#Ransomware (2020-04-15)

Xw1nd极风

BDTS
Generic.Ransom.Small.E65F3125

knight0756

SEP Ransom.HiddenTear!g1

病毒探索者

HitmanPro.Alert

54ss

BEST 双击测试
本体自删？
所在文件夹（桌面）有两个文件被加密
随后
高级威胁防护已拦截一个恶意进程。进程路径: C:\ljsjo\Rand123\local.exe.
哎 差一点点……

病毒探索者

54ss 发表于 2020-4-15 18:55
BEST 双击测试
本体自删？
所在文件夹（桌面）有两个文件被加密

我现在感觉反勒索做的最好的还是HitmanPro.Alert，几乎无对手

病毒探索者

App Check

1. 04/15/2020 08:27:21 下午,File Created by Ransomware,File,C:\Users\virus\Desktop\AppCheck Anti-Ransomware.lnk,,Restored,RansomGuard
   
2. 04/15/2020 08:27:21 下午,File Created by Ransomware,File,C:\Users\virus\Desktop\AppCheck Anti-Ransomware.lnk,,Restored,RansomGuard
   
3. 04/15/2020 08:27:21 下午,File Created by Ransomware,File,C:\Users\virus\Desktop\AppCheck Anti-Ransomware.lnk.rogue,,Removed,RansomGuard
   
4. 04/15/2020 08:27:21 下午,File Created by Ransomware,File,C:\Users\virus\Desktop\测试1.txt,,Restored,RansomGuard
   
5. 04/15/2020 08:27:21 下午,File Created by Ransomware,File,C:\Users\virus\Desktop\测试1.txt,,Restored,RansomGuard
   
6. 04/15/2020 08:27:21 下午,File Created by Ransomware,File,C:\Users\virus\Desktop\测试1.txt.rogue,,Removed,RansomGuard
   
7. 04/15/2020 08:27:21 下午,File Created by Ransomware,File,C:\Users\virus\Desktop\测试2.pptx,,Restored,RansomGuard
   
8. 04/15/2020 08:27:21 下午,File Created by Ransomware,File,C:\Users\virus\Desktop\测试2.pptx,,Restored,RansomGuard
   
9. 04/15/2020 08:27:21 下午,File Created by Ransomware,File,C:\Users\virus\Desktop\测试2.pptx.rogue,,Removed,RansomGuard
   
10. 04/15/2020 08:27:21 下午,File Created by Ransomware,File,C:\Users\virus\Desktop\测试3.pdf,,Restored,RansomGuard
    
11. 04/15/2020 08:27:21 下午,File Created by Ransomware,File,C:\Users\virus\Desktop\测试3.pdf,,Restored,RansomGuard
    
12. 04/15/2020 08:27:21 下午,File Created by Ransomware,File,C:\Users\virus\Desktop\测试3.pdf.rogue,,Removed,RansomGuard
    
13. 04/15/2020 08:27:21 下午,File Created by Ransomware,File,C:\Users\virus\Desktop\测试4.docx,,Restored,RansomGuard
    
14. 04/15/2020 08:27:21 下午,File Created by Ransomware,File,C:\Users\virus\Desktop\测试4.docx,,Restored,RansomGuard
    
15. 04/15/2020 08:27:21 下午,File Created by Ransomware,File,C:\Users\virus\Desktop\测试4.docx.rogue,,Removed,RansomGuard
    
16. 04/15/2020 08:27:21 下午,File Created by Ransomware,File,C:\Users\virus\Desktop\测试5\123.docx,,Restored,RansomGuard
    
17. 04/15/2020 08:27:21 下午,File Created by Ransomware,File,C:\Users\virus\Desktop\测试5\123.docx,,Restored,RansomGuard
    
18. 04/15/2020 08:27:21 下午,File Created by Ransomware,File,C:\Users\virus\Desktop\测试5\123.docx.rogue,,Removed,RansomGuard
    
19. 04/15/2020 08:27:21 下午,File Created by Ransomware,File,C:\Users\virus\Desktop\测试5\123.pdf,,Restored,RansomGuard
    
20. 04/15/2020 08:27:21 下午,File Created by Ransomware,File,C:\Users\virus\Desktop\测试5\123.pdf,,Restored,RansomGuard
    
21. 04/15/2020 08:27:21 下午,File Created by Ransomware,File,C:\Users\virus\Desktop\测试5\123.pdf.rogue,,Removed,RansomGuard
    
22. 04/15/2020 08:27:21 下午,File Created by Ransomware,File,C:\Users\virus\Desktop\测试5\13123.pdf,,Restored,RansomGuard
    
23. 04/15/2020 08:27:21 下午,File Created by Ransomware,File,C:\Users\virus\Desktop\测试5\13123.pdf,,Restored,RansomGuard
    
24. 04/15/2020 08:27:21 下午,File Created by Ransomware,File,C:\Users\virus\Desktop\测试5\13123.pdf.rogue,,Removed,RansomGuard
    
25. 04/15/2020 08:27:21 下午,File Created by Ransomware,File,C:\Users\virus\Desktop\测试5\213.png,,Restored,RansomGuard
    
26. 04/15/2020 08:27:21 下午,File Created by Ransomware,File,C:\Users\virus\Desktop\测试5\213.png,,Restored,RansomGuard
    
27. 04/15/2020 08:27:21 下午,File Created by Ransomware,File,C:\Users\virus\Desktop\测试5\213.png.rogue,,Removed,RansomGuard
    
28. 04/15/2020 08:27:21 下午,File Created by Ransomware,File,C:\Users\virus\Desktop\测试5\2313.docx,,Restored,RansomGuard
    
29. 04/15/2020 08:27:21 下午,Ransomware Behavior Detected,File,C:\Users\virus\Downloads\Attachment.exe,,Blocked,RansomGuard

复制代码

Nocria

趋势安全大师

病毒探索者

Nocria 发表于 2020-4-15 20:32
趋势安全大师

Mac的杀软界面真的好看啊，简洁！

swizzer

病毒探索者 发表于 2020-4-15 20:25
我现在感觉反勒索做的最好的还是HitmanPro.Alert，几乎无对手

误报也挺高每次登录电脑版微信都会被杀一次Generic.Ransom.C

还好新版能添加排除了