【开放测试】卡饭病毒样本包 第十七期 20181118-19

www-tekeze

happycat 发表于 2018-11-20 17:05
有些勒索不是报了文件也被加密了，我说的是防止文件被加密

报了文件也被加密了？这不是说明智量的实时监控失效？但我没碰到。。。那个“智慧主防”主要是对现在的一种加强，因为堵住利用漏洞传播，某些勒索直接进不到电脑里，对根除勒索有很大好处，特别是企业内网里。

兔子大大

www-tekeze 发表于 2018-11-20 17:22
报了文件也被加密了？这不是说明智量的实时监控失效？但我没碰到。。。那个“智慧主防”主要是对现在的一 ...

以前的勒索测试不是很多杀软加密之后主防才反应过来，已经晚了

www-tekeze

www-tekeze 发表于 2018-11-20 17:22
报了文件也被加密了？这不是说明智量的实时监控失效？但我没碰到。。。那个“智慧主防”主要是对现在的一 ...

好比现在智量不查杀文本文件，因为往往是下载者角色，能杀下下来的恶意软件也行，但直接能杀掉下载者本身，隐患会更小。。。不过新版智量有可能加入专门的文档保护功能，这个倒是很实用。。

www-tekeze

happycat 发表于 2018-11-20 17:24
以前的勒索测试不是很多杀软加密之后主防才反应过来，已经晚了

现在说的是智量，怎么变成了其它杀软？ 扫描或监控没发现，靠主防当然有可能部分被加密。

兔子大大

www-tekeze 发表于 2018-11-20 17:30
现在说的是智量，怎么变成了其它杀软？ 扫描或监控没发现，靠主防当然有可能部分被加密。

那天有一个测试你不是说智量的实时监控拦截了病毒，但是电脑还是重启了

www-tekeze

happycat  2018-11-20 17:33

你看错了吧，既然拦截了，病毒进程就被挂起，无法继续执行。 我双击都是关了智量的实时监控，只用火绒来看些行为。

兔子大大

www-tekeze 发表于 2018-11-20 17:39
你看错了吧，既然拦截了，病毒进程就被挂起，无法继续执行。 我双击都是关了智量的实时监控，只用火绒来 ...

是记错了，因为你测试得特别好，所以我先想到是你，是别人测试的，智量实时监控失效，你这是要累死我呀，好不容易找出来

幽冥の龙

happycat 发表于 2018-11-20 17:12
智量不都建了20年了吗?2008年的木马清除大师，传统的杀软我一看就够了，那个系统加固360不也有吗?就是很 ...

感觉这个问题回到很久以前的那给“到底杀重要还是防重要”上了，火绒和智量目前来说正好一个防一个杀。。

我个人倒是比较偏向于防御，扫描再强大总有漏的，但是防的好却能以不变应万变
而且对于病毒来说  过扫描比过行为防御要简单的多吧。。再辅助自定义规则的话，某种意义上来说就是没法过的了。。。除非不动作，要么用户自己放行了那无解

松竹承茂

www-tekeze 发表于 2018-11-19 22:15
测试环境：WIN7 SP1  64位  实机
测试产品：13版腾管，无BD
病毒库版本：20181119

腾讯管家带bd，kill all扫描kill41+双击kill1
[Scan information]

Start time:2018-11-20 18:06:38
Elapsed time:00:00:03
Scan type:Custom scan
Antivirus engines:Tencent cloud protection engine    Tencent antivirus engine II    Tencent system repair engine    Bitdefender local antivirus engine   
Scan status:Scan complete


[Scan Report]

Files scanned:42
Threats detected:41
Threats processed:41


---------------------
2018-11-20 18:08:13 MD5:60f64ac08a2f9abd352d4722a28a1a0e C:\新建文件夹\Kafan_Sample_d93bb2565e094cb5606ddf06e0423fcbb5c9f10c548229d4a45f91c495a5a784.exe [Trojan.GenericKD.40768370]  [Delete success]
2018-11-20 18:08:14 MD5:45b30c340501f000db8f18af338404a3 C:\新建文件夹\Kafan_Sample_bb7a3ad5fbb5c74a21df4221feaa3312a4b0081ffab2bb4c1946ea81d0f216a2.exe [Trojan.GenericKD.40765656]  [Delete success]
2018-11-20 18:08:14 MD5:128491ed756499d4adc986594fd686c3 C:\新建文件夹\Kafan_Sample_476fb97354997857df773bbe03c2c10341f514a924f4193a55bc4e430819058a.exe [Gen:Variant.Razy.398661]  [Delete success]
2018-11-20 18:08:14 MD5:a6b6aaa45314957c97ccf09cb838e60d C:\新建文件夹\Kafan_Sample_a788946eabd1751b42ef5c56078b16fef162e3529676b00c67b92057acbcb34f.exe [Trojan.GenericKD.31361651]  [Delete success]
2018-11-20 18:08:14 MD5:34cfde5c0e2db9beef456ea25e79f2dc C:\新建文件夹\Kafan_Sample_7a7d1d01371068b61227b32bb2e33ffac7b5208f810930dd60519db7b6365785.exe [Trojan.GenericKD.40770138]  [Delete success]
2018-11-20 18:08:14 MD5:a9fc7bd01ca48fe4c741b29ef6379e14 C:\新建文件夹\Kafan_Sample_46f615472c16fbac8ad2dfe28866716368e4b4e83b395ed88f13d4a2b9023e66.exe [Trojan.GenericKD.31357113]  [Delete success]
2018-11-20 18:08:14 MD5:562a28a1d8bf6e478768fcab66c8b353 C:\新建文件夹\Kafan_Sample_f25c10ee263a94a055c9c4dbd61c2f5924b91a431808ddfa8923ab2d3f22ab35.exe [Trojan.GenericKD.40765414]  [Delete success]
2018-11-20 18:08:14 MD5:3c9b33b7f12a440ca553f269f8a12e80 C:\新建文件夹\Kafan_Sample_84411ed11f4dba7ae4f68033fc330b3cf0af49272a4f603a91f1fde8982945d9.exe [Trojan.GenericKD.40766329]  [Delete success]
2018-11-20 18:08:14 MD5:c7407d13d9b3c8f8af5b42da816ccf89 C:\新建文件夹\Kafan_Sample_c36cd1a0d52160ecd1659f5e55a12c7cfed3ac7349d6d477430ade738b3314a7.exe [Trojan.GenericKD.31361533]  [Delete success]
2018-11-20 18:08:15 MD5:8a0d649da7c1547d0b6936948f84e4f7 C:\新建文件夹\Kafan_Sample_04b2ce48ef8b216422a4d113bba1e4515c3f28a60d7f5de0ef3e827278c382ec.exe [Trojan.GenericKD.40770258]  [Delete success]
2018-11-20 18:08:15 MD5:ab4edd964ae1eb0f8d95129e9dd02220 C:\新建文件夹\Kafan_Sample_196fe4acd1be60d542a8422bcdbff882e93df2ba1e12ccb4f11a1f0619c7c22c.exe [Gen:Variant.Ursu.275443]  [Delete success]
2018-11-20 18:08:15 MD5:88720dc8dbe36a6359cfeef9cb9e7fa2 C:\新建文件夹\Kafan_Sample_9b0937735907a8a236f598d3958e9e954088f7bec6cf22e7b692798bb0288eca.exe [Trojan.GenericKD.40770626]  [Delete success]
2018-11-20 18:08:15 MD5:fb66491a1290a9ad50d8b370033a485a C:\新建文件夹\Kafan_Sample_fce3fef3ecb30e3dd10c4a0b80eb62f2e98a4892aee81f7660e2f125a9f2f17b.exe [Trojan.GenericKD.31358825]  [Delete success]
2018-11-20 18:08:15 MD5:7a62989a7ae2b15ee98aca90ad8faefb C:\新建文件夹\Kafan_Sample_03dc0dc21d25b76b15ae9608580b71fd56df170921aa8ce6f3248904fa99ae16.exe [Trojan.GenericKD.40769071]  [Delete success]
2018-11-20 18:08:15 MD5:58f2a33093505c8168666bdd521b5082 C:\新建文件夹\Kafan_Sample_1744683004bef53248bef5cfe69a3864f5b1f076cc47bb117bdacd632c2e0f44.exe [Trojan.GenericKD.31361945]  [Delete success]
2018-11-20 18:08:16 MD5:99d4feab94f7cda70110a1dc98f470d3 C:\新建文件夹\Kafan_Sample_46c8e192bb6e37452c1b8029987a7c05f64b7766ff692731b050c402d91baa93.exe [Trojan.GenericKD.40765609]  [Delete success]
2018-11-20 18:08:16 MD5:054d7419b835036dff9ca81a681c72e4 C:\新建文件夹\Kafan_Sample_afa74d3dc3f8c43fc7fd50c5d4a09b70a6e9f28773f8524d56bb52dddcd6b634.exe [Trojan.GenericKD.40769992]  [Delete success]
2018-11-20 18:08:16 MD5:985458b52c78c0ee2356cc25172f7277 C:\新建文件夹\Kafan_Sample_981e0d084f78e268294fe3c0a5ecc4869bb189aff927a6b6a5da0cad61b4fca4.exe [Trojan.GenericKD.31361640]  [Delete success]
2018-11-20 18:08:16 MD5:83d601e2543253c093cbdf3aa9571c9c C:\新建文件夹\Kafan_Sample_bf3f6b080abf50a2f30e84a3a05d1cd8176b79d479d3d3cc7b4037bc69a46ea3.exe [Gen:Variant.Ser.MSILPerseus.420]  [Delete success]
2018-11-20 18:08:16 MD5:432cfc6cb226742a2ff20357222b3dc4 C:\新建文件夹\Kafan_Sample_7d711c3d348757c648a01f25ad83e4d3584d4c9f897e5c3abe183405ce91dfbc.exe [Trojan.GenericKD.40770219]  [Delete success]
2018-11-20 18:08:16 MD5:d0763cda9142c1ea5fa4113e22ea3b87 C:\新建文件夹\Kafan_Sample_66d9d2301417590ac2f6af9d417d18edec1dd6d78297f791bc3866109e07a582.exe [Trojan.GenericKD.31361541]  [Delete success]
2018-11-20 18:08:17 MD5:260ea59bf98f90e32cc8bc948281f1de C:\新建文件夹\Kafan_Sample_734607f8e27473a00bad2c8121f4d0ff04e80d99f3be540bc8bf9dbf7920abb1.exe [Trojan.GenericKD.40769589]  [Delete success]
2018-11-20 18:08:17 MD5:21f42c2687ffb8a3caf28c927ebfa000 C:\新建文件夹\Kafan_Sample_ddd66eabe3ae2e9a749d3050735d642268e4f0b093f67895ad393dd967cb2882.exe [Trojan.GenericKD.31360531]  [Delete success]
2018-11-20 18:08:17 MD5:6440fe77dbb006a5a5dfcb28be92d13f C:\新建文件夹\Kafan_Sample_14f60b2be0d05e3ab3b29db1f913ab656e27f23dbb637fb7b00016a88aa504af.exe [Gen:Variant.Razy.423119]  [Delete success]
2018-11-20 18:08:17 MD5:a9e6eaa81925c54663506532d169f2cb C:\新建文件夹\Kafan_Sample_2ede00bf70a7ccb9bdfc557580d48a453e37c1ed6d50cb92a99d4072192283e4.exe [Trojan.GenericKD.31358489]  [Delete success]
2018-11-20 18:08:17 MD5:0826d4f01218182443ba434dbca8b985 C:\新建文件夹\Kafan_Sample_251be6e47569c7a2b9290bef261164c85189b39063ee971419586e9aa4a67205.exe [Trojan.Autoruns.GenericKDS.31361775]  [Delete success]
2018-11-20 18:08:17 MD5:5f6f4978d29f5467442c1566449e1821 C:\新建文件夹\Kafan_Sample_0ef67fa621fe1e4a203b6b0e63437dd79a4668cb8fc34a7f53b5ce1ef8dfb1a8.exe [Trojan.Agent.DJEA]  [Delete success]
2018-11-20 18:08:18 MD5:8e32d837832aa9f18e13b4e92655a31b C:\新建文件夹\Kafan_Sample_acfa54a8af9aaa83f0e47f831d026932c9779f1b01538654f296a2ef6de3db8a.exe [Generic.Delph.PWS.E06EBA9A]  [Delete success]
2018-11-20 18:08:18 MD5:a46677fe8465bfe36dfdfb402d7cdf4f C:\新建文件夹\Kafan_Sample_4c85fce4f7630dda213bafc2f842dd131dfc5f087be7c6a75f4ad2ca378904d0.exe [Trojan.GenericKD.40770280]  [Delete success]
2018-11-20 18:08:18 MD5:606a22d5a06772002a70bfb357fbd7dd C:\新建文件夹\Kafan_Sample_a316cb0c4164c0d69a697f00e5094b839278ade2a0e72c94a87204e5ed97be88.exe [Trojan.GenericKD.40768883]  [Delete success]
2018-11-20 18:08:18 MD5:b2576fcb0bced114af564fe780d4b676 C:\新建文件夹\Kafan_Sample_c4fb7745588d2070b7ed6505565093cd62bd496983e6b7d3da288db8a8d2b65a.exe [Gen:Variant.Strictor.176308]  [Delete success]
2018-11-20 18:08:18 MD5:8702b3a38be01053d035b1ac848dc09b C:\新建文件夹\Kafan_Sample_b4797a0d1fe9fb6f6e293174113163d715e9e3e3ceed1456cce8108f803bff86.exe [Trojan.GenericKD.40770972]  [Delete success]
2018-11-20 18:08:19 MD5:88799a44e1e982ac393087c0fad5e6ab C:\新建文件夹\Kafan_Sample_7062d7960163491d06dee3deffeaff62466f496c3f7b6c831e38361863189cff.exe [Gen:Variant.Symmi.81961]  [Delete success]
2018-11-20 18:08:19 MD5:203042129be9043ef4af7e80032ad2aa C:\新建文件夹\Kafan_Sample_c22e55998bef3ebe5bdbabab3a452e548abe2362a94797c3bbfebc502c452220.exe [Trojan.Agent.DIYT]  [Delete success]
2018-11-20 18:08:19 MD5:78ddd40ceceea50d8145cfc105500384 C:\新建文件夹\Kafan_Sample_3d728200c19b89fd411e1b5053c5dc85f8c38c346d30f73e85026d409ed58333.exe [Trojan.GenericKD.40766568]  [Delete success]
2018-11-20 18:08:19 MD5:a5c6b26a8888685dc11658192f932710 C:\新建文件夹\Kafan_Sample_8af050453d0125803d6a910c862f10507c443439b8105959d65ca11d354874b7.exe [Adware.IStartSurf.LRZ]  [Delete success]
2018-11-20 18:08:19 MD5:49c2de01488106b728698c1e05184fc4 C:\新建文件夹\Kafan_Sample_141c5f862c723ab68ca3fa253178ea5f49bcc619f20a147260c2135c221845dc.exe [Trojan.Autoruns.GenericKDS.31355770]  [Delete success]
2018-11-20 18:08:19 MD5:4661a18000d051da485ba60c1bf02457 C:\新建文件夹\Kafan_Sample_fb01865939141162a03e2786cb61a9bdfd9ac1abd158cb1655326d86197ca870.exe [Trojan.GenericKD.31357632]  [Delete success]
2018-11-20 18:08:20 MD5:63962765c439a11e6976fcadec21c7fc C:\新建文件夹\Kafan_Sample_f2c286111158deef0ec28a7a30ede742406cf696f04cb8c1db7496cc06363501.exe [Trojan.GenericKD.31358737]  [Delete success]
2018-11-20 18:08:20 MD5:e54a9db2b6629d6d55e0220851e62ed4 C:\新建文件夹\Kafan_Sample_0844761b0a4a73440e32f2d2f553f95c03ee0cdbaaaca00a054251fa70cf5598.exe [Gen:Variant.Razy.423402]  [Delete success]
2018-11-20 18:08:20 MD5:ab82b40ab4c94519defcfe086a7346e6 C:\新建文件夹\Kafan_Sample_32fd0449c2b2379013f99e200acbd6cde70434da3b414f6bb3fbe6ac45418f4e.exe [Trojan.GenericKD.31357827]  [Delete success]
---------------------扫描双击kill最后一个

www-tekeze

happycat 发表于 2018-11-20 17:50
是记错了，因为你测试得特别好，所以我先想到是你，是别人测试的，智量实时监控失效，你这是要累死我呀， ...

从描述看，是没有完全拦住，因为重启动作来得太快，有些拦截点靠后，但如果是勒索，动作没这么快，文件被加密的可能性极小。