精睿论坛样本测试（12.12）

显示全部楼层 · 发表于 2011-12-12 18:56:50

样本地址：http://d.119g.com/f/7D95D586C6DD3194.html

样本密码：Pain past is pleasure.

样本数量：100

显示全部楼层 · 发表于 2011-12-12 18:57:27

本帖最后由 ckc 于 2011-12-12 19:21 编辑

大蜘蛛发现78威胁，剩余26（其中12、42、86已经清毒）剩余正在上报

显示全部楼层 · 发表于 2011-12-12 19:08:46

kingsoft kill76 ok

显示全部楼层 · 发表于 2011-12-12 19:26:51

本帖最后由 hx1997 于 2011-12-12 19:31 编辑

ESET killed 81×, missed 19×.

To ESET.

感染文件已删除。

显示全部楼层 · 发表于 2011-12-12 19:42:10

Malcide Security
Version - 1.0.277
Genetic Database - 2011/12/11 20:42:08
Urgent Database - 2011/12/12 18:27:34

Scanning now...
Date - 2011/12/12 Time - 19:37:27
Target:
C:\Users\Gateway\Desktop\vc521212

C:\Users\Gateway\Desktop\vc521212\vc52BillLab-1.vc52 - A variant of Win32/Clicker.VB.NVG TROJAN
C:\Users\Gateway\Desktop\vc521212\vc52BillLab-10.vc52 - Win32/HEUR.ModifiedPE RISK PROGRAM
C:\Users\Gateway\Desktop\vc521212\vc52BillLab-12.vc52 - Win32/HEUR.ModifiedPE RISK PROGRAM
C:\Users\Gateway\Desktop\vc521212\vc52BillLab-13.vc52 > UPX - Suspected of Win32/Mydoom.M WORM
C:\Users\Gateway\Desktop\vc521212\vc52BillLab-14.vc52 - Win32/HEUR.ModifiedPE RISK PROGRAM
C:\Users\Gateway\Desktop\vc521212\vc52BillLab-15.vc52 - A variant of Win32/Clicker.VB.NVG TROJAN
C:\Users\Gateway\Desktop\vc521212\vc52BillLab-17.vc52 - Win32/Dropper.HEUR.Suspicious RISK PROGRAM
C:\Users\Gateway\Desktop\vc521212\vc52BillLab-20.vc52 - Win32/HEUR.ModifiedPE RISK PROGRAM
C:\Users\Gateway\Desktop\vc521212\vc52BillLab-25.vc52 - Win32/Packed.VMProtect.A RISK PROGRAM
C:\Users\Gateway\Desktop\vc521212\vc52BillLab-26.vc52 - A variant of Win32/MALWARE.Gen.C MALWARE
C:\Users\Gateway\Desktop\vc521212\vc52BillLab-28.vc52 - Win32/HEUR.Unknown TROJAN
C:\Users\Gateway\Desktop\vc521212\vc52BillLab-3.vc52 - Win32/PolyCrypt.A TROJAN
C:\Users\Gateway\Desktop\vc521212\vc52BillLab-30.vc52 > ASPACK - Possibly a variant of Win32/Spatet.A TROJAN
C:\Users\Gateway\Desktop\vc521212\vc52BillLab-36.vc52 > ASPACK - A variant of Win32/Clicker.VB.NVG TROJAN
C:\Users\Gateway\Desktop\vc521212\vc52BillLab-37.vc52 > UPX - Win32/Dropper.HEUR.Suspicious RISK PROGRAM
C:\Users\Gateway\Desktop\vc521212\vc52BillLab-39.vc52 > UPX - Win32/Dropper.HEUR.Suspicious RISK PROGRAM
C:\Users\Gateway\Desktop\vc521212\vc52BillLab-40.vc52 - Win32/Dropper.HEUR.Suspicious RISK PROGRAM
C:\Users\Gateway\Desktop\vc521212\vc52BillLab-41.vc52 > UPX - Win32/Dropper.HEUR.Suspicious RISK PROGRAM
C:\Users\Gateway\Desktop\vc521212\vc52BillLab-42.vc52 - A variant of Win32/Dropper.B TROJAN
C:\Users\Gateway\Desktop\vc521212\vc52BillLab-47.vc52 - Win32/HEUR.Unknown TROJAN
C:\Users\Gateway\Desktop\vc521212\vc52BillLab-48.vc52 - Win32/HEUR.Crypted.A TROJAN
C:\Users\Gateway\Desktop\vc521212\vc52BillLab-52.vc52 - A variant of Win32/Boinberg.A WORM
C:\Users\Gateway\Desktop\vc521212\vc52BillLab-53.vc52 - Win32/HEUR.Unknown TROJAN
C:\Users\Gateway\Desktop\vc521212\vc52BillLab-54.vc52 > UPX - Win32/HEUR.ModifiedPE RISK PROGRAM
C:\Users\Gateway\Desktop\vc521212\vc52BillLab-59.vc52 - A variant of Win32/Clicker.VB.NVG TROJAN
C:\Users\Gateway\Desktop\vc521212\vc52BillLab-65.vc52 > UPX - Win32/Dropper.HEUR.Suspicious RISK PROGRAM
C:\Users\Gateway\Desktop\vc521212\vc52BillLab-66.vc52 - Win32/HEUR.ModifiedPE RISK PROGRAM
C:\Users\Gateway\Desktop\vc521212\vc52BillLab-68.vc52 - Win32/HEUR.Unknown TROJAN
C:\Users\Gateway\Desktop\vc521212\vc52BillLab-69.vc52 - Win32/HEUR.Unknown TROJAN
C:\Users\Gateway\Desktop\vc521212\vc52BillLab-75.vc52 - Win32/HEUR.ModifiedPE RISK PROGRAM
C:\Users\Gateway\Desktop\vc521212\vc52BillLab-76.vc52 - A variant of Win32/Jorik.Slenfbot.HM TROJAN
C:\Users\Gateway\Desktop\vc521212\vc52BillLab-80.vc52 - Unpacking error (ASPACK)
C:\Users\Gateway\Desktop\vc521212\vc52BillLab-85.vc52 - Win32/HEUR.ModifiedPE RISK PROGRAM
C:\Users\Gateway\Desktop\vc521212\vc52BillLab-87.vc52 - A variant of Win32/Clicker.VB.NVG TROJAN
C:\Users\Gateway\Desktop\vc521212\vc52BillLab-88.vc52 - Win32/HEUR.Unknown TROJAN
C:\Users\Gateway\Desktop\vc521212\vc52BillLab-91.vc52 - Win32/Packed.NSPack.A RISK PROGRAM
C:\Users\Gateway\Desktop\vc521212\vc52BillLab-96.vc52 - Win32/HEUR.Unknown TROJAN
C:\Users\Gateway\Desktop\vc521212\vc52BillLab-97.vc52 - Suspected of Win32/Autoit.NJQ TROJAN
C:\Users\Gateway\Desktop\vc521212\vc52BillLab-99.vc52 - A variant of Win32/PSW.E TROJAN

110 Objects scanned
38 Threats found
Finish time - 19:39:52
Duration - 145 second(s) (00:02:25)

显示全部楼层 · 发表于 2011-12-12 19:51:07

红伞kill90X（包括启发的2X）

启发的2X：
开始在“D:\下载\精睿论坛样本测试（12.12）”中扫描
D:\下载\精睿论坛样本测试（12.12）\vc521212\vc52BillLab-82.vc52
[检测]       包含可疑代码 HEUR/Malware
[注意]       该检测被划定为可疑。
[注意]       一个备份被创建为“4f1aea6c.qua”(隔离区)
D:\下载\精睿论坛样本测试（12.12）\vc521212\vc52BillLab-90.vc52
[检测]       包含可疑代码 HEUR/Malware
[注意]       该检测被划定为可疑。
[注意]       一个备份被创建为“4a351d6d.qua”(隔离区)

显示全部楼层 · 发表于 2011-12-12 19:53:48

本帖最后由 zarkfair 于 2011-12-12 19:54 编辑

avg 79/100

显示全部楼层 · 发表于 2011-12-12 20:10:44

本帖最后由 tomochan 于 2011-12-12 20:15 编辑

GDATA 93/100=93%

金山毒霸90/100=90%(加自动云鉴定）

显示全部楼层 · 发表于 2011-12-12 20:49:39

不明白vipre的统计...

显示全部楼层 · 发表于 2011-12-12 20:52:39

扫描剩余上报红伞，360

[病毒样本] 精睿论坛样本测试（12.12）

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源