Enciclopedia delle minacce

TROJ_AGENT_033894.TOMB

Publish Date: May 18, 2013

Alias:

iBryte (Sunbelt)

Piattaforma:

Windows 2000, Windows XP, Windows Server 2003

Valutazione del rischio complessivo:
Potenziale di danno
Potenziale di distribuzione
Conteggio infezioni:

  • Tipo di minaccia informatica: Trojan

  • Distruttivo?: No

  • Crittografato?:

  • In the wild Sì

Malware Panoramica

Dettagli tecnici

Soluzioni

Motore di scansione minimo:

9.200

Step 1

Prima di eseguire qualsiasi scansione, gli utenti di Windows ME e XP devono assicurarsi di disattivare Ripristino configurazione di sistema per consentire una scansione completa del computer.

Step 2

Chiudere tutte le finestre aperte del browser

Step 3

Eliminare questa chiave di registro

[ Learn More ]

Importante: una modifica non corretta del Registro di sistema di Windows può causare problemi di funzionamento del sistema irreversibili. Eseguire questo passaggio solo se si ha esperienza oppure richiedere assistenza all’amministratore di sistema. Diversamente, consultare questo articolo di Microsoft prima di modificare il Registro di sistema del Computer.


  • In HKEY_LOCAL_MACHINE\Software\Tarma Installer\Components
    • {4889CB45-FFEB-486E-8785-D034DAC2ACE6}
  • In HKEY_LOCAL_MACHINE\Software\Tarma Installer\Products
    • {361E80BE-388B-4270-BF54-A10C2B756504}
  • In HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery
    • Active
  • In HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Recovery
    • AdminActive
  • In HKEY_LOCAL_MACHINE\Software
    • Google
  • In HKEY_LOCAL_MACHINE\Software\Google
    • Chrome
  • In HKEY_LOCAL_MACHINE\Software\Google\Chrome
    • Extensions
  • In HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions
    • niapdbllcanepiiimjjndipklodoedlc
  • In HKEY_LOCAL_MACHINE\Software\Classes\CLSID
    • {80922ee0-8a76-46ae-95d5-bd3c3fe0708d}
  • In HKEY_LOCAL_MACHINE\Software\Classes\CLSID
    • {FE9271F2-6EFD-44b0-A826-84C829536E93}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved
    • {DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID
    • {CFDAFE39-20CE-451D-BD45-A37452F39CF0}
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID
    • YontooIEClient.DLL
  • In HKEY_CLASSES_ROOT
    • YontooIEClient.Api.1
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Api.1
    • CLSID
  • In HKEY_CLASSES_ROOT
    • YontooIEClient.Api
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Api
    • CLSID
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Api
    • CurVer
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID
    • {DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    • ProgID
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    • VersionIndependentProgID
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    • Programmable
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    • InprocServer32
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    • TypeLib
  • In HKEY_CLASSES_ROOT
    • YontooIEClient.Layers.1
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Layers.1
    • CLSID
  • In HKEY_CLASSES_ROOT
    • YontooIEClient.Layers
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Layers
    • CLSID
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YontooIEClient.Layers
    • CurVer
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID
    • {FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    • ProgID
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    • VersionIndependentProgID
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    • Programmable
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    • InprocServer32
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    • TypeLib
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
    • Browser Helper Objects
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib
    • {D372567D-67C1-4B29-B3F0-159B52B3E967}
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
    • 1.0
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0
    • FLAGS
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0
    • 0
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0\0
    • win32
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\1.0
    • HELPDIR
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
    • {10DE7085-6A1E-4D41-A7BF-9AF93E351401}
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    • ProxyStubClsid
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    • ProxyStubClsid32
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    • TypeLib
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
    • {1AD27395-1659-4DFF-A319-2CFA243861A5}
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    • ProxyStubClsid
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    • ProxyStubClsid32
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    • TypeLib
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID
    • {10DE7085-6A1E-4D41-A7BF-9AF93E351401}
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    • InProcServer32
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    • NumMethods
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
    • NumMethods
  • In HKEY_LOCAL_MACHINE\Software\Tarma Installer\Components
    • {9D9785E5-3424-40B6-A287-BA143AD53109}
  • In HKEY_LOCAL_MACHINE\Software\Tarma Installer\Components
    • {1A975F48-2A3C-44FE-A91C-49D3C12ED0BC}
  • In HKEY_LOCAL_MACHINE\Software\Tarma Installer\Components
    • {B6783DFA-B8C8-4CB6-AB9F-EF1A1F7F7AE8}
  • In HKEY_LOCAL_MACHINE\Software\Tarma Installer\Components
    • {9307081B-7444-494C-8CF6-2FA7C0E92BFB}
  • In HKEY_LOCAL_MACHINE\Software\Tarma Installer\Components
    • {BB1DCBF2-6F69-4FB5-BA9F-0B46B5F93395}
  • In HKEY_LOCAL_MACHINE\Software\Tarma Installer\Components
    • {8D8654CD-7FBC-4C7E-84E9-371BFA8DB04E}
  • In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
    • {889DF117-14D1-44EE-9F31-C5FB5D47F68B}
  • In HKEY_LOCAL_MACHINE\Software\Tarma Installer\Products
    • {889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Step 4

Eliminare questo valore del Registro di sistema

[ Learn More ]

Importante: una modifica non corretta del Registro di sistema di Windows può causare problemi di funzionamento del sistema irreversibili. Eseguire questo passaggio solo se si ha esperienza oppure richiedere assistenza all’amministratore di sistema. Diversamente, consultare questo articolo di Microsoft prima di modificare il Registro di sistema del Computer.


  • In HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Components\{4889CB45-FFEB-486E-8785-D034DAC2ACE6}
    • {361E80BE-388B-4270-BF54-A10C2B756504} = "1"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Products\{361E80BE-388B-4270-BF54-A10C2B756504}
    • TizPath = "%User Temp%\ezLooker-S-Setup_Suite1.exe"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\YontooIEClient.DLL
    • AppID = "{CFDAFE39-20CE-451D-BD45-A37452F39CF0}"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\InprocServer32
    • ThreadingModel = "Apartment"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\InprocServer32
    • ThreadingModel = "Apartment"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    • NoExplorer = "1"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\TypeLib
    • Version = "1.0"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}\TypeLib
    • Version = "1.0"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\InProcServer32
    • ThreadingModel = "Both"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44b0-A826-84C829536E93}
    • defaultEnableAppsList = "ezLooker,pagerage,buzzdock,toprelatedtopics,twittube"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Components\{9D9785E5-3424-40B6-A287-BA143AD53109}
    • {889DF117-14D1-44EE-9F31-C5FB5D47F68B} = "1"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Components\{1A975F48-2A3C-44FE-A91C-49D3C12ED0BC}
    • {889DF117-14D1-44EE-9F31-C5FB5D47F68B} = "1"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Components\{B6783DFA-B8C8-4CB6-AB9F-EF1A1F7F7AE8}
    • {889DF117-14D1-44EE-9F31-C5FB5D47F68B} = "1"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Components\{9307081B-7444-494C-8CF6-2FA7C0E92BFB}
    • {889DF117-14D1-44EE-9F31-C5FB5D47F68B} = "1"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Components\{BB1DCBF2-6F69-4FB5-BA9F-0B46B5F93395}
    • {889DF117-14D1-44EE-9F31-C5FB5D47F68B} = "1"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Components\{8D8654CD-7FBC-4C7E-84E9-371BFA8DB04E}
    • {889DF117-14D1-44EE-9F31-C5FB5D47F68B} = "1"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    • UninstallString = "%User Profile%\{889DF~1\Setup.exe /remove /q0"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    • QuietUninstallString = "%User Profile%\{889DF~1\Setup.exe /remove /q"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    • ModifyPath = "%User Profile%\{889DF~1\Setup.exe /q0"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    • Version = "1a2"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    • VersionMajor = "1"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    • VersionMinor = "a"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    • EstimatedSize = "6d8"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    • Language = "49"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    • TSAware = "1"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    • TinFolder = "%User Profile%\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    • TinVersion = "5021"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    • InstallDate = "20120613"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    • InstallLocation = "%Program Files%\Yontoo"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    • InstallSource = "%User Temp%"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    • DisplayIcon = "%User Profile%\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    • DisplayName = "Yontoo 1.10.02"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    • DisplayVersion = "1.10.02"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    • Publisher = "Yontoo LLC"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    • URLInfoAbout = "http://www.{BLOCKED}o.com"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    • Contact = "support@yontoo.com"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Tarma Installer\Products\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    • TizPath = "%User Temp%\YontooSetup-S.exe"

Step 5

Ripristinare questo valore modificato del Registro di sistema

[ Learn More ]

Importante: una modifica non corretta del Registro di sistema di Windows può causare problemi di funzionamento del sistema irreversibili. Eseguire questo passaggio solo se si ha esperienza o si può richiedere assistenza all’amministratore di sistema. Diversamente, consultare questo articolo di Microsoft prima di modificare il Registro di sistema del Computer.


  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
    • From: 1609 = "0"
      To: 1609 = ""1""

Step 6

Cercare ed eliminare questi file

[ Learn More ]
Alcuni file di componenti potrebbero essere nascosti. Selezionare la casella di controllo Cerca file e cartelle nascosti nella sezione "Altre opzioni avanzate" per includere tutti i file e le cartelle nascosti nei risultati della ricerca.
  • %User Temp%\offconfig.temp
  • %User Temp%\idlimage.temp
  • %User Temp%\tmp1.tmp
  • %User Temp%\tmp2.tmp
  • %User Temp%\tmp3.tmp
  • %User Temp%\tmp4.tmp
  • %User Temp%\tmp5.tmp
  • %User Temp%\tmp6.tmp
  • %User Temp%\tmp7.tmp
  • %User Temp%\tmp8.tmp
  • %User Temp%\tmp9.tmp
  • %User Temp%\tmpA.tmp
  • %User Temp%\tmpB.tmp
  • %User Temp%\ezLooker-S-Setup_Suite1.exe
  • %User Temp%\tmpC.tmp
  • %User Temp%\tmpD.tmp
  • %User Temp%\playbryte_installer.exe
  • %User Temp%\PricePeepInstaller.exe
  • %User Temp%\ezLooker-S-Setup_Suite1-0308.exe
  • %User Temp%\3163F693.dat
  • %User Temp%\3163F693\_Setup.dll
  • %User Temp%\3163F693\Setup.ico
  • %User Temp%\3163F693\x86\regsvr32.exe
  • %User Temp%\3163F693\x64\regsvr32.exe
  • %User Temp%\YontooSetup-S.exe._tm
  • %User Profile%\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat
  • %User Temp%\YontooSetup-S-074C.exe
  • %User Temp%\48A7B44E.dat
  • %User Temp%\48A7B44E\_Setup.dll
  • %User Temp%\48A7B44E\Setup.ico
  • %User Temp%\48A7B44E\_Setupx.dll
  • %User Temp%\48A7B44E\x86\regsvr32.exe
  • %User Temp%\48A7B44E\x64\regsvr32.exe
  • %User Temp%\7za.exe._tm
  • %User Temp%\sqlite3.exe._tm
  • %User Temp%\YontooIEClient.dll._tm
  • %User Temp%\InstallHandler.txt.tmp
  • %User Profile%\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
  • %User Profile%\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe
  • %User Profile%\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll
  • %User Profile%\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico
  • %User Profile%\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
  • %User Profile%\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
  • %User Profile%\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
  • %User Profile%\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
  • %Program Files%\Yontoo\YontooIEClient.dll

Step 7

Cercare ed eliminare queste cartelle

[ Learn More ]
Selezionare la casella di controllo Cerca file e cartelle nascosti nella sezione Altre opzioni avanzate per includere tutti e le cartelle nascoste nei risultati della ricerca.
  • %User Temp%\3163F693
  • %User Profile%\Application Data\Tarma Installer
  • %User Profile%\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}
  • %User Profile%\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache
  • %User Temp%\3163F693\x86
  • %User Temp%\3163F693\x64
  • %User Temp%\48A7B44E
  • %User Profile%\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
  • %User Profile%\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Cache
  • %User Temp%\48A7B44E\x86
  • %User Temp%\48A7B44E\x64
  • %Program Files%\Yontoo

Step 8

Eseguire la scansione del computer con il prodotto Trend Micro per eliminare i file rilevati come TROJ_AGENT_033894.TOMB Se i file rilevati sono già stati disinfettati, eliminati o messi in quarantena dal prodotto Trend Micro, non sono necessari ulteriori passaggi. È possibile scegliere di eliminare semplicemente i file in quarantena. Per ulteriori informazioni, visitare questa pagina della Knowledge Base.


Sondaggio

Redes sociales

Conecte con nosotros en