看来吃菜时间真的到了,这顿可真丰盛啊
AVG:
扫描:kill 3 files;
"";"Trojan horse Crypt5.XVD, C:\Users\killer\Desktop\7babbfbbd4d8a15dd7b93bcd8e985c676e0e1e063162be8ef2ee789729b5f9c9.bin";"Healed, Moved to Virus Vault";"File or Directory";"2016/2/16, 19:46:18"
"";"Trojan horse Crypt5.XVD, C:\Users\killer\Desktop\GOOGLEUPDATE.bin";"Healed, Moved to Virus Vault";"File or Directory";"2016/2/16, 19:46:18"
"";"Trojan horse Atros2.BUEF, C:\Users\killer\Desktop\dump.bin";"Healed, Moved to Virus Vault";"File or Directory";"2016/2/16, 19:46:18"
"";"Trojan horse Atros2.BUEF, C:\Users\killer\Desktop\dump.bin:\k32";"Healed";"Embedded element in the archive, email attachment, cookie etc.";"2016/2/16, 19:46:18"
"";"Trojan horse Atros2.BUEE, C:\Users\killer\Desktop\dump.bin:\k64";"Healed";"Embedded element in the archive, email attachment, cookie etc.";"2016/2/16, 19:46:18"
双击:关闭监控,实机双击,IDP kill "GOOGLEUPDATE.exe" and "7babbfbbd4d8a15dd7b93bcd8e985c676e0e1e063162be8ef2ee789729b5f9c9.exe",双击dump.exe提示错误,然后自动退出,未留下可疑痕迹。
"";"Unknown, C:\Users\killer\Desktop\新建文件夹\7babbfbbd4d8a15dd7b93bcd8e985c676e0e1e063162be8ef2ee789729b5f9c9.exe";"Deleted, Moved to Virus Vault";"File or Directory";"2016/2/16, 19:51:09"
"";", C:\Users\killer\Desktop\新建文件夹\7babbfbbd4d8a15dd7b93bcd8e985c676e0e1e063162be8ef2ee789729b5f9c9.exe";"Object was blocked";"Process";"2016/2/16, 19:51:09"
"";", C:\Windows\explorer.exe";"Object was blocked";"Process";"2016/2/16, 19:51:09"
"";", C:\Windows\System32\svchost.exe";"Object was blocked";"Process";"2016/2/16, 19:51:09"
"";", C:\PROGRAM FILES\GOOGLE\DESKTOP\INSTALL\{47D1BB67-8CD7-5BD3-EC57-CC383EE5C2AD}\# \GOOGLEUPDATE.EXE";"Deleted, Moved to Virus Vault";"File or Directory";"2016/2/16, 19:51:09"
"";", C:\USERS\KILLER\APPDATA\LOCAL\GOOGLE\DESKTOP\INSTALL\{47D1BB67-8CD7-5BD3-EC57-CC383EE5C2AD}\# \GOOGLEUPDATE.EXE";"Deleted, Moved to Virus Vault";"File or Directory";"2016/2/16, 19:51:09"
"";", HKEY_USERS\S-1-5-21-540828005-2055914412-3868506426-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\!";"Deleted, Moved to Virus Vault";"Registry value";"2016/2/16, 19:51:09"
"";", HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\{47D1BB67-8CD7-5BD3-EC57-CC383EE5C2AD}";"Deleted, Moved to Virus Vault";"Registry key";"2016/2/16, 19:51:09"
"";", HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\{47D1BB67-8CD7-5BD3-EC57-CC383EE5C2AD}";"Deleted";"Registry key";"2016/2/16, 19:51:09"
"";"Unknown, C:\Users\killer\Desktop\新建文件夹\GOOGLEUPDATE.exe";"Healed, Moved to Virus Vault";"File or Directory";"2016/2/16, 19:56:25"
"";", C:\Users\killer\Desktop\新建文件夹\GOOGLEUPDATE.exe";"Object was blocked";"Process";"2016/2/16, 19:56:25"
"";", C:\Windows\explorer.exe";"Object was blocked";"Process";"2016/2/16, 19:56:25"
"";", C:\USERS\KILLER\APPDATA\LOCAL\GOOGLE\DESKTOP\INSTALL\{47D1BB67-8CD7-5BD3-EC57-CC383EE5C2AD}\# \GOOGLEUPDATE.EXE";"Deleted, Moved to Virus Vault";"File or Directory";"2016/2/16, 19:56:25"
"";", HKEY_USERS\S-1-5-21-540828005-2055914412-3868506426-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\!";"Deleted, Moved to Virus Vault";"Registry value";"2016/2/16, 19:56:25"
"";", HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\{47D1BB67-8CD7-5BD3-EC57-CC383EE5C2AD}";"Deleted, Moved to Virus Vault";"Registry key";"2016/2/16, 19:56:25"
"";", HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\{47D1BB67-8CD7-5BD3-EC57-CC383EE5C2AD}";"Deleted";"Registry key";"2016/2/16, 19:56:25"
后来全扫了一次,没有问题,Hunter也未发现可疑驱动,防御成功。
|
楼主: 断簪
[复制链接]
发表于 2016-2-16 21:04:36
,报错后进程也没有,蜘蛛右键杀掉,重启都不需要