Ransom (Crysis)

Jerry.Lin

1. BDE189D41DC7594FB6AB5E3FEE659B0E  taskhost.exe

复制代码

https://www.lanzous.com/i3lyo5c

a233

智量Kill 火绒扫描Miss 双击先是在系统目录创造自己，后面加两次自启，最后报毒(开启勒索诱捕)

a233

a233 发表于 2019-3-30 21:27
智量Kill 火绒扫描Miss 双击先是在系统目录创造自己，后面加两次自启，最后报毒(开启勒索诱捕)

图片的先后顺序为什么是倒着的 已编辑，先把火绒的截图先上传就行了

温馨小屋

BD扫描杀，双击ATD杀

Jirehlov1234

卡巴

Trojan.Win32.Scarsi.auqs

jdsh

avast

Nocria

G-DATA killed.

1. AVA 25.21331
   
2. GD 25.14728
   
3. 
   
4. *** Process ***
   
5. 
   
6. Process: 5844
   
7. File name: taskhost.exe
   
8. Path: C:\Users\promi\AppData\Local\Temp\BNZ.5c9f6f314480cd\taskhost.exe
   
9. 
   
10. Publisher: Unknown publisher
    
11. Creation date: 2019年3月30日 21:29:21
    
12. Modification date: 2019年3月30日 6:28:51
    
13. 
    
14. Started by: taskhost.exe
    
15. Publisher: Unknown publisher
    
16. 
    
17. 
    
18. *** Actions ***
    
19. 
    
20. The virus scanner has detected that the file is malicious.
    
21. The program is trying to create a startup item to launch a program automatically at system startup.
    
22. The program has created or manipulated an executable file.
    
23. The program has read data from its own program file.
    
24. The program created a copy of itself.
    
25. An executable file was stored in a suspicious location.
    
26. A suspicious location is referenced in startup.
    
27. 
    
28. 
    
29. *** Quarantine ***
    
30. 
    
31. The following files were moved into quarantine:
    
32. C:\Users\promi\AppData\Local\Temp\BNZ.5c9f6f314480cd\taskhost.exe
    
33. C:\Users\promi\AppData\Roaming\taskhost.exe
    
34. 
    
35. The following registry entries were deleted:
    
36. 
    
37. \registry\user\s-1-5-21-991177117-836654228-62314956-1001\software\microsoft\windows\currentversion\run || taskhost.exe
    
38. 
    
39. YHKCCSwnJycnJgYtJycnJyYGLycpJykmBqdCJyl0kmJicCsnKScpJgbHcpJykmJigCwnKScpJgbocnJycmJikCsn95AtJwfbcnJycmJiwC8nJycnJgaPcpJykmJi8CknJycnJgbPcnJycmJicKdycnCocnJycmJicLhycnJyYmJwyHJycnJiYnDocnJycmJicLqy0V9jLCcb/TXGcmJicI5yggf3KCcM9yknJycnJgb3KicnJycmBugrJyonKScHAA
    
40. Rules version: 5.0.151
    
41. OS: Windows 6.3 Service Pack 0.0 Build: 9600 - Workstation 64bit OS
    
42. dll version: 76234
    
43. 
    
44. "C:\Users\promi\AppData\Local\Temp\BNZ.5c9f6f314480cd\taskhost.exe"
    
45. MD5: BDE189D41DC7594FB6AB5E3FEE659B0E
    
46. "C:\Users\promi\AppData\Local\Temp\BNZ.5c9f6f314480cd\taskhost.exe"
    
47. MD5: BDE189D41DC7594FB6AB5E3FEE659B0E

复制代码

iha40999

Norton
taskhost.exe 威胁名称: Trojan.Gen.MBT
此文件具有高风险。
文件操作
已阻止

a939707506

avira监控杀

Nocria