转远控

显示全部楼层 · 发表于 2013-8-29 21:42:08

dongwenqi 发表于 2013-8-29 21:40
搜狗和Q管已经能正常运行了，上面的2个我已经在实机上运行了，已经被阻止运行了

问题是小白不知道这个是木马的话，选择允许的话还是拦不住，警告不够明确

显示全部楼层 · 发表于 2013-8-29 21:45:11

卡巴专家发表于 2013-8-29 21:42
问题是小白不知道这个是木马的话，选择允许的话还是拦不住，警告不够明确

说的也是，这点到时提醒了我，关键是小白能用卡巴吗

显示全部楼层 · 发表于 2013-8-29 21:55:09

dongwenqi 发表于 2013-8-29 21:45
说的也是，这点到时提醒了我，关键是小白能用卡巴吗

小白为什么不能用卡巴

显示全部楼层 · 发表于 2013-8-29 22:03:28

卡巴专家发表于 2013-8-29 21:55
小白为什么不能用卡巴

就像你说的警告不够明确，万一小白遇到这个拦截，基本上不看的，都乱点允许，到时会怎样呢

显示全部楼层 · 发表于 2013-8-30 11:29:04

Filename: ppcef.dll
Threat name: WS.Reputation.1
Full Path: f:\norton样本\白加黑\uvi\ppcef.dll

____________________________

Details
Unknown Community Usage, Unknown Age, Risk Medium

Origin
Downloaded from
https://att.kafan.cn/forum.php?mo ... Dc5OTA2N3wxNjIwOTUz

Activity
Actions performed: Actions performed: 1

____________________________

On computers as of
Not Available

Last Used
2013-8-30 at 11:28:28

Startup Item
No

Launched
No

____________________________

Unknown
It is unknown how many users in the Norton Community have used this file.

Unknown
This file release is currently not known.

Medium
This file risk is medium.

Threat type: Insight Network Threat. There are many indications that this file is untrustworthy and therefore not safe

____________________________

https://att.kafan.cn/forum.php?mo ... Dc5OTA2N3wxNjIwOTUz

Downloaded File ppcef.dll Threat name: WS.Reputation.1
from att.kafan.cn

Source: External Media

____________________________

File Actions

File: f:\norton样本\白加黑\uvi\ ppcef.dll Removed
____________________________

File Thumbprint - SHA:
ed1cbf46f1ff20bca4594368f4ac59a58dfe85321065aba1b382391fdb57cff0
File Thumbprint - MD5:
Not available

Filename: stormupdate.dll
Threat name: WS.Reputation.1
Full Path: f:\norton样本\白加黑\uxubxwxwta\uxubxwxwta\stormupdate.dll

____________________________

Details
Unknown Community Usage, Unknown Age, Risk Medium

Origin
Downloaded from
https://att.kafan.cn/forum.php?mo ... Dc5OTA2N3wxNjIwOTUz

Activity
Actions performed: Actions performed: 1

____________________________

On computers as of
Not Available

Last Used
2013-8-30 at 11:29:08

Startup Item
No

Launched
No

____________________________

Unknown
It is unknown how many users in the Norton Community have used this file.

Unknown
This file release is currently not known.

Medium
This file risk is medium.

Threat type: Insight Network Threat. There are many indications that this file is untrustworthy and therefore not safe

____________________________

https://att.kafan.cn/forum.php?mo ... Dc5OTA2N3wxNjIwOTUz

Downloaded File stormupdate.dll Threat name: WS.Reputation.1
from att.kafan.cn

Source: External Media

____________________________

File Actions

File: f:\norton样本\白加黑\uxubxwxwta\uxubxwxwta\ stormupdate.dll Removed
____________________________

File Thumbprint - SHA:
e1512d73872542b3bab7d5ec99005024570efdad40ccda468ba7bc8451aa399a
File Thumbprint - MD5:
Not available

显示全部楼层 · 发表于 2013-8-30 11:33:43

显示全部楼层 · 发表于 2013-8-30 11:36:33

为什么360没反应

显示全部楼层 · 发表于 2013-8-30 23:49:29

本帖最后由 Dust-;羅錠于 2013-9-1 01:15 编辑

Dear linchang1997,

Your submission has been analyzed. A corresponding record has been added to the Dr.Web virus database and will be available with the next update.

Threat: BackDoor.Siggen.52105

Thank you for the cooperation.

--
Yours sincerely,
Virus Monitoring Service
Doctor Web Ltd.

主体和衍生物都入库了，但奇怪的是人工分析竟然将EXE也给报了，上报误报后Dr.Web解除了对exe的误报.

[病毒样本] 转远控

本帖子中包含更多资源