勒索1X

显示全部楼层 · 发表于 2024-7-14 00:09:54

Changed Hash
Before：https://www.virustotal.com/gui/f ... f560d1fbfe3c9ff0d2e

34------21

https://pan.xiaomuxi.cn/s/4lZCa

显示全部楼层 · 发表于 2024-7-14 00:14:02

腾讯电脑管家 miss

显示全部楼层 · 发表于 2024-7-14 00:14:07

微软目前机器学习Trojan:Win32/Wacatac.B!ml

显示全部楼层 · 发表于 2024-7-14 00:18:30

本帖最后由 YU2711 于 2024-7-14 00:33 编辑

Trend Micro Run

McAfee Run

显示全部楼层 · 发表于 2024-7-14 00:23:29

飞塔

显示全部楼层 · 发表于 2024-7-14 00:28:55

本帖最后由驭龙于 2024-7-14 15:37 编辑

诺顿V22扫描 MISS2024年7月14日15点36分，已经杀了
Scan Information:
  Virus Defs Version: 2024.07.13.002
  Virus Defs Seq ID: 235527

Scan Statistics:
  Scan Start:
Local: 2024/7/14 15:32
UTC: 2024/7/14 7:32
  Scan Time: 104 seconds
  Scan Targets: D:\virus\explorer
  Counts:
Total items scanned: 2
- Files & Directories: 2
- Registry Entries: 0
- Processes & Startup Items: 0
- Network & Browser Items: 0
- Other: 0
- Trusted Files: 0
- Skipped Files: 0

Total security risks detected: 1
Total items resolved: 1
Total items that require attention: 0

Resolved Threats:
Infostealer
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
Status: Fully Resolved
-----------
12 Registry Entries
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main->Enable Browser Extensions:yes - Repaired
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main->Enable Browser Extensions:yes - Repaired
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main->Enable Browser Extensions:yes - Repaired
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced->Hidden:1 - Repaired
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced->Hidden:1 - Repaired
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced->ShowSuperHidden:1 - Repaired
HKEY_USERS\S-1-5-21-2916869073-1509018794-3703271810-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced->ShowSuperHidden:1 - Repaired
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced->ShowSuperHidden:1 - Repaired
HKEY_USERS\S-1-5-21-2916869073-1509018794-3703271810-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer->NoDriveTypeAutoRun:0 - Repaired
HKEY_USERS\S-1-5-21-2916869073-1509018794-3703271810-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\->NoFolderOptions:0 - Repaired
HKEY_USERS\S-1-5-21-2916869073-1509018794-3703271810-1001\Software\Microsoft\Internet Explorer\Main->Enable Browser Extensions:yes - Repaired
HKEY_USERS\S-1-5-21-2916869073-1509018794-3703271810-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced->Hidden:1 - Repaired
1 Infected File
D:\virus\explorer\explorer.exe - Deleted
1 Browser Cache

显示全部楼层 · 发表于 2024-7-14 00:53:21

本帖最后由 QVM360 于 2024-7-14 01:06 编辑

卡巴双击杀，只有36个文件被加密

火绒双击miss，文件gg

Dear User,
Your files have been securely encrypted.
We have also encrypted files on your computers with military grade algorithms.
If you dont have extensive backups the only way to recover your data is with our software.
Restoration of your data with our software requires a private key which only we possess.
To confirm that our decryption software works send 2 encrypted files from random computers to us via email.
You will receive further instructions after you send us the test files.
We will make sure you retrieve your data swiftly and securely and your data that we downloaded will be securely deleted when our demands are met.
Mail list:
workerbee@tutamail.com
workerant@tutamail.com

复制代码

显示全部楼层 · 发表于 2024-7-14 01:21:47

eset miss，文件被加密

显示全部楼层 · 发表于 2024-7-14 01:26:06

QVM360 发表于 2024-7-14 00:53
卡巴双击杀，只有36个文件被加密

卡巴没有触发回滚吗？

显示全部楼层 · 发表于 2024-7-14 01:31:06

秋日之殇发表于 2024-7-14 01:26
卡巴没有触发回滚吗？

有，但是只回滚了病毒释放的文件

[病毒样本] 勒索1X

评分

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

浏览过的版块