精睿样本测试（16.6.1）

显示全部楼层 · 发表于 2016-6-1 10:26:50

supervir 发表于 2016-6-1 10:22
是代码的呀！

感觉你的这个代码框好清爽的呢

显示全部楼层 · 发表于 2016-6-1 10:28:30

360 11X

显示全部楼层 · 发表于 2016-6-1 10:47:32

本帖最后由 Llano_心情于 2016-6-1 11:20 编辑

回来了，继续测百度国内【关闭大B引擎

断网 kill x 23
[mw_shl_code=css,true]扫描结果
扫描文件数:50
发现风险数:23
已处理风险数:0

风险情况详情:

病毒木马名:ASP.Backdoor.Ace.bk.bav  路径:D:\搜狗高速下载\2016.6.1\05.vir  病毒木马类型:后门程序未处理
病毒木马名:VBA.Trojan-Downloader.Agent.ahz.bav  路径:D:\搜狗高速下载\2016.6.1\08.vir  病毒木马类型:下载者木马未处理
病毒木马名:VBA.Trojan-Downloader.Agent.adz.bav  路径:D:\搜狗高速下载\2016.6.1\11.vir  病毒木马类型:下载者木马未处理
病毒木马名:VBA.Trojan-Downloader.Agent.ahz.bav  路径:D:\搜狗高速下载\2016.6.1\17.vir  病毒木马类型:下载者木马未处理
病毒木马名:VBA.Trojan-Downloader.Agent.ahz.bav  路径:D:\搜狗高速下载\2016.6.1\18.vir  病毒木马类型:下载者木马未处理
病毒木马名:ASP.Backdoor.Ace.ba.bav  路径:D:\搜狗高速下载\2016.6.1\21.vir  病毒木马类型:后门程序未处理
病毒木马名:VBA.Trojan-Downloader.Agent.ahz.bav  路径:D:\搜狗高速下载\2016.6.1\24.vir  病毒木马类型:下载者木马未处理
病毒木马名:VBA.Trojan-Downloader.Agent.ahz.bav  路径:D:\搜狗高速下载\2016.6.1\28.vir  病毒木马类型:下载者木马未处理
病毒木马名:VBA.Trojan-Downloader.Agent.aek.bav  路径:D:\搜狗高速下载\2016.6.1\33.vir  病毒木马类型:下载者木马未处理
病毒木马名:VBA.Trojan-Downloader.Agent.aek.bav  路径:D:\搜狗高速下载\2016.6.1\39.vir  病毒木马类型:下载者木马未处理
病毒木马名:VBA.Trojan-Downloader.Agent.ahz.bav  路径:D:\搜狗高速下载\2016.6.1\41.vir  病毒木马类型:下载者木马未处理
病毒木马名:VBS.Trojan.Agent.ej.bav  路径:D:\搜狗高速下载\2016.6.1\43.vir  病毒木马类型:恶意木马未处理
病毒木马名:VBS.Trojan-Downloader.Small.ch.bav  路径:D:\搜狗高速下载\2016.6.1\44.vir  病毒木马类型:下载者木马未处理
病毒木马名:VBA.Trojan-Downloader.Agent.ahz.bav  路径:D:\搜狗高速下载\2016.6.1\48.vir  病毒木马类型:下载者木马未处理
病毒木马名:Win32.Trojan.WisdomEyes.150615.9950.9989.bav  路径:D:\搜狗高速下载\2016.6.1\01.vir  病毒木马类型:恶意木马未处理
病毒木马名:Win32.Trojan.WisdomEyes.150615.9950.9999.bav  路径:D:\搜狗高速下载\2016.6.1\07.vir  病毒木马类型:恶意木马未处理
病毒木马名:Win32.Trojan.WisdomEyes.150615.9950.9997.bav  路径:D:\搜狗高速下载\2016.6.1\12.vir  病毒木马类型:恶意木马未处理
病毒木马名:Win32.Trojan.WisdomEyes.150615.9950.9987.bav  路径:D:\搜狗高速下载\2016.6.1\16.vir  病毒木马类型:恶意木马未处理
病毒木马名:Win32.Trojan.WisdomEyes.150615.9950.9989.bav  路径:D:\搜狗高速下载\2016.6.1\19.vir  病毒木马类型:恶意木马未处理
病毒木马名:Win32.Trojan.WisdomEyes.150615.9950.9973.bav  路径:D:\搜狗高速下载\2016.6.1\26.vir  病毒木马类型:恶意木马未处理
病毒木马名:Win32.Trojan.WisdomEyes.150615.9950.9995.bav  路径:D:\搜狗高速下载\2016.6.1\31.vir  病毒木马类型:恶意木马未处理
病毒木马名:Win32.Trojan.WisdomEyes.150615.9950.9963.bav  路径:D:\搜狗高速下载\2016.6.1\36.vir  病毒木马类型:恶意木马未处理
病毒木马名:Win32.Trojan.WisdomEyes.150615.9950.9964.bav  路径:D:\搜狗高速下载\2016.6.1\38.vir  病毒木马类型:恶意木马未处理[/mw_shl_code]

联网 kill x 27
[mw_shl_code=python,true]扫描结果
扫描文件数:50
发现风险数:27
已处理风险数:0

风险情况详情:

病毒木马名:ASP.Backdoor.Ace.bk.bav  路径:D:\搜狗高速下载\2016.6.1\05.vir  病毒木马类型:后门程序未处理
病毒木马名:VBA.Trojan-Downloader.Agent.ahz.bav  路径:D:\搜狗高速下载\2016.6.1\08.vir  病毒木马类型:下载者木马未处理
病毒木马名:Win32.Gen.CCEV201.cdq.cav  路径:D:\搜狗高速下载\2016.6.1\06.vir  病毒木马类型:恶意木马未处理
病毒木马名:Win32.Gen.CCE03.cdq.cav  路径:D:\搜狗高速下载\2016.6.1\07.vir  病毒木马类型:恶意木马未处理
病毒木马名:Win32.Trojan.LockScreen.ifka.cav  路径:D:\搜狗高速下载\2016.6.1\12.vir  病毒木马类型:恶意木马未处理
病毒木马名:VBA.Trojan-Downloader.Agent.adz.bav  路径:D:\搜狗高速下载\2016.6.1\11.vir  病毒木马类型:下载者木马未处理
病毒木马名:VBA.Trojan-Downloader.Agent.ahz.bav  路径:D:\搜狗高速下载\2016.6.1\17.vir  病毒木马类型:下载者木马未处理
病毒木马名:VBA.Trojan-Downloader.Agent.ahz.bav  路径:D:\搜狗高速下载\2016.6.1\18.vir  病毒木马类型:下载者木马未处理
病毒木马名:Win32.Gen.CCE04.spy.cav  路径:D:\搜狗高速下载\2016.6.1\32.vir  病毒木马类型:恶意木马未处理
病毒木马名:ASP.Backdoor.Ace.ba.bav  路径:D:\搜狗高速下载\2016.6.1\21.vir  病毒木马类型:后门程序未处理
病毒木马名:VBA.Trojan-Downloader.Agent.ahz.bav  路径:D:\搜狗高速下载\2016.6.1\24.vir  病毒木马类型:下载者木马未处理
病毒木马名:Win32.Trojan.WisdomEyes.150615.9950.9987.bav  路径:D:\搜狗高速下载\2016.6.1\16.vir  病毒木马类型:恶意木马未处理
病毒木马名:Win32.Trojan.Agent.ej.cav  路径:D:\搜狗高速下载\2016.6.1\04.vir  病毒木马类型:恶意木马未处理
病毒木马名:Win32.Trojan.WisdomEyes.150615.9950.9989.bav  路径:D:\搜狗高速下载\2016.6.1\19.vir  病毒木马类型:恶意木马未处理
病毒木马名:VBA.Trojan-Downloader.Agent.ahz.bav  路径:D:\搜狗高速下载\2016.6.1\28.vir  病毒木马类型:下载者木马未处理
病毒木马名:Win32.Trojan.WisdomEyes.150615.9950.9973.bav  路径:D:\搜狗高速下载\2016.6.1\26.vir  病毒木马类型:恶意木马未处理
病毒木马名:VBA.Trojan-Downloader.Agent.aek.bav  路径:D:\搜狗高速下载\2016.6.1\33.vir  病毒木马类型:下载者木马未处理
病毒木马名:VBA.Trojan-Downloader.Agent.aek.bav  路径:D:\搜狗高速下载\2016.6.1\39.vir  病毒木马类型:下载者木马未处理
病毒木马名:Win32.Trojan-Dropper.Gen.pbja.cav  路径:D:\搜狗高速下载\2016.6.1\42.vir  病毒木马类型:释放者木马未处理
病毒木马名:VBA.Trojan-Downloader.Agent.ahz.bav  路径:D:\搜狗高速下载\2016.6.1\41.vir  病毒木马类型:下载者木马未处理
病毒木马名:VBS.Trojan.Agent.ej.bav  路径:D:\搜狗高速下载\2016.6.1\43.vir  病毒木马类型:恶意木马未处理
病毒木马名:VBS.Trojan-Downloader.Small.ch.bav  路径:D:\搜狗高速下载\2016.6.1\44.vir  病毒木马类型:下载者木马未处理
病毒木马名:VBA.Trojan-Downloader.Agent.ahz.bav  路径:D:\搜狗高速下载\2016.6.1\48.vir  病毒木马类型:下载者木马未处理
病毒木马名:Win32.Trojan.WisdomEyes.150615.9950.9995.bav  路径:D:\搜狗高速下载\2016.6.1\31.vir  病毒木马类型:恶意木马未处理
病毒木马名:Win32.Trojan.WisdomEyes.150615.9950.9989.bav  路径:D:\搜狗高速下载\2016.6.1\01.vir  病毒木马类型:恶意木马未处理
病毒木马名:Win32.Trojan.WisdomEyes.150615.9950.9963.bav  路径:D:\搜狗高速下载\2016.6.1\36.vir  病毒木马类型:恶意木马未处理
病毒木马名:Win32.Trojan.WisdomEyes.150615.9950.9964.bav  路径:D:\搜狗高速下载\2016.6.1\38.vir  病毒木马类型:恶意木马未处理[/mw_shl_code]

显示全部楼层 · 发表于 2016-6-1 10:49:10

Llano_心情发表于 2016-6-1 10:47
回来了，继续测百度国内【关闭大B引擎

断网 kill x 23

好久不见了

显示全部楼层 · 发表于 2016-6-1 10:50:14

轩夏发表于 2016-6-1 10:49
好久不见了

嗯，一个月吧，刚好请假回学校了。现在上班继续测=。=

显示全部楼层 · 发表于 2016-6-1 10:56:58

Antivirus Pro
报告档日期： 2016年6月1日  10:51
扫描开始： 2016年6月1日  10:51

开始档案扫描：

开始扫描 'F:\Other\2016.6.1'
F:\Other\2016.6.1\01.vir
  [侦测]       是 TR/Crypt.ZPACK.xwoz 特洛伊木马程式
F:\Other\2016.6.1\02.vir
[0] 封存类型: NSIS
--> ProgramFilesDir/Nwiz.dll
      [侦测]       是 TR/Injector.oewl 特洛伊木马程式
      [警告]       无法修复封存中受感染的档案！
F:\Other\2016.6.1\04.vir
  [侦测]       是 TR/Dropper.MSIL.xiiz 特洛伊木马程式
F:\Other\2016.6.1\05.vir
  [侦测]       包含 (有害的) BDS/ASP.Ace 后门程式的辨识模式
F:\Other\2016.6.1\06.vir
  [侦测]       是 TR/Rogue.11393467.1 特洛伊木马程式
成功初始化 Cloud SDK 和授权检查.
档案 'F:\Other\2016.6.1\07.vir' 已上传至 Protection Cloud 并已进行分析。SHA256 = E0BECA90C0DA3771CC8600E17EE4D7D6D0EF037AB0DF7A1F3F5599E878F30199
F:\Other\2016.6.1\07.vir (SHA-256: e0beca90c0da3771cc8600e17ee4d7d6d0ef037ab0df7a1f3f5599e878f30199)
  [侦测]       是 TR/Crypt.EPACK.Gen2 (Cloud) 特洛伊木马程式
  [资讯]       档案 'F:\Other\2016.6.1\07.vir' 已上传至 Protection Cloud 并已进行分析.
F:\Other\2016.6.1\08.vir
[0] 封存类型: ZIP
--> word/vbaProject.bin
      [侦测]       包含 W2000M/Dldr.Locky.lxc 巨集病毒码
      [警告]       无法修复封存中受感染的档案！
F:\Other\2016.6.1\09.vir
  [侦测]       包含 W2000M/Dldr.Agent.AM.86290 巨集病毒码
F:\Other\2016.6.1\11.vir
  [侦测]       包含 W2000M/Agent.60165009 巨集病毒码
F:\Other\2016.6.1\12.vir
  [侦测]       是 TR/Dropper.MSIL.klfh 特洛伊木马程式
F:\Other\2016.6.1\13.vir
[0] 封存类型: ZIP
--> thompsom/_auX.class
      [侦测]       包含 JAVA/Adwind.bv Java 病毒的辨识模式
      [警告]       无法修复封存中受感染的档案！
F:\Other\2016.6.1\14.vir
  [侦测]       包含 W2000M/Dldr.Agent.AM.86290 巨集病毒码
F:\Other\2016.6.1\15.vir
  [侦测]       包含 W2000M/Dldr.Agent.AM.86290 巨集病毒码
F:\Other\2016.6.1\16.vir
  [侦测]       是 TR/Crypt.ZPACK.flyg 特洛伊木马程式
F:\Other\2016.6.1\17.vir
[0] 封存类型: ZIP
--> word/vbaProject.bin
      [侦测]       包含 W2000M/Dldr.Locky.lxc 巨集病毒码
      [警告]       无法修复封存中受感染的档案！
F:\Other\2016.6.1\18.vir
[0] 封存类型: ZIP
--> word/vbaProject.bin
      [侦测]       包含 W2000M/Agent.182362 巨集病毒码
      [警告]       无法修复封存中受感染的档案！
档案 'F:\Other\2016.6.1\22.vir' 已上传至 Protection Cloud 并已进行分析。SHA256 = 569A030031225E8E54D62260906D4B293E3AAA202888D8747492A449BDC4BB0C
F:\Other\2016.6.1\22.vir (SHA-256: 569a030031225e8e54d62260906d4b293e3aaa202888d8747492a449bdc4bb0c)
  [侦测]       包含 PUA/IStartSurf.Gen4 (Cloud) 软体的模式
  [资讯]       档案 'F:\Other\2016.6.1\22.vir' 已上传至 Protection Cloud 并已进行分析.
F:\Other\2016.6.1\24.vir
[0] 封存类型: ZIP
--> word/vbaProject.bin
      [侦测]       包含 W2000M/Dldr.Locky.lxc 巨集病毒码
      [警告]       无法修复封存中受感染的档案！
F:\Other\2016.6.1\25.vir
  [侦测]       包含 W2000M/Dldr.Agent.AM.86290 巨集病毒码
档案 'F:\Other\2016.6.1\26.vir' 已上传至 Protection Cloud 并已进行分析。SHA256 = 73C4CDF08F155B875C2DC2D1B6EDB4BBD6661DA6E89508AED6FFAD7B77371ECE
F:\Other\2016.6.1\26.vir (SHA-256: 73c4cdf08f155b875c2dc2d1b6edb4bbd6661da6e89508aed6ffad7b77371ece)
  [侦测]       包含可疑的 HEUR/APC (Cloud) 程式码
  [资讯]       档案 'F:\Other\2016.6.1\26.vir' 已上传至 Protection Cloud 并已进行分析.
档案 'F:\Other\2016.6.1\27.vir' 已上传至 Protection Cloud 并已进行分析。SHA256 = C420C046EE6C0CB93E5119959FF91FF7F401BA2F69A1479373452D831961A17A
F:\Other\2016.6.1\27.vir (SHA-256: c420c046ee6c0cb93e5119959ff91ff7f401ba2f69a1479373452d831961a17a)
  [侦测]       包含可疑的 HEUR/APC (Cloud) 程式码
  [资讯]       档案 'F:\Other\2016.6.1\27.vir' 已上传至 Protection Cloud 并已进行分析.
F:\Other\2016.6.1\28.vir
[0] 封存类型: ZIP
--> word/vbaProject.bin
      [侦测]       包含 W2000M/Agent.182362 巨集病毒码
      [警告]       无法修复封存中受感染的档案！
F:\Other\2016.6.1\29.vir
  [侦测]       是 TR/Dropper.MSIL.ichw 特洛伊木马程式
F:\Other\2016.6.1\30.vir
[0] 封存类型: OLE
--> AV00000112.AV$
      [1] 封存类型: ZIP
   --> word/vbaProject.bin
      [侦测]       包含 W2000M/Dldr.Agent.AM.65755777 巨集病毒码
      [警告]       无法修复封存中受感染的档案！
F:\Other\2016.6.1\31.vir
  [侦测]       是 TR/FileCoder.Locky.65778 特洛伊木马程式
F:\Other\2016.6.1\32.vir
  [侦测]       是 TR/Dropper.qsfb 特洛伊木马程式
F:\Other\2016.6.1\33.vir
  [侦测]       包含 W2000M/Agent.4058459 巨集病毒码
F:\Other\2016.6.1\34.vir
  [侦测]       是 TR/Graftor.owts 特洛伊木马程式
F:\Other\2016.6.1\35.vir
  [侦测]       包含 W2000M/Dldr.Agent.AM.86290 巨集病毒码
F:\Other\2016.6.1\36.vir
  [侦测]       是 TR/Dropper.Gen2 特洛伊木马程式
F:\Other\2016.6.1\37.vir
  [侦测]       包含 ANDROID/Spy.Banker.tdkb 病毒码
F:\Other\2016.6.1\38.vir
  [侦测]       是 TR/Crypt.ZPACK.ylub 特洛伊木马程式
F:\Other\2016.6.1\39.vir
  [侦测]       包含 W2000M/Agent.60164541 巨集病毒码
F:\Other\2016.6.1\40.vir
[0] 封存类型: OLE
--> AV00000141.AV$
      [1] 封存类型: ZIP
   --> items65426004.pdf.exe
      [侦测]       是 TR/Dropper.MSIL.opkh 特洛伊木马程式
      [警告]       无法修复封存中受感染的档案！
F:\Other\2016.6.1\41.vir
[0] 封存类型: ZIP
--> word/vbaProject.bin
      [侦测]       包含 W2000M/Agent.182362 巨集病毒码
      [警告]       无法修复封存中受感染的档案！
F:\Other\2016.6.1\42.vir
  [侦测]       是 TR/Dropper.Gen 特洛伊木马程式
F:\Other\2016.6.1\45.vir
  [侦测]       包含 W2000M/Dldr.Agent.AM.86290 巨集病毒码
F:\Other\2016.6.1\47.vir
  [侦测]       包含 HTML/ExpKit.Gen3 HTML 指令码病毒的辨识模式
F:\Other\2016.6.1\48.vir
[0] 封存类型: ZIP
--> word/vbaProject.bin
      [侦测]       包含 W2000M/Agent.182362 巨集病毒码
      [警告]       无法修复封存中受感染的档案！
F:\Other\2016.6.1\49.vir
[0] 封存类型: OLE
--> AV0000017d.AV$
      [1] 封存类型: RAR
   --> ca4b4812.js
      [侦测]       包含 JS/Dldr.Locky.PW Java 指令码病毒的辨识模式
      [警告]       无法修复封存中受感染的档案！
F:\Other\2016.6.1\50.vir
  [侦测]       包含 W2000M/Dldr.Agent.90969838 巨集病毒码

开始消毒：
F:\Other\2016.6.1\50.vir
  [侦测]       包含 W2000M/Dldr.Agent.90969838 巨集病毒码
  [注意]       档案会移动至 '5f6deff3.qua' 名称底下的隔离区目录!
F:\Other\2016.6.1\49.vir
  [侦测]       包含可疑的 HEUR/Suspar.Gen 程式码
  [注意]       侦测的发现已归类为可疑.
  [注意]       档案会移动至 '47fac04d.qua' 名称底下的隔离区目录!
F:\Other\2016.6.1\48.vir
  [侦测]       包含 W2000M/Agent.182362 巨集病毒码
  [注意]       档案会移动至 '15a59aa4.qua' 名称底下的隔离区目录!
F:\Other\2016.6.1\47.vir
  [侦测]       包含 HTML/ExpKit.Gen3 HTML 指令码病毒的辨识模式
  [注意]       档案会移动至 '7392d579.qua' 名称底下的隔离区目录!
F:\Other\2016.6.1\45.vir
  [侦测]       包含 W2000M/Dldr.Agent.AM.86290 巨集病毒码
  [注意]       档案会移动至 '3616f845.qua' 名称底下的隔离区目录!
F:\Other\2016.6.1\42.vir
  [侦测]       是 TR/Dropper.Gen 特洛伊木马程式
  [注意]       档案会移动至 '490dca23.qua' 名称底下的隔离区目录!
F:\Other\2016.6.1\41.vir
  [侦测]       包含 W2000M/Agent.182362 巨集病毒码
  [注意]       档案会移动至 '05b5e66a.qua' 名称底下的隔离区目录!
F:\Other\2016.6.1\40.vir
  [侦测]       档案包含以无害副档名 (HIDDENEXT/Worm.Gen) 伪装的可执行程式
  [注意]       侦测的发现已归类为可疑.
  [注意]       档案会移动至 '79ada63b.qua' 名称底下的隔离区目录!
F:\Other\2016.6.1\39.vir
  [侦测]       包含 W2000M/Agent.60164541 巨集病毒码
  [注意]       档案会移动至 '54f7896f.qua' 名称底下的隔离区目录!
F:\Other\2016.6.1\38.vir
  [侦测]       是 TR/Crypt.ZPACK.ylub 特洛伊木马程式
  [注意]       档案会移动至 '4d9fb2f4.qua' 名称底下的隔离区目录!
F:\Other\2016.6.1\37.vir
  [侦测]       包含 ANDROID/Spy.Banker.tdkb 病毒码
  [注意]       档案会移动至 '21c39edb.qua' 名称底下的隔离区目录!
F:\Other\2016.6.1\36.vir
  [侦测]       是 TR/Dropper.Gen2 特洛伊木马程式
  [注意]       档案会移动至 '507aa74e.qua' 名称底下的隔离区目录!
F:\Other\2016.6.1\35.vir
  [侦测]       包含 W2000M/Dldr.Agent.AM.86290 巨集病毒码
  [注意]       档案会移动至 '5e609788.qua' 名称底下的隔离区目录!
F:\Other\2016.6.1\34.vir
  [侦测]       是 TR/Graftor.owts 特洛伊木马程式
  [注意]       档案会移动至 '1b49eec9.qua' 名称底下的隔离区目录!
F:\Other\2016.6.1\33.vir
  [侦测]       包含 W2000M/Agent.4058459 巨集病毒码
  [注意]       档案会移动至 '1242ea63.qua' 名称底下的隔离区目录!
F:\Other\2016.6.1\32.vir
  [侦测]       是 TR/Dropper.qsfb 特洛伊木马程式
  [注意]       档案会移动至 '4a03f30d.qua' 名称底下的隔离区目录!
F:\Other\2016.6.1\31.vir
  [侦测]       是 TR/FileCoder.Locky.65778 特洛伊木马程式
  [注意]       档案会移动至 '66f78ac0.qua' 名称底下的隔离区目录!
F:\Other\2016.6.1\30.vir
  [侦测]       包含 W2000M/Dldr.Agent.AM.65755777 巨集病毒码
  [注意]       档案会移动至 '5809ea19.qua' 名称底下的隔离区目录!
F:\Other\2016.6.1\29.vir
  [侦测]       是 TR/Dropper.MSIL.ichw 特洛伊木马程式
  [注意]       档案会移动至 '3b07c171.qua' 名称底下的隔离区目录!
F:\Other\2016.6.1\28.vir
  [侦测]       包含 W2000M/Agent.182362 巨集病毒码
  [注意]       档案会移动至 '1dcf816f.qua' 名称底下的隔离区目录!
F:\Other\2016.6.1\27.vir (SHA-256: c420c046ee6c0cb93e5119959ff91ff7f401ba2f69a1479373452d831961a17a)
  [侦测]       包含可疑的 HEUR/APC (Cloud) 程式码
  [注意]       档案会移动至 '2f5bfacb.qua' 名称底下的隔离区目录!
F:\Other\2016.6.1\26.vir (SHA-256: 73c4cdf08f155b875c2dc2d1b6edb4bbd6661da6e89508aed6ffad7b77371ece)
  [侦测]       包含可疑的 HEUR/APC (Cloud) 程式码
  [注意]       档案会移动至 '251ed1aa.qua' 名称底下的隔离区目录!
F:\Other\2016.6.1\25.vir
  [侦测]       包含 W2000M/Dldr.Agent.AM.86290 巨集病毒码
  [注意]       档案会移动至 '1a4db5ee.qua' 名称底下的隔离区目录!
F:\Other\2016.6.1\24.vir
  [侦测]       包含 W2000M/Dldr.Locky.lxc 巨集病毒码
  [注意]       档案会移动至 '6461b9ca.qua' 名称底下的隔离区目录!
F:\Other\2016.6.1\22.vir (SHA-256: 569a030031225e8e54d62260906d4b293e3aaa202888d8747492a449bdc4bb0c)
  [侦测]       包含 PUA/IStartSurf.Gen4 (Cloud) 软体的模式
  [注意]       档案会移动至 '3119bdaa.qua' 名称底下的隔离区目录!
F:\Other\2016.6.1\18.vir
  [侦测]       包含 W2000M/Agent.182362 巨集病毒码
  [注意]       档案会移动至 '3c8fcc88.qua' 名称底下的隔离区目录!
F:\Other\2016.6.1\17.vir
  [侦测]       包含 W2000M/Dldr.Locky.lxc 巨集病毒码
  [注意]       档案会移动至 '20d2d886.qua' 名称底下的隔离区目录!
F:\Other\2016.6.1\16.vir
  [侦测]       是 TR/Crypt.ZPACK.flyg 特洛伊木马程式
  [注意]       档案会移动至 '11019549.qua' 名称底下的隔离区目录!
F:\Other\2016.6.1\15.vir
  [侦测]       包含 W2000M/Dldr.Agent.AM.86290 巨集病毒码
  [注意]       档案会移动至 '7d57817c.qua' 名称底下的隔离区目录!
F:\Other\2016.6.1\14.vir
  [侦测]       包含 W2000M/Dldr.Agent.AM.86290 巨集病毒码
  [注意]       档案会移动至 '34cda47a.qua' 名称底下的隔离区目录!
F:\Other\2016.6.1\13.vir
  [侦测]       包含 JAVA/Adwind.bv Java 病毒的辨识模式
  [注意]       档案会移动至 '6f58aca4.qua' 名称底下的隔离区目录!
F:\Other\2016.6.1\12.vir
  [侦测]       是 TR/Dropper.MSIL.klfh 特洛伊木马程式
  [注意]       档案会移动至 '09eaa04c.qua' 名称底下的隔离区目录!
F:\Other\2016.6.1\11.vir
  [侦测]       包含 W2000M/Agent.60165009 巨集病毒码
  [注意]       档案会移动至 '5e64d2e7.qua' 名称底下的隔离区目录!
F:\Other\2016.6.1\09.vir
  [侦测]       包含 W2000M/Dldr.Agent.AM.86290 巨集病毒码
  [注意]       档案会移动至 '7c14859b.qua' 名称底下的隔离区目录!
F:\Other\2016.6.1\08.vir
  [侦测]       包含 W2000M/Dldr.Locky.lxc 巨集病毒码
  [注意]       档案会移动至 '1404ff0c.qua' 名称底下的隔离区目录!
F:\Other\2016.6.1\07.vir (SHA-256: e0beca90c0da3771cc8600e17ee4d7d6d0ef037ab0df7a1f3f5599e878f30199)
  [侦测]       是 TR/Crypt.EPACK.Gen2 (Cloud) 特洛伊木马程式
  [注意]       档案会移动至 '3472fb8e.qua' 名称底下的隔离区目录!
F:\Other\2016.6.1\06.vir
  [侦测]       是 TR/Rogue.11393467.1 特洛伊木马程式
  [注意]       档案会移动至 '6156bd3b.qua' 名称底下的隔离区目录!
F:\Other\2016.6.1\05.vir
  [侦测]       包含 (有害的) BDS/ASP.Ace 后门程式的辨识模式
  [注意]       档案会移动至 '00769c84.qua' 名称底下的隔离区目录!
F:\Other\2016.6.1\04.vir
  [侦测]       是 TR/Dropper.MSIL.xiiz 特洛伊木马程式
  [注意]       档案会移动至 '65dade0c.qua' 名称底下的隔离区目录!
F:\Other\2016.6.1\02.vir
  [侦测]       是 TR/Injector.oewl 特洛伊木马程式
  [注意]       档案会移动至 '000daaa3.qua' 名称底下的隔离区目录!
F:\Other\2016.6.1\01.vir
  [侦测]       是 TR/Crypt.ZPACK.xwoz 特洛伊木马程式
  [注意]       档案会移动至 '13e99631.qua' 名称底下的隔离区目录!

扫描结束： 2016年6月1日  10:55
已使用时间: 01:11 分钟

已完成全部的扫描.

   1 扫描的目录
395 个档案已扫描
   41 个已发现的病毒和/或有害的程式
   0 档案已归类为可疑
   0 个档案已删除
   0 个病毒和有害的程式已修复
   41 档案已移至隔离区
   0 档案已重新命名
   0 无法扫描档案
354 无疑虑的档案
   23 已扫描封存
   12 警告
   41 注意

显示全部楼层 · 发表于 2016-6-1 11:20:00

360TSE（改后缀，上报5文件）

日志
360 Total Security扫描日志

扫描时间：2016-06-01 11:13:12
扫描用时：00:00:15
扫描项目总数：138
威胁总数：18
处理威胁数：18

扫描选项
----------------------
扫描压缩包：是
常规引擎设置：未开启小红伞和Bitdefender引擎

扫描内容
----------------------
C:\Users\海\Desktop\2016.6.1\

扫描结果
======================
高风险项目
----------------------
C:\Users\海\Desktop\2016.6.1\05.vir.html asp.webshell.noname.b 已处理
C:\Users\海\Desktop\2016.6.1\02.vir.exe HEUR/QVM42.1.Malware.Gen 已处理
C:\Users\海\Desktop\2016.6.1\07.vir.exe HEUR/QVM19.1.Malware.Gen 已处理
C:\Users\海\Desktop\2016.6.1\06.vir.exe Win32/Trojan.bee 已处理
C:\Users\海\Desktop\2016.6.1\04.vir.exe HEUR/QVM03.0.Malware.Gen 已处理
C:\Users\海\Desktop\2016.6.1\19.vir.exe Win32/Trojan.Downloader.b32 已处理
C:\Users\海\Desktop\2016.6.1\29.vir.exe Win32/Trojan.Dropper.39c 已处理
C:\Users\海\Desktop\2016.6.1\31.vir.exe Win32/Trojan.Ransom.691 已处理
C:\Users\海\Desktop\2016.6.1\34.vir.exe Win32/Trojan.PSW.4ed 已处理
C:\Users\海\Desktop\2016.6.1\38.vir.exe HEUR/QVM20.1.Malware.Gen 已处理
C:\Users\海\Desktop\2016.6.1\08.vir.docx macro.office.07vba.gen.1 已处理
C:\Users\海\Desktop\2016.6.1\18.vir.docx macro.office.07vba.gen.1 已处理
C:\Users\海\Desktop\2016.6.1\24.vir.docx macro.office.07vba.gen.1 已处理
C:\Users\海\Desktop\2016.6.1\28.vir.docx macro.office.07vba.gen.1 已处理
C:\Users\海\Desktop\2016.6.1\33.vir.doc Malware.Radar01.Gen 已处理
C:\Users\海\Desktop\2016.6.1\41.vir.docx macro.office.07vba.gen.1 已处理
C:\Users\海\Desktop\2016.6.1\48.vir.docx macro.office.07vba.gen.1 已处理
C:\Users\海\Desktop\2016.6.1\17.vir.docx macro.office.07vba.gen.1 已处理

显示全部楼层 · 发表于 2016-6-1 11:23:51

mes检测26，修复2个。
[mw_shl_code=css,true]5/31/2016 11:21:30 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: JEFF-ALIENW17\jeff6 ran C:\PROGRAM FILES\WINRAR\WINRAR.EXE, which attempted to access D:\Virus\2016.6.1\30.vir\__substg1.0_37010102\word/vbaProject.bin\_VBA_PROJECT. The Trojan named W97M/Downloader.bbl was detected and deleted.
5/31/2016 11:21:30 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: Additional information:
5/31/2016 11:21:30 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Primary Action: Clean
5/31/2016 11:21:30 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Secondary Action: Delete
5/31/2016 11:21:30 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Event ID: 1280
5/31/2016 11:21:30 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: JEFF-ALIENW17\jeff6 ran C:\PROGRAM FILES\WINRAR\WINRAR.EXE, which attempted to access D:\Virus\2016.6.1\13.vir\_nUl.class. The Trojan named Adwind!0E5C2A119C7F was detected and deleted.
5/31/2016 11:21:30 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: Additional information:
5/31/2016 11:21:30 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Primary Action: Clean
5/31/2016 11:21:30 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Secondary Action: Delete
5/31/2016 11:21:30 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Event ID: 1025
5/31/2016 11:21:30 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: JEFF-ALIENW17\jeff6 ran C:\PROGRAM FILES\WINRAR\WINRAR.EXE, which attempted to access D:\Virus\2016.6.1\10.vir. The Trojan named JS/Nemucod.jt was detected and deleted.
5/31/2016 11:21:30 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: Additional information:
5/31/2016 11:21:30 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Primary Action: Clean
5/31/2016 11:21:30 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Secondary Action: Delete
5/31/2016 11:21:30 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Event ID: 1027
5/31/2016 11:21:30 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: JEFF-ALIENW17\jeff6 ran C:\PROGRAM FILES\WINRAR\WINRAR.EXE, which attempted to access D:\Virus\2016.6.1\49.vir\__substg1.0_37010102\ca4b4812.js. The Trojan named JS/Nemucod.ik was detected and deleted.
5/31/2016 11:21:30 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: Additional information:
5/31/2016 11:21:30 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Primary Action: Clean
5/31/2016 11:21:30 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Secondary Action: Delete
5/31/2016 11:21:30 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Event ID: 1280
5/31/2016 11:21:30 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: JEFF-ALIENW17\jeff6 ran C:\PROGRAM FILES\WINRAR\WINRAR.EXE, which attempted to access D:\Virus\2016.6.1\23.vir. The Trojan named Dropper-FQZ!E5E99CED98A8 was detected and deleted.
5/31/2016 11:21:30 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: Additional information:
5/31/2016 11:21:30 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Primary Action: Clean
5/31/2016 11:21:30 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Secondary Action: Delete
5/31/2016 11:21:30 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Event ID: 1027
5/31/2016 11:21:31 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: JEFF-ALIENW17\jeff6 ran C:\PROGRAM FILES\WINRAR\WINRAR.EXE, which attempted to access D:\Virus\2016.6.1\33.vir. The Trojan named Downloader-FBEY!1C16AB19DC59 was detected and deleted.
5/31/2016 11:21:31 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: Additional information:
5/31/2016 11:21:31 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Primary Action: Clean
5/31/2016 11:21:31 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Secondary Action: Delete
5/31/2016 11:21:31 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Event ID: 1027
5/31/2016 11:21:31 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: JEFF-ALIENW17\jeff6 ran C:\PROGRAM FILES\WINRAR\WINRAR.EXE, which attempted to access D:\Virus\2016.6.1\11.vir. The Trojan named Downloader-FBEW!0B8DC48FA95B was detected and deleted.
5/31/2016 11:21:31 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: Additional information:
5/31/2016 11:21:31 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Primary Action: Clean
5/31/2016 11:21:31 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Secondary Action: Delete
5/31/2016 11:21:31 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Event ID: 1027
5/31/2016 11:21:31 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: JEFF-ALIENW17\jeff6 ran C:\PROGRAM FILES\WINRAR\WINRAR.EXE, which attempted to access D:\Virus\2016.6.1\13.vir\_aUX.class. The Trojan named Adwind!F44CE99ADFE6 was detected and deleted.
5/31/2016 11:21:31 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: Additional information:
5/31/2016 11:21:31 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Primary Action: Clean
5/31/2016 11:21:31 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Secondary Action: Delete
5/31/2016 11:21:31 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Event ID: 1025
5/31/2016 11:21:31 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: JEFF-ALIENW17\jeff6 ran C:\PROGRAM FILES\WINRAR\WINRAR.EXE, which attempted to access D:\Virus\2016.6.1\37.vir\classes.dex. The Trojan named Artemis!AB4E8BCAAC56 was detected and deleted.
5/31/2016 11:21:31 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: Additional information:
5/31/2016 11:21:31 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Primary Action: Clean
5/31/2016 11:21:31 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Secondary Action: Delete
5/31/2016 11:21:31 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Event ID: 1025
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: JEFF-ALIENW17\jeff6 ran C:\PROGRAM FILES\WINRAR\WINRAR.EXE, which attempted to access D:\Virus\2016.6.1\13.vir\_nuL.class. The Trojan named Adwind!A5DB890F249A was detected and deleted.
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: Additional information:
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Primary Action: Clean
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Secondary Action: Delete
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Event ID: 1025
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: JEFF-ALIENW17\jeff6 ran C:\PROGRAM FILES\WINRAR\WINRAR.EXE, which attempted to access D:\Virus\2016.6.1\22.vir. The Trojan named GenericR-HRJ!B4AE56E690F9 was detected and deleted.
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: Additional information:
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Primary Action: Clean
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Secondary Action: Delete
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Event ID: 1027
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: JEFF-ALIENW17\jeff6 ran C:\PROGRAM FILES\WINRAR\WINRAR.EXE, which attempted to access D:\Virus\2016.6.1\01.vir. The Trojan named Ransomware-FLY!185D64764428 was detected and deleted.
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: Additional information:
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Primary Action: Clean
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Secondary Action: Delete
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Event ID: 1027
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: JEFF-ALIENW17\jeff6 ran C:\PROGRAM FILES\WINRAR\WINRAR.EXE, which attempted to access D:\Virus\2016.6.1\06.vir. The Trojan named GenericR-AWM!2708A9CFC5E6 was detected and deleted.
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: Additional information:
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Primary Action: Clean
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Secondary Action: Delete
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Event ID: 1027
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: JEFF-ALIENW17\jeff6 ran C:\PROGRAM FILES\WINRAR\WINRAR.EXE, which attempted to access D:\Virus\2016.6.1\16.vir. The Trojan named Ransomware-FLY!590F171ECC84 was detected and deleted.
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: Additional information:
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Primary Action: Clean
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Secondary Action: Delete
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Event ID: 1027
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: JEFF-ALIENW17\jeff6 ran C:\PROGRAM FILES\WINRAR\WINRAR.EXE, which attempted to access D:\Virus\2016.6.1\31.vir. The Trojan named Ransomware-FMC!A747CF73E5A6 was detected and deleted.
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: Additional information:
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Primary Action: Clean
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Secondary Action: Delete
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Event ID: 1027
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: JEFF-ALIENW17\jeff6 ran C:\PROGRAM FILES\WINRAR\WINRAR.EXE, which attempted to access D:\Virus\2016.6.1\40.vir\__substg1.0_37010102\items65426004.pdf.exe. The Trojan named Downloader-FBEO!A08AB20ED4C3 was detected and deleted.
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: Additional information:
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Primary Action: Clean
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Secondary Action: Delete
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Event ID: 1280
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: JEFF-ALIENW17\jeff6 ran C:\PROGRAM FILES\WINRAR\WINRAR.EXE, which attempted to access D:\Virus\2016.6.1\38.vir. The Trojan named Ransomware-FLY!9DF42576A539 was detected and deleted.
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: Additional information:
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Primary Action: Clean
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Secondary Action: Delete
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Event ID: 1027
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: JEFF-ALIENW17\jeff6 ran C:\PROGRAM FILES\WINRAR\WINRAR.EXE, which attempted to access D:\Virus\2016.6.1\07.vir. The Trojan named Ransomware-FLW!691583917F38 was detected and deleted.
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: Additional information:
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Primary Action: Clean
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Secondary Action: Delete
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Event ID: 1027
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: JEFF-ALIENW17\jeff6 ran C:\PROGRAM FILES\WINRAR\WINRAR.EXE, which attempted to access D:\Virus\2016.6.1\34.vir. The Trojan named Fareit-FEL!F636F1E07A34 was detected and deleted.
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: Additional information:
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Primary Action: Clean
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Secondary Action: Delete
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Event ID: 1027
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: JEFF-ALIENW17\jeff6 ran C:\PROGRAM FILES\WINRAR\WINRAR.EXE, which attempted to access D:\Virus\2016.6.1\13.vir\_CON.class. The Trojan named Adwind!A9327F17942A was detected and deleted.
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: Additional information:
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Primary Action: Clean
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Secondary Action: Delete
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Event ID: 1025
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: JEFF-ALIENW17\jeff6 ran C:\PROGRAM FILES\WINRAR\WINRAR.EXE, which attempted to access D:\Virus\2016.6.1\13.vir\_aux.class. The Trojan named Adwind!7D7ACDC3366A was detected and deleted.
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: Additional information:
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Primary Action: Clean
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Secondary Action: Delete
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Event ID: 1025
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: JEFF-ALIENW17\jeff6 ran C:\PROGRAM FILES\WINRAR\WINRAR.EXE, which attempted to access D:\Virus\2016.6.1\13.vir\_Con.class. The Trojan named Adwind!63B5E7585A4C was detected and deleted.
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: Additional information:
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Primary Action: Clean
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Secondary Action: Delete
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Event ID: 1025
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: JEFF-ALIENW17\jeff6 ran C:\PROGRAM FILES\WINRAR\WINRAR.EXE, which attempted to access D:\Virus\2016.6.1\13.vir\_nUL.class. The Trojan named Adwind!E23A17C2B04A was detected and deleted.
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: Additional information:
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Primary Action: Clean
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Secondary Action: Delete
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Event ID: 1025
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: JEFF-ALIENW17\jeff6 ran C:\PROGRAM FILES\WINRAR\WINRAR.EXE, which attempted to access D:\Virus\2016.6.1\13.vir\_cOn.class. The Trojan named RDN/Adwind was detected and deleted.
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: Additional information:
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Primary Action: Clean
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Secondary Action: Delete
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Event ID: 1025
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: JEFF-ALIENW17\jeff6 ran C:\PROGRAM FILES\WINRAR\WINRAR.EXE, which attempted to access D:\Virus\2016.6.1\13.vir\_Prn.class. The Trojan named RDN/Adwind was detected and deleted.
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: Additional information:
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Primary Action: Clean
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Secondary Action: Delete
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Event ID: 1025
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: JEFF-ALIENW17\jeff6 ran C:\PROGRAM FILES\WINRAR\WINRAR.EXE, which attempted to access D:\Virus\2016.6.1\13.vir\_auX.class. The Trojan named RDN/Adwind was detected and deleted.
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: Additional information:
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Primary Action: Clean
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Secondary Action: Delete
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Event ID: 1025
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: JEFF-ALIENW17\jeff6 ran C:\PROGRAM FILES\WINRAR\WINRAR.EXE, which attempted to access D:\Virus\2016.6.1\13.vir\NOD32.class. The Trojan named RDN/Adwind was detected and deleted.
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: Additional information:
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Primary Action: Clean
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Secondary Action: Delete
5/31/2016 11:21:32 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Event ID: 1025
5/31/2016 11:21:33 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: JEFF-ALIENW17\jeff6 ran C:\PROGRAM FILES\WINRAR\WINRAR.EXE, which attempted to access D:\Virus\2016.6.1\13.vir\_Nul.class. The Trojan named Adwind!99DDF9A3B6FF was detected and deleted.
5/31/2016 11:21:33 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: Additional information:
5/31/2016 11:21:33 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Primary Action: Clean
5/31/2016 11:21:33 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Secondary Action: Delete
5/31/2016 11:21:33 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Event ID: 1025
5/31/2016 11:21:33 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: JEFF-ALIENW17\jeff6 ran C:\PROGRAM FILES\WINRAR\WINRAR.EXE, which attempted to access D:\Virus\2016.6.1\13.vir\_nul.class. The Trojan named RDN/Adwind was detected and deleted.
5/31/2016 11:21:33 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: Additional information:
5/31/2016 11:21:33 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Primary Action: Clean
5/31/2016 11:21:33 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Secondary Action: Delete
5/31/2016 11:21:33 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Event ID: 1025
5/31/2016 11:21:35 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: JEFF-ALIENW17\jeff6 ran C:\PROGRAM FILES\WINRAR\WINRAR.EXE, which attempted to access D:\Virus\2016.6.1\18.vir\word/vbaProject.bin. The Trojan named Downloader-FBGA!658874D049C8 was detected and deleted.
5/31/2016 11:21:35 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: Additional information:
5/31/2016 11:21:35 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Primary Action: Clean
5/31/2016 11:21:35 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Secondary Action: Delete
5/31/2016 11:21:35 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Event ID: 1280
5/31/2016 11:21:35 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: JEFF-ALIENW17\jeff6 ran C:\PROGRAM FILES\WINRAR\WINRAR.EXE, which attempted to access D:\Virus\2016.6.1\24.vir\word/vbaProject.bin. The Trojan named Downloader-FBGA!D846F3C41737 was detected and deleted.
5/31/2016 11:21:35 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: Additional information:
5/31/2016 11:21:35 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Primary Action: Clean
5/31/2016 11:21:35 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Secondary Action: Delete
5/31/2016 11:21:35 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Event ID: 1280
5/31/2016 11:21:35 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: JEFF-ALIENW17\jeff6 ran C:\PROGRAM FILES\WINRAR\WINRAR.EXE, which attempted to access D:\Virus\2016.6.1\08.vir\word/vbaProject.bin. The Trojan named Downloader-FBGA!A4168EDBBB55 was detected and deleted.
5/31/2016 11:21:35 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: Additional information:
5/31/2016 11:21:35 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Primary Action: Clean
5/31/2016 11:21:35 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Secondary Action: Delete
5/31/2016 11:21:35 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Event ID: 1280
5/31/2016 11:21:35 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: JEFF-ALIENW17\jeff6 ran C:\PROGRAM FILES\WINRAR\WINRAR.EXE, which attempted to access D:\Virus\2016.6.1\17.vir\word/vbaProject.bin. The Trojan named Downloader-FBGA!72527BC245BE was detected and deleted.
5/31/2016 11:21:35 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: Additional information:
5/31/2016 11:21:35 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Primary Action: Clean
5/31/2016 11:21:35 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Secondary Action: Delete
5/31/2016 11:21:35 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Event ID: 1280
5/31/2016 11:21:35 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: JEFF-ALIENW17\jeff6 ran C:\PROGRAM FILES\WINRAR\WINRAR.EXE, which attempted to access D:\Virus\2016.6.1\28.vir\word/vbaProject.bin. The Trojan named Downloader-FBGA!EAA15E820D29 was detected and deleted.
5/31/2016 11:21:35 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: Additional information:
5/31/2016 11:21:35 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Primary Action: Clean
5/31/2016 11:21:35 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Secondary Action: Delete
5/31/2016 11:21:35 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Event ID: 1280
5/31/2016 11:21:35 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: JEFF-ALIENW17\jeff6 ran C:\PROGRAM FILES\WINRAR\WINRAR.EXE, which attempted to access D:\Virus\2016.6.1\41.vir\word/vbaProject.bin. The Trojan named Downloader-FBGA!F8225D64B572 was detected and deleted.
5/31/2016 11:21:35 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: Additional information:
5/31/2016 11:21:35 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Primary Action: Clean
5/31/2016 11:21:35 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Secondary Action: Delete
5/31/2016 11:21:35 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Event ID: 1280
5/31/2016 11:21:35 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: JEFF-ALIENW17\jeff6 ran C:\PROGRAM FILES\WINRAR\WINRAR.EXE, which attempted to access D:\Virus\2016.6.1\48.vir\word/vbaProject.bin. The Trojan named Downloader-FBGA!CCA36F5E66ED was detected and deleted.
5/31/2016 11:21:35 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: Additional information:
5/31/2016 11:21:35 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Primary Action: Clean
5/31/2016 11:21:35 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Secondary Action: Delete
5/31/2016 11:21:35 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Event ID: 1280
5/31/2016 11:21:36 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: JEFF-ALIENW17\jeff6 ran C:\PROGRAM FILES\WINRAR\WINRAR.EXE, which attempted to access D:\Virus\2016.6.1\50.vir\__substg1.0_37010102. The Trojan named Downloader-FBDJ!DEAC7C285D12 was detected and deleted.
5/31/2016 11:21:36 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: Additional information:
5/31/2016 11:21:36 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Primary Action: Clean
5/31/2016 11:21:36 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Secondary Action: Delete
5/31/2016 11:21:36 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Event ID: 1280
5/31/2016 11:21:37 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: JEFF-ALIENW17\jeff6 ran C:\PROGRAM FILES\WINRAR\WINRAR.EXE, which attempted to access D:\Virus\2016.6.1\02.vir\5.nsis. The Trojan named RDN/Ransom was detected and deleted.
5/31/2016 11:21:37 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity: Additional information:
5/31/2016 11:21:37 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Primary Action: Clean
5/31/2016 11:21:37 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Secondary Action: Delete
5/31/2016 11:21:37 PM mfetp(3972.4284) <SYSTEM> oasbl.OAS.Activity:  Event ID: 1027[/mw_shl_code]

显示全部楼层 · 发表于 2016-6-1 12:16:36

扫描报告
2016年6月1日 12:13:42 - 12:13:54
扫描类型：选择的文件和文件夹
目标： "C:\Users\Noah\Desktop\2016.6.1"
结果

已扫描项目： 50
找到的恶意项目： 36
详细信息

Trojan.CryptoLocker.EJ
C:\USERS\NOAH\DESKTOP\2016.6.1\2016.6.1\01.VIR: 已清除
Trojan.Downloader.JSYK
C:\USERS\NOAH\DESKTOP\2016.6.1\2016.6.1\07.VIR: 已清除
Backdoor.Asp.Xpfox.B
C:\USERS\NOAH\DESKTOP\2016.6.1\2016.6.1\05.VIR: 已清除
Trojan:W97M/MaliciousMacro.GEN
C:\USERS\NOAH\DESKTOP\2016.6.1\2016.6.1\08.VIR: 已清除
Trojan.Dropper.XEH
C:\USERS\NOAH\DESKTOP\2016.6.1\2016.6.1\03.VIR: 已清除
Gen:Variant.Barys.53586
C:\USERS\NOAH\DESKTOP\2016.6.1\2016.6.1\04.VIR: 已清除
Generic.JS.DownloaderT.127849B0
C:\USERS\NOAH\DESKTOP\2016.6.1\2016.6.1\10.VIR: 已清除
Trojan.CryptoLocker.EJ
C:\USERS\NOAH\DESKTOP\2016.6.1\2016.6.1\16.VIR: 已清除
Trojan:W97M/MaliciousMacro.GEN
C:\USERS\NOAH\DESKTOP\2016.6.1\2016.6.1\17.VIR: 已清除
W97M.Downloader.CPR
C:\USERS\NOAH\DESKTOP\2016.6.1\2016.6.1\11.VIR: 已清除
W97M.Downloader.CVS
C:\USERS\NOAH\DESKTOP\2016.6.1\2016.6.1\09.VIR: 已清除
W97M.Downloader.CVS
C:\USERS\NOAH\DESKTOP\2016.6.1\2016.6.1\14.VIR: 已清除
W97M.Downloader.CVS
C:\USERS\NOAH\DESKTOP\2016.6.1\2016.6.1\15.VIR: 已清除
Trojan:W97M/MaliciousMacro.GEN
C:\USERS\NOAH\DESKTOP\2016.6.1\2016.6.1\18.VIR: 已清除
Trojan.Iframe.VD
C:\USERS\NOAH\DESKTOP\2016.6.1\2016.6.1\21.VIR: 已清除
Trojan.Downloader.JSYQ
C:\USERS\NOAH\DESKTOP\2016.6.1\2016.6.1\19.VIR: 已清除
Trojan:W97M/MaliciousMacro.GEN
C:\USERS\NOAH\DESKTOP\2016.6.1\2016.6.1\24.VIR: 已清除
W97M.Downloader.CVS
C:\USERS\NOAH\DESKTOP\2016.6.1\2016.6.1\25.VIR: 已清除
Trojan:W97M/MaliciousMacro.GEN
C:\USERS\NOAH\DESKTOP\2016.6.1\2016.6.1\28.VIR: 已清除
Trojan.GenericKD.3268492
C:\USERS\NOAH\DESKTOP\2016.6.1\2016.6.1\31.VIR: 已清除
Trojan.Generic.17015552
C:\USERS\NOAH\DESKTOP\2016.6.1\2016.6.1\29.VIR: 已清除
Adware.Agent.QWZ
C:\USERS\NOAH\DESKTOP\2016.6.1\2016.6.1\22.VIR: 已跳过
W97M.Downloader.CJT
C:\USERS\NOAH\DESKTOP\2016.6.1\2016.6.1\33.VIR: 已清除
W97M.Downloader.CVS
C:\USERS\NOAH\DESKTOP\2016.6.1\2016.6.1\35.VIR: 已清除
Gen:Variant.Zusy.192616
C:\USERS\NOAH\DESKTOP\2016.6.1\2016.6.1\12.VIR: 已清除
W97M.Downloader.BWK
C:\USERS\NOAH\DESKTOP\2016.6.1\2016.6.1\39.VIR: 已清除
Trojan.GenericKD.3271300
C:\USERS\NOAH\DESKTOP\2016.6.1\2016.6.1\38.VIR: 已清除
Trojan:W97M/MaliciousMacro.GEN
C:\USERS\NOAH\DESKTOP\2016.6.1\2016.6.1\41.VIR: 已清除
Trojan.VBS.Dropper.X
C:\USERS\NOAH\DESKTOP\2016.6.1\2016.6.1\43.VIR: 已清除
Trojan.Downloader.JSXX
C:\USERS\NOAH\DESKTOP\2016.6.1\2016.6.1\44.VIR: 已清除
Gen:Variant.Graftor.287817
C:\USERS\NOAH\DESKTOP\2016.6.1\2016.6.1\34.VIR: 已清除
Gen:Variant.Strictor.107644
C:\USERS\NOAH\DESKTOP\2016.6.1\2016.6.1\42.VIR: 已清除
W97M.Downloader.CVS
C:\USERS\NOAH\DESKTOP\2016.6.1\2016.6.1\45.VIR: 已清除
Trojan:W97M/MaliciousMacro.GEN
C:\USERS\NOAH\DESKTOP\2016.6.1\2016.6.1\48.VIR: 已清除
PDF:Exploit.PDF-JS.AHE
C:\USERS\NOAH\DESKTOP\2016.6.1\2016.6.1\47.VIR: 已清除
Trojan:Android/Fakeinst.IT
C:\USERS\NOAH\DESKTOP\2016.6.1\2016.6.1\37.VIR: 已清除
版本信息

病毒定义数据库：

2016-06-01_01
扫描引擎：

F-Secure Aquarius: 11.00.01, 2016-06-01
F-Secure Gemini: 3.02.414, 2016-05-31
F-Secure Hydra: 5.15.96, 2016-05-31
F-Secure Online: 16.00.17
F-Secure USS: 5.08.181, 2016-01-27

显示全部楼层 · 发表于 2016-6-1 13:02:10

轩夏发表于 2016-6-1 10:19
你这个怎么搞的？好像不是代码框啊

你们这些代码框是怎么弄得？尤其是你的MSE的，请教，我只会看扫描结果。。。在哪里找到这样的日志一样的代码？

[病毒样本] 精睿样本测试（16.6.1）

本帖子中包含更多资源

浏览过的版块