Trend Micro Security

TSPY_ONLINEGA.YS

2012年10月12日
 別名:

Trojan:Win32/Sisron (Microsoft); Trojan.Gen (Symantec); PAK:UPX, Trojan-GameThief.Win32.OnLineGames.bogl (Kaspersky); Trojan.Win32.Generic!BT (Sunbelt); Trojan.Generic.6519217 (FSecure)

 プラットフォーム:

Windows 2000, Windows XP, Windows Server 2003

 危険度:
 感染確認数:
 システムへの影響:
 情報漏えい:


  • マルウェアタイプ: スパイウェア
  • 破壊活動の有無: なし
  • 暗号化:  
  • 感染報告の有無: はい

  概要


スパイウェアは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。

スパイウェアは、実行後、自身を削除します。

  詳細

ファイルサイズ 38,912 bytes
タイプ EXE
メモリ常駐 はい
発見日 2012年5月4日

侵入方法

スパイウェアは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。

自動実行方法

スパイウェアは、自身のコピーがWindows起動時に自動実行されるよう以下のレジストリ値を追加します。

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
iexplore.exe = "%Program Files%\internet explorer\iexplore.exe"

作成活動

スパイウェアは、以下のファイルを作成します。

  • %Program Files%\Internet Explorer\ComRes.dll

(註:%Program Files%は、標準設定では "C:\Program Files" です。)

その他

スパイウェアは、以下の不正なWebサイトにアクセスします。

  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=A4EA&code=3964D6AD
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=A836&code=17C9A538
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=A846&code=2DF60677
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=AC5D&code=2EE7D94F
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=AC6C&code=0127DB8D
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=AC7C&code=17543CCC
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=ADE3&code=65268CAF
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=ADF3&code=7B52EDEE
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=AE02&code=25C12204
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=AF6A&code=7BCFE90E
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=AF79&code=72995245
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=AF89&code=08C5B384
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=B0F0&code=1744E096
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=B100&code=059F73AD
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=B110&code=1BCBD4EC
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=B277&code=5277A3EE
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=B287&code=68A4052D
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=B296&code=3AE4076B
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=B40D&code=5697AB44
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=B41D&code=6CC40C83
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=B42D&code=02F06DC2
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=B594&code=358C14EC
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=B5A4&code=66EF1EE4
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=B5B3&code=392F2122
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=B71B&code=676C1A04
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=B72A&code=39AC1C42
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=B73A&code=4FD87D81
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=B8B1&code=33D72EA3
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=B8C0&code=061730E1
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=B8D0&code=1C439220
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=BAC4&code=1D4B0F6E
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=BAD4&code=337770AD
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=BAE3&code=05B772EB
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=BC4B&code=33F46BCD
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=BC5A&code=06346E0B
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=BC6A&code=1C60CF4A
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=BDD1&code=6A331F2D
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=BDE1&code=005F806C
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=BDF1&code=168BE1AB
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=BF68&code=3B9243C4
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=BF77&code=0DD24602
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=BF87&code=23FEA741
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=C10D&code=77289180
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=C11D&code=0D54F2BF
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=C12D&code=238153FE
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=C217&code=707F0E33
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=C39E&code=2EFA38BA
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=C3AD&code=1C70E3B1
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=C3BD&code=329D44F0
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=C534&code=53937F31
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=C544&code=69BFE070
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=C553&code=3BFFE2AE
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=C6BB&code=2D455271
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=C6CA&code=7F8554AF
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=C6DA&code=15B1B5EE
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=C90C&code=6493A687
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=C91C&code=7AC007C6
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=C92C&code=10EC6905
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=CA93&code=1EB495B6
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=CAA3&code=50179FAE
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=CAB2&code=2257A1EC
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=CC1A&code=50949ACE
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=CC39&code=5D8A6544
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=CC48&code=2FCA6782
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=D050&code=6475CEE5
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=D05F&code=3AC5F8FB
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=D07F&code=671EBB79
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=D34D&code=1F41A53D
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=D35D&code=356E067C
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=D36D&code=4B9A67BB
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=D4D4&code=196CB79E
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=D4E4&code=2F9918DD
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=D4F3&code=01D91B1B
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=D689&code=0F4BE0B1
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=D699&code=257841F0
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=D6A9&code=56DB4BE8
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=D810&code=3D1BBDF1
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=D820&code=53481F30
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=D82F&code=29984946
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=D997&code=20204F71
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=D9A6&code=0D96FA68
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=D9B6&code=23C35BA7
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=DB1D&code=69407B0F
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=DB2D&code=7F6CDC4E
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=DB3D&code=15993D8D
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=DCA4&code=636B8D70
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=DCB4&code=7997EEAF
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=DCC3&code=4BD7F0ED
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=DE2B&code=7A14E9CF
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=DE3A&code=4C54EC0D
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=DE4A&code=62814D4C
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=DFB1&code=30539D2F
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=DFC1&code=467FFE6E
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=DFD0&code=18C000AC
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=E138&code=50BCA4AF
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=E147&code=22FCA6ED
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=E157&code=3929082C
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=E2BE&code=668218EE
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=E2CE&code=7CAE7A2D
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=E2DE&code=12DADB6C
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=E474&code=1C3D792A
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=E484&code=3269DA69
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=E493&code=04A9DCA7
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=E6A6&code=2E27E0A4
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=E6F5&code=591967DE
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=E723&code=6BF3FF71
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=EAEC&code=2DB27838
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=EB1B&code=04796ECC
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=EB2B&code=1AA5D00B
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=ECA2&code=7EA4812D
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=ECB1&code=50E4836B
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=ECC1&code=6710E4AA
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=EE57&code=7483AA40
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=EE67&code=0AB00B7F
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=EE76&code=5CF00DBD
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=EFDE&code=4E357D80
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=EFED&code=20757FBE
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=EFFD&code=36A1E0FD
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=F164&code=26A1FE27
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=F174&code=3CCE5F66
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=F184&code=52FAC0A5
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=F2EB&code=0053D167
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=F2FB&code=168032A6
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=F30A&code=40EE66BC
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=F472&code=37766CE7
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=F481&code=09B66F25
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=F491&code=1FE2D064
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=F5F8&code=71C5481F
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=F608&code=601FDB36
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=F618&code=764C3C75
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=F77F&code=086EA47E
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=F78F&code=1E9B05BD
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=F79E&code=70DB07FB
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=F906&code=5AC7E8B7
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=F915&code=2D07EAF5
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=F925&code=43344C34
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=FA8C&code=308339C4
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=FA9C&code=46AF9B03
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=FAAB&code=342645FA
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=FC13&code=02DC7DFD
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=FC22&code=551C803B
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=FC32&code=6B48E17A
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=FD99&code=21F4B07C
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=FDA9&code=5357BA74
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=FDB9&code=69841BB3
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=FF20&code=4FC48DBC
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=FF30&code=65F0EEFB
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=FF3F&code=3C411911
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=100A7&code=748C7225
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=100B6&code=46CC7463
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=100D6&code=732536E1
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=1027B&code=2E4E97BC
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=1028B&code=447AF8FB
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=1029B&code=5AA75A3A
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=10402&code=00A7DBF5
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=10412&code=16D43D34
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=10421&code=69143F72
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=10589&code=63AC6D75
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=10598&code=35EC6FB3
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=105A8&code=674F79AB
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=1070F&code=51A0138C
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=1071F&code=67CC74CB
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=1072F&code=7DF8D60A
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=10896&code=30947D34
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=108A6&code=61F7872C
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=108B5&code=3437896A
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=10A1D&code=3DA107D3
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=10A2C&code=0FE10A11
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=10A3C&code=260D6B50
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=10BA3&code=73DFBB33
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=10BB3&code=0A0C1C72
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=10BC2&code=5C4C1EB0
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=10D2A&code=0A891792
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=10D39&code=015280C9
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=10D49&code=177EE208
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=10EB0&code=40C7CAF2
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=10EC0&code=56F42C31
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=10ED0&code=6D208D70
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=11037&code=6130D272
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=11047&code=775D33B1
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=11056&code=499D35EF
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=111BE&code=3AE2A5B2
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=111CD&code=0D22A7F0
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=111DD&code=234F092F
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=11344&code=2E18E231
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=11354&code=44454370
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=11364&code=5A71A4AF
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=114CB&code=07CAB571
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=114DB&code=1DF716B0
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=114EA&code=703718EE
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=11652&code=3EED50F1
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=11661&code=112D532F
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=11671&code=2759B46E
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=117D8&code=793C2C29
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=117E8&code=0F688D68
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=117F7&code=61A88FA6
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=1195F&code=0FE58888
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=1196E&code=62258AC6
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=1197E&code=7851EC05
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=11AE5&code=2150C16F
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=11AF5&code=377D22AE
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=11B05&code=25D7B5C5
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=11C6C&code=37FA1DCE
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=11C7C&code=4E267F0D
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=11C8B&code=2066814B
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=11E41&code=71588A40
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=11E50&code=43988C7E
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=11E60&code=59C4EDBD
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=11FC7&code=2BA76578
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=11FD7&code=41D3C6B7
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=11FE7&code=580027F6
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=1214E&code=278705FF
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=1215E&code=3DB3673E
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=1216D&code=0FF3697C
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=122D5&code=21B21860
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=122E4&code=73F21A9E
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=122F4&code=0A1E7BDD
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=1245B&code=746F15BE
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=1246B&code=0A9B76FD
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=1247B&code=20C7D83C
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=125E2&code=6E9A281F
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=125F2&code=04C6895E
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=12601&code=2F34BD74
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=12769&code=29CCEB77
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=12778&code=7C0CEDB5
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=12788&code=12394EF4
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=128EF&code=3F925FB6
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=128FF&code=55BEC0F5
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=1290E&code=002CF50B
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=12A76&code=51E180BD
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=12A85&code=242182FB
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=12A95&code=3A4DE43A
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=12BFC&code=67A6F4FC
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=12C0C&code=56018813
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=12C1C&code=6C2DE952
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=12D93&code=34F5F1BB
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=12DA2&code=226C9CB2
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=12DB2&code=3898FDF1
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=12F19&code=4772FECB
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=12F29&code=5D9F600A
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=12F39&code=73CBC149
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=130A0&code=024AEE5B
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=130B0&code=18774F9A
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=130BF&code=6EC779B0
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=13227&code=3D7DB1B3
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=13236&code=0FBDB3F1
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=13246&code=25EA1530
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=133AD&code=534325F2
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=133BD&code=696F8731
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=133CC&code=3BAF896F
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=13534&code=0A65C172
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=13543&code=5CA5C3B0
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=13553&code=72D224EF
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=136BA&code=202B35B1
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=136CA&code=365796F0
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=136DA&code=4C83F82F
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=13841&code=574DD131
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=13851&code=6D7A3270
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=13860&code=3FBA34AE
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=13A16&code=6FE8EB02
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=13A25&code=4228ED40
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=13A35&code=58554E7F
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=13B9C&code=6A77B688
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=13BAC&code=1BDAC080
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=13BBC&code=320721BF
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=13D23&code=3CD0FAC1
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=13D33&code=52FD5C00
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=13D42&code=253D5E3E
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=13EAA&code=1682CE01
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=13EB9&code=0D4C3738
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=13EC9&code=23789877
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=14030&code=6EEF4EA8
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=14040&code=051BAFE7
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=14050&code=1B481126
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=141B7&code=6D2A88E1
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=141C7&code=0356EA20
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=141D6&code=5596EC5E
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=1433E&code=03D3E540
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=1434D&code=5613E77E
  • http://{BLOCKED}.105.126/sf2/get.asp?rnd=1435D&code=6C4048BD

スパイウェアは、実行後、自身を削除します。

このウイルス情報は、自動解析システムにより作成されました。

  対応方法

対応検索エンジン: 9.200

手順 1

Windows XP および Windows Server 2003 のユーザは、コンピュータからマルウェアもしくはアドウェア等を完全に削除するために、ウイルス検索の実行前には必ず「システムの復元」を無効にしてください。

手順 2

Windowsをセーフモードで再起動します。

[ 詳細 ]

手順 3

このレジストリ値を削除します。

[ 詳細 ]

警告:レジストリはWindowsの構成情報が格納されているデータベースであり、レジストリの編集内容に問題があると、システムが正常に動作しなくなる場合があります。
レジストリの編集はお客様の責任で行っていただくようお願いいたします。弊社ではレジストリの編集による如何なる問題に対しても補償いたしかねます。
レジストリの編集前にこちらをご参照ください。

  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    • iexplore.exe = "%Program Files%\internet explorer\iexplore.exe"

手順 4

以下のファイルを検索し削除します。

[ 詳細 ]
コンポーネントファイルが隠しファイル属性に設定されている場合があります。[詳細設定オプション]をクリックし、[隠しファイルとフォルダの検索]のチェックボックスをオンにし、検索結果に隠しファイルとフォルダが含まれるようにしてください。
  • %Program Files%\Internet Explorer\ComRes.dll

手順 5

コンピュータを通常モードで再起動し、最新のバージョン(エンジン、パターンファイル)を導入したウイルス対策製品を用い、「TSPY_ONLINEGA.YS」と検出したファイルの検索を実行してください。 検出されたファイルが、弊社ウイルス対策製品により既に駆除、隔離またはファイル削除の処理が実行された場合、ウイルスの処理は完了しており、他の削除手順は特にありません。


ご利用はいかがでしたか? アンケートにご協力ください