精睿样本测试（15.5.14）

ericdj

蛋挞干掉19个
[mw_shl_code=html,true]Virus check with G DATA INTERNET SECURITY
Version 25.1.0.3 (2015/4/7)
Virus signature dated 2015/5/14
Start time: 2015/5/14 10:52:02
Engine(s): Engine A (AVA 25.1557), Engine B (GD 25.5094)
Heuristics: On
Archives: On
System areas: Off
Check rootkits: Off

Analysis performed in full: 2015/5/14 10:52:30
    40 files checked
    19 infected files detected
    0 suspicious files found

Object: 07.vir
        Path: C:\Users\eric\Desktop\virus\2015.5.14
        Status: Virus detected
        Virus: Gen:Variant.Barys.17670 (Engine A)

Object: 05.vir
        Path: C:\Users\eric\Desktop\virus\2015.5.14
        Status: Virus detected
        Virus: Gen:Variant.Symmi.49793 (Engine A)

Object: 10.vir
        Path: C:\Users\eric\Desktop\virus\2015.5.14
        Status: Virus detected
        Virus: Gen:Variant.Kazy.546336 (Engine A)

Archive: 09.vir
        Path: C:\Users\eric\Desktop\virus\2015.5.14
        Status: Virus detected
        Virus: Gen:Heur.MSIL.Krypt.2, Gen:Variant.Kazy.341621 (Engine A)
        ----------------------------------------------------------------
        Object: VanToM RAT 1.4\Stub\Stub.exe
                In archive: C:\Users\eric\Desktop\virus\2015.5.14\09.vir
                Status: Virus detected
                Virus: Gen:Heur.MSIL.Krypt.2
        Object: VanToM RAT 1.4\VANTOM RAT 1.4.EXE
                In archive: C:\Users\eric\Desktop\virus\2015.5.14\09.vir
                Status: Virus detected
                Virus: Gen:Variant.Kazy.341621
        ----------------------------------------------------------------

Object: 12.vir
        Path: C:\Users\eric\Desktop\virus\2015.5.14
        Status: Junkware (PUP) found
        Virus: Win32.Application.Agent.GUJBCI (Engine B)

Object: 13.vir
        Path: C:\Users\eric\Desktop\virus\2015.5.14
        Status: Virus detected
        Virus: Gen:Variant.Zusy.135834 (Engine A)

Object: 14.vir
        Path: C:\Users\eric\Desktop\virus\2015.5.14
        Status: Virus detected
        Virus: Gen:Variant.Kazy.612082 (Engine A)

Object: 15.vir
        Path: C:\Users\eric\Desktop\virus\2015.5.14
        Status: Virus detected
        Virus: Trojan.Generic.13283677 (Engine A)

Object: 18.vir
        Path: C:\Users\eric\Desktop\virus\2015.5.14
        Status: Virus detected
        Virus: Gen:Variant.Strictor.86055 (Engine A)

Object: 16.vir
        Path: C:\Users\eric\Desktop\virus\2015.5.14
        Status: Virus detected
        Virus: Gen:Variant.Kazy.168601 (Engine A)

Object: 21.vir
        Path: C:\Users\eric\Desktop\virus\2015.5.14
        Status: Virus detected
        Virus: Gen:Variant.Zusy.135834 (Engine A)

Object: 22.vir
        Path: C:\Users\eric\Desktop\virus\2015.5.14
        Status: Virus detected
        Virus: Gen:Variant.Barys.10219 (Engine A)

Object: 27.vir
        Path: C:\Users\eric\Desktop\virus\2015.5.14
        Status: Virus detected
        Virus: Generic.Rebhip.50BF1718 (Engine A)

Object: 31.vir
        Path: C:\Users\eric\Desktop\virus\2015.5.14
        Status: Virus detected
        Virus: Gen:Variant.Barys.20509 (Engine A)

Object: 32.vir
        Path: C:\Users\eric\Desktop\virus\2015.5.14
        Status: Virus detected
        Virus: Gen:Variant.Graftor.182741 (Engine A)

Archive: 30.vir
        Path: C:\Users\eric\Desktop\virus\2015.5.14
        Status: Virus detected
        Virus: Gen:Variant.Strictor.84873 (Engine A)
        ----------------------------------------------------------------
        Object: LockDowN Injector Vasco da Gama V1.0\LockDowN Injector Vasco da Gama V1.0.exe
                In archive: C:\Users\eric\Desktop\virus\2015.5.14\30.vir
                Status: Virus detected
                Virus: Gen:Variant.Strictor.84873
        ----------------------------------------------------------------

Object: 36.vir
        Path: C:\Users\eric\Desktop\virus\2015.5.14
        Status: Virus detected
        Virus: Gen:Variant.Graftor.173529 (Engine A)

Object: 37.vir
        Path: C:\Users\eric\Desktop\virus\2015.5.14
        Status: Virus detected
        Virus: Gen:Variant.Barys.10219 (Engine A)

Archive: 40.vir
        Path: C:\Users\eric\Desktop\virus\2015.5.14
        Status: Virus detected
        Virus: Gen:Variant.Strictor.84873 (Engine A)
        ----------------------------------------------------------------
        Object: LockDowN Injector Grêmio Foot-Ball V1.0\LockDowN Injector Grêmio Foot-Ball V1.0.exe
                In archive: C:\Users\eric\Desktop\virus\2015.5.14\40.vir
                Status: Virus detected
                Virus: Gen:Variant.Strictor.84873
        ----------------------------------------------------------------
[/mw_shl_code]
已上报BD

多管闲事

瑞星 Kill 18 有一个是一个包里报了俩 显示的19.

jayavira

Flying_Bird 发表于 2015-5-14 10:51
三个显示危险的文件均上传至jotti，ESET Found nothing，也就是说应该不是易语言程序。

好吧
看来我猜测错误了

胖福

诺顿扫描检测8个！

心痛的伤不起

fs 杀21.还有一个没修复成功

胖福

补充诺顿双击结果：

直接双击SONAR杀了10个：


30、34、40都是压缩文件，解压后双击解压出来的文件，SONAR杀了30、40解压出来的exe文件：

Ventureminking

下载不了 穿个云盘呗 T T

诸葛亮

火绒11/40
红伞17/40

Luca.l

我擦
[mw_shl_code=html,true]【扫描信息】

开始时间:2015-5-14 13:28:37
扫描用时:00:00:02
扫描类型:指定位置杀毒
扫描引擎:管家云查杀引擎 管家反病毒引擎 Avira本地查杀引擎 管家系统修复引擎
扫描状态:扫描完成


【扫描结果】

扫描文件数:40
发现风险数:6
已处理风险数:6


---------------------
2015-5-14 13:28:50 MD5:566d303d39ae60251b1ad38d096ef84e E:\下载\样本\2015.5.14\13.vir [Win32.Trojan.Generic.wqnf]  [删除成功]
2015-5-14 13:28:50 MD5:15f3cdf5976b319b78330eedc20ee9ee E:\下载\样本\2015.5.14\01.vir [Win32.Trojan.Dropper.Eanr]  [删除成功]
2015-5-14 13:28:50 MD5:ca049038774b161c02d03f41c2dbc266 E:\下载\样本\2015.5.14\02.vir [Win32.Adware.Bidaily.Auto]  [删除成功]
2015-5-14 13:28:51 MD5:8bffa9a8b44b170aa1712cfa377a287d E:\下载\样本\2015.5.14\32.vir [Win32.Trojan.Graftor.Efln]  [删除成功]
2015-5-14 13:28:51 MD5:ea1d7327b28ba3c161ded387dc9e71e3 E:\下载\样本\2015.5.14\36.vir [Win32.Trojan.Graftor.Ajll]  [删除成功]
2015-5-14 13:28:51 MD5:9815d574ebdd10159de112300a66a65c E:\下载\样本\2015.5.14\27.vir [Win32.Trojan.QMSS.087c]  [删除成功]
---------------------
[/mw_shl_code]

ericdj

a1121611810 发表于 2015-5-14 13:29
我擦
[mw_shl_code=html,true]【扫描信息】

试试二扫