#PACKAGE 0614

显示全部楼层 · 发表于 2018-6-14 22:46:31

ESET 19/26 73%

时间;扫描程序;对象类型;对象;威胁;操作;用户;信息;哈希;此处首次所见
2018/6/14 22:40:20;文件系统实时防护;文件;F:\病毒\收集\包(长期)\#VirusPackage\PACKAGE 0614\(23) .exe;NSIS/Injector.ABV 特洛伊木马;通过删除清除;JINXY\宇;在应用程序新建的文件上发生事件: D:\Program Files\WinRAR\WinRAR.exe (223FCC242AB6880ADE5250A9A43E3888D270CABE).;976069E7F640D1556CD399D9F77276FC6F56E2AA;
2018/6/14 22:40:20;文件系统实时防护;文件;F:\病毒\收集\包(长期)\#VirusPackage\PACKAGE 0614\(15) .exe;Win32/GenKryptik.CCMV 特洛伊木马的变种;通过删除清除;JINXY\宇;在应用程序新建的文件上发生事件: D:\Program Files\WinRAR\WinRAR.exe (223FCC242AB6880ADE5250A9A43E3888D270CABE).;3FD3A08489EDEB0343A0229BADB7227B09B48BBB;2018/6/14 22:39:59
2018/6/14 22:40:21;文件系统实时防护;文件;F:\病毒\收集\包(长期)\#VirusPackage\PACKAGE 0614\(17) .exe;Win32/Kryptik.GHTO 特洛伊木马的变种;通过删除清除;JINXY\宇;在应用程序新建的文件上发生事件: D:\Program Files\WinRAR\WinRAR.exe (223FCC242AB6880ADE5250A9A43E3888D270CABE).;2E37E391387063F8355FC1DB16DABCB40F9A0E2C;2018/6/14 22:39:59
2018/6/14 22:40:22;文件系统实时防护;文件;F:\病毒\收集\包(长期)\#VirusPackage\PACKAGE 0614\(20) .exe;Win32/TrojanDropper.Danabot.C 特洛伊木马的变种;通过删除清除;JINXY\宇;在应用程序新建的文件上发生事件: D:\Program Files\WinRAR\WinRAR.exe (223FCC242AB6880ADE5250A9A43E3888D270CABE).;16BEE6EE5674B3EB79694220D878A2FFA45A4DF5;2018/6/14 22:39:59
2018/6/14 22:40:32;文件系统实时防护;文件;F:\病毒\收集\包(长期)\#VirusPackage\PACKAGE 0614\(18) .exe;Win32/TrojanDropper.Agent.RKZ 特洛伊木马的变种;通过删除清除;JINXY\宇;在应用程序新建的文件上发生事件: D:\Program Files\WinRAR\WinRAR.exe (223FCC242AB6880ADE5250A9A43E3888D270CABE).;696111975A275FDB9418F2016578F3B7439CD804;2018/6/14 22:39:59
2018/6/14 22:40:38;文件系统实时防护;文件;F:\病毒\收集\包(长期)\#VirusPackage\PACKAGE 0614\(19) .exe;Win32/Injector.DYQO 特洛伊木马的变种;通过删除清除;JINXY\宇;在应用程序新建的文件上发生事件: D:\Program Files\WinRAR\WinRAR.exe (223FCC242AB6880ADE5250A9A43E3888D270CABE).;0A1A34F5F5CE5E68AF0F78A97BCD724847407C0A;2018/6/14 22:39:59
2018/6/14 22:40:51;文件系统实时防护;文件;F:\病毒\收集\包(长期)\#VirusPackage\PACKAGE 0614\(2) .exe;Win32/Spy.Agent.PLA 特洛伊木马的变种;通过删除清除;JINXY\宇;在应用程序新建的文件上发生事件: D:\Program Files\WinRAR\WinRAR.exe (223FCC242AB6880ADE5250A9A43E3888D270CABE).;AEEA84F0B442A51BD201F7E8B1D7A5AFC2772AA2;2018/6/14 22:39:59
2018/6/14 22:41:00;文件系统实时防护;文件;F:\病毒\收集\包(长期)\#VirusPackage\PACKAGE 0614\(1) .exe;Generik.FQDGXMK 特洛伊木马的变种;通过删除清除;JINXY\宇;在应用程序新建的文件上发生事件: D:\Program Files\WinRAR\WinRAR.exe (223FCC242AB6880ADE5250A9A43E3888D270CABE).;9172E3FC1C7704485D03A6499F1A1064D81A024D;2018/6/14 22:39:59
2018/6/14 22:41:02;文件系统实时防护;文件;F:\病毒\收集\包(长期)\#VirusPackage\PACKAGE 0614\(25) .exe;MSIL/Kryptik.JBL 特洛伊木马的变种;通过删除清除;JINXY\宇;在应用程序新建的文件上发生事件: D:\Program Files\WinRAR\WinRAR.exe (223FCC242AB6880ADE5250A9A43E3888D270CABE).;6052E4F42D58D0B335CBA3C24A8091F80808B736;2018/6/14 22:39:59
2018/6/14 22:41:10;文件系统实时防护;文件;F:\病毒\收集\包(长期)\#VirusPackage\PACKAGE 0614\(24) .exe;Suspicious Object;通过删除清除;JINXY\宇;在应用程序新建的文件上发生事件: D:\Program Files\WinRAR\WinRAR.exe (223FCC242AB6880ADE5250A9A43E3888D270CABE).;A3917D3869B544E973DCF99A7268A99AA76C7AD9;2018/6/14 22:39:59
2018/6/14 22:41:13;文件系统实时防护;文件;F:\病毒\收集\包(长期)\#VirusPackage\PACKAGE 0614\(6) .exe;Win32/PSW.Delf.OSF 特洛伊木马的变种;通过删除清除;JINXY\宇;在应用程序新建的文件上发生事件: D:\Program Files\WinRAR\WinRAR.exe (223FCC242AB6880ADE5250A9A43E3888D270CABE).;4251C45A3E45A593DABD82FC7E1DB3D00988CFE6;2018/6/14 22:39:59
2018/6/14 22:41:24;文件系统实时防护;文件;F:\病毒\收集\包(长期)\#VirusPackage\PACKAGE 0614\(3) .exe;Win32/TrojanDropper.Danabot.B 特洛伊木马的变种;通过删除清除;JINXY\宇;在应用程序新建的文件上发生事件: D:\Program Files\WinRAR\WinRAR.exe (223FCC242AB6880ADE5250A9A43E3888D270CABE).;63CAF9F0E50822AD332592D511B3C9344BBEE148;2018/6/14 22:39:59
2018/6/14 22:41:26;文件系统实时防护;文件;F:\病毒\收集\包(长期)\#VirusPackage\PACKAGE 0614\(4) .exe;Win32/Emotet.BK 特洛伊木马;通过删除清除;JINXY\宇;在应用程序新建的文件上发生事件: D:\Program Files\WinRAR\WinRAR.exe (223FCC242AB6880ADE5250A9A43E3888D270CABE).;175691852F279AEAC6EC013F98422991F621D15F;2018/6/14 22:39:59
2018/6/14 22:41:27;文件系统实时防护;文件;F:\病毒\收集\包(长期)\#VirusPackage\PACKAGE 0614\(7) .exe;Win32/Kryptik.GHTB 特洛伊木马的变种;通过删除清除;JINXY\宇;在应用程序新建的文件上发生事件: D:\Program Files\WinRAR\WinRAR.exe (223FCC242AB6880ADE5250A9A43E3888D270CABE).;1640E8C7CD9597D1FD9A4CDD73AAFF6940E3F4F4;2018/6/14 22:39:59
2018/6/14 22:41:38;文件系统实时防护;文件;F:\病毒\收集\包(长期)\#VirusPackage\PACKAGE 0614\(5) .exe;Win32/Agent.YMG 特洛伊木马;已删除;JINXY\宇;在应用程序新建的文件上发生事件: D:\Program Files\WinRAR\WinRAR.exe (223FCC242AB6880ADE5250A9A43E3888D270CABE).;93202992BBF51FFDC79DF6D51782AF4FE3534DDF;
2018/6/14 22:41:39;文件系统实时防护;文件;F:\病毒\收集\包(长期)\#VirusPackage\PACKAGE 0614\(8) .exe;Win32/ClipBanker.FF 特洛伊木马;通过删除清除;JINXY\宇;在应用程序新建的文件上发生事件: D:\Program Files\WinRAR\WinRAR.exe (223FCC242AB6880ADE5250A9A43E3888D270CABE).;C04304C5598803E09C4F3D55DBB71B6591BFDBF0;2018/6/14 22:39:59
2018/6/14 22:41:45;文件系统实时防护;文件;F:\病毒\收集\包(长期)\#VirusPackage\PACKAGE 0614\(9) .exe;MSIL/Kryptik.ONE 特洛伊木马的变种;通过删除清除;JINXY\宇;在应用程序新建的文件上发生事件: D:\Program Files\WinRAR\WinRAR.exe (223FCC242AB6880ADE5250A9A43E3888D270CABE).;4199920860548D9D980EB4DEC7CB2CB97CA41FF3;2018/6/14 22:39:59
2018/6/14 22:41:50;文件系统实时防护;文件;F:\病毒\收集\包(长期)\#VirusPackage\PACKAGE 0614\(10) .exe;Win32/Emotet.BK 特洛伊木马;通过删除清除;JINXY\宇;在应用程序新建的文件上发生事件: D:\Program Files\WinRAR\WinRAR.exe (223FCC242AB6880ADE5250A9A43E3888D270CABE).;FE48885B5F0B44E5A8211689FD40430D2A0924DE;2018/6/14 22:39:59
2018/6/14 22:41:53;文件系统实时防护;文件;F:\病毒\收集\包(长期)\#VirusPackage\PACKAGE 0614\(12) .exe;Win32/TrojanDownloader.Banload.YEZ 特洛伊木马的变种;通过删除清除;JINXY\宇;在应用程序新建的文件上发生事件: D:\Program Files\WinRAR\WinRAR.exe (223FCC242AB6880ADE5250A9A43E3888D270CABE).;F45F93F22D4FFD71F93466D19548F2D60FCFE4BC;2018/6/14 22:39:59

复制代码

显示全部楼层 · 发表于 2018-6-14 22:48:52

本帖最后由 191196846 于 2018-6-14 22:59 编辑

EES 22: 55
Samples(18/26) 69%

双击
Samples(20/26) 76%

一个衍生物僵尸网络

一个貌似漏毒……手动执行内存扫描明确报法……
Operating memory » (24) .exe(2744) - a variant of Win32/Spy.Ursnif.AO trojan - cleaned by deleting [1]

为啥始终没看到AMS发威呢……难道我用的EES有问题？

2018/6/14 22:46:21;Real-time file system protection;file;C:\Users\LH\Desktop\PACKAGE 0614\(20) .exe;a variant of Win32/TrojanDropper.Danabot.C trojan;cleaned by deleting;DESKTOP-LGCHL1A\LH;Event occurred on a new file created by the application: C:\Users\LH\Desktop\新建文件夹\WinRAR\WinRAR.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;16BEE6EE5674B3EB79694220D878A2FFA45A4DF5;2018/6/14 22:46:09
2018/6/14 22:46:22;Real-time file system protection;file;C:\Users\LH\Desktop\PACKAGE 0614\(18) .exe;a variant of Win32/TrojanDropper.Agent.RKZ trojan;cleaned by deleting;DESKTOP-LGCHL1A\LH;Event occurred on a new file created by the application: C:\Users\LH\Desktop\新建文件夹\WinRAR\WinRAR.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;696111975A275FDB9418F2016578F3B7439CD804;2018/6/14 22:46:08
2018/6/14 22:46:22;Real-time file system protection;file;C:\Users\LH\Desktop\PACKAGE 0614\(1) .exe;a variant of Generik.FQDGXMK trojan;cleaned by deleting;;Event occurred on a new file created by the application: C:\Users\LH\Desktop\新建文件夹\WinRAR\WinRAR.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;9172E3FC1C7704485D03A6499F1A1064D81A024D;2018/6/14 22:46:09
2018/6/14 22:46:23;Real-time file system protection;file;C:\Users\LH\Desktop\PACKAGE 0614\(23) .exe;NSIS/Injector.ABV trojan;cleaned by deleting;DESKTOP-LGCHL1A\LH;Event occurred on a new file created by the application: C:\Users\LH\Desktop\新建文件夹\WinRAR\WinRAR.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;976069E7F640D1556CD399D9F77276FC6F56E2AA;
2018/6/14 22:46:24;Real-time file system protection;file;C:\Users\LH\Desktop\PACKAGE 0614\(2) .exe;a variant of Win32/Spy.Agent.PLA trojan;cleaned by deleting;;Event occurred on a new file created by the application: C:\Users\LH\Desktop\新建文件夹\WinRAR\WinRAR.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;AEEA84F0B442A51BD201F7E8B1D7A5AFC2772AA2;2018/6/14 22:46:09
2018/6/14 22:46:26;Real-time file system protection;file;C:\Users\LH\Desktop\PACKAGE 0614\(19) .exe;a variant of Win32/Injector.DYQO trojan;cleaned by deleting;DESKTOP-LGCHL1A\LH;Event occurred on a new file created by the application: C:\Users\LH\Desktop\新建文件夹\WinRAR\WinRAR.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;0A1A34F5F5CE5E68AF0F78A97BCD724847407C0A;2018/6/14 22:46:08
2018/6/14 22:46:28;Real-time file system protection;file;C:\Users\LH\Desktop\PACKAGE 0614\(15) .exe;a variant of Win32/GenKryptik.CCMV trojan;cleaned by deleting;DESKTOP-LGCHL1A\LH;Event occurred on a new file created by the application: C:\Users\LH\Desktop\新建文件夹\WinRAR\WinRAR.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;3FD3A08489EDEB0343A0229BADB7227B09B48BBB;2018/6/14 22:46:08
2018/6/14 22:46:32;Real-time file system protection;file;C:\Users\LH\Desktop\PACKAGE 0614\(4) .exe;Win32/Emotet.BK trojan;cleaned by deleting;;Event occurred on a newly created file.;175691852F279AEAC6EC013F98422991F621D15F;2018/6/14 22:46:10
2018/6/14 22:46:33;Real-time file system protection;file;C:\Users\LH\Desktop\PACKAGE 0614\(6) .exe;a variant of Win32/PSW.Delf.OSF trojan;cleaned by deleting;;Event occurred on a newly created file.;4251C45A3E45A593DABD82FC7E1DB3D00988CFE6;2018/6/14 22:46:10
2018/6/14 22:46:33;Real-time file system protection;file;C:\Users\LH\Desktop\PACKAGE 0614\(7) .exe;a variant of Win32/Kryptik.GHTB trojan;cleaned by deleting;;Event occurred on a newly created file.;1640E8C7CD9597D1FD9A4CDD73AAFF6940E3F4F4;2018/6/14 22:46:10
2018/6/14 22:46:33;Real-time file system protection;file;C:\Users\LH\Desktop\PACKAGE 0614\(8) .exe;Win32/ClipBanker.FF trojan;cleaned by deleting;;Event occurred on a newly created file.;C04304C5598803E09C4F3D55DBB71B6591BFDBF0;2018/6/14 22:46:10
2018/6/14 22:46:33;Real-time file system protection;file;C:\Users\LH\Desktop\PACKAGE 0614\(5) .exe;Win32/Agent.YMG trojan;deleted;;Event occurred on a newly created file.;93202992BBF51FFDC79DF6D51782AF4FE3534DDF;
2018/6/14 22:46:35;Real-time file system protection;file;C:\Users\LH\Desktop\PACKAGE 0614\(10) .exe;Win32/Emotet.BK trojan;cleaned by deleting;;Event occurred on a newly created file.;FE48885B5F0B44E5A8211689FD40430D2A0924DE;2018/6/14 22:46:10
2018/6/14 22:46:35;Real-time file system protection;file;C:\Users\LH\Desktop\PACKAGE 0614\(25) .exe;a variant of MSIL/Kryptik.JBL trojan;cleaned by deleting;;Event occurred on a new file created by the application: C:\Users\LH\Desktop\新建文件夹\WinRAR\WinRAR.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;6052E4F42D58D0B335CBA3C24A8091F80808B736;2018/6/14 22:46:09
2018/6/14 22:46:36;Real-time file system protection;file;C:\Users\LH\Desktop\PACKAGE 0614\(12) .exe;a variant of Win32/TrojanDownloader.Banload.YEZ trojan;cleaned by deleting;;Event occurred on a newly created file.;F45F93F22D4FFD71F93466D19548F2D60FCFE4BC;2018/6/14 22:46:10
2018/6/14 22:46:37;Real-time file system protection;file;C:\Users\LH\Desktop\PACKAGE 0614\(9) .exe;a variant of MSIL/Kryptik.ONE trojan;cleaned by deleting;;Event occurred on a newly created file.;4199920860548D9D980EB4DEC7CB2CB97CA41FF3;2018/6/14 22:46:10
2018/6/14 22:46:39;Real-time file system protection;file;C:\Users\LH\Desktop\PACKAGE 0614\(3) .exe;a variant of Win32/TrojanDropper.Danabot.B trojan;cleaned by deleting;;Event occurred on a newly created file.;63CAF9F0E50822AD332592D511B3C9344BBEE148;2018/6/14 22:46:09
2018/6/14 22:46:41;Real-time file system protection;file;C:\Users\LH\Desktop\PACKAGE 0614\(17) .exe;a variant of Win32/Kryptik.GHTO trojan;cleaned by deleting;DESKTOP-LGCHL1A\LH;Event occurred on a new file created by the application: C:\Users\LH\Desktop\新建文件夹\WinRAR\WinRAR.exe (33F1554BA5E9F414C8A7DFD65A5831C513BD2DB2).;2E37E391387063F8355FC1DB16DABCB40F9A0E2C;2018/6/14 22:46:08

复制代码

显示全部楼层 · 发表于 2018-6-14 22:55:20

微点主防拦截10个扫描1个共KILL11个

显示全部楼层 · 发表于 2018-6-14 22:59:16

a27573 发表于 2018-6-14 22:46
ESET 19/26 73%

有条件双击试下么？

显示全部楼层 · 发表于 2018-6-14 23:30:09

191196846 发表于 2018-6-14 22:59
有条件双击试下么？

刚才在沙盘里双击了一下，一次黑屏一次蓝屏
不敢再测了

这是怎么回事

显示全部楼层 · 发表于 2018-6-14 23:43:03

FS Protection 23:42
Samples(18/26)
剩1 15 19 21 22 24 26 9 雙擊
1自退
9多一個DLL擋在TEMP殺
15
19Suspicious:W32/Malware!DeepGuard
21執行衍生DG殺
22
24
26W32/Malware!DeepGuard
Samples(22/26)

显示全部楼层 · 发表于 2018-6-14 23:50:26

家里下载不了。
有一个临时的DNS错误。。。

显示全部楼层 · 发表于 2018-6-15 01:01:34

wusiyuanjh 发表于 2018-6-14 21:27
卡巴排除扫描双击测试中。。。基本结束
扫描杀9个，双击杀5个，其中2号是拦截网址

所以说给个具体数据啊，一共杀14个？其余的都是什么情况？

显示全部楼层 · 发表于 2018-6-15 01:33:34

本帖最后由，就一个. 于 2018-6-15 02:01 编辑

迈克菲扫描杀8 剩余18个

双击杀17个剩23号不杀

1 报Real Protect-LS!b79576e5c515

2 报Real Protect-EC!2888C046B4DE
3 报 D:\360极速浏览器下载\PACKAGE 0614\(3) .exe 试图访问了 C:\ProgramData\BE77D162.dll。自适应威胁防护已修复执行的操作清理C:\PROGRAMDATA\BE77D162.DLL 威胁名称 ATP/Suspect!2a5fcd0c5285 这货利用RUNDLL32.EXE干坏事被抓了
4 报Real Protect-LS!425c7deaa4a2
5 报Real Protect-EC!A92DCEA95025
6 扫描删除的
7 报Real Protect-LS!a3bda6d398a1
8 报Real Protect-LS!f51fb377c98f
9 扫描删除的
10 报Real Protect-EC!EBDE65736C93
11 报Real Protect-EC!82AE76F208BD
12 报Real Protect-EC!4145811AFF2C
13 报Real Protect-LS!13380d42946a
14 扫描删除的
15 报可能是我双击太速度快了连同12一起被报Real Protect-EC!4145811AFF2C
16 报Real Protect-EC!EB9C72111C11
17 报Real Protect-EC!C8B07A5A8031
18 扫描删除的
19 扫描删除的
20 扫描删除的
21 报Real Protect-LS!009cd180090f
22 扫描删除的
23 不报
24 报Real Protect-EC!AFE9E2F4F63B
25 扫描删除的
26 报Real Protect-EC!036F834941F2
最后成绩 25/26 96％
吐槽一下咖啡主防杀得比扫描还要多我真的不晓得是几个意思，不改的样本要好一点，改了查杀太低了

显示全部楼层 · 发表于 2018-6-15 01:43:33

Panda 18/6/15 1:39

Samples(7/26) 约27%
(6) .exe：Trj/GdSda.A
(8) .exe：Trj/GdSda.A
(14) .exe：Trj/GdSda.A
(18) .exe：Trj/GdSda.A
(19) .exe：Trj/CI.A
(22) .exe：Trj/CI.A
(25) .exe：Trj/CI.A

[病毒样本] #PACKAGE 0614