TrojanSpy:MSIL/Dyzinew.A

275751198

https://www.microsoft.com/securi ... nSpy:MSIL/Dyzinew.A


https://yunpan.cn/cxTNSWkXdNgWB （提取码：e5a7）

saga3721

红伞杀'TR/Dropper.MSIL.243852 [trojan]'

llcy

威胁名称: Infostealer.Limitail

3801187

ymb668888

卡巴
29.02.2016 20.12.29;检测到的对象 ( 文件 ) 已删除。;C:\Users\Administrator\Downloads\b06738a7073d510277e8a2b3de7bca63101195cebc26161cf898ac9189ed0bf3;C:\Users\Administrator\Downloads\b06738a7073d510277e8a2b3de7bca63101195cebc26161cf898ac9189ed0bf3;UDS:DangerousObject.Multi.Generic;未知威胁;02/29/2016 20:12:29

icedream89

ess9

Microsoftheihei

avg 扫描kill
      监控kill

aboringman

AVG：

扫描：pass；

双击：关闭监控，实机双击，IDP击杀之。

"";"IDP.Trojan.23FD1DE2, C:\Users\killer\AppData\Local\SysLogs\logmanager.exe";"Healed, Moved to Virus Vault";"File or Directory";"2016/2/29, 21:51:11"

"";", C:\Users\killer\AppData\Local\SysLogs\logmanager.exe";"Object was blocked";"Process";"2016/2/29, 21:51:11"

"";", C:\Users\killer\Desktop\b06738a7073d510277e8a2b3de7bca63101195cebc26161cf898ac9189ed0bf3.exe";"Object was blocked";"Process";"2016/2/29, 21:51:11"

"";", C:\Users\killer\AppData\Local\Bound\AutoClicker.exe";"Object was blocked";"Process";"2016/2/29, 21:51:11"

"";", C:\Windows\System32\cmd.exe";"Object was blocked";"Process";"2016/2/29, 21:51:11"

"";", C:\Windows\System32\schtasks.exe";"Object was blocked";"Process";"2016/2/29, 21:51:11"

"";", C:\Users\killer\AppData\Local\SysLogs\kstrokemodule.dll";"Healed, Moved to Virus Vault";"File or Directory";"2016/2/29, 21:51:11"

"";", C:\Users\killer\AppData\Local\SysLogs\logprocessingmodule.dll";"Healed, Moved to Virus Vault";"File or Directory";"2016/2/29, 21:51:11"

"";", C:\Users\killer\AppData\Local\SysLogs\tasksmodule.dll";"Healed, Moved to Virus Vault";"File or Directory";"2016/2/29, 21:51:11"

"";", C:\Users\killer\AppData\Local\SysLogs\Newtonsoft.Json.dll";"Deleted, Moved to Virus Vault";"File or Directory";"2016/2/29, 21:51:11"

"";", C:\Users\killer\AppData\Local\SysLogs\sqlite3.dll";"Deleted, Moved to Virus Vault";"File or Directory";"2016/2/29, 21:51:11"

"";", C:\Users\killer\AppData\Local\Bound\AutoClicker.exe";"Deleted, Moved to Virus Vault";"File or Directory";"2016/2/29, 21:51:11"

"";", HKEY_USERS\S-1-5-21-540828005-2055914412-3868506426-1000\SOFTWARE\MURGEE.COM";"Deleted, Moved to Virus Vault";"Registry key";"2016/2/29, 21:51:11"

"";", C:\Users\killer\Desktop\b06738a7073d510277e8a2b3de7bca63101195cebc26161cf898ac9189ed0bf3.exe";"Healed, Moved to Virus Vault";"File or Directory";"2016/2/29, 21:51:11"

"";", C:\Users\killer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\logmanager.exe.lnk";"Healed, Moved to Virus Vault";"File or Directory";"2016/2/29, 21:51:11"

windows7爱好者

aboringman 发表于 2016-2-29 22:09
AVG：

扫描：pass；

蜘蛛不入库那个所谓2000块钱的木马，怎么办.....我发过去三封邮件，解释了这种木马的运行方式
蜘蛛回我两封，第一封写：此文件拥有一个微软的签名
第二封写：他对系统不构成威胁
这种样本我已经上报三次了，我甚至试过去掉图片和伪装的快捷方式，把DLL和com直接打包，可惜蜘蛛就是不给面子
这是什么态度啊
@驭龙

aboringman

windows7爱好者 发表于 2016-2-29 22:39
蜘蛛不入库那个所谓2000块钱的木马，怎么办.....我发过去三封邮件，解释了这种木马的运行方式
蜘蛛回 ...

试试用英语联系国外的客服试试，事实证明，中国区的那些人，真的很一般。。。。。。