一包样本

东方妖妖梦

链接：http://pan.baidu.com/s/1i4NCVEt 密码：oxbu
解压密码：infected

欧阳宣

eset检测8，修复2个

[mw_shl_code=css,true]Time;Scanner;Object type;Object;Threat;Action;User;Information;Hash;First seen here
2016-10-27 11:34:53 PM;Real-time file system protection;file;D:\Virus\malware\malware\contract_03742.doc;VBA/TrojanDropper.Agent.RS trojan;cleaned;JEFF-ALIENW17\Jeff Yang;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (A8598F5E601A03D329CC6753C9BFC404A251E348).;B93CB57EBAA5D2B6AC2930B0F56328EE50E067FC;2016-10-27 11:34:53 PM
2016-10-27 11:34:53 PM;Real-time file system protection;file;D:\Virus\malware\malware\contract_872840.doc;VBA/TrojanDropper.Agent.RS trojan;cleaned;JEFF-ALIENW17\Jeff Yang;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (A8598F5E601A03D329CC6753C9BFC404A251E348).;933F8DC4FC53EF55C67E14B74BFE9CD77454FEDC;2016-10-27 11:34:53 PM
2016-10-27 11:34:54 PM;Real-time file system protection;file;D:\Virus\malware\malware\3301064.js;JS/TrojanDownloader.Nemucod.BIS trojan;cleaned by deleting;JEFF-ALIENW17\Jeff Yang;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (A8598F5E601A03D329CC6753C9BFC404A251E348).;834263F76380273D89DECC81F6A7C9A689F9CD7A;2016-10-27 11:34:53 PM
2016-10-27 11:34:54 PM;Real-time file system protection;file;D:\Virus\malware\malware\Facture_Free_201610_71392742_1590576111.wsf;JS/TrojanDownloader.Nemucod.BIS trojan;cleaned by deleting;JEFF-ALIENW17\Jeff Yang;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (A8598F5E601A03D329CC6753C9BFC404A251E348).;E5CA1B714A46D4D3A79204518720AD7CD3D81AA2;2016-10-27 11:34:53 PM
2016-10-27 11:34:54 PM;Real-time file system protection;file;D:\Virus\malware\malware\payment 003BE PDF.vbs;VBS/TrojanDownloader.Agent.OOP trojan;cleaned by deleting;JEFF-ALIENW17\Jeff Yang;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (A8598F5E601A03D329CC6753C9BFC404A251E348).;ED5C94F22407645011B795DA3ADEE66A59D3DA46;2016-10-27 11:34:53 PM
2016-10-27 11:34:54 PM;Real-time file system protection;file;D:\Virus\malware\malware\azvbjj_1_.exe;a variant of MSIL/Kryptik.HOJ trojan;cleaned by deleting;JEFF-ALIENW17\Jeff Yang;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (A8598F5E601A03D329CC6753C9BFC404A251E348).;E6C3B450F54741AFFED4A18DFABC2494AED5720F;2016-10-27 11:34:53 PM
2016-10-27 11:34:54 PM;Real-time file system protection;file;D:\Virus\malware\malware\System.jar;Java/Adwind.AAK trojan;cleaned by deleting;JEFF-ALIENW17\Jeff Yang;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe (A8598F5E601A03D329CC6753C9BFC404A251E348).;048495CE70CBC50797987D91A33F0F001841B1FB;2016-10-27 11:34:53 PM
2016-10-27 11:34:54 PM;Real-time file system protection;file;D:\Virus\malware\malware\is.exe;NSIS/Injector.HX trojan;cleaned by deleting;JEFF-ALIENW17\Jeff Yang;Event occurred on a new file created by the application: C:\Program Files\WinRAR\WinRAR.exe.;;[/mw_shl_code]

windows7爱好者

SEP14占楼
监控杀4个

第一个DOC一打开就卡死
is.exe 双击占用1-2秒CPU后就自己退出了，没有加密，没有启动项，挂了梯子也不行
第二个DOC又是zbot   IPS拦截



JS被IPS拦截






最后剩下三个，杀6个

pal家族

卡巴8
剩余懒得双击，就着了！

windows7爱好者

pal家族 发表于 2016-10-28 12:21
卡巴8
剩余懒得双击，就着了！

你转了一圈，又回到了卡巴的怀抱

pal家族

windows7爱好者 发表于 2016-10-28 12:42
你转了一圈，又回到了卡巴的怀抱

不啊
我在搞18版的测试。

http://bug.qainfo.ru/redmine/projects/a0000000081
右侧 你猜哪个是我啊

windows7爱好者

pal家族 发表于 2016-10-28 12:45
不啊
我在搞18版的测试。

凭我的直觉
应该在这两行之中

pal家族

windows7爱好者 发表于 2016-10-28 12:48
凭我的直觉
应该在这两行之中

我和蚊子 嘿嘿

https://forum.kaspersky.com/index.php?showtopic=359121

有没有看到熟悉的头像

windows7爱好者

pal家族 发表于 2016-10-28 12:49
我和蚊子 嘿嘿

https://forum.kaspersky.com/index.php?showtopic=359121

看到了，我觉得你新换的这个头像不如流口水的阿狸好看

pal家族

windows7爱好者 发表于 2016-10-28 12:54
看到了，我觉得你新换的这个头像不如流口水的阿狸好看

那个太招摇了
咦，你心里想的真的只是流口水？诶嘿