近期新样本四类：DELoader、勒索Infostealer、Kozy.Jozy、Apocalypse

zq19861019

During Close the file "F:\病毒样本\samples\勒索，但诺顿报Infostealer.Bancos.exe" the "Win32.Trojan.Agent.6M2VMY (Engine B)" virus was detected. Access denied. (Engine A: AVA 25.7115, Engine B: GD 25.7149)
During Close the file "F:\病毒样本\samples\DELoader.exe" the "Trojan.GenericKD.3320489 (Engine A)" virus was detected. Access denied. (Engine A: AVA 25.7115, Engine B: GD 25.7149)
During Close the file "F:\病毒样本\samples\Kozy.Jozy Ransomware.exe" the "Trojan.GenericKD.3331260 (Engine A)" virus was detected. Access denied. (Engine A: AVA 25.7115, Engine B: GD 25.7149)
During Close the file "F:\病毒样本\samples\Apocalypse Ransomware.exe" the "Gen:Trojan.Heur.PT.aqW@amxB6Yf (Engine A)" virus was detected. Access denied. (Engine A: AVA 25.7115, Engine B: GD 25.7149)

km2002

费尔miss  火绒1X  上报

2016-06-26 12:05:43,反病毒,病毒查杀,发现病毒Ransom/Locky.c，删除成功

文件路径：C:\Users\km2002\Desktop\测试\samples\Apocalypse Ransomware.exe
病毒名：Ransom/Locky.c
病毒ID：e1402906de889817
处理结果：删除成功

諾言敵不過時間

COMODO 1

windows7爱好者

玩玩SEP

nick20010117

"";"IDP.ALEXA.51, C:\Program Files\windowsupdate.exe";"已隔离, 需要重新启动才能完成操作";"文件或目录";"2016/6/26, 16:04:12"
"";", C:\USERS\ADMINISTRATOR\DESKTOP\SAMPLES\APOCALYPSE RANSOMWARE.EXE";"已阻止该对象";"进程";"2016/6/26, 16:04:12"
"";", C:\dosh\ghos\DOS之家.url.encrypted";"已删除, 已隔离";"文件或目录";"2016/6/26, 16:04:12"
"";", C:\USERS\ADMINISTRATOR\DESKTOP\SAMPLES\APOCALYPSE RANSOMWARE.EXE";"需要重新启动才能完成操作";"文件或目录";"2016/6/26, 16:04:12"
"";", C:\Program Files\windowsupdate.exe";"已阻止该对象";"进程";"2016/6/26, 16:04:12"
"";", HKEY_USERS\S-1-5-21-4035673165-3688820562-1120568024-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\WINDOWS UPDATE SVC";"已删除, 已隔离";"注册表值";"2016/6/26, 16:04:12"
"";", HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\WINDOWS UPDATE SVC";"已删除, 已隔离";"注册表值";"2016/6/26, 16:04:12"
"";"IDP.Trojan.6011931D, C:\Users\Administrator\Desktop\samples\DELoader.exe";"已隔离, 需要重新启动才能完成操作";"文件或目录";"2016/6/26, 16:07:17"
"";", C:\Users\Administrator\Desktop\samples\DELoader.exe";"已阻止该对象";"进程";"2016/6/26, 16:07:17"
"";"IDP.Trojan.E13F31C, C:\Users\Administrator\Desktop\samples\Kozy.Jozy Ransomware.exe";"已隔离, 需要重新启动才能完成操作";"文件或目录";"2016/6/26, 16:08:06"
"";", C:\Windows\System32\vssadmin.exe";"已阻止该对象";"进程";"2016/6/26, 16:08:06"
"";", C:\Users\Administrator\Desktop\samples\w.jpg";"已删除, 已隔离";"文件或目录";"2016/6/26, 16:08:06"
"";", C:\Users\Administrator\Desktop\samples\Kozy.Jozy Ransomware.exe";"已阻止该对象";"进程";"2016/6/26, 16:08:06"
"";", HKEY_USERS\S-1-5-21-4035673165-3688820562-1120568024-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\WALL";"已删除, 已隔离";"注册表值";"2016/6/26, 16:08:06"
@230f4

ericdj

BD。。。
全部入库
[mw_shl_code=css,true]C:\Users\eric_dj\Desktop\virus\samples.zip=>Apocalypse Ransomware.exe                Gen:Trojan.Heur.PT.aqW@amxB6Yf
C:\Users\eric_dj\Desktop\virus\samples.zip=>DELoader.exe                Trojan.GenericKD.332489
C:\Users\eric_dj\Desktop\virus\samples.zip=>Kozy.Jozy Ransomware.exe                Trojan.GenericKD.333126
C:\Users\eric_dj\Desktop\virus\samples.zip=>勒索，但诺顿报Infostealer.Bancos.exe                Trojan.GenericKD.3347619
[/mw_shl_code]

aboringman

230f4 发表于 2016-6-26 08:30
如果是杀毒软件，还不一定能防住呢。
比如AVG也有跪的时候

这话我喜欢

ericdj

aboringman 发表于 2016-6-26 16:08
这话我喜欢

好久不见你双击了啊

aboringman

ericdj 发表于 2016-6-26 16:10
好久不见你双击了啊

电脑坏了，无力换新。。。。。。

所以只能坐看双击

liangxy

趋势miss 勒索，但诺顿报Infostealer.Bancos.exe