Ransom_CRYPTESLA.YUYALJ

Publish Date: 30 giugno 2017

Ransom:Win32/Genasom (Microsoft); Ransom.CryptXXX (Symantec); Trojan-Dropper.Win32.Sysn.cfhs (Kaspersky); Troj/Ransom-EOK (Sophos); Trojan.Win32.Generic!BT (Sunbelt); Trojan horse SCGeneric2.AETL (AVG)

Piattaforma:

Windows

Valutazione del rischio complessivo:

Potenziale dannoso: :

Potenziale di distribuzione: :

Reported Infection:

Basso

Medio

Alto

Critico

Tipo di minaccia informatica:
Trojan
Distruttivo?:
No
Crittografato?:
In the wild::
��

Panoramica e descrizione

Elimina archivos para impedir la ejecuci��n correcta de programas y aplicaciones.

Dettagli tecnici

Dimensione file: 474,624 bytes

Tipo di file: EXE

Residente in memoria: ��

Data di ricezione campioni iniziali: 30 giugno 2017

��Բ��ٲ��

Crea las carpetas siguientes:

%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0

(Nota: %Application Data% es la carpeta Application Data del usuario activo, que en el caso de Windows 98 y ME suele estar ubicada en C:\Windows\Profiles\{nombre de usuario}\Application Data, en el caso de Windows NT en C:\WINNT\Profiles\{nombre de usuario}\Application Data y en el caso de Windows 2000, XP y Server 2003 en C:\Documents and Settings\{nombre de usuario}\Local Settings\Application Data).

)

T��cnica de inicio autom��tico

Agrega las siguientes entradas de registro para permitir su ejecuci��n autom��tica cada vez que se inicia el sistema:

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
WindowsDrivers = "{malware path and file name}"

Otras modificaciones del sistema

Elimina los archivos siguientes:

%Desktop%.ini
%User Profile%\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma
%User Profile%\Sample Music\New Stories (Highway Blues).wma
%User Profile%\0008044E\Plylst1.wpl
%User Profile%\0008044E\Plylst10.wpl
%User Profile%\0008044E\Plylst11.wpl
%User Profile%\0008044E\Plylst12.wpl
%User Profile%\0008044E\Plylst13.wpl
%User Profile%\0008044E\Plylst14.wpl
%User Profile%\0008044E\Plylst15.wpl
%User Profile%\0008044E\Plylst2.wpl
%User Profile%\0008044E\Plylst3.wpl
%User Profile%\0008044E\Plylst4.wpl
%User Profile%\0008044E\Plylst5.wpl
%User Profile%\0008044E\Plylst6.wpl
%User Profile%\0008044E\Plylst7.wpl
%User Profile%\0008044E\Plylst8.wpl
%User Profile%\0008044E\Plylst9.wpl

(Nota: %Desktop% es la carpeta Escritorio del usuario activo, que en el caso de Windows 98 y ME suele estar en C:\Windows\Profiles\{nombre de usuario}\Escritorio, en el caso de Windows NT en C:\WINNT\Profiles\{nombre de usuario}\Escritorio y en el caso de Windows 2000, XP y Server 2003 en C:\Documents and Settings\{nombre de usuario}\Escritorio).

. %User Profile% es la carpeta de perfil del usuario activo, que en el caso de Windows 98 y ME suele estar en C:\Windows\Profiles\{nombre de usuario}, en el caso de Windows NT en C:\WINNT\Profiles\{nombre de usuario} y en el caso de Windows 2000, XP y Server 2003 en C:\Documents and Settings\{nombre de usuario}).

)

Rutina de infiltraci��n

Infiltra los archivos siguientes:

%User Profile%\Local Settings\Tempimage.jpg
%Desktop%.ini.Tesla
%User Profile%\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.Tesla
%User Profile%\Sample Music\New Stories (Highway Blues).wma.Tesla
%User Profile%\0008044E\Plylst1.wpl.Tesla
%User Profile%\0008044E\Plylst10.wpl.Tesla
%User Profile%\0008044E\Plylst11.wpl.Tesla
%User Profile%\0008044E\Plylst12.wpl.Tesla
%User Profile%\0008044E\Plylst13.wpl.Tesla
%User Profile%\0008044E\Plylst14.wpl.Tesla
%User Profile%\0008044E\Plylst15.wpl.Tesla
%User Profile%\0008044E\Plylst2.wpl.Tesla
%User Profile%\0008044E\Plylst3.wpl.Tesla
%User Profile%\0008044E\Plylst4.wpl.Tesla
%User Profile%\0008044E\Plylst5.wpl.Tesla
%User Profile%\0008044E\Plylst6.wpl.Tesla
%User Profile%\0008044E\Plylst7.wpl.Tesla
%User Profile%\0008044E\Plylst8.wpl.Tesla
%User Profile%\0008044E\Plylst9.wpl.Tesla
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\xijl2nez.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\xijl2nez.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\54nwr23b.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\54nwr23b.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\qgkufvsd.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\qgkufvsd.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\5lyz4ltu.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\5lyz4ltu.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\jqtslzw2.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\jqtslzw2.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\n4xym4q3.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\n4xym4q3.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\tfhdt5qb.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\tfhdt5qb.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\n1oywkcr.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\n1oywkcr.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\mw3kbwa1.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\mw3kbwa1.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\1yqd0ren.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\1yqd0ren.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\1l0k1n4t.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\1l0k1n4t.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\pphct5ho.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\pphct5ho.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\kz4fddrk.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\kz4fddrk.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\rso24a5q.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\rso24a5q.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\yi4npodi.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\yi4npodi.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\au33ztrf.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\au33ztrf.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\v0ttgf3e.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\v0ttgf3e.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\4dodplu5.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\4dodplu5.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\truq2g4s.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\truq2g4s.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\x35h0j0b.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\x35h0j0b.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\fqv2frgp.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\fqv2frgp.newcfg

(Nota: %User Profile% es la carpeta de perfil del usuario activo, que en el caso de Windows 98 y ME suele estar en C:\Windows\Profiles\{nombre de usuario}, en el caso de Windows NT en C:\WINNT\Profiles\{nombre de usuario} y en el caso de Windows 2000, XP y Server 2003 en C:\Documents and Settings\{nombre de usuario}).

. %Desktop% es la carpeta Escritorio del usuario activo, que en el caso de Windows 98 y ME suele estar en C:\Windows\Profiles\{nombre de usuario}\Escritorio, en el caso de Windows NT en C:\WINNT\Profiles\{nombre de usuario}\Escritorio y en el caso de Windows 2000, XP y Server 2003 en C:\Documents and Settings\{nombre de usuario}\Escritorio).

. %Application Data% es la carpeta Application Data del usuario activo, que en el caso de Windows 98 y ME suele estar ubicada en C:\Windows\Profiles\{nombre de usuario}\Application Data, en el caso de Windows NT en C:\WINNT\Profiles\{nombre de usuario}\Application Data y en el caso de Windows 2000, XP y Server 2003 en C:\Documents and Settings\{nombre de usuario}\Local Settings\Application Data).

)

Soluzioni

Motore di scansione minimo: 9.8

Step 1

Los usuarios de Windows ME y XP, antes de llevar a cabo cualquier exploraci��n, deben comprobar que tienen desactivada la opci��n Restaurar sistema para permitir la exploraci��n completa del equipo.

Step 2

Reiniciar en modo seguro

[ learnMore ]

Step 3

Eliminar este valor del Registro

[ learnMore ]

Importante: si modifica el Registro de Windows incorrectamente, podr��a hacer que el sistema funcione mal de manera irreversible. Lleve a cabo este paso solo si sabe c��mo hacerlo o si puede contar con ayuda de su administrador del sistema. De lo contrario, lea este antes de modificar el Registro del equipo.

In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- WindowsDrivers = "{malware path and file name}"

Step 4

Buscar y eliminar estos archivos

[ learnMore ]

Puede que algunos de los archivos del componente est��n ocultos. Aseg��rese de que tiene activada la casilla Buscar archivos y carpetas ocultos en la opci��n "M��s opciones avanzadas" para que el resultado de la b��squeda incluya todos los archivos y carpetas ocultos.

%User Profile%\Local Settings\Tempimage.jpg
%Desktop%.ini.Tesla
%User Profile%\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.Tesla
%User Profile%\Sample Music\New Stories (Highway Blues).wma.Tesla
%User Profile%\0008044E\Plylst1.wpl.Tesla
%User Profile%\0008044E\Plylst10.wpl.Tesla
%User Profile%\0008044E\Plylst11.wpl.Tesla
%User Profile%\0008044E\Plylst12.wpl.Tesla
%User Profile%\0008044E\Plylst13.wpl.Tesla
%User Profile%\0008044E\Plylst14.wpl.Tesla
%User Profile%\0008044E\Plylst15.wpl.Tesla
%User Profile%\0008044E\Plylst2.wpl.Tesla
%User Profile%\0008044E\Plylst3.wpl.Tesla
%User Profile%\0008044E\Plylst4.wpl.Tesla
%User Profile%\0008044E\Plylst5.wpl.Tesla
%User Profile%\0008044E\Plylst6.wpl.Tesla
%User Profile%\0008044E\Plylst7.wpl.Tesla
%User Profile%\0008044E\Plylst8.wpl.Tesla
%User Profile%\0008044E\Plylst9.wpl.Tesla
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\xijl2nez.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\xijl2nez.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\54nwr23b.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\54nwr23b.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\qgkufvsd.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\qgkufvsd.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\5lyz4ltu.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\5lyz4ltu.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\jqtslzw2.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\jqtslzw2.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\n4xym4q3.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\n4xym4q3.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\tfhdt5qb.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\tfhdt5qb.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\n1oywkcr.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\n1oywkcr.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\mw3kbwa1.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\mw3kbwa1.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\1yqd0ren.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\1yqd0ren.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\1l0k1n4t.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\1l0k1n4t.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\pphct5ho.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\pphct5ho.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\kz4fddrk.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\kz4fddrk.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\rso24a5q.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\rso24a5q.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\yi4npodi.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\yi4npodi.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\au33ztrf.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\au33ztrf.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\v0ttgf3e.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\v0ttgf3e.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\4dodplu5.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\4dodplu5.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\truq2g4s.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\truq2g4s.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\x35h0j0b.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\x35h0j0b.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\fqv2frgp.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\fqv2frgp.newcfg

Para eliminar los archivos del componente de malware/grayware/spyware:

Haga clic con el bot��n derecho en Inicio y haga clic en Buscar....
En el cuadro de entrada Nombre, escriba:

%User Profile%\Local Settings\Tempimage.jpg
%Desktop%.ini.Tesla
%User Profile%\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.Tesla
%User Profile%\Sample Music\New Stories (Highway Blues).wma.Tesla
%User Profile%\0008044E\Plylst1.wpl.Tesla
%User Profile%\0008044E\Plylst10.wpl.Tesla
%User Profile%\0008044E\Plylst11.wpl.Tesla
%User Profile%\0008044E\Plylst12.wpl.Tesla
%User Profile%\0008044E\Plylst13.wpl.Tesla
%User Profile%\0008044E\Plylst14.wpl.Tesla
%User Profile%\0008044E\Plylst15.wpl.Tesla
%User Profile%\0008044E\Plylst2.wpl.Tesla
%User Profile%\0008044E\Plylst3.wpl.Tesla
%User Profile%\0008044E\Plylst4.wpl.Tesla
%User Profile%\0008044E\Plylst5.wpl.Tesla
%User Profile%\0008044E\Plylst6.wpl.Tesla
%User Profile%\0008044E\Plylst7.wpl.Tesla
%User Profile%\0008044E\Plylst8.wpl.Tesla
%User Profile%\0008044E\Plylst9.wpl.Tesla
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\xijl2nez.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\xijl2nez.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\54nwr23b.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\54nwr23b.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\qgkufvsd.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\qgkufvsd.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\5lyz4ltu.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\5lyz4ltu.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\jqtslzw2.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\jqtslzw2.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\n4xym4q3.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\n4xym4q3.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\tfhdt5qb.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\tfhdt5qb.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\n1oywkcr.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\n1oywkcr.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\mw3kbwa1.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\mw3kbwa1.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\1yqd0ren.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\1yqd0ren.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\1l0k1n4t.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\1l0k1n4t.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\pphct5ho.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\pphct5ho.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\kz4fddrk.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\kz4fddrk.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\rso24a5q.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\rso24a5q.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\yi4npodi.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\yi4npodi.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\au33ztrf.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\au33ztrf.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\v0ttgf3e.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\v0ttgf3e.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\4dodplu5.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\4dodplu5.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\truq2g4s.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\truq2g4s.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\x35h0j0b.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\x35h0j0b.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\fqv2frgp.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\fqv2frgp.newcfg
En la lista desplegable Buscar en, seleccione Mi PC y pulse Intro.
Una vez haya encontrado el archivo, selecci��nelo y, a continuaci��n, pulse MAY?S+SUPR para eliminarlo definitivamente.
Repita los pasos 2 a 4 con el resto de archivos: %User Profile%\Local Settings\Tempimage.jpg
%Desktop%.ini.Tesla
%User Profile%\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma.Tesla
%User Profile%\Sample Music\New Stories (Highway Blues).wma.Tesla
%User Profile%\0008044E\Plylst1.wpl.Tesla
%User Profile%\0008044E\Plylst10.wpl.Tesla
%User Profile%\0008044E\Plylst11.wpl.Tesla
%User Profile%\0008044E\Plylst12.wpl.Tesla
%User Profile%\0008044E\Plylst13.wpl.Tesla
%User Profile%\0008044E\Plylst14.wpl.Tesla
%User Profile%\0008044E\Plylst15.wpl.Tesla
%User Profile%\0008044E\Plylst2.wpl.Tesla
%User Profile%\0008044E\Plylst3.wpl.Tesla
%User Profile%\0008044E\Plylst4.wpl.Tesla
%User Profile%\0008044E\Plylst5.wpl.Tesla
%User Profile%\0008044E\Plylst6.wpl.Tesla
%User Profile%\0008044E\Plylst7.wpl.Tesla
%User Profile%\0008044E\Plylst8.wpl.Tesla
%User Profile%\0008044E\Plylst9.wpl.Tesla
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\xijl2nez.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\xijl2nez.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\54nwr23b.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\54nwr23b.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\qgkufvsd.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\qgkufvsd.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\5lyz4ltu.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\5lyz4ltu.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\jqtslzw2.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\jqtslzw2.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\n4xym4q3.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\n4xym4q3.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\tfhdt5qb.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\tfhdt5qb.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\n1oywkcr.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\n1oywkcr.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\mw3kbwa1.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\mw3kbwa1.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\1yqd0ren.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\1yqd0ren.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\1l0k1n4t.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\1l0k1n4t.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\pphct5ho.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\pphct5ho.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\kz4fddrk.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\kz4fddrk.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\rso24a5q.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\rso24a5q.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\yi4npodi.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\yi4npodi.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\au33ztrf.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\au33ztrf.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\v0ttgf3e.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\v0ttgf3e.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\4dodplu5.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\4dodplu5.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\truq2g4s.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\truq2g4s.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\x35h0j0b.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\x35h0j0b.newcfg
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\fqv2frgp.tmp
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0\fqv2frgp.newcfg

Step 5

Buscar y eliminar estas carpetas

[ learnMore ]

Aseg��rese de que tiene activada la casilla Buscar archivos y carpetas ocultos en la opci��n M��s opciones avanzadas para que el resultado de la b��squeda incluya todas las carpetas ocultas.

%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr
%Application Data%\Microsoft\9A09EE9356EB74FFB2C14B93D_Url_3pacq0j2bu5mfrvph55va4a5vgkpjrqr\1.0.0.0

Step 6

Reinicie en modo normal y explore el equipo con su producto de live casino online para buscar los archivos identificados como Ransom_CRYPTESLA.YUYALJ En caso de que el producto de live casino online ya haya limpiado, eliminado o puesto en cuarentena los archivos detectados, no ser��n necesarios m��s pasos. Puede optar simplemente por eliminar los archivos en cuarentena. Consulte esta para obtener m��s informaci��n.

Sondaggio

live casino online