收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 精睿样本测试(15.10.23)
1234下一页
返回列表 发新帖
查看: 4659|回复: 38
收起左侧

[病毒样本] 精睿样本测试(15.10.23)

[复制链接]
833754
发表于 2015-10-23 10:28:49 | 显示全部楼层 |阅读模式
地址:

http://kuai.xunlei.com/d/zuh.AYUhankpVgQAf90

http://pan.baidu.com/s/1pJOmLAz 提取密码  hx7i


密码:bbs.vc52.cn
数量:50
回复

举报

MXCERILYF!
发表于 2015-10-23 10:29:52 | 显示全部楼层
本帖最后由 MXCERILYF! 于 2015-10-23 11:27 编辑

360 Total Security(开启全部引擎)
文件后缀为vir时:杀29

文件后缀为zip时:补杀8

共查杀37,剩余13个


本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

毛豆新人
发表于 2015-10-23 10:35:34 | 显示全部楼层
CIS 专业垫底一百年不动摇

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

skyboybone
发表于 2015-10-23 10:42:16 | 显示全部楼层

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

cxy密斯
发表于 2015-10-23 10:50:40 | 显示全部楼层
[mw_shl_code=css,true]=============================================================================
Dr.Web Scanner SE for Windows v11.0.0.09070
=============================================================================
Scanning Engine version: 11.0.0.10140
Virus Finding Engine version: 7.0.16.10090
-----------------------------------------------------------------------------
Start scanning
-----------------------------------------------------------------------------
Object(s) to scan:
- C:\Users\Shiloh\Desktop\2015.10.23

C:\Users\Shiloh\Desktop\2015.10.23\01.vir:Zone.Identifier - Ok - 20ms, 26 bytes
C:\Users\Shiloh\Desktop\2015.10.23\02.vir:Zone.Identifier - Ok - 23ms, 26 bytes
C:\Users\Shiloh\Desktop\2015.10.23\03.vir:Zone.Identifier - Ok - 8ms, 26 bytes
C:\Users\Shiloh\Desktop\2015.10.23\02.vir - Ok - 34ms, 162308 bytes
C:\Users\Shiloh\Desktop\2015.10.23\04.vir:Zone.Identifier - Ok - 9ms, 26 bytes
C:\Users\Shiloh\Desktop\2015.10.23\05.vir:Zone.Identifier - Ok - 5ms, 26 bytes
C:\Users\Shiloh\Desktop\2015.10.23\05.vir - infected with W97M.DownLoader.672
C:\Users\Shiloh\Desktop\2015.10.23\05.vir - infected - 15ms, 84996 bytes
C:\Users\Shiloh\Desktop\2015.10.23\06.vir:Zone.Identifier - Ok - 7ms, 26 bytes
C:\Users\Shiloh\Desktop\2015.10.23\07.vir - infected with W97M.DownLoader.672
C:\Users\Shiloh\Desktop\2015.10.23\07.vir - infected - 8ms, 84484 bytes
C:\Users\Shiloh\Desktop\2015.10.23\07.vir:Zone.Identifier - Ok - 4ms, 26 bytes
>C:\Users\Shiloh\Desktop\2015.10.23\08.vir is MAIL container
C:\Users\Shiloh\Desktop\2015.10.23\08.vir\1.part - Ok
C:\Users\Shiloh\Desktop\2015.10.23\08.vir\7.part - Ok
C:\Users\Shiloh\Desktop\2015.10.23\08.vir\8.part - Ok
>>C:\Users\Shiloh\Desktop\2015.10.23\08.vir\9.part is ACTIVEMIME container
C:\Users\Shiloh\Desktop\2015.10.23\08.vir\9.part\Storage0 - infected with W97M.DownLoader.673
C:\Users\Shiloh\Desktop\2015.10.23\08.vir\9.part\Storage0 - infected
C:\Users\Shiloh\Desktop\2015.10.23\08.vir\9.part - infected container
C:\Users\Shiloh\Desktop\2015.10.23\08.vir\10.part - Ok
C:\Users\Shiloh\Desktop\2015.10.23\08.vir\11.part - Ok
C:\Users\Shiloh\Desktop\2015.10.23\08.vir\12.part - Ok
C:\Users\Shiloh\Desktop\2015.10.23\08.vir\13.reexport - Ok
C:\Users\Shiloh\Desktop\2015.10.23\08.vir - infected mail
C:\Users\Shiloh\Desktop\2015.10.23\08.vir - infected mail - 106ms, 92339 bytes
C:\Users\Shiloh\Desktop\2015.10.23\08.vir:Zone.Identifier - Ok - 7ms, 26 bytes
C:\Users\Shiloh\Desktop\2015.10.23\04.vir - infected with Trojan.Upatre.8993
C:\Users\Shiloh\Desktop\2015.10.23\04.vir - infected - 41ms, 59908 bytes
C:\Users\Shiloh\Desktop\2015.10.23\09.vir:Zone.Identifier - Ok - 7ms, 26 bytes
C:\Users\Shiloh\Desktop\2015.10.23\01.vir - infected with Trojan.Dyre.673
C:\Users\Shiloh\Desktop\2015.10.23\01.vir - infected - 75ms, 539140 bytes
C:\Users\Shiloh\Desktop\2015.10.23\10.vir:Zone.Identifier - Ok - 6ms, 26 bytes
>C:\Users\Shiloh\Desktop\2015.10.23\03.vir - packed by ASPACK
>C:\Users\Shiloh\Desktop\2015.10.23\09.vir - packed by FLY-CODE
C:\Users\Shiloh\Desktop\2015.10.23\06.vir - infected with Trojan.Siggen6.32796
C:\Users\Shiloh\Desktop\2015.10.23\06.vir - infected - 281ms, 474076 bytes
C:\Users\Shiloh\Desktop\2015.10.23\11.vir:Zone.Identifier - Ok - 13ms, 26 bytes
C:\Users\Shiloh\Desktop\2015.10.23\10.vir - Ok - 50ms, 16900 bytes
C:\Users\Shiloh\Desktop\2015.10.23\12.vir:Zone.Identifier - Ok - 10ms, 26 bytes
C:\Users\Shiloh\Desktop\2015.10.23\11.vir - infected with Trojan.PWS.Siggen1.42934
C:\Users\Shiloh\Desktop\2015.10.23\11.vir - infected - 49ms, 364548 bytes
C:\Users\Shiloh\Desktop\2015.10.23\13.vir:Zone.Identifier - Ok - 13ms, 26 bytes
C:\Users\Shiloh\Desktop\2015.10.23\14.vir - Ok - 11ms, 102654 bytes
C:\Users\Shiloh\Desktop\2015.10.23\14.vir:Zone.Identifier - Ok - 6ms, 26 bytes
>C:\Users\Shiloh\Desktop\2015.10.23\15.vir is OPEN XML container
C:\Users\Shiloh\Desktop\2015.10.23\15.vir\[Content_Types].xml - Ok
C:\Users\Shiloh\Desktop\2015.10.23\15.vir\_rels\.rels - Ok
C:\Users\Shiloh\Desktop\2015.10.23\15.vir\word\_rels\document.xml.rels - Ok
C:\Users\Shiloh\Desktop\2015.10.23\15.vir\word\document.xml - Ok
C:\Users\Shiloh\Desktop\2015.10.23\15.vir\word\_rels\vbaProject.bin.rels - Ok
C:\Users\Shiloh\Desktop\2015.10.23\15.vir\word\vbaProject.bin - infected with W97M.DownLoader.678
C:\Users\Shiloh\Desktop\2015.10.23\15.vir\word\vbaProject.bin - infected
C:\Users\Shiloh\Desktop\2015.10.23\15.vir\word\theme\theme1.xml - Ok
C:\Users\Shiloh\Desktop\2015.10.23\15.vir\word\vbaData.xml - Ok
C:\Users\Shiloh\Desktop\2015.10.23\15.vir\word\settings.xml - Ok
C:\Users\Shiloh\Desktop\2015.10.23\15.vir\word\webSettings.xml - Ok
C:\Users\Shiloh\Desktop\2015.10.23\15.vir\word\styles.xml - Ok
C:\Users\Shiloh\Desktop\2015.10.23\15.vir\word\numbering.xml - Ok
C:\Users\Shiloh\Desktop\2015.10.23\15.vir\docProps\app.xml - Ok
>>C:\Users\Shiloh\Desktop\2015.10.23\09.vir - packed by FLY-CODE
C:\Users\Shiloh\Desktop\2015.10.23\15.vir\word\stylesWithEffects.xml - Ok
C:\Users\Shiloh\Desktop\2015.10.23\15.vir\word\fontTable.xml - Ok
C:\Users\Shiloh\Desktop\2015.10.23\15.vir\docProps\core.xml - Ok
C:\Users\Shiloh\Desktop\2015.10.23\15.vir - infected container
C:\Users\Shiloh\Desktop\2015.10.23\15.vir - infected container - 168ms, 20416 bytes
C:\Users\Shiloh\Desktop\2015.10.23\15.vir:Zone.Identifier - Ok - 7ms, 26 bytes
>C:\Users\Shiloh\Desktop\2015.10.23\16.vir - packed by ENCODED SCRIPT
C:\Users\Shiloh\Desktop\2015.10.23\16.vir - Ok - 83ms, 13623 bytes
C:\Users\Shiloh\Desktop\2015.10.23\16.vir:Zone.Identifier - Ok - 17ms, 26 bytes
C:\Users\Shiloh\Desktop\2015.10.23\12.vir - probably infected with DLOADER.Trojan
C:\Users\Shiloh\Desktop\2015.10.23\09.vir - Ok - 601ms, 81412 bytes
C:\Users\Shiloh\Desktop\2015.10.23\17.vir:Zone.Identifier - Ok - 6ms, 26 bytes
C:\Users\Shiloh\Desktop\2015.10.23\12.vir - infected - 162ms, 205316 bytes
C:\Users\Shiloh\Desktop\2015.10.23\18.vir:Zone.Identifier - Ok - 6ms, 26 bytes
C:\Users\Shiloh\Desktop\2015.10.23\19.vir - Ok - 12ms, 10546 bytes
C:\Users\Shiloh\Desktop\2015.10.23\19.vir:Zone.Identifier - Ok - 6ms, 26 bytes
>C:\Users\Shiloh\Desktop\2015.10.23\20.vir is ZIP archive
C:\Users\Shiloh\Desktop\2015.10.23\13.vir - Ok - 149ms, 775194 bytes
C:\Users\Shiloh\Desktop\2015.10.23\20.vir\dhl-pdf.exe - infected with Trojan.PWS.Stealer.15120
C:\Users\Shiloh\Desktop\2015.10.23\20.vir\dhl-pdf.exe - infected
C:\Users\Shiloh\Desktop\2015.10.23\20.vir - infected archive
C:\Users\Shiloh\Desktop\2015.10.23\20.vir - infected archive - 60ms, 720606 bytes
C:\Users\Shiloh\Desktop\2015.10.23\20.vir:Zone.Identifier - Ok - 7ms, 26 bytes
C:\Users\Shiloh\Desktop\2015.10.23\21.vir:Zone.Identifier - Ok - 5ms, 26 bytes
>>C:\Users\Shiloh\Desktop\2015.10.23\03.vir is AUTOIT container
>>>C:\Users\Shiloh\Desktop\2015.10.23\03.vir\Users\f1r3w4ll\AppData\Local\AutoIt v3\Aut2Exe\aut558D.tmp.tok - packed by ASCRIPT
C:\Users\Shiloh\Desktop\2015.10.23\03.vir\Users\f1r3w4ll\AppData\Local\AutoIt v3\Aut2Exe\aut558D.tmp.tok - Ok
C:\Users\Shiloh\Desktop\2015.10.23\03.vir - Ok
C:\Users\Shiloh\Desktop\2015.10.23\03.vir - container - 919ms, 395780 bytes
C:\Users\Shiloh\Desktop\2015.10.23\22.vir:Zone.Identifier - Ok - 5ms, 26 bytes
C:\Users\Shiloh\Desktop\2015.10.23\17.vir - infected with Trojan.PWS.Turist.210
C:\Users\Shiloh\Desktop\2015.10.23\17.vir - infected - 36ms, 420868 bytes
C:\Users\Shiloh\Desktop\2015.10.23\23.vir:Zone.Identifier - Ok - 5ms, 26 bytes
>C:\Users\Shiloh\Desktop\2015.10.23\24.vir is ZIP archive
C:\Users\Shiloh\Desktop\2015.10.23\24.vir\scan_07768_pdf.exe - infected with Trojan.PWS.Stealer.15120
C:\Users\Shiloh\Desktop\2015.10.23\24.vir\scan_07768_pdf.exe - infected
C:\Users\Shiloh\Desktop\2015.10.23\24.vir - infected archive
C:\Users\Shiloh\Desktop\2015.10.23\24.vir - infected archive - 64ms, 848793 bytes
C:\Users\Shiloh\Desktop\2015.10.23\18.vir - infected with Trojan.DownLoader17.21732
C:\Users\Shiloh\Desktop\2015.10.23\18.vir - infected - 64ms, 626692 bytes
C:\Users\Shiloh\Desktop\2015.10.23\24.vir:Zone.Identifier - Ok - 18ms, 26 bytes
C:\Users\Shiloh\Desktop\2015.10.23\25.vir:Zone.Identifier - Ok - 7ms, 26 bytes
C:\Users\Shiloh\Desktop\2015.10.23\21.vir - infected with Trojan.DownLoader17.21326
C:\Users\Shiloh\Desktop\2015.10.23\21.vir - infected - 37ms, 218116 bytes
C:\Users\Shiloh\Desktop\2015.10.23\26.vir:Zone.Identifier - Ok - 6ms, 26 bytes
>C:\Users\Shiloh\Desktop\2015.10.23\27.vir is ZIP archive
>>C:\Users\Shiloh\Desktop\2015.10.23\27.vir\Pedido_Anexo.exe is BINARYRES container
C:\Users\Shiloh\Desktop\2015.10.23\27.vir\Pedido_Anexo.exe\data001 - Ok
C:\Users\Shiloh\Desktop\2015.10.23\27.vir\Pedido_Anexo.exe\data002 - Ok
C:\Users\Shiloh\Desktop\2015.10.23\27.vir\Pedido_Anexo.exe - Ok
C:\Users\Shiloh\Desktop\2015.10.23\27.vir - Ok
C:\Users\Shiloh\Desktop\2015.10.23\27.vir - archive - 70ms, 5306 bytes
C:\Users\Shiloh\Desktop\2015.10.23\27.vir:Zone.Identifier - Ok - 7ms, 26 bytes
C:\Users\Shiloh\Desktop\2015.10.23\23.vir - infected with Trojan.DownLoader17.21456
C:\Users\Shiloh\Desktop\2015.10.23\23.vir - infected - 77ms, 630788 bytes
C:\Users\Shiloh\Desktop\2015.10.23\28.vir:Zone.Identifier - Ok - 6ms, 26 bytes
C:\Users\Shiloh\Desktop\2015.10.23\22.vir - infected with Trojan.Dridex.234
C:\Users\Shiloh\Desktop\2015.10.23\22.vir - infected - 135ms, 318060 bytes
C:\Users\Shiloh\Desktop\2015.10.23\29.vir:Zone.Identifier - Ok - 5ms, 26 bytes
C:\Users\Shiloh\Desktop\2015.10.23\30.vir - infected with VBS.Dropper.71
C:\Users\Shiloh\Desktop\2015.10.23\30.vir - infected - 9ms, 192004 bytes
C:\Users\Shiloh\Desktop\2015.10.23\30.vir:Zone.Identifier - Ok - 5ms, 26 bytes
C:\Users\Shiloh\Desktop\2015.10.23\25.vir - infected with Trojan.PWS.Siggen1.31970
C:\Users\Shiloh\Desktop\2015.10.23\25.vir - infected - 25ms, 506884 bytes
C:\Users\Shiloh\Desktop\2015.10.23\31.vir:Zone.Identifier - Ok - 5ms, 26 bytes
>C:\Users\Shiloh\Desktop\2015.10.23\32.vir is MAIL container
C:\Users\Shiloh\Desktop\2015.10.23\32.vir\1.part - Ok
C:\Users\Shiloh\Desktop\2015.10.23\26.vir - infected with Trojan.Inject2.6968
C:\Users\Shiloh\Desktop\2015.10.23\26.vir - infected - 39ms, 659460 bytes
C:\Users\Shiloh\Desktop\2015.10.23\32.vir:Zone.Identifier - Ok - 5ms, 26 bytes
C:\Users\Shiloh\Desktop\2015.10.23\32.vir\7.part - Ok
C:\Users\Shiloh\Desktop\2015.10.23\32.vir\8.part - Ok
>>C:\Users\Shiloh\Desktop\2015.10.23\32.vir\9.part is ACTIVEMIME container
C:\Users\Shiloh\Desktop\2015.10.23\32.vir\9.part\Storage0 - infected with W97M.DownLoader.673
C:\Users\Shiloh\Desktop\2015.10.23\32.vir\9.part\Storage0 - infected
C:\Users\Shiloh\Desktop\2015.10.23\32.vir\9.part - infected container
C:\Users\Shiloh\Desktop\2015.10.23\32.vir\10.part - Ok
C:\Users\Shiloh\Desktop\2015.10.23\32.vir\11.part - Ok
C:\Users\Shiloh\Desktop\2015.10.23\32.vir\12.part - Ok
C:\Users\Shiloh\Desktop\2015.10.23\32.vir\13.reexport - Ok
C:\Users\Shiloh\Desktop\2015.10.23\32.vir - infected mail
C:\Users\Shiloh\Desktop\2015.10.23\32.vir - infected mail - 101ms, 84515 bytes
C:\Users\Shiloh\Desktop\2015.10.23\33.vir:Zone.Identifier - Ok - 4ms, 26 bytes
C:\Users\Shiloh\Desktop\2015.10.23\28.vir - infected with Trojan.PWS.Panda.7934
C:\Users\Shiloh\Desktop\2015.10.23\28.vir - infected - 25ms, 411140 bytes
C:\Users\Shiloh\Desktop\2015.10.23\29.vir - infected with Trojan.Upatre.8960
C:\Users\Shiloh\Desktop\2015.10.23\29.vir - infected - 14ms, 48644 bytes
C:\Users\Shiloh\Desktop\2015.10.23\34.vir:Zone.Identifier - Ok - 6ms, 26 bytes
C:\Users\Shiloh\Desktop\2015.10.23\35.vir:Zone.Identifier - Ok - 4ms, 26 bytes
>C:\Users\Shiloh\Desktop\2015.10.23\35.vir is 7-ZIP archive
C:\Users\Shiloh\Desktop\2015.10.23\35.vir\Seven\CRACK -- Changelog.txt - Ok
C:\Users\Shiloh\Desktop\2015.10.23\35.vir\Seven\Autoexec\Default CMDScript (readme).txt - Ok
C:\Users\Shiloh\Desktop\2015.10.23\35.vir\Seven\READ ME.txt - Ok
C:\Users\Shiloh\Desktop\2015.10.23\35.vir\Seven\Inject.exe - Ok
C:\Users\Shiloh\Desktop\2015.10.23\31.vir - Ok - 122ms, 574284 bytes
C:\Users\Shiloh\Desktop\2015.10.23\36.vir:Zone.Identifier - Ok - 4ms, 26 bytes
>C:\Users\Shiloh\Desktop\2015.10.23\37.vir is ZIP archive
C:\Users\Shiloh\Desktop\2015.10.23\37.vir\81018773459.exe - infected with Trojan.Upatre.8866
C:\Users\Shiloh\Desktop\2015.10.23\37.vir\81018773459.exe - infected
C:\Users\Shiloh\Desktop\2015.10.23\37.vir - infected archive
C:\Users\Shiloh\Desktop\2015.10.23\37.vir - infected archive - 26ms, 20352 bytes
C:\Users\Shiloh\Desktop\2015.10.23\37.vir:Zone.Identifier - Ok - 3ms, 26 bytes
>C:\Users\Shiloh\Desktop\2015.10.23\38.vir is SWF container
>>C:\Users\Shiloh\Desktop\2015.10.23\38.vir\Data is SWF container
C:\Users\Shiloh\Desktop\2015.10.23\35.vir\Seven\Seven.dll - Ok
C:\Users\Shiloh\Desktop\2015.10.23\35.vir - Ok
C:\Users\Shiloh\Desktop\2015.10.23\35.vir - archive - 196ms, 76072 bytes
C:\Users\Shiloh\Desktop\2015.10.23\38.vir\Data\Code[7371] - Ok
C:\Users\Shiloh\Desktop\2015.10.23\38.vir\Data - Ok
C:\Users\Shiloh\Desktop\2015.10.23\38.vir - Ok
C:\Users\Shiloh\Desktop\2015.10.23\38.vir - container - 26ms, 5596 bytes
C:\Users\Shiloh\Desktop\2015.10.23\38.vir:Zone.Identifier - Ok - 7ms, 26 bytes
C:\Users\Shiloh\Desktop\2015.10.23\39.vir:Zone.Identifier - Ok - 6ms, 26 bytes
C:\Users\Shiloh\Desktop\2015.10.23\33.vir - infected with Trojan.Upatre.8927
C:\Users\Shiloh\Desktop\2015.10.23\33.vir - infected - 33ms, 35332 bytes
C:\Users\Shiloh\Desktop\2015.10.23\40.vir:Zone.Identifier - Ok - 5ms, 26 bytes
C:\Users\Shiloh\Desktop\2015.10.23\39.vir - Ok - 39ms, 65540 bytes
C:\Users\Shiloh\Desktop\2015.10.23\41.vir:Zone.Identifier - Ok - 5ms, 26 bytes
C:\Users\Shiloh\Desktop\2015.10.23\36.vir - Ok - 54ms, 40964 bytes
C:\Users\Shiloh\Desktop\2015.10.23\42.vir:Zone.Identifier - Ok - 7ms, 26 bytes
>C:\Users\Shiloh\Desktop\2015.10.23\34.vir - packed by FLY-CODE
C:\Users\Shiloh\Desktop\2015.10.23\40.vir - infected with Trojan.Upatre.8927
C:\Users\Shiloh\Desktop\2015.10.23\40.vir - infected - 22ms, 35332 bytes
C:\Users\Shiloh\Desktop\2015.10.23\43.vir:Zone.Identifier - Ok - 6ms, 26 bytes
C:\Users\Shiloh\Desktop\2015.10.23\44.vir - infected with Linux.Ramen.36
C:\Users\Shiloh\Desktop\2015.10.23\44.vir - infected - 7ms, 370 bytes
C:\Users\Shiloh\Desktop\2015.10.23\44.vir:Zone.Identifier - Ok - 6ms, 26 bytes
>C:\Users\Shiloh\Desktop\2015.10.23\45.vir is ZIP archive
C:\Users\Shiloh\Desktop\2015.10.23\41.vir - infected with Trojan.Upatre.9000
C:\Users\Shiloh\Desktop\2015.10.23\41.vir - infected - 53ms, 86020 bytes
C:\Users\Shiloh\Desktop\2015.10.23\45.vir:Zone.Identifier - Ok - 8ms, 26 bytes
C:\Users\Shiloh\Desktop\2015.10.23\42.vir - infected with Trojan.Upatre.8925
C:\Users\Shiloh\Desktop\2015.10.23\42.vir - infected - 42ms, 59396 bytes
C:\Users\Shiloh\Desktop\2015.10.23\45.vir\42070726277.exe - infected with Trojan.Upatre.8993
C:\Users\Shiloh\Desktop\2015.10.23\45.vir\42070726277.exe - infected
C:\Users\Shiloh\Desktop\2015.10.23\45.vir - infected archive
C:\Users\Shiloh\Desktop\2015.10.23\45.vir - infected archive - 49ms, 33780 bytes
C:\Users\Shiloh\Desktop\2015.10.23\46.vir:Zone.Identifier - Ok - 7ms, 26 bytes
>C:\Users\Shiloh\Desktop\2015.10.23\47.vir is ZIP archive
C:\Users\Shiloh\Desktop\2015.10.23\47.vir:Zone.Identifier - Ok - 7ms, 26 bytes
>C:\Users\Shiloh\Desktop\2015.10.23\43.vir is BINARYRES container
C:\Users\Shiloh\Desktop\2015.10.23\43.vir\data001 - Ok
C:\Users\Shiloh\Desktop\2015.10.23\43.vir\data002 - Ok
C:\Users\Shiloh\Desktop\2015.10.23\43.vir - Ok
C:\Users\Shiloh\Desktop\2015.10.23\43.vir - container - 43ms, 28164 bytes
C:\Users\Shiloh\Desktop\2015.10.23\48.vir:Zone.Identifier - Ok - 6ms, 26 bytes
>C:\Users\Shiloh\Desktop\2015.10.23\49.vir is ZIP archive
C:\Users\Shiloh\Desktop\2015.10.23\49.vir\crypt2204_crypted.exe - infected with Trojan.PWS.Tinba.374
C:\Users\Shiloh\Desktop\2015.10.23\49.vir\crypt2204_crypted.exe - infected
C:\Users\Shiloh\Desktop\2015.10.23\49.vir - infected archive
C:\Users\Shiloh\Desktop\2015.10.23\49.vir - infected archive - 35ms, 203033 bytes
C:\Users\Shiloh\Desktop\2015.10.23\49.vir:Zone.Identifier - Ok - 6ms, 26 bytes
C:\Users\Shiloh\Desktop\2015.10.23\47.vir\DOCUMENTS.exe - infected with Trojan.PWS.Stealer.16184
C:\Users\Shiloh\Desktop\2015.10.23\47.vir\DOCUMENTS.exe - infected
C:\Users\Shiloh\Desktop\2015.10.23\47.vir - infected archive
C:\Users\Shiloh\Desktop\2015.10.23\47.vir - infected archive - 188ms, 833549 bytes
C:\Users\Shiloh\Desktop\2015.10.23\50.vir:Zone.Identifier - Ok - 5ms, 26 bytes
C:\Users\Shiloh\Desktop\2015.10.23\46.vir - Ok - 27ms, 10756 bytes
C:\Users\Shiloh\Desktop\2015.10.23\48.vir - infected with Trojan.Upatre.8823
C:\Users\Shiloh\Desktop\2015.10.23\48.vir - infected - 18ms, 32772 bytes
C:\Users\Shiloh\Desktop\2015.10.23\50.vir - infected with Trojan.Upatre.8866
C:\Users\Shiloh\Desktop\2015.10.23\50.vir - infected - 23ms, 32260 bytes
C:\Users\Shiloh\Desktop\2015.10.23\34.vir - Ok - 5929ms, 535556 bytes
-----------------------------------------------------------------------------
Start curing
-----------------------------------------------------------------------------
C:\Users\Shiloh\Desktop\2015.10.23\05.vir - quarantined - 1590 ms
C:\Users\Shiloh\Desktop\2015.10.23\07.vir - quarantined - 44 ms
C:\Users\Shiloh\Desktop\2015.10.23\08.vir - quarantined - 36 ms
C:\Users\Shiloh\Desktop\2015.10.23\04.vir - quarantined - 50 ms
C:\Users\Shiloh\Desktop\2015.10.23\01.vir - quarantined - 80 ms
C:\Users\Shiloh\Desktop\2015.10.23\06.vir - quarantined - 186 ms
C:\Users\Shiloh\Desktop\2015.10.23\11.vir - quarantined - 62 ms
C:\Users\Shiloh\Desktop\2015.10.23\15.vir - quarantined - 34 ms
C:\Users\Shiloh\Desktop\2015.10.23\12.vir - quarantined - 38 ms
C:\Users\Shiloh\Desktop\2015.10.23\20.vir - quarantined - 50 ms
C:\Users\Shiloh\Desktop\2015.10.23\17.vir - quarantined - 57 ms
C:\Users\Shiloh\Desktop\2015.10.23\24.vir - quarantined - 54 ms
C:\Users\Shiloh\Desktop\2015.10.23\18.vir - quarantined - 92 ms
C:\Users\Shiloh\Desktop\2015.10.23\21.vir - quarantined - 59 ms
C:\Users\Shiloh\Desktop\2015.10.23\23.vir - quarantined - 88 ms
C:\Users\Shiloh\Desktop\2015.10.23\22.vir - quarantined - 113 ms
C:\Users\Shiloh\Desktop\2015.10.23\30.vir - quarantined - 45 ms
C:\Users\Shiloh\Desktop\2015.10.23\25.vir - quarantined - 68 ms
C:\Users\Shiloh\Desktop\2015.10.23\26.vir - quarantined - 76 ms
C:\Users\Shiloh\Desktop\2015.10.23\32.vir - quarantined - 36 ms
C:\Users\Shiloh\Desktop\2015.10.23\28.vir - quarantined - 63 ms
C:\Users\Shiloh\Desktop\2015.10.23\29.vir - quarantined - 88 ms
C:\Users\Shiloh\Desktop\2015.10.23\37.vir - quarantined - 34 ms
C:\Users\Shiloh\Desktop\2015.10.23\33.vir - quarantined - 47 ms
C:\Users\Shiloh\Desktop\2015.10.23\40.vir - quarantined - 50 ms
C:\Users\Shiloh\Desktop\2015.10.23\44.vir - quarantined - 39 ms
C:\Users\Shiloh\Desktop\2015.10.23\41.vir - quarantined - 61 ms
C:\Users\Shiloh\Desktop\2015.10.23\42.vir - quarantined - 59 ms
C:\Users\Shiloh\Desktop\2015.10.23\45.vir - quarantined - 34 ms
C:\Users\Shiloh\Desktop\2015.10.23\49.vir - quarantined - 40 ms
C:\Users\Shiloh\Desktop\2015.10.23\47.vir - quarantined - 51 ms
C:\Users\Shiloh\Desktop\2015.10.23\48.vir - quarantined - 48 ms
C:\Users\Shiloh\Desktop\2015.10.23\50.vir - quarantined - 87 ms

Total 11885944 bytes in 100 files scanned (153 objects, 6 containers)
Total 67 files (109 objects) are clean
Total 32 files are infected
Total 1 file are suspicious
Total 33 files are neutralized
Scan time is 00:00:08.15[/mw_shl_code]
回复

举报

胖福
发表于 2015-10-23 10:53:34 | 显示全部楼层
本帖最后由 胖福 于 2015-10-23 11:19 编辑

诺顿扫描剩余20!

双击SONAR杀了7个:


剩余文件中19、22、35过诺顿:

19是个脚本,双击后出发IPS


22诺顿智能分析检测到修改系统:
文件名: 22.EXE
完整路径: F:\Norton样本\临时收集\2015.10.23\22.EXE
____________________________
____________________________

开发人员?
Favorite-III

版本?
0.197.221.66

已识别?
2015-10-23 ( 11:00:37 )

上次使用时间?
2015-10-23 ( 11:01:02 )

启动项?

____________________________

极少用户信任的文件
诺顿社区中有 不到 5 名用户使用了此文件。

极新的文件
该文件已在 不到 1 周 前发行。


有一些迹象表明此文件不可信。
____________________________

源文件:
22.exe
____________________________

性能
____________________________

平均资源使用率: 低
平均 CPU 使用率: 低
平均内存使用率: 低
____________________________

性能警报

进程 ID
1300

CPU
正常

内存
正常

句柄计数
正常

磁盘读取活动
正常

磁盘写入活动
正常
____________________________

系统更改

EnableFileTracing
EnableConsoleTracing
FileTracingMask
ConsoleTracingMask
MaxFileSize
FileDirectory
\REGISTRY\MACHINE\Software\Microsoft\Tracing\22_RASMANCS
EnableFileTracing
EnableConsoleTracing
FileTracingMask
ConsoleTracingMask
MaxFileSize
ProxyEnable
SavedLegacySettings
FileDirectory
____________________________

文件指纹 - SHA:
931beda8d64a402db3292919aabe98d13af1c4fe650b839c5eee822d24133c1b
文件指纹 - MD5:
5043a5f29645c4b97e914fcade73ab0d

35号,按任意键后自动退出:



49运行后自动退出:




其余文件格式未知!

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

wjy19800315
发表于 2015-10-23 10:56:04 | 显示全部楼层
毛豆新人 发表于 2015-10-23 10:35
CIS 专业垫底一百年不动摇

那是因为熊猫没有来测??
回复

举报

毛豆新人
发表于 2015-10-23 11:01:33 | 显示全部楼层
wjy19800315 发表于 2015-10-23 10:56
那是因为熊猫没有来测??


今天这个情况,就算熊猫来,也抢不走这个头衔。3个,神也救不了毛豆
回复

举报

EnZhSTReLniKoVa
发表于 2015-10-23 11:10:17 | 显示全部楼层
反恶意软件客户端版本: 4.8.10240.16384
引擎版本: 1.1.12205.0
防病毒定义: 1.209.194.0
反间谍软件定义: 1.209.194.0
网络检查系统引擎版本: 2.1.11804.0
网络检查系统定义版本: 115.25.0.0

解压结果:01 02 03 04 05 06 07 11 12 13 15 17 19 21 22 25 26 28 29 30 33 34 40 41 42 44 48 50

扫描结果:18 20 23 24 37 45 47

修复文件:15 20 24 37 45

文件剩余20个   含修复文件 5个 剩余15个文件



病毒定义图如下:





本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

EnZhSTReLniKoVa
发表于 2015-10-23 11:14:03 | 显示全部楼层
wjy19800315 发表于 2015-10-23 10:56
那是因为熊猫没有来测??

熊猫可能比CIS 好点点
回复

举报

下一页 »
1234下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-5-21 05:58 , Processed in 0.133177 second(s), 18 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表