Detection ratio: 4 / 56 Web Attack: Angler Exploit Kit Website 6 挂马

墨家小子

Your file is now queued for scanning, please wait until the analysis starts.
SHA256:        78226b0d2de76a5b0e77022ed70c9fd61812f293568cc7d93f1bf58da9fff60b
File name:        B9A7.tmp.exe

SHA256: 78226b0d2de76a5b0e77022ed70c9fd61812f293568cc7d93f1bf58da9fff60b  
File name: B9A7.tmp.exe
Detection ratio: 4 / 56
Analysis date: 2016-03-15 11:46:55 UTC ( 15 minutes ago )  
https://www.virustotal.com/en/file/78226b0d2de76a5b0e77022ed70c9fd61812f293568cc7d93f1bf58da9fff60b/analysis/

Bkav  HW32.Packed.140F  20160312  
Rising  PE:Malware.XPACK-HIE/Heur!1.9C48 [F]  20160315  
Symantec  Suspicious.Cloud.5  20160315  
VBA32  suspected of Malware-Cryptor.General.6  20160314

2016/3/15 19:36:09,高,阻止了 localhost 的入侵企图,已阻止,不需要操作,,不需要操作,不需要操作,Web Attack: Angler Exploit Kit Website 6,"localhost (127.0.0.1, 4XXX3)",hellbentfupbvh.bollandsconsulting.co.uk/topic/36253-quizzed-prematurely-sleeker-outshines-statutory-earthshaking-pediments/,"localhost (127.0.0.1, 1XXX3)",localhost (127.0.0.1),"TCP, 端口 4XXX3"


诺顿自动防护关闭，IPS关闭，SSF拦截木马启动

saga3721

如今红伞云查杀怎么这么厉害
'TR/Crypt.XPACK.Gen (Cloud)' [trojan]

aboringman

AVG：

扫描：miss；

双击：实机双击，IDP击杀之。（【又现ALEXA】断网情况下的较量）

"";"IDP.ALEXA.51, C:\Users\killer\Documents\dfwepo.exe";"Deleted, Moved to Virus Vault";"File or Directory";"2016/3/15, 20:08:44"

"";", C:\USERS\KILLER\DESKTOP\B9A7.TMP.EXE";"Object was blocked";"Process";"2016/3/15, 20:08:44"

"";", C:\Windows\System32\vssadmin.exe";"Object was blocked";"Process";"2016/3/15, 20:08:44"

"";", C:\Windows\System32\cmd.exe";"Object was blocked";"Process";"2016/3/15, 20:08:44"

"";", C:\USERS\KILLER\DESKTOP\B9A7.TMP.EXE";"Deleted";"File or Directory";"2016/3/15, 20:08:44"

"";", C:\Users\killer\Documents\dfwepo.exe";"Object was blocked";"Process";"2016/3/15, 20:08:44"

"";", HKEY_USERS\.DEFAULT\SOFTWARE\TRUEIMG";"Deleted, Moved to Virus Vault";"Registry key";"2016/3/15, 20:08:44"

"";", HKEY_USERS\S-1-5-21-3895625976-2995373382-4201264068-1000\SOFTWARE\69AA6C9091697F8";"Deleted, Moved to Virus Vault";"Registry key";"2016/3/15, 20:08:44"

"";", HKEY_USERS\S-1-5-21-3895625976-2995373382-4201264068-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\_GUSR";"Deleted, Moved to Virus Vault";"Registry value";"2016/3/15, 20:08:44"

继续上证据截图：

ymb668888

卡巴，解压杀

3801187

1446547521

时间;扫描程序;对象类型;对象;威胁;操作;用户;信息;哈希
2016/3/15 22:17:04;未知;文件;系统内存 > \Device\HarddiskVolume4\jhon\user\current\OneDrive\Documents\psasba.exe;Win32/Filecoder.TeslaCrypt.K 特洛伊木马 的变种;通过删除清除;NT AUTHORITY\ANONYMOUS LOGON;;96B99D91B9DCE15046305DE35DAA32EA6C8B0DD4
2016/3/15 22:16:58;高级内存扫描程序;文件;系统内存 > E:\迅雷下载\B9A7.tmp.exe;Win32/Filecoder.TeslaCrypt.K 特洛伊木马 的变种;已清除;;;9CEB629FBB8CB17E4E2B1C26E9F219C4674F2AC7

双击击杀

fuzhk

aboringman 发表于 2016-3-15 20:11
AVG：

扫描：miss；

AVG现在似乎没有邮箱上报途径。网页上报我这无论怎么样（包括fq），按上报都是刷新一下页面，你能上报吗？

aboringman

fuzhk 发表于 2016-3-15 22:31
AVG现在似乎没有邮箱上报途径。网页上报我这无论怎么样（包括fq），按上报都是刷新一下页面，你能上报吗 ...

上报必须fq，人机验证用的是谷歌的验证机制。

我已经很久没有上报过了，不知道行不行。

lovelive10010

saga3721 发表于 2016-3-15 19:55
如今红伞云查杀怎么这么厉害
'TR/Crypt.XPACK.Gen (Cloud)' [trojan]

网站已屏蔽！

G DATA 互联网安全套装已阻止访问此网站。
该站点包含被感染的代码：Trojan.Agent.BRTG (引擎A)。

275751198