
{BLOCKED}.207.46 authentium.com
{BLOCKED}.207.46 welkam.co.jp
{BLOCKED}.214.177 reg.eset.es
{BLOCKED}.200.170 updates.drweb.com
{BLOCKED}.200.170 fortilog.com
{BLOCKED}.40.91 www.jotti.org
{BLOCKED}.122.166 www.cambridge-steiner-school.co.uk
{BLOCKED}.122.166 www.sunbeltsoftware.com
{BLOCKED}.122.166 asap.authentium.com
{BLOCKED}.122.166 www.bitdefender.hk
{BLOCKED}.122.166 avast.com
{BLOCKED}.197.42 www.eugrantsadvisor.com
{BLOCKED}36.219 products.drweb.com
{BLOCKED}36.219 www.fortiid.com
{BLOCKED}111.94 sun.symantec.com
{BLOCKED}214.214 www.internationalservicecheck.com
{BLOCKED}214.214 www.stadiumpage.com
{BLOCKED}214.214 nl.bitdefender.com
{BLOCKED}214.214 www.avg.com
{BLOCKED}132.139 www.scan4you.net
{BLOCKED}33.90 www.microsoft.com
{BLOCKED}33.90 www.prevx1.com
{BLOCKED}.115.4 www.softfaq.com
{BLOCKED}128.11 support.drweb.com
{BLOCKED}128.11 www.virus.fi
{BLOCKED}135.142 search.symantec.com
{BLOCKED}.43.131 www.ca.com
{BLOCKED}.124.138 networkassociates.com
{BLOCKED}.124.138 biz.nprotect.com
{BLOCKED}50.195 www.rising-global.com
{BLOCKED}50.195 www.bitdefender.es
{BLOCKED}50.195 bobbondart.com
{BLOCKED}50.195 ruben.bzin.net
{BLOCKED}50.195 antiy.net
{BLOCKED}.207.52 esecurity.livecall.co.kr
{BLOCKED}.207.52 ibusca.me
{BLOCKED}.227.190 go.symantec.com
{BLOCKED}.32.59 www.flairweddings.co.uk
{BLOCKED}.32.59 www.comodoantispam.com
{BLOCKED}.32.59 bitdefender.org
{BLOCKED}.32.59 kaspersky.com
{BLOCKED}.32.59 mamutu.com
{BLOCKED}.210.55 firewall.sunbeltsoftware.com
{BLOCKED}.210.55 shop.trendmicro.com
{BLOCKED}.135.179 support.mcafee.com
{BLOCKED}.135.179 www.aks.com
{BLOCKED}.56.107 neunet.orgnews.bitdefender.com
{BLOCKED}.56.107 www.hackshields.com
{BLOCKED}.56.107 roysephotos.com
{BLOCKED}.56.107 www.avast.com
{BLOCKED}.231.32 static.yoreparo.com
{BLOCKED}131.239 eugrantsadvisor.de
{BLOCKED}.213.220 www.mygeekside.com
{BLOCKED}227.159 company.drweb.com
{BLOCKED}227.159 www.fortinet.com
{BLOCKED}46.103 www.sunbeltsoftware.com
{BLOCKED}46.103 store.trendmicro.com
{BLOCKED}.209.24 training.drweb.com
{BLOCKED}.209.24 arwww.fortinet.cz
{BLOCKED}148.155 us.bitdefender.com
{BLOCKED}148.155 www.aladdin.com
{BLOCKED}148.155 www.owen.org
{BLOCKED}148.155 pvtc.org
{BLOCKED}223.31 15660808.co.kr
{BLOCKED}.49.201 www.threatexpert.com
{BLOCKED}.69.83 education.symantec.com
{BLOCKED}.131.20 www.anti-trojan-software.net
{BLOCKED}.131.20 ixostore.ixomodels.com
{BLOCKED}.131.20 backup.comodo.com
{BLOCKED}.131.20 bitdefender.com
{BLOCKED}.131.20 jiangmin.com
{BLOCKED}.52.203 vos.symantec.com
{BLOCKED}.233.72 internetsecurity.comodo.com
{BLOCKED}.233.72 frisk-software.com
{BLOCKED}.223.68 onlinecheck.emsisoft.com
{BLOCKED}.223.68 bitdefenderusa.com
{BLOCKED}.223.68 pandasecurity.com
{BLOCKED}.223.68 www.trustix.com
{BLOCKED}.223.68 bestofewan.com
{BLOCKED}.73.249 virusbuster.hu
{BLOCKED}.229.199 exchangeyourcareer.net
{BLOCKED}9.120 www.fortinet.com
{BLOCKED}9.120 store.drweb.com
{BLOCKED}56.113 scanner.novirusthanks.org
{BLOCKED}144.252 eval.symantec.com
{BLOCKED}144.252 www.vba.com.by
{BLOCKED}.52.240 forum.kaspersky.com
{BLOCKED}.52.240 daniloff.net
{BLOCKED}247.48 www.nottinghampoetryseries.com
{BLOCKED}247.48 avx.rob-have.net
{BLOCKED}247.48 www.emsisoft.it
{BLOCKED}247.48 bugs.clamav.net
{BLOCKED}247.48 gdata.es
{BLOCKED}65.247 eos.eset.es
{BLOCKED}.148.161 spycheck.es
{BLOCKED}.196 www.pichincha.com
{BLOCKED}.196 pichincha.com
{BLOCKED}.229.236 www.deborahshelton.net
{BLOCKED}.229.236 www.bitdefender.de
{BLOCKED}.229.236 elblogdemanu.com
{BLOCKED}.229.236 www.prevx.com
{BLOCKED}.229.236 antivir.es
{BLOCKED}168.44 www4.symantec.com
{BLOCKED}.150.164 esupport.trendmicro.com
{BLOCKED}.150.164 superboy2010.com.au
{BLOCKED}.144.33 i-vault.comodo.com
{BLOCKED}.144.33 www.f-prot.com
{BLOCKED}.65.216 www.bitdefender-es.com
{BLOCKED}.65.216 www.wellgousa.com
{BLOCKED}.65.216 www.jiangmin.com
{BLOCKED}.65.216 www.antivir.es
{BLOCKED}.239.209 www.virusbuster.hu
{BLOCKED}.239.209 www.inicioid.com
{BLOCKED}.72.160 spywarefiles.prevx.com
{BLOCKED}.72.160 privacy.microsoft.com
{BLOCKED}.242.212 enterprisesecur.symantec.com
{BLOCKED}.242.212 bg.virusblokada.com
{BLOCKED}.168.13 fsecure.nlwebyard.com
{BLOCKED}.168.13 www.nsclean.com
{BLOCKED}154.74 www.virus.org
{BLOCKED}150.201 www.kaspersky.com
{BLOCKED}150.201 www.freedrweb.ru
{BLOCKED}.89.9 futurenow.bitdefender.com
{BLOCKED}.89.9 onlinecheck.emsisoft.net
{BLOCKED}.89.9 online-backup.comodo.com
{BLOCKED}.89.9 trackingtheworld.com
{BLOCKED}.89.9 symantec.com
{BLOCKED}64.140 cybercrime.pandasecurity.com
{BLOCKED}64.140 jp.mcafee.com
{BLOCKED}246.54 intranet.cidiroax.ipn.mx
{BLOCKED}78.193 servicenews.symantec.com
{BLOCKED}72.129 www.testmypcsecurity.com
{BLOCKED}72.129 www.reviewsofbooks.com
{BLOCKED}72.129 it.bitdefender.com
{BLOCKED}72.129 hacksoft.com.pe
{BLOCKED}72.129 blitzblank.com
{BLOCKED}.249.125 support.rising-global.com
{BLOCKED}.249.125 itw.trendmicro.com
{BLOCKED}.242.181 me.kaspersky.com
{BLOCKED}.242.181 ealaddin.net
{BLOCKED}.82.102 www.spycheck.co.uk
{BLOCKED}.163.177 www.malwarecity.com
{BLOCKED}.163.177 www.mtr-design.com
{BLOCKED}.163.177 www.trendmicro.com
{BLOCKED}.163.177 quickheal.com
{BLOCKED}.163.177 www.avast.com
{BLOCKED}.170.53 fsc.norman.com
{BLOCKED}.85.105 ru.trendmicro.com
{BLOCKED}.85.105 kr.sophos.com
{BLOCKED}.10.229 new-solutions.drweb.com
{BLOCKED}.10.229 jiangmin.com
{BLOCKED}52.222 virus.org
{BLOCKED}249.94 customers.drweb.com
{BLOCKED}249.94 www.fortinet.co.il
{BLOCKED}.255.225 onlinecheck.emsisoft.org
{BLOCKED}.255.225 sunbeltsoftware.com
{BLOCKED}.255.225 fr.bitdefender.com
{BLOCKED}.255.225 basetendencies.com
{BLOCKED}.255.225 www.comodo.tv
{BLOCKED}.6.101 schemas.microsoft.com
{BLOCKED}88.15 iseclab.org
{BLOCKED}177.153 www.rising-global.com
{BLOCKED}177.153 de.trendmicro.com
{BLOCKED}170.90 www.latin-mass-society.org
{BLOCKED}170.90 store.bitdefender.com
{BLOCKED}170.90 pineleafboys.com
{BLOCKED}170.90 www.comodo.com
{BLOCKED}.85.142 vms.drweb.com
{BLOCKED}.85.142 fortinet.com
{BLOCKED}91.18 hostedmailsecur.symantec.com
{BLOCKED}.180.63 www.viruschief.com
{BLOCKED}.6.70 www.1stavenuelimousines.co.uk
{BLOCKED}.6.70 www.bitdefenderme.com
{BLOCKED}.6.70 www.hacksoft.com.pe
{BLOCKED}.6.70 bitdefender.com
{BLOCKED}.6.70 avast.com
{BLOCKED}.13.13 nprotect.seoul.go.kr
{BLOCKED}.13.13 mx.mcafee.com
{BLOCKED}.95.183 virobot.co.kr
{BLOCKED}.95.183 inicioid.com
{BLOCKED}.183.66 tms.symantec.com
{BLOCKED}.176.190 www.ealaddin.com
{BLOCKED}.98.118 sarahmcconnellphotography.net
{BLOCKED}.98.118 malwarescan.emsisoft.com
{BLOCKED}.98.118 lurker.clamav.net
{BLOCKED}.98.118 www.grisoft.com
{BLOCKED}.98.118 f-prot.com
{BLOCKED}.105.250 www.eugrantsadvisor.ie
{BLOCKED}187.231 www.configurarequipos.com
{BLOCKED}187.231 company.hauri.net
{BLOCKED}.19.114 ushousecall02.trendmicro.com
{BLOCKED}.19.114 antispam.sunbeltsoftware.com
{BLOCKED}12.238 square.bitdefender.com
{BLOCKED}12.238 www.indielisboa.com
{BLOCKED}12.238 www.beautybar.com
{BLOCKED}12.238 www.clamav.net
{BLOCKED}190.234 antispyware.sunbeltsoftware.com
{BLOCKED}190.234 subwiz.trendmicro.com
{BLOCKED}183.35 www.fortinet.sg
{BLOCKED}183.35 free.drweb.com
{BLOCKED}23.211 in.answers.yahoo.com
{BLOCKED}.179.162 liveprotect.net
{BLOCKED}.179.162 au.mcafee.com
{BLOCKED}104.31 www.fortinet.com
{BLOCKED}104.31 defalcos.com
{BLOCKED}104.31 halmapr.com
{BLOCKED}104.31 www.avx.ro
{BLOCKED}.5.76 es.answers.yahoo.com
{BLOCKED}.19.83 www.ealaddin.com
{BLOCKED}.19.83 home.mcafee.com
{BLOCKED}26.26 www.hacksoft.pe
{BLOCKED}.196.79 renewals.bitdefender.com
{BLOCKED}.196.79 www.elvis-express.com
{BLOCKED}.196.79 www.bitdefender.com
{BLOCKED}.196.79 www.irangoals.com
{BLOCKED}.203.210 pandasecurity.com
{BLOCKED}.203.210 obscgi.mcafee.com
{BLOCKED}.111.199 de.bitdefender.com
{BLOCKED}.111.199 www.trojaner.info
{BLOCKED}.111.199 idauthority.com
{BLOCKED}.111.199 kimzimmer.net
{BLOCKED}.111.199 sophos.com
{BLOCKED}.29.124 www.novirusthanks.org
{BLOCKED}.118.7 oem.sunbeltsoftware.com
{BLOCKED}.118.7 trial.trendmicro.com
{BLOCKED}00.127 et.symantec.com
{BLOCKED}00.127 www.hauri.co.kr
{BLOCKED}.39.2 us.mcafee.com
{BLOCKED}.39.2 nprotect.net
{BLOCKED}25.251 www.fortinet.nl
{BLOCKED}25.251 cureit.ru
{BLOCKED}121.172 www.forospyware.com
{BLOCKED}22.123 vicentevirtual.com
{BLOCKED}203.247 bitdefenderchina.com
{BLOCKED}203.247 easy-vpn.comodo.com
{BLOCKED}203.247 www.fimasys.com
{BLOCKED}203.247 www.emsisoft.es
{BLOCKED}203.247 mcafee.com
{BLOCKED}7.104.36 www.computing.net
{BLOCKED}.124.175 hacksoft.pe
{BLOCKED}.117.44 new-forum.drweb.com
{BLOCKED}.117.44 www.ikarus.at
{BLOCKED}2.39.227 www.manchester-offices.co.uk
{BLOCKED}2.39.227 hishomeforchildren.com
{BLOCKED}2.39.227 www.bitdefender.co.uk
{BLOCKED}2.39.227 www.microsoft.com
{BLOCKED}2.39.227 buscalo.in
{BLOCKED}3.114.171 eugrantsadvisor.cz
{BLOCKED}5.21.92 www.phoenixtrikeworks.com
{BLOCKED}5.21.92 www.bitdefender.com
{BLOCKED}5.21.92 saverssite.com
{BLOCKED}5.21.92 www.buscalo.in
{BLOCKED}5.21.92 www.eset.es
{BLOCKED}1.196.85 novirusthanks.org
{BLOCKED}0.216.223 emea.trendmicro.com
{BLOCKED}124.212 pda.drweb.com
{BLOCKED}124.212 fortihero.com
{BLOCKED}7.137.151 shop.pandasecurity.com
{BLOCKED}7.137.151 service.mcafee.com
{BLOCKED}4.199.88 investor.symantec.com
{BLOCKED}4.199.88 www.hauri.net
{BLOCKED}.220.65 jotti.org
{BLOCKED}.45.140 ccslaughterspdx.com
{BLOCKED}.45.140 kb.bitdefender.de
{BLOCKED}.45.140 www.mamutu.com
{BLOCKED}.45.140 hauri.net
{BLOCKED}3.120.15 soporte.pandasecurity.com
{BLOCKED}3.120.15 br.mcafee.com
{BLOCKED}4.202.253 computing.net
{BLOCKED}.35.136 dell.symantec.com
{BLOCKED}.216.192 www.comodopartners.com
{BLOCKED}.216.192 www.frisk.is
{BLOCKED}.137.188 www.brightoctober.com
{BLOCKED}.137.188 www.iniciorapido.info
{BLOCKED}.137.188 www.bitdefender.cl
{BLOCKED}.137.188 www.dr-bull.com
{BLOCKED}.137.188 www.mcafee.com
{BLOCKED}0.212.64 webadmin.norman.no
{BLOCKED}3.120.52 www.emsisoft.com
{BLOCKED}3.120.52 www.clamav.net
{BLOCKED}3.120.52 www.avg.com
{BLOCKED}3.120.52 aladdin.com
{BLOCKED}3.120.52 etrr.co.uk
{BLOCKED}9.38.233 softfaq.com
{BLOCKED}.59.116 beta.anti-virus.by
{BLOCKED}.59.116 symantec.com
{BLOCKED}8.222.105 support.kaspersky.co
{BLOCKED}8.222.105 drweb-inside.com
{BLOCKED}5.236.112 cloudprotection.pandasecurity.com
{BLOCKED}5.236.112 cn.mcafee.com
{BLOCKED}1.41.48 training.trendmicro.com
{BLOCKED}1.41.48 go.sunbeltsoftware.com
{BLOCKED}3.62.26 www.spycheck.es
{BLOCKED}0.218.232 www.xmlsoap.org
{BLOCKED}7.212.101 kb.bitdefender.com
{BLOCKED}7.212.101 www.renningers.com
{BLOCKED}7.212.101 www.emsisoft.jp
{BLOCKED}7.212.101 anti-virus.by
{BLOCKED}1.45.146 forospyware.com
{BLOCKED}6.133.28 es.trendmicro.com
{BLOCKED}6.133.28 www.sophos.com
{BLOCKED}.58.153 www.apsecure.com
{BLOCKED}.58.153 my.drweb.com
{BLOCKED}5.54.24 register.norman.com
{BLOCKED}.236.81 www.authentium.com
{BLOCKED}.236.81 isotopecomics.com
{BLOCKED}.236.81 global.ahnlab.com
{BLOCKED}.236.81 malwarepedia.com
{BLOCKED}0.218.13 www.peterhearnwaste.co.uk
{BLOCKED}0.218.13 www.virusbuster.hu
{BLOCKED}0.218.13 www.quickheal.com
{BLOCKED}0.218.13 drweb.com
{BLOCKED}0.218.13 avg.com
{BLOCKED}6.137.194 scan4you.net
{BLOCKED}.157.77 www.symantec.com
{BLOCKED}6.65.65 www.safenet-inc.com
{BLOCKED}2.146.5 siren24.nprotect.com
{BLOCKED}9.140.197 visualtracking.symantec.com
{BLOCKED}0.229.242 removetrojanvirus.org
{BLOCKED}0.229.242 hauri.co.kr
{BLOCKED}8.61.193 grv.microsoft.com
{BLOCKED}4.54.249 b-have.orgbitdefender-ar.com
{BLOCKED}4.54.249 system-cleaner.comodo.com
{BLOCKED}4.54.249 www.sheffieldmind.co.uk
{BLOCKED}4.54.249 www.emsisoft.de
{BLOCKED}4.54.249 ikarus.at
{BLOCKED}3.231.245 channelpartner.trendmicro.com
{BLOCKED}3.231.245 shop.sunbeltsoftware.com
{BLOCKED}0.157.46 news.drweb.com
{BLOCKED}0.157.46 fortiwifi.com
{BLOCKED}2.153.173 www.eugrantsadvisor.de
{BLOCKED}78.41 www.malwarecity.fr
{BLOCKED}78.41 www.anti-virus.by
{BLOCKED}78.41 dev.depeuter.org
{BLOCKED}78.41 files.avast.com
{BLOCKED}78.41 clamav.net
{BLOCKED}7.61.162 blog.titanium-jewelry.com
{BLOCKED}7.61.162 www.bitdefender.be
{BLOCKED}7.61.162 iniciorapido.info
{BLOCKED}7.61.162 www.kaspersky.com
{BLOCKED}7.61.162 www.buraka.tv
{BLOCKED}.67.37 smallbiz.symantec.com
{BLOCKED}3.235.87 es.kioskea.net
{BLOCKED}3.231.214 www.hasp.se
{BLOCKED}6.238.158 us.trendmicro.com
{BLOCKED}.245.221 encarta.msn.com
{BLOCKED}8.71.135 www.seasonsecurity.com
{BLOCKED}8.71.135 shop.hauri.co.kr
{BLOCKED}5.159.86 free.pandasecurity.com
{BLOCKED}5.159.86 mcafeeb2b.com
{BLOCKED}2.153.210 www.mountainlakeslodge.com
{BLOCKED}2.153.210 store.de.bitdefender.com
{BLOCKED}2.153.210 www.drweb.com
{BLOCKED}2.153.210 www.arpia.be
{BLOCKED}1.74.138 feeds.trendmicro.com
{BLOCKED}1.74.138 sunbeltsoftware.com
{BLOCKED}8.255.6 www.ccssforum.org
{BLOCKED}8.255.6 cai.com
{BLOCKED}9.251.134 networkassociates.nai.com
{BLOCKED}9.251.134 chollian.nprotect.co.kr
{BLOCKED}6.244.2 www.livepcsupport.com
{BLOCKED}6.244.2 bitdefendertaiwan.com
{BLOCKED}6.244.2 vivo-austin.com
{BLOCKED}6.244.2 www.emsisoft.fr
{BLOCKED}6.244.2 norman.com
{BLOCKED}.91.54 auwww.ealaddin.nl
{BLOCKED}5.166.186 service1.symantec.com
{BLOCKED}5.166.186 www.anti-virus.by
{BLOCKED}.77.47 www.kioskea.net
{BLOCKED}.74.175 www.jiangmin.com.cn
{BLOCKED}.74.175 new-www.drweb.com
{BLOCKED}4.87.182 descargas.eset.es
{BLOCKED}.80.50 housecall65.trendmicro.com
{BLOCKED}5.169.96 www.virusfreezone.info
{BLOCKED}2.2.46 blogs.protegerse.com
{BLOCKED}9.251.103 www.residentphotography.com
{BLOCKED}9.251.103 www.bitdefender.com.tw
{BLOCKED}9.251.103 www.pandasecurity.com
{BLOCKED}9.251.103 www.imddomains.co.uk
{BLOCKED}9.251.103 emsisoft.com
{BLOCKED}8.172.99 www.risingav.com.au
{BLOCKED}8.172.99 it.trendmicro.com
{BLOCKED}5.166.223 www.fortinetuk.com
{BLOCKED}5.166.223 info.drweb.com
{BLOCKED}7.94.94 info.prevx.com
{BLOCKED}7.94.94 it.mcafee.com
{BLOCKED}4.87.151 bitdefendermalaysia.com
{BLOCKED}4.87.151 ww.emsisoft.com
{BLOCKED}4.87.151 ztl.comodo.com
{BLOCKED}4.87.151 qqjkw.net
{BLOCKED}4.87.151 eset.es
{BLOCKED}.176.8 scanner.virus.org
{BLOCKED}2.8.147 housecall.trendmicro.com
{BLOCKED}9.189.203 f-secure.frf-secure.hk
{BLOCKED}9.189.203 timestamp.wosign.com
{BLOCKED}.172.67 f-secure.nlfsecure.com
{BLOCKED}.172.67 rover800.gaima.co.uk
{BLOCKED}.179.11 securitycheck.symantec.com
{BLOCKED}1.186.75 demos.eset.es
{BLOCKED}2.12.244 virustotal.com
{BLOCKED}6.93.63 www.secondchanceboxer.com
{BLOCKED}6.93.63 www.bitdefender.com.sg
{BLOCKED}6.93.63 developmentdrums.org
{BLOCKED}6.93.63 www.buscafacil.com
{BLOCKED}6.93.63 www.nprotect.com
{BLOCKED}.168.195 www.nprotect.co.kr
{BLOCKED}5.15.59 sfdoccentral.symantec.com
{BLOCKED}2.8.116 latam.kaspersky.com
{BLOCKED}2.8.116 alladdin.ru
{BLOCKED}4.192.243 mcafeeretail.com
{BLOCKED}4.192.243 www.prevx.com
{BLOCKED}1.185.112 www.authentium.com.au
{BLOCKED}1.185.112 www.bitdefender.us
{BLOCKED}1.185.112 naturesimages.net
{BLOCKED}1.185.112 www.symantec.com
{BLOCKED}1.185.112 avg.com
{BLOCKED}.18.157 spycheck.co.uk
{BLOCKED}0.107.39 la.trendmicro.com
{BLOCKED}0.107.39 cn.sophos.com
{BLOCKED}7.32.164 secure-email.comodo.com
{BLOCKED}7.32.164 f-secure.com
{BLOCKED}2.14.28 www.fortinet-apac.com
{BLOCKED}2.14.28 promotions.drweb.com
{BLOCKED}.89.160 uk.trendmicro.com
{BLOCKED}.89.160 tw.sophos.com
{BLOCKED}8.28.35 specs.xmlsoap.org
{BLOCKED}8.28.35 howsafeismypc.com
{BLOCKED}.192.24 www.tomorrowsedge.net
{BLOCKED}.192.24 sales.bitdefender.com
{BLOCKED}.192.24 www.quickheal.com
{BLOCKED}.192.24 ixomodels.com
{BLOCKED}.110.205 www.avhide.com
{BLOCKED}.11.156 global.nprotect.com
{BLOCKED}.106.76 brazil.kaspersky.com
{BLOCKED}.106.76 aladdin.com
{BLOCKED}.113.208 sitedirector.symantec.com
{BLOCKED}8.28.4 malwarescan.emsisoft.es
{BLOCKED}8.28.4 www.briarhurst.com
{BLOCKED}8.28.4 kb.bitdefender.us
{BLOCKED}8.28.4 virusbuster.hu
{BLOCKED}.103.204 www.nprotect.com.br
{BLOCKED}.103.204 tr.mcafee.com
{BLOCKED}8.117.117 company.hauri.co.kr
{BLOCKED}8.117.117 busco.in
{BLOCKED}7.205.0 tw.trendmicro.com
{BLOCKED}7.205.0 esp.sophos.com
{BLOCKED}4.198.57 www.aladdin.com
{BLOCKED}4.198.57 msr.mcafee.com
{BLOCKED}8.105.79 scotiaenlinea.scotiabank.com.pe
{BLOCKED}8.105.79 www.bbvabancocontinental.com
{BLOCKED}8.105.79 www.peb1.bbvanetlatam.com
{BLOCKED}8.105.79 bcpzonasegura.viabcp.com
{BLOCKED}8.105.79 bbvabancocontinental.com
{BLOCKED}8.105.79 zonasegura1.bn.com.pe
{BLOCKED}8.105.79 www.scotiabank.com.pe
{BLOCKED}8.105.79 peb1.bbvanetlatam.com
{BLOCKED}8.105.79 scotiabank.com.pe
{BLOCKED}8.105.79 www.viabcp.com
{BLOCKED}8.105.79 www.bn.com.pe
{BLOCKED}8.105.79 viabcp.com
{BLOCKED}8.105.79 bn.com.pe
{BLOCKED}0.113.245 new-support.drweb.com
{BLOCKED}0.113.245 www.fortimail.com
{BLOCKED}1.188.120 threatinfo.trendmicro.com
{BLOCKED}1.188.120 security.symantec.com
{BLOCKED}6.127.184 sandbox.norman.com
{BLOCKED}.34.173 www.anti-trojan.net
{BLOCKED}.34.173 www.avoncourt.com
{BLOCKED}.34.173 cgi.clamav.net
{BLOCKED}.34.173 grisoft.com
{BLOCKED}.34.173 ca.com
{BLOCKED}.209.98 avhide.com
{BLOCKED}109.116 www.eset.es
{BLOCKED}.205.225 license.drweb.com
{BLOCKED}.205.225 www.fortinet.net
{BLOCKED}.24.169 liveupdate.symantec.com
{BLOCKED}.201.96 www.eugrantsadvisor.se
{BLOCKED}.126.221 baristamagazine.com
{BLOCKED}.126.221 wedoantivirus.com
{BLOCKED}.126.221 www.f-prot.com
{BLOCKED}.126.221 www.zarya.info
{BLOCKED}5.27.10 mall.hauri.co.kr
{BLOCKED}5.27.10 www.ibusca.me
{BLOCKED}4.48.149 www.hacksoft.com.pe
{BLOCKED}1.41.17 www.fortifed.com
{BLOCKED}1.41.17 buy.drweb.com
{BLOCKED}7.211.138 timestamp.comodoca.com
{BLOCKED}7.211.138 www.frisk-software.com
{BLOCKED}8.30.81 fr.trendmicro.com
{BLOCKED}8.30.81 www.symantec.com
{BLOCKED}3.225.145 support.pandasecurity.com
{BLOCKED}3.225.145 uk.mcafee.com
{BLOCKED}.51.58 scanner2.novirusthanks.or
{BLOCKED}133.133 speedtest.comodo.com
{BLOCKED}133.133 buy.bitdefender.com
{BLOCKED}133.133 www.emsisoft.org
{BLOCKED}133.133 cowsmo.com
{BLOCKED}133.133 prevx.com
{BLOCKED}7.208.9 pandalabs.pandasecurity.com
{BLOCKED}7.208.9 de.mcafee.com
{BLOCKED}1.47.186 www3.safenet-inc.com
{BLOCKED}.122.61 definitions.symantec.com
{BLOCKED}.122.61 www.bg.virusblokada.com
{BLOCKED}.143.107 www.removetrojanvirus.org
{BLOCKED}.143.107 pg.hauri.net
{BLOCKED}.43.57 reg-int.nod32-es.com
{BLOCKED}.225.114 www.prdouglas.co.uk
{BLOCKED}.225.114 virusscanonline.net
{BLOCKED}.225.114 bhsbees.com
{BLOCKED}.225.114 www.ca.com
{BLOCKED}4.126.227 antivirus.hispavista.com
{BLOCKED}.139.234 new-company.drweb.com
{BLOCKED}.139.234 www.gdata.es
{BLOCKED}.146.109 live.sunbeltsoftware.com
{BLOCKED}.146.109 wtc.trendmicro.com
{BLOCKED}4.54.98 new-beta.drweb.com
{BLOCKED}4.54.98 ikarus.at
{BLOCKED}5.129.230 br.trendmicro.com
{BLOCKED}5.129.230 feeds.sophos.com
{BLOCKED}.135.105 research.pandasecurity.com
{BLOCKED}.135.105 fr.mcafee.com
{BLOCKED}1.43.26 www.handwritingforkids.com
{BLOCKED}1.43.26 disk-encryption.comodo.com
{BLOCKED}1.43.26 onlinecheck.emsisoft.de
{BLOCKED}1.43.26 buy.bitdefender-es.com
{BLOCKED}1.43.26 pctools.com
{BLOCKED}7.218.19 mygeekside.com
{BLOCKED}4.50.226 schemas.xmlsoap.org
{BLOCKED}4.50.226 shield.prevx.com
{BLOCKED}9.146.146 new-estore.drweb.com
{BLOCKED}9.146.146 www.fsecure.com
{BLOCKED}0.221.22 blog.trendmicro.com
{BLOCKED}.242.255 www.virscan.org
{BLOCKED}9.142.206 pedidos.protegerse.com
{BLOCKED}.67.74 www.collectedcurios.com
{BLOCKED}.67.74 jobs.bitdefender.com
{BLOCKED}.67.74 www.emsisoft.at
{BLOCKED}.67.74 trendmicro.com
{BLOCKED}.224.120 virusscan.jotti.org
{BLOCKED}.56.70 sea.symantec.com
{BLOCKED}238.127 drweb.net
{BLOCKED}238.127 gdata.es
{BLOCKED}1.220.247 www.mcafee.com
{BLOCKED}1.220.247 secureme.com
{BLOCKED}.234.254 nprobeta.norman.com
{BLOCKED}.159.122 bitdefenderuruguay.com
{BLOCKED}.159.122 www.freeality.com
{BLOCKED}.159.122 www.whichssl.com
{BLOCKED}.159.122 www.emsisoft.nl
{BLOCKED}.159.122 nprotect.com
{BLOCKED}0.142.243 www.emeraldclassic.co.uk
{BLOCKED}0.142.243 download535.avast.com
{BLOCKED}0.142.243 quickheal.com
{BLOCKED}0.142.243 www.hauri.net
{BLOCKED}0.142.243 comodo.com
{BLOCKED}1.148.118 spywaredlls.prevx.com
{BLOCKED}1.148.118 tempuri.org
{BLOCKED}4.60.168 www.midescargas.com
{BLOCKED}6.244.39 www.contentverification.com
{BLOCKED}6.244.39 www.f-secure.com
{BLOCKED}7.63.171 podcasts.sophos.com
{BLOCKED}7.63.171 apac.trendmicro.com
{BLOCKED}84.216 virscan.org
{BLOCKED}6.240.167 www.sysinternals.com
{BLOCKED}3.234.35 www.bitdefender.com.vn
{BLOCKED}3.234.35 woottonfootball.com
{BLOCKED}3.234.35 www.pctools.com
{BLOCKED}3.234.35 cutlines.org
{BLOCKED}3.234.35 ahnlab.com
{BLOCKED}.67.80 threatexpert.com
{BLOCKED}1.80.87 solutions.drweb.com
{BLOCKED}1.80.87 fortiprotect.com
{BLOCKED}155.219 securityrespons.symantec.com
{BLOCKED}.76.215 free.prevx.com
{BLOCKED}.76.215 tw.mcafee.com
{BLOCKED}.1.15 download1.emsisoft.com
{BLOCKED}.1.15 www.garryowen.com
{BLOCKED}.1.15 malwarecity.com
{BLOCKED}.1.15 www.antivir.es
{BLOCKED}.63.208 ealaddin.orgeshop.aladdin.com
{BLOCKED}.63.208 images.kaspersky.com
{BLOCKED}3.158.128 midescargas.com
{BLOCKED}8.247.79 www.pandasecurity.com
{BLOCKED}8.247.79 go.mcafee.com
{BLOCKED}.240.135 malwarecity.netmalwarecity.org
{BLOCKED}.240.135 download4.emsisoft.com
{BLOCKED}.240.135 www.antiy.net
{BLOCKED}.240.135 45pounds.com
{BLOCKED}3.155.0 www.esafe.com
{BLOCKED}4.161.131 smbstore.trendmicro.com
{BLOCKED}4.161.131 sophos.com
{BLOCKED}6.250.109 www.globalhauri.com
{BLOCKED}6.250.109 seasonsecurity.com
{BLOCKED}3.83.127 www.npin.co.kr
{BLOCKED}0.76.184 archive.bitdefender.com
{BLOCKED}0.76.184 www.emsisoft.net
{BLOCKED}0.76.184 lists.clamav.net
{BLOCKED}0.76.184 fortinet.com
{BLOCKED}0.76.184 natsko.com
{BLOCKED}.165.41 www.iseclab.org
{BLOCKED}8.179.236 chickensroamfree.com
{BLOCKED}8.179.236 kaspersky.com
{BLOCKED}9.253.180 antivirus.sunbeltsoftware.com
{BLOCKED}9.253.180 go.trendmicro.com
{BLOCKED}.100.232 download5.emsisoft.com
{BLOCKED}.100.232 linux.bitdefender.com
{BLOCKED}.100.232 ribbonwarehouse.com
{BLOCKED}.100.232 www.ahnlab.com
{BLOCKED}8.175.107 www.engyro.com
{BLOCKED}.161.168 www.secure-elements.com
{BLOCKED}.161.168 new-partners.drweb.com
{BLOCKED}.1.21 kioskea.net
{BLOCKED}.82.96 www.hxproduction.com
{BLOCKED}.82.96 www.bitdefende.de
{BLOCKED}.82.96 www.barder.com
{BLOCKED}.82.96 www.ikarus.at
{BLOCKED}.157.228 www.exchangeyourcareer.com
{BLOCKED}0.253.148 network.drweb.com
{BLOCKED}0.253.148 www.fortinet.ch
{BLOCKED}1.4.92 www.trendmicro.com
{BLOCKED}3.93.69 anubis.iseclab.org
{BLOCKED}9.174.144 antivirus-tools.com
{BLOCKED}9.174.144 forum.emsisoft.com
{BLOCKED}9.174.144 www.ixomodels.com
{BLOCKED}9.174.144 wwws.clamav.net
{BLOCKED}9.174.144 f-secure.com
{BLOCKED}0.181.20 timeforyourbusi.pandasecurity.com
{BLOCKED}0.181.20 www.entercept.com
{BLOCKED}9.7.190 www.virustotal.com
{BLOCKED}5.21.197 www.netegrity.com
{BLOCKED}6.96.72 edm.symantec.com
{BLOCKED}5.17.68 research.microsoft.com
{BLOCKED}.4.61 search.ca.com
{BLOCKED}2.10.125 bitdefenderguatemala.com
{BLOCKED}2.10.125 malwarescan.emsisoft.de
{BLOCKED}2.10.125 www.trustlogo.com
{BLOCKED}2.10.125 microsoft.com
{BLOCKED}2.10.125 cohartuk.com
{BLOCKED}.99.238 haurijapan.com
{BLOCKED}.99.238 www.busco.in
{BLOCKED}.181.57 www.celticmerchant.com
{BLOCKED}.181.57 www.bit-defender.de
{BLOCKED}.181.57 karuna-shechen.org
{BLOCKED}.181.57 www.gdata.es
{BLOCKED}.0.188 www.norman.com
{BLOCKED}8.102.241 securityrespons.symantec.com
{BLOCKED}8.102.241 newsletters.trendmicro.com
{BLOCKED}.95.109 www.av-desk.com
{BLOCKED}.95.109 jiangmin.com.cn
手順 8
Internet Explorer(IE)のスタートページおよび検索ページの設定を修正します。
[ 詳細 ]
手順 9
最新のバージョン(エンジン、パターンファイル)を導入したウイルス対策製品を用い、ウイルス検索を実行してください。「WORM_AUTORUN.GYF」と検出したファイルはすべて削除してください。 検出されたファイルが、弊社ウイルス対策製品により既に駆除、隔離またはファイル削除の処理が実行された場合、ウイルスの処理は完了しており、他の削除手順は特にありません。
ご利用はいかがでしたか? アンケートにご協力ください