精睿样本测试（16.9.26）

显示全部楼层 · 发表于 2016-9-26 09:14:40

地址：

https://pan.baidu.com/s/1pLhbMgb 提取密码 ikd6
http://www.vdisk.cn/down/index/19735295

密码：bbs.vc52.cn
数量：50

显示全部楼层 · 发表于 2016-9-26 09:16:18

本帖最后由 Eset小粉絲于 2016-9-26 09:22 编辑

AVIRA 28X

[mw_shl_code=css,true]Start of the scan: Monday, 26 September, 2016  09:20

Starting the file scan:

Begin scan in 'C:\Users\User\Desktop\2016.9.26'
C:\Users\User\Desktop\2016.9.26\03.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Krypt.922162 Java script virus
C:\Users\User\Desktop\2016.9.26\05.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Locky.72250 Java script virus
C:\Users\User\Desktop\2016.9.26\08.vir
  [DETECTION] Contains recognition pattern of the HTML/ExpKit.Gen2 HTML script virus
C:\Users\User\Desktop\2016.9.26\12.vir
  [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\Users\User\Desktop\2016.9.26\14.vir
  [DETECTION] Is the TR/AD.VBCryptor.qbif Trojan
C:\Users\User\Desktop\2016.9.26\15.vir
  [DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
C:\Users\User\Desktop\2016.9.26\16.vir
  [DETECTION] Contains virus patterns of Adware ADWARE/FileFinder.npzaa
C:\Users\User\Desktop\2016.9.26\18.vir
[0] Archive type: ZIP
--> word/vbaProject.bin
      [DETECTION] Contains code of the VBA/Dldr.Agent.N virus
      [WARNING] Infected files in archives cannot be repaired
C:\Users\User\Desktop\2016.9.26\19.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Locky.72251 Java script virus
C:\Users\User\Desktop\2016.9.26\21.vir
[0] Archive type: ZIP
--> word/vbaProject.bin
      [DETECTION] Contains code of the VBA/Dldr.Agent.N virus
      [WARNING] Infected files in archives cannot be repaired
C:\Users\User\Desktop\2016.9.26\22.vir
  [DETECTION] Is the TR/Crypt.Xpack.owman Trojan
C:\Users\User\Desktop\2016.9.26\23.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Krypt.921163 Java script virus
C:\Users\User\Desktop\2016.9.26\28.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Locky.72250 Java script virus
C:\Users\User\Desktop\2016.9.26\30.vir
  [DETECTION] Is the TR/Rogue.20484.1 Trojan
C:\Users\User\Desktop\2016.9.26\31.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Locky.72250 Java script virus
C:\Users\User\Desktop\2016.9.26\33.vir
[0] Archive type: ZIP
--> word/vbaProject.bin
      [DETECTION] Contains code of the VBA/Dldr.Agent.N virus
      [WARNING] Infected files in archives cannot be repaired
C:\Users\User\Desktop\2016.9.26\34.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Locky.72251 Java script virus
C:\Users\User\Desktop\2016.9.26\35.vir
  [DETECTION] Is the TR/Dropper.Gen2 Trojan
C:\Users\User\Desktop\2016.9.26\36.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Locky.72250 Java script virus
C:\Users\User\Desktop\2016.9.26\38.vir
[0] Archive type: ZIP
--> QHCNclpr.class
      [DETECTION] Contains recognition pattern of the JAVA/Dldr.Banload.AB Java virus
      [WARNING] Infected files in archives cannot be repaired
C:\Users\User\Desktop\2016.9.26\39.vir
[0] Archive type: ZIP
--> word/vbaProject.bin
      [DETECTION] Contains code of the VBA/Dldr.Agent.N virus
      [WARNING] Infected files in archives cannot be repaired
C:\Users\User\Desktop\2016.9.26\40.vir
[0] Archive type: ACE
--> IMG_9759.exe
      [DETECTION] Is the TR/Dropper.VB.saizz Trojan
      [WARNING] Infected files in archives cannot be repaired
C:\Users\User\Desktop\2016.9.26\41.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Locky.DHF Java script virus
C:\Users\User\Desktop\2016.9.26\44.vir
  [DETECTION] Is the TR/Crypt.Xpack.clmwv Trojan
C:\Users\User\Desktop\2016.9.26\45.vir
  [DETECTION] Is the TR/Crypt.Xpack.kjngd Trojan
C:\Users\User\Desktop\2016.9.26\46.vir
[0] Archive type: ACE
--> IMG_9756.exe
      [DETECTION] Is the TR/Dropper.VB.saizz Trojan
      [WARNING] Infected files in archives cannot be repaired
C:\Users\User\Desktop\2016.9.26\48.vir
[0] Archive type: ZIP
--> Order purchase for the month.exe
      [DETECTION] Is the TR/Dropper.VB.yvknu Trojan
      [WARNING] Infected files in archives cannot be repaired
C:\Users\User\Desktop\2016.9.26\50.vir
  [DETECTION] Is the TR/Crypt.XPACK.Gen7 Trojan[/mw_shl_code]

显示全部楼层 · 发表于 2016-9-26 09:17:36

MSE

[mw_shl_code=css,true]Scan started on Mon Sep 26 09:16:41 2016

C:\Users\XuanXia\Desktop\2016.9.26\08.vir                                  Infected: TrojanDownloader:JS/Nemucod
C:\Users\XuanXia\Desktop\2016.9.26\09.vir                                  Infected: Trojan:VBS/Movanide.A
C:\Users\XuanXia\Desktop\2016.9.26\12.vir                                  Suspicious: VirTool:Win32/Obfuscator.XZ [submit_sample]
C:\Users\XuanXia\Desktop\2016.9.26\15.vir                                  Infected: Worm:Win32/Kalockan.A
C:\Users\XuanXia\Desktop\2016.9.26\17.vir                                  Infected: Trojan:Win32/Pdfphish
C:\Users\XuanXia\Desktop\2016.9.26\18.vir                                  Infected: TrojanDownloader:O97M/Donoff!rfn
C:\Users\XuanXia\Desktop\2016.9.26\21.vir->word/vbaProject.bin             Infected: TrojanDownloader:O97M/Donoff.CJ
C:\Users\XuanXia\Desktop\2016.9.26\22.vir                                  Infected: Ransom:Win32/Locky.A
C:\Users\XuanXia\Desktop\2016.9.26\23.vir                                  Infected: TrojanDownloader:JS/Swabfex.C
C:\Users\XuanXia\Desktop\2016.9.26\24.vir->(SCRIPT0000)                   Infected: Trojan:HTML/Phishbank.AC
C:\Users\XuanXia\Desktop\2016.9.26\31.vir                                  Infected: TrojanDownloader:JS/Nemucod
C:\Users\XuanXia\Desktop\2016.9.26\32.vir->GVNaegij.class                   Infected: TrojanDownloader:Java/Banload!rfn
C:\Users\XuanXia\Desktop\2016.9.26\33.vir->word/vbaProject.bin             Infected: TrojanDownloader:O97M/Donoff.CJ
C:\Users\XuanXia\Desktop\2016.9.26\38.vir->QHCNclpr.class                   Infected: TrojanDownloader:Java/Banload!rfn
C:\Users\XuanXia\Desktop\2016.9.26\39.vir->word/vbaProject.bin             Infected: TrojanDownloader:O97M/Donoff.CJ
C:\Users\XuanXia\Desktop\2016.9.26\41.vir                                  Infected: TrojanDownloader:JS/Swabfex.C
C:\Users\XuanXia\Desktop\2016.9.26\42.vir                                  Infected: Worm:VBS/Jenxcus
C:\Users\XuanXia\Desktop\2016.9.26\44.vir                                  Infected: Ransom:Win32/Tovicrypt.A
C:\Users\XuanXia\Desktop\2016.9.26\45.vir                                  Infected: Trojan:Win32/Skeeyah.A!rfn
C:\Users\XuanXia\Desktop\2016.9.26\47.vir                                  Infected: Trojan:Win32/Starter.P
C:\Users\XuanXia\Desktop\2016.9.26\48.vir->Order purchase for the month.exe  Infected: Trojan:Win32/Dynamer!ac
Successfully checked: C:\Users\XuanXia\Desktop\2016.9.26

Scan ended on Mon Sep 26 09:17:35 2016

Time: 54 second(s). [0h:00m:54s]
Files/second: 3 (185 Kb/s).
Objects scanned: 177.
Infected: 20. Suspicious: 1. Clean: 156. Different virus bodies: 15.
Files: 50. Directories: 1. Archives: 13. Packed: 3. Mail files: 0.
Warnings: 21. Scan errors: 0. Protected: 0. Damaged: 0. Unknown method: 0. Spanned: 0.[/mw_shl_code]

显示全部楼层 · 发表于 2016-9-26 09:21:59

本帖最后由狐狸糊涂于 2016-9-26 09:29 编辑

BD杀29，余21

[mw_shl_code=css,true]C:\Users\longl\Desktop\2016.9.26\03.vir Trojan.GenericKD.3544952 Deleted
C:\Users\longl\Desktop\2016.9.26\21.vir W97M.Downloader.EKA Deleted
C:\Users\longl\Desktop\2016.9.26\33.vir=>word/vbaProject.bin W97M.Downloader.EJZ Disinfected
C:\Users\longl\Desktop\2016.9.26\12.vir Gen:Trojan.Heur.LP.iG5@aOpdOZ Deleted
C:\Users\longl\Desktop\2016.9.26\27.vir=>META-INF/CERT.RSA Android.Trojan.Banker.gQLO Deleted
C:\Users\longl\Desktop\2016.9.26\18.vir=>word/vbaProject.bin VBA:Trojan.VBA.Downloader.AP Disinfected
C:\Users\longl\Desktop\2016.9.26\15.vir Gen:Variant.Kazy.8643 Deleted
C:\Users\longl\Desktop\2016.9.26\29.vir=>(objdata)=>(ShockwaveFlash.ShockwaveFlash.13)=>(Flash) Exploit.RTF-DOC-SWF.Gen Moved to Quarantine
C:\Users\longl\Desktop\2016.9.26\13.vir Trojan.PDF.Phishing.BI Deleted
C:\Users\longl\Desktop\2016.9.26\31.vir Trojan.JS.Downloader.FPQ Deleted
C:\Users\longl\Desktop\2016.9.26\34.vir Trojan.VBS.UWL Deleted
C:\Users\longl\Desktop\2016.9.26\05.vir Trojan.JS.Downloader.FQD Deleted
C:\Users\longl\Desktop\2016.9.26\23.vir Generic.JS.NemucodA.1C57C34B Deleted
C:\Users\longl\Desktop\2016.9.26\41.vir Trojan.JS.RQI Deleted
C:\Users\longl\Desktop\2016.9.26\36.vir Trojan.JS.Downloader.FQD Deleted
C:\Users\longl\Desktop\2016.9.26\40.vir=>IMG_9759.exe Gen:Variant.Symmi.68042 Moved to Quarantine
C:\Users\longl\Desktop\2016.9.26\39.vir=>word/vbaProject.bin W97M.Downloader.EJZ Disinfected
C:\Users\longl\Desktop\2016.9.26\19.vir Trojan.VBS.UWL Deleted
C:\Users\longl\Desktop\2016.9.26\44.vir Trojan.GenericKD.3540736 Deleted
C:\Users\longl\Desktop\2016.9.26\28.vir Trojan.JS.Downloader.FQD Deleted
C:\Users\longl\Desktop\2016.9.26\14.vir Gen:Variant.Graftor.301387 Deleted
C:\Users\longl\Desktop\2016.9.26\50.vir Gen:Variant.Zusy.206395 Deleted
C:\Users\longl\Desktop\2016.9.26\45.vir Trojan.Ransom.BAO Deleted
C:\Users\longl\Desktop\2016.9.26\09.vir Trojan.VBS.Agent.WQ Deleted
C:\Users\longl\Desktop\2016.9.26\46.vir=>IMG_9756.exe Gen:Variant.Symmi.68042 Moved to Quarantine
C:\Users\longl\Desktop\2016.9.26\22.vir Trojan.GenericKD.3545777 Deleted
C:\Users\longl\Desktop\2016.9.26\01.vir Trojan.VBS.Downloader.UI Deleted
C:\Users\longl\Desktop\2016.9.26\48.vir=>Order purchase for the month.exe Trojan.GenericKD.3538304 Deleted
C:\Users\longl\Desktop\2016.9.26\47.vir Trojan.GenericKD.3540530 Deleted
C:\Users\longl\Desktop\2016.9.26\29.vir=>(objdata)=>(Embedded DocFile g)=>(Flash) Exploit.RTF-DOC-SWF.Gen Moved to Quarantine
[/mw_shl_code]

显示全部楼层 · 发表于 2016-9-26 09:22:30

本帖最后由 fireherman 于 2016-9-26 09:25 编辑

ESET-NOD32 ESS 8 [v14176/20160925]

Total kill 35x

解压 kill 25x

[mw_shl_code=css,true]2016-9-26 9:19:41       文件系统实时防护       文件       E:\VirZ\2016.9.26\50.vir       Win32/Injector.DFHF 特洛伊木马的变种       通过删除清除       RAYMOND-9B1A7AC\Raymond       在应用程序新建的文件上发生事件: C:\Program Files\7-Zip\7zG.exe (95CE9136E708712C2A29EE18BE48DD028018B558).       2EDAFB4A55E198E87AAFBA296E0037D19C502D20       2016-9-26 9:19:40
2016-9-26 9:19:40       文件系统实时防护       文件       E:\VirZ\2016.9.26\49.vir       PHP/Agent.HN 特洛伊木马       通过删除清除       RAYMOND-9B1A7AC\Raymond       在应用程序新建的文件上发生事件: C:\Program Files\7-Zip\7zG.exe (95CE9136E708712C2A29EE18BE48DD028018B558).       713CC4FDCB876B3F6054F4429F38F861A3C1F2C5       2016-9-26 9:19:40
2016-9-26 9:19:40       文件系统实时防护       文件       E:\VirZ\2016.9.26\47.vir       Win32/Kovter.C 特洛伊木马       通过删除清除       RAYMOND-9B1A7AC\Raymond       在应用程序新建的文件上发生事件: C:\Program Files\7-Zip\7zG.exe (95CE9136E708712C2A29EE18BE48DD028018B558).       A40215466DB01EE68CB70282A2D0132216E9027F       2016-9-26 9:19:40
2016-9-26 9:19:40       文件系统实时防护       文件       E:\VirZ\2016.9.26\45.vir       Win32/Kryptik.FGNJ 特洛伊木马的变种       通过删除清除       RAYMOND-9B1A7AC\Raymond       在应用程序新建的文件上发生事件: C:\Program Files\7-Zip\7zG.exe (95CE9136E708712C2A29EE18BE48DD028018B558).       1BA8D25BEA57803682A0C27EC58587EEF6B47B60       2016-9-26 9:19:40
2016-9-26 9:19:40       文件系统实时防护       文件       E:\VirZ\2016.9.26\44.vir       Win32/Filecoder.CryptProjectXXX.H 特洛伊木马       通过删除清除       RAYMOND-9B1A7AC\Raymond       在应用程序新建的文件上发生事件: C:\Program Files\7-Zip\7zG.exe (95CE9136E708712C2A29EE18BE48DD028018B558).       51873AEC1C20C574A8A21E224A1C86BBA595E29C       2016-9-26 9:19:40
2016-9-26 9:19:40       文件系统实时防护       文件       E:\VirZ\2016.9.26\43.vir       Win32/Agent.SAS 特洛伊木马       通过删除清除       RAYMOND-9B1A7AC\Raymond       在应用程序新建的文件上发生事件: C:\Program Files\7-Zip\7zG.exe (95CE9136E708712C2A29EE18BE48DD028018B558).       B67B1107A658D66C398301E40E368A31516F9157       2016-9-26 9:19:39
2016-9-26 9:19:39       文件系统实时防护       文件       E:\VirZ\2016.9.26\42.vir       VBS/Agent.NHT 蠕虫       通过删除清除       RAYMOND-9B1A7AC\Raymond       在应用程序新建的文件上发生事件: C:\Program Files\7-Zip\7zG.exe (95CE9136E708712C2A29EE18BE48DD028018B558).       3BCC7DAC39D2513428E2A2DD90B47B6762380D0C       2016-9-26 9:19:39
2016-9-26 9:19:39       文件系统实时防护       文件       E:\VirZ\2016.9.26\41.vir       JS/TrojanDownloader.Nemucod.AYZ 特洛伊木马       通过删除清除       RAYMOND-9B1A7AC\Raymond       在应用程序新建的文件上发生事件: C:\Program Files\7-Zip\7zG.exe (95CE9136E708712C2A29EE18BE48DD028018B558).       E93A63830D1C4B44BA9781DE31272E00553CF43D       2016-9-26 9:19:39
2016-9-26 9:19:39       文件系统实时防护       文件       E:\VirZ\2016.9.26\36.vir       JS/TrojanDownloader.Nemucod.AYT 特洛伊木马       通过删除清除       RAYMOND-9B1A7AC\Raymond       在应用程序新建的文件上发生事件: C:\Program Files\7-Zip\7zG.exe (95CE9136E708712C2A29EE18BE48DD028018B558).       7669B0A747D757FD2D84E547131F25AD0D459CFB       2016-9-26 9:19:39
2016-9-26 9:19:39       文件系统实时防护       文件       E:\VirZ\2016.9.26\34.vir       JS/TrojanDownloader.Nemucod.BAI 特洛伊木马       通过删除清除       RAYMOND-9B1A7AC\Raymond       在应用程序新建的文件上发生事件: C:\Program Files\7-Zip\7zG.exe (95CE9136E708712C2A29EE18BE48DD028018B558).       13BFA08609CD263D03062B376DA196278032617A       2016-9-26 9:19:39
2016-9-26 9:19:39       文件系统实时防护       文件       E:\VirZ\2016.9.26\31.vir       JS/TrojanDownloader.Nemucod.AYT 特洛伊木马       通过删除清除       RAYMOND-9B1A7AC\Raymond       在应用程序新建的文件上发生事件: C:\Program Files\7-Zip\7zG.exe (95CE9136E708712C2A29EE18BE48DD028018B558).       CE0D1B0266CF890408DFEDB0FB5F8455CD1BF2CE       2016-9-26 9:19:39
2016-9-26 9:19:39       文件系统实时防护       文件       E:\VirZ\2016.9.26\28.vir       JS/TrojanDownloader.Nemucod.AYT 特洛伊木马       通过删除清除       RAYMOND-9B1A7AC\Raymond       在应用程序新建的文件上发生事件: C:\Program Files\7-Zip\7zG.exe (95CE9136E708712C2A29EE18BE48DD028018B558).       8164E1699A535FAF970B02AFEB9FD752A9DDFAD3       2016-9-26 9:19:38
2016-9-26 9:19:38       文件系统实时防护       文件       E:\VirZ\2016.9.26\23.vir       JS/TrojanDownloader.Nemucod.AZX 特洛伊木马       通过删除清除       RAYMOND-9B1A7AC\Raymond       在应用程序新建的文件上发生事件: C:\Program Files\7-Zip\7zG.exe (95CE9136E708712C2A29EE18BE48DD028018B558).       C2B3C345557B8C0DB5C8561D3E40D0870BFED5C0       2016-9-26 9:19:38
2016-9-26 9:19:38       文件系统实时防护       文件       E:\VirZ\2016.9.26\22.vir       Win32/Filecoder.Locky.H 特洛伊木马       通过删除清除       RAYMOND-9B1A7AC\Raymond       在应用程序新建的文件上发生事件: C:\Program Files\7-Zip\7zG.exe (95CE9136E708712C2A29EE18BE48DD028018B558).       6CB62835E2F47CF15D61EB025FD5238CBED63713       2016-9-26 9:19:38
2016-9-26 9:19:38       文件系统实时防护       文件       E:\VirZ\2016.9.26\20.vir       HTML/Iframe.B 特洛伊木马       已删除       RAYMOND-9B1A7AC\Raymond       在应用程序新建的文件上发生事件: C:\Program Files\7-Zip\7zG.exe (95CE9136E708712C2A29EE18BE48DD028018B558).       8F9051542ED47EB5DF139143D2AAAB097BA8C57D       2016-9-26 9:19:38
2016-9-26 9:19:38       文件系统实时防护       文件       E:\VirZ\2016.9.26\19.vir       JS/TrojanDownloader.Nemucod.BAI 特洛伊木马       通过删除清除       RAYMOND-9B1A7AC\Raymond       在应用程序新建的文件上发生事件: C:\Program Files\7-Zip\7zG.exe (95CE9136E708712C2A29EE18BE48DD028018B558).       0AB8E46617D6AA412DD4979CF1895A608031E79D       2016-9-26 9:19:37
2016-9-26 9:19:37       文件系统实时防护       文件       E:\VirZ\2016.9.26\16.vir       Win32/Adware.FileFinder.K 应用程序的变种       通过删除清除       RAYMOND-9B1A7AC\Raymond       在应用程序新建的文件上发生事件: C:\Program Files\7-Zip\7zG.exe (95CE9136E708712C2A29EE18BE48DD028018B558).       6D1302448E9EC7F88196000D6969A4396659AA0A       2016-9-26 9:19:37
2016-9-26 9:19:37       文件系统实时防护       文件       E:\VirZ\2016.9.26\14.vir       Win32/Injector.DENR 特洛伊木马的变种       通过删除清除       RAYMOND-9B1A7AC\Raymond       在应用程序新建的文件上发生事件: C:\Program Files\7-Zip\7zG.exe (95CE9136E708712C2A29EE18BE48DD028018B558).       0919909FBD5CA04F7075C9A0C73ACB18B8A30CC3       2016-9-26 9:19:37
2016-9-26 9:19:37       文件系统实时防护       文件       E:\VirZ\2016.9.26\10.vir       MSIL/HackTool.DoSer.AW 特洛伊木马的变种       通过删除清除       RAYMOND-9B1A7AC\Raymond       在应用程序新建的文件上发生事件: C:\Program Files\7-Zip\7zG.exe (95CE9136E708712C2A29EE18BE48DD028018B558).       A77C1B2F5EF44029F7FA6F093E227DE0AC125EE8       2016-9-26 9:19:36
2016-9-26 9:19:36       文件系统实时防护       文件       E:\VirZ\2016.9.26\09.vir       VBS/Agent.NKG 蠕虫       通过删除清除       RAYMOND-9B1A7AC\Raymond       在应用程序新建的文件上发生事件: C:\Program Files\7-Zip\7zG.exe (95CE9136E708712C2A29EE18BE48DD028018B558).       8975780AA618F1B93B709DB7BE924282144FC7F4       2016-9-26 9:19:36
2016-9-26 9:19:36       文件系统实时防护       文件       E:\VirZ\2016.9.26\08.vir       JS/TrojanDownloader.Nemucod.AZP 特洛伊木马       通过删除清除       RAYMOND-9B1A7AC\Raymond       在应用程序新建的文件上发生事件: C:\Program Files\7-Zip\7zG.exe (95CE9136E708712C2A29EE18BE48DD028018B558).       CBF7FDFDC5F1057AD23510996A67E5E2167E4283       2016-9-26 9:19:36
2016-9-26 9:19:36       文件系统实时防护       文件       E:\VirZ\2016.9.26\07.vir       VBA/TrojanDownloader.Agent.BTT 特洛伊木马       已清除       RAYMOND-9B1A7AC\Raymond       在应用程序新建的文件上发生事件: C:\Program Files\7-Zip\7zG.exe (95CE9136E708712C2A29EE18BE48DD028018B558).       215D3738BB0B6C3C9E331A622BBA5FB10E020DC9       2016-9-26 9:19:36
2016-9-26 9:19:36       文件系统实时防护       文件       E:\VirZ\2016.9.26\05.vir       JS/TrojanDownloader.Nemucod.AYT 特洛伊木马       通过删除清除       RAYMOND-9B1A7AC\Raymond       在应用程序新建的文件上发生事件: C:\Program Files\7-Zip\7zG.exe (95CE9136E708712C2A29EE18BE48DD028018B558).       0766662BD7997323F98BA87F90C65C0DEC4B0406       2016-9-26 9:19:36
2016-9-26 9:19:36       文件系统实时防护       文件       E:\VirZ\2016.9.26\03.vir       JS/TrojanDownloader.Nemucod.BAK 特洛伊木马       通过删除清除       RAYMOND-9B1A7AC\Raymond       在应用程序新建的文件上发生事件: C:\Program Files\7-Zip\7zG.exe (95CE9136E708712C2A29EE18BE48DD028018B558).       19FED6BB6F02A8B15DF1F5AE5C73D35B0C7B6A08       2016-9-26 9:19:36
2016-9-26 9:19:36       文件系统实时防护       文件       E:\VirZ\2016.9.26\01.vir       VBS/Kryptik.GC 特洛伊木马       通过删除清除       RAYMOND-9B1A7AC\Raymond       在应用程序新建的文件上发生事件: C:\Program Files\7-Zip\7zG.exe (95CE9136E708712C2A29EE18BE48DD028018B558).       375E568ABD52700F0DE509C215F83786125582A3       2016-9-26 9:19:35[/mw_shl_code]

右键二扫 kill 10x

[mw_shl_code=css,true]E:\VirZ\2016.9.26\18.vir > ZIP > word/vbaProject.bin - VBA/TrojanDownloader.Agent.BTR 特洛伊木马 - 扫描完成后再选择处理方式
E:\VirZ\2016.9.26\21.vir > ZIP > word/vbaProject.bin - VBA/TrojanDownloader.Agent.BTR 特洛伊木马 - 扫描完成后再选择处理方式
E:\VirZ\2016.9.26\27.vir > ZIP > classes.dex - Android/Spy.Agent.LX 特洛伊木马的变种 - 扫描完成后再选择处理方式
E:\VirZ\2016.9.26\32.vir > ZIP > GVNaegij.class - Java/TrojanDownloader.Banload.AK 特洛伊木马的变种 - 通过删除清除
E:\VirZ\2016.9.26\33.vir > ZIP > word/vbaProject.bin - VBA/TrojanDownloader.Agent.BTR 特洛伊木马 - 扫描完成后再选择处理方式
E:\VirZ\2016.9.26\38.vir > ZIP > QHCNclpr.class - Java/TrojanDownloader.Banload.AK 特洛伊木马的变种 - 通过删除清除
E:\VirZ\2016.9.26\39.vir > ZIP > word/vbaProject.bin - VBA/TrojanDownloader.Agent.BTR 特洛伊木马 - 扫描完成后再选择处理方式
E:\VirZ\2016.9.26\40.vir > ACE > IMG_9759.exe - Win32/Injector.DFFR 特洛伊木马的变种 - 扫描完成后再选择处理方式
E:\VirZ\2016.9.26\40.vir > ACE >  - 压缩文件已损坏
E:\VirZ\2016.9.26\46.vir > ACE > IMG_9756.exe - Win32/Injector.DFFR 特洛伊木马的变种 - 扫描完成后再选择处理方式
E:\VirZ\2016.9.26\46.vir > ACE >  - 压缩文件已损坏
E:\VirZ\2016.9.26\48.vir > ZIP > Order purchase for the month.exe - MSIL/Autorun.Spy.Agent.AU 蠕虫 - 已删除
E:\VirZ\2016.9.26\18.vir > ZIP > word/vbaProject.bin - VBA/TrojanDownloader.Agent.BTR 特洛伊木马 - 已删除
E:\VirZ\2016.9.26\21.vir > ZIP > word/vbaProject.bin - VBA/TrojanDownloader.Agent.BTR 特洛伊木马 - 已删除
E:\VirZ\2016.9.26\27.vir > ZIP > classes.dex - Android/Spy.Agent.LX 特洛伊木马的变种 - 已删除
E:\VirZ\2016.9.26\33.vir > ZIP > word/vbaProject.bin - VBA/TrojanDownloader.Agent.BTR 特洛伊木马 - 已删除
E:\VirZ\2016.9.26\39.vir > ZIP > word/vbaProject.bin - VBA/TrojanDownloader.Agent.BTR 特洛伊木马 - 已删除
E:\VirZ\2016.9.26\40.vir > ACE > IMG_9759.exe - Win32/Injector.DFFR 特洛伊木马的变种 - 已删除
E:\VirZ\2016.9.26\40.vir > ACE >  - 压缩文件已损坏
E:\VirZ\2016.9.26\46.vir > ACE > IMG_9756.exe - Win32/Injector.DFFR 特洛伊木马的变种 - 已删除
E:\VirZ\2016.9.26\46.vir > ACE >  - 压缩文件已损坏[/mw_shl_code]

显示全部楼层 · 发表于 2016-9-26 09:23:40

扫描时间：[2016-09-26 09:23:09]
扫描用时：[00:00:08]
扫描类型：自定义查杀
扫描文件总数：170
扫描速度：18文件/秒
发现威胁：5个
清除威胁：5个
=============================================
[2016-09-26 09:23:26]
威胁：f:\浏览器下载\2016.9.26\48.vir/<a:zip>/order purchase for the month.exe
类型：win32.troj.generickd.v.(kcloud)
处理方式：删除

[2016-09-26 09:23:26]
威胁：f:\浏览器下载\2016.9.26\12.vir
类型：win32.heur.kvmh004.a
处理方式：删除

[2016-09-26 09:23:26]
威胁：f:\浏览器下载\2016.9.26\35.vir
类型：win32.heur.kvm003.a
处理方式：删除

[2016-09-26 09:23:26]
威胁：f:\浏览器下载\2016.9.26\43.vir
类型：win32.heur.kvmh004.a
处理方式：删除

[2016-09-26 09:23:26]
威胁：f:\浏览器下载\2016.9.26\45.vir
类型：win32.heur.kvmh004.a
处理方式：删除

显示全部楼层 · 发表于 2016-9-26 09:24:07

显示全部楼层 · 发表于 2016-9-26 09:31:09

本帖最后由 T.Yoshiyuki 于 2016-9-26 09:32 编辑

BD kill 29x (fix 3x)

[mw_shl_code=css,true]Object Path Threat Name Final Status

D:\TEST\daily\2016.9.26\13.vir.pdf Trojan.PDF.Phishing.BI Deleted
D:\TEST\daily\2016.9.26\01.vir Trojan.VBS.Downloader.UI Deleted
D:\TEST\daily\2016.9.26\48.vir.zip=>Order purchase for the month.exe Trojan.GenericKD.3538304 Deleted
D:\TEST\daily\2016.9.26\14.vir.exe Gen:Variant.Graftor.301387 Deleted
D:\TEST\daily\2016.9.26\50.vir.exe Gen:Variant.Zusy.206395 Deleted
D:\TEST\daily\2016.9.26\23.vir Generic.JS.NemucodA.1C57C34B Deleted
D:\TEST\daily\2016.9.26\39.vir.docx=>word/vbaProject.bin W97M.Downloader.EJZ Disinfected
D:\TEST\daily\2016.9.26\41.vir Trojan.JS.RQI Deleted
D:\TEST\daily\2016.9.26\05.vir Trojan.JS.Downloader.FQD Deleted
D:\TEST\daily\2016.9.26\47.vir.exe Trojan.GenericKD.3540530 Deleted
D:\TEST\daily\2016.9.26\29.vir.rtf=>(objdata)=>(Embedded DocFile g)=>(Flash) Exploit.RTF-DOC-SWF.Gen Moved to Quarantine
D:\TEST\daily\2016.9.26\46.vir=>IMG_9756.exe Gen:Variant.Symmi.68042 Moved to Quarantine
D:\TEST\daily\2016.9.26\28.vir Trojan.JS.Downloader.FQD Deleted
D:\TEST\daily\2016.9.26\45.vir.dll Trojan.Ransom.BAO Deleted
D:\TEST\daily\2016.9.26\29.vir.rtf=>(objdata)=>(ShockwaveFlash.ShockwaveFlash.13)=>(Flash) Exploit.RTF-DOC-SWF.Gen Moved to Quarantine
D:\TEST\daily\2016.9.26\44.vir.exe Trojan.GenericKD.3540736 Deleted
D:\TEST\daily\2016.9.26\36.vir Trojan.JS.Downloader.FQD Deleted
D:\TEST\daily\2016.9.26\40.vir=>IMG_9759.exe Gen:Variant.Symmi.68042 Moved to Quarantine
D:\TEST\daily\2016.9.26\21.vir.docx W97M.Downloader.EKA Deleted
D:\TEST\daily\2016.9.26\33.vir.docx=>word/vbaProject.bin W97M.Downloader.EJZ Disinfected
D:\TEST\daily\2016.9.26\18.vir.docx=>word/vbaProject.bin VBA:Trojan.VBA.Downloader.AP Disinfected
D:\TEST\daily\2016.9.26\34.vir Trojan.VBS.UWL Deleted
D:\TEST\daily\2016.9.26\31.vir Trojan.JS.Downloader.FPQ Deleted
D:\TEST\daily\2016.9.26\27.vir.zip=>META-INF/CERT.RSA Android.Trojan.Banker.gQLO Deleted
D:\TEST\daily\2016.9.26\19.vir Trojan.VBS.UWL Deleted
D:\TEST\daily\2016.9.26\12.vir.dll Gen:Trojan.Heur.LP.iG5@aOpdOZ Deleted
D:\TEST\daily\2016.9.26\22.vir.dll Trojan.GenericKD.3545777 Deleted
D:\TEST\daily\2016.9.26\09.vir Trojan.VBS.Agent.WQ Deleted
D:\TEST\daily\2016.9.26\15.vir.exe Gen:Variant.Kazy.8643 Deleted
D:\TEST\daily\2016.9.26\03.vir Trojan.GenericKD.3544952 Deleted

Scanned items : 200
Infected items : 30
Suspicious items : 0 (no suspected items have been detected)
Resolved items : 30
Unresolved items : 0 (no issues remained unresolved)[/mw_shl_code]

显示全部楼层 · 发表于 2016-9-26 09:34:21

本帖最后由挥泪斩情思于 2016-9-26 09:40 编辑

dr.web

显示全部楼层 · 发表于 2016-9-26 09:37:31

南海游仙发表于 2016-9-26 09:24

你和楼上重复了。

[病毒样本] 精睿样本测试（16.9.26）

评分

评分

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源