Detection ratio: 0 / 55 Exploit Toolkit 91 & Neutrino Exploit Kit 25 挂马

显示全部楼层 · 发表于 2016-2-26 23:28:08

SHA256: 07c509d0fb1ed656f0a71d1ac09519c3427159e234b231018ae4a60659ed1346
File name: rad4BC98.tmp.exe
Detection ratio: 0 / 55
Analysis date: 2016-02-26 15:22:31 UTC ( 1 minute ago )
https://www.virustotal.com/en/file/07c509d0fb1ed656f0a71d1ac09519c3427159e234b231018ae4a60659ed1346/analysis/1456500151/

Web Attack: Exploit Toolkit Website 91好新鲜的漏洞挂马，头一次看到这样的！IPS更新还是很快的……拦截截图太大，卡饭限制上传只好穿到imgur，看不到的没办法~

2016/2/26 23:09:35,高,阻止了 localhost 的入侵企图,已阻止,不需要操作,Web Attack: Neutrino Exploit Kit Website 25,不需要操作,不需要操作,"localhost (127.0.0.1, 1XXX0)",ukdapyih.tjohn.top/ocean/upon-drain-32597268,"localhost (127.0.0.1, 1XXX6)",localhost (127.0.0.1),"TCP, 端口 1XXX0",

2016/2/26 23:09:35,高,阻止了 localhost 的入侵企图,已阻止,不需要操作,Web Attack: Exploit Toolkit Website 91,不需要操作,不需要操作,"localhost (127.0.0.1, 1XXX0)",ukdapyih.tjohn.top/ocean/upon-drain-32597268,"localhost (127.0.0.1, 1XXX6)",localhost (127.0.0.1),"TCP, 端口 1XXX0",

显示全部楼层 · 发表于 2016-2-26 23:45:02

火眼：http://fireeye.ijinshan.com/analyse.html?md5=943c04cb2adea5be048bc81506554e79&sha1=3974baf7fe25a6122d20bb855ed0912c286338ba&type=1#full

基本信息
文件名称：rad4BC98.tmp.exe
MD5：943c04cb2adea5be048bc81506554e79
Sha-1：3974baf7fe25a6122d20bb855ed0912c286338ba
文件大小：128KB
创建时间：2016-02-26 23:37:10
文件类型：EXE
PEID信息：Microsoft Visual C++ 6.0
公司描述：Hamrick Software
文件描述：Arraying
文件版本：63, 210, 153, 222
版权所有：Copyright © 2011
产品版本：18, 214, 96, 50
火眼点评
运行后删除自身，警惕恶意软件;搜索指定窗口;其他注册表信息;添加Windows防火墙例外，防止访问网络时被防火墙拦截;创建进程;创建互斥体;添加开机自启动项;在其他进程中申请内存;检测是否存在指定注册表键;绑定监听端口
危险行为监控
行为描述：运行后删除自身，警惕恶意软件
附加信息：
其他行为监控
行为描述：绑定监听端口
附加信息：0.0.0.0:126030.0.0.0:335730.0.0.0:406730.0.0.0:40698
行为描述：检测是否存在指定注册表键
附加信息：HKEY_CURRENT_USER\Software\ESETHKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLabHKEY_LOCAL_MACHINE\Software\Microsoft\OleAut
行为描述：在其他进程中申请内存
附加信息：%system%\netsh.exe%system%\rundll32.exe%system%\wbem\wmiprvse.exe
行为描述：添加开机自启动项
附加信息：[tnkeyxv] - rundll32.exe "%USERPROFILE%\Local Settings\Application Data\tnkeyxv.dll",tnkeyxv
行为描述：创建互斥体
附加信息：".NET CLR Data_Perf_Library_Lock_PID_640"".NET CLR Networking 4.0.0.0_Perf_Library_Lock_PID_640"".NET CLR Networking_Perf_Library_Lock_PID_640"".NET Data Provider for Oracle_Perf_Library_Lock_PID_640"".NET Data Provider for SqlServer_Perf_Library_Lock_PID_640"".NET Memory Cache 4.0_Perf_Library_Lock_PID_640"".NETFramework_Perf_Library_Lock_PID_640""ASP.NET_2.0.50727_Perf_Library_Lock_PID_640""ASP.NET_4.0.30319_Perf_Library_Lock_PID_640""ASP.NET_Perf_Library_Lock_PID_640""ContentFilter_Perf_Library_Lock_PID_640""ContentIndex_Perf_Library_Lock_PID_640""ISAPISearch_Perf_Library_Lock_PID_640""MSDTC Bridge 3.0.0.0_Perf_Library_Lock_PID_640""MSDTC Bridge 4.0.0.0_Perf_Library_Lock_PID_640""MSDTC_Perf_Library_Lock_PID_640""PSched_Perf_Library_Lock_PID_640""PerfDisk_Perf_Library_Lock_PID_640""PerfNet_Perf_Library_Lock_PID_640""PerfOS_Perf_Library_Lock_PID_640""PerfProc_Perf_Library_Lock_PID_640""RPCSS_REGEVENT:{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}""RSVP_Perf_Library_Lock_PID_640""RemoteAccess_Perf_Library_Lock_PID_640""SMSvcHost 3.0.0.0_Perf_Library_Lock_PID_640""SMSvcHost 4.0.0.0_Perf_Library_Lock_PID_640""ServiceModelEndpoint 3.0.0.0_Perf_Library_Lock_PID_640""ServiceModelEndpoint 4.0.0.0_Perf_Library_Lock_PID_640""ServiceModelOperation 3.0.0.0_Perf_Library_Lock_PID_640""ServiceModelOperation 4.0.0.0_Perf_Library_Lock_PID_640""ServiceModelService 3.0.0.0_Perf_Library_Lock_PID_640""ServiceModelService 4.0.0.0_Perf_Library_Lock_PID_640""Spooler_Perf_Library_Lock_PID_640""TapiSrv_Perf_Library_Lock_PID_640""Tcpip_Perf_Library_Lock_PID_640""TermService_Perf_Library_Lock_PID_640""VSHBZL6SWAG0C""WMIPRVSE.EXE""Windows Workflow Foundation 3.0.0.0_Perf_Library_Lock_PID_640""Windows Workflow Foundation 4.0.0.0_Perf_Library_Lock_PID_640""WmiApRpl_Perf_Library_Lock_PID_640""aspnet_state_Perf_Library_Lock_PID_640"
行为描述：创建进程
附加信息：%system%\netsh.exe%system%\rundll32.exe%system%\wbem\wmiprvse.exe
行为描述：添加Windows防火墙例外，防止访问网络时被防火墙拦截
附加信息：%system%\rundll32.exe >> %system%\rundll32.exe*:Enabled:rundll32
行为描述：其他注册表信息
附加信息：
行为描述：搜索指定窗口
附加信息：["Indicator" , ""]
文件操作监控
操作文件MD5 文件大小文件路径
新增 ee7af09b5651b80128ce2aa22f7a4562 13824 %USERPROFILE%\Local Settings\Appli...
进程操作监控
创建进程：netsh.exe
启动参数：advfirewall firewall add rule name="Rundll32" dir=in action=allow protocol=any program="%system%\rundll32.exe
创建进程：netsh.exe
启动参数：advfirewall firewall add rule name="Rundll32" dir=out action=allow protocol=any program="%system%\rundll32.exe
创建进程：%system%\netsh.exe
启动参数："%system%\netsh.exe" advfirewall firewall add rule name="Rundll32" dir=in action=allow protocol=any program="%system%\rundll32.exe"
创建进程：%system%\netsh.exe
启动参数："%system%\netsh.exe" advfirewall firewall add rule name="Rundll32" dir=out action=allow protocol=any program="%system%\rundll32.exe"
创建进程：rundll32.exe
启动参数："%USERPROFILE%\Local Settings\Application Data\tnkeyxv.dll",tnkeyxv %ProgramFiles%\rad4BC98.tmp.exe
创建进程：%system%\RUNDLL32.exe
启动参数："%system%\rundll32.exe" "%USERPROFILE%\Local Settings\Application Data\tnkeyxv.dll",tnkeyxv %ProgramFiles%\rad4BC98.tmp.exe
新增删除修改注册表监控
HKEY_CURRENT_USER\\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
[tnkeyxv] = [rundll32.exe "%USERPROFILE%\Local Settings\Application Data\tnkeyxv.dll",tnkeyxv]
HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\Tracing\FWCFG
[FileTracingMask] = [0xffff0000]
[EnableFileTracing] = [0x00000000]
[FileDirectory] = [%windir%\tracing]
[ConsoleTracingMask] = [0xffff0000]
[MaxFileSize] = [0x00100000]
[EnableConsoleTracing] = [0x00000000]
HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Mi...
HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Mi...
[Active] = [0x00000001]
[LogSessionName] = [stdout]
[ControlFlags] = [0x00000001]
HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Mi...
[BitNames] = [ NAP_TRACE_BASE NAP_TRACE_NETSH]
[Guid] = [710adbf0-ce88-40b4-a50d-231ada6593f0]
HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Mi...
[Active] = [0x00000001]
[ControlFlags] = [0x00000001]
[LogSessionName] = [stdout]
HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Mi...
[Guid] = [b0278a28-76f1-4e15-b1df-14b209a12613]
[BitNames] = [ Error Unusual Info Debug]
HKEY_LOCAL_MACHINE\\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\N...
[MaxWait] = [0x00000001]
[fkxjauww] = [\x9c\xc3\xd6\x76\x6e...]
[DllName] = [%USERPROFILE%\Local Settings\Application Data\tnkeyxv.dll]
[Startup] = [tnkeyxv]
[Impersonate] = [0x00000001]
[Asynchronous] = [0x00000001]
HKEY_LOCAL_MACHINE\\SYSTEM\ControlSet001\Services\napagent\LocalConfig\Enro...
HKEY_LOCAL_MACHINE\\SYSTEM\ControlSet001\Services\napagent\LocalConfig\Enro...
HKEY_LOCAL_MACHINE\\SYSTEM\ControlSet001\Services\napagent\LocalConfig\UI
HKEY_LOCAL_MACHINE\\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\F...
[%system%\rundll32.exe] = [%system%\rundll32.exe*:Enabled:rundll32]
HKEY_LOCAL_MACHINE\\SYSTEM\CurrentControlSet\Services\napagent\LocalConfig\...
HKEY_LOCAL_MACHINE\\SYSTEM\CurrentControlSet\Services\napagent\LocalConfig\...
HKEY_LOCAL_MACHINE\\SYSTEM\CurrentControlSet\Services\napagent\LocalConfig\...
HKEY_LOCAL_MACHINE\\SYSTEM\CurrentControlSet\Services\SharedAccess\Paramete...
[%system%\rundll32.exe] = [%system%\rundll32.exe*:Enabled:rundll32]
网络监控
网络操作
[Connect HOST]174.195.146.220:53
[Connect HOST]247.28.190.238:53
[Connect HOST]85.17.117.170:53
[Resolve HOST Name]p.opticerawvb.net
[Resolve HOST Name]z.opticerawvb.net

显示全部楼层 · 发表于 2016-2-26 23:58:53

阿努比斯：http://anubis.iseclab.org/?action=result&task_id=1bb7bec5ad384b7e4254f3e1d610a0221&format=txt

                        ___             __ _
      +  /-          / |  ____  __  __/ /_  (_)____    -\  +
      /s  h-          / /| | / __ \/ / / / __ \/ / ___/    -h  s\
      oh-:d/       / ___ |/ / / / /_/ / /_/ / (__  )       /d:-ho
      shh+hy-       /_/  |_/_/ /_/\__,_/_.___/_/____/       -yh+hhs
   -:+hhdhyys/-                                        -\syyhdhh+:-
-//////dhhhhhddhhyss-    Analysis Report    -ssyhhddhhhhhd\\\\\\-
/++/////oydddddhhyys/    ooooooooooooooooooooo    \syyhhdddddyo\\\\\++\
-+++///////odh/-                                           -+hdo\\\\\\\+++-
+++++++++//yy+/:                                           :\+yy\\+++++++++
/+soss+sys//yyo/os++o+:                               :+o++so\oyy\\sys+ssos+\
+oyyyys++o/+yss/+/oyyyy:                            :yyyyo\+\ssy+\o++syyyyo+
+oyyyyyyso+os/o/+yyyyyy/                            \yyyyyy+\o\so+osyyyyyyo+

[#############################################################################]
Analysis Report for rad4BC98.tmp.exe
               MD5: 943c04cb2adea5be048bc81506554e79
[#############################################################################]

[=============================================================================]
Table of Contents
[=============================================================================]

- General information
- rad4BC98.t.exe
  a) Registry Activities
  b) File Activities
  c) Other Activities

[#############################################################################]
1. General Information
[#############################################################################]
[=============================================================================]
Information about Anubis' invocation
[=============================================================================]
      Time needed:       259 s
      Report created:    02/26/16, 15:53:57 UTC
      Termination reason: Timeout
      Program version: 1.76.3886

[#############################################################################]
2. rad4BC98.t.exe
[#############################################################################]
[=============================================================================]
General information about this executable
[=============================================================================]
      Analysis Reason: Primary Analysis Subject
      Filename:       rad4BC98.t.exe
      MD5:          943c04cb2adea5be048bc81506554e79
      SHA-1:          3974baf7fe25a6122d20bb855ed0912c286338ba
      File Size:    131072 Bytes
      Command Line: "C:\rad4BC98.t.exe"
      Process-status
      at analysis end: alive
      Exit Code:    0

[=============================================================================]
Load-time Dlls
[=============================================================================]
      Module Name: [ C:\WINDOWS\system32\ntdll.dll ],
            Base Address: [0x7C900000 ], Size: [0x000AF000 ]
      Module Name: [ C:\WINDOWS\system32\kernel32.dll ],
            Base Address: [0x7C800000 ], Size: [0x000F6000 ]
      Module Name: [ C:\WINDOWS\system32\LZ32.dll ],
            Base Address: [0x73DC0000 ], Size: [0x00003000 ]
      Module Name: [ C:\WINDOWS\system32\GDI32.dll ],
            Base Address: [0x77F10000 ], Size: [0x00049000 ]
      Module Name: [ C:\WINDOWS\system32\USER32.dll ],
            Base Address: [0x7E410000 ], Size: [0x00091000 ]
      Module Name: [ C:\WINDOWS\system32\ADVAPI32.dll ],
            Base Address: [0x77DD0000 ], Size: [0x0009B000 ]
      Module Name: [ C:\WINDOWS\system32\RPCRT4.dll ],
            Base Address: [0x77E70000 ], Size: [0x00092000 ]
      Module Name: [ C:\WINDOWS\system32\Secur32.dll ],
            Base Address: [0x77FE0000 ], Size: [0x00011000 ]
      Module Name: [ C:\WINDOWS\system32\OLEAUT32.dll ],
            Base Address: [0x77120000 ], Size: [0x0008B000 ]
      Module Name: [ C:\WINDOWS\system32\msvcrt.dll ],
            Base Address: [0x77C10000 ], Size: [0x00058000 ]
      Module Name: [ C:\WINDOWS\system32\ole32.dll ],
            Base Address: [0x774E0000 ], Size: [0x0013D000 ]
      Module Name: [ C:\WINDOWS\system32\MPR.dll ],
            Base Address: [0x71B20000 ], Size: [0x00012000 ]

[=============================================================================]
Run-time Dlls
[=============================================================================]
      Module Name: [ C:\WINDOWS\system32\MSCTF.dll ],
            Base Address: [0x74720000 ], Size: [0x0004C000 ]
      Module Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll ],
            Base Address: [0x773D0000 ], Size: [0x00103000 ]
      Module Name: [ C:\WINDOWS\system32\SHLWAPI.dll ],
            Base Address: [0x77F60000 ], Size: [0x00076000 ]
      Module Name: [ C:\WINDOWS\system32\SHELL32.dll ],
            Base Address: [0x7C9C0000 ], Size: [0x00817000 ]

[=============================================================================]
2.a) rad4BC98.t.exe - Registry Activities
[=============================================================================]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Registry Values Read:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
      Key: [ HKLM\SOFTWARE\Microsoft\CTF\SystemShared\ ],
         Value Name: [ CUAS ], Value: [ 0 ], 1 time
      Key: [ HKLM\SYSTEM\CurrentControlSet\Control\Session Manager ],
         Value Name: [ CriticalSectionTimeout ], Value: [ 2592000 ], 1 time
      Key: [ HKLM\SYSTEM\Setup ],
         Value Name: [ SystemSetupInProgress ], Value: [ 0 ], 1 time
      Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows ],
         Value Name: [ AppInit_DLLs ], Value: [  ], 1 time
      Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers ],
         Value Name: [ TransparentEnabled ], Value: [ 1 ], 1 time
      Key: [ HKLM\System\CurrentControlSet\Control\Terminal Server ],
         Value Name: [ TSAppCompat ], Value: [ 0 ], 3 times
      Key: [ HKLM\System\CurrentControlSet\Control\Terminal Server ],
         Value Name: [ TSUserEnabled ], Value: [ 0 ], 1 time
      Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Keyboard Layout\Toggle ],
         Value Name: [ Language Hotkey ], Value: [ 1 ], 2 times
      Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Keyboard Layout\Toggle ],
         Value Name: [ Layout Hotkey ], Value: [ 2 ], 2 times

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Monitored Registry Keys:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
      Key: [ HKLM\system\CurrentControlSet\control\NetworkProvider\HwOrder ],
         Watch subtree: [ 0 ], Notify Filter: [ Value Change ], 1 time

[=============================================================================]
2.b) rad4BC98.t.exe - File Activities
[=============================================================================]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File System Control Communication:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
      File: [ C:\Program Files\Common Files\ ], Control Code: [ 0x00090028 ], 1 time

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Device Control Communication:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
      File: [ \Device\KsecDD ], Control Code: [ 0x00390008 ], 8 times

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Memory Mapped Files:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
      File Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll ]
      File Name: [ C:\WINDOWS\WindowsShell.Manifest ]
      File Name: [ C:\WINDOWS\system32\MSCTF.dll ]
      File Name: [ C:\WINDOWS\system32\SHELL32.dll ]
      File Name: [ C:\WINDOWS\system32\imm32.dll ]

[=============================================================================]
2.c) rad4BC98.t.exe - Other Activities
[=============================================================================]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Mutexes Created:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
      Mutex: [ CTF.Asm.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500 ]
      Mutex: [ CTF.Compart.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500 ]
      Mutex: [ CTF.LBES.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500 ]
      Mutex: [ CTF.Layouts.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500 ]
      Mutex: [ CTF.TMD.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500 ]
      Mutex: [ CTF.TimListCache.FMPDefaultS-1-5-21-842925246-1425521274-308236825-500MUTEX.DefaultS-1-5-21-842925246-1425521274-308236825-500 ]

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Windows SEH exceptions:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
      Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x77134b93 ], 1 time

[#############################################################################]
                     International Secure Systems Lab
                        http://www.iseclab.org

Vienna University of Technology    Eurecom France          UC Santa Barbara
http://www.tuwien.ac.at       http://www.eurecom.fr  http://www.cs.ucsb.edu

                        Contact: anubis@iseclab.org

显示全部楼层 · 发表于 2016-2-26 23:37:47

本帖最后由 HEMM 于 2016-2-26 23:45 编辑

为什么我联想到不需要操作，不需要操作，不需要操作，重要的事情说三遍。
MA对此只有一招，那就是拉黑。天天和毛豆打架玩。
CMD加IE好逆天的组合

显示全部楼层 · 发表于 2016-2-26 23:44:11

ESS9 MISS

显示全部楼层 · 发表于 2016-2-26 23:52:34

icedream89 发表于 2016-2-26 23:44
ESS9 MISS

ATC太牛逼了，ESS相对诺顿没有第一道漏洞防御，先输了一招。所谓的双击测试只不过是防御的第二个层次，我顿IPS不是浪得虚名的，余下的声纳等梯次防御还算靠谱

显示全部楼层 · 发表于 2016-2-26 23:54:02

HEMM 发表于 2016-2-26 23:37
为什么我联想到不需要操作，不需要操作，不需要操作，重要的事情说三遍。
MA对此只有一招，那就是拉黑。天 ...

WD是不是等于呵呵？

显示全部楼层 · 发表于 2016-2-27 00:02:03

本帖最后由 HEMM 于 2016-2-27 00:10 编辑

墨家小子发表于 2016-2-26 23:54
WD是不是等于呵呵？

我只体会到一旦安装毛豆它的新陈代谢就紊乱了，那个清除隔离还原，各种蛋疼.....日志内留下了美好的不能加载以及error

关于WD服务故障日志我找不到了，错误日志太多，懒得找，这还是我没安装多久的系统，大概安装完不到10分钟就已经被我玩熄火了。

另.......我浏览各种卡，神网号称宇宙无敌第一速，结果下载满300KB不能打开网页，各种网络活动被搁置，必须等下载完毕，而且大部分时间都是以几KB的网速下载，浏览土豆优酷看个动漫都卡要死，它还鼓吹自己是单线100MB网速，我看就一个MB很贴切，前面的100只能在伪测速中体会到，真一测就倒了就真面目了就萎了。我传的图片我也看不到，恶心！

对了！还恶意屏蔽开源软件的下载和浏览，恶心！

显示全部楼层 · 发表于 2016-2-27 00:02:39

趋势双击 HEU_AEGISCS941

显示全部楼层 · 发表于 2016-2-27 00:10:32

SHA256: 07c509d0fb1ed656f0a71d1ac09519c3427159e234b231018ae4a60659ed1346
File name: rad4BC98.tmp.exe
Detection ratio: 0 / 55
Analysis date: 2016-02-26 15:22:31 UTC ( 46 minutes ago )
https://www.virustotal.com/en/file/07c509d0fb1ed656f0a71d1ac09519c3427159e234b231018ae4a60659ed1346/analysis/1456502798/

快一个小时了还不拉黑，不能忍啊~~

[可疑文件] Detection ratio: 0 / 55 Exploit Toolkit 91 & Neutrino Exploit Kit 25 挂马

本帖子中包含更多资源

评分

本帖子中包含更多资源

本帖子中包含更多资源