악성코드 해결 - Adware.AnySend, Linkury

Adware.AnySend

*file
C:\Users\{USERNAME}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnySend\AnySend.lnk
C:\Users\{USERNAME}\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnySend\AnySend Show Tutorial.lnk
C:\Users\{USERNAME}\AppData\Roaming\Microsoft\Windows\SendTo\AnySend.lnk
C:\Users\{USERNAME}\AppData\Roaming\AnySend\VidPlays.dat
C:\Users\{USERNAME}\AppData\Roaming\AnySend\AnySend.ini
C:\Users\{USERNAME}\AppData\Local\nsx1489.tmp
C:\ProgramData\AnySend\Vids.dat
C:\ProgramData\AnySend\EmailChecks.dat
C:\ProgramData\AnySend\AnySend.DB
C:\ProgramData\AnySend\ann.dat
C:\Program Files\AnySend\upnp.dll
C:\Program Files\AnySend\libcef.dll
C:\Program Files\AnySend\LastVersion
C:\Program Files\AnySend\icudt.dll
C:\Program Files\AnySend\AnySendUI.exe
C:\Program Files\AnySend\AnySendSvc.exe
C:\Program Files\AnySend\AnySendShellExtension.dll
C:\Program Files\AnySend\anysend.guid

*reg_key
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{61628E2A-4FF9-4454-992D-D92A8CD27399}
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{61628E2A-4FF9-4454-992D-D92A8CD27399}
HKLM\SOFTWARE\AnySend
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AnySend
HKLM\SOFTWARE\Classes\AnySend.Connect
HKLM\SOFTWARE\Classes\AnySend.Connect.1
HKLM\SOFTWARE\Classes\CLSID\{61628E2A-4FF9-4454-992D-D92A8CD27399}
HKLM\SOFTWARE\Classes\TypeLib\{7BFFA5F9-047F-4732-93B5-B9FE731DE96D}
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\AnySend
HKLM\SOFTWARE\Classes\Installer\Products\FEEB8747424601D48A2B3A21A6792C5D
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61628E2A-4FF9-4454-992D-D92A8CD27399}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderTypes\{94d6ddcc-4a68-4175-a374-bd584a510b78}\TasksNoItemsSelected\0\{E62B1C26-6A93-4f32-9115-FEB90FE0ABB5}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03B1FD3D9EB1B7258BA823782D8AC1F2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8F513C3EAFB34385396D93AABEA92496
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A8B71494166839950940A644E713021C
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FEEB8747424601D48A2B3A21A6792C5D
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{61628E2A-4FF9-4454-992D-D92A8CD27399}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7478BEEF-6424-4D10-A8B2-A3126A97C2D5}
HKLM\SYSTEM\CurrentControlSet\Services\AnySendService
HKLM\SOFTWARE\Classes\Interface\{AF31E0EB-48CF-4A3B-893F-E999A0E29944}

*reg_val
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | AnySend User Interface
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules | {DDE74799-1548-4DA3-88EB-2E3C76EBA0AC}
HKCU\SOFTWARE\Microsoft\Internet Explorer\Approved Extensions | {61628E2A-4FF9-4454-992D-D92A8CD27399}

Adware.Linkury

*file
C:\ProgramData\pangoc\pangoc.exe
C:\ProgramData\pangoc\tophome.dll
C:\ProgramData\pangoc\indigocof.dll
C:\ProgramData\pangoc\lightsing.exe
C:\ProgramData\pangoc\tanaphome.exe
C:\ProgramData\pangocs\snp.sc
C:\ProgramData\pangoc\airquadsoft.dat

Adware.AnySend, Linkury

단축키

단축키

Adware.AnySend

Adware.Linkury

PUP.MarvelSound, CalendarTool

Trojan.Ghapoly, BestCleaner

Adware.Ebuyer, SmartCloud

Trojan.TCClock, PDFCracker

PUP.GrassValley, Heinote

PUP.YoutubeMusic, DealPly

PUP.WinZipDiskTool

Trojan.HaoTuKanKan, HPMonkey

PUP.ChromeEX, Homply

Adware.ReimageRepair, Searchestoy, Netfilter

PUP.AdvanceSystem, MineApp

PUP.AdvancePCProtector, AdvancedSP

PUP.Catalina, BrowseFox

PUP.Carambis, PUP.AppMaster

Trojan.DMA, PCBooster

PUP.SAntivirus, Spigot

PUP.MaxUnInstaller, Monterix

Adware.AnySend, Linkury

Trojan. CalculatemPro, KGBKeyLogger

PUP.DriverXYZ, LiveSupport