Detection ratio: 2 / 53 Mass Injection Website 19 加密勒索挂马

胖福

墨家小子 发表于 2016-2-2 11:54
看你楼下，双杀呢，呵呵|||~~

刚才试了下确实杀了！

墨家小子

胖福 发表于 2016-2-2 12:22
刚才试了下确实杀了！

声纳说：谢谢你的第一次舍身取义

胖福

墨家小子 发表于 2016-2-2 12:24
声纳说：谢谢你的第一次舍身取义

有两种可能，一是我第一次双击的时候是连续双击了两个样本，这是否会影响诺顿的判断，还有一种可能就是诺顿暂时性抽风！

1446547521

双击干掉

HEMM

过MA，只是拉黑杀

aboringman

AVG：

扫描：miss；

双击：实机双击，IDP 双杀。

"";"IDP.HELU.UES11, C:\Users\kiiler\Desktop\A466.tmp.exe";"Deleted, Moved to Virus Vault";"File or Directory";"2016/2/2, 13:08:48"
"";", C:\Windows\System32\svchost.exe";"Object was blocked";"Process";"2016/2/2, 13:08:48"
"";", C:\Users\kiiler\Desktop\A466.tmp.exe";"Object was blocked";"Process";"2016/2/2, 13:08:48"

"";"IDP.HELU.UES11, C:\Users\kiiler\Desktop\EB75.tmp.exe";"Deleted, Moved to Virus Vault";"File or Directory";"2016/2/2, 13:07:22"
"";", C:\Windows\System32\svchost.exe";"Object was blocked";"Process";"2016/2/2, 13:07:22"
"";", C:\Users\kiiler\Desktop\EB75.tmp.exe";"Object was blocked";"Process";"2016/2/2, 13:07:22"



ESET：

扫描：kill all files；

C:\Users\kiiler\Desktop\新建文件夹\A466.tmp.exe - Suspicious Object - deleted

C:\Users\kiiler\Desktop\新建文件夹\EB75.tmp.exe - Suspicious Object - deleted

双击：关闭监控，实机双击，AMS 双杀。。。。。。（这不可能啊，而且又是kryptik什么鬼。。。。。。）

Time;Scanner;Object type;Object;Threat;Action;User;Information;Hash

2016/2/2 13:27:40;Advanced memory scanner;file;Operating memory » A466.tmp.exe(7528);Win32/Kryptik.CKQZ trojan;cleaned - contained infected files;;;C85B095BE183F78F11B98481AD124DED86D2F881

2016/2/2 13:23:34;Advanced memory scanner;file;Operating memory » EB75.tmp.exe(4524);Win32/Kryptik.CKQZ trojan;cleaned - contained infected files;;;E07B17EA861CEBB4C4EF5A8A2A01D5AB3F4540CE

windows7爱好者

貌似来晚了

五月大地

国产软件的动作也不小嘛，再接再厉。