久しぶりに新顔登場。
Offending Registry Entry found: hkey_local_machine\software\classes\clsid\{78e5a540-1850-11cf-9d53-00aa003c9cb6}
System found infected with spyware.relyallinone Spyware/Adware (hkey_local_machine\software\classes\clsid\{78e5a540-1850-11cf-9d53-00aa003c9cb6})
Offending Registry Entry found: hkey_local_machine\software\classes\clsid\{b617b991-a767-4f05-99ba-ac6fcabb102e}
System found infected with spyware.relyallinone Spyware/Adware (hkey_local_machine\software\classes\clsid\{b617b991-a767-4f05-99ba-ac6fcabb102e})
Offending Registry Entry found: hkey_local_machine\software\classes\clsid\{afc634b0-4b8b-11cf-8989-00aa00688b10}
System found infected with spyware.relyallinone Spyware/Adware (hkey_local_machine\software\classes\clsid\{afc634b0-4b8b-11cf-8989-00aa00688b10})
該当するCLSIDは
[HKEY_CLASSES_ROOT\CLSID\{78E5A540-1850-11CF-9D53-00AA003C9CB6}]
@="RichText General Property Page Object"[HKEY_CLASSES_ROOT\CLSID\{78E5A540-1850-11CF-9D53-00AA003C9CB6}\InprocServer32]
@="C:\\WINDOWS\\system32\\RICHTX32.OCX"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78E5A540-1850-11CF-9D53-00AA003C9CB6}]
@="RichText General Property Page Object"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78E5A540-1850-11CF-9D53-00AA003C9CB6}\InprocServer32]
@="C:\\WINDOWS\\system32\\RICHTX32.OCX"[HKEY_CLASSES_ROOT\CLSID\{B617B991-A767-4F05-99BA-AC6FCABB102E}]
@="Microsoft Rich Textbox Control 6.0 (SP6)"[HKEY_CLASSES_ROOT\CLSID\{B617B991-A767-4F05-99BA-AC6FCABB102E}\InprocServer32]
@="C:\\WINDOWS\\system32\\RICHTX32.OCX"
"ThreadingModel"="Apartment"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B617B991-A767-4F05-99BA-AC6FCABB102E}]
@="Microsoft Rich Textbox Control 6.0 (SP6)"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B617B991-A767-4F05-99BA-AC6FCABB102E}\InprocServer32]
@="C:\\WINDOWS\\system32\\RICHTX32.OCX"
"ThreadingModel"="Apartment"[HKEY_CLASSES_ROOT\CLSID\{AFC634B0-4B8B-11CF-8989-00AA00688B10}]
@="RichText Apppearance Property Page Object"[HKEY_CLASSES_ROOT\CLSID\{AFC634B0-4B8B-11CF-8989-00AA00688B10}\InprocServer32]
@="C:\\WINDOWS\\system32\\RICHTX32.OCX"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFC634B0-4B8B-11CF-8989-00AA00688B10}]
@="RichText Apppearance Property Page Object"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFC634B0-4B8B-11CF-8989-00AA00688B10}\InprocServer32]
@="C:\\WINDOWS\\system32\\RICHTX32.OCX"
Spyware.RelyAllInOne - Symantec Security Response
Updated: April 11, 2008 2:41:52 PM
The program also drops the following files:
%System%\RICHTX32.OCX
Next, the program creates the following registry subkeys:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78E5A540-1850-11CF-9D53-00AA003C9CB6}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFC634B0-4B8B-11CF-8989-00AA00688B10}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B617B991-A767-4F05-99BA-AC6FCABB102E}
Initial Rapid Release version April 8, 2008 revision 016
今月になってのリリースで、嬉しがって即登録したんだろうな。
4/20 追記
4/15 リリースから 4/19 リリースと異様に短い間隔で ver 9.8.1 がリリースされたけど、誤検出はそのまま。
MWAV :
[http://forums.mwti.net/viewtopic.php?t=411:title=MWAV 9.8.1, Espatch1/Esupdate [1.0.0.142] uploaded.]
1. Hidden folders will not be unhidden.
2. OS install date will be put in LOG file (only for NT & above)
