3x

anthonyqian

avast剩一个com，双击cyber capture报安全。

windows11BigSur

不想被妳发现 发表于 2021-7-4 22:57
KES的弹窗能看一下吗？

都是机器学习

救命稻草

瑞星3X

aboringman

歌德塔：1X

我很想吐槽的是，主防的反应太慢了。。。。。。（DeepRay和BEAST）

1. G DATA INTERNET SECURITY has prevented malicious software from running on your system.
   
2. The malicious program was identified by BEAST (Behavior Monitoring) as: Keylogger3（注：键盘记录器）
   
3. 
   
4. The following processes were therefore terminated by G DATA for security reasons:
   
5.         ----------------------------------------------------------------
   
6.         C:\Users\123456\Desktop\29126196aaf319113c8afe42498c0bbb.com
   
7.         C:\Windows\Abcdef.exe (PID 8400)
   
8.         C:\Windows\Abcdef.exe (PID 2896)
   
9.         ----------------------------------------------------------------
   
10. 
    
11. The following programs responsible were moved to Quarantine by G DATA:
    
12.         ----------------------------------------------------------------
    
13.         C:\Users\123456\Desktop\29126196aaf319113c8afe42498c0bbb.com
    
14.         C:\Windows\Abcdef.exe
    
15.         ----------------------------------------------------------------
    
16. 
    
17. Further information:
    
18. Module: DeepRay
    
19. Process: Abcdef.exe (8400)
    
20. File: C:\Windows\Abcdef.exe
    
21. Sha256: EE248144C876247D2BB5A7A358B18D8D1EAB47AF27E3FCDFE9AB00E7E1D51D3B
    
22. Md5: 29126196AAF319113C8AFE42498C0BBB
    
23. Size: 339968
    
24. Ref: 5bba3646-8b2c-4d01-bd48-6953c88449de
    
25. 
    
26. G DATA INTERNET SECURITY has prevented malicious software from running on your system.
    
27. The malicious program was identified by BEAST (Behavior Monitoring) as: Verdict.ContactedMaliciousHost（注：与恶意主机通讯）
    
28. 
    
29. The following processes were therefore terminated by G DATA for security reasons:
    
30.         ----------------------------------------------------------------
    
31.         C:\Users\123456\Desktop\bc52292288db5773b994c2a638298014.cmd (PID 3032)
    
32.         ----------------------------------------------------------------
    
33. 
    
34. The following programs responsible were moved to Quarantine by G DATA:
    
35.         ----------------------------------------------------------------
    
36.         C:\Users\123456\Desktop\bc52292288db5773b994c2a638298014.cmd
    
37.         ----------------------------------------------------------------
    
38. 
    
39. Registry items
    
40.         ----------------------------------------------------------------
    
41.         HKEY_USERS\S-1-5-21-3839188502-333370962-3824098329-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Emamqcs.exe
    
42.         ----------------------------------------------------------------
    
43. 
    
44. Further information:
    
45. Module: CnC
    
46. Domain: six.skt-one.com
    
47. Domain ip: 185.227.70.219
    
48. Ref: 5a862896-e52d-4895-b527-d2f36d008dea
    
49. 
    
50. G DATA INTERNET SECURITY has prevented malicious software from running on your system.
    
51. The malicious program was identified by BEAST (Behavior Monitoring) as: Generic.9FFB3645（注：可能是衍生物报法啦）
    
52. 
    
53. The following processes were therefore terminated by G DATA for security reasons:
    
54.         ----------------------------------------------------------------
    
55.         C:\Users\123456\Desktop\29126196aaf319113c8afe42498c0bbb.com
    
56.         C:\Windows\Abcdef.exe (PID 4888)
    
57.         C:\Windows\Abcdef.exe (PID 1332)
    
58.         ----------------------------------------------------------------
    
59. 
    
60. The following programs responsible were moved to Quarantine by G DATA:
    
61.         ----------------------------------------------------------------
    
62.         C:\Windows\Abcdef.exe
    
63.         ----------------------------------------------------------------
    
64. 
    
65. Further information:
    
66. Ref: 07842a9f-2a41-4ea2-a7dc-937e7deedfdf
    
67. 
    

复制代码

心心相印

360kill

sichuanwenxuan

WD清空。

wh759626933

不想被妳发现 发表于 2021-7-5 00:11
机器学习？这报法怎么看都不像啊

heur是启发啊，就是机器学习的报法啊

heavencc

智量

1. 2021-07-05 15:41:07 C:\Users\Stardust\Desktop\3GpbJSrC_3\bc52292288db5773b994c2a638298014.cmd                           Heur.ML.PE.A        
   
2. 2021-07-05 15:41:07 C:\Users\Stardust\Desktop\3GpbJSrC_3\29126196aaf319113c8afe42498c0bbb.com                           Heur.ML.PE.A        
   
3. 2021-07-05 15:41:05 C:\Users\Stardust\Desktop\3GpbJSrC_3\3f2477191ff5149fa5aaf3974de001eb.bat                           Heur.ML.PE.A        

复制代码