AVG:
扫描:miss all;
双击:除2.doc无条件pass外,其余均进行双击测试。
1.exe:
"";"IDP.Program.D1B0A5C0, C:\Users\killer\Desktop\新建文件夹\1.exe";"Deleted, Moved to Virus Vault";"File or Directory";"2016/2/18, 1:12:12"
"";", C:\Users\killer\Desktop\新建文件夹\1.exe";"Object was blocked";"Process";"2016/2/18, 1:12:12"
3.exe:
"";"IDP.Program.D1B0A5C0, C:\Users\killer\Desktop\新建文件夹\3.exe";"Deleted, Moved to Virus Vault";"File or Directory";"2016/2/18, 1:12:30"
"";", C:\Users\killer\Desktop\新建文件夹\3.exe";"Object was blocked";"Process";"2016/2/18, 1:12:30"
"";", HKEY_USERS\S-1-5-21-540828005-2055914412-3868506426-1000\SOFTWARE\LOCKY";"Deleted, Moved to Virus Vault";"Registry key";"2016/2/18, 1:12:30"
4.exe(仅杀掉衍生物,本体被留下):
"";"IDP.ALEXA.51, C:\Users\killer\AppData\Local\Temp\Build.exe";"Deleted, Moved to Virus Vault";"File or Directory";"2016/2/18, 1:12:56"
"";", C:\Users\killer\AppData\Local\Temp\Build.exe";"Object was blocked";"Process";"2016/2/18, 1:12:56"
"";", HKEY_USERS\S-1-5-21-540828005-2055914412-3868506426-1000\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\\SHELL";"Deleted";"Registry value";"2016/2/18, 1:12:56"
"";", HKEY_USERS\S-1-5-21-540828005-2055914412-3868506426-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\USERINI";"Deleted, Moved to Virus Vault";"Registry value";"2016/2/18, 1:12:56"
5.exe(需重启,各种注入,居然还企图注入AVG的UI进程,真是胆大包天,又现Unknown报法):
"";"Unknown, C:\Users\killer\Desktop\新建文件夹\5.exe";"Deleted, Moved to Virus Vault";"File or Directory";"2016/2/18, 1:35:37"
"";", C:\Windows\explorer.exe";"Object was blocked";"Process";"2016/2/18, 1:35:37"
"";", C:\Windows\System32\rundll32.exe";"Object was blocked";"Process";"2016/2/18, 1:35:37"
"";", C:\Windows\System32\winlogon.exe";"Object was blocked";"Process";"2016/2/18, 1:35:37"
"";", C:\Windows\System32\dwm.exe";"Object was blocked";"Process";"2016/2/18, 1:35:37"
"";", C:\Windows\System32\taskhost.exe";"Object was blocked";"Process";"2016/2/18, 1:35:37"
"";", C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe";"Object was blocked";"Process";"2016/2/18, 1:35:37"
"";", C:\Program Files\AVG\Framework\Common\avguix.exe";"Object was blocked";"Process";"2016/2/18, 1:35:37"
"";", C:\Windows\System32\userinit.exe";"Object was blocked";"Process";"2016/2/18, 1:35:37"
"";", C:\Windows\System32\LogonUI.exe";"Object was blocked";"Process";"2016/2/18, 1:35:37"
"";", C:\Windows\System32\csrss.exe";"Object was blocked";"Process";"2016/2/18, 1:35:37"
"";", C:\Windows\System32\wininit.exe";"Object was blocked";"Process";"2016/2/18, 1:35:37"
"";", C:\Windows\System32\services.exe";"Object was blocked";"Process";"2016/2/18, 1:35:37"
"";", C:\Windows\System32\conhost.exe";"Object was blocked";"Process";"2016/2/18, 1:35:37"
"";", C:\Windows\System32\conhost.exe";"Object was blocked";"Process";"2016/2/18, 1:35:37"
"";", C:\Windows\System32\conhost.exe";"Object was blocked";"Process";"2016/2/18, 1:35:37"
"";", C:\Windows\System32\lsass.exe";"Object was blocked";"Process";"2016/2/18, 1:35:37"
"";", C:\Windows\System32\lsm.exe";"Object was blocked";"Process";"2016/2/18, 1:35:37"
"";", C:\Users\killer\Desktop\新建文件夹\5.exe";"Object was blocked";"Process";"2016/2/18, 1:35:37"
祝贺IDP大获全胜(除4.exe本体并未被干掉之外,其他均已伏法【其实那个Build.exe才是罪魁祸首,哈哈】) |
[复制链接]
发表于 2016-2-18 01:06:51
发表于 2016-2-18 01:09:51
