精睿样本测试（16.3.23）

轩夏

地址：

https://pan.baidu.com/s/1nuyl0lN   提取密码  a4bj

密码：bbs.vc52.cn
数量：50

轩夏

ESET X43

[mw_shl_code=css,true]Scan started at:   03/23/16 09:26:47
name="C:\Users\XuanXia\Desktop\2016.3.23\01.vir", threat="VBA/TrojanDownloader.Agent.AVU trojan", action="", info=""
name="C:\Users\XuanXia\Desktop\2016.3.23\01.vir » MIME » part002.bin", threat="VBA/TrojanDownloader.Agent.AVU trojan", action="", info=""
name="C:\Users\XuanXia\Desktop\2016.3.23\06.vir", threat="a variant of MSIL/Injector.OPH trojan", action="", info=""
name="C:\Users\XuanXia\Desktop\2016.3.23\07.vir", threat="a variant of Win32/Injector.CULC trojan", action="", info=""
name="C:\Users\XuanXia\Desktop\2016.3.23\08.vir", threat="a variant of MSIL/Injector.OKJ trojan", action="", info=""
name="C:\Users\XuanXia\Desktop\2016.3.23\09.vir", threat="JS/TrojanDownloader.Nemucod.KT trojan", action="", info=""
name="C:\Users\XuanXia\Desktop\2016.3.23\10.vir", threat="a variant of MSIL/Injector.ONZ trojan", action="", info=""
name="C:\Users\XuanXia\Desktop\2016.3.23\10.vir » RAR » AWBNOTICE BILL No 2201.exe", threat="a variant of MSIL/Injector.ONZ trojan", action="", info=""
name="C:\Users\XuanXia\Desktop\2016.3.23\12.vir", threat="VBA/TrojanDownloader.Agent.AVU trojan", action="", info=""
name="C:\Users\XuanXia\Desktop\2016.3.23\12.vir » MIME » part002.bin", threat="VBA/TrojanDownloader.Agent.AVU trojan", action="", info=""
name="C:\Users\XuanXia\Desktop\2016.3.23\13.vir", threat="VBA/Obfuscated.F trojan", action="", info=""
name="C:\Users\XuanXia\Desktop\2016.3.23\14.vir", threat="JS/TrojanDownloader.Nemucod.KQ trojan", action="", info=""
name="C:\Users\XuanXia\Desktop\2016.3.23\16.vir", threat="JS/TrojanDownloader.Nemucod.KT trojan", action="", info=""
name="C:\Users\XuanXia\Desktop\2016.3.23\20.vir", threat="JS/TrojanDownloader.Nemucod.KR trojan", action="", info=""
name="C:\Users\XuanXia\Desktop\2016.3.23\22.vir", threat="JS/TrojanDownloader.Nemucod.KL trojan", action="", info=""
name="C:\Users\XuanXia\Desktop\2016.3.23\25.vir", threat="a variant of Win32/Kryptik.ERSK trojan", action="", info=""
name="C:\Users\XuanXia\Desktop\2016.3.23\26.vir", threat="VBA/TrojanDropper.Agent.GJ trojan", action="", info=""
name="C:\Users\XuanXia\Desktop\2016.3.23\26.vir » MSG » Invoice_SFINV22157_from_tip_top_delivery.rtf", threat="VBA/TrojanDropper.Agent.GJ trojan", action="", info=""
name="C:\Users\XuanXia\Desktop\2016.3.23\26.vir » MSG » Invoice_SFINV22157_from_tip_top_delivery.rtf » MSOXML » VP5eAFOQZBY8BcM2G97p1WDg.mso", threat="VBA/TrojanDropper.Agent.GJ trojan", action="", info=""
name="C:\Users\XuanXia\Desktop\2016.3.23\27.vir", threat="Win32/Filecoder.TeslaCrypt.K trojan", action="", info=""
name="C:\Users\XuanXia\Desktop\2016.3.23\28.vir", threat="PHP/PhpSpy.B trojan", action="", info=""
name="C:\Users\XuanXia\Desktop\2016.3.23\29.vir", threat="Win32/PSW.Fareit.F trojan", action="", info=""
name="C:\Users\XuanXia\Desktop\2016.3.23\29.vir » ZIP » DOC-BL COPY 0451762015.exe", threat="Win32/PSW.Fareit.F trojan", action="", info=""
name="C:\Users\XuanXia\Desktop\2016.3.23\30.vir", threat="a variant of Win32/Kryptik.ERPE trojan", action="", info=""
name="C:\Users\XuanXia\Desktop\2016.3.23\31.vir", threat="JS/TrojanDownloader.Nemucod.KG trojan", action="", info=""
name="C:\Users\XuanXia\Desktop\2016.3.23\32.vir", threat="JS/TrojanDownloader.Nemucod.GF trojan", action="", info=""
name="C:\Users\XuanXia\Desktop\2016.3.23\33.vir", threat="a variant of MSIL/TrojanDropper.Agent.AQJ trojan", action="", info=""
name="C:\Users\XuanXia\Desktop\2016.3.23\34.vir", threat="VBA/TrojanDownloader.Agent.AVU trojan", action="", info=""
name="C:\Users\XuanXia\Desktop\2016.3.23\34.vir » MIME » part002.bin", threat="VBA/TrojanDownloader.Agent.AVU trojan", action="", info=""
name="C:\Users\XuanXia\Desktop\2016.3.23\35.vir", threat="JS/TrojanDownloader.Nemucod.KR trojan", action="", info=""
name="C:\Users\XuanXia\Desktop\2016.3.23\36.vir", threat="JS/TrojanDownloader.Nemucod.KU trojan", action="", info=""
name="C:\Users\XuanXia\Desktop\2016.3.23\37.vir", threat="VBA/TrojanDownloader.Agent.AVR trojan", action="", info=""
name="C:\Users\XuanXia\Desktop\2016.3.23\37.vir » ZIP » word/vbaProject.bin", threat="VBA/TrojanDownloader.Agent.AVR trojan", action="", info=""
name="C:\Users\XuanXia\Desktop\2016.3.23\39.vir", threat="VBA/TrojanDownloader.Agent.AVU trojan", action="", info=""
name="C:\Users\XuanXia\Desktop\2016.3.23\39.vir » GZIP » Invoice_TSINV43002_from_tip_top_delivery.rtf", threat="VBA/TrojanDownloader.Agent.AVU trojan", action="", info=""
name="C:\Users\XuanXia\Desktop\2016.3.23\39.vir » GZIP » Invoice_TSINV43002_from_tip_top_delivery.rtf » MIME » part002.bin", threat="VBA/TrojanDownloader.Agent.AVU trojan", action="", info=""
name="C:\Users\XuanXia\Desktop\2016.3.23\40.vir", threat="a variant of MSIL/Injector.LNF trojan", action="", info=""
name="C:\Users\XuanXia\Desktop\2016.3.23\43.vir", threat="VBA/TrojanDownloader.Agent.AVU trojan", action="", info=""
name="C:\Users\XuanXia\Desktop\2016.3.23\43.vir » MIME » part002.bin", threat="VBA/TrojanDownloader.Agent.AVU trojan", action="", info=""
name="C:\Users\XuanXia\Desktop\2016.3.23\45.vir", threat="VBA/TrojanDownloader.Agent.AVU trojan", action="", info=""
name="C:\Users\XuanXia\Desktop\2016.3.23\45.vir » MIME » part002.bin", threat="VBA/TrojanDownloader.Agent.AVU trojan", action="", info=""
name="C:\Users\XuanXia\Desktop\2016.3.23\46.vir", threat="VBA/Obfuscated.F trojan", action="", info=""
name="C:\Users\XuanXia\Desktop\2016.3.23\48.vir", threat="JS/TrojanDownloader.Nemucod.KT trojan", action="", info=""

Scan completed at: 03/23/16 09:26:57[/mw_shl_code]

ymb668888

卡巴

c68111c

Eset小粉絲

Avira 23X
剩餘已上報

[mw_shl_code=css,true]Start of the scan: Wednesday, March 23, 2016  10:24

Starting the file scan:

Begin scan in 'C:\Users\IVAN\Desktop\2016.3.23'
C:\Users\IVAN\Desktop\2016.3.23\01.vir
    [0] Archive type: MIME
        [DETECTION] Contains suspicious code HEUR/Macro.Downloader
        [WARNING]   Infected files in archives cannot be repaired
  [NOTE]      The detection was classified as suspicious.
  [NOTE]      The file was moved to the quarantine directory under the name '5177637d.qua'!
C:\Users\IVAN\Desktop\2016.3.23\04.vir
  [DETECTION] Is the TR/Samca.A.749 Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '49e04cd5.qua'!
C:\Users\IVAN\Desktop\2016.3.23\05.vir
  [DETECTION] Is the TR/Dropper.Gen Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '1bbf163e.qua'!
C:\Users\IVAN\Desktop\2016.3.23\07.vir
  [DETECTION] Is the TR/Injector.702464.10 Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '7d8859fa.qua'!
C:\Users\IVAN\Desktop\2016.3.23\10.vir
    [0] Archive type: RAR
    --> AWBNOTICE BILL No 2201.exe
        [DETECTION] Is the TR/Dropper.MSIL.273367 Trojan
        [WARNING]   Infected files in archives cannot be repaired
  [NOTE]      The file was moved to the quarantine directory under the name '380c74cd.qua'!
C:\Users\IVAN\Desktop\2016.3.23\12.vir
    [0] Archive type: MIME
        [DETECTION] Contains suspicious code HEUR/Macro.Downloader
        [WARNING]   Infected files in archives cannot be repaired
  [NOTE]      The detection was classified as suspicious.
  [NOTE]      The file was moved to the quarantine directory under the name '471746ae.qua'!
C:\Users\IVAN\Desktop\2016.3.23\13.vir
  [DETECTION] Contains code of the W2000M/Agent.36244 macro virus
  [NOTE]      The file was moved to the quarantine directory under the name '0baf6aeb.qua'!
C:\Users\IVAN\Desktop\2016.3.23\18.vir
  [DETECTION] Is the TR/Crypt.Xpack.435019 Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '77b72abe.qua'!
C:\Users\IVAN\Desktop\2016.3.23\25.vir
  [DETECTION] Is the TR/Crypt.ZPACK.237832 Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '5aed05f4.qua'!
C:\Users\IVAN\Desktop\2016.3.23\26.vir
    [0] Archive type: OLE
    --> AV00000010.AV$
        [1] Archive type: Office Legacy XML
      --> VP5eAFOQZBY8BcM2G97p1WDg.mso
          [2] Archive type: OLE
        --> Object
            [DETECTION] Contains code of the W2000M/Agent.6783456 macro virus
            [WARNING]   Infected files in archives cannot be repaired
  [NOTE]      The file was moved to the quarantine directory under the name '43853e6f.qua'!
C:\Users\IVAN\Desktop\2016.3.23\29.vir
    [0] Archive type: ZIP
    --> DOC-BL COPY 0451762015.exe
        [DETECTION] Is the TR/Dropper.MSIL.276365 Trojan
        [WARNING]   Infected files in archives cannot be repaired
  [NOTE]      The file was moved to the quarantine directory under the name '2fd9125a.qua'!
C:\Users\IVAN\Desktop\2016.3.23\30.vir
  [DETECTION] Is the TR/Crypt.ZPACK.237512 Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '5e602bc4.qua'!
C:\Users\IVAN\Desktop\2016.3.23\33.vir
  [DETECTION] Is the TR/Drop.Agent.134144.2 Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '507a1b0e.qua'!
C:\Users\IVAN\Desktop\2016.3.23\34.vir
    [0] Archive type: MIME
        [DETECTION] Contains suspicious code HEUR/Macro.Downloader
        [WARNING]   Infected files in archives cannot be repaired
  [NOTE]      The detection was classified as suspicious.
  [NOTE]      The file was moved to the quarantine directory under the name '1553624d.qua'!
C:\Users\IVAN\Desktop\2016.3.23\37.vir
    [0] Archive type: ZIP
    --> word/vbaProject.bin
        [DETECTION] Contains code of the W2000M/Downloader.L macro virus
        [WARNING]   Infected files in archives cannot be repaired
  [NOTE]      The file was moved to the quarantine directory under the name '1c5866e3.qua'!
C:\Users\IVAN\Desktop\2016.3.23\39.vir
    [0] Archive type: GZ
    --> Invoice_TSINV43002_from_tip_top_delivery.rtf
        [1] Archive type: MIME
          [DETECTION] Contains suspicious code HEUR/Macro.Downloader
          [WARNING]   Infected files in archives cannot be repaired
  [NOTE]      The detection was classified as suspicious.
  [NOTE]      The file was moved to the quarantine directory under the name '44197f88.qua'!
C:\Users\IVAN\Desktop\2016.3.23\40.vir
  [DETECTION] Is the TR/Dropper.Gen Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '68ed064f.qua'!
C:\Users\IVAN\Desktop\2016.3.23\43.vir
    [0] Archive type: MIME
        [DETECTION] Contains suspicious code HEUR/Macro.Downloader
        [WARNING]   Infected files in archives cannot be repaired
  [NOTE]      The detection was classified as suspicious.
  [NOTE]      The file was moved to the quarantine directory under the name '56136698.qua'!
C:\Users\IVAN\Desktop\2016.3.23\45.vir
    [0] Archive type: MIME
        [DETECTION] Contains suspicious code HEUR/Macro.Downloader
        [WARNING]   Infected files in archives cannot be repaired
  [NOTE]      The detection was classified as suspicious.
  [NOTE]      The file was moved to the quarantine directory under the name '351d4de9.qua'!
C:\Users\IVAN\Desktop\2016.3.23\46.vir
  [DETECTION] Contains code of the W2000M/Agent.583920 macro virus
  [NOTE]      The file was moved to the quarantine directory under the name '13d50df5.qua'!
C:\Users\IVAN\Desktop\2016.3.23\49.vir
  [DETECTION] Is the TR/Razy.12288.4 Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '21417654.qua'!
C:\Users\IVAN\Desktop\2016.3.23\28.vir
  [DETECTION] Contains recognition pattern of the PHP/Agent.EU PHP virus
  [NOTE]      The file was moved to the quarantine directory under the name '52f5689b.qua'!
C:\Users\IVAN\Desktop\2016.3.23\32.vir
  [DETECTION] Contains recognition pattern of the JS/Locky.11 Java script virus
  [NOTE]      The file was moved to the quarantine directory under the name '4a624706.qua'!
[/mw_shl_code]

欧阳宣

咖啡检测13个。

星云劫

大蜘蛛，解压杀掉18个，右键扫描杀掉10个，剩余22个。

蓝天二号

诺顿 KILL 23X

类别： 已解决的安全风险
日期和时间,风险,活动,状态,推荐的操作,活动
2016/3/23 11:18:51,高,"检测到 压缩文件 \"26.vir\" 中存在风险 (检测方: 病毒扫描程序)",已隔离,已解决 - 不需要操作,已执行的威胁操作: 1
2016/3/23 11:18:42,高,检测到 dato adjunto.exe (W32.Extrat) (检测方: 病毒扫描程序),已隔离,已解决 - 不需要操作,已执行的威胁操作: 1
2016/3/23 11:18:42,高,检测到 JS.Downloader (检测方: 病毒扫描程序),已隔离,已解决 - 不需要操作,已执行的威胁操作: 1
2016/3/23 11:18:42,高,检测到 awbnotice bill no 2201.exe (Infostealer.Limitail) (检测方: 病毒扫描程序),已隔离,已解决 - 不需要操作,已执行的威胁操作: 1
2016/3/23 11:18:38,高,检测到 Trojan.Mdropper (检测方: 病毒扫描程序),已隔离,已解决 - 不需要操作,已执行的威胁操作: 1
2016/3/23 11:18:18,高,47.vir (Trojan Horse) 检测方 自动防护,已阻止,已解决 - 不需要操作,已执行的威胁操作: 0
2016/3/23 11:18:17,高,46.vir (W97M.Downloader) 检测方 自动防护,已阻止,已解决 - 不需要操作,已执行的威胁操作: 0
2016/3/23 11:18:17,高,45.vir (Trojan.Mdropper) 检测方 自动防护,已阻止,已解决 - 不需要操作,已执行的威胁操作: 0
2016/3/23 11:18:15,高,44.vir (Trojan.Gen) 检测方 自动防护,已阻止,已解决 - 不需要操作,已执行的威胁操作: 0
2016/3/23 11:18:13,高,检测到 40.vir (SAPE.Heur.97927) (检测方: 自动防护),已隔离,已解决 - 不需要操作,已执行的威胁操作: 1
2016/3/23 11:18:12,高,43.vir (Trojan.Mdropper) 检测方 自动防护,已阻止,已解决 - 不需要操作,已执行的威胁操作: 0
2016/3/23 11:18:12,高,42.vir (Trojan.Gen.2) 检测方 自动防护,已阻止,已解决 - 不需要操作,已执行的威胁操作: 0
2016/3/23 11:18:09,高,检测到 37.vir (W97M.Downloader) (检测方: 自动防护),已隔离,已解决 - 不需要操作,已执行的威胁操作: 1
2016/3/23 11:17:49,高,34.vir (Trojan.Mdropper) 检测方 自动防护,已阻止,已解决 - 不需要操作,已执行的威胁操作: 0
2016/3/23 11:17:44,高,30.vir (Trojan.Cryptolocker.N) 检测方 自动防护,已阻止,已解决 - 不需要操作,已执行的威胁操作: 0
2016/3/23 11:17:44,高,检测到 21.vir (Suspicious.Cloud.9.B) (检测方: 自动防护),已隔离,已解决 - 不需要操作,已执行的威胁操作: 1
2016/3/23 11:17:28,高,25.vir (Trojan.Cryptolocker.N) 检测方 自动防护,已阻止,已解决 - 不需要操作,已执行的威胁操作: 0
2016/3/23 11:17:27,高,24.vir (JS.Downloader) 检测方 自动防护,已阻止,已解决 - 不需要操作,已执行的威胁操作: 0
2016/3/23 11:17:27,高,23.vir (JS.Downloader) 检测方 自动防护,已阻止,已解决 - 不需要操作,已执行的威胁操作: 0
2016/3/23 11:17:24,高,18.vir (Trojan.Snifula.F) 检测方 自动防护,已阻止,已解决 - 不需要操作,已执行的威胁操作: 0
2016/3/23 11:17:22,高,12.vir (Trojan.Mdropper) 检测方 自动防护,已阻止,已解决 - 不需要操作,已执行的威胁操作: 0
2016/3/23 11:17:22,高,11.vir (JS.Downloader) 检测方 自动防护,已阻止,已解决 - 不需要操作,已执行的威胁操作: 0
2016/3/23 11:17:22,高,08.vir (Trojan.Gen) 检测方 自动防护,已阻止,已解决 - 不需要操作,已执行的威胁操作: 0
2016/3/23 11:17:19,高,06.vir (Trojan.Gen.2) 检测方 自动防护,已阻止,已解决 - 不需要操作,已执行的威胁操作: 0
2016/3/23 11:17:12,高,01.vir (Trojan.Mdropper) 检测方 自动防护,已阻止,已解决 - 不需要操作,已执行的威胁操作: 0

轩夏

蓝天二号 发表于 2016-3-23 11:19
诺顿 KILL 23X

还以为你今天不来了呢~~~~

蓝天二号

轩夏 发表于 2016-3-23 11:21
还以为你今天不来了呢~~~~

刚回家，，不过也最后一天，，