Adware.SpywareRemover, CloudGuard

by ezclean posted Feb 03, 2021
?

단축키

Prev이전 문서

Next다음 문서

ESC닫기

크게 작게 위로 아래로 댓글로 가기 인쇄

Adware.SpywareRemover
 


*file
C:\Users\{USERNAME}\Desktop\Malware Sweeper.lnk
C:\ProrogramData\Microsoft\Windows\Start Menu\Programs\MalwareSweeper.com\Malware Sweeper\Uninstall.lnk
C:\ProrogramData\Microsoft\Windows\Start Menu\Programs\MalwareSweeper.com\Malware Sweeper\Help.lnk
C:\ProrogramData\Microsoft\Windows\Start Menu\Programs\MalwareSweeper.com\Malware Sweeper.lnk
C:\Prorogram Files\MalwareSweeper.com\MalwareSweeper\update.exe
C:\Prorogram Files\MalwareSweeper.com\MalwareSweeper\update.cli
C:\Prorogram Files\MalwareSweeper.com\MalwareSweeper\unins000.exe
C:\Prorogram Files\MalwareSweeper.com\MalwareSweeper\unins000.dat
C:\Prorogram Files\MalwareSweeper.com\MalwareSweeper\Trial.swf
C:\Prorogram Files\MalwareSweeper.com\MalwareSweeper\Splash.spl
C:\Prorogram Files\MalwareSweeper.com\MalwareSweeper\scan.swf
C:\Prorogram Files\MalwareSweeper.com\MalwareSweeper\Purchase.swf
C:\Prorogram Files\MalwareSweeper.com\MalwareSweeper\Message.swf
C:\Prorogram Files\MalwareSweeper.com\MalwareSweeper\MalSwep.exe
C:\Prorogram Files\MalwareSweeper.com\MalwareSweeper\Main.skn
C:\Prorogram Files\MalwareSweeper.com\MalwareSweeper\Help.chm
C:\Prorogram Files\MalwareSweeper.com\MalwareSweeper\English.jpg
C:\Prorogram Files\MalwareSweeper.com\MalwareSweeper\English.inf
C:\Prorogram Files\MalwareSweeper.com\MalwareSweeper\Engine.dll
C:\Prorogram Files\MalwareSweeper.com\MalwareSweeper\db.ini
C:\Prorogram Files\MalwareSweeper.com\MalwareSweeper\browse.swf
C:\Prorogram Files\MalwareSweeper.com\MalwareSweeper\Alert.swf
C:\Prorogram Files\MalwareSweeper.com\MalwareSweeper\agent.exe

* regisry path
HKCU\Software\Malware Sweeper
HKLM\SOFTWARE\Classes\CLSID\{3064AFBF-23B5-4794-A1D7-3C0D5188BEAD}
HKLM\SOFTWARE\Classes\CLSID\{7BE57914-454F-4149-BB0E-054194E64693}
HKLM\SOFTWARE\Classes\CLSID\{A0DF63D4-3C61-4FA8-AE92-AA4B3F794024}
HKLM\SOFTWARE\Classes\CLSID\{BB044F38-E542-423B-9701-8D31957BD0AC}
HKLM\SOFTWARE\Classes\CLSID\{D593AFF0-9F4F-4E7D-886B-11E1BC63B98C}
HKLM\SOFTWARE\Classes\CLSID\{EEC98240-0748-44FC-89F4-CB9216459E1F}
HKLM\SOFTWARE\Classes\CLSID\{FB03E1AD-6946-4CF9-A2CB-D5C53DCF9583}
HKLM\SOFTWARE\Classes\CLSID\{3C6B0E9C-11E4-4307-AADA-C4EFCAD29B44}
HKLM\SOFTWARE\Classes\CLSID\{4CEE2F94-8683-419E-8023-C9CC589909C4}
HKLM\SOFTWARE\Classes\TypeLib\{1DEC989A-8B5A-4032-903A-50B1E071B77B}
HKLM\SOFTWARE\Classes\Interface\{01B3B657-E7BF-4936-BF6E-C1CFF3AAF0DD}
HKLM\SOFTWARE\Classes\Interface\{34196F64-C524-4AE3-8572-0AE00843EF54}
HKLM\SOFTWARE\Classes\Interface\{376193BC-493C-4B19-AC30-32FF54225EE7}
HKLM\SOFTWARE\Classes\Interface\{453C3579-3A18-4B7E-8E11-ABF856DFA67E}
HKLM\SOFTWARE\Classes\Interface\{B3F969A7-6C91-4594-A418-A042CCE8BE07}
HKLM\SOFTWARE\Classes\Interface\{BC3CE04B-B40B-481D-855F-F1165D4554D0}
HKLM\SOFTWARE\Classes\Interface\{BE641ACD-9500-4EA8-B7CC-2534C95EB5D3}
HKLM\SOFTWARE\Classes\Interface\{C08CD4E6-ED0C-499B-A86A-23ADDF8F41BE}
HKLM\SOFTWARE\Classes\Interface\{D994B6D8-32BF-4B39-AFA6-A5701087DCA4}
HKLM\SOFTWARE\Classes\Interface\{E6395F5E-8E54-4392-8BCE-D433FB0B695E}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Malware Sweeper_is1
HKLM\SOFTWARE\Classes\Engine.BackupEngine
HKLM\SOFTWARE\Classes\Engine.ErrorLogger
HKLM\SOFTWARE\Classes\Engine.LoadingEngine
HKLM\SOFTWARE\Classes\Engine.Monitor_Engine
HKLM\SOFTWARE\Classes\Engine.RemoveEngine
HKLM\SOFTWARE\Classes\Engine.ScanEngine
HKLM\SOFTWARE\Classes\Engine.Worker
HKLM\SOFTWARE\Classes\Engine.ThreadLaunch
HKLM\SOFTWARE\Classes\Engine.ThreadControl
HKCU\Software\Microsoft\Windows\CurrentVersion\Run | Malware Sweeper

 

Adware.CloudGuard


*file
C:\Users\{USERNAME}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oaocmnfllndpbbmjmniielgaanaifehp\0.3_0\_metadata\verified_contents.json
C:\Users\{USERNAME}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oaocmnfllndpbbmjmniielgaanaifehp\0.3_0\manifest.json
C:\Prorogram Files\GTFPOQUOTT\gtfpoquott.exe
C:\windows\System32\Tasks\GTFPOQUOTT
C:\Users\{USERNAME}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oaocmnfllndpbbmjmniielgaanaifehp\0.3_0\Ghostify 48pix.png
C:\Users\{USERNAME}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oaocmnfllndpbbmjmniielgaanaifehp\0.3_0\Ghostify 16pix.png
C:\Users\{USERNAME}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oaocmnfllndpbbmjmniielgaanaifehp\0.3_0\Ghostify 128pix.png
C:\Users\{USERNAME}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oaocmnfllndpbbmjmniielgaanaifehp\0.3_0\back.js
C:\Users\{USERNAME}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oaocmnfllndpbbmjmniielgaanaifehp
C:\Users\{USERNAME}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oaocmnfllndpbbmjmniielgaanaifehp\0.3_0\_metadata
C:\Users\{USERNAME}\AppData\Local\Google\Chrome\User Data\Default\Extensions\oaocmnfllndpbbmjmniielgaanaifehp\0.3_0


*reg_key
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F281C29C-8BF6-4C4D-8984-B28ECD661AF5}
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GTFPOQUOTT
HKLM\SOFTWARE\Google\Chrome\Extensions\oaocmnfllndpbbmjmniielgaanaifehp
HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.oaocmnfllndpbbmjmniielgaanaifehp.uid
HKLM\SOFTWARE\GTFPOQUOTT Updater
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GTFPOQUOTT Updater_is1
HKLM\SYSTEM\CurrentControlSet\Services\GTFPOQUOTT Updater

 

11111.png

 

TAG •
위로 아래로 댓글로 가기 인쇄