キヤノンITソリューションズ株式会社 閉じる

ウイルス情報  
最新ウイルス定義ファイルバージョン : 12381
(2015/10/09 17:02)
最新ウイルス情報 : Win32/Visal.A
公開日:2010年12月27日
このウイルスに関する危険度 :■■■□□

定義名称 Win32/Visal.A
シグネチャ検査による結果だった場合 Win32/Visal.A
別名 Email-Worm.Win32.VBMania.a(Kaspersky)、Worm:Win32/Visal.B(Microsoft)、
W32/VBMania@MM(McAfee)
種別 ワーム
アドバンスドヒューリスティック検査による結果だった場合 このオリジナルのトロイを利用した新種、亜種が検出された場合は、「NewHeur_PE」もしくは「Win32/Visal.A ワームの亜種」という名称で警告が出ます。
対応時期 バージョン5439(20100910)以降
影響を受けるプラットフォーム Microsoft Windows
概要 このワームは、電子メールおよび共有フォルダを介して感染を広げます。インターネットからいくつかのファイルをダウンロードし、実行しようとします。詳しい活動内容については、解説欄をご参照ください。

検出した場合の対処方法

常駐監視を行っている各検査プログラムによって検出された場合は、駆除もしくは削除を行ってください。駆除もしくは削除ができない場合は、Windowsのシステムの復元により修復しなければならない可能性があります。

対象のファイルが身に覚えのないファイル名の場合は、そのファイル自身がウイルスそのものである可能性が高いので、駆除ではなくすべて削除をしてください。これにより2次感染、3次感染を防げます。また、自分が作成したデータ等に感染していた場合は、駆除が可能な場合もありますが、駆除のボタンが押せない状態もしくは駆除しても失敗する場合は、すでに元のデータの戻せない状態までデータが書き換えられている場合もあります。この場合もすべて削除してください。

解説での表記(用語)について

以下の説明文では、Windowsオペレーティングシステムがインストールされたディレクトリを%windir%と表記しており、インストール時の設定により異なる場合があります。%windir%のサブディレクトリである"System"や"System32"は%system%と表記しています。
%remotecomputer%は、リモートコンピューター名を表記しています。
%variable% には、適当な文字列が入ります。

解説


■侵入(インストレーション)について
このワームは、実行時に自身を次の場所にコピーします。

%windir%\csrss.exe
%windir%\system\updates.exe


システムが起動するたびに実行されるよう、次のレジストリエントリを登録します。

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell" = "Explorer.exe %windir%\csrss.exe"


次のレジストリを登録します。

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\00hoeav.com\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\0w.com\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safe.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safebox.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\6.bat\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\6fnlpetp.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\6x8be16.cmd\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a2cmd.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a2free.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a2service.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a2upd.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\abk.bat\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adobe Gamma Loader.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\algsrvs.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\algssl.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\angry.bat\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\anti-trojan.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aNtIaRP.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antihost.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aNtS.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apu-0607g.xml\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apu.stt\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aPVxdWIN.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arSwp.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashdisp.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashEnhcd.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashLogV.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashMaiSv.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashPopWz.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashQuick.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSkPcc.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashWebSv.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ast.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswBoot.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswRegSvr.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.bin\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoRun.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.ini\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.reg\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.txt\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorun.wsh\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoRunKiller.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autorunsc.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastSS.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avciman.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aVCONSOL.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aVENGINE.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgamsvr.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgas.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcc.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcc32.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgemc.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avginet.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrsx.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgscan.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgscanx.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgupsvc.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgw.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgwdsvc.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avltd.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmailc.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avMonitor.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnotify.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aVP32.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aVPCC.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aVPM.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avscan.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avzkrnl.dll\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bad1.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bad2.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bad3.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdsubwiz.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BdSurvey.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BIOSREad.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackd.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackice.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caiss.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caissdt.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\catcache.dat\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cauninst.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cavapp.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cavasm.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CavaUd.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CaVCmd.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CaVCtx.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CavEmSrv.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cavmr.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CavMUd.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cavoar.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CavQ.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CaVRep.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CaVRid.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CaVSCons.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cavse.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CavSn.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CavSub.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CaVSubmit.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CavUMaS.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CavUserUpd.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cavvl.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CEmRep.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ckahcomm.dll\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ckahrule.dll\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ckahum.dll\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner3.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clldr.dll\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CMain.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\copy.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\curidsbase.kdz\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\destrukto.vbs\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dF5Serv.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\diffs.dll\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drvins32.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwadins.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drweb32w.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drweb386.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebscd.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebwcl.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwreg.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\e.cmd\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\e9ehn1m8.com\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\edb.chk\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EMdISK.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f0.cmd\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FileKan.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\flashy.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPaVServer.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FProttray.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fpscan.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fptrayproc.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPWin.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FrameworkService.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Frameworkservice.ExE \Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FRW.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FrzState2k.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fs6519.dll.vbs\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fssf.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fssync.dll\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fun.xls.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\g2pfnid.com\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GetSI.dll\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFUpd.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guard.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GuardField.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxkickoff.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxkickoff_x64.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxservice.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxup.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\h3.bat\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Hijackthis.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hookinst.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\host.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\i.bat\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamapp.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamserv.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ICLOad95.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ICLOadNt.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ICMON.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ICSUPP95.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ICSUPPNt.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Identity.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iefqwp.cmd\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEShow.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IFaCE.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ij.bat\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\InstallCaVS.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\InstLsp.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iSafe.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iSafInst.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KaSaRP.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kav.bav\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kav32.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavbase.kdl\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KaVPFW.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavstart.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ker.vbs\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KeyMgr.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\killVBS.vbs\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kissvc.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kl1.sys\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\klavemu.kdl\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\klbg.cat\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\klbg.sys\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\klif.cat\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\klif.sys\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\klim5.sys\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kmailmon.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPfwSvc.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvxP.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVWSC.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kwatch.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\licmgr.ex\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\licreg.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lky.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown2000.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\m2nl.bat\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mbam.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcagent.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcappins.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcaupdate.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcdash.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Mcdetect.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcinfo.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcinsupd.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmnhdlr.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcregwiz.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McShield.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Mctray.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcupdmgr.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcupdui.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McVSEscn.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsftsn.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsmap.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mghtml.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Mmsk.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MooLive.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msdos.pif\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msfir80.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSGrc32.vbs\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msime80.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msizap.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmsgs.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msvcm80.dll\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msvcp80.dll\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msvcr71.dll\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msvcr80.dll\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mzvkbd.dll\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mzvkbd3.dll\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\naiavfin.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\naPrdMgr.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NaVaPW32.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NaVW32.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netcfg.dll\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\new folder.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\njibyekk.com\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oasclnt.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\olb1iimw.bat\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OnaccessInstaller.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Pagent.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Pagentwd.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PavFnSvr.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavprsrv.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PavReport.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsched.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PaVSRV51.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavtest.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsauxs.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsSvc.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctstray.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\preupd.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prloader.dll\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psctrlc.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PsCtrlS.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSHost.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PsImSvc.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pskmssvc.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQdoctor.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QtnMaint.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RaV.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ravmon.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ravservice.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RaVtRaY.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rcukd.cmd\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\reload.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue32.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescuecd.zip\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwmain.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwProxy.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rfwstub.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rose.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RStray.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Runiep.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxtray.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sal.xls.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sched.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCVHOSt.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scvhosts.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCVHSOt.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCVVHOSt.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scvvhosts.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCVVHSOt.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\seccenter.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SendLogs.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\session.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shstat.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Socksa.ex\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SOLOCFG.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SOLOLItE.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SOLOSCaN.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SOLOSENt.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Sphinx.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spidercpl.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spiderml.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spidernt.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spiderui.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spml_set.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Spybotsd.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREngLdr.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ssvichosst.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sxs.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\system.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tca.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\temp.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\temp2.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\toy.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tPSrv.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trojandetector.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trojanwall.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trojdie.KxP\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UdaterUI.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uiscan.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\unp_test.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\update.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\updater.dll\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UPSdbMaker.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\userdump.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UUpd.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\v.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Vba32act.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Vba32arkit.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Vba32ECM.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Vba32ifs.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vba32ldr.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Vba32PP3.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Vba32Qtn.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcmserv.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcons.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbglobal.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbimport.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbinst.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbscan.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbsystry.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VetMsg.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\virusutilities.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Visthaux.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VPC32.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VPtRaY.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSECOMR.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSHWIN32.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmon.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VSStat.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VstskMgr.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WEBPROxY.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WEBSCaNx.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\whi.com\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WinGrc32.dll\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WOPtILItIES.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Wradmin.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WrCtrl.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscntfy.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsctool.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\yannh.cmd\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ybj8df.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_aVP32.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_aVPCC.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_aVPM.ExE\Debugger]
"Debugger" = "%windir%\csrss.exe"


レジストリが変更されると、特定のファイルが実行されなくなります。

次のレジストリを設定します。

[HKEY_LOCAL_MACHINE\Software\Microsoft\Office\12.0\Outlook\Security]
"ObjectModelGuard" = 2
[HKEY_LOCAL_MACHINE\Software\Microsoft\Office\11.0\Outlook\Security]
"Level" = 1
"UseCRLChasing" = 1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA" = 0
"PromptOnSecureDestkop" = 0
"EnableVirtualization" = 0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden" = 2
"SuperHidden" = 0
"ShowSuperHidden" = 0


■メール経由の感染について
このワームは、マルウェアが仕掛けられたWebサイトへのリンクを記載したスパムメールを介して感染を広げます。

スパムメールの配信には、次のアプリケーションの連絡先リストに登録されているメールアドレスが使用されます。

Microsoft Outlook
Yahoo! Messenger


送信元のアドレスは偽装されます。

配信されるメッセージの件名には、次のようなものがあります。

Here you have
Hi
Just for you


メッセージの本文には、次のような文章が含まれる場合があります。

This is The Document I told you about,you can find it
Here. http://www.sharedocuments.com/library/PDF_Document21.02554
2010.pdf Please check it and reply as soon as possible. Cheers,

This is The Free Dowload Sex Movies,you can find it Here.
http://www.sharemovies.com/library/SEX21.025542010.wmv Enjoy Your Time. Cheers,


リンクをクリックすると、ワームのコピーがダウンロードされます。

■共有フォルダ経由の感染について
このワームは、共有フォルダを介して感染を広げます。

リモートのコンピューターの次のフォルダに自分自身のコピーを試みます。

\\%remotecomputer%\C\
\\%remotecomputer%\D\
\\%remotecomputer%\E\
\\%remotecomputer%\F\
\\%remotecomputer%\G\
\\%remotecomputer%\H\
\\%remotecomputer%\New Folder\
\\%remotecomputer%\music\
\\%remotecomputer%\print\


その際、次のファイル名を使用します。

N73.Image12.03.2009.JPG.scr


■リムーバブルメディアへの感染について
このワームは、リムーバブルメディアを介して感染を広げます。

リムーバブルドライブのルートフォルダに自分自身のコピーを次の名前で試みます。

open.exe
%variable% CV 2010.exe


次のファイルが同じフォルダ内に作成されます。

autorun.inf


これにより、感染メディアがコンピューターに挿入されるたびにワームが実行されるようになります。

■その他の情報
このワームは複数のURLを保持しています。

そのURLからいくつかのファイルをダウンロードしようとします。

通信にはHTTPプロトコルが使用されます。

ダウンロードしたファイルを次の場所に保存します。

%windir%\ff.dlm
%windir%\gc.dlm
%windir%\ie.dlm
%windir%\im.dlm
%windir%\op.dlm
%windir%\pspv.dlm
%windir%\rd.dlm
%windir%\w.dlm
%windir%\m.dlm
%windir%\tryme.exe
%windir%\ff.exe
%windir%\gc.exe
%windir%\ie.exe
%windir%\im.exe
%windir%\m.exe
%windir%\op.exe
%windir%\pspv.exe
%windir%\rd.exe
%windir%\w.exe
%windir%\re.exe
%windir%\SendEmail.dll
%system%\SendEmail.dll
%system%\%username% CV 2010.exe
%windir%\autorun.inf
%windir%\autorun2.inf


これらのファイルを実行します。

次のサービスを無効にします。

Avast! Antivirus
aswUpdSv
avast! Mail Scanner
avast! Web Scanner
AntiVirService
AntiVirMailGuard
AntiVirSchedulerService
AntiVirWebService
AntiVirFirewallService
NIS
MSK80Service
0053591272669638mcinstcleanup
mfefire
McNASvc
Mc0obeSv
McMPFSvc
McProxy
Mc0DS
mcmscsvc
McAfee SiteAdvisor Service
mfevtp
McNaiAnn
McShield
Avgfws9
AVG Security Toolbar Service
avg9wd
AVGIDSAgent
PAVFNSVR
Gwmsrv
PSHost
PSIMSVC
PAVSRV
PavPrSrv
PskSvcRetail
Panda Software Controller
TPSrv
SfCtlCom
TmPlw
TmProxy
TMBMServer
Arrakis3
LIVESRV
scan
VSSERV
sdAuxService
sdCoreService
AVP
wscsvc
MpsSvc
wuauserv


次のプログラムを終了させます。

Usbguard.exe
CPE17AntiAutoruna.exe
outlook.exe


次のフォルダに保存されたファイルを削除する場合があります。

C:\Program Files\USB Disk Security\
D:\Program Files\USB Disk Security\


次のファイルをインターネットからダウンロードしたファイルに置き換えます。

%system%\drivers\etc\hosts


次の共有フォルダおよび共有名を作成します。

%windir%\system\ / "Updates"


次のファイルを削除する場合があります。

*.exe


このページのトップへ

(C)Canon IT Solutions Inc.