精睿样本测试（15.8.17）

神迹般存在

地址：
http://kuai.xunlei.com/d/zuh.AV9Y7lbQVQQAaea
http://pan.baidu.com/s/1pJqsdib 提取密码  yfdb
密码：bbs.vc52.cn
数量：50
-----分割线-----
KIS killed 27X, fixed 5X, missed 18X.
Have sent to Kaspersky Lab.

aboringman

AVIRA kill 36 files
[mw_shl_code=css,true]Begin scan in 'C:\Documents and Settings\Administrator\桌面\2015.8.17'
C:\Documents and Settings\Administrator\桌面\2015.8.17\01.vir
  [DETECTION] Is the TR/AD.Bladabindi.Y.2719 Trojan
C:\Documents and Settings\Administrator\桌面\2015.8.17\02.vir
  [DETECTION] Contains patterns of software PUA/Linkury.iona
C:\Documents and Settings\Administrator\桌面\2015.8.17\03.vir
    [0] Archive type: RAR
    --> JessicaS‮gpj.exe
        [1] Archive type: Portable Executable Resource
      --> SCRIPT
          [2] Archive type: WRAP
        --> AV00000002.AV$
            [3] Archive type: AutoIt
          --> Users\Stéphane\AppData\Local\AutoIt v3\Aut2Exe\autFF87.tmp
              [DETECTION] Contains recognition pattern of the DR/Autoit.A.12173 dropper
              [WARNING]   Infected files in archives cannot be repaired
    --> C:\Documents and Settings\Administrator\桌面\2015.8.17\05.vir
        [1] Archive type: ZIP
      --> PO119021.scr
          [DETECTION] Is the TR/Dropper.A.6695 Trojan
          [WARNING]   Infected files in archives cannot be repaired
C:\Documents and Settings\Administrator\桌面\2015.8.17\05.vir
  [DETECTION] Is the TR/Dropper.A.6695 Trojan
C:\Documents and Settings\Administrator\桌面\2015.8.17\06.vir
  [DETECTION] Contains patterns of software PUA/DomaIQ.Gen7
C:\Documents and Settings\Administrator\桌面\2015.8.17\07.vir
  [DETECTION] Is the TR/Dropper.Gen7 Trojan
    --> C:\Documents and Settings\Administrator\桌面\2015.8.17\08.vir
        [1] Archive type: RAR
      --> Hydro.exe
          [DETECTION] Contains a recognition pattern of the (harmful) BDS/Bladabindi.dcrj back-door program
          [WARNING]   Infected files in archives cannot be repaired
C:\Documents and Settings\Administrator\桌面\2015.8.17\08.vir
  [DETECTION] Contains a recognition pattern of the (harmful) BDS/Bladabindi.dcrj back-door program
C:\Documents and Settings\Administrator\桌面\2015.8.17\09.vir
  [DETECTION] Is the TR/Dropper.Gen Trojan
C:\Documents and Settings\Administrator\桌面\2015.8.17\10.vir
  [DETECTION] Is the TR/Tinba.126976.1 Trojan
C:\Documents and Settings\Administrator\桌面\2015.8.17\14.vir
  [DETECTION] Is the TR/Patched.Gen Trojan
C:\Documents and Settings\Administrator\桌面\2015.8.17\16.vir
  [DETECTION] Is the TR/Mdrop.311296.19 Trojan
C:\Documents and Settings\Administrator\桌面\2015.8.17\17.vir
  [DETECTION] Is the TR/Dropper.MSIL.185993 Trojan
C:\Documents and Settings\Administrator\桌面\2015.8.17\18.vir
  [DETECTION] Contains patterns of software PUA/DomaIQ.Gen
C:\Documents and Settings\Administrator\桌面\2015.8.17\19.vir
  [DETECTION] Is the TR/Black.Gen2 Trojan
C:\Documents and Settings\Administrator\桌面\2015.8.17\20.vir
  [DETECTION] Is the TR/CryptoLocker.Y Trojan
C:\Documents and Settings\Administrator\桌面\2015.8.17\21.vir
  [DETECTION] Is the TR/Hijacker.Gen Trojan
C:\Documents and Settings\Administrator\桌面\2015.8.17\22.vir
  [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\Documents and Settings\Administrator\桌面\2015.8.17\23.vir
  [DETECTION] Is the TR/Dropper.Gen7 Trojan
C:\Documents and Settings\Administrator\桌面\2015.8.17\24.vir
  [DETECTION] Is the TR/Dropper.Gen Trojan
C:\Documents and Settings\Administrator\桌面\2015.8.17\26.vir
  [DETECTION] Is the TR/Crypt.Xpack.260620 Trojan
C:\Documents and Settings\Administrator\桌面\2015.8.17\27.vir
  [DETECTION] Is the TR/Dropper.Gen Trojan
C:\Documents and Settings\Administrator\桌面\2015.8.17\28.vir
  [DETECTION] Contains patterns of software PUA/Linkury.iona
C:\Documents and Settings\Administrator\桌面\2015.8.17\29.vir
  [DETECTION] Is the TR/Yakes.ceky Trojan
C:\Documents and Settings\Administrator\桌面\2015.8.17\30.vir
  [DETECTION] Is the TR/Patched.Ren.Gen Trojan
C:\Documents and Settings\Administrator\桌面\2015.8.17\31.vir
  [DETECTION] Is the TR/AD.Fynloski.Y.361 Trojan
C:\Documents and Settings\Administrator\桌面\2015.8.17\32.vir
  [DETECTION] Contains patterns of software PUA/Linkury.iona
C:\Documents and Settings\Administrator\桌面\2015.8.17\33.vir
  [DETECTION] Is the TR/ATRAPS.Gen4 Trojan
C:\Documents and Settings\Administrator\桌面\2015.8.17\34.vir
  [DETECTION] Is the TR/Dropper.Gen7 Trojan
    --> C:\Documents and Settings\Administrator\桌面\2015.8.17\36.vir
        [1] Archive type: AutoIt
      --> DOCUME~1\CAOS\LOCALS~1\Temp\aut4A9.tmp
          [DETECTION] Is the TR/Autoit.321751 Trojan
          [WARNING]   Infected files in archives cannot be repaired
C:\Documents and Settings\Administrator\桌面\2015.8.17\36.vir
  [DETECTION] Is the TR/Autoit.321751 Trojan
C:\Documents and Settings\Administrator\桌面\2015.8.17\37.vir
  [DETECTION] Is the TR/Crypt.Xpack.172559 Trojan
C:\Documents and Settings\Administrator\桌面\2015.8.17\38.vir
  [DETECTION] Is the TR/Crypt.TPM.Gen Trojan
C:\Documents and Settings\Administrator\桌面\2015.8.17\40.vir
  [DETECTION] Contains patterns of software PUA/Linkury.iona
C:\Documents and Settings\Administrator\桌面\2015.8.17\42.vir
  [DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.Gen back-door program
    --> C:\Documents and Settings\Administrator\桌面\2015.8.17\37.vir
        [1] Archive type: Portable Executable Resource
      --> C:\Documents and Settings\Administrator\桌面\2015.8.17\43.vir
          [2] Archive type: RAR
        --> daram wallepaper.exe
            [DETECTION] Is the TR/Dropper.Gen7 Trojan
            [WARNING]   Infected files in archives cannot be repaired
C:\Documents and Settings\Administrator\桌面\2015.8.17\43.vir
  [DETECTION] Is the TR/Dropper.Gen7 Trojan
C:\Documents and Settings\Administrator\桌面\2015.8.17\45.vir
  [DETECTION] Is the TR/Dropper.Gen7 Trojan
C:\Documents and Settings\Administrator\桌面\2015.8.17\48.vir
  [DETECTION] Is the TR/FileCoder.A.26 Trojan

Beginning disinfection:
[ERROR] RepairMalware: Not able to Repair Malware PUA/Linkury.iona
[ERROR] RepairMalware: Not able to Repair Malware PUA/Linkury.iona
[ERROR] RepairMalware: Not able to Repair Malware PUA/Linkury.iona
[ERROR] RepairMalware: Not able to Repair Malware PUA/DomaIQ.Gen
[ERROR] RepairMalware: Not able to Repair Malware PUA/DomaIQ.Gen7
[ERROR] RepairMalware: Not able to Repair Malware PUA/Linkury.iona
C:\Documents and Settings\Administrator\桌面\2015.8.17\48.vir
  [DETECTION] Is the TR/FileCoder.A.26 Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '49eab27e.qua'!
C:\Documents and Settings\Administrator\桌面\2015.8.17\45.vir
  [DETECTION] Is the TR/Dropper.Gen7 Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '1bb5e893.qua'!
C:\Documents and Settings\Administrator\桌面\2015.8.17\43.vir
  [DETECTION] Is the TR/Dropper.Gen7 Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '7d82a753.qua'!
C:\Documents and Settings\Administrator\桌面\2015.8.17\42.vir
  [DETECTION] Contains a recognition pattern of the (harmful) BDS/Hupigon.Gen back-door program
  [NOTE]      The file was moved to the quarantine directory under the name '38068a6c.qua'!
C:\Documents and Settings\Administrator\桌面\2015.8.17\40.vir
  [DETECTION] Contains patterns of software PUA/Linkury.iona
  [NOTE]      The file was moved to the quarantine directory under the name '471db813.qua'!
C:\Documents and Settings\Administrator\桌面\2015.8.17\38.vir
  [DETECTION] Is the TR/Crypt.TPM.Gen Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '0ba59441.qua'!
C:\Documents and Settings\Administrator\桌面\2015.8.17\37.vir
  [DETECTION] Is the TR/Crypt.Xpack.172559 Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '77bdd412.qua'!
C:\Documents and Settings\Administrator\桌面\2015.8.17\36.vir
  [DETECTION] Is the TR/Autoit.321751 Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '5ae7fb5e.qua'!
C:\Documents and Settings\Administrator\桌面\2015.8.17\34.vir
  [DETECTION] Is the TR/Dropper.Gen7 Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '438fc0c2.qua'!
C:\Documents and Settings\Administrator\桌面\2015.8.17\33.vir
  [DETECTION] Is the TR/ATRAPS.Gen4 Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '2fd3ecf1.qua'!
C:\Documents and Settings\Administrator\桌面\2015.8.17\32.vir
  [DETECTION] Contains patterns of software PUA/Linkury.iona
  [NOTE]      The file was moved to the quarantine directory under the name '5e6ad564.qua'!
C:\Documents and Settings\Administrator\桌面\2015.8.17\31.vir
  [DETECTION] Is the TR/AD.Fynloski.Y.361 Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '5070e5a2.qua'!
C:\Documents and Settings\Administrator\桌面\2015.8.17\30.vir
  [DETECTION] Is the TR/Patched.Ren.Gen Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '15599cff.qua'!
C:\Documents and Settings\Administrator\桌面\2015.8.17\29.vir
  [DETECTION] Is the TR/Yakes.ceky Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '1c529843.qua'!
C:\Documents and Settings\Administrator\桌面\2015.8.17\28.vir
  [DETECTION] Contains patterns of software PUA/Linkury.iona
  [NOTE]      The file was moved to the quarantine directory under the name '4413812a.qua'!
C:\Documents and Settings\Administrator\桌面\2015.8.17\27.vir
  [DETECTION] Is the TR/Dropper.Gen Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '68e7f8e9.qua'!
C:\Documents and Settings\Administrator\桌面\2015.8.17\26.vir
  [DETECTION] Is the TR/Crypt.Xpack.260620 Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '56199832.qua'!
C:\Documents and Settings\Administrator\桌面\2015.8.17\24.vir
  [DETECTION] Is the TR/Dropper.Gen Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '3517b343.qua'!
C:\Documents and Settings\Administrator\桌面\2015.8.17\23.vir
  [DETECTION] Is the TR/Dropper.Gen7 Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '13dff359.qua'!
C:\Documents and Settings\Administrator\桌面\2015.8.17\22.vir
  [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '214b88fd.qua'!
C:\Documents and Settings\Administrator\桌面\2015.8.17\21.vir
  [DETECTION] Is the TR/Hijacker.Gen Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '2b0ea380.qua'!
C:\Documents and Settings\Administrator\桌面\2015.8.17\20.vir
  [DETECTION] Is the TR/CryptoLocker.Y Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '145dc7c4.qua'!
C:\Documents and Settings\Administrator\桌面\2015.8.17\19.vir
  [DETECTION] Is the TR/Black.Gen2 Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '6a71cbea.qua'!
C:\Documents and Settings\Administrator\桌面\2015.8.17\18.vir
  [DETECTION] Contains patterns of software PUA/DomaIQ.Gen
  [NOTE]      The file was moved to the quarantine directory under the name '3f09cf20.qua'!
C:\Documents and Settings\Administrator\桌面\2015.8.17\17.vir
  [DETECTION] Is the TR/Dropper.MSIL.185993 Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '329fbe07.qua'!
C:\Documents and Settings\Administrator\桌面\2015.8.17\16.vir
  [DETECTION] Is the TR/Mdrop.311296.19 Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '2ec2aa0f.qua'!
C:\Documents and Settings\Administrator\桌面\2015.8.17\14.vir
  [DETECTION] Is the TR/Patched.Gen Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '1f11e7c3.qua'!
C:\Documents and Settings\Administrator\桌面\2015.8.17\10.vir
  [DETECTION] Is the TR/Tinba.126976.1 Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '7347f3f1.qua'!
C:\Documents and Settings\Administrator\桌面\2015.8.17\09.vir
  [DETECTION] Is the TR/Dropper.Gen Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '3addd6fc.qua'!
C:\Documents and Settings\Administrator\桌面\2015.8.17\08.vir
  [DETECTION] Contains a recognition pattern of the (harmful) BDS/Bladabindi.dcrj back-door program
  [NOTE]      The file was moved to the quarantine directory under the name '6148de2e.qua'!
C:\Documents and Settings\Administrator\桌面\2015.8.17\07.vir
  [DETECTION] Is the TR/Dropper.Gen7 Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '07fad2c6.qua'!
C:\Documents and Settings\Administrator\桌面\2015.8.17\06.vir
  [DETECTION] Contains patterns of software PUA/DomaIQ.Gen7
  [NOTE]      The file was moved to the quarantine directory under the name '5074a061.qua'!
C:\Documents and Settings\Administrator\桌面\2015.8.17\05.vir
  [DETECTION] Is the TR/Dropper.A.6695 Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '7204f714.qua'!
C:\Documents and Settings\Administrator\桌面\2015.8.17\03.vir
  [DETECTION] Contains recognition pattern of the DR/Autoit.A.12173 dropper
  [NOTE]      The file was moved to the quarantine directory under the name '1a148d80.qua'!
C:\Documents and Settings\Administrator\桌面\2015.8.17\02.vir
  [DETECTION] Contains patterns of software PUA/Linkury.iona
  [NOTE]      The file was moved to the quarantine directory under the name '3a628905.qua'!
C:\Documents and Settings\Administrator\桌面\2015.8.17\01.vir
  [DETECTION] Is the TR/AD.Bladabindi.Y.2719 Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '6f46cfb6.qua'![/mw_shl_code]


CIS 扫描杀17
不改名：0
改exe：Viruscope完全无发挥，双击监控杀20.exe
另：15为patcher，19反虚拟机/沙盘，09的哈勃分析：http://habo.qq.com/file/showdeta ... pk=ADMGbl1vB2YIPQ==

挥泪斩情思

dr.web

ＨonEy

360云 kl 37x

神迹般存在

ＨonEy 发表于 2015-8-17 09:25
360云 kl 37x

好压不是非常的准，希望能够解压出来用360进行查杀。

卡布达

Windows Defender 杀30；飞塔 杀36

ＨonEy

神迹般存在 发表于 2015-8-17 09:28
好压不是非常的准，希望能够解压出来用360进行查杀。

现在电脑上就装1个kav查杀结果和kis相同

神迹般存在

ＨonEy 发表于 2015-8-17 09:32
现在电脑上就装1个kav查杀结果和kis相同

KAV和KIS都是一个祖宗嘛

狐狸糊涂

BD杀35（其中修复2个），余15

电脑发烧友

火绒 KILL 20