精睿样本测试（15.12.16）

显示全部楼层 · 发表于 2015-12-16 13:03:43

刚刚把这三天的精睿样本发到BD样本工程师那里去，重新登录时发现outlook要搭梯子才能发，连个登录都要挂代{过}{滤}理

显示全部楼层 · 发表于 2015-12-16 13:46:08

T.Yoshiyuki 发表于 2015-12-16 11:15
WD 今日凌晨的库

杀34x 其中修复10x

苯扎以为WD还行啊今天。比大BD少一枚。。

显示全部楼层 · 发表于 2015-12-16 15:19:09

本帖最后由 T.Yoshiyuki 于 2015-12-16 15:20 编辑

ELOHIM 发表于 2015-12-16 13:46
苯扎以为WD还行啊今天。比大BD少一枚。。

是挺好的不过龙大那个PUA的注册表我导入了以后重启、更新毒库好几次都无法激活，不知道为什么……

自从铁了心用win10 杀软一直选不好后来想想还是WD加人脑吧……这样即使以后再升级系统兼容性问题也少点

显示全部楼层 · 发表于 2015-12-16 15:26:51

本帖最后由欧阳宣于 2015-12-16 15:30 编辑

norton
检测28，修复5个。
[mw_shl_code=css,true]Resolved Threats:
Infostealer.Limitail
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
Status: Fully Resolved
-----------
1 File
d:\virus\2015.12.16\04.vir - Deleted

Trojan.Nancrat
Type: Compressed
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
Status: Fully Resolved
-----------
1 File
- Deleted

Infostealer.Limitail
Type: Compressed
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
Status: Fully Resolved
-----------
1 File
- Deleted

Trojan Horse
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
Status: Fully Resolved
-----------
1 File
d:\virus\2015.12.16\30.vir - Deleted

Backdoor.Trojan
Type: Compressed
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
Status: Fully Resolved
-----------
1 File
- Deleted

Infostealer.Limitail
Type: Compressed
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
Status: Fully Resolved
-----------
1 File
- Deleted

Backdoor.Trojan
Type: Compressed
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
Status: Fully Resolved
-----------
1 File
- Deleted

W97M.Downloader
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
Status: Fully Resolved
-----------
4 Files
d:\virus\2015.12.16\03.vir - Deleted
d:\virus\2015.12.16\17.vir - Deleted
d:\virus\2015.12.16\41.vir - Deleted
d:\virus\2015.12.16\45.vir - Deleted
1 Browser Cache

Downloader
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
Status: Fully Resolved
-----------
1 File
d:\virus\2015.12.16\21.vir - Deleted
1 Browser Cache

Trojan.Gen
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
Status: Fully Resolved
-----------
5 Files
d:\virus\2015.12.16\02.vir - Deleted
d:\virus\2015.12.16\32.vir - Deleted
d:\virus\2015.12.16\23.vir - Deleted
d:\virus\2015.12.16\35.vir - Deleted
d:\virus\2015.12.16\43.vir - Deleted
1 Browser Cache

Backdoor.Trojan
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
Status: Fully Resolved
-----------
3 Registry Entries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\->EnableLUA:1 - Repaired
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile->DoNotAllowExceptions:1 - Repaired
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile->DoNotAllowExceptions:1 - Repaired
2 Files
d:\virus\2015.12.16\16.vir - Deleted
d:\virus\2015.12.16\06.vir - Deleted
1 Browser Cache

SAPE.Heur.A69F7
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Heuristic Virus
Status: Fully Resolved
-----------
1 File
d:\virus\2015.12.16\10.vir - Deleted
1 Browser Cache

Hacktool
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
Status: Fully Resolved
-----------
1 File
d:\virus\2015.12.16\12.vir - Deleted
1 Browser Cache

Meterpreter
Type: Anomaly
Risk: Medium (Medium Stealth, Medium Removal, Medium Performance, Medium Privacy)
Categories: Security Risk
Status: Fully Resolved
-----------
1 File
d:\virus\2015.12.16\25.vir - Deleted
1 Browser Cache

Android.Tonclank
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
Status: Fully Resolved
-----------
1 File
d:\virus\2015.12.16\27.vir - Deleted
1 Browser Cache

Downloader.Upatre
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
Status: Restart Required
-----------
24 Registry Entries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\->FirewallDisableNotify:0 - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\->FirewallDisableNotify:0 - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\->AntiVirusOverride:0 - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\->AntiVirusOverride:0 - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\->FirewallOverride:0 - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\->FirewallOverride:0 - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\->FirstRunDisabled:0 - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\->FirstRunDisabled:0 - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc->AntiVirusDisableNotify:0 - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc->AntiVirusDisableNotify:0 - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc->FirewallDisableNotify:0 - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc->FirewallDisableNotify:0 - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc->AntiVirusOverride:0 - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc->AntiVirusOverride:0 - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc->FirewallOverride:0 - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc->FirewallOverride:0 - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc->FirstRunDisabled:0 - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc->FirstRunDisabled:0 - Repaired
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile->DoNotAllowExceptions:1 - Repaired
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile->DoNotAllowExceptions:1 - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\->AntiVirusDisableNotify:0 - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\->AntiVirusDisableNotify:0 - Repaired
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile->DoNotAllowExceptions:1 - Repaired
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile->DoNotAllowExceptions:1 - Repaired
18 Files
c:\users\jeff6\appdata\local\temp\1f23.tmp - Deleted
c:\users\jeff6\appdata\local\temp\jet1698.tmp - Restart Required
c:\users\jeff6\appdata\local\temp\jet65c.tmp - Deleted
c:\users\jeff6\appdata\local\temp\ovs3116.tmp - Deleted
c:\users\jeff6\appdata\local\temp\wct1b14.tmp - Deleted
c:\users\jeff6\appdata\local\temp\wct2e27.tmp - Restart Required
c:\users\jeff6\appdata\local\temp\wct4497.tmp - Deleted
c:\users\jeff6\appdata\local\temp\wct72d2.tmp - Deleted
c:\users\jeff6\appdata\local\temp\wctd079.tmp - Deleted
c:\users\jeff6\appdata\local\temp\wctd3b6.tmp - Deleted
c:\users\jeff6\appdata\local\temp\wcte50b.tmp - Deleted
c:\users\jeff6\appdata\local\temp\~df3ea0fe42cbdae021.tmp - Deleted
c:\users\jeff6\appdata\local\temp\~df5cae551c7b47a6c5.tmp - Deleted
c:\users\jeff6\appdata\local\temp\~dfcd0aef04acc8eec0.tmp - Deleted
c:\users\jeff6\appdata\local\temp\~dfd8d75cb409b497f1.tmp - Deleted
c:\users\jeff6\appdata\local\temp\~dfe109f95117cbe9e1.tmp - Deleted
c:\users\jeff6\appdata\local\temp\~dfea27ee430f1a7611.tmp - Deleted
d:\virus\2015.12.16\22.vir - Deleted
1 Browser Cache

Trojan.Gen.2
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
Status: Fully Resolved
-----------
1 File
d:\virus\2015.12.16\29.vir - Deleted
1 Browser Cache

SAPE.Heur.BA757
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Heuristic Virus
Status: Fully Resolved
-----------
1 File
d:\virus\2015.12.16\31.vir - Deleted
1 Browser Cache

SAPE.Heur.83341
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Heuristic Virus
Status: Fully Resolved
-----------
1 File
d:\virus\2015.12.16\34.vir - Deleted
1 Browser Cache

Suspicious.Cloud.9.A
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Heuristic Virus
Status: Fully Resolved
-----------
1 File
d:\virus\2015.12.16\47.vir - Deleted
1 Browser Cache[/mw_shl_code]

显示全部楼层 · 发表于 2015-12-16 18:23:45

mcafee检测28，修复3个。
[mw_shl_code=css,true]12/16/2015 5:22:02 AM "D:\Virus\2015.12.16\12.vir" "HTool-Loic" "3"

12/16/2015 5:22:03 AM "D:\Virus\2015.12.16\28.vir" "JS/Nemucod.ag" "2"

12/16/2015 5:22:03 AM "D:\Virus\2015.12.16\37.vir" "JS/Nemucod.ag" "2"

12/16/2015 5:22:04 AM "D:\Virus\2015.12.16\16.vir" "Trojan-FHOL!9989D843A684" "2"

12/16/2015 5:22:04 AM "D:\Virus\2015.12.16\01.vir" "Artemis!B49336F08366" "2"

12/16/2015 5:22:04 AM "D:\Virus\2015.12.16\11.vir" "Artemis!3F6A0BCDEF19" "2"

12/16/2015 5:22:04 AM "D:\Virus\2015.12.16\13.vir" "Artemis!831D543FC066" "2"

12/16/2015 5:22:04 AM "D:\Virus\2015.12.16\22.vir" "Trojan-FHOH!6A613B5364BA" "2"

12/16/2015 5:22:05 AM "D:\Virus\2015.12.16\08.vir" "Artemis!8BE3721C52D5" "2"

12/16/2015 5:22:05 AM "D:\Virus\2015.12.16\21.vir" "Artemis!CFEC1E4765C9" "2"

12/16/2015 5:22:05 AM "D:\Virus\2015.12.16\39.vir" "Drixed-FCO!D4B9297DED9A" "2"

12/16/2015 5:22:05 AM "D:\Virus\2015.12.16\23.vir" "Artemis!446613575BDA" "2"

12/16/2015 5:22:05 AM "D:\Virus\2015.12.16\32.vir" "Artemis!F07D06BAA5B9" "2"

12/16/2015 5:22:05 AM "D:\Virus\2015.12.16\31.vir" "Artemis!F32254ECDA39" "2"

12/16/2015 5:22:05 AM "D:\Virus\2015.12.16\29.vir" "Artemis!C21C08C52D4D" "2"

12/16/2015 5:22:14 AM "D:\Virus\2015.12.16\36.vir" "Adwind!jar" "2"

12/16/2015 5:22:15 AM "D:\Virus\2015.12.16\38.vir" "Artemis!92F3D3563D15" "3"

12/16/2015 5:22:15 AM "D:\Virus\2015.12.16\40.vir" "JS/Nemucod.ah" "2"

12/16/2015 5:22:15 AM "D:\Virus\2015.12.16\10.vir" "RapSFX packed app" "2"

12/16/2015 5:22:15 AM "D:\Virus\2015.12.16\41.vir" "W97M/Downloader.ast" "2"

12/16/2015 5:22:15 AM "D:\Virus\2015.12.16\44.vir" "JS/Nemucod.ah" "2"

12/16/2015 5:22:15 AM "D:\Virus\2015.12.16\45.vir" "W97M/Downloader.ast" "2"

12/16/2015 5:22:15 AM "D:\Virus\2015.12.16\03.vir" "W97M/Downloader.ast" "2"

12/16/2015 5:22:15 AM "D:\Virus\2015.12.16\42.vir" "Generic.xo" "2"

12/16/2015 5:22:16 AM "D:\Virus\2015.12.16\27.vir" "Artemis!A7A6143D6B68" "2"

12/16/2015 5:22:16 AM "D:\Virus\2015.12.16\18.vir" "Artemis!EAB58B4E035D" "2"

12/16/2015 5:22:21 AM "D:\Virus\2015.12.16\04.vir" "Artemis!CD358B472233" "2"

12/16/2015 5:22:21 AM "D:\Virus\2015.12.16\30.vir" "Artemis!FBD899DDB83A" "2"[/mw_shl_code]

显示全部楼层 · 发表于 2015-12-16 19:49:07

2501238377 发表于 2015-12-16 13:03
刚刚把这三天的精睿样本发到BD样本工程师那里去，重新登录时发现outlook要搭梯子才能发，连个登录都要挂代{ ...

互联网+

显示全部楼层 · 发表于 2015-12-16 21:00:56

本帖最后由 kxmp 于 2015-12-16 21:09 编辑

mcafee启发3个
49-9=40

2015/12/16 20:54:45 引擎版本                                  = 5700.7163
2015/12/16 20:54:45 防病毒 DAT 版本                            = 8016.0
2015/12/16 20:54:45 EXTRA.DAT 中的检测项特征码数                   = 无
2015/12/16 20:54:45 EXTRA.DAT 中的检测项特征码名称                   = 无
2015/12/16 20:54:45 扫描已启动 KxMP-PC\KxMP 按需扫描
2015/12/16 20:54:48 1023 KxMP ODS[12320] F:\sp\2015\201512\2015.12.16\03.vir\00000f36.EML\00000032.OLE\_VBA_PROJECT W97M/Downloader.ast (特洛伊) 79cd831c74076457e233dc1f0f716314 (MD5)
2015/12/16 20:54:55 1023 KxMP ODS[12320] F:\sp\2015\201512\2015.12.16\01.vir Artemis!B49336F08366 (特洛伊) b49336f08366552ade311a441b25a71a (MD5)
2015/12/16 20:54:55 1023 KxMP ODS[12320] F:\sp\2015\201512\2015.12.16\04.vir\Scanned Copy A.exe RDN/Trojan-FHFA (特洛伊) d970e432032af7d962f3fd9de59bcd0f (MD5)
2015/12/16 20:54:57 1023 KxMP ODS[12320] F:\sp\2015\201512\2015.12.16\07.vir Artemis!86ECE1AD05F8 (特洛伊) 86ece1ad05f808694466baec19667f6f (MD5)
2015/12/16 20:54:57 1023 KxMP ODS[12320] F:\sp\2015\201512\2015.12.16\06.vir Artemis!225F1D5ACF41 (特洛伊) 225f1d5acf417173d7c99ffada34c135 (MD5)
2015/12/16 20:54:58 1023 KxMP ODS[12320] F:\sp\2015\201512\2015.12.16\09.vir Artemis!A1B202D96587 (特洛伊) a1b202d965871ceedf75331a91163893 (MD5)
2015/12/16 20:54:58 1023 KxMP ODS[12320] F:\sp\2015\201512\2015.12.16\08.vir Artemis!8BE3721C52D5 (特洛伊) 8be3721c52d51dbce8b657c3df03e9cf (MD5)
2015/12/16 20:54:58 1023 KxMP ODS[12320] F:\sp\2015\201512\2015.12.16\10.vir RapSFX packed app (特洛伊) e69938f25c5a03d1c23dc6bfc9d4288f (MD5)
2015/12/16 20:54:59 1023 KxMP ODS[12320] F:\sp\2015\201512\2015.12.16\12.vir HTool-Loic (可能有害的程序) c95a325748bc03bd667400516a11577d (MD5)
2015/12/16 20:55:01 1023 KxMP ODS[12320] F:\sp\2015\201512\2015.12.16\11.vir Artemis!3F6A0BCDEF19 (特洛伊) 3f6a0bcdef19051018d7af53b9f990e7 (MD5)
2015/12/16 20:55:01 1023 KxMP ODS[12320] F:\sp\2015\201512\2015.12.16\13.vir Artemis!831D543FC066 (特洛伊) 831d543fc066606a45261da2b82a88e6 (MD5)
2015/12/16 20:55:03 1023 KxMP ODS[12320] F:\sp\2015\201512\2015.12.16\16.vir Trojan-FHOL!9989D843A684 (特洛伊) 9989d843a684ce1e1392819679705988 (MD5)
2015/12/16 20:55:03 1023 KxMP ODS[12320] F:\sp\2015\201512\2015.12.16\15.vir Artemis!3B2AFB82711B (特洛伊) 3b2afb82711bd9cd11935927f98fd891 (MD5)
2015/12/16 20:55:03 1023 KxMP ODS[12320] F:\sp\2015\201512\2015.12.16\18.vir\NEW ORDER-2319A80.exe RDN/Trojan-FHFA (特洛伊) b545c8ad2798e729af5f31b38ce8b43c (MD5)
2015/12/16 20:55:04 1023 KxMP ODS[12320] F:\sp\2015\201512\2015.12.16\20.vir\NewOrder#20151015.scr RDN/Generic PWS.y (特洛伊) d0455ec50b7ab6dd7f5ea029ffa29b72 (MD5)
2015/12/16 20:55:05 1023 KxMP ODS[12320] F:\sp\2015\201512\2015.12.16\19.vir Artemis!7DDA154319DD (特洛伊) 7dda154319dd0d8ce5b046b192f4ef63 (MD5)
2015/12/16 20:55:05 1023 KxMP ODS[12320] F:\sp\2015\201512\2015.12.16\21.vir Artemis!CFEC1E4765C9 (特洛伊) cfec1e4765c9167ff3a4b1496b0de031 (MD5)
2015/12/16 20:55:06 1023 KxMP ODS[12320] F:\sp\2015\201512\2015.12.16\22.vir Trojan-FHOH!6A613B5364BA (特洛伊) 6a613b5364ba9e96faafcdf7c77163d8 (MD5)
2015/12/16 20:55:08 1023 KxMP ODS[12320] F:\sp\2015\201512\2015.12.16\23.vir Artemis!446613575BDA (特洛伊) 446613575bda3f5f021c85e452a8dea4 (MD5)
2015/12/16 20:55:08 1023 KxMP ODS[12320] F:\sp\2015\201512\2015.12.16\28.vir JS/Nemucod.ag (特洛伊) e8ccc523a1961831fb3fc3e577163bf8 (MD5)
2015/12/16 20:55:09 1023 KxMP ODS[12320] F:\sp\2015\201512\2015.12.16\27.vir\classes.dex Artemis!A7A6143D6B68 (特洛伊) 76f0820845f6c2024ba3afaa26a8bacf (MD5)
2015/12/16 20:55:10 1023 KxMP ODS[12320] F:\sp\2015\201512\2015.12.16\29.vir Artemis!C21C08C52D4D (特洛伊) c21c08c52d4d1088076a2cc269576830 (MD5)
2015/12/16 20:55:12 1023 KxMP ODS[12320] F:\sp\2015\201512\2015.12.16\31.vir Artemis!F32254ECDA39 (特洛伊) f32254ecda394ed4c47b0f1f18c4101f (MD5)
2015/12/16 20:55:13 1023 KxMP ODS[12320] F:\sp\2015\201512\2015.12.16\30.vir\Boleto_PDF.exe Artemis!FBD899DDB83A (特洛伊) 5820d9802dd4ca1cf2ea1e1dde4c82d7 (MD5)
2015/12/16 20:55:15 1023 KxMP ODS[12320] F:\sp\2015\201512\2015.12.16\32.vir Artemis!F07D06BAA5B9 (特洛伊) f07d06baa5b96d812e65b84c9ce53941 (MD5)
2015/12/16 20:55:15 1023 KxMP ODS[12320] F:\sp\2015\201512\2015.12.16\33.vir Artemis!564C0D38A30A (特洛伊) 564c0d38a30ac273a74cd737445878d5 (MD5)
2015/12/16 20:55:16 1023 KxMP ODS[12320] F:\sp\2015\201512\2015.12.16\35.vir Artemis!1DE0CE0EBE7D (特洛伊) 1de0ce0ebe7dfad5825f44368f522689 (MD5)
2015/12/16 20:55:17 1023 KxMP ODS[12320] F:\sp\2015\201512\2015.12.16\36.vir\_prn.class Adwind!jar (特洛伊) e3910e5688aaef7055e2bbef51bce943 (MD5)
2015/12/16 20:55:17 1023 KxMP ODS[12320] F:\sp\2015\201512\2015.12.16\36.vir\_aux.class Adwind!jar (特洛伊) e3910e5688aaef7055e2bbef51bce943 (MD5)
2015/12/16 20:55:17 1023 KxMP ODS[12320] F:\sp\2015\201512\2015.12.16\36.vir\Start.class Adwind!jar (特洛伊) e3910e5688aaef7055e2bbef51bce943 (MD5)
2015/12/16 20:55:17 1023 KxMP ODS[12320] F:\sp\2015\201512\2015.12.16\36.vir\_auX.class Adwind!jar (特洛伊) e3910e5688aaef7055e2bbef51bce943 (MD5)
2015/12/16 20:55:17 1023 KxMP ODS[12320] F:\sp\2015\201512\2015.12.16\36.vir\_coN.class Adwind!jar (特洛伊) e3910e5688aaef7055e2bbef51bce943 (MD5)
2015/12/16 20:55:17 1023 KxMP ODS[12320] F:\sp\2015\201512\2015.12.16\36.vir\_Con.class Adwind!jar (特洛伊) e3910e5688aaef7055e2bbef51bce943 (MD5)
2015/12/16 20:55:18 1023 KxMP ODS[12320] F:\sp\2015\201512\2015.12.16\36.vir\_Nul.class Adwind!jar (特洛伊) e3910e5688aaef7055e2bbef51bce943 (MD5)
2015/12/16 20:55:18 1023 KxMP ODS[12320] F:\sp\2015\201512\2015.12.16\34.vir Artemis!F19810D29BE3 (特洛伊) f19810d29be300bd1a6efe07aeeab760 (MD5)
2015/12/16 20:55:18 1023 KxMP ODS[12320] F:\sp\2015\201512\2015.12.16\36.vir\_AUX.class Adwind!jar (特洛伊) e3910e5688aaef7055e2bbef51bce943 (MD5)
2015/12/16 20:55:18 1023 KxMP ODS[12320] F:\sp\2015\201512\2015.12.16\37.vir JS/Nemucod.ag (特洛伊) b483bb18658fe3895a226caff51196fe (MD5)
2015/12/16 20:55:18 1023 KxMP ODS[12320] F:\sp\2015\201512\2015.12.16\36.vir\_NUL.class Adwind!jar (特洛伊) e3910e5688aaef7055e2bbef51bce943 (MD5)
2015/12/16 20:55:18 1023 KxMP ODS[12320] F:\sp\2015\201512\2015.12.16\36.vir\_CON.class Adwind!jar (特洛伊) e3910e5688aaef7055e2bbef51bce943 (MD5)
2015/12/16 20:55:19 1023 KxMP ODS[12320] F:\sp\2015\201512\2015.12.16\39.vir Drixed-FCO!D4B9297DED9A (特洛伊) d4b9297ded9af2c922d72761b3c06fe1 (MD5)
2015/12/16 20:55:20 1023 KxMP ODS[12320] F:\sp\2015\201512\2015.12.16\40.vir JS/Nemucod.ah (特洛伊) 8cd835731ea7fe54d0bb6639cbf2190c (MD5)
2015/12/16 20:55:20 1023 KxMP ODS[12320] F:\sp\2015\201512\2015.12.16\41.vir\00000f36.EML\00000032.OLE\_VBA_PROJECT W97M/Downloader.ast (特洛伊) a6afe57a383e0338f2df7a4a0ca8dbd8 (MD5)
2015/12/16 20:55:20 1023 KxMP ODS[12320] F:\sp\2015\201512\2015.12.16\42.vir\P110900012_2015.~JPG.exe Generic.xo (特洛伊) 8e991a303ace58bd2e1f9d179b66851f (MD5)
2015/12/16 20:55:21 1023 KxMP ODS[12320] F:\sp\2015\201512\2015.12.16\38.vir\cfg.exe Artemis!92F3D3563D15 (可能有害的程序) 080e74f4cbdce9d376d37e627064516b (MD5)
2015/12/16 20:55:22 1023 KxMP ODS[12320] F:\sp\2015\201512\2015.12.16\44.vir JS/Nemucod.ah (特洛伊) 2fbb4d05bf1628d8d708af48bbe72f63 (MD5)
2015/12/16 20:55:22 1023 KxMP ODS[12320] F:\sp\2015\201512\2015.12.16\43.vir Artemis!C9D5A4A14C6A (特洛伊) c9d5a4a14c6a89a13e766264824dfbfb (MD5)
2015/12/16 20:55:22 1023 KxMP ODS[12320] F:\sp\2015\201512\2015.12.16\45.vir\00000f36.EML\00000032.OLE\_VBA_PROJECT W97M/Downloader.ast (特洛伊) b91aa20b910b4c42fb78f5ea13c4a00b (MD5)
2015/12/16 20:55:23 未扫描（文件已加密） F:\sp\2015\201512\2015.12.16\48.vir
2015/12/16 20:55:23 1023 KxMP ODS[12320] F:\sp\2015\201512\2015.12.16\46.vir Artemis!C840C53B650C (特洛伊) c840c53b650c19d75a2f8f469a13a663 (MD5)
2015/12/16 20:55:23 1023 KxMP ODS[12320] F:\sp\2015\201512\2015.12.16\50.vir\Invoice_Documents.exe RDN/Generic.grp (特洛伊) 814df1bde272a8e1adb780b6e24447ab (MD5)
2015/12/16 20:55:24 扫描摘要 KxMP-PC\KxMP 扫描摘要
2015/12/16 20:55:24 扫描摘要 KxMP-PC\KxMP 已扫描的进程: 0
2015/12/16 20:55:24 扫描摘要 KxMP-PC\KxMP 已检测的进程: 0
2015/12/16 20:55:24 扫描摘要 KxMP-PC\KxMP 已清除病毒的进程: 0
2015/12/16 20:55:24 扫描摘要 KxMP-PC\KxMP 已扫描的引导区: 2
2015/12/16 20:55:24 扫描摘要 KxMP-PC\KxMP 已检测的引导区: 0
2015/12/16 20:55:24 扫描摘要 KxMP-PC\KxMP 已清除病毒的引导区: 0
2015/12/16 20:55:24 扫描摘要 KxMP-PC\KxMP 已扫描的文件: 49
2015/12/16 20:55:24 扫描摘要 KxMP-PC\KxMP 含有检测项的文件: 40
2015/12/16 20:55:24 扫描摘要 KxMP-PC\KxMP 文件检测项: 49
2015/12/16 20:55:24 扫描摘要 KxMP-PC\KxMP 已清除病毒的文件： 0
2015/12/16 20:55:24 扫描摘要 KxMP-PC\KxMP 已删除的文件: 0
2015/12/16 20:55:24 扫描摘要 KxMP-PC\KxMP 未扫描的文件: 1
2015/12/16 20:55:24 扫描摘要 KxMP-PC\KxMP 扫描摘要(注册表扫描)
2015/12/16 20:55:24 扫描摘要 KxMP-PC\KxMP 已扫描的项       : 0
2015/12/16 20:55:24 扫描摘要 KxMP-PC\KxMP 已检测的项       : 0
2015/12/16 20:55:24 扫描摘要 KxMP-PC\KxMP 已清理的项       : 0
2015/12/16 20:55:24 扫描摘要 KxMP-PC\KxMP 已删除的项       : 0
2015/12/16 20:55:24 扫描摘要 KxMP-PC\KxMP 运行时间: 0:00:40
2015/12/16 20:55:24 扫描结束 KxMP-PC\KxMP 按需扫描

显示全部楼层 · 发表于 2015-12-16 21:13:30

kxmp 发表于 2015-12-16 21:00
mcafee启发3个
49-9=40

什么版本的咖啡啊，查杀率这高的？？？

显示全部楼层 · 发表于 2015-12-16 21:31:51

grantzoo 发表于 2015-12-16 21:13
什么版本的咖啡啊，查杀率这高的？？？

楼上月神蹲坑了然后mcafee收集了数据

显示全部楼层 · 发表于 2015-12-17 08:48:38

GD KILL 37X 自动隔离1X

火绒 KILL 9X

[病毒样本] 精睿样本测试（15.12.16）

本帖子中包含更多资源

浏览过的版块