PUA.Win32.OpenCandy.PCF
Adware/OpenCandy (FORTINET)
Windows
Threat Type: Potentially Unwanted Application
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
This Potentially Unwanted Application arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
It does not have any propagation routine.
It does not have any backdoor routine.
TECHNICAL DETAILS
Arrival Details
This Potentially Unwanted Application arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Installation
This Potentially Unwanted Application drops the following files:
- %User Temp%\is-{Random}.tmp\{Malware File Name}.tmp → deleted afterwards
- %User Temp%\is-{Random}.tmp\_isetup\_RegDLL.tmp → deleted afterwards
- %User Temp%\is-{Random}.tmp\_isetup\_shfoldr.dll → deleted afterwards
- %User Temp%\is-{Random}.tmp\OCSetupHlp.dll → deleted afterwards
- %Program Files%\WinSCP\unins000.dat
- %Program Files%\WinSCP\is-{Random}.tmp
- %Program Files%\WinSCP\WinSCP.exe
- %Program Files%\WinSCP\WinSCP.com
- %Program Files%\WinSCP\WinSCP.ico
- %Program Files%\WinSCP\licence
- %Program Files%\WinSCP\DragExt.dll
- %Program Files%\WinSCP\PuTTY\is-{Random}.tmp
- %Program Files%\WinSCP\PuTTY\LICENCE
- %Program Files%\WinSCP\PuTTY\putty.hlp
- %Program Files%\WinSCP\PuTTY\pageant.exe
- %Program Files%\WinSCP\PuTTY\is-E92B2.tmp
- %Program Files%\WinSCP\PuTTY\puttygen.exe
- %Common Programs%\WinSCP\WinSCP.lnk
- %Common Programs%\WinSCP\WinSCP Web Site.url
- %Common Programs%\WinSCP\Support forum.url
- %Common Programs%\WinSCP\Documentation.url
- %Common Programs%\WinSCP\Key tools\PuTTYgen.lnk
- %Common Programs%\WinSCP\Key tools\PuTTYgen Manual.lnk
- %Common Programs%\WinSCP\Key tools\Pageant.lnk
- %Common Programs%\WinSCP\Key tools\Pageant Manual.lnk
- %Common Programs%\WinSCP\Key tools\PuTTY Web Site.url
- %Desktop%\WinSCP.lnk
- %Cookies%\SendTo\WinSCP (for upload).lnk
- %Application Data%\winscp.rnd
It adds the following processes:
- %User Temp%\is-{Random}.tmp\{Malware File Name}.tmp /SL5="${Random},{Malware File Path}\{Malware File Name}.exe"
- %System%\regsvr32.exe /s "%Program Files%\WinSCP\DragExt.dll"
- %Program Files%\WinSCP\WinSCP.exe /RegisterAsUrlHandler
(Note: %User Temp% is the current user's Temp folder, which is usually C:\Documents and Settings\{user name}\Local Settings\Temp on Windows 2000(32-bit), XP, and Server 2003(32-bit), or C:\Users\{user name}\AppData\Local\Temp on Windows Vista, 7, 8, 8.1, 2008(64-bit), 2012(64-bit) and 10(64-bit).. %Program Files% is the default Program Files folder, usually C:\Program Files in Windows 2000(32-bit), Server 2003(32-bit), XP, Vista(64-bit), 7, 8, 8.1, 2008(64-bit), 2012(64-bit) and 10(64-bit) , or C:\Program Files (x86) in Windows XP(64-bit), Vista(64-bit), 7(64-bit), 8(64-bit), 8.1(64-bit), 2008(64-bit), 2012(64-bit) and 10(64-bit).)
It creates the following folders:
- %User Temp%\is-{Random}.tmp → deleted afterwards
- %User Temp%\is-{Random}.tmp\_isetup → deleted afterwards
- %Program Files%\WinSCP
- %Program Files%\WinSCP\PuTTY
- %Common Programs%\WinSCP
- %Common Programs%\WinSCP\Key tools\
(Note: %User Temp% is the current user's Temp folder, which is usually C:\Documents and Settings\{user name}\Local Settings\Temp on Windows 2000(32-bit), XP, and Server 2003(32-bit), or C:\Users\{user name}\AppData\Local\Temp on Windows Vista, 7, 8, 8.1, 2008(64-bit), 2012(64-bit) and 10(64-bit).. %Program Files% is the default Program Files folder, usually C:\Program Files in Windows 2000(32-bit), Server 2003(32-bit), XP, Vista(64-bit), 7, 8, 8.1, 2008(64-bit), 2012(64-bit) and 10(64-bit) , or C:\Program Files (x86) in Windows XP(64-bit), Vista(64-bit), 7(64-bit), 8(64-bit), 8.1(64-bit), 2008(64-bit), 2012(64-bit) and 10(64-bit).. %Common Programs% is the folder that contains common program groups for all users, which is usually C:\Documents and Settings\All Users\Start Menu\Programs on Windows 2000, XP, and Server 2003, or C:\ProgramData\Microsoft\Windows\Start Menu\Programs on Windows Vista, 7, and 8.)
Other System Modifications
This Potentially Unwanted Application adds the following registry entries as part of its installation routine:
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
Interface = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
ShowAdvancedLoginOptions = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
DDExtEnabled = 1
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
RandomSeedFile = %25APPDATA%25%5Cwinscp.rnd
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
PuttyRegistryStorageKey = Software%5CSimonTatham%5CPuTTY
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
ConfirmOverwriting = 1
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
ConfirmResume = 1
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
AutoReadDirectoryAfterOp = 1
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
SessionReopenAuto = 5000
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
SessionReopenBackground = 2000
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
SessionReopenTimeout = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
TunnelLocalPortNumberLow = 50000
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
TunnelLocalPortNumberHigh = 50099
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
CacheDirectoryChangesMaxSize = 100
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
ShowFtpWelcomeMessage = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
ContinueOnError = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
ConfirmCommandSession = 1
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
SynchronizeParams = 66
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
SynchronizeOptions = 5
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
SynchronizeModeAuto = 4294967295
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
SynchronizeMode = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
MaxWatchDirectories = 500
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
QueueTransfersLimit = 2
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
QueueAutoPopup = 1
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
QueueRememberPassword = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
PuttySession = WinSCP%20temporary%20session
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
PuttyPath = %25PROGRAMFILES%25%5CPuTTY%5Cputty.exe
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
PuttyPassword = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
TelnetForFtpInPutty = 1
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
IgnoreCancelBeforeFinish = DF BC 9A 78 56 34 02 3F
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
BeepOnFinish = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
BeepOnFinishAfter = 17 6C C1 16 6C C1 36 3F
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
SynchronizeBrowsing = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
KeepUpToDateChangeDelay = 500
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
ChecksumAlg = md5
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
SessionReopenAutoIdle = 5000
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
ConfirmExitOnCompletion = 1
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
CopyOnDoubleClick = 2
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
CopyOnDoubleClickConfirmation = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
DDAllowMove = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
DDAllowMoveInit = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
DDTransferConfirmation = 1
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
DDTemporaryDirectory =
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
DDWarnLackOfTempSpace = 1
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
DDWarnLackOfTempSpaceRatio = 9A 99 99 99 99 99 F1 3F
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
DeleteToRecycleBin = 1
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
DimmHiddenFiles = 1
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
RenameWholeName = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
SelectDirectories = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
SelectMask = %2A.%2A
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
ShowHiddenFiles = 1
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
ShowInaccesibleDirectories = 1
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
ConfirmTransferring = 1
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
ConfirmDeleting = 1
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
ConfirmRecycling = 1
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
ConfirmClosingSession = 1
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
AutoStartSession =
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
UseLocationProfiles = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
UseSharedBookmarks = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
LocaleSafe = 1033
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
DDExtEnabled = 1
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
DDExtTimeout = 1000
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
DefaultDirIsHome = 1
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
TemporaryDirectoryAppendSession = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
TemporaryDirectoryAppendPath = 1
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
TemporaryDirectoryCleanup = 1
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
PreservePanelState = 1
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
Theme = OfficeXP
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
PathInCaption = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
MinimizeToTray = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
BalloonNotifications = 1
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
NotificationsTimeout = 10
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
NotificationsStickTime = 2
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
CopyParamAutoSelectNotice = 1
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
SessionToolbarAutoShown = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
LockToolbars = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
AutoOpenInPutty = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
LastMonitor = 4294967295
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
VersionHistory = 40205624,stable
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander
CurrentPanel = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander
LocalPanelWidth = 00 00 00 00 00 00 E0 3F
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander
SwappedPanels = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander
StatusBar = 1
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander
WindowParams = -1;-1;850;650;0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander
ExplorerStyleSelection = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander
PreserveLocalDirectory = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander
CompareByTime = 1
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander
CompareBySize = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander
FullRowSelect = 1
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander
TreeOnLeft = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander\LocalPanel
DirViewParams = 0;1;0|150,1;70,1;101,1;79,1;62,1;55,0|0;1;2;3;4;5
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander\LocalPanel
StatusBar = 1
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander\LocalPanel
DriveView = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander\LocalPanel
DriveViewHeight = 100
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander\LocalPanel
DriveViewWidth = 100
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander\RemotePanel
DirViewParams = 0;1;0|150,1;70,1;101,1;79,1;62,1;55,0;20,0;150,0;125,0|0;1;8;2;3;4;5;6;7
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander\RemotePanel
StatusBar = 1
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander\RemotePanel
DriveView = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander\RemotePanel
DriveViewHeight = 100
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander\RemotePanel
DriveViewWidth = 100
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
ConsoleWin
WindowSize = 570,430
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
AddXToDirectories = 1
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
Masks = %2A.%2Ahtml;%20%2A.htm;%20%2A.txt;%20%2A.php;%20%2A.php3;%20%2A.cgi;%20%2A.c;%20%2A.cpp;%20%2A.h;%20%2A.pas;%20%2A.bas;%20%2A.tex;%20%2A.pl;%20.htaccess;%20%2A.xtml;%20%2A.css;%20%2A.cfg;%20%2A.ini;%20%2A.sh;%20%2A.xml
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
FileNameCase = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
PreserveReadOnly = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
PreserveTime = 1
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
PreserveRights = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
IgnorePermErrors = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
Text = rw-r--r--
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
TransferMode = 2
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
ResumeSupport = 1
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
ResumeThreshold = 00 90 01 00 00 00 00 00
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
ReplaceInvalidChars = 1
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
LocalInvalidChars = /%5C:%2A%3F"<>|
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
CalculateSize = 1
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
ExcludeFileMask =
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
NegativeExclude = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
ClearArchive = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
CPSLimit = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
Queue = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
QueueNoConfirmation = 1
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
QueueIndividually = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
NewerOnly = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
CopyParamList = 4294967295
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor
FontName = Courier%20New
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor
FontHeight = 4294967284
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor
FontStyle = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor
FontCharset = 1
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor
WordWrap = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor
FindTextA =
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor
ReplaceTextA =
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor
FindMatchCaseo = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor
FindWholeWord = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor
FindDown = 1
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor
TabSize = 7
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor
MaxEditors = 500
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor
EarlyClose = 2
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor
SDIShellEditor = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor
WindowParams =
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor\0
FileMask = %2A.%2A
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor\0
Editor = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor\0
ExternalEditor =
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor\0
ExternalEditorText = 1
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor\0
SDIExternalEditor = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor\0
DetectMDIExternalEditor = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor\1
FileMask = %2A.%2A
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor\1
Editor = 1
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor\1
ExternalEditor = notepad.exe
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor\1
ExternalEditorText = 1
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor\1
SDIExternalEditor = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor\1
DetectMDIExternalEditor = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Explorer
DirViewParams = 0;1;0|150,1;70,1;101,1;79,1;62,1;55,1;20,0;150,0;125,0|0;1;8;2;3;4;5;6;7
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Explorer
LastLocalTargetDirectory = %System Root%%5CUsers%{Username}%5CDocuments
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Explorer
StatusBar = 1
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Explorer
WindowParams = -1;-1;600;400;0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Explorer
ViewStyle = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Explorer
ShowFullAddress = 1
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Explorer
DriveView = 1
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Explorer
DriveViewWidth = 180
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
FindFile
WindowParams = 646,481
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
FindFile
ListParams = 3;1|125,1;181,1;80,1;122,1|0;1;2;3
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
NewDirectory
Valid = 00
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
QueueView
Height = 100
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
QueueView
Layout = 70,160,160,80,80,80
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
QueueView
Show = 1
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
QueueView
LastHideShow = 1
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
QueueView
ToolBar = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
SynchronizeChecklist
WindowParams = 0;-1;-1;600;450;0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
SynchronizeChecklist
ListParams = 1;1|150,1;100,1;80,1;130,1;25,1;100,1;80,1;130,1|0;1;2;3;4;5;6;7
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Updates
Period = 7
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Updates
LastCheck = 00 00 00 00 00 00 00 00
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Updates
HaveResults = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Updates
ShownResults = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Updates
BetaVersions = 2
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Updates
ConnectionType = 1
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Updates
ProxyHost =
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Updates
ProxyPort = 8080
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Updates
ForVersion = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Updates
Version = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Updates
Message =
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Updates
Critical = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Updates
Release =
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Updates
Disabled = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Updates
Url =
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Updates
UrlButton =
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Logging
Logging = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Logging
LogFileName =
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Logging
LogFileAppend = 1
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Logging
LogWindowLines = 100
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Logging
LogProtocol = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Logging
LogActions = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Logging
LogView = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Logging
LogWindowOnStartup = 1
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Logging
LogWindowParams = -1;-1;500;400
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Security
UseMasterPassword = 0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Security
MasterPasswordVerifier =
HKEY_LOCAL_MACHINE\SOFTWARE\Martin Prikryl\
WinSCP 2
DefaultInterfaceInterface = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Martin Prikryl\
WinSCP 2
DefaultInterfaceShowAdvancedLoginOptions = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Martin Prikryl\
WinSCP 2
DefaultUpdatesPeriod = 7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
Inno Setup: Setup Version = 5.2.3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
Inno Setup: App Path = %Program Files%\WinSCP
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
InstallLocation = %Program Files%\WinSCP\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
Inno Setup: Icon Group = WinSCP
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
Inno Setup: User = {Username}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
Inno Setup: Setup Type = {Set Up Type}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
Inno Setup: Selected Components = main,shellext,pageant,puttygen,transl,transl\eng
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
Inno Setup: Deselected Components = transl\cs,transl\de,transl\es,transl\fi,transl\it,transl\jp,transl\ko,transl\pl,transl\sv,transl\uk
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
Inno Setup: Selected Tasks = enableupdates,desktopicon,desktopicon\user,sendtohook,urlhandler
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
Inno Setup: Deselected Tasks = desktopicon\common,quicklaunchicon,searchpath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
DisplayName = WinSCP 4.2.5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
DisplayIcon = %Program Files%\WinSCP\WinSCP.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
UninstallString = "%Program Files%\WinSCP\unins000.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
QuietUninstallString = "%Program Files%\WinSCP\unins000.exe" /SILENT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
DisplayVersion = 4.2.5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
Publisher = Martin Prikryl
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
URLInfoAbout = http://{BLOCKED}p.net/
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
HelpLink = http://{BLOCKED}p.net/forum/
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
URLUpdateInfo = http://{BLOCKED}p.net/eng/download.php
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
NoModify = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
NoRepair = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
InstallDate = {Installation Date}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
Inno Setup CodeFile: SetupType = {Installation Type}
HKEY_LOCAL_MACHINE\SOFTWARE\Martin Prikryl\
WinSCP 2\OpenCandy
VOCV = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Martin Prikryl\
WinSCP 2\OpenCandy
OCN = {Random Hex Values}
HKEY_LOCAL_MACHINE\SOFTWARE\Martin Prikryl\
WinSCP 2\OpenCandy\Completed
VOCV = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Martin Prikryl\
WinSCP 2\OpenCandy\Completed\
{Random}
VOCV = 0
HKEY_LOCAL_MACHINE\SOFTWARE\Martin Prikryl\
WinSCP 2\OpenCandy\Completed\
{Random}
Session = 01 00 00 00 03 04
HKEY_LOCAL_MACHINE\SOFTWARE\Martin Prikryl\
WinSCP 2\OpenCandy\Completed\
{Random}
PK = {Random Hex Values}
HKEY_LOCAL_MACHINE\SOFTWARE\Martin Prikryl\
WinSCP 2\OpenCandy\Completed\
{Random}
CRC = {Random Hex Values}
HKEY_LOCAL_MACHINE\SOFTWARE\Martin Prikryl\
WinSCP 2\OpenCandy\Completed\
{Random}
Installed = {Random Hex Values}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{CLSID}\InProcServer32
ThreadingModel = Apartment
HKEY_LOCAL_MACHINE\SOFTWARE\Martin Prikryl\
WinSCP 2\DragExt
Enable = 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer
GlobalAssocChangedCounter = {Random Hex Values}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SCP
URL Protocol =
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SCP
EditFlags = 2
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SCP
BrowserFlags = 8
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SFTP
URL Protocol =
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SFTP
EditFlags = 2
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SFTP
BrowserFlags = 8
It adds the following registry keys as part of its installation routine:
HKEY_CURRENT_USER\Software\Martin Prikryl
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Bookmarks
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Bookmarks\
Local
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Bookmarks\
Remote
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Bookmarks\
ShortCuts
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Bookmarks\
Options
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\History
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\HistoryParams
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander\LocalPanel
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Commander\RemotePanel
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
ConsoleWin
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
CopyParam
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor\0
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Editor\1
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Explorer
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
FindFile
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
NewDirectory
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
QueueView
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
SynchronizeChecklist
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Interface\
Updates
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Logging
HKEY_CURRENT_USER\Software\Martin Prikryl\
WinSCP 2\Configuration\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Martin Prikryl
HKEY_LOCAL_MACHINE\SOFTWARE\Martin Prikryl\
WinSCP 2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
winscp3_is1
HKEY_LOCAL_MACHINE\SOFTWARE\Martin Prikryl\
WinSCP 2\OpenCandy
HKEY_LOCAL_MACHINE\SOFTWARE\Martin Prikryl\
WinSCP 2\OpenCandy\Completed
HKEY_LOCAL_MACHINE\SOFTWARE\Martin Prikryl\
WinSCP 2\OpenCandy\Completed\
{Random}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{CLSID}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{CLSID}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Directory\shellex\CopyHookHandlers\
WinSCPCopyHook
HKEY_LOCAL_MACHINE\SOFTWARE\Martin Prikryl\
WinSCP 2\DragExt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SCP
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SCP\DefaultIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SCP\shell
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SCP\shell\open
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SCP\shell\open\
command
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SFTP
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SFTP\DefaultIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SFTP\shell
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SFTP\shell\open
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SFTP\shell\open\
command
Propagation
This Potentially Unwanted Application does not have any propagation routine.
Backdoor Routine
This Potentially Unwanted Application does not have any backdoor routine.
Rootkit Capabilities
This Potentially Unwanted Application does not have rootkit capabilities.
Other Details
This Potentially Unwanted Application does not exploit any vulnerability.
SOLUTION
Step 1
Before doing any scans, Windows 7, Windows 8, Windows 8.1, and Windows 10 users must disable System Restore to allow full scanning of their computers.
Step 2
Note that not all files, folders, and registry keys and entries are installed on your computer during this malware's/spyware's/grayware's execution. This may be due to incomplete installation or other operating system conditions. If you do not find the same files/folders/registry information, please proceed to the next step.
Step 3
Delete this registry value
Important: Editing the Windows Registry incorrectly can lead to irreversible system malfunction. Please do this step only if you know how or you can ask assistance from your system administrator. Else, check this Microsoft article first before modifying your computer's registry.
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Commander\LocalPanel
- DirViewParams = 0;1;0|150,1;70,1;101,1;79,1;62,1;55,0|0;1;2;3;4;5
- DirViewParams = 0;1;0|150,1;70,1;101,1;79,1;62,1;55,0|0;1;2;3;4;5
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Commander\LocalPanel
- StatusBar = 1
- StatusBar = 1
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Commander\LocalPanel
- DriveView = 0
- DriveView = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Commander\LocalPanel
- DriveViewHeight = 100
- DriveViewHeight = 100
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Commander\LocalPanel
- DriveViewWidth = 100
- DriveViewWidth = 100
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Commander\RemotePanel
- DirViewParams = 0;1;0|150,1;70,1;101,1;79,1;62,1;55,0;20,0;150,0;125,0|0;1;8;2;3;4;5;6;7
- DirViewParams = 0;1;0|150,1;70,1;101,1;79,1;62,1;55,0;20,0;150,0;125,0|0;1;8;2;3;4;5;6;7
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Commander\RemotePanel
- StatusBar = 1
- StatusBar = 1
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Commander\RemotePanel
- DriveView = 0
- DriveView = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Commander\RemotePanel
- DriveViewHeight = 100
- DriveViewHeight = 100
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Commander\RemotePanel
- DriveViewWidth = 100
- DriveViewWidth = 100
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Commander
- CurrentPanel = 0
- CurrentPanel = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Commander
- LocalPanelWidth = 00 00 00 00 00 00 E0 3F
- LocalPanelWidth = 00 00 00 00 00 00 E0 3F
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Commander
- SwappedPanels = 0
- SwappedPanels = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Commander
- StatusBar = 1
- StatusBar = 1
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Commander
- WindowParams = -1;-1;850;650;0
- WindowParams = -1;-1;850;650;0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Commander
- ExplorerStyleSelection = 0
- ExplorerStyleSelection = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Commander
- PreserveLocalDirectory = 0
- PreserveLocalDirectory = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Commander
- CompareByTime = 1
- CompareByTime = 1
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Commander
- CompareBySize = 0
- CompareBySize = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Commander
- FullRowSelect = 1
- FullRowSelect = 1
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Commander
- TreeOnLeft = 0
- TreeOnLeft = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\ConsoleWin
- WindowSize = 570,430
- WindowSize = 570,430
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\CopyParam
- AddXToDirectories = 1
- AddXToDirectories = 1
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\CopyParam
- Masks = %2A.%2Ahtml;%20%2A.htm;%20%2A.txt;%20%2A.php;%20%2A.php3;%20%2A.cgi;%20%2A.c;%20%2A.cpp;%20%2A.h;%20%2A.pas;%20%2A.bas;%20%2A.tex;%20%2A.pl;%20.htaccess;%20%2A.xtml;%20%2A.css;%20%2A.cfg;%20%2A.ini;%20%2A.sh;%20%2A.xml
- Masks = %2A.%2Ahtml;%20%2A.htm;%20%2A.txt;%20%2A.php;%20%2A.php3;%20%2A.cgi;%20%2A.c;%20%2A.cpp;%20%2A.h;%20%2A.pas;%20%2A.bas;%20%2A.tex;%20%2A.pl;%20.htaccess;%20%2A.xtml;%20%2A.css;%20%2A.cfg;%20%2A.ini;%20%2A.sh;%20%2A.xml
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\CopyParam
- FileNameCase = 0
- FileNameCase = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\CopyParam
- PreserveReadOnly = 0
- PreserveReadOnly = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\CopyParam
- PreserveTime = 1
- PreserveTime = 1
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\CopyParam
- PreserveRights = 0
- PreserveRights = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\CopyParam
- IgnorePermErrors = 0
- IgnorePermErrors = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\CopyParam
- Text = rw-r--r--
- Text = rw-r--r--
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\CopyParam
- TransferMode = 2
- TransferMode = 2
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\CopyParam
- ResumeSupport = 1
- ResumeSupport = 1
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\CopyParam
- ResumeThreshold = 00 90 01 00 00 00 00 00
- ResumeThreshold = 00 90 01 00 00 00 00 00
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\CopyParam
- ReplaceInvalidChars = 1
- ReplaceInvalidChars = 1
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\CopyParam
- LocalInvalidChars = /%5C:%2A%3F"<>|
- LocalInvalidChars = /%5C:%2A%3F"<>|
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\CopyParam
- CalculateSize = 1
- CalculateSize = 1
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\CopyParam
- ExcludeFileMask
- ExcludeFileMask
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\CopyParam
- NegativeExclude = 0
- NegativeExclude = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\CopyParam
- ClearArchive = 0
- ClearArchive = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\CopyParam
- CPSLimit = 0
- CPSLimit = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\CopyParam
- Queue = 0
- Queue = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\CopyParam
- QueueNoConfirmation = 1
- QueueNoConfirmation = 1
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\CopyParam
- QueueIndividually = 0
- QueueIndividually = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\CopyParam
- NewerOnly = 0
- NewerOnly = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\CopyParam
- CopyParamList = 4294967295
- CopyParamList = 4294967295
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Editor\0
- FileMask = %2A.%2A
- FileMask = %2A.%2A
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Editor\0
- Editor = 0
- Editor = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Editor\0
- ExternalEditor
- ExternalEditor
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Editor\0
- ExternalEditorText = 1
- ExternalEditorText = 1
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Editor\0
- SDIExternalEditor = 0
- SDIExternalEditor = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Editor\0
- DetectMDIExternalEditor = 0
- DetectMDIExternalEditor = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Editor\1
- FileMask = %2A.%2A
- FileMask = %2A.%2A
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Editor\1
- Editor = 1
- Editor = 1
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Editor\1
- ExternalEditor = notepad.exe
- ExternalEditor = notepad.exe
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Editor\1
- ExternalEditorText = 1
- ExternalEditorText = 1
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Editor\1
- SDIExternalEditor = 0
- SDIExternalEditor = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Editor\1
- DetectMDIExternalEditor = 0
- DetectMDIExternalEditor = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Editor
- FontName = Courier%20New
- FontName = Courier%20New
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Editor
- FontHeight = 4294967284
- FontHeight = 4294967284
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Editor
- FontStyle = 0
- FontStyle = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Editor
- FontCharset = 1
- FontCharset = 1
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Editor
- WordWrap = 0
- WordWrap = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Editor
- FindTextA
- FindTextA
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Editor
- ReplaceTextA
- ReplaceTextA
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Editor
- FindMatchCase = 0
- FindMatchCase = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Editor
- FindWholeWord = 0
- FindWholeWord = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Editor
- FindDown = 1
- FindDown = 1
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Editor
- TabSize = 7
- TabSize = 7
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Editor
- MaxEditors = 500
- MaxEditors = 500
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Editor
- EarlyClose = 2
- EarlyClose = 2
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Editor
- SDIShellEditor = 0
- SDIShellEditor = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Editor
- WindowParams
- WindowParams
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Explorer
- DirViewParams = 0;1;0|150,1;70,1;101,1;79,1;62,1;55,1;20,0;150,0;125,0|0;1;8;2;3;4;5;6;7
- DirViewParams = 0;1;0|150,1;70,1;101,1;79,1;62,1;55,1;20,0;150,0;125,0|0;1;8;2;3;4;5;6;7
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Explorer
- LastLocalTargetDirectory = %System Root%%5CUsers%{Username}%5CDocuments
- LastLocalTargetDirectory = %System Root%%5CUsers%{Username}%5CDocuments
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Explorer
- StatusBar = 1
- StatusBar = 1
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Explorer
- WindowParams = -1;-1;600;400;0
- WindowParams = -1;-1;600;400;0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Explorer
- ViewStyle = 0
- ViewStyle = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Explorer
- ShowFullAddress = 1
- ShowFullAddress = 1
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Explorer
- DriveView = 1
- DriveView = 1
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Explorer
- DriveViewWidth = 180
- DriveViewWidth = 180
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\FindFile
- WindowParams = 646,481
- WindowParams = 646,481
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\FindFile
- ListParams = 3;1|125,1;181,1;80,1;122,1|0;1;2;3
- ListParams = 3;1|125,1;181,1;80,1;122,1|0;1;2;3
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\NewDirectory
- Valid = 00
- Valid = 00
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\QueueView
- Height = 100
- Height = 100
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\QueueView
- Layout = 70,160,160,80,80,80
- Layout = 70,160,160,80,80,80
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\QueueView
- Show = 1
- Show = 1
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\QueueView
- LastHideShow = 1
- LastHideShow = 1
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\QueueView
- ToolBar = 0
- ToolBar = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\SynchronizeChecklist
- WindowParams = 0;-1;-1;600;450;0
- WindowParams = 0;-1;-1;600;450;0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\SynchronizeChecklist
- ListParams = 1;1|150,1;100,1;80,1;130,1;25,1;100,1;80,1;130,1|0;1;2;3;4;5;6;7
- ListParams = 1;1|150,1;100,1;80,1;130,1;25,1;100,1;80,1;130,1|0;1;2;3;4;5;6;7
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Updates
- Period = 7
- Period = 7
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Updates
- LastCheck = 00 00 00 00 00 00 00 00
- LastCheck = 00 00 00 00 00 00 00 00
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Updates
- HaveResults = 0
- HaveResults = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Updates
- ShownResults = 0
- ShownResults = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Updates
- BetaVersions = 2
- BetaVersions = 2
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Updates
- ConnectionType = 1
- ConnectionType = 1
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Updates
- ProxyHost
- ProxyHost
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Updates
- ProxyPort = 8080
- ProxyPort = 8080
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Updates
- ForVersion = 0
- ForVersion = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Updates
- Version = 0
- Version = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Updates
- Message
- Message
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Updates
- Critical = 0
- Critical = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Updates
- Release
- Release
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Updates
- Disabled = 0
- Disabled = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Updates
- Url
- Url
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Updates
- UrlButton
- UrlButton
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- Interface = 0
- Interface = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- ShowAdvancedLoginOptions = 0
- ShowAdvancedLoginOptions = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- DDExtEnabled = 1
- DDExtEnabled = 1
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- RandomSeedFile = %25APPDATA%25%5Cwinscp.rnd
- RandomSeedFile = %25APPDATA%25%5Cwinscp.rnd
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- PuttyRegistryStorageKey = Software%5CSimonTatham%5CPuTTY
- PuttyRegistryStorageKey = Software%5CSimonTatham%5CPuTTY
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- ConfirmOverwriting = 1
- ConfirmOverwriting = 1
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- ConfirmResume = 1
- ConfirmResume = 1
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- AutoReadDirectoryAfterOp = 1
- AutoReadDirectoryAfterOp = 1
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- SessionReopenAuto = 5000
- SessionReopenAuto = 5000
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- SessionReopenBackground = 2000
- SessionReopenBackground = 2000
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- SessionReopenTimeout = 0
- SessionReopenTimeout = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- TunnelLocalPortNumberLow = 50000
- TunnelLocalPortNumberLow = 50000
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- TunnelLocalPortNumberHigh = 50099
- TunnelLocalPortNumberHigh = 50099
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- CacheDirectoryChangesMaxSize = 100
- CacheDirectoryChangesMaxSize = 100
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- ShowFtpWelcomeMessage = 0
- ShowFtpWelcomeMessage = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- ContinueOnError = 0
- ContinueOnError = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- ConfirmCommandSession = 1
- ConfirmCommandSession = 1
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- SynchronizeParams = 66
- SynchronizeParams = 66
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- SynchronizeOptions = 5
- SynchronizeOptions = 5
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- SynchronizeModeAuto = 4294967295
- SynchronizeModeAuto = 4294967295
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- SynchronizeMode = 0
- SynchronizeMode = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- MaxWatchDirectories = 500
- MaxWatchDirectories = 500
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- QueueTransfersLimit = 2
- QueueTransfersLimit = 2
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- QueueAutoPopup = 1
- QueueAutoPopup = 1
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- QueueRememberPassword = 0
- QueueRememberPassword = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- PuttySession = WinSCP%20temporary%20session
- PuttySession = WinSCP%20temporary%20session
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- PuttyPath = %25PROGRAMFILES%25%5CPuTTY%5Cputty.exe
- PuttyPath = %25PROGRAMFILES%25%5CPuTTY%5Cputty.exe
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- PuttyPassword = 0
- PuttyPassword = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- TelnetForFtpInPutty = 1
- TelnetForFtpInPutty = 1
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- IgnoreCancelBeforeFinish = DF BC 9A 78 56 34 02 3F
- IgnoreCancelBeforeFinish = DF BC 9A 78 56 34 02 3F
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- BeepOnFinish = 0
- BeepOnFinish = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- BeepOnFinishAfter = 17 6C C1 16 6C C1 36 3F
- BeepOnFinishAfter = 17 6C C1 16 6C C1 36 3F
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- SynchronizeBrowsing = 0
- SynchronizeBrowsing = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- KeepUpToDateChangeDelay = 500
- KeepUpToDateChangeDelay = 500
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- ChecksumAlg = md5
- ChecksumAlg = md5
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- SessionReopenAutoIdle = 5000
- SessionReopenAutoIdle = 5000
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- ConfirmExitOnCompletion = 1
- ConfirmExitOnCompletion = 1
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- CopyOnDoubleClick = 2
- CopyOnDoubleClick = 2
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- CopyOnDoubleClickConfirmation = 0
- CopyOnDoubleClickConfirmation = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- DDAllowMove = 0
- DDAllowMove = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- DDAllowMoveInit = 0
- DDAllowMoveInit = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- DDTransferConfirmation = 1
- DDTransferConfirmation = 1
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- DDTemporaryDirectory
- DDTemporaryDirectory
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- DDWarnLackOfTempSpace = 1
- DDWarnLackOfTempSpace = 1
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- DDWarnLackOfTempSpaceRatio = 9A 99 99 99 99 99 F1 3F
- DDWarnLackOfTempSpaceRatio = 9A 99 99 99 99 99 F1 3F
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- DeleteToRecycleBin = 1
- DeleteToRecycleBin = 1
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- DimmHiddenFiles = 1
- DimmHiddenFiles = 1
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- RenameWholeName = 0
- RenameWholeName = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- SelectDirectories = 0
- SelectDirectories = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- SelectMask = %2A.%2A
- SelectMask = %2A.%2A
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- ShowHiddenFiles = 1
- ShowHiddenFiles = 1
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- ShowInaccesibleDirectories = 1
- ShowInaccesibleDirectories = 1
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- ConfirmTransferring = 1
- ConfirmTransferring = 1
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- ConfirmDeleting = 1
- ConfirmDeleting = 1
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- ConfirmRecycling = 1
- ConfirmRecycling = 1
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- ConfirmClosingSession = 1
- ConfirmClosingSession = 1
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- AutoStartSession
- AutoStartSession
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- UseLocationProfiles = 0
- UseLocationProfiles = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- UseSharedBookmarks = 0
- UseSharedBookmarks = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- LocaleSafe = 1033
- LocaleSafe = 1033
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- DDExtEnabled = 1
- DDExtEnabled = 1
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- DDExtTimeout = 1000
- DDExtTimeout = 1000
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- DefaultDirIsHome = 1
- DefaultDirIsHome = 1
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- TemporaryDirectoryAppendSession = 0
- TemporaryDirectoryAppendSession = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- TemporaryDirectoryAppendPath = 1
- TemporaryDirectoryAppendPath = 1
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- TemporaryDirectoryCleanup = 1
- TemporaryDirectoryCleanup = 1
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- ConfirmTemporaryDirectoryCleanup = 1
- ConfirmTemporaryDirectoryCleanup = 1
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- PreservePanelState = 1
- PreservePanelState = 1
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- Theme = OfficeXP
- Theme = OfficeXP
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- PathInCaption = 0
- PathInCaption = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- MinimizeToTray = 0
- MinimizeToTray = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- BalloonNotifications = 1
- BalloonNotifications = 1
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- NotificationsTimeout = 10
- NotificationsTimeout = 10
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- NotificationsStickTime = 2
- NotificationsStickTime = 2
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- CopyParamAutoSelectNotice = 1
- CopyParamAutoSelectNotice = 1
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- SessionToolbarAutoShown = 0
- SessionToolbarAutoShown = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- LockToolbars = 0
- LockToolbars = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- AutoOpenInPutty = 0
- AutoOpenInPutty = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- LastMonitor = 4294967295
- LastMonitor = 4294967295
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- VersionHistory = 40205624,stable
- VersionHistory = 40205624,stable
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Logging
- Logging = 0
- Logging = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Logging
- LogFileName
- LogFileName
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Logging
- LogFileAppend = 1
- LogFileAppend = 1
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Logging
- LogWindowLines = 100
- LogWindowLines = 100
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Logging
- LogProtocol = 0
- LogProtocol = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Logging
- LogActions = 0
- LogActions = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Logging
- LogView = 0
- LogView = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Logging
- LogWindowOnStartup = 1
- LogWindowOnStartup = 1
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Logging
- LogWindowParams = -1;-1;500;400
- LogWindowParams = -1;-1;500;400
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Security
- UseMasterPassword = 0
- UseMasterPassword = 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Security
- MasterPasswordVerifier
- MasterPasswordVerifier
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CLSID}\InProcServer32
- ThreadingModel = Apartment
- ThreadingModel = Apartment
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SCP
- URL Protocol
- URL Protocol
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SCP
- EditFlags = 2
- EditFlags = 2
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SCP
- BrowserFlags = 8
- BrowserFlags = 8
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SFTP
- URL Protocol
- URL Protocol
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SFTP
- EditFlags = 2
- EditFlags = 2
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SFTP
- BrowserFlags = 8
- BrowserFlags = 8
- In HKEY_LOCAL_MACHINE\SOFTWARE\Martin Prikryl\WinSCP 2\DragExt
- Enable = 1
- Enable = 1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
- GlobalAssocChangedCounter = {Random Hex Value}
- GlobalAssocChangedCounter = {Random Hex Value}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Martin Prikryl\WinSCP 2\OpenCandy\Completed\{Random}
- VOCV = 0
- VOCV = 0
- In HKEY_LOCAL_MACHINE\SOFTWARE\Martin Prikryl\WinSCP 2\OpenCandy\Completed\{Random}
- Session = 01 00 00 00 03 04
- Session = 01 00 00 00 03 04
- In HKEY_LOCAL_MACHINE\SOFTWARE\Martin Prikryl\WinSCP 2\OpenCandy\Completed\{Random}
- PK = {Random Hex Values}
- PK = {Random Hex Values}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Martin Prikryl\WinSCP 2\OpenCandy\Completed\{Random}
- CRC = {Random Hex Values}
- CRC = {Random Hex Values}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Martin Prikryl\WinSCP 2\OpenCandy\Completed\{Random}
- Installed = {Random Hex Values}
- Installed = {Random Hex Values}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Martin Prikryl\WinSCP 2\OpenCandy\Completed
- VOCV = 0
- VOCV = 0
- In HKEY_LOCAL_MACHINE\SOFTWARE\Martin Prikryl\WinSCP 2\OpenCandy
- VOCV = 0
- VOCV = 0
- In HKEY_LOCAL_MACHINE\SOFTWARE\Martin Prikryl\WinSCP 2\OpenCandy
- OCN = {Random Hex Values}
- OCN = {Random Hex Values}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Martin Prikryl\WinSCP 2
- DefaultInterfaceInterface = 0
- DefaultInterfaceInterface = 0
- In HKEY_LOCAL_MACHINE\SOFTWARE\Martin Prikryl\WinSCP 2
- DefaultInterfaceShowAdvancedLoginOptions = 0
- DefaultInterfaceShowAdvancedLoginOptions = 0
- In HKEY_LOCAL_MACHINE\SOFTWARE\Martin Prikryl\WinSCP 2
- DefaultUpdatesPeriod = 7
- DefaultUpdatesPeriod = 7
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winscp3_is1
- Inno Setup: Setup Version = 5.2.3
- Inno Setup: Setup Version = 5.2.3
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winscp3_is1
- Inno Setup: App Path = %Program Files%\WinSCP
- Inno Setup: App Path = %Program Files%\WinSCP
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winscp3_is1
- InstallLocation = %Program Files%\WinSCP\
- InstallLocation = %Program Files%\WinSCP\
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winscp3_is1
- Inno Setup: Icon Group = WinSCP
- Inno Setup: Icon Group = WinSCP
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winscp3_is1
- Inno Setup: User = {Username}
- Inno Setup: User = {Username}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winscp3_is1
- Inno Setup: Setup Type = {Set Up Type}
- Inno Setup: Setup Type = {Set Up Type}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winscp3_is1
- Inno Setup: Selected Components = main,shellext,pageant,puttygen,transl,transl\eng
- Inno Setup: Selected Components = main,shellext,pageant,puttygen,transl,transl\eng
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winscp3_is1
- Inno Setup: Deselected Components = transl\cs,transl\de,transl\es,transl\fi,transl\it,transl\jp,transl\ko,transl\pl,transl\sv,transl\uk
- Inno Setup: Deselected Components = transl\cs,transl\de,transl\es,transl\fi,transl\it,transl\jp,transl\ko,transl\pl,transl\sv,transl\uk
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winscp3_is1
- Inno Setup: Selected Tasks = enableupdates,desktopicon,desktopicon\user,sendtohook,urlhandler
- Inno Setup: Selected Tasks = enableupdates,desktopicon,desktopicon\user,sendtohook,urlhandler
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winscp3_is1
- Inno Setup: Deselected Tasks = desktopicon\common,quicklaunchicon,searchpath
- Inno Setup: Deselected Tasks = desktopicon\common,quicklaunchicon,searchpath
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winscp3_is1
- DisplayName = WinSCP 4.2.5
- DisplayName = WinSCP 4.2.5
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winscp3_is1
- DisplayIcon = %Program Files%\WinSCP\WinSCP.exe
- DisplayIcon = %Program Files%\WinSCP\WinSCP.exe
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winscp3_is1
- UninstallString = "%Program Files%\WinSCP\unins000.exe"
- UninstallString = "%Program Files%\WinSCP\unins000.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winscp3_is1
- QuietUninstallString = "%Program Files%\WinSCP\unins000.exe" /SILENT
- QuietUninstallString = "%Program Files%\WinSCP\unins000.exe" /SILENT
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winscp3_is1
- DisplayVersion = 4.2.5
- DisplayVersion = 4.2.5
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winscp3_is1
- Publisher = Martin Prikryl
- Publisher = Martin Prikryl
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winscp3_is1
- URLInfoAbout = http://{BLOCKED}p.net/
- URLInfoAbout = http://{BLOCKED}p.net/
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winscp3_is1
- HelpLink = http://{BLOCKED}p.net/forum/
- HelpLink = http://{BLOCKED}p.net/forum/
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winscp3_is1
- URLUpdateInfo = http://{BLOCKED}p.net/eng/download.php
- URLUpdateInfo = http://{BLOCKED}p.net/eng/download.php
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winscp3_is1
- NoModify = 1
- NoModify = 1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winscp3_is1
- NoRepair = 1
- NoRepair = 1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winscp3_is1
- InstallDate = {Installation Date}
- InstallDate = {Installation Date}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winscp3_is1
- Inno Setup CodeFile: SetupType = {Installation Type}
- Inno Setup CodeFile: SetupType = {Installation Type}
Step 4
Delete this registry key
Important: Editing the Windows Registry incorrectly can lead to irreversible system malfunction. Please do this step only if you know how or you can ask assistance from your system administrator. Else, check this Microsoft article first before modifying your computer's registry.
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Bookmarks
- Local
- Local
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Bookmarks
- Remote
- Remote
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Bookmarks
- ShortCuts
- ShortCuts
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Bookmarks
- Options
- Options
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration
- Bookmarks
- Bookmarks
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration
- History
- History
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration
- HistoryParams
- HistoryParams
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Commander
- LocalPanel
- LocalPanel
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Commander
- RemotePanel
- RemotePanel
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- Commander
- Commander
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- ConsoleWin
- ConsoleWin
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- CopyParam
- CopyParam
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Editor
- 0
- 0
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface\Editor
- 1
- 1
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- Editor
- Editor
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- Explorer
- Explorer
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- FindFile
- FindFile
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- NewDirectory
- NewDirectory
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- QueueView
- QueueView
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- SynchronizeChecklist
- SynchronizeChecklist
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration\Interface
- Updates
- Updates
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration
- Interface
- Interface
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration
- Logging
- Logging
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration
- Security
- Security
- In HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2
- Configuration
- Configuration
- In HKEY_CURRENT_USER\Software\Martin Prikryl
- WinSCP 2
- WinSCP 2
- In HKEY_CURRENT_USER\Software
- Martin Prikryl
- Martin Prikryl
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CLSID}
- InProcServer32
- InProcServer32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID
- {CLSID}
- {CLSID}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers
- WinSCPCopyHook
- WinSCPCopyHook
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SCP
- DefaultIcon
- DefaultIcon
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SCP\shell\open
- command
- command
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SCP\shell
- open
- open
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SCP
- shell
- shell
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes
- SCP
- SCP
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SFTP
- DefaultIcon
- DefaultIcon
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SFTP\shell\open
- command
- command
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SFTP\shell
- open
- open
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SFTP
- shell
- shell
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes
- SFTP
- SFTP
- In HKEY_LOCAL_MACHINE\SOFTWARE\Martin Prikryl\WinSCP 2
- DragExt
- DragExt
- In HKEY_LOCAL_MACHINE\SOFTWARE\Martin Prikryl\WinSCP 2\OpenCandy\Completed
- {Random}
- {Random}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Martin Prikryl\WinSCP 2\OpenCandy
- Completed
- Completed
- In HKEY_LOCAL_MACHINE\SOFTWARE\Martin Prikryl\WinSCP 2
- OpenCandy
- OpenCandy
- In HKEY_LOCAL_MACHINE\SOFTWARE\Martin Prikryl
- WinSCP 2
- WinSCP 2
- In HKEY_LOCAL_MACHINE\SOFTWARE
- Martin Prikryl
- Martin Prikryl
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
- winscp3_is1
- winscp3_is1
Step 5
Search and delete these files
- %User Temp%\is-{Random}.tmp\{Malware File Name}.tmp
- %User Temp%\is-{Random}.tmp\_isetup\_RegDLL.tmp
- %User Temp%\is-{Random}.tmp\_isetup\_shfoldr.dll
- %User Temp%\is-{Random}.tmp\OCSetupHlp.dll
- %Program Files%\WinSCP\unins000.dat
- %Program Files%\WinSCP\is-{Random}.tmp
- %Program Files%\WinSCP\WinSCP.exe
- %Program Files%\WinSCP\WinSCP.com
- %Program Files%\WinSCP\WinSCP.ico
- %Program Files%\WinSCP\licence
- %Program Files%\WinSCP\DragExt.dll
- %Program Files%\WinSCP\PuTTY\is-{Random}.tmp
- %Program Files%\WinSCP\PuTTY\LICENCE
- %Program Files%\WinSCP\PuTTY\putty.hlp
- %Program Files%\WinSCP\PuTTY\pageant.exe
- %Program Files%\WinSCP\PuTTY\is-E92B2.tmp
- %Program Files%\WinSCP\PuTTY\puttygen.exe
- %Common Programs%\WinSCP\WinSCP.lnk
- %Common Programs%\WinSCP\WinSCP Web Site.url
- %Common Programs%\WinSCP\Support forum.url
- %Common Programs%\WinSCP\Documentation.url
- %Common Programs%\WinSCP\Key tools\PuTTYgen.lnk
- %Common Programs%\WinSCP\Key tools\PuTTYgen Manual.lnk
- %Common Programs%\WinSCP\Key tools\Pageant.lnk
- %Common Programs%\WinSCP\Key tools\Pageant Manual.lnk
- %Common Programs%\WinSCP\Key tools\PuTTY Web Site.url
- %Desktop%\WinSCP.lnk
- %Cookies%\SendTo\WinSCP (for upload).lnk
- %Application Data%\winscp.rnd
Step 6
Search and delete these folders
- %User Temp%\is-{Random}.tmp\_isetup
- %User Temp%\is-{Random}.tmp
- %Program Files%\WinSCP\PuTTY
- %Program Files%\WinSCP
- %Common Programs%\WinSCP\Key tools
- %Common Programs%\WinSCP
Step 7
Scan your computer with your Trend Micro product to delete files detected as PUA.Win32.OpenCandy.PCF. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check the following Trend Micro Support pages for more information:
Did this description help? Tell us how we did.