42.192.232[.]209 相关样本

Jirehlov1234

https://jirehlov.lanzouo.com/iLIKQydbgcb

关联自：https://bbs.kafan.cn/thread-2224720-1-1.html

929E8DA20827948A10ED04FA2EE8716F    elevation_service.exe
933ED584192AEAA839AE142AC089C713    Telegram Desktop.exe
3C59858B02906A3A7107624DAE80F530    内部测试版本.exe
03970E27A3E5FBBFFBBC249769F9F3BF    易语言程序.exe
3B648B936D8887CCF58C71DCAF7313A1    服务端20211223.exe
B600C69B576EDCBC520B564509355976    服务端20211227.exe

anthonyqian

诺顿

aiqinghe

BEST 清除1x 隔离2x 总剩余3x
双击 易语言触发了沙盒
剩下的两个防火墙block

k2132

智量 全杀了

aiqinghe

卡巴miss 3x

aboringman

360（ ）

1. 2022-01-04 18:22:07     恶意软件(G_Trojan.Generic.003dd48a)MD5:03970e27a3e5fbbffbbc249769f9f3bf   已删除此文件，如果您发现误删，可从隔离区恢复此文件。        d:\360安全浏览器下载\易语言程序.exe
   
2. 2022-01-04 18:22:06     恶意软件(Virus.Win64.Expiro.L)MD5:929e8da20827948a10ed04fa2ee8716f        文件中感染的病毒代码已经清除，您可放心使用。                d:\360安全浏览器下载\elevation_service.exe

复制代码

elevation_service.exe这个被上报了

结果：暂未发现风险

心心相印

avast余1x

anthonyqian

aboringman 发表于 2022-1-4 18:33
360（ ）

奇葩 自己清除了病毒代码，然后自己再上报清除后的文件。。。

aboringman

anthonyqian 发表于 2022-1-4 18:36
奇葩 自己清除了病毒代码，然后自己再上报清除后的文件。。。

之前还出现过报毒之后（不是被清除的另一例）又自动被上报的操作，不奇怪不奇怪

东南大学

大蜘蛛Kill 3个，Miss 3个

1. Engine 12.06.8.12260/7.00.52.08270 (2.2), 10751562 records, 2022/01/04 17:23
   
2. Last updated 2022/01/04 17:23
   
3. This is Windows XP Professional x86 (Build 2600), Service Pack 3
   
4. The user is INTEL\Administrator:INTEL\None [url=home.php?mod=space&uid=340]@[/url] INTEL
   
5. Using "..\st.drweb.com\static\beta_files\win\12.5\keys\drweb32.key" as Dr.Web Key file
   
6. This Dr.Web Key is for 1 computer (Beta Dr.Web)
   
7. WARNING! System has not been scanned for rootkits.
   
8. Scan files using 2 engines and "" mask
   
9. The mask was translated to "" filter
   
10. "c:\Downloads\20220104\6x\Telegram Desktop.exe/data001" infected with Trojan.Click3.29982
    
11. "c:\Downloads\20220104\6x\Telegram Desktop.exe/data001" - infected
    
12. "c:\Downloads\20220104\6x\elevation_service.exe" infected with Win64.Expiro.108 - deleted
    
13. "c:\Downloads\20220104\6x\Telegram Desktop.exe" - deleted
    
14. "c:\Downloads\20220104\6x\?部??版本.exe" infected with BackDoor.BlackHole.56236 - deleted
    
15. WARNING! Restore points directories have not been scanned
    
16. Total 69.2 Mbytes in 6 files scanned (17 objects, 1 container)
    
17. Total 3 files are clean
    
18. Total 3 files are infected
    
19. Total 3 files are neutralized
    
20. Scan time is 00:01:55, 616KB/sec
    
21. ================================================================
    
22. Scan session completed 2022/1/4 下午 06:41:01
    
23. ================================================================

复制代码