特徴
-
自身をレジストリにインストールする
-
既知の脆弱性を悪用する
-
マルウェアによってドロップされる
感染 OS
復旧方法:
詳細は、ワームの除去方法をご覧ください。
You will also need to edit the following registry entries, if they are present. Please read the warning about editing the registry.
At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.
Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.
Locate the HKEY_LOCAL_MACHINE entries:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\winprotect
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\winprotect
and delete them if they exist.
Close the registry editor.