查看: 3704|回复: 20
收起左侧

[其他相关] 想查杀国产特色太难了

[复制链接]
心痛的伤不起
发表于 2021-4-3 15:19:24 | 显示全部楼层 |阅读模式
难怪这个东西这么久没人查杀,上报都不杀
QQ游戏外{过}{滤}挂收集色情文件 火绒提示切勿使用_国内杀毒软件_安全区 卡饭论坛 - 互助分享 - 大气谦和! (kafan.cn)

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x

评分

参与人数 1人气 +1 收起 理由
Jirehlov1234 + 1

查看全部评分

wwwab
发表于 2021-4-3 15:24:34 | 显示全部楼层
国外杀软上报不杀的,描述把这些贴上去:
  1. Recently, we discovered a plug-in program disguised as a virus, which will collect and return private data for the majority of gamers, including files with pornographic-related keywords and files with keywords such as passwords, account numbers, address books, notes, etc. , The types of files collected include documents, pictures, videos, etc. Homepages related to malicious programs are: http://www.qqfzn.com/, http://www.qqfz95.com/, etc., and C&C servers for malicious programs are: http://www.bseas.com/, etc.

  2. Through analysis, it is found that the creator of the Trojan horse program will blacklist any QQ number through cloud control and delete a large number of its files.

  3. After analysis, it is found that the module includes cloud control uploading files and deleting files logic. When the user uses the software, the specified file will be uploaded according to the configuration (the upload switch is not turned on yet). At the same time, when the user's QQ number or point card number is in the blacklist configured by the virus, the disk will be traversed to delete the user's files.

  4. The virus will request configuration from the C&C server (http://www.bseas.com/sm/qb6/k.xml), which contains information such as upgrade, blacklist, upload file configuration and so on.

  5. The virus obtains the logged-in QQ number on the user's machine by traversing the QQ UserDataSavePath directory. If the user's QQ account or point card number is in the blacklist, the virus will traverse the disk and delete the suffixes except for .exe, .dll,. sys, .ini, .txt, .db, .lnk, .log and files other than the fileextp field suffix in the configuration file.

  6. In addition, the malicious program will traverse the upload extensions according to the fileext and fileext2 fields in the upload configuration. doc, .docx, .xls, .xlsx, .ppt, .pptx, .jpg, .txt, .zip, .rar, .mp4, .wmv, .mpeg files (and the upload file size must be less than 16M). The tryflag field is a switch to try to upload user files. After analysis, it is found that the switch is temporarily closed.

  7. When a file is uploaded, the malicious code will determine whether the file name contains the specified keyword (yeskey is the keyword for uploading the file, and nokey is the keyword for prohibiting the upload of the file).
复制代码
卡巴我就是这么干的,现在回复我说
Hello,

Thank you for your inquiry to Kaspersky Lab.
Your request is processing.


hsks
发表于 2021-4-3 15:26:36 | 显示全部楼层
wwwab 发表于 2021-4-3 15:24
国外杀软上报不杀的,描述把这些贴上去:卡巴我就是这么干的,现在回复我说

确实不是机翻的?
看看卡巴怎么说
hsks
发表于 2021-4-3 15:31:05 | 显示全部楼层
wwwab
发表于 2021-4-3 15:34:36 | 显示全部楼层
hsks 发表于 2021-4-3 15:31
https://www.virustotal.com/gui/file/0f492d60461031018b912e0c38dfff372b235a67ffa3f2ca34b90096b2d51268 ...

看来有效果
wwwab
发表于 2021-4-3 16:25:41 | 显示全部楼层
卡巴回我了:
Hello,

Thank you for your investigation. Our brief analysis shows that you are right, the software has some undocumented potentially malicious features. The detection will be added to the next update:
218D4CF9AECDFC7F5DEBB5CABE3AADB53E0BE3E307669D24FC8F4F175CBC3096 - HEUR:Backdoor.Win32.QQLam.gen
4E54E24E5AD7339C09C720CB25908A1A4882BFEC423528126C7530EFAAEEC77A - HEUR:Backdoor.Win32.QQLam.gen
7E580847E9DBEE3F8D0B55891D4E643D93E4DDD54F83E174B6A26097A464C284 - HEUR:Backdoor.Win32.QQLam.gen
96FCA741C65CDAA33EF73532BD81D154F0AB5182B111B5BFED6BA708476F53E5 - HEUR:Backdoor.Win32.QQLam.gen

心痛的伤不起
 楼主| 发表于 2021-4-3 16:41:43 | 显示全部楼层

这东西查杀难度就在于你没qq的话它大概都没动作,所以上报有难度
wwwab
发表于 2021-4-3 16:44:50 | 显示全部楼层
心痛的伤不起 发表于 2021-4-3 16:41
这东西查杀难度就在于你没qq的话它大概都没动作,所以上报有难度

所以说要把那串话贴上去给人工看。卡巴就成功了
Nocria
发表于 2021-4-3 16:49:33 | 显示全部楼层
部分主防应该可以拦截的

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
心痛的伤不起
 楼主| 发表于 2021-4-3 16:53:51 | 显示全部楼层
Nocria 发表于 2021-4-3 16:49
部分主防应该可以拦截的

这种不算,fs现在完全是非白即黑模式了,用着难受
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-3-29 23:24 , Processed in 0.142927 second(s), 18 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表