down10.zol.com.cn/skycndownernew/wifigx_3.1.1123@7955@.exe

显示全部楼层 · 发表于 2015-4-11 13:22:39

down10.zol.com.cn/skycndownernew/wifigx_3.1.1123@7955@.exe

avira

2015/4/11 下午 01:14 [System Scanner] 發現惡意程式碼
   檔案 'C:\Users\vpn\Downloads\wifigx_3.1.1123@7955@.exe'
   包含病毒或有害的程式 'Adware/Downware.614320' [adware]
   已採取動作：
   檔案會移動至 '505e00ce.qua' 名稱底下的隔離區目錄!

2015/4/11 下午 01:14 [System Scanner] 掃描
   掃描結束 [已完成全部的掃描.]。
   檔案數： 929
   目錄數： 0
   惡意程式碼數： 1
   警告數： 0

2015/4/11 下午 01:13 [Real-Time Protection] 發現惡意程式碼
   在檔案 'C:\Users\vpn\Downloads\wifigx_3.1.1123@7955@.exe 中
   偵測到病毒或有害的程式 'ADWARE/Downware.614320 [adware]'
   執行的動作：拒絕存取

2015/4/11 下午 01:13 [Real-Time Protection] 發現惡意程式碼
   在檔案 'C:\Users\vpn\Downloads\wifigx_3.1.1123@7955@.exe 中
   偵測到病毒或有害的程式 'ADWARE/Downware.614320 [adware]'
   執行的動作：拒絕存取

显示全部楼层 · 发表于 2015-4-11 13:45:36

下载器
合法流氓软件

显示全部楼层 · 发表于 2015-4-11 15:04:22

精睿的高级模式被FS封杀了，帖子都发不了

FS前来板门弄斧……
沙盘中运行该文件时，FS封锁应用程序，报未知应用程序试图连接互联网……

从运行截图，可以判断，那个应该是中关村在线的在线下载器

打开高级模式，居然被FS拦截…
火叔，这是误报还是……？@fireold

显示全部楼层 · 发表于 2015-4-11 15:19:22

to eset

显示全部楼层 · 发表于 2015-4-11 15:59:08

BD不报

显示全部楼层 · 发表于 2015-4-11 23:12:01

[mw_shl_code=css,true]Filename: 360help_sky.exe
Threat name: SONAR.Heuristic.120Full Path: Not Available

____________________________

____________________________

____________________________

360help_sky.exe Threat name: SONAR.Heuristic.120
Locate

Very Few Users
Fewer than 5 users in the Norton Community have used this file.

Very New
This file was released less than 1 week ago.

High
This file risk is high.

____________________________

http://down10.zol.com.cn/ceshi/360Help_sky.exe
Downloaded File 360help_sky.exe Threat name: SONAR.Heuristic.120
from zol.com.cn
Source: External Media

wifigx_3.1.1123@7955@.exe

File Created:
360help_sky.exe

____________________________

File Actions

File: c:\sandbox\winter0614\defaultbox\user\current\appdata\roaming\zoldownloader\ 360help_sky.exe Threat Removed
____________________________

Registry Actions

Registry change: HKEY_USERS\Sandbox_winter0614_DefaultBox\machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ FontLink, Registry Hive: 64 bit Threat Removed
Registry change: HKEY_USERS\Sandbox_winter0614_DefaultBox\machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ LanguagePack, Registry Hive: 64 bit Threat Removed
____________________________

System Settings Actions

Event: Process start (Performed by c:\sandbox\winter0614\defaultbox\user\current\appdata\roaming\zoldownloader\360help_sky.exe, PID:1412) No action taken
(Performed by c:\sandbox\winter0614\defaultbox\user\current\appdata\roaming\zoldownloader\360help_sky.exe, PID:1412) No action taken
Event: Process start: c:\sandbox\winter0614\defaultbox\user\current\appdata\roaming\zoldownloader\ 360help_sky.exe, PID:1412 (Performed by c:\sandbox\winter0614\defaultbox\user\current\appdata\roaming\zoldownloader\360help_sky.exe, PID:1412) No action taken
____________________________

Suspicious Actions

(Performed by c:\sandbox\winter0614\defaultbox\user\current\appdata\roaming\zoldownloader\360help_sky.exe, PID:1412) No action taken
____________________________

File Thumbprint - SHA:
Not available
File Thumbprint - MD5:
Not available
[/mw_shl_code]

[未鉴定] down10.zol.com.cn/skycndownernew/wifigx_3.1.1123@7955@.exe