VT Detection ratio: 4 / 46 2825240.exe 诺顿2014阵亡！

显示全部楼层 · 发表于 2013-9-3 16:50:19

为什么我显示不能下载啊？

显示全部楼层 · 发表于 2013-9-3 19:34:05

本帖最后由 iyinyt 于 2013-9-3 19:37 编辑

墨家小子发表于 2013-9-3 12:44
创建快照慢恢复也慢

快照不是1S钟就创建好了吗？恢复不是也是可正常开虚拟机一样的时间吗~~怎么会慢~~ORZ~

显示全部楼层 · 发表于 2013-9-3 19:35:46

消停发表于 2013-9-3 16:33
BD2014的AVC完美拦截！

你是AVC开的中（默认），还是开的高了？

显示全部楼层 · 发表于 2013-9-4 07:04:26

iyinyt 发表于 2013-9-3 19:35
你是AVC开的中（默认），还是开的高了？

AVC开的高！IDS开的低，要不然根本轮不到AVC，就是IDS开到中以后我电脑里大部分免安装的软件都无法运行了！

显示全部楼层 · 发表于 2013-9-4 07:08:59

消停发表于 2013-9-3 11:25
可以改一下！看看其他各家的表现！

昨天没来样本区。。。。这么有趣的样本。。必须来。

显示全部楼层 · 发表于 2013-9-4 07:15:52

wqcaokeyinwq 发表于 2013-9-4 07:08
昨天没来样本区。。。。这么有趣的样本。。必须来。

不错！

显示全部楼层 · 发表于 2013-9-4 07:37:37

费尔&飞塔都已入库

显示全部楼层 · 发表于 2013-9-4 10:56:41

本帖最后由 iyinyt 于 2013-9-4 10:59 编辑

消停发表于 2013-9-4 07:04
AVC开的高！IDS开的低，要不然根本轮不到AVC，就是IDS开到中以后我电脑里大部分免安装的软件都无法运行了 ...

恩，IDS在2013版的都是默认关闭的，我那个时候开到低都有很多误报，但是在2014版中IDS默认是打开的，并且是开到低的，我在实际使用中（和2013使用环境一样）还未发现误报。在2013中，AVC默认是开到中，我把他调到了高，在实际使用中未发现误报；现在2014中我只是把AVC保持默认中，同样的使用环境中也未发现明显误报，为了能正常判断AVC的报警，尽可能减少误报，我决定还是用了默认，毕竟BD在AV-C和AV-T中都是用的默认设置测试的，日常使用问题不大。不知道你试试默认的AVC报警吗？

显示全部楼层 · 发表于 2013-9-4 11:00:22

BD2013包括BD free的AVC默认都可以拦截

显示全部楼层 · 发表于 2013-9-4 11:05:44

2013/9/4 11:03:03 创建文件夹允许
进程: f:\下载\compressed\2825240\2825240.exe
目标: C:\ProgramData\VDa7Un37
规则: [应用程序组]『询问』病毒测试 -> [文件]*

2013/9/4 11:03:07 创建注册表项阻止
进程: f:\下载\compressed\2825240\2825240.exe
目标: HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\2825240_RASAPI32
规则: [应用程序组]『询问』病毒测试 -> [注册表]*

2013/9/4 11:03:09 创建文件允许
进程: f:\下载\compressed\2825240\2825240.exe
目标: C:\ProgramData\VDa7Un37\VDa7Un37.exe
规则: [应用程序组]『询问』病毒测试 -> [文件组]全局高危文件

2013/9/4 11:03:11 创建注册表项阻止
进程: f:\下载\compressed\2825240\2825240.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\2825240_RASAPI32
规则: [应用程序组]『询问』病毒测试 -> [注册表]*

2013/9/4 11:03:12 修改注册表值阻止
进程: f:\下载\compressed\2825240\2825240.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AS2014
值: C:\ProgramData\VDa7Un37\VDa7Un37.exe
规则: [应用程序组]『询问』病毒测试 -> [注册表组]自动运行 -> [注册表]*\Software\Microsoft\Windows\CurrentVersion\Run*

2013/9/4 11:03:14 创建注册表项阻止
进程: f:\下载\compressed\2825240\2825240.exe
目标: HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\2825240_RASAPI32
规则: [应用程序组]『询问』病毒测试 -> [注册表]*

2013/9/4 11:03:14 修改注册表值阻止
进程: f:\下载\compressed\2825240\2825240.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable
值: 0x00000000(0)
规则: [应用程序组]『询问』病毒测试 -> [注册表]*

2013/9/4 11:03:17 创建文件允许
进程: f:\下载\compressed\2825240\2825240.exe
目标: C:\ProgramData\VDa7Un37\VDa7Un37xDaVaggg.in
规则: [应用程序组]『询问』病毒测试 -> [文件]*

2013/9/4 11:03:18 创建注册表项阻止
进程: f:\下载\compressed\2825240\2825240.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\2825240_RASAPI32
规则: [应用程序组]『询问』病毒测试 -> [注册表]*

2013/9/4 11:03:19 修改注册表值阻止
进程: f:\下载\compressed\2825240\2825240.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
值: 46 00 00 00 16 01 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 8c 91 03 fe 95 a8 ce 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 c0 a8 01 66 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 20 01 00 00 dd 82 11 2a 24 f0 0d 88 3f 57 fe 99 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
规则: [应用程序组]『询问』病毒测试 -> [注册表]*

2013/9/4 11:03:20 创建文件允许
进程: f:\下载\compressed\2825240\2825240.exe
目标: C:\ProgramData\VDa7Un37\VDa7Un37xDaVaggg.lg
规则: [应用程序组]『询问』病毒测试 -> [文件]*

2013/9/4 11:03:21 创建注册表项阻止
进程: f:\下载\compressed\2825240\2825240.exe
目标: HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\2825240_RASMANCS
规则: [应用程序组]『询问』病毒测试 -> [注册表]*

2013/9/4 11:03:22 修改注册表值阻止
进程: f:\下载\compressed\2825240\2825240.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
值: 46 00 00 00 16 01 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 8c 91 03 fe 95 a8 ce 01 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 00 00 00 c0 a8 01 66 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17 00 00 00 00 00 00 00 20 01 00 00 dd 82 11 2a 24 f0 0d 88 3f 57 fe 99 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
规则: [应用程序组]『询问』病毒测试 -> [注册表]*

2013/9/4 11:03:23 修改文件允许
进程: f:\下载\compressed\2825240\2825240.exe
目标: C:\ProgramData\VDa7Un37\VDa7Un37xDaVaggg.in
规则: [应用程序组]『询问』病毒测试 -> [文件]*

2013/9/4 11:03:24 创建注册表项阻止
进程: f:\下载\compressed\2825240\2825240.exe
目标: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\2825240_RASMANCS
规则: [应用程序组]『询问』病毒测试 -> [注册表]*

2013/9/4 11:03:25 删除注册表值阻止
进程: f:\下载\compressed\2825240\2825240.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
规则: [应用程序组]『询问』病毒测试 -> [注册表]*

2013/9/4 11:03:27 修改文件允许
进程: f:\下载\compressed\2825240\2825240.exe
目标: C:\ProgramData\VDa7Un37\VDa7Un37xDaVaggg.lg
规则: [应用程序组]『询问』病毒测试 -> [文件]*

2013/9/4 11:03:28 删除注册表值阻止
进程: f:\下载\compressed\2825240\2825240.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
规则: [应用程序组]『询问』病毒测试 -> [注册表]*

2013/9/4 11:03:29 创建文件允许
进程: f:\下载\compressed\2825240\2825240.exe
目标: C:\ProgramData\VDa7Un37\VDa7Un37.exe.manifest
规则: [应用程序组]『询问』病毒测试 -> [文件]*

2013/9/4 11:03:31 修改注册表值阻止
进程: f:\下载\compressed\2825240\2825240.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet
值: 0x00000000(0)
规则: [应用程序组]『询问』病毒测试 -> [注册表]*

2013/9/4 11:03:33 创建文件允许
进程: f:\下载\compressed\2825240\2825240.exe
目标: C:\ProgramData\VDa7Un37\VDa7Un37.ico
规则: [应用程序组]『询问』病毒测试 -> [文件]*

2013/9/4 11:03:34 修改注册表值阻止
进程: f:\下载\compressed\2825240\2825240.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
值: 0x00000001(1)
规则: [应用程序组]『询问』病毒测试 -> [注册表]*

2013/9/4 11:03:35 删除注册表值阻止
进程: f:\下载\compressed\2825240\2825240.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
规则: [应用程序组]『询问』病毒测试 -> [注册表]*

2013/9/4 11:03:36 删除注册表值阻止
进程: f:\下载\compressed\2825240\2825240.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
规则: [应用程序组]『询问』病毒测试 -> [注册表]*

2013/9/4 11:03:37 修改注册表值阻止
进程: f:\下载\compressed\2825240\2825240.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet
值: 0x00000000(0)
规则: [应用程序组]『询问』病毒测试 -> [注册表]*

2013/9/4 11:03:38 修改注册表值阻止
进程: f:\下载\compressed\2825240\2825240.exe
目标: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
值: 0x00000001(1)
规则: [应用程序组]『询问』病毒测试 -> [注册表]*

2013/9/4 11:03:42 访问网络允许
进程: f:\下载\compressed\2825240\2825240.exe
目标: TCP [本机 : 5119] ->  [219.235.1.127 : 80 (http)]
规则: [应用程序组]『询问』病毒测试 -> [网络组]所有网络

2013/9/4 11:03:43 访问网络允许
进程: f:\下载\compressed\2825240\2825240.exe
目标: TCP [本机 : 5120] ->  [219.235.1.127 : 80 (http)]
规则: [应用程序组]『询问』病毒测试 -> [网络组]所有网络

2013/9/4 11:03:55 创建文件允许
进程: f:\下载\compressed\2825240\2825240.exe
目标: C:\ProgramData\VDa7Un37\DD1
规则: [应用程序组]『询问』病毒测试 -> [文件]*

2013/9/4 11:05:21 访问网络允许
进程: f:\下载\compressed\2825240\2825240.exe
目标: TCP [本机 : 5169] ->  [219.235.1.127 : 80 (http)]
规则: [应用程序组]『询问』病毒测试 -> [网络组]所有网络

2013/9/4 11:05:35 创建文件允许
进程: f:\下载\compressed\2825240\2825240.exe
目标: C:\ProgramData\VDa7Un37\DD6
规则: [应用程序组]『询问』病毒测试 -> [文件]*

[可疑文件] VT Detection ratio: 4 / 46 2825240.exe 诺顿2014阵亡！

本帖子中包含更多资源

本帖子中包含更多资源