精睿样本测试（16.7.11）

轩夏

地址：

https://pan.baidu.com/s/1o7LuVO2  提取密码  t7dq

密码：bbs.vc52.cn
数量：50

540923555

WD占位
联网扫描+修复=28个。。对着详细信息数的眼睛疼。。。

蓝天二号

卡巴斯基

XZ8SM7Sx0bVkoUV

火绒 16/50

欧阳宣

TAV检测18个。

[mw_shl_code=css,true]2016-7-11 09:41:37 MD5:edd051e4fa1120cb11cfc0f0144fe3d9 D:\Virus\2016.7.11\32.vir [Win32.Trojan.Inject.wrgz]  [Delete success]
2016-7-11 09:41:37 MD5:82e7b2cd50c69278ae6a47027be567a1 D:\Virus\2016.7.11\48.vir [Win32.Trojan.Vbkryjetor.agli]  [Delete success]
2016-7-11 09:41:38 MD5:90b30e00ef85dd8244982ead4406cb20 D:\Virus\2016.7.11\47.vir [Win32.Trojan-Dropper.Injector.efax]  [Delete success]
2016-7-11 09:41:38 MD5:a7827538ec23936c34b3963893febf8b D:\Virus\2016.7.11\14.vir [Win32.Backdoor.Zegost.anfq]  [Delete success]
2016-7-11 09:41:38 MD5:28a5c1970630c0077f6399c097d6767a D:\Virus\2016.7.11\08.vir [Win32.Trojan.Filecoder.wpsv]  [Delete success]
2016-7-11 09:41:38 MD5:da225c64bd2524a6fc1e5bb7d16fde02 D:\Virus\2016.7.11\09.vir [Win32.Trojan.Generic.swkn]  [Delete success]
2016-7-11 09:41:38 MD5:ad3b32c511a33f9323cf2d314a482317 D:\Virus\2016.7.11\28.vir [Win32.Trojan.Generic.tcis]  [Delete success]
2016-7-11 09:41:38 MD5:8003b867473964369158aaab8ea0c5c8 D:\Virus\2016.7.11\40.vir --> PDF-STREAM-1 [Exploit.Tiff.CVE-2010-0188]  [Delete success]
2016-7-11 09:41:38 MD5:a05f1760d0aa73dac098473cbfed6cb7 D:\Virus\2016.7.11\10.vir [Win32.Trojan.Generic.pbzd]  [Delete success]
2016-7-11 09:41:38 MD5:371e9aa2c66d2184cf6925e6854780a6 D:\Virus\2016.7.11\37.vir [Win32.Trojan.Generic.dwsx]  [Delete success]
2016-7-11 09:41:38 MD5:c440f44dfd5f80f57082dd3900a93eda D:\Virus\2016.7.11\02.vir [Win32.Trojan.Generic.szcb]  [Delete success]
2016-7-11 09:41:38 MD5:7498ff03beb80bd995fff07b1e71df47 D:\Virus\2016.7.11\13.vir [Unk.Win32.Script.400590]  [Delete success]
2016-7-11 09:41:39 MD5:15694c18d2a2e4723ec22529174991b3 D:\Virus\2016.7.11\19.vir [Win32.Trojan-Banker.Banbra.ange]  [Delete success]
2016-7-11 09:41:39 MD5:8f6efba9b58ebc02e89dc402040848b2 D:\Virus\2016.7.11\45.vir [Win32.Trojan.Selfdel.sxob]  [Delete success]
2016-7-11 09:41:39 MD5:85d9c9786cebd4a6c01904c9f9a357ee D:\Virus\2016.7.11\30.vir [Win32.Trojan.Filecoder.dzat]  [Delete success]
2016-7-11 09:41:39 MD5:f5dcca2042c23e39081d802e88033126 D:\Virus\2016.7.11\41.vir [Win32.Trojan.Generic.wpjt]  [Delete success]
2016-7-11 09:41:39 MD5:5526b500bff0024e634967fa180f4b1f D:\Virus\2016.7.11\22.vir [Win32.Backdoor.Hupigon.hytu]  [Delete success]
2016-7-11 09:41:39 MD5:a414ebdced434d4eb23b78736e287d50 D:\Virus\2016.7.11\46.vir [Win32.Trojan-Spy.Zbot.dvpn]  [Delete success][/mw_shl_code]

挥泪斩情思

NS检出26X   剩余24X

BDTS2016:34X


F-Prot:14X
-----------------------------SCAN REPORT-----------------------------
F-PROT Antivirus for Windows

Antivirus Scanning Engine version number: 4.6.5
Virus signature file from: 2016-7-11, 7:50

Scan name: test
Path to scan: C:\VirTest\|

Thorough scan
Also scan: Inside subfolders, Compressed files, Streams

Scan started: 2016-7-11, 10:03:37
---------------------------------------------------------------------

[Found security risk]        <W32/Swrort.A.gen!Eldorado (not disinfectable, generic)>        C:\VirTest\2016.7.11\2016.7.11\2016.7.11\05.vir
[Quarantined]        C:\VirTest\2016.7.11\2016.7.11\2016.7.11\05.vir
[Found downloader]        <PP97M/Downldrnew or modified (non-working, not disinfectable)>        C:\VirTest\2016.7.11\2016.7.11\2016.7.11\07.vir->word/vbaProject.bin
[Contains infected objects]        C:\VirTest\2016.7.11\2016.7.11\2016.7.11\07.vir
[Quarantined]        C:\VirTest\2016.7.11\2016.7.11\2016.7.11\07.vir->word/webSettings.xml
[Found Trojan]        <W32/Trojan3.VPX (exact)>        C:\VirTest\2016.7.11\2016.7.11\2016.7.11\10.vir
[Quarantined]        C:\VirTest\2016.7.11\2016.7.11\2016.7.11\10.vir
[Found downloader]        <PP97M/Downldrnew or modified (non-working, not disinfectable)>        C:\VirTest\2016.7.11\2016.7.11\2016.7.11\11.vir->word/vbaProject.bin
[Contains infected objects]        C:\VirTest\2016.7.11\2016.7.11\2016.7.11\11.vir
[Quarantined]        C:\VirTest\2016.7.11\2016.7.11\2016.7.11\11.vir->word/webSettings.xml
[Found downloader]        <PP97M/Downldrnew or modified (non-working, not disinfectable)>        C:\VirTest\2016.7.11\2016.7.11\2016.7.11\12.vir->word/vbaProject.bin
[Contains infected objects]        C:\VirTest\2016.7.11\2016.7.11\2016.7.11\12.vir
[Quarantined]        C:\VirTest\2016.7.11\2016.7.11\2016.7.11\12.vir->word/webSettings.xml
[Found adware]        <W32/Midie.C.gen!Eldorado (not disinfectable, generic)>        C:\VirTest\2016.7.11\2016.7.11\2016.7.11\16.vir
[Found downloader]        <PP97M/Downldrnew or modified (non-working, not disinfectable)>        C:\VirTest\2016.7.11\2016.7.11\2016.7.11\18.vir->word/vbaProject.bin
[Contains infected objects]        C:\VirTest\2016.7.11\2016.7.11\2016.7.11\18.vir
[Quarantined]        C:\VirTest\2016.7.11\2016.7.11\2016.7.11\18.vir->word/webSettings.xml
[Found Trojan]        <Java/Adwind.CT (exact, not disinfectable)>        C:\VirTest\2016.7.11\2016.7.11\2016.7.11\31.vir->v/u.class
[Found Trojan]        <Java/Adwind.CT (exact, not disinfectable)>        C:\VirTest\2016.7.11\2016.7.11\2016.7.11\31.vir->v/m.class
[Found Trojan]        <Java/Adwind.CT (exact, not disinfectable)>        C:\VirTest\2016.7.11\2016.7.11\2016.7.11\31.vir->v/t.class
[Contains infected objects]        C:\VirTest\2016.7.11\2016.7.11\2016.7.11\31.vir
[Quarantined]        C:\VirTest\2016.7.11\2016.7.11\2016.7.11\31.vir->v/g.class
[Found downloader]        <PP97M/Downldrnew or modified (non-working)>        C:\VirTest\2016.7.11\2016.7.11\2016.7.11\35.vir
[Quarantined]        C:\VirTest\2016.7.11\2016.7.11\2016.7.11\35.vir
[Found downloader]        <JS/Nemucod.BT.gen (exact)>        C:\VirTest\2016.7.11\2016.7.11\2016.7.11\39.vir
[Quarantined]        C:\VirTest\2016.7.11\2016.7.11\2016.7.11\39.vir
[Found downloader]        <JS/Nemucod.CA (exact)>        C:\VirTest\2016.7.11\2016.7.11\2016.7.11\42.vir
[Quarantined]        C:\VirTest\2016.7.11\2016.7.11\2016.7.11\42.vir
[Found Trojan]        <W32/S-ab885d57!Eldorado (not disinfectable, generic)>        C:\VirTest\2016.7.11\2016.7.11\2016.7.11\45.vir
[Quarantined]        C:\VirTest\2016.7.11\2016.7.11\2016.7.11\45.vir
[Found Trojan]        <W32/Locky.GL (exact)>        C:\VirTest\2016.7.11\2016.7.11\2016.7.11\47.vir
[Quarantined]        C:\VirTest\2016.7.11\2016.7.11\2016.7.11\47.vir
[Found Trojan]        <PP97M/Donoff.gen (exact, not disinfectable)>        C:\VirTest\2016.7.11\2016.7.11\2016.7.11\49.vir->word\vbaProject.bin
[Contains infected objects]        C:\VirTest\2016.7.11\2016.7.11\2016.7.11\49.vir
[Quarantined]        C:\VirTest\2016.7.11\2016.7.11\2016.7.11\49.vir->_rels\.rels

---------------------------------------------------------------------
Scan ended:        2016-7-11, 10:03:42
Duration:        0:00:04

Scan result:

Scanned files:                 53
Infected objects:         16
Disinfected objects:         0
Quarantined files:         13
---------------------------------------------------------------------
关于FP扫描结果，我得解释下，F-Prot的右键扫描并不是彻底扫描，为提高检出率，所以我使用了高级扫描，配置如下：

注意在“How to scan”中选择“Thorough scan”
上述扫描报告中，感染对象共16个，是因为18.vir包含3个感染对象，所以统计的感染对象是13+3=16个，但实际涉及文件只有14个。不知道是不是FP的处理逻辑的问题，样本16.vir（adware，该样本右键扫描无法检出），无法处理（难道FP默认不处理广告软件？），所以最后隔离文件只有13个。但实际上FP是检测出了14个样本的

a1414007

ESET kill 38x
[mw_shl_code=css,true]Log
Scan Log
Version of virus signature database: 13781P (20160710)
Date: 2016/7/11  Time: 9:47:21
Scanned disks, folders and files: C:\Users\L.Lawliet\Desktop\2016.7.11
C:\Users\L.Lawliet\Desktop\2016.7.11\01.vir - a variant of Win32/Exploit.CVE-2016-0099.A trojan - cleaned by deleting [1]
C:\Users\L.Lawliet\Desktop\2016.7.11\05.vir - a variant of Win32/Rozena.AM trojan - deleted
C:\Users\L.Lawliet\Desktop\2016.7.11\07.vir » ZIP » word/vbaProject.bin - VBA/TrojanDownloader.Agent.BJU trojan - deleted
C:\Users\L.Lawliet\Desktop\2016.7.11\08.vir - Win32/Filecoder.Locky.H trojan - cleaned by deleting [1]
C:\Users\L.Lawliet\Desktop\2016.7.11\09.vir - a variant of MSIL/Packed.Confuser.P suspicious application - cleaned by deleting [1]
C:\Users\L.Lawliet\Desktop\2016.7.11\10.vir - a variant of MSIL/Injector.PSR trojan - cleaned by deleting [1]
C:\Users\L.Lawliet\Desktop\2016.7.11\11.vir » ZIP » word/vbaProject.bin - VBA/TrojanDownloader.Agent.BJU trojan - deleted
C:\Users\L.Lawliet\Desktop\2016.7.11\12.vir » ZIP » word/vbaProject.bin - VBA/TrojanDownloader.Agent.BJQ trojan - deleted
C:\Users\L.Lawliet\Desktop\2016.7.11\13.vir - VBS/Agent.NJH worm - cleaned by deleting [1]
C:\Users\L.Lawliet\Desktop\2016.7.11\14.vir - a variant of MSIL/Kryptik.GQA trojan - cleaned by deleting [1]
C:\Users\L.Lawliet\Desktop\2016.7.11\15.vir - MSIL/HackTool.Crypter.KW trojan - cleaned by deleting [1]
C:\Users\L.Lawliet\Desktop\2016.7.11\16.vir - a variant of Win32/IStartSurf.AX potentially unwanted application - deleted
C:\Users\L.Lawliet\Desktop\2016.7.11\18.vir » ZIP » word/vbaProject.bin - VBA/TrojanDownloader.Agent.BJU trojan - deleted
C:\Users\L.Lawliet\Desktop\2016.7.11\19.vir - a variant of Win32/Spy.Agent.OVR trojan - cleaned by deleting [1]
C:\Users\L.Lawliet\Desktop\2016.7.11\20.vir - Win32/Filecoder.Locky.C trojan - cleaned by deleting [1]
C:\Users\L.Lawliet\Desktop\2016.7.11\22.vir - Win32/PSW.Papras.EH trojan - cleaned by deleting [1]
C:\Users\L.Lawliet\Desktop\2016.7.11\24.vir - a variant of Win32/DealPly.DM potentially unwanted application - deleted
C:\Users\L.Lawliet\Desktop\2016.7.11\27.vir - JS/TrojanDownloader.Nemucod.AGJ trojan - cleaned by deleting [1]
C:\Users\L.Lawliet\Desktop\2016.7.11\29.vir - a variant of Win32/Injector.DBOX trojan - cleaned by deleting [1]
C:\Users\L.Lawliet\Desktop\2016.7.11\30.vir - Win32/Filecoder.TorrentLocker.A trojan - cleaned by deleting [1]
C:\Users\L.Lawliet\Desktop\2016.7.11\31.vir » ZIP » v/c.class - is OK
C:\Users\L.Lawliet\Desktop\2016.7.11\31.vir » ZIP » v/t.class - Java/Adwind.VV trojan - cleaned by deleting [1]
C:\Users\L.Lawliet\Desktop\2016.7.11\31.vir » ZIP » v/a.class - a variant of Java/Adwind.WA trojan - cleaned by deleting [1]
C:\Users\L.Lawliet\Desktop\2016.7.11\32.vir - Win32/Dridex.AR trojan - cleaned by deleting [1]
C:\Users\L.Lawliet\Desktop\2016.7.11\33.vir - VBS/TrojanDownloader.Agent.OHL trojan - cleaned by deleting [1]
C:\Users\L.Lawliet\Desktop\2016.7.11\35.vir - VBA/TrojanDownloader.Agent.BJQ trojan - cleaned by deleting [1]
C:\Users\L.Lawliet\Desktop\2016.7.11\36.vir - JS/TrojanDownloader.Nemucod.AIO trojan - cleaned by deleting [1]
C:\Users\L.Lawliet\Desktop\2016.7.11\37.vir » CONFUSER » uncompressed.exe - a variant of MSIL/Packed.MultiPacked.CC trojan - cleaned by deleting [1]
C:\Users\L.Lawliet\Desktop\2016.7.11\37.vir » CONFUSER » deobfuscated.exe - a variant of MSIL/Packed.MultiPacked.CC trojan - cleaned by deleting [1]
C:\Users\L.Lawliet\Desktop\2016.7.11\39.vir - JS/TrojanDownloader.Nemucod.AEL trojan - cleaned by deleting [1]
C:\Users\L.Lawliet\Desktop\2016.7.11\40.vir - a variant of PDF/CVE-2010-0188 trojan - cleaned by deleting [1]
C:\Users\L.Lawliet\Desktop\2016.7.11\41.vir - a variant of MSIL/TrojanDownloader.Small.YD trojan - cleaned by deleting [1]
C:\Users\L.Lawliet\Desktop\2016.7.11\42.vir - JS/TrojanDownloader.Nemucod.AHV trojan - cleaned by deleting [1]
C:\Users\L.Lawliet\Desktop\2016.7.11\44.vir » ZIP » word/vbaProject.bin - VBA/TrojanDownloader.Agent.BJH trojan - deleted
C:\Users\L.Lawliet\Desktop\2016.7.11\45.vir » NSIS » Script.nsi - Win32/Filecoder.Cerber.B trojan - cleaned by deleting [1]
C:\Users\L.Lawliet\Desktop\2016.7.11\45.vir » NSIS » SFhelper.dll - Win32/Injector.DBLS trojan - cleaned by deleting [1]
C:\Users\L.Lawliet\Desktop\2016.7.11\46.vir - a variant of MSIL/Kryptik.GOP trojan - cleaned by deleting [1]
C:\Users\L.Lawliet\Desktop\2016.7.11\47.vir - a variant of Win32/Kryptik.FBPA trojan - cleaned by deleting [1]
C:\Users\L.Lawliet\Desktop\2016.7.11\48.vir - a variant of Win32/Injector.DBNQ trojan - cleaned by deleting [1]
C:\Users\L.Lawliet\Desktop\2016.7.11\49.vir » ZIP » word\vbaData.xml - VBA/TrojanDropper.Agent.JB trojan - deleted
C:\Users\L.Lawliet\Desktop\2016.7.11\49.vir » ZIP » word\vbaProject.bin - VBA/TrojanDropper.Agent.LX trojan - deleted
C:\Users\L.Lawliet\Desktop\2016.7.11\50.vir - JS/TrojanDownloader.Nemucod.AID trojan - cleaned by deleting [1]
Number of scanned objects: 236
Number of threats found: 41
Number of cleaned objects: 41
Time of completion: 9:47:24  Total scanning time: 3 sec (00:00:03)

Notes:
[1] Object has been deleted as it only contained the virus body.
[/mw_shl_code]

cxy密斯

蓝天二号 发表于 2016-7-11 09:38
卡巴斯基

KFA结果怎么跟你的不一样

蓝天二号

cxy密斯 发表于 2016-7-11 09:52
KFA结果怎么跟你的不一样

不晓得，。