Trojan. RegistryTool, AdwareAlert

by ezclean posted Jan 26, 2021
?

단축키

Prev이전 문서

Next다음 문서

ESC닫기

크게 작게 위로 아래로 댓글로 가기 인쇄

Trojan. RegistryTool

 


* File path
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegistryTool\Uninstall RegistryTool.lnk
C:\Program Files\Downloaded Installers\{954FB8FF-7FCF-46F2-869F-1B61D1212904}\setup.msi
C:\Users\Public\Desktop\RegistryTool.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegistryTool\RegistryTool.lnk
C:\Program Files\RegistryTool\RegistryTool.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegistryTool\RegistryTool on the Web.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegistryTool\RegistryTool Help.lnk
C:\Program Files\Downloaded Installers\{954FB8FF-7FCF-46F2-869F-1B61D1212904}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegistryTool
C:\Program Files\RegistryTool
C:\Program Files\Downloaded Installers

 

 

*reg_key
HKLM\SOFTWARE\RegistryTool
HKLM\SOFTWARE\Classes\Installer\Products\FF8BF459FCF72F6468F9B1161D129240
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E7B0CF59A49DD112A4A1A8A558D5939
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\35D7BD4CC711CDF49BC040E53CB1ABE4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8B19E3879A49DD11C92A689A558D5939
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A0C4A6279A49DD117843D69A558D5939
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A92F05DEDE72B4043A3A7C1C0BDDE8B7
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC5D4AC69A49DD11BA9E059A558D5939
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FF8BF459FCF72F6468F9B1161D129240
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{954FB8FF-7FCF-46F2-869F-1B61D1212904}

 

Trojan.AdwareAlert

*file
C:\Users\Public\Desktop\AdwareAlert.lnk
C:\Program Files\adwarealert\FilterDrv\AdwareAlert.x86.sys
C:\Program Files\AdwareAlert\FilterDrv\AdwareAlert.inf
C:\Program Files\AdwareAlert\FilterDrv\AdwareAlert.cat
C:\Program Files\AdwareAlert\FilterDrv\AdwareAlert.amd64.sys
C:\Program Files\AdwareAlert\zlib.dll
C:\Program Files\AdwareAlert\TCL.dll
C:\Program Files\AdwareAlert\SpyCleaner.dll
C:\Program Files\AdwareAlert\AdwareAlert.url
C:\Program Files\AdwareAlert\AdwareAlert.srv.exe
C:\Program Files\AdwareAlert\AdwareAlert.exe
 
*reg_key
HKLM\SOFTWARE\Classes\CLSID\{6743C36C-CBFE-11DB-9705-005056C00008}
HKLM\SOFTWARE\Classes\Installer\Products\DC2CAED2C71EB9A4286940BC8177CCE1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace\{6743C36C-CBFE-11DB-9705-005056C00008}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5B4016981C40D5F4B9925ED64AD7B526|  DC2CAED2C71EB9A4286940BC8177CCE1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7A0BD03E9B55E174BA58880AA481EE87
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A30D1592ADAA3D743884B8318328AD99
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A491438A809F60F458DF33E67C80A5D2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF91BD5C23255BE4C8550ACDF0F2EE89
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E326614894984A1468CA53B7DFCF99A5
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DC2CAED2C71EB9A4286940BC8177CCE1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2DEAC2CD-E17C-4A9B-8296-04CB1877CC1E}
HKLM\SYSTEM\CurrentControlSet\Services\AdwareAlertSrv

 

11111.png