純黒の悪夢——ファイルキラー

終極小壞蛋

360，云QVM杀

fzshot

Avira HEUR/AGEN.1021319

安全守护者

Hello,

Thank you for contacting Kaspersky Lab.
Your request regarding "RE: a new virus [KLAN-8328377984]", a summary of which appears below:
Hello,

New malicious software was found in the attached file.
Its detection will be included in the next update.

Trojan.Win32.SchoolGirl.dgx

Thank you for your help.

Sincerely yours,
Alexander Plakhov, Malware Analyst, Kaspersky Lab

39A/3 Leningradskoe Shosse, Moscow, 125212, Russia Tel./Fax: + 7 (495) 797 8700 http://www.kaspersky.com https://securelist.com

--------------------------------------------------------------------------------
From: huorong
Sent: 03.07.2018 18:19:00
To: china-support@kaspersky.com
Subject: a new virus



[cid:__aliyun*****************]




has been submitted to our Technical Support.
ID of your request:INC000009353***



Please include your request ID when contacting Technical Support.
You can always use My Kaspersky account link above to track the status of your request.

This message was generated automatically and does not require a reply.


Best regards,
Technical Support team
Kaspersky Lab

Miostartos

2018/7/4 15:09:12;文件系统实时防护;文件;C:\Users\stcn1\AppData\Roaming\IDM\DwnlData\stcn1\development56_baidupan_com_376\development56_baidupan_com;Generik.FPXYAYG 特洛伊木马 的变种;通过删除清除;

天使的愤怒

被诺顿干掉了，顺便用软件里的上报功能上报了一波~

tg123321

谢新 发表于 2018-7-3 23:46
那个。。这类样本的意义何在？

致敬名侦探柯南剧场版

www-tekeze

安全守护者 发表于 2018-7-3 23:03
@www-tekeze

D盘上的应用全被删了，不是隐藏文件都会被删，火绒的勒索诱饵是隐藏的，所以没有被触发，非关键系统文件也会被删 (只要权限够)，系统盘上的Program Files、ProgramData、Windows、Users都不同程度受损，桌面上的包括壁纸都被删了。。

www-tekeze

    系统严重受损，修复失败只能重装。。。给大家上个录像。。

https://share.weiyun.com/5Uwst3H

dreams521

www-tekeze 发表于 2018-7-4 20:14
系统严重受损，修复失败只能重装。。。给大家上个录像。。

https://share.weiyun.com ...

我记得还删除防护软件，火绒挺住了没

www-tekeze

我的火绒是系统加固全开，但这个样本动作很少，连cmd、powershell都没有，所以火绒彻底GG 。。