大家看看这文件

显示全部楼层 · 发表于 2015-8-22 14:56:52

大家看看这文件是干什么的，？我诺顿报毒，，

[mw_shl_code=html,true]文件名: sample order.exe
威胁名称: Trojan.Zbot完整路径: c:\users\cjw20\desktop\新建文件夹\sample order.exe

____________________________

____________________________

在电脑上的创建时间
2015/8/22 ( 14:55:29 )

上次使用时间
2015/8/22 ( 14:55:29 )

启动项目
否

已启动
否

威胁类型: 病毒。将自身插入或附加到其他程序、文件或电脑区域以感染这些媒介的程序。

____________________________

sample order.exe 威胁名称: Trojan.Zbot
定位

极少用户信任的文件
诺顿社区中有不到 5 名用户使用了此文件。

极新的文件
该文件已在不到 1 周前发行。

高
此文件具有高风险。

____________________________

来源: 外部介质

____________________________

文件操作

文件: c:\users\c0\desktop\新建文件夹\ sample order.exe 已阻止
____________________________

文件指纹 - SHA:
不可用
文件指纹 - MD5:
不可用
[/mw_shl_code]

显示全部楼层 · 发表于 2015-8-22 14:59:04

这不是前两天发的那个嘛？
确实是zbot，诺顿已经入库了

显示全部楼层 · 发表于 2015-8-22 15:00:54

pal家族发表于 2015-8-22 14:59
这不是前两天发的那个嘛？
确实是zbot，诺顿已经入库了

你这不是卡巴嘛，，

显示全部楼层 · 发表于 2015-8-22 15:01:35

蓝天二号发表于 2015-8-22 15:00
你这不是卡巴嘛，，

我在回复你的疑问啊。
卡巴是一个佐证嘛

显示全部楼层 · 发表于 2015-8-22 15:02:51

pal家族发表于 2015-8-22 15:01
我在回复你的疑问啊。
卡巴是一个佐证嘛

这样啊，，，我好久没来卡饭了，所以没看到之前发的，，，

话说你用的卡巴16版？？？

显示全部楼层 · 发表于 2015-8-22 15:04:17

蓝天二号发表于 2015-8-22 15:02
这样啊，，，我好久没来卡饭了，所以没看到之前发的，，，

话说你用的卡巴16版？？？

是的
别告诉我这个图你可以看出是kaba2016

显示全部楼层 · 发表于 2015-8-22 15:06:13

pal家族发表于 2015-8-22 15:04
是的
别告诉我这个图你可以看出是kaba2016

很多时候国内用户基本不会使用正式版的英文版，除非还没有简体中文的时候。。。

显示全部楼层 · 发表于 2015-8-22 15:12:24

pal家族发表于 2015-8-22 15:04
是的
别告诉我这个图你可以看出是kaba2016

不知道为什么诺顿22版的桌面图标又怀旧了，，，，，，，，，

显示全部楼层 · 发表于 2015-8-22 15:21:31

过FSCS

显示全部楼层 · 发表于 2015-8-22 15:47:04

本帖最后由电脑发烧友于 2015-8-22 15:50 编辑

CAV右键高启发不杀。
入沙后报毒，应该是CAV的主防把。

[mw_shl_code=css,true]  <?xml version="1.0" encoding="utf-16" ?>
- <vscope ver="2.0">
- <process pid="9560" path="C:\Users\wuliao\Desktop\Sample order(1)\Sample order.exe" cmdline="" createtime="2015-08-22T07:48:34.932Z" sha1="3C9331C39B10C797B28F498D2F9A96C31110D6A3" hashCrc32="4164903589" trusted="false" detected="false" restrictionLevel="NoRestriction" parentpath="C:\Users\wuliao\Desktop\Sample order(1)\Sample order.exe">
- <activities>
  <activity timestamp="2015-08-22T07:48:34.942Z" id="273660" type="LoadImageFile" path="C:\WINDOWS\SYSTEM32\WOW64.DLL" />
  <activity timestamp="2015-08-22T07:48:34.943Z" id="273661" type="LoadImageFile" path="C:\WINDOWS\SYSTEM32\WOW64WIN.DLL" />
  <activity timestamp="2015-08-22T07:48:34.944Z" id="273662" type="LoadImageFile" path="C:\WINDOWS\SYSTEM32\WOW64CPU.DLL" />
  <activity timestamp="2015-08-22T07:48:34.948Z" id="273663" type="LoadImageFile" path="C:\WINDOWS\SYSWOW64\SECHOST.DLL" />
  <activity timestamp="2015-08-22T07:48:34.950Z" id="273664" type="LoadImageFile" path="C:\WINDOWS\SYSWOW64\IMM32.DLL" />
  <activity timestamp="2015-08-22T07:48:34.952Z" id="273667" type="LoadImageFile" path="C:\WINDOWS\SYSWOW64\GUARD32.DLL" />
  <activity timestamp="2015-08-22T07:48:34.953Z" id="273668" type="LoadImageFile" path="C:\WINDOWS\SYSWOW64\VERSION.DLL" />
  <activity timestamp="2015-08-22T07:48:34.954Z" id="273669" type="LoadImageFile" path="C:\WINDOWS\SYSWOW64\FLTLIB.DLL" />
  <activity timestamp="2015-08-22T07:48:34.955Z" id="273670" type="LoadImageFile" path="C:\Windows\SysWOW64\cmdvrt32.dll" />
  <activity timestamp="2015-08-22T07:48:34.959Z" id="273671" type="LoadImageFile" path="C:\WINDOWS\SYSWOW64\KERNELBASE.DLL" />
  <activity timestamp="2015-08-22T07:48:34.960Z" id="273673" type="LoadImageFile" path="C:\WINDOWS\SYSWOW64\NTDLL.DLL" />
  <activity timestamp="2015-08-22T07:48:34.960Z" id="273674" type="LoadImageFile" path="C:\WINDOWS\SYSWOW64\KERNEL32.DLL" />
  <activity timestamp="2015-08-22T07:48:34.963Z" id="273678" type="LoadImageFile" path="C:\WINDOWS\SYSWOW64\USER32.DLL" />
  <activity timestamp="2015-08-22T07:48:34.964Z" id="273680" type="LoadImageFile" path="C:\WINDOWS\SYSWOW64\ADVAPI32.DLL" />
  <activity timestamp="2015-08-22T07:48:35.080Z" id="273849" type="LoadImageFile" path="C:\WINDOWS\SYSWOW64\OLE32.DLL" />
  <activity timestamp="2015-08-22T07:48:35.081Z" id="273851" type="LoadImageFile" path="C:\WINDOWS\SYSWOW64\GDI32.DLL" />
  <activity timestamp="2015-08-22T07:48:35.188Z" id="273969" type="KernelObject" name="\Sessions\1\BaseNamedObjects\mchMixCache$2558!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T07:48:35.189Z" id="273973" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00002558, API $76f7ff70!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T07:48:35.190Z" id="273978" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00002558, API $76f806f0!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T07:48:35.191Z" id="273983" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00002558, API $76f80870!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T07:48:35.191Z" id="273988" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00002558, API $76f807e0!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T07:48:35.192Z" id="273993" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00002558, API $76f80000!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T07:48:35.194Z" id="274002" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00002558, API $76f80080!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T07:48:35.196Z" id="274011" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00002558, API $76f81cb0!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T07:48:35.198Z" id="274020" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00002558, API $76f81d88!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T07:48:35.201Z" id="274029" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00002558, API $76f7fcac!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T07:48:35.203Z" id="274038" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00002558, API $76f80690!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T07:48:35.203Z" id="274043" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00002558, API $76f80df0!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T07:48:35.205Z" id="274052" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00002558, API $76f81be0!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T07:48:35.207Z" id="274061" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00002558, API $76f7ffa0!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T07:48:35.208Z" id="274066" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00002558, API $76f7fdc4!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T07:48:35.209Z" id="274071" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00002558, API $76f800b0!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T07:48:35.210Z" id="274076" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00002558, API $76f7fd60!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T07:48:35.211Z" id="274081" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00002558, API $76f7febc!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T07:48:35.212Z" id="274085" type="KernelObject" name="\Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00002558, API $76f7febc" isCreate="true" objectType="Section" />
  <activity timestamp="2015-08-22T07:48:35.213Z" id="274091" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00002558, API $76f80888!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T07:48:35.214Z" id="274095" type="KernelObject" name="\Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00002558, API $76f80888" isCreate="true" objectType="Section" />
  <activity timestamp="2015-08-22T07:48:35.215Z" id="274101" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00002558, API $76f80ed4!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T07:48:35.216Z" id="274105" type="KernelObject" name="\Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00002558, API $76f80ed4" isCreate="true" objectType="Section" />
  <activity timestamp="2015-08-22T07:48:35.217Z" id="274111" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00002558, API $76f7fb24!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T07:48:35.218Z" id="274115" type="KernelObject" name="\Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00002558, API $76f7fb24" isCreate="true" objectType="Section" />
  <activity timestamp="2015-08-22T07:48:35.220Z" id="274121" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00002558, API $76f808a0!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T07:48:35.220Z" id="274125" type="KernelObject" name="\Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00002558, API $76f808a0" isCreate="true" objectType="Section" />
  <activity timestamp="2015-08-22T07:48:35.222Z" id="274131" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00002558, API $76f803b4!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T07:48:35.222Z" id="274133" type="LoadImageFile" path="C:\Windows\SysWOW64\CRYPTSP.dll" />
  <activity timestamp="2015-08-22T07:48:35.225Z" id="274138" type="LoadImageFile" path="C:\Windows\SysWOW64\rsaenh.dll" />
  <activity timestamp="2015-08-22T07:48:35.236Z" id="274150" type="LoadImageFile" path="C:\Windows\Globalization\Sorting\SortDefault.nls" />
  <activity timestamp="2015-08-22T07:48:35.250Z" id="274157" type="LoadImageFile" path="C:\WINDOWS\SYSWOW64\SHELL32.DLL" />
  <activity timestamp="2015-08-22T07:48:35.251Z" id="274160" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00002558, API $74fe534a!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T07:48:35.252Z" id="274162" type="KernelObject" name="\Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00002558, API $74fe534a" isCreate="true" objectType="Section" />
  <activity timestamp="2015-08-22T07:48:35.253Z" id="274167" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00002558, API $74dc1e06!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T07:48:35.254Z" id="274169" type="KernelObject" name="\Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00002558, API $74dc1e06" isCreate="true" objectType="Section" />
  <activity timestamp="2015-08-22T07:48:35.256Z" id="274178" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00002558, API $74ffb4d1!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T07:48:35.257Z" id="274180" type="KernelObject" name="\Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00002558, API $74ffb4d1" isCreate="true" objectType="Section" />
  <activity timestamp="2015-08-22T07:48:35.258Z" id="274185" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Mutex, mAH, Process $00002558, API $74df9708!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T07:48:35.259Z" id="274187" type="KernelObject" name="\Sessions\1\BaseNamedObjects\NamedBuffer, mAH, Process $00002558, API $74df9708" isCreate="true" objectType="Section" />
  <activity timestamp="2015-08-22T07:48:35.264Z" id="274191" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Global\{F14EEE62-751A-753A-6BA4-9390D5215A31}!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T07:48:35.265Z" id="274192" type="SetValueKey" regKey="S-1-5-21-1066174001-789875833-1412611579-1000" regValName="" regValType="REG_BINARY" regValData="86BCAC5CB694E09A24E5207961986173EC337E37CFC001C0" />
  <activity timestamp="2015-08-22T07:48:35.284Z" id="274193" type="KernelObject" name="\Sessions\1\BaseNamedObjects\Global\{FACF508A-CBF2-7EBB-6BA4-9390D5215A31}!comodo_6" isCreate="true" objectType="Mutex" />
  <activity timestamp="2015-08-22T07:48:35.287Z" id="274194" type="CreateFile" path="C:\Users\wuliao\AppData\Roaming\Esupf" />
  <activity timestamp="2015-08-22T07:48:35.287Z" id="274195" type="CreateFile" path="C:\Users\wuliao\AppData\Roaming\Esupf\zihil.exe" />
  <activity timestamp="2015-08-22T07:48:35.288Z" id="274196" type="CreateFile" path="C:\Users\wuliao\AppData\Roaming\Fyekb" />
  <activity timestamp="2015-08-22T07:48:35.290Z" id="274197" type="LoadImageFile" path="C:\Windows\SysWOW64\ntmarta.dll" />
  <activity timestamp="2015-08-22T07:48:35.293Z" id="274202" type="FindFile" path="C:\Users\wuliao\AppData\Roaming\Fyekb" pattern="" />
  <activity timestamp="2015-08-22T07:48:35.294Z" id="274203" type="CreateFile" path="C:\Users\wuliao\AppData\Roaming\Fyekb\upno.onf" />
  <activity timestamp="2015-08-22T07:48:35.295Z" id="274204" type="CreateKey" regKey="\Registry\User\S-1-5-21-1066174001-789875833-1412611579-1000\Software\Microsoft\Lyxa" />
  <activity timestamp="2015-08-22T07:48:35.316Z" id="274205" type="ModifyFile" path="C:\Users\wuliao\AppData\Roaming\Esupf\zihil.exe" />
  </activities>
  <children />
  </process>  </vscope>[/mw_shl_code]

[病毒样本] 大家看看这文件

本帖子中包含更多资源

本帖子中包含更多资源

评分

本帖子中包含更多资源

浏览过的版块