一個樣本

显示全部楼层 · 发表于 2016-7-28 22:48:38

aboringman 发表于 2016-7-28 22:47
其实确实是信誉杀，因为如果是真正AEGIS的报法的话，不会是这样的弹窗提示。

不过默认是自动，出现这 ...

不管啦，能杀就行，有点误报我也忍了，至少我实际使用没遇到误报。

显示全部楼层 · 发表于 2016-7-28 23:46:45

ESET：

扫描：

Time：2016/7/28 22:40:28;

Scanner：Real-time file system protection;

Object type：file;

Object：C:\Users\Killer\Desktop\d.exe;

Threat：a variant of Win32/Packed.Themida suspicious application;

Action：cleaned by deleting;

Information：Event occurred on a new file created by the application: D:\Haozip\HaoZip.exe (280090D09CFB84BA267650AFAEBBBCB107A9AC45);

Hash：668807D8241AEA7F094AC9FF45909478D844ACE2

双击：关闭监控，实机双击，AMS击杀之。

Time：2016/7/28 22:41:42;

Scanner：Advanced memory scanner;

Object type：file;

Object：Operating memory » C:\Users\Killer\Desktop\d.exe;

Threat：a variant of Win32/Spy.Agent.OWQ trojan;

Action：cleaned

Hash：668807D8241AEA7F094AC9FF45909478D844ACE2

显示全部楼层 · 发表于 2016-7-28 23:50:35

AVG：

扫描：killed；

"";"Trojan horse Generic_r.IWX, C:\Users\Killer\Desktop\新建文件夹\d.exe";"Healed, Moved to Virus Vault";"File or Directory";"2016/7/28, 23:48:21"

双击：关闭监控，实机双击，IDP击杀之。

"";"IDP.Virus.4D0E94F, C:\Users\Killer\Desktop\d.exe";"Deleted, Moved to Virus Vault";"File or Directory";"2016/7/28, 23:33:31"

"";", C:\Users\Killer\Desktop\d.exe";"Object was blocked";"Process";"2016/7/28, 23:33:31"

"";", HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\00E04C63214F";"Deleted, Moved to Virus Vault";"Registry value";"2016/7/28, 23:33:31"

"";", HKEY_USERS\S-1-5-21-3481082169-311058013-23538480-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\\START PAGE";"Healed, Moved to Virus Vault";"Registry value";"2016/7/28, 23:33:31"

"";", HKEY_USERS\S-1-5-21-3481082169-311058013-23538480-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\\RunOnceComplete";"Healed";"Registry value";"2016/7/28, 23:33:31"

"";", HKEY_USERS\S-1-5-21-3481082169-311058013-23538480-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\\Window_Placement";"Healed, Moved to Virus Vault";"Registry value";"2016/7/28, 23:33:31"

"";", HKEY_USERS\S-1-5-21-3481082169-311058013-23538480-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\\Enable Browser Extensions";"Healed, Moved to Virus Vault";"Registry value";"2016/7/28, 23:33:31"

"";", HKEY_USERS\S-1-5-21-3481082169-311058013-23538480-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\\UseClearType";"Healed, Moved to Virus Vault";"Registry value";"2016/7/28, 23:33:31"

"";", HKEY_USERS\S-1-5-21-3481082169-311058013-23538480-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\\Play_Animations";"Healed, Moved to Virus Vault";"Registry value";"2016/7/28, 23:33:31"

"";", HKEY_USERS\S-1-5-21-3481082169-311058013-23538480-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\\Local Page";"Healed, Moved to Virus Vault";"Registry value";"2016/7/28, 23:33:31"

"";", HKEY_USERS\S-1-5-21-3481082169-311058013-23538480-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\\StatusBarOther";"Healed";"Registry value";"2016/7/28, 23:33:31"

"";", HKEY_USERS\S-1-5-21-3481082169-311058013-23538480-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\\NoUpdateCheck";"Healed, Moved to Virus Vault";"Registry value";"2016/7/28, 23:33:31"

"";", HKEY_USERS\S-1-5-21-3481082169-311058013-23538480-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\\XMLHTTP";"Healed, Moved to Virus Vault";"Registry value";"2016/7/28, 23:33:31"

"";", HKEY_USERS\S-1-5-21-3481082169-311058013-23538480-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\\Do404Search";"Healed, Moved to Virus Vault";"Registry value";"2016/7/28, 23:33:31"

"";", HKEY_USERS\S-1-5-21-3481082169-311058013-23538480-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\\RunOnceHasShown";"Healed";"Registry value";"2016/7/28, 23:33:31"

"";", HKEY_USERS\S-1-5-21-3481082169-311058013-23538480-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\\Show_ToolBar";"Healed, Moved to Virus Vault";"Registry value";"2016/7/28, 23:33:31"

"";", HKEY_USERS\S-1-5-21-3481082169-311058013-23538480-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\\StartPageCache";"Healed";"Registry value";"2016/7/28, 23:33:31"

"";", HKEY_USERS\S-1-5-21-3481082169-311058013-23538480-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\\Save_Session_History_On_Exit";"Healed, Moved to Virus Vault";"Registry value";"2016/7/28, 23:33:31"

"";", HKEY_USERS\S-1-5-21-3481082169-311058013-23538480-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\\Search Page";"Healed, Moved to Virus Vault";"Registry value";"2016/7/28, 23:33:31"

"";", HKEY_USERS\S-1-5-21-3481082169-311058013-23538480-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\\Show_FullURL";"Healed, Moved to Virus Vault";"Registry value";"2016/7/28, 23:33:31"

"";", HKEY_USERS\S-1-5-21-3481082169-311058013-23538480-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\\Cache_Update_Frequency";"Healed, Moved to Virus Vault";"Registry value";"2016/7/28, 23:33:31"

"";", HKEY_USERS\S-1-5-21-3481082169-311058013-23538480-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\\Show_URLinStatusBar";"Healed, Moved to Virus Vault";"Registry value";"2016/7/28, 23:33:31"

"";", HKEY_USERS\S-1-5-21-3481082169-311058013-23538480-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\\Show_URLToolBar";"Healed, Moved to Virus Vault";"Registry value";"2016/7/28, 23:33:31"

"";", HKEY_USERS\S-1-5-21-3481082169-311058013-23538480-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\\Display Inline Images";"Healed, Moved to Virus Vault";"Registry value";"2016/7/28, 23:33:31"

"";", HKEY_USERS\S-1-5-21-3481082169-311058013-23538480-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\\FullScreen";"Healed, Moved to Virus Vault";"Registry value";"2016/7/28, 23:33:31"

"";", HKEY_USERS\S-1-5-21-3481082169-311058013-23538480-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\\Anchor Underline";"Healed, Moved to Virus Vault";"Registry value";"2016/7/28, 23:33:31"

"";", HKEY_USERS\S-1-5-21-3481082169-311058013-23538480-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\\Show_StatusBar";"Healed, Moved to Virus Vault";"Registry value";"2016/7/28, 23:33:31"

"";", HKEY_USERS\S-1-5-21-3481082169-311058013-23538480-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\\CompatibilityFlags";"Healed, Moved to Virus Vault";"Registry value";"2016/7/28, 23:33:31"

"";", HKEY_USERS\S-1-5-21-3481082169-311058013-23538480-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\\Use_DlgBox_Colors";"Healed, Moved to Virus Vault";"Registry value";"2016/7/28, 23:33:31"

"";", HKEY_USERS\S-1-5-21-3481082169-311058013-23538480-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\\Play_Background_Sounds";"Healed, Moved to Virus Vault";"Registry value";"2016/7/28, 23:33:31"

"";", HKEY_USERS\S-1-5-21-3481082169-311058013-23538480-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\\SearchMigrated";"Healed";"Registry value";"2016/7/28, 23:33:31"

"";", HKEY_USERS\S-1-5-21-3481082169-311058013-23538480-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\\Disable Script Debugger";"Healed, Moved to Virus Vault";"Registry value";"2016/7/28, 23:33:31"

显示全部楼层 · 发表于 2016-7-29 00:25:37

edwardcl 发表于 2016-7-28 20:51
NS22.7没报，咋整？

WS.Reputation.1只是诺顿认为文件信誉差的报法，并不是确定了这个文件包含病毒。解压后下载智能分析没有提示可能是网络不太好，不过下载的程序启动时也会进行下载智能分析，这时候如果由于网络不好等原因导致信誉未知的话好像默认是会提示的（https://support.norton.com/sp/zh ... 667_ns_retail_zh_cn）

显示全部楼层 · 发表于 2016-7-29 09:19:43

ELOHIM 发表于 2016-7-28 16:48
SCEP 1.225.2604.0 解压：MISS。

同 miss

显示全部楼层 · 发表于 2016-7-29 14:05:24

杀得好厉害

[可疑文件] 一個樣本

评分

浏览过的版块