FakeAV (613, 621, 628L 更新) 停更

显示全部楼层 · 发表于 2012-4-30 16:13:27

卡巴斯基安全部队
2012
拒绝访问
无法访问该网页

请求对象位于网址：

http://bbs.kafan.cn/forum.php?mod=
attachment&aid=MTYxMzUyMXwwMTcyNWIxY3wxM
zM1NzczNTY2fDY1Mjk3MHwxMjYzOTQ3

检测到威胁：

对象已感染病毒Trojan-Dropper.Win32.Dapato.aymc
发生时间： 16:13:04

显示全部楼层 · 发表于 2012-4-30 16:14:02

130 kill

显示全部楼层 · 发表于 2012-4-30 16:21:21

111楼至本楼样本360kill

显示全部楼层 · 发表于 2012-4-30 20:55:32

133L样本，AVAST!7.0拦截报特洛伊木马程序。

显示全部楼层 · 发表于 2012-5-1 10:31:42

Windows High-End Protection

https://www.virustotal.com/file/ ... 5e93d70b9/analysis/

0/42

显示全部楼层 · 发表于 2012-5-1 10:59:41

本帖最后由 hx1997 于 2012-5-1 11:01 编辑

更新 3×。

145L & 146L to ESET.

ESET 该不会五一放假了吧..

显示全部楼层 · 发表于 2012-5-1 11:59:36

hx1997 发表于 2012-5-1 10:59
更新 3×。

145L & 146L to ESET.

145L

FS杀生成物

显示全部楼层 · 发表于 2012-5-1 13:16:21

hx1997 发表于 2012-5-1 10:59
更新 3×。

145L & 146L to ESET.

完整路径: c:\users\zmzcy\appdata\local\temp\rar$dr34.976\fakeav\0edc696123de580f91c6fbb32a8f3dec.exe
威胁: Suspicious.Cloud.7.L
____________________________
____________________________
在电脑上的创建时间不可用
上次使用时间 2012/5/1 ( 13:15:12 )
启动项目否
已启动否
____________________________
____________________________
未知
诺顿社区中使用此文件的用户数量: 未知
____________________________
未知
此文件版本当前未知。
____________________________
高
此文件具有高风险。
____________________________
威胁详细信息
威胁类型: 启发式病毒。根据恶意软件启发式技术检测威胁。
____________________________
http://bbs.kafan.cn/forum.php?mo ... DQ2NzM4MnwxMjYzOTQ3 已下载文件0edc696123de580f91c6fbb32a8f3dec.exe
威胁名称:
Suspicious.Cloud.7.L自
bbs.kafan.cn
____________________________
文件操作
文件: c:\users\zmzcy\appdata\local\temp\rar$dr34.976\fakeav\0edc696123de580f91c6fbb32a8f3dec.exe
已删除
____________________________
文件指纹 - SHA:
c70d36947a92570369999abd47b749f63c3f3dc5ad6c8f5e37ebce7e3cf560be
____________________________
文件指纹 - MD5:
0edc696123de580f91c6fbb32a8f3dec
____________________________

完整路径: c:\users\zmzcy\appdata\local\temp\rar$dr96.976\fakeav\7c8bffe0d3a7a221b47e0ef076fb634d.exe
威胁: Suspicious.Cloud.7.L
____________________________
____________________________
在电脑上的创建时间不可用
上次使用时间 2012/5/1 ( 13:15:46 )
启动项目否
已启动否
____________________________
____________________________
未知
诺顿社区中使用此文件的用户数量: 未知
____________________________
未知
此文件版本当前未知。
____________________________
高
此文件具有高风险。
____________________________
威胁详细信息
威胁类型: 启发式病毒。根据恶意软件启发式技术检测威胁。
____________________________
http://bbs.kafan.cn/forum.php?mo ... DQ2NzM4MnwxMjYzOTQ3 已下载文件7c8bffe0d3a7a221b47e0ef076fb634d.exe
威胁名称:
Suspicious.Cloud.7.L自
bbs.kafan.cn
____________________________
文件操作
文件: c:\users\zmzcy\appdata\local\temp\rar$dr96.976\fakeav\7c8bffe0d3a7a221b47e0ef076fb634d.exe
已删除
____________________________
文件指纹 - SHA:
c867f3914a9191894658322076833b0119c8cc737e1e929a38d5dd4995d6fdb9
____________________________
文件指纹 - MD5:
7c8bffe0d3a7a221b47e0ef076fb634d
____________________________

完整路径: c:\users\zmzcy\appdata\local\temp\rar$dr54.976\fakeav\36bd0d33b4e2c05f875dddf21e7f178a.exe
威胁: Suspicious.Cloud.7.L
____________________________
____________________________
在电脑上的创建时间不可用
上次使用时间 2012/5/1 ( 13:16:08 )
启动项目否
已启动否
____________________________
____________________________
未知
诺顿社区中使用此文件的用户数量: 未知
____________________________
未知
此文件版本当前未知。
____________________________
高
此文件具有高风险。
____________________________
威胁详细信息
威胁类型: 启发式病毒。根据恶意软件启发式技术检测威胁。
____________________________
http://bbs.kafan.cn/forum.php?mo ... DQ2NzM4MnwxMjYzOTQ3 已下载文件36bd0d33b4e2c05f875dddf21e7f178a.exe
威胁名称:
Suspicious.Cloud.7.L自
bbs.kafan.cn
____________________________
文件操作
文件: c:\users\zmzcy\appdata\local\temp\rar$dr54.976\fakeav\36bd0d33b4e2c05f875dddf21e7f178a.exe
已删除
____________________________
文件指纹 - SHA:
f6db20885de2a5473cc1e3b25fb5a02a6cd23497c16f6287d9550a79c5f6d8cd
____________________________
文件指纹 - MD5:
36bd0d33b4e2c05f875dddf21e7f178a
____________________________

显示全部楼层 · 发表于 2012-5-1 15:33:55

146L
360sd
3x

显示全部楼层 · 发表于 2012-5-1 20:31:48

本帖最后由 hx1997 于 2012-5-1 22:05 编辑

更新

Windows Safety Module

MD5: 3F983F434EA7FFB7848E46B9CB923D1D
SHA1: 6A032EA5ADF8AFA7E247730B35D30D0EBD6F7772
CRC32: 8B031E59

To ESET.

Level 3 - C:\Users\Gateway\Desktop\samples\3F983F434EA7FFB7848E46B9CB923D1D.exe attempted to SEARCH FOR A WINDOW with class name Shell_TrayWnd or window name  - allowed.

Level 6 - C:\Users\Gateway\Desktop\samples\3F983F434EA7FFB7848E46B9CB923D1D.exe attempted to SEARCH FOR A WINDOW with class name Shell_TrayWnd or window name  - allowed.

Level 6.1 - C:\Users\Gateway\Desktop\samples\3F983F434EA7FFB7848E46B9CB923D1D.exe attempted to WRITE TO FILE C:\Users\Gateway\Desktop\samples\filesystemscan.exe - allowed.
A backup for this file was created.

Level 21.6 - C:\Users\Gateway\Desktop\samples\filesystemscan.exe attempted to WRITE TO REGISTRY KEY Software\Microsoft\Windows\CurrentVersion\Settings - allowed.

Level 22.6 - C:\Users\Gateway\Desktop\samples\filesystemscan.exe attempted to ELEVATE a token - allowed.

Level 23.6 - C:\Users\Gateway\Desktop\samples\filesystemscan.exe attempted to ELEVATE a token - allowed.

Level 23.7 - C:\Users\Gateway\Desktop\samples\filesystemscan.exe attempted to WRITE TO REGISTRY KEY Software\Microsoft\Windows\CurrentVersion\Settings - allowed.

Level 23.8 - C:\Users\Gateway\Desktop\samples\filesystemscan.exe attempted to WRITE TO REGISTRY KEY Software\Microsoft\Windows\CurrentVersion\Run - allowed.

Level 23.9 - C:\Users\Gateway\Desktop\samples\filesystemscan.exe attempted to WRITE TO REGISTRY KEY Software\Microsoft\Windows\CurrentVersion\Settings - allowed.

Level 26.9 - C:\Users\Gateway\Desktop\samples\filesystemscan.exe attempted to SEARCH FOR A WINDOW with class name Shell_TrayWnd or window name  - allowed.

Level 29.9 - C:\Users\Gateway\Desktop\samples\filesystemscan.exe attempted to SEARCH FOR A WINDOW with class name Shell_TrayWnd or window name  - allowed.

Level 30 - C:\Users\Gateway\Desktop\samples\filesystemscan.exe attempted to WRITE TO FILE C:\Users\Gateway\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#local\\settings.sol - allowed.
A backup for this file was created.

......

ATTENTION! Suspected Win32.Malware.Generic was found on your system!

Level 49.6 - C:\Users\Gateway\Desktop\samples\3F983F434EA7FFB7848E46B9CB923D1D.exe attempted to WRITE TO FILE C:\Users\Gateway\AppData\Local\Temp\7ZSfx000.cmd - allowed.
A backup for this file was created.

ATTENTION! Suspected Win32.Malware.Generic was found on your system!

Level 52.6 - C:\Users\Gateway\Desktop\samples\3F983F434EA7FFB7848E46B9CB923D1D.exe has terminated with the exit code 0.

ATTENTION! Suspected Win32.Malware.Generic was found on your system!

Level 55.6 - C:\Windows\SysWOW64\cmd.exe attempted to SEARCH FOR A WINDOW with class name Shell_TrayWnd or window name  - allowed.

ATTENTION! Suspected Win32.Malware.Generic was found on your system!

Level 55.6 - C:\Windows\SysWOW64\cmd.exe has terminated with the exit code 1.

ATTENTION! Suspected Win32.Malware.Generic was found on your system!

[病毒样本] FakeAV (613, 621, 628L 更新) 停更

本帖子中包含更多资源

评分

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源