マジでタチ悪い | ウディタでゲーム開発日誌
Amebaホームピグアメブロ
芸能人ブログ人気ブログ
新規登録
ログイン

ウディタでゲーム開発日誌

WOLF RPGエディターでフリゲ作ってます。
制作物はこちらのウェブサイトからどうぞ→シコウサクゴ(http://ytknkgymt.web.fc2.com/index.html)
  ツイッター→https://twitter.com/ytknkgymt

マジでタチ悪い

突如として現れた"MS Removal Tool"なるソフト。

俺のパソコンをスキャンして
「ウイルスに感染してるよ!」
とか言い出した。

そしてウイルスを削除するためにMS Removal Toolを
動かすんだ!と言い出す。

そして削除しようとすると
クレジットカードの情報を入力する欄が出てきた。

もともとクレジットカードを持っていないので
ウインドウを閉じたらそこからが酷かった。

ありとあらゆるソフトウェアが起動できなくなった。
ウェブブラウザからタスクマネージャまで
「ウイルスに感染しました。起動できません」
みたいな内容のメッセージが英語で出てくる。

フリーのウイルス除去ソフトのインストーラを
なんとかダウンロードし、起動しようとするもそれもダメ。

あぁ、ノートンさん入れないとだめかなぁと
思ったが、冷静に考えてみると
ノートンさん買ってきたところで
起動できるのか?と疑問に思い、
まずはMS Removal Toolについて調べてみた。


そしたら案の定
同じような状態になったという報告が
ネット上にあるじゃないか!

結構最近出回った
偽アンチウイルスソフト
だったようだ。

セーフモードで起動して
偶然できてた昨日の復元ポイントで復元した後、
当該ファイルを削除したら、症状は収まった。

このウイルス本当にタチが悪い。
①ソフトウェアが起動できなくなる
②クレジットカードの情報を盗もうとする
③"MS"なんて語って、さもマイクロソフトと関係あるように見せている

マジで焦ったなぁ。


あとあと冷静に考えてみると
いろいろおかしいところはあった。
タダでスキャンしたならタダで削除しろよ、と。
しかも有料なら有料で支払い方法がクレジットカード1択。

ウイルス報告もぜーんぶ嘘。
そういえばスキャンもやけに早かったな。

因みにSave Reportで保存したレポート↓(※全部嘘です)
---------------------------------------------------------------------------------------------
Spyware C:/windows/system32/iesetup.dll Spyware.IEMonster.d Steals passwords from Internet Explorer, Mozilla Firefox, Outlook and other programs.
Adware autorun Zlob.PornAdvertiser.ba Adware that displays pop-up/pop-under advertisements of pornographic or online gambling Web sites.
grams.
Spyware autorun Spyware.IMMonitor Program that can be used to monitor and record conversations in popular instant messaging applications.
rams.
Backdoor C:/windows/system32/svchost.exe Win32.Rbot.fm An IRC controlled backdoor that can be used to gain unauthorized access to a victim's machine.
Trojan autorun Infostealer.Banker.E Steals sensitive information from the infected computer (e.g. logins and passwords from online banking sessions).
Dialer C:/windows/system32/cmdial32.dll Dialer.Xpehbam.biz_dialer A Dialer that loads pornographic material. The url information shows Hardcore Pornographic pages.
Spyware autorun Spyware.KnownBadSites Uses the Windows hosts file to redirect your browser to a malicious site when you try to access a valid site.
raphic pages.
Trojan autorun Trojan.Tooso Trojan.Tooso is a trojan which attempts to terminate and delete security related applications.
o access a valid site.
raphic pages.
Trojan C:/windows/system32/explorer.exe Trojan.MailGrabber.s Trojan horse that gets access to e-mail accounts on the infected computer.
lid site.
raphic pages.
Trojan C:/windows/system32/alg.exe Trojan.Alg.t Trojan program that can compromise your private information stored on the hard drive.

lid site.
raphic pages.
Rogue C:/Program Files/TrustedAntivirus TrustedAntivirus A corrupt and misleading anti-virus program that may be usually installed with the help of malcous Trojans and other malware
Rogue C:/Program Files/SecurePCCleaner SecurePCCleaner Rogue Security Software: fake Security software that uses deceptive means for installation and purpose.
ns and other malware
Trojan C:/windows/system32/ Trojan.BAT.Adduser.t This Trojan has a malicious payload. It is a BAT file. It is 1129 bytes in size.
installation and purpose.
ns and other malware

Spyware C:/windows/system32/ Spyware.007SpySoftware Program designed to monitor user activity. May be used with or without consent.
nstallation and purpose.
ns and other malware
Trojan C:/windows/hidden/ Trojan.Clicker.EC Trojan.Clicker.EC is an information stealing Trojan that masquerades as a legitimate system file so as to avoid detection and subsequent removal.
Dialer C:/windows/hidden/ Dialer.Trafficjam.a Dialer.Trafficjam.a is a premium-rate phone dialer that automatically invokes paid access to various porn-related Web sites.
sequent removal.
Trojan hidden autorun Trojan.Poison.J Trojan.Poison.J is a key-logging Trojan for the Windows platform.
matically invokes paid access to various porn-related Web sites.
sequent removal.
Adware Registry Adware.eXact.BargainBuddy A browser helper object that monitors internet browsing sessions in an attempt to redirect search queries and distribute unsolicited advertisements.
Worm C:/windows/system32/ Win32.Delbot.AI Win32.Delbot.AI is a worm and IRC backdoor that exploits system and software vulnerabilities in order to provide remote access to the host PC.
ts.
Worm C:/windows/temp/ Win32.Sdbot.ADN A worm and IRC backdoor that exploits system and software vulnerabilities in order to provide unmitigated remote access to the host machine.
PC.
ts.
Trojan C:/windows/ Trojan-Dropper.Win32.Agent.bot This Trojan is designed to install and launch other malicious programs on the victim machine without the knowledge or consent of the user.

Worm C:/windows/temp/ Win32.Rbot.CBX A worm and IRC backdoor that exploits system and software vulnerabilities in order to provide unmitigated remote access to the host machine.
he user.

Spyware autorun Win32.PerFiler Win32.PerFiler is designed to retrieve and install files when executed. Win32.PerFiler is configured to download from either a designated web or FTP site.

Worm hidden autorun Win32.Miewer.a A Trojan Downloader that masquerades as a legitimate system file. Associated processes connect to the Internet to download additional malicious files.

Trojan C:/windows/ Trojan-Downloader.VBS.Small.dc This Trojan downloads other files via the FTP protocol and launches them for execution on the victim machine without the user痴 knowledge.

Worm autorun Win32.Peacomm.dam A Trojan Downloader that is spread as an attachment to emails with news headlines as the subject lines which downloads additional security threats.
wledge.

Trojan C:/windows/system/drivers/ Win32.Spamta.KG.worm A multi-component mass-mailing worm that downloads and executes files from the Internet.
ads additional security threats.
wledge.

Trojan C:/windows/system/drivers/etc/ Trojan.IRCBot.d A worm that opens an IRC back door on the infected host. It spreads by exploiting the Windows Remote Buffer Overflow Vulnerability.

Trojan C:/windows/system/mui/ Trojan.Dropper.MSWord.j A Microsoft Word macro virus that drops a trojan onto the infected host.
oiting the Windows Remote Buffer Overflow Vulnerability.

Trojan C:/windows/system/mui/ Win32.Clagger.C This is small Trojan downloader that downloads files and lowers security settings. It is spreading as an email attachment.
Vulnerability.

Worm C:/windows/system/ Worm.Bagle.CP This is a \"Bagle\" mass-mailer which demonstrates typical \"Bagle\" behavior.
settings. It is spreading as an email attachment.
Vulnerability.

Worm C:/windows/ Win32.BlackMail.xx This dangerous worm will destroy certain data files on an infected user's machine on February 3, 2008.
ing as an email attachment.
Vulnerability.

Trojan hidden autorun Trojan.Win32.Agent.ado Trojan downloader that is spread as an attachment to a spam email and tries to download a password stealer.
l attachment.
Vulnerability.

Trojan autorun Win32.Outsbot.u A backdoor Trojan that is remotely controlled via Internet Relay Chat (IRC). It exploits Sony Digital Rights Management (DRM) software to hide its presence.

Spyware autorun Win32.PerFiler Win32.PerFiler is designed to retrieve and install files when executed. Win32.PerFiler is configured to download from either a designated web or FTP site.

Worm hidden autorun Win32.Miewer.a A Trojan Downloader that masquerades as a legitimate system file.
Win32.PerFiler is configured to download from either a designated web or FTP site.

Trojan C:/windows/ Trojan-Downloader.VBS.Small.dc This Trojan downloads other files via the FTP protocol and launches them for execution on the victim machine without the user痴 knowledge.

Worm autorun Win32.Peacomm.dam A Trojan Downloader that is spread as an attachment to emails with news headlines as the subject lines which downloads additional security threats.
wledge.
---------------------------------------------------------------------------------------------

ワームがあるとか、スパイウェアがあるとか、
トロイの木馬があるとか
いろいろ言ってるのでいきなり出てきたときは
正直ビビった。


しっかし、ウイルス対策ソフトのふりしたウイルスソフトとは、
悪質な手口だなぁ。