本帖最后由 aboringman 于 2015-8-29 11:20 编辑
NS 扫描:kill 22,fix 10;
下载智能分析:kill 18、14;
改rar格式(触发IPS):kill 08、41;
另:50、20信誉良好,50右键入沙释放两个网址(无异常行为),20为下载器,SONAR杀衍生物;16、21、02、43、39、10、30、11、07、13、23、45不是程序/压缩包格式。
20衍生物信息:
[mw_shl_code=css,true]Filename: setup.exe
Threat name: SONAR.SuspBeh!gen32Full Path: Not Available
____________________________
____________________________
On computers as of
2015-8-29 at 10:54:41
Last Used
2015-8-29 at 10:54:41
Startup Item
No
Launched
Yes
SONAR Protection monitors for suspicious program activity on your computer.
____________________________
setup.exe Threat name: SONAR.SuspBeh!gen32
Locate
Very Few Users
Fewer than 5 users in the Norton Community have used this file.
Very New
This file was released less than 1 week ago.
High
This file risk is high.
____________________________
http://cdn.getrecordpage.com/recordpage/si?tr=.exe
Downloaded File setup.exe Threat name: SONAR.SuspBeh!gen32
from getrecordpage.com
Source: External Media
20.exe
File Created:
setup.exe
____________________________
File Actions
File: c:\sandbox\administrator\defaultbox\user\current\local settings\temp\1jxc3rw63rrxecxvlt8\445\ setup.exe Threat Removed
____________________________
System Settings Actions
Event: Process start (Performed by c:\sandbox\administrator\defaultbox\user\current\local settings\temp\1jxc3rw63rrxecxvlt8\445\setup.exe, PID:4840) No action taken
Event: Process start: c:\sandbox\administrator\defaultbox\user\current\local settings\temp\1jxc3rw63rrxecxvlt8\445\ setup.exe, PID:4840 (Performed by c:\sandbox\administrator\defaultbox\user\current\local settings\temp\1jxc3rw63rrxecxvlt8\445\setup.exe, PID:4840) No action taken
____________________________
File Thumbprint - SHA:
Not available
File Thumbprint - MD5:
Not available
[/mw_shl_code]
AVG 扫描:kill 28,fix 3
改exe双击:监控杀36(下载器)衍生物
[mw_shl_code=css,true]"外壳扩展扫描(Shell Extension Scan)"
"高严重性";"28";"28";"0"
"中等严重性";"3";"3";"0"
"已扫描:";"C:\Documents and Settings\Administrator\桌面\2015.8.29"
"已启动:";"2015-8-29, 10:22:47"
"已完成:";"2015-8-29, 10:22:54"
"项目数:";"297"
"启动者:";"Administrator"
"名称";"说明";"状态";"状态";"优先级"
"C:\Documents and Settings\Administrator\桌面\2015.8.29\44.vir";"特洛伊木马 DoS.DPE";"已保护";"已修复";"高"
"C:\Documents and Settings\Administrator\桌面\2015.8.29\28.vir";"特洛伊木马 Inject3.CYD";"已保护";"已修复";"高"
"C:\Documents and Settings\Administrator\桌面\2015.8.29\47.vir";"发现病毒 Win32/Agent.BB.dropper";"已保护";"已修复";"高"
"C:\Documents and Settings\Administrator\桌面\2015.8.29\15.vir";"发现病毒 W97M/Generic";"已保护";"已修复";"高"
"C:\Documents and Settings\Administrator\桌面\2015.8.29\46.vir";"特洛伊木马 PSW.Generic_c.EDC";"已保护";"已修复";"高"
"C:\Documents and Settings\Administrator\桌面\2015.8.29\33.vir";"发现病毒 WM/CopyCap.A";"已保护";"已修复";"高"
"C:\Documents and Settings\Administrator\桌面\2015.8.29\24.vir";"特洛伊木马 Exploit.Java_c.QWY";"已保护";"已修复";"高"
"C:\Documents and Settings\Administrator\桌面\2015.8.29\48.vir";"发现病毒 Worm/Generic_vb.AYV";"已保护";"已修复";"高"
"C:\Documents and Settings\Administrator\桌面\2015.8.29\27.vir";"特洛伊木马 Inject3.CWH";"已保护";"已修复";"高"
"C:\Documents and Settings\Administrator\桌面\2015.8.29\14.vir";"特洛伊木马 Inject3.CRU";"已保护";"已修复";"高"
"C:\Documents and Settings\Administrator\桌面\2015.8.29\01.vir";"特洛伊木马 Inject3.CHV";"已保护";"已修复";"高"
"C:\Documents and Settings\Administrator\桌面\2015.8.29\23.vir";"发现病毒 W97M/Generic";"已保护";"已修复";"高"
"C:\Documents and Settings\Administrator\桌面\2015.8.29\10.vir";"发现病毒 JS/Downloader.Agent";"已保护";"已修复";"高"
"C:\Documents and Settings\Administrator\桌面\2015.8.29\21.vir";"发现病毒 Java/Exploit.CGM";"已保护";"已修复";"高"
"C:\Documents and Settings\Administrator\桌面\2015.8.29\17.vir";"特洛伊木马 Agent_r.CCT";"已保护";"已修复";"高"
"C:\Documents and Settings\Administrator\桌面\2015.8.29\04.vir";"特洛伊木马 Exploit.SWF_c.RO";"已保护";"已修复";"高"
"C:\Documents and Settings\Administrator\桌面\2015.8.29\34.vir";"特洛伊木马 Generic_s.FHE";"已保护";"已修复";"高"
"C:\Documents and Settings\Administrator\桌面\2015.8.29\31.vir";"发现病毒 W97M/Generic";"已保护";"已修复";"高"
"C:\Documents and Settings\Administrator\桌面\2015.8.29\03.vir";"发现 Win32/DH{gRKBE0GBD3luflBUTxVRgRWBB4EJHFM}";"已保护";"已修复";"高"
"C:\Documents and Settings\Administrator\桌面\2015.8.29\06.vir";"特洛伊木马 BackDoor.Generic_r.MMA";"已保护";"已修复";"高"
"C:\Documents and Settings\Administrator\桌面\2015.8.29\40.vir";"特洛伊木马 MSIL8.CCUB";"已保护";"已修复";"高"
"C:\Documents and Settings\Administrator\桌面\2015.8.29\05.vir";"可能是特洛伊木马 PSW.ILUSpy";"已保护";"已修复";"高"
"C:\Documents and Settings\Administrator\桌面\2015.8.29\22.vir";"特洛伊木马 Downloader.Generic13.CCBA";"已保护";"已修复";"高"
"C:\Documents and Settings\Administrator\桌面\2015.8.29\32.vir";"特洛伊木马 Downloader.Banload2.AIDI";"已保护";"已修复";"高"
"C:\Documents and Settings\Administrator\桌面\2015.8.29\41.vir";"特洛伊木马 MSIL8.CDHK";"已保护";"已修复";"高"
"C:\Documents and Settings\Administrator\桌面\2015.8.29\12.vir";"特洛伊木马 Crypt_s.JBD";"已保护";"已修复";"高"
"C:\Documents and Settings\Administrator\桌面\2015.8.29\25.vir";"特洛伊木马 Crypt4.CBFN";"已保护";"已修复";"高"
"C:\Documents and Settings\Administrator\桌面\2015.8.29\50.vir";"发现 MalSign.Generic.5B4";"已保护";"已修复";"中等"
"C:\Documents and Settings\Administrator\桌面\2015.8.29\20.vir";"发现 MalSign.Generic.A6D";"已保护";"已修复";"中等"
"C:\Documents and Settings\Administrator\桌面\2015.8.29\42.vir";"可能不需要的应用程序 Crack.MG";"已保护";"已修复";"中等"
"C:\Documents and Settings\Administrator\桌面\2015.8.29\37.vir";"特洛伊木马 Inject3.CWH";"已保护";"已修复";"高"
[/mw_shl_code]
36衍生物信息:
[mw_shl_code=css,true]"";"广告软件 AdInstaller.SecXplod, c:\Sandbox\Administrator\DefaultBox\user\current\Local Settings\Temporary Internet Files\Content.IE5\BBIDV4L3\Setup_ChromePasswordDecryptor[1].exe";"已修复";"文件或目录";"2015-8-29, 10:28:34"
"";"广告软件 AdInstaller.SecXplod, Setup_ChromePasswordDecryptor[1].exe:\$HEADER";"已修复";"存档、电子邮件附件、cookie 等中的嵌入式元素。";"2015-8-29, 10:28:34"
[/mw_shl_code] |
楼主: steven_lzs
[复制链接]
发表于 2015-8-29 10:16:34
