|
最近在wd扫描是总提示对威胁采取了措施,但是看记录又没有显示。看了一下MPLog文件,发现报 Win32/DNSRegistryChange.A。查了一下微软官方的解释:
https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Behavior:Win32/DNSRegistryChange.A&threatId=-2147257301
老实说,没看懂,正常应该是有文件执行时才报这个吧。请教大家扫描为啥会报这个呢?
- <b></b><i></i><u></u><sub></sub><sup></sup><strike></strike>
- 2019-10-27T08:16:16.500Z Timer is triggered for lost scheduled jobs
- 2019-10-27T08:16:16.500Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2 -ScanTrigger 52) is scheduled to run in 48973177(ms) from now at 05:52 (21:52 UTC) with period 86400000(ms). Daily task start time is randomized to reduce spikes.
- 2019-10-27T08:16:17.240Z OnMountDetection for \Device\HarddiskVolume1 ...
- BEGIN BM telemetry
- GUID:{E89D950D-F56A-EC23-E23D-89C5F545A38F}
- TelemetryName:Behavior:Win32/DNSRegistryChange.A
- SignatureID:195384059229447
- ProcessID:11368
- ProcessCreationTime:132165735830512362
- SessionID:0
- CreationTime:10-27-2019 16:16:22
- ImagePath:C:\Windows\System32\svchost.exe
- ImagePathHash:DD191A5B23DF92E12A8852291F9FB5ED594B76A28A5A464418442584AFD1E048
- END BM telemetry
- 2019-10-27T08:16:23.211Z [Cloud] Engine is requesting config to do cloud query [regular network].
- 2019-10-27T08:16:23.227Z [Cloud] SubmitReport(CMpSpyDssContext), ShouldSendEvenOnPaidNetworks: 1
- 2019-10-27T08:16:23.227Z [Cloud] Start of cloud request.
- 2019-10-27T08:16:23.227Z [Cloud] Queued cloud request.
- 2019-10-27T08:16:23.227Z [Cloud] MpEngineCloudRequest(). hr = 0x0
- 2019-10-27T08:16:23.227Z [Cloud] Dequeued cloud request.
- 2019-10-27T08:16:23.227Z [Cloud] RpcSpynetQueueGenerateReport(). hr = 0x0
- 2019-10-27T08:16:23.565Z [Cloud] End of cloud request.
| 
发表于 2019-10-27 22:12:15
楼主
什么是dns注册器啊,我没用过啊。我的笔记本都是正版软件的说...dns是连接的是家里的wifi,选的是自动啊。今晚回去我上传日志,但我没有删减日志内容。
