勒索软件家族新成员——Locky Ransomware

230f4

infected

没什么想解释的

BFAX

ESET:

断簪

NIS 入库杀
EES 杀

aboringman

AVG：

扫描：killed（什么鬼。。。。。。）；

"";"Trojan horse Generic37.ANOD, c:\Users\killer\Desktop\Locky Ransomware.exe";"Healed, Moved to Virus Vault";"File or Directory";"2016/2/17, 12:57:45"

双击：关闭监控，实机双击，IDP击杀之。（连同衍生物，又现ARES）

"";"IDP.ARES.Generic, C:\Users\killer\AppData\Local\Temp\svchost.exe";"Deleted, Moved to Virus Vault";"File or Directory";"2016/2/17, 12:59:10"

"";", C:\USERS\KILLER\DESKTOP\新建文件夹\LOCKY RANSOMWARE.EXE";"Object was blocked";"Process";"2016/2/17, 12:59:10"

"";", C:\Windows\System32\cmd.exe";"Object was blocked";"Process";"2016/2/17, 12:59:10"

"";", C:\USERS\KILLER\APPDATA\LOCAL\TEMP\SYS533E.TMP";"Deleted";"File or Directory";"2016/2/17, 12:59:10"

"";", HKEY_USERS\S-1-5-21-540828005-2055914412-3868506426-1000\SOFTWARE\LOCKY";"Deleted, Moved to Virus Vault";"Registry
key";"2016/2/17, 12:59:10"

"";", C:\Users\killer\AppData\Local\Temp\svchost.exe";"Object was blocked";"Process";"2016/2/17, 12:59:10"

z2009

解压fs秒

pal家族

17.02.2016 13.22.22;Detected object (file) deleted.;D:\360安全浏览器下载\Locky Ransomware\Locky Ransomware.exe;WinRAR 压缩文件管理器;D:\360安全浏览器下载\Locky Ransomware\Locky Ransomware.exe;02/17/2016 13:22:22;Trojan.Win32.Yakes.pazk

傻傻的杰宝

火绒杀，代码混淆器，可能还没入库

nick20010117

BG扫描不杀，双击kill
可疑文件： Locky Ransomware.exe

风险： 高
路径： C:\Users\Administrator\Desktop\Locky Ransomware (1)\Locky Ransomware.exe

详细信息
•    Locky Ransomware.exe 程序试图启动服务。

修改的文件
•    C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\TEMP\SVCHOST.EXE (created)
•    C:\Users\ADMINI~1\AppData\Local\Temp\sys80C3.tmp (created)
•    C:\Users\Administrator\Desktop\Locky Ransomware (1)\Locky Ransomware.exe

修改的注册表
•    \REGISTRY\MACHINE\SYSTEM\CONTROLSET001\CONTROL\SESSION MANAGER:PendingFileRenameOperations (modified: old_value=, new_value =[\??\C:\Users\ADMINI~1\AppData\Local\Temp\sys80C3.tmp, ])

275751198

360 HEUR/QVM07.1.Malware.Gen
原来360用这条特征码识别加密勒索

cfhdrty

傻傻的杰宝 发表于 2016-2-17 13:34
火绒杀，代码混淆器，可能还没入库

代码混淆是啥意思，都是报这个