本帖最后由 UNknownOoo 于 2024-6-28 02:07 编辑
火绒6(未开高级启发式
扫描:检出 7x(手动删除报毒项目后剩下8x)
- 扫描文件:14
- 发现风险:7
- 已处理风险:3
- 病毒详情:
- 风险路径:C:\Users\Administrator\Desktop\6.28\Potato-Desktop_WIN64.msi, 病毒名:TrojanDropper/W64.Agent.aa, 病毒ID:097180043d453962, 处理结果:已处理,删除文件
- 风险路径:C:\Users\Administrator\Desktop\6.28\chorrsetup.msi, 病毒名:Trojan/VBS.GuLoader.ab, 病毒ID:ceb722a5773871bd, 处理结果:已处理,删除文件
- 风险路径:C:\Users\Administrator\Desktop\6.28\firefox安装.msi >> vmtools.dll, 病毒名:Trojan/HiJack.fi, 病毒ID:c7dd35c6e1b48bbf, 处理结果:暂不处理
- 风险路径:C:\Users\Administrator\Desktop\6.28\M-Bt10.msi.exe, 病毒名:Backdoor/Farfli.hc, 病毒ID:dcf0cef112e8e25e, 处理结果:暂不处理
- 风险路径:C:\Users\Administrator\Desktop\6.28\rar解压缩_inst_1800_1_31_11304.msi >> RAR.exe, 病毒名:Backdoor/Farfli.hc, 病毒ID:dcf0cef112e8e25e, 处理结果:暂不处理
- 风险路径:C:\Users\Administrator\Desktop\6.28\Potato-Desktop_WIN64.msi >> P.exe, 病毒名:TrojanDropper/W64.Agent.aa, 病毒ID:097180043d453962, 处理结果:已处理,删除文件
- 风险路径:C:\Users\Administrator\Desktop\6.28\Lets-[过滤].msi >> vs.zip, 病毒名:Trojan/Generic!0D73CD01141508E4, 病毒ID:0d73cd01141508e4, 处理结果:暂不处理
剩下运行:
goog.a.X64.msi -> 内存防护捉
- 病毒名称:Backdoor/Lotok.fo
- 病毒ID:9329ED8113F6EBE6
- 虚拟地址:0x00000000076B0000
- 映像大小:252KB
- 是否完整映像:否
- 数据流哈希:5fb5b7d8
- 操作结果:已处理
- 进程ID:2996
- 操作进程:C:\Program Files\Windows Defenderr\Phone.exe
- 操作进程命令行:"C:\Program Files\Windows Defenderr\Phone.exe"
- 父进程ID:9876
- 父进程:C:\Windows\SysWOW64\msiexec.exe
- 父进程命令行:C:\Windows\syswow64\MsiExec.exe -Embedding AE1DEF5B9B07AC1450A874EE6E5F8626
letes-test.msi -> 内存防护捉
- 病毒名称:Backdoor/Agent.pl
- 病毒ID:37CFF1CC6F5EBF8A
- 虚拟地址:0x0000000002270000
- 映像大小:376KB
- 是否完整映像:否
- 数据流哈希:eea3fa1e
- 操作结果:已处理
- 进程ID:9712
- 操作进程:C:\Program Files (x86)\letsi-x64.3\app-3.8.0\ka8@27\TenioDL.exe
- 操作进程命令行:"C:\Program Files (x86)\letsi-x64.3\app-3.8.0\ka8@27\TenioDL.exe"
- 父进程ID:5540
- 父进程:C:\Windows\explorer.exe
- 父进程命令行:C:\Windows\Explorer.EXE
Setup.exe -> MISS
tecnetup-x64.msi -> 内存防护捉,但是因为内存防护只结束进程而不回滚衍生物就反复捉(
- 病毒名称:Backdoor/Agent.pl
- 病毒ID:37CFF1CC6F5EBF8A
- 虚拟地址:0x0000000000EB0000
- 映像大小:376KB
- 是否完整映像:否
- 数据流哈希:68647f13
- 操作结果:已处理
- 进程ID:6680
- 操作进程:C:\Users\Administrator\Videos\FDB88137@27\7E3A1901.exe
- 操作进程命令行:C:\Users\Administrator\Videos\FDB88137@27\7E3A1901.exe
- 父进程ID:824
- 父进程:C:\Windows\System32\services.exe
- 父进程命令行:C:\Windows\system32\services.exe
YOdaoci.msi -> Web防护拦截,手动内存扫描捉衍生物进程
- 病毒名称:Trojan/Generic!6A9469446EC47190
- 病毒ID:6A9469446EC47190
- 病毒URL:[img]http://206.238.43.211:8080/C.jpg[/img]
- 操作结果:已阻止
- 进程ID:4380
- 操作进程:C:\Program Files (x86)\YOdaoci\YOdaoci\Dict\MFCApplication1.exe_signed.exe
- 操作进程命令行:"C:\Program Files (x86)\YOdaoci\YOdaoci\Dict\MFCApplication1.exe_signed.exe"
- 病毒详情:
- 风险路径:mem://4380-0x4465ec87-0x180000000-C:\Program Files (x86)\YOdaoci\YOdaoci\Dict\MFCApplication1.exe_signed.exe, 病毒名:TrojanDownloader/Agent.are, 病毒ID:152662447c68eeaf, 处理结果:处理成功,进程已结束
- 风险路径:mem://4380-0x4465ec87-0x26846b80000-C:\Program Files (x86)\YOdaoci\YOdaoci\Dict\MFCApplication1.exe_signed.exe, 病毒名:TrojanDownloader/Agent.are, 病毒ID:152662447c68eeaf, 处理结果:处理失败,进程结束失败
比特浏览器-l.msi -> 文件实时监控捉
- 病毒名称:Trojan/ShellLoader.gc
- 病毒ID:054EF23C291519A1
- 病毒路径:C:\Users\Public\Pictures\FVFDJ\R9b0N~l\libcef.dll
- 操作类型:修改
- 操作结果:已处理,删除文件
谷歌安装包.msi -> MISS
电脑飞机&7.exe -> 环境检测
X-Sec
扫描:5x
- ---------------------
- 2024/06/28 01:41:57 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\6.28\firefox安装.msi -- [rame-tfe] Trojan.Agent!8.B1E
- 2024/06/28 01:42:04 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\6.28\letes-test.msi -- [rame-topis] Virus.Ramnit/VBS!8.132A8
- 2024/06/28 01:42:35 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\6.28\Potato-Desktop_WIN64.msi -- [rame-classic] Trojan.Injector!1.F9E7
- 2024/06/28 01:42:35 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\6.28\rar解压缩_inst_1800_1_31_11304.msi -- [rame-classic] Trojan.Evasion/SFACTORY!1.E9F4
- 2024/06/28 01:42:35 Threat Detected: C:\Users\UnknownOoo\Downloads\Compressed\6.28\Setup.exe -- [rame-classic] Malware.FakeXLS/ICON!1.6AC3
|
发表于 2024-6-28 00:20:29
