每日样本

显示全部楼层 · 发表于 2015-11-30 17:46:50

给AVG点赞！通过衍生物杀母体，这个不错，原来ResidentShield真的不只是杀监测到的样本，还会清除相关项目。@nick20010117 @wjy19800315

显示全部楼层 · 发表于 2015-11-30 12:00:22

eset过

显示全部楼层 · 发表于 2015-11-30 12:00:59

GD扫描miss

显示全部楼层 · 发表于 2015-11-30 12:02:14

数字miss

显示全部楼层 · 发表于 2015-11-30 12:23:16

卡巴斯基启发斩杀，而且不是通用启发

显示全部楼层 · 发表于 2015-11-30 12:58:47

BD双击杀
[mw_shl_code=css,true](Drive)    \Device\HarddiskVolume1
(Drive)    \Device\HarddiskVolume2
(Drive)    \Device\HarddiskVolume3
(Drive)    \Device\HarddiskVolume4
(Drive)    \Device\HarddiskVolume5
Clsid    -------------------------------
Clsid    {00000566-0000-0010-8000-00AA006D2EA4} ADODB.Stream
Clsid    {0358B920-0AC7-461F-98F4-58E32CD89148} Wininet Cache task object
Clsid    {72C24DD5-D70A-438B-8A42-98424B88AFB8} Windows Script Host Shell Object
Clsid    {F414C260-6AC0-11CF-B6D1-00AA00BBBB58} JScript Language
Clsid    {F6D90F16-9C73-11D3-B32E-00C04F990BB4} XML HTTP
File/Key -------------------------------
Image    -------------------------------
Image    *:\program files\sandboxie\sandboxiedcomlaunch.exe
Image    *:\program files\sandboxie\sandboxierpcss.exe
Image    *:\program files\sandboxie\start.exe
Image    *:\windows\system32\dllhost.exe
Image    *:\windows\system32\wscript.exe
Image    g:\program files\adm\adm.dll
Image    g:\program files\bitdefender\bitdefender 2016\active virus control\avc3_00326_002\avcuf32.dll
Image    g:\program files\common files\system\ado\msado15.dll
Image    g:\program files\sandboxie\sbiedll.dll
Image    g:\windows\system32\advapi32.dll
Image    g:\windows\system32\amsi.dll
Image    g:\windows\system32\bcrypt.dll
Image    g:\windows\system32\bcryptprimitives.dll
Image    g:\windows\system32\cfgmgr32.dll
Image    g:\windows\system32\clbcatq.dll
Image    g:\windows\system32\combase.dll
Image    g:\windows\system32\comdlg32.dll
Image    g:\windows\system32\coml2.dll
Image    g:\windows\system32\crypt32.dll
Image    g:\windows\system32\cryptbase.dll
Image    g:\windows\system32\cryptsp.dll
Image    g:\windows\system32\davhlpr.dll
Image    g:\windows\system32\dnsapi.dll
Image    g:\windows\system32\dwmapi.dll
Image    g:\windows\system32\esent.dll
Image    g:\windows\system32\firewallapi.dll
Image    g:\windows\system32\fwbase.dll
Image    g:\windows\system32\fwpuclnt.dll
Image    g:\windows\system32\gdi32.dll
Image    g:\windows\system32\iertutil.dll
Image    g:\windows\system32\imm32.dll
Image    g:\windows\system32\iphlpapi.dll
Image    g:\windows\system32\jscript.dll
Image    g:\windows\system32\jsproxy.dll
Image    g:\windows\system32\kernel.appcore.dll
Image    g:\windows\system32\kernel32.dll
Image    g:\windows\system32\kernelbase.dll
Image    g:\windows\system32\mpr.dll
Image    g:\windows\system32\msasn1.dll
Image    g:\windows\system32\msctf.dll
Image    g:\windows\system32\msdart.dll
Image    g:\windows\system32\msisip.dll
Image    g:\windows\system32\msvcr100.dll
Image    g:\windows\system32\msvcrt.dll
Image    g:\windows\system32\mswsock.dll
Image    g:\windows\system32\msxml3.dll
Image    g:\windows\system32\netapi32.dll
Image    g:\windows\system32\nsi.dll
Image    g:\windows\system32\ntdll.dll
Image    g:\windows\system32\ole32.dll
Image    g:\windows\system32\oleaut32.dll
Image    g:\windows\system32\ondemandconnroutehelper.dll
Image    g:\windows\system32\powrprof.dll
Image    g:\windows\system32\profapi.dll
Image    g:\windows\system32\propsys.dll
Image    g:\windows\system32\psapi.dll
Image    g:\windows\system32\rasadhlp.dll
Image    g:\windows\system32\rpcepmap.dll
Image    g:\windows\system32\rpcrt4.dll
Image    g:\windows\system32\rpcrtremote.dll
Image    g:\windows\system32\rpcss.dll
Image    g:\windows\system32\rsaenh.dll
Image    g:\windows\system32\scrobj.dll
Image    g:\windows\system32\scrrun.dll
Image    g:\windows\system32\sechost.dll
Image    g:\windows\system32\shcore.dll
Image    g:\windows\system32\shell32.dll
Image    g:\windows\system32\shlwapi.dll
Image    g:\windows\system32\sspicli.dll
Image    g:\windows\system32\sxs.dll
Image    g:\windows\system32\urlmon.dll
Image    g:\windows\system32\user32.dll
Image    g:\windows\system32\userenv.dll
Image    g:\windows\system32\uxtheme.dll
Image    g:\windows\system32\version.dll
Image    g:\windows\system32\windows.storage.dll
Image    g:\windows\system32\winhttp.dll
Image    g:\windows\system32\wininet.dll
Image    g:\windows\system32\winnsi.dll
Image    g:\windows\system32\wintrust.dll
Image    g:\windows\system32\wldp.dll
Image    g:\windows\system32\ws2_32.dll
Image    g:\windows\system32\wshext.dll
Image    g:\windows\system32\wshom.ocx
Image    g:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10586.0_none_811bc0006c44242b\comctl32.dll
Image    g:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528\comctl32.dll
Ipc       -------------------------------
Ipc       \BaseNamedObjects\__ComCatalogCache__
Ipc       \BaseNamedObjects\{A3BD3259-3E4F-428a-84C8-F0463A9D3EB5}
Ipc       \BaseNamedObjects\{A64C7F33-DA35-459b-96CA-63B51FB0CDB9}
Ipc       \BaseNamedObjects\G:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000003.db
Ipc       \BaseNamedObjects\G:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db
Ipc       \BaseNamedObjects\G:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
Ipc       \BaseNamedObjects\RotHintTable
Ipc       \BaseNamedObjects\SC_AutoStartComplete
Ipc       \BaseNamedObjects\windows_shell_global_counters
Ipc       \RPC Control\actkernel
Ipc       \RPC Control\epmapper
Ipc       \RPC Control\OLE46EBA6B7DE05FCF92A9FED14DB25
Ipc       \RPC Control\OLE4F47470DDA77DE40401BE4D8D14E
Ipc       \RPC Control\OLE594A88B993032DA1B6BA1E7A4DF6
Ipc       \RPC Control\webcache_{031b98cf-4a69-4c31-ab42-fd9b3c199407}_S-1-5-21-754286862-146407969-688418137-1001
Ipc       \RPC Control\webcache_{7329ea82-0845-4e4c-bd18-02b67ac065cc}_S-1-5-21-754286862-146407969-688418137-1001
Ipc       \Sessions\1\BaseNamedObjects\__ComCatalogCache__
Ipc       \Sessions\1\BaseNamedObjects\{A3BD3259-3E4F-428a-84C8-F0463A9D3EB5}
Ipc       \Sessions\1\BaseNamedObjects\{A64C7F33-DA35-459b-96CA-63B51FB0CDB9}
Ipc       \Sessions\1\BaseNamedObjects\ComPlusCOMRegTable
Ipc       \Sessions\1\BaseNamedObjects\ComTaskPool:7004
Ipc       \Sessions\1\BaseNamedObjects\G:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000003.db
Ipc       \Sessions\1\BaseNamedObjects\G:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db
Ipc       \Sessions\1\BaseNamedObjects\G:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro
Ipc       \Sessions\1\BaseNamedObjects\G:*Users*******AppData*Local*Microsoft*Windows*Caches*{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000001d.db
Ipc       \Sessions\1\BaseNamedObjects\G:*Users*******AppData*Local*Microsoft*Windows*Caches*cversions.1.ro
Ipc       \Sessions\1\BaseNamedObjects\RotHintTable
Ipc       \Sessions\1\BaseNamedObjects\SBIE_BOXED_DummyEvent_6036
Ipc       \Sessions\1\BaseNamedObjects\SBIE_BOXED_DummyEvent_6756
Ipc       \Sessions\1\BaseNamedObjects\SBIE_BOXED_DummyEvent_7004
Ipc       \Sessions\1\BaseNamedObjects\SBIE_BOXED_DummyEvent_7244
Ipc       \Sessions\1\BaseNamedObjects\SBIE_BOXED_DummyEvent_8052
Ipc       \Sessions\1\BaseNamedObjects\SBIE_BOXED_RPCSS_SXS_READY
Ipc       \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_DcomLaunch
Ipc       \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_Mutex1
Ipc       \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_RpcEptMapper
Ipc       \Sessions\1\BaseNamedObjects\SBIE_BOXED_ServiceInitComplete_RpcSs
Ipc       \Sessions\1\BaseNamedObjects\SC_AutoStartComplete
Ipc       \Sessions\1\BaseNamedObjects\ScmCreatedEvent
Ipc       \Sessions\1\BaseNamedObjects\SyncRootManager
Ipc       \Sessions\1\BaseNamedObjects\UrlZonesSM_*****
Ipc       \Sessions\1\BaseNamedObjects\windows_shell_global_counters
Ipc       \Sessions\1\BaseNamedObjects\windows_webcache_bloom_section_{2E9AF9DE-CA38-4F1A-AB06-4FDFEC7179FB}
Ipc       \Sessions\1\BaseNamedObjects\ZonesCacheCounterMutex
Ipc       \Sessions\1\BaseNamedObjects\ZonesLockedCacheCounterMutex
Ipc    O  \KernelObjects\LowMemoryCondition
Ipc    O  \KernelObjects\MaximumCommitCondition
Ipc    O  \KnownDlls\advapi32.dll
Ipc    O  \KnownDlls\bcryptPrimitives.dll
Ipc    O  \KnownDlls\cfgmgr32.dll
Ipc    O  \KnownDlls\clbcatq.dll
Ipc    O  \KnownDlls\combase.dll
Ipc    O  \KnownDlls\COMDLG32.dll
Ipc    O  \KnownDlls\coml2.dll
Ipc    O  \KnownDlls\CRYPT32.dll
Ipc    O  \KnownDlls\FirewallAPI.dll
Ipc    O  \KnownDlls\gdi32.dll
Ipc    O  \KnownDlls\IMM32.dll
Ipc    O  \KnownDlls\kernel.appcore.dll
Ipc    O  \KnownDlls\kernel32.dll
Ipc    O  \KnownDlls\kernelbase.dll
Ipc    O  \KnownDlls\MSASN1.dll
Ipc    O  \KnownDlls\MSCTF.dll
Ipc    O  \KnownDlls\MSVCRT.dll
Ipc    O  \KnownDlls\NETAPI32.dll
Ipc    O  \KnownDlls\NSI.dll
Ipc    O  \KnownDlls\ole32.dll
Ipc    O  \KnownDlls\OLEAUT32.dll
Ipc    O  \KnownDlls\powrprof.dll
Ipc    O  \KnownDlls\profapi.dll
Ipc    O  \KnownDlls\PSAPI.DLL
Ipc    O  \KnownDlls\rpcrt4.dll
Ipc    O  \KnownDlls\sechost.dll
Ipc    O  \KnownDlls\SHCORE.dll
Ipc    O  \KnownDlls\SHELL32.dll
Ipc    O  \KnownDlls\SHLWAPI.dll
Ipc    O  \KnownDlls\user32.dll
Ipc    O  \KnownDlls\windows.storage.dll
Ipc    O  \KnownDlls\WINTRUST.dll
Ipc    O  \KnownDlls\WS2_32.dll
Ipc    O  \RPC Control\DNSResolver
Ipc    O  \RPC Control\lsapolicylookup
Ipc    O  \RPC Control\LSARPC_ENDPOINT
Ipc    O  \RPC Control\lsasspirpc
Ipc    O  \RPC Control\SbieSvcPort
Ipc    O  \Security\LSA_AUTHENTICATION_INITIALIZED
Ipc    O  \Sessions\1\Windows\SharedSection
Ipc    O  \Sessions\1\Windows\Theme1509724904
Ipc    O  \Sessions\1\Windows\ThemeSection
Ipc    O  \ThemeApiPort
Ipc    O  \Windows\Theme46158101
Pipe       -------------------------------
Pipe       ?
Pipe       \Device\AVC3IOCTL
Pipe       \Device\CNG
Pipe       \Device\Harddisk0\DR0
Pipe       \Device\HarddiskVolume1
Pipe       \Device\HarddiskVolume2
Pipe       \Device\HarddiskVolume3
Pipe       \Device\HarddiskVolume4
Pipe       \Device\HarddiskVolume5
Pipe       \Device\KsecDD
Pipe       \Device\MountPointManager
Pipe       \Device\Ndis
Pipe       \Device\NDMP2
Pipe       \Device\NDMP3
Pipe       \Device\NDMP4
Pipe    O  \Device\Afd
Pipe    O  \Device\Nsi
WinCls    -------------------------------
WinCls O  Shell_TrayWnd
[/mw_shl_code]

显示全部楼层 · 发表于 2015-11-30 13:16:50

CIS miss

显示全部楼层 · 发表于 2015-11-30 13:17:17

这东西一直触发卷影复制服务是什么意思.....

显示全部楼层 · 发表于 2015-11-30 13:32:36

Avira miss
to Avira

显示全部楼层 · 发表于 2015-11-30 17:39:03

本帖最后由 fuzhk 于 2015-11-30 17:47 编辑

sodium 发表于 2015-11-30 13:17
这东西一直触发卷影复制服务是什么意思.....

不会是勒索吧？

[可疑文件] 每日样本

本帖子中包含更多资源

评分

本帖子中包含更多资源

评分

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源