Detection ratio: 7 / 54 挂马 求诺顿声纳测试，win8.1X64、win10 X64下

墨家小子

SHA256:        4f56718a84b29a5a1720c1029de9624ebe566eadb5b4ed2dd22db309a178ebf2
File name:        28FC.tmp
Detection ratio:        7 / 54
Analysis date:        2016-02-06 11:42:44 UTC ( 0 minutes ago )
https://www.virustotal.com/en/file/4f56718a84b29a5a1720c1029de9624ebe566eadb5b4ed2dd22db309a178ebf2/analysis/1454758964/

样本貌似稍微改了一下，诺顿声纳（win8.1 X64下）还是不杀，注入explorer，添加启动项……
根据那个谁第几楼的win10 X64下的测试，初步判定，声纳在X64 win8.1 win10下有问题，谁在试试X32就好了~~

温馨小屋

SONAR被过，启动项被添加

windows7爱好者

扫描miss
我一怒之下直接双击

aboringman

AVG：

扫描：miss；

双击：实机双击，IDP击杀衍生物。

"";"IDP.ALEXA.51, C:\Users\kiiler\AppData\Roaming\Microsoft\Iojivkuo\iojivku.exe";"Deleted, Moved to Virus Vault";"File or Directory";"2016/2/6, 19:53:18"
"";", C:\Program Files\Internet Explorer\iexplore.exe";"Object was blocked";"Process";"2016/2/6, 19:53:18"
"";", C:\Windows\System32\schtasks.exe";"Object was blocked";"Process";"2016/2/6, 19:53:18"
"";", C:\Windows\System32\schtasks.exe";"Object was blocked";"Process";"2016/2/6, 19:53:18"
"";", C:\Windows\System32\svchost.exe";"Reboot is required to finish the action";"Process";"2016/2/6, 19:53:18"
"";", C:\Windows\System32\dwm.exe";"Object was blocked";"Process";"2016/2/6, 19:53:18"
"";", C:\Windows\System32\taskhost.exe";"Object was blocked";"Process";"2016/2/6, 19:53:18"
"";", C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe";"Object was blocked";"Process";"2016/2/6, 19:53:18"
"";", C:\USERS\KIILER\APPDATA\ROAMING\MICROSOFT\IOJIVKUO\IOJIVKU32.DLL";"Deleted";"File or Directory";"2016/2/6, 19:53:18"
"";", C:\USERS\KIILER\APPDATA\ROAMING\MICROSOFT\IOJIVKUO\CIOJIVKU32.DLL";"Deleted";"File or Directory";"2016/2/6, 19:53:18"
"";", C:\Program Files\Tencent\QQMicroGameBoxService\1.0.0.3\QQMGBWebserver.exe";"Object was blocked";"Process";"2016/2/6, 19:53:18"
"";", C:\Users\kiiler\AppData\Roaming\Microsoft\Iojivkuo\iojivku.exe";"Object was blocked";"Process";"2016/2/6, 19:53:18"
"";", HKEY_USERS\S-1-5-21-2236816692-667211127-2861217297-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\CCLEANER MONITORING";"Deleted, Moved to Virus Vault";"Registry value";"2016/2/6, 19:53:18"
"";", HKEY_USERS\S-1-5-21-2236816692-667211127-2861217297-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\VJCT";"Deleted, Moved to Virus Vault";"Registry value";"2016/2/6, 19:53:18"
"";", HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\ATDLCD";"Deleted";"Registry key";"2016/2/6, 19:53:18"

墨家小子

aboringman 发表于 2016-2-6 19:54
AVG：

扫描：miss；

好像混进了奇怪的东西

"";", C:\Program Files\Tencent\QQMicroGameBoxService\1.0.0.3\QQMGBWebserver.exe";"Object was blocked";"Process";"2016/2/6, 19:53:18"

墨家小子

windows7爱好者 发表于 2016-2-6 19:45
扫描miss
我一怒之下直接双击

看看启动项

pal家族

没时间解释了！快上车！

aboringman

墨家小子 发表于 2016-2-6 19:57
好像混进了奇怪的东西

此话怎讲。

aiqinghe

ESET拦截

windows7爱好者

墨家小子 发表于 2016-2-6 19:57
看看启动项

正当我重启准备再撸时，突然出现了运行文件警告，我知道我输了，果然如你所说，我会记住这个教训的

墨家小子

windows7爱好者 发表于 2016-2-6 20:02
正当我重启准备再撸时，突然出现了运行文件警告，我知道我输了，果然如你所说，我会记住这个教训 ...

本来我不想跟你说的，想了想，你是实机，我是很善良的，于是……头就
不过下不为例啦