斗鱼被gdata疯狂针对。

显示全部楼层 · 发表于 2020-3-3 18:02:54

本帖最后由 877906025Z 于 2020-3-3 18:08 编辑

在斗鱼官网下载客户端被gdata报毒（图1）我加白以后安装成功，三分钟不到被gdata行为监控再次报毒并自动删除了斗鱼客户端（图二）
求个大佬看看这是误报还是斗鱼的确在后台搞了什么小动作（加白仍会被行为监控杀掉）斗鱼官方下载地址http://down10.zol.com.cn/dvdtool ... .2.exe?crazycache=1

显示全部楼层 · 发表于 2020-3-3 18:04:15

图1图2反了，楼下是详细报告

显示全部楼层 · 发表于 2020-3-3 18:04:41

G DATA 互联网安全套装功能模块已经阻止恶意软件在您的系统中运行。
该恶意程序被 BEAST (行为监控) 识别为： Verdict.Malware

因为安全原因，G DATA已经如下进程终止：
----------------------------------------------------------------
E:\DouyuPCClient\Client\DouyuLive.exe (PID 8312)
E:\Thunder Network\Program\Thunder.exe (PID 4548)
E:\Thunder Network\Program\Thunder.exe (PID 14488)
E:\Thunder Network\Program\Thunder.exe (PID 8088)
E:\Thunder Network\Program\Thunder.exe (PID 2552)
E:\Thunder Network\Program\Thunder.exe (PID 15376)
E:\Thunder Network\Program\resources\bin\SDK\DownloadSDKServer.exe (PID 7176)
E:\Thunder Network\Program\Thunder.exe (PID 14908)
E:\Thunder Network\Program\Thunder.exe (PID 14872)
E:\Thunder Network\Program\Thunder.exe (PID 16348)
C:\Windows\System32\conhost.exe (PID 8772)
E:\DouyuPCClient\Client\DouyuLive.exe (PID 4668)
----------------------------------------------------------------

G DATA已将如下程序移入隔离区：
----------------------------------------------------------------
E:\DouyuPCClient\Client\DouyuLive.exe
C:\Users\87790\AppData\Local\Temp\XLLiveUD\Thunder8_10.1.28.676_auto\GdiPlus.dll
C:\Users\87790\AppData\Local\Temp\nsyA242.tmp\dy_pcclientNSISDll.dll
E:\DouyuPCClient\Client\Application\CrashRpt1403.dll
E:\DouyuPCClient\Client\Application\CrashRptProbe1403.dll
E:\DouyuPCClient\Client\Application\CrashSender1403.exe
E:\DouyuPCClient\Client\Application\PluginUpdater.dll
E:\DouyuPCClient\Client\Application\Qt5Core.dll
E:\DouyuPCClient\Client\Application\Qt5Gui.dll
E:\DouyuPCClient\Client\Application\Qt5Multimedia.dll
E:\DouyuPCClient\Client\Application\Qt5Network.dll
E:\DouyuPCClient\Client\Application\Qt5PrintSupport.dll
E:\DouyuPCClient\Client\Application\Qt5Qml.dll
E:\DouyuPCClient\Client\Application\Qt5Quick.dll
E:\DouyuPCClient\Client\Application\Qt5QuickControls2.dll
E:\DouyuPCClient\Client\Application\Qt5QuickParticles.dll
E:\DouyuPCClient\Client\Application\Qt5QuickTemplates2.dll
E:\DouyuPCClient\Client\Application\Qt5QuickWidgets.dll
E:\DouyuPCClient\Client\Application\Qt5Svg.dll
E:\DouyuPCClient\Client\Application\Qt5WebChannel.dll
E:\DouyuPCClient\Client\Application\Qt5WebEngine.dll
E:\DouyuPCClient\Client\Application\Qt5WebEngineCore.dll
E:\DouyuPCClient\Client\Application\Qt5WebEngineWidgets.dll
E:\DouyuPCClient\Client\Application\Qt5WebSockets.dll
E:\DouyuPCClient\Client\Application\Qt5Widgets.dll
E:\DouyuPCClient\Client\Application\QtWebEngineProcess.exe
E:\DouyuPCClient\Client\Application\avcodec-57.dll
E:\DouyuPCClient\Client\Application\avdevice-57.dll
E:\DouyuPCClient\Client\Application\avfilter-6.dll
E:\DouyuPCClient\Client\Application\avformat-57.dll
E:\DouyuPCClient\Client\Application\avresample-3.dll
E:\DouyuPCClient\Client\Application\avutil-55.dll
E:\DouyuPCClient\Client\Application\dbghelp.dll
E:\DouyuPCClient\Client\Application\ffmpeg.exe
E:\DouyuPCClient\Client\Application\glew32.dll
E:\DouyuPCClient\Client\Application\libEGL.dll
E:\DouyuPCClient\Client\Application\libGLESv2.dll
E:\DouyuPCClient\Client\Application\libcrypto-1_1.dll
E:\DouyuPCClient\Client\Application\libssl-1_1.dll
E:\DouyuPCClient\Client\Application\opengl32sw.dll
E:\DouyuPCClient\Client\Application\postproc-54.dll
E:\DouyuPCClient\Client\Application\pthreadVC2.dll
E:\DouyuPCClient\Client\Application\qrcodelib.dll
E:\DouyuPCClient\Client\Application\quazip.dll
E:\DouyuPCClient\Client\Application\swresample-2.dll
E:\DouyuPCClient\Client\Application\swscale-4.dll
E:\DouyuPCClient\Client\Application\beacon\BeaconProxy.dll
E:\DouyuPCClient\Client\Application\beacon\BeaconStub.exe
E:\DouyuPCClient\Client\Application\beacon\cyggcc_s-1.dll
E:\DouyuPCClient\Client\Application\beacon\cygwin1.dll
E:\DouyuPCClient\Client\Application\pctools\curl.exe
E:\DouyuPCClient\Client\Application\plugins\audio\qtaudio_windows.dll
E:\DouyuPCClient\Client\Application\plugins\imageformats\qgif.dll
E:\DouyuPCClient\Client\Application\plugins\imageformats\qicns.dll
E:\DouyuPCClient\Client\Application\plugins\imageformats\qico.dll
E:\DouyuPCClient\Client\Application\plugins\imageformats\qjpeg.dll
E:\DouyuPCClient\Client\Application\plugins\imageformats\qsvg.dll
E:\DouyuPCClient\Client\Application\plugins\imageformats\qtga.dll
E:\DouyuPCClient\Client\Application\plugins\imageformats\qtiff.dll
E:\DouyuPCClient\Client\Application\plugins\imageformats\qwbmp.dll
E:\DouyuPCClient\Client\Application\plugins\imageformats\qwebp.dll
E:\DouyuPCClient\Client\Application\plugins\platforms\qwindows.dll
E:\DouyuPCClient\Client\Application\qml\Qt\labs\folderlistmodel\qmlfolderlistmodelplugin.dll
E:\DouyuPCClient\Client\Application\qml\Qt\labs\settings\qmlsettingsplugin.dll
E:\DouyuPCClient\Client\Application\qml\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
E:\DouyuPCClient\Client\Application\qml\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
E:\DouyuPCClient\Client\Application\qml\QtQml\Models.2\modelsplugin.dll
E:\DouyuPCClient\Client\Application\qml\QtQuick\Controls\qtquickcontrolsplugin.dll
E:\DouyuPCClient\Client\Application\qml\QtQuick\Controls\Private\CalendarUtils.js
E:\DouyuPCClient\Client\Application\qml\QtQuick\Controls\Private\StackView.js
E:\DouyuPCClient\Client\Application\qml\QtQuick\Controls\Private\style.js
E:\DouyuPCClient\Client\Application\qml\QtQuick\Controls\Styles\Flat\qtquickextrasflatplugin.dll
E:\DouyuPCClient\Client\Application\qml\QtQuick\Controls.2\qtquickcontrols2plugin.dll
E:\DouyuPCClient\Client\Application\qml\QtQuick\Controls.2\Fusion\qtquickcontrols2fusionstyleplugin.dll
E:\DouyuPCClient\Client\Application\qml\QtQuick\Controls.2\Imagine\qtquickcontrols2imaginestyleplugin.dll
E:\DouyuPCClient\Client\Application\qml\QtQuick\Controls.2\Material\qtquickcontrols2materialstyleplugin.dll
E:\DouyuPCClient\Client\Application\qml\QtQuick\Controls.2\Universal\qtquickcontrols2universalstyleplugin.dll
E:\DouyuPCClient\Client\Application\qml\QtQuick\Dialogs\dialogplugin.dll
E:\DouyuPCClient\Client\Application\qml\QtQuick\Dialogs\Private\dialogsprivateplugin.dll
E:\DouyuPCClient\Client\Application\qml\QtQuick\Layouts\qquicklayoutsplugin.dll
E:\DouyuPCClient\Client\Application\qml\QtQuick\LocalStorage\qmllocalstorageplugin.dll
E:\DouyuPCClient\Client\Application\qml\QtQuick\Particles.2\particlesplugin.dll
E:\DouyuPCClient\Client\Application\qml\QtQuick\PrivateWidgets\widgetsplugin.dll
E:\DouyuPCClient\Client\Application\qml\QtQuick\Templates.2\qtquicktemplates2plugin.dll
E:\DouyuPCClient\Client\Application\qml\QtQuick\Window.2\windowplugin.dll
E:\DouyuPCClient\Client\Application\qml\QtQuick.2\qtquick2plugin.dll
E:\DouyuPCClient\Client\Application\qml\QtWebChannel\declarative_webchannel.dll
E:\DouyuPCClient\Client\Application\qml\QtWebEngine\qtwebengineplugin.dll
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\斗鱼直播\斗鱼直播.lnk
C:\Users\Public\Desktop\斗鱼直播.lnk
E:\DouyuPCClient\uninst.exe
C:\WINDOWS\System32\Tasks\DouyuLiveAutoStart
C:\WINDOWS\System32\Tasks\DouyuLiveService
----------------------------------------------------------------

注册表项
----------------------------------------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DouyuLiveAutoStart, Id
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\E6844DA3-C215-4156-BBBA-C47CDB911DF8, Actions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DouyuLiveService, Id
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\2D15E079-A02C-48D6-8493-856EE927911C, Actions
----------------------------------------------------------------

详细信息：
File: E:\DouyuPCClient\Client\DouyuLive.exe
Sha256: F006F00F8783447614663F3C5C4F84E14AE32565654E1C1ED83DB18C58A4C356
Md5: 838841BEE2E2E056DF7B4356CB396511
Size: 611464
Ref: c637d826-bfbf-4572-b5ae-4b84a1ae7cd6

显示全部楼层 · 发表于 2020-3-3 18:06:17

本帖最后由 LSPD 于 2020-3-3 18:08 编辑

请楼主善用论坛编辑功能，论坛不允许自沙三连
还有，样本区请提供样本，否则该贴将被回收

显示全部楼层 · 发表于 2020-3-3 18:06:43

扫描网页内容

地址: http://down10.zol.com.cn/dvdtool ... .2.exe?crazycache=1
状态：访问被拒绝。

文件已清除感染并被移回。

文件：
C:\Users\87790\AppData\Roaming\duowan\yy\yycomstore\2052\com.yy.mostoolTeamfightTactics\65542\mostoolTeamfightTactics\n_ovhelper.exe (清除成功)

显示全部楼层 · 发表于 2020-3-3 18:11:25

本帖最后由温馨小屋于 2020-3-3 18:14 编辑

卡巴扫描miss，双击中

斗鱼原来是武汉的

双击miss，估计GD的新主防又误报了

显示全部楼层 · 发表于 2020-3-3 18:16:53

来用极宝杀毒吧

显示全部楼层 · 发表于 2020-3-3 18:19:29

温馨小屋发表于 2020-3-3 18:11
卡巴扫描miss，双击中

斗鱼原来是武汉的

武汉斗鱼网络科技有限公司

显示全部楼层 · 发表于 2020-3-3 18:20:36

Fire_Wind 发表于 2020-3-3 18:16
来用极宝杀毒吧

搭载数字引擎的那个吗。。。。。。。。。

显示全部楼层 · 发表于 2020-3-3 18:21:29

877906025Z 发表于 2020-3-3 18:20
搭载数字引擎的那个吗。。。。。。。。。

360+VirusTotal

[可疑文件] 斗鱼被gdata疯狂针对。

本帖子中包含更多资源

本帖子中包含更多资源

浏览过的版块