疑似敲竹杠一枚

ymb668888

卡巴解压杀

aboringman

AVG：

扫描：miss；

双击：实机双击，IDP击杀之。（好厉害，改密码还加驱，虽然IDP干掉了它的一大堆衍生物，但还是密码还是被修改了。。。。。。）

"";"IDP.ALEXA.51, C:\Users\killer\Desktop\cf卡bug不掉血补丁.exe";"Deleted, Moved to Virus Vault";"File or Directory";"2016/2/19, 21:23:56"

"";", C:\Windows\System32\wbem\WMIC.exe";"Object was blocked";"Process";"2016/2/19, 21:23:56"

"";", C:\Windows\System32\net.exe";"Object was blocked";"Process";"2016/2/19, 21:23:56"

"";", C:\Windows\System32\net.exe";"Object was blocked";"Process";"2016/2/19, 21:23:56"

"";", C:\Windows\System32\net.exe";"Object was blocked";"Process";"2016/2/19, 21:23:56"

"";", C:\Windows\System32\net.exe";"Object was blocked";"Process";"2016/2/19, 21:23:56"

"";", C:\Windows\System32\net.exe";"Object was blocked";"Process";"2016/2/19, 21:23:56"

"";", C:\Windows\System32\net1.exe";"Object was blocked";"Process";"2016/2/19, 21:23:56"

"";", C:\Windows\System32\net1.exe";"Object was blocked";"Process";"2016/2/19, 21:23:56"

"";", C:\Windows\System32\net1.exe";"Object was blocked";"Process";"2016/2/19, 21:23:56"

"";", C:\Windows\System32\net1.exe";"Object was blocked";"Process";"2016/2/19, 21:23:56"

"";", C:\Windows\System32\net1.exe";"Object was blocked";"Process";"2016/2/19, 21:23:56"

"";", C:\Users\killer\Desktop\Qx2.sys";"Deleted, Moved to Virus Vault";"File or Directory";"2016/2/19, 21:23:56"

"";", HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\HIDEME";"Deleted";"Registry key";"2016/2/19, 21:23:56"

"";", C:\Users\killer\Desktop\cf卡bug不掉血补丁.exe";"Object was blocked";"Process";"2016/2/19, 21:23:56"

"";", HKEY_USERS\S-1-5-21-540828005-2055914412-3868506426-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM";"Deleted, Moved to Virus Vault";"Registry key";"2016/2/19, 21:23:56"

"";", HKEY_USERS\S-1-5-21-540828005-2055914412-3868506426-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER";"Deleted, Moved to Virus Vault";"Registry key";"2016/2/19, 21:23:56"

"";", HKEY_USERS\S-1-5-21-540828005-2055914412-3868506426-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM\\DISABLETASKMGR";"Deleted";"Registry value";"2016/2/19, 21:23:56"

"";", HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SCRFILE\SHELL\OPEN\COMMAND";"Healed, Moved to Virus Vault";"Registry key";"2016/2/19, 21:23:56"

"";", HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PIFFILE\SHELL\OPEN\COMMAND";"Healed, Moved to Virus Vault";"Registry key";"2016/2/19, 21:23:56"

"";", HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\COMFILE\SHELL\OPEN\COMMAND";"Healed, Moved to Virus Vault";"Registry key";"2016/2/19, 21:23:56"

"";", HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\BATFILE\SHELL\OPEN\COMMAND";"Healed, Moved to Virus Vault";"Registry key";"2016/2/19, 21:23:56"

"";", HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CMDFILE\SHELL\OPEN\COMMAND";"Healed, Moved to Virus Vault";"Registry key";"2016/2/19, 21:23:56"

"";", HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\EXEFILE\SHELL\OPEN\COMMAND";"Healed, Moved to Virus Vault";"Registry key";"2016/2/19, 21:23:56"

1446547521

aboringman 发表于 2016-2-19 21:29
AVG：

扫描：miss；

微软账户自动免疫敲竹杠

aboringman

1446547521 发表于 2016-2-19 21:34
微软账户自动免疫敲竹杠

可惜我是Win7，然而改密并没有什么用

1446547521

KIS 关HIPS，关监控，关KSN双击


19.02.2016 21.36.27;恶意程序已终止;PDM:Trojan.Win32.Bazon.a;E:\迅雷下载\cf卡bug不掉血补丁.exe;E:\迅雷下载\cf卡bug不掉血补丁.exe;02/19/2016 21:36:27

19.02.2016 21.36.27;检测到恶意程序;PDM:Trojan.Win32.Bazon.a;E:\迅雷下载\cf卡bug不掉血补丁.exe;e:\迅雷下载\cf卡bug不掉血补丁.exe;02/19/2016 21:36:27

19.02.2016 21.39.21;检测到的对象 ( 处理内存 ) 已删除。;e:\迅雷下载\cf卡bug不掉血补丁.exe;e:\迅雷下载\cf卡bug不掉血补丁.exe;PDM:Trojan.Win32.Bazon.a;其它恶意软件;02/19/2016 21:39:21

aboringman

1446547521 发表于 2016-2-19 21:41
KIS 关HIPS，关监控，关KSN双击

然而已入库的东西，SW是没法发挥真正实力的。。。。。。

windows7爱好者

1446547521 发表于 2016-2-19 21:41
KIS 关HIPS，关监控，关KSN双击

KSN怎么关，断网吗?

1446547521

aboringman 发表于 2016-2-19 21:54
然而已入库的东西，SW是没法发挥真正实力的。。。。。。

主防与特征库有联动

1446547521

windows7爱好者 发表于 2016-2-19 21:55
KSN怎么关，断网吗?

断网

windows7爱好者

1446547521 发表于 2016-2-19 21:56
断网

搜嘎，不知道这招对趋势有效没