楼主: 引领四基生活
收起左侧

[病毒样本] (双击有惊喜)Are you ok?

  [复制链接]
DF快递
发表于 2017-7-20 16:55:58 | 显示全部楼层
在avast沙盒中运行闪推
shaomao
发表于 2017-7-20 18:13:16 | 显示全部楼层
      虚拟机 双击后,BD显示拦截了   ,重新启动   桌面背景 变了。。。。。这个毒厉害

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
ziyerain2015
发表于 2017-7-20 18:20:50 | 显示全部楼层

2345 MISS
不像变的和他们一样哈啊哈!

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
ccboxes
发表于 2017-7-20 19:25:14 | 显示全部楼层
shaomao 发表于 2017-7-20 18:13
虚拟机 双击后,BD显示拦截了   ,重新启动   桌面背景 变了。。。。。这个毒厉害

因为BD不带回滚,所以这个更改就没法撤销了。你自己改就是
westbyte
发表于 2017-7-20 19:47:34 | 显示全部楼层
百度网盘下不下来,mega可以
桑德尔
发表于 2017-7-20 23:25:16 | 显示全部楼层
ESET杀

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
liumeng1
发表于 2017-7-21 00:29:11 | 显示全部楼层
kis2018 没扫出来...不敢双击
tianzhena
发表于 2017-7-21 00:39:50 | 显示全部楼层
liumeng1 发表于 2017-7-21 00:29
kis2018 没扫出来...不敢双击

双击拦不住别双击
liumeng1
发表于 2017-7-21 00:41:35 | 显示全部楼层
tianzhena 发表于 2017-7-21 00:39
双击拦不住别双击

  谢谢 已删  吓死了 万一手贱...
,就一个.
发表于 2017-7-21 01:57:53 | 显示全部楼层
AVA 25.13470
GD 25.10041

*** Process ***

Process: 6964
File name: xxplayer.exe
Path: c:\users\administrator\desktop\xxplayer.exe

Publisher: Unknown publisher
Creation date: 2017年7月21日 1:36:44
Modification date: 2017年7月21日 1:36:53

Started by: svchost.exe
Publisher: Microsoft Windows Publisher


*** Actions ***

The program has executed actions in the name of another program.
An unknown process was accessed.
The program can be used to execute any program code.
The program has read data from its own program file.
An executable file was stored in a suspicious location.


*** Quarantine ***

The following files were moved into quarantine:
C:\Program Files (x86)\Acronis\TrueImageHome\Help\help\zh-CN\25773.png
C:\Program Files (x86)\Acronis\TrueImageHome\Help\help\zh-CN\25817.png
C:\Program Files (x86)\Acronis\TrueImageHome\Help\help\zh-CN\25821.png
C:\Program Files (x86)\Acronis\TrueImageHome\Help\help\zh-CN\26846.png
C:\Users\Administrator\AppData\Local\Temp\aut5C54.tmp
C:\Users\Administrator\AppData\Local\Temp\aut5C55.tmp
C:\Users\Administrator\AppData\Local\Temp\aut5C66.tmp
C:\Users\Administrator\AppData\Roaming\15949570.ico
C:\Users\Administrator\AppData\Roaming\59251088.reg
C:\Users\Administrator\AppData\Roaming\94565792.bmp
C:\Users\Administrator\AppData\Roaming\kingsoft\office6\UserFeature\UserFeatureTags.ini
C:\Users\Administrator\AppData\Roaming\kingsoft\office6\cache\d2b9edf33b091742fdc97b11bb38a8b98a82d48b.keys
C:\Users\Administrator\AppData\Roaming\kingsoft\office6\cache\d2b9edf33b091742fdc97b11bb38a8b98a82d48b.values
C:\Users\Administrator\AppData\Roaming\kingsoft\office6\customui\wpsui.xml
C:\Users\Administrator\AppData\Roaming\kingsoft\office6\templates\wps\zh_CN\Normal.dotm
C:\Users\Administrator\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kfeedback_1.0.0.20\download.7z
C:\Users\Administrator\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kwpsassist_1.0.0.13\download.7z
C:\Users\Administrator\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\officespace_1.0.0.44\download.7z
C:\Users\Administrator\Desktop\10385120\Desktop.ini
C:\Users\Administrator\Desktop\13292522\Desktop.ini
C:\Users\Administrator\Desktop\25548480\Desktop.ini
C:\Users\Administrator\Desktop\40912012\Desktop.ini
C:\Users\Administrator\Desktop\55887291\Desktop.ini
C:\Users\Administrator\Desktop\58056512\Desktop.ini
C:\Users\Administrator\Desktop\58391696\Desktop.ini
C:\Users\Administrator\Desktop\72133122\Desktop.ini
C:\Users\Administrator\Desktop\72256780\Desktop.ini
C:\Users\Administrator\Desktop\75116739\Desktop.ini
C:\Users\Administrator\Desktop\78326274\Desktop.ini
C:\Users\Administrator\Desktop\87489354\Desktop.ini
C:\Users\Administrator\Desktop\92826782\Desktop.ini
C:\Users\Administrator\Desktop\92945464\Desktop.ini
E:\QQMusicCache\QQMusicLyric\QQ音乐 - 搞怪歌神的绝世情歌 (节目) - 1812 - QQ音乐·乐见大牌_qm.qrc
c:\users\administrator\appdata\roaming\kingsoft\office6\backup\wps.bkl
c:\users\administrator\appdata\roaming\kingsoft\office6\backup\wps_2064.bk
c:\users\administrator\appdata\roaming\kingsoft\office6\templates\wps\zh_cn\~$normal.dotm
c:\users\administrator\appdata\roaming\kingsoft\wps\addons\pool\win-i386\officespace_1.0.0.44\mui\zh_cn\resource\cloudlink_cooperation\logintip.png
c:\users\administrator\desktop\xxplayer.exe

The following registry entries were deleted:


YGLRuHL3Cysnd2JicnIHLSeILieILiYGLie9ctIrJganQicodIJiYnArJygnKCYGuWLRuMLHkC4ntywmJie3DIpycmJicnKgLCe3KiYmJ7cKrHJyJicuJwhtcpJykmJi0CgntyomJie3Cu1ycqtiYnJyq/AoJ4dycigmBp9ysnKyYmJwqHKCuHKCuGJicLhywnLCYmJwuoJhWWO20i8cqjVmKycYljVmK+1w2nJyYmJycnD7coJygmJicLxygohygohiYnDscrJiYnKycPxykrZiYnKStnCdcpJykmJicI5ycgj3KScpJykmBmgpJ7cMqCYntyYmJie3BrgvJ71y0ismBugqJ7cO6Csnty4mJie3DgA
Rules version: 5.0.148
OS: Windows 10.0 Service Pack 0.0 Build: 14393 - Workstation 64bit OS
dll version: 70613

"C:\Users\Administrator\Desktop\XXPlayer.exe"
MD5: B1C05ACD8CBBF1BD9A2448DA0C10C411

MD5: 36F670D89040709013F6A460176767EC


您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛|优惠券| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.3( 苏ICP备07004770号 ) GMT+8, 2017-10-18 13:25 , Processed in 0.072407 second(s), 6 queries , MemCache On.

快速回复 返回顶部 返回列表