精睿样本测试（16.8.16）

轩夏

地址：

http://pan.baidu.com/s/1mhUo6G4   提取密码  8p29

http://www.vdisk.cn/down/index/19730650

密码：bbs.vc52.cn
数量：50  

幽独空林色

火绒不改后缀杀3，红伞未改后缀实时保护kill24，右键扫没测
附火绒扫描日志
Huorong Network Security Suite v3.0.43.2 (Last update: 2016-08-15 16:41)
Copyright (C) Huorong Borui (Beijing) Technology Co., Ltd. All rights reserved.

Scan engine version:v3.0.4.0
Signature database fingerprint: f2a3446:c774c4b:a8aba16:a8aba16
Signature database timestamp: 2016-08-15 16:41

Scan started at:   2016-08-16 09:25:14

F:\迅雷下载\2016.8.16\2016.8.16\19.vir: TrojanDownloader/JS.Nemucod.dl
F:\迅雷下载\2016.8.16\2016.8.16\28.vir: TrojanDownloader/JS.Nemucod.dl
F:\迅雷下载\2016.8.16\2016.8.16\35.vir >> [NSIS].nsi: TrojanDownloader/Wiuti.a

Scan completed at: 2016-08-16 09:25:28

Total:             43 file(s), 543 objects(s)
Infected:          3 file(s), 3 objects(s)
Deleted:           0 file(s), 0 failure(s)
Disinfected:       0 file(s), 0 failure(s)
Duration:          00:00:14

a1414007

ESET
统计结果

   原始文件数量: 50

   处理项目数量: 36

   删除项目数量: 31

   修复项目数量: 5

   近似查杀率: 72.00 %

任意键返回
[mw_shl_code=css,true]Log
Scan Log
Version of virus signature database: 13966P (20160815)
Date: 2016/8/16  Time: 9:27:04
Scanned disks, folders and files: C:\Users\Light\Desktop\2016.8.16
C:\Users\Light\Desktop\2016.8.16\01.vir - a variant of Win32/Injector.DDSB trojan - cleaned by deleting [1]
C:\Users\Light\Desktop\2016.8.16\03.vir - VBS/Kryptik.FN trojan - cleaned by deleting [1]
C:\Users\Light\Desktop\2016.8.16\05.vir - a variant of Win32/Virlock.J virus - deleted
C:\Users\Light\Desktop\2016.8.16\06.vir » ZIP » word/vbaProject.bin - VBA/TrojanDropper.Agent.NH trojan - deleted
C:\Users\Light\Desktop\2016.8.16\07.vir - a variant of Win32/Virlock.J virus - deleted
C:\Users\Light\Desktop\2016.8.16\09.vir » CWS » file.swf - a variant of SWF/Exploit.ExKit.ASV trojan - deleted
C:\Users\Light\Desktop\2016.8.16\10.vir - a variant of Win32/Virlock.J virus - deleted
C:\Users\Light\Desktop\2016.8.16\11.vir - a variant of MSIL/Kryptik.GWY trojan - cleaned by deleting [1]
C:\Users\Light\Desktop\2016.8.16\12.vir - Win32/Exploit.Agent.NRA trojan - cleaned by deleting [1]
C:\Users\Light\Desktop\2016.8.16\13.vir - JS/TrojanDownloader.Nemucod.AQJ trojan - cleaned by deleting [1]
C:\Users\Light\Desktop\2016.8.16\14.vir - VBA/TrojanDownloader.Agent.BOE trojan - cleaned
C:\Users\Light\Desktop\2016.8.16\15.vir - VBA/TrojanDropper.Agent.NC trojan - cleaned
C:\Users\Light\Desktop\2016.8.16\16.vir - JS/TrojanDownloader.Nemucod.AQF trojan - cleaned by deleting [1]
C:\Users\Light\Desktop\2016.8.16\17.vir - VBA/TrojanDownloader.Agent.BON trojan - cleaned
C:\Users\Light\Desktop\2016.8.16\18.vir - a variant of Win32/KuaiZip.B potentially unwanted application - deleted
C:\Users\Light\Desktop\2016.8.16\19.vir - JS/TrojanDownloader.Nemucod.AQJ trojan - cleaned by deleting [1]
C:\Users\Light\Desktop\2016.8.16\24.vir - JS/TrojanDownloader.Nemucod.AQF trojan - cleaned by deleting [1]
C:\Users\Light\Desktop\2016.8.16\25.vir » WINRARSFX » New Xpress Money Certificate Signed And Sealed..exe - a variant of Java/Jacksbot.V trojan - cleaned by deleting [1]
C:\Users\Light\Desktop\2016.8.16\27.vir - JS/TrojanDownloader.Agent.ONB trojan - cleaned by deleting [1]
C:\Users\Light\Desktop\2016.8.16\28.vir - JS/TrojanDownloader.Nemucod.AQJ trojan - cleaned by deleting [1]
C:\Users\Light\Desktop\2016.8.16\29.vir » ZIP » word/vbaProject.bin - VBA/TrojanDownloader.Agent.BOJ trojan - deleted
C:\Users\Light\Desktop\2016.8.16\30.vir - JS/TrojanDownloader.Nemucod.AQF trojan - cleaned by deleting [1]
C:\Users\Light\Desktop\2016.8.16\31.vir - VBA/TrojanDownloader.Agent.BML trojan - cleaned
C:\Users\Light\Desktop\2016.8.16\32.vir - a variant of Win32/Packed.NSIS.B trojan - cleaned by deleting [1]
C:\Users\Light\Desktop\2016.8.16\33.vir » ZIP » word/vbaProject.bin - VBA/TrojanDownloader.Agent.BOK trojan - deleted
C:\Users\Light\Desktop\2016.8.16\35.vir » NSIS » mFilesDir - archive damaged - the file could not be extracted.
C:\Users\Light\Desktop\2016.8.16\35.vir » NSIS » mFilesDir - archive damaged - the file could not be extracted.
C:\Users\Light\Desktop\2016.8.16\36.vir - Win32/Spy.Bebloh.K trojan - cleaned by deleting [1]
C:\Users\Light\Desktop\2016.8.16\37.vir » CAB » @.cmd - a variant of Win32/Injector.DDSB trojan - deleted
C:\Users\Light\Desktop\2016.8.16\39.vir - JS/TrojanDownloader.Nemucod.AQJ trojan - cleaned by deleting [1]
C:\Users\Light\Desktop\2016.8.16\40.vir » ZIP » word/vbaProject.bin - VBA/TrojanDownloader.Agent.BOK trojan - deleted
C:\Users\Light\Desktop\2016.8.16\41.vir - a variant of MSIL/Kryptik.GYC trojan - cleaned by deleting [1]
C:\Users\Light\Desktop\2016.8.16\42.vir » ZIP » word/vbaProject.bin - VBA/TrojanDownloader.Agent.BOJ trojan - deleted
C:\Users\Light\Desktop\2016.8.16\43.vir » ZIP » word/vbaProject.bin - VBA/TrojanDownloader.Agent.BOJ trojan - deleted
C:\Users\Light\Desktop\2016.8.16\45.vir - Win32/Spy.Zbot.AAO trojan - cleaned by deleting [1]
C:\Users\Light\Desktop\2016.8.16\47.vir - VBA/TrojanDropper.Agent.NC trojan - cleaned
C:\Users\Light\Desktop\2016.8.16\49.vir - JS/TrojanDownloader.Nemucod.AQJ trojan - cleaned by deleting [1]
C:\Users\Light\Desktop\2016.8.16\50.vir » ZIP » word/vbaProject.bin - VBA/TrojanDownloader.Agent.BOJ trojan - deleted
Number of scanned objects: 201
Number of threats found: 36
Number of cleaned objects: 36
Time of completion: 9:27:10  Total scanning time: 6 sec (00:00:06)

Notes:
[1] Object has been deleted as it only contained the virus body.
[/mw_shl_code]

alfred0156

瑞星新引擎（联网状态）
总扫描文件: 50
总恶意文件: 28
8个云杀
有效检出率: 56.00%
[mw_shl_code=css,true] Tue Aug 16 09:25:56 2016
"C:\\Users\\alfred\\Desktop\\2016.8.16\\04.vir","type":"scan"
"C:\\Users\\alfred\\Desktop\\2016.8.16\\03.vir","type":"scan"
"C:\\Users\\alfred\\Desktop\\2016.8.16\\06.vir","infect":{"engine":"classic","threat":"Trojan.Obfus/VBA!1.A609","type":"scan"
"C:\\Users\\alfred\\Desktop\\2016.8.16\\05.vir","infect":{"engine":"rdm+","threat":"Malware.Heuristic!ET","type":"scan"
"C:\\Users\\alfred\\Desktop\\2016.8.16\\02.vir","type":"scan"
"C:\\Users\\alfred\\Desktop\\2016.8.16\\09.vir","type":"scan"
"C:\\Users\\alfred\\Desktop\\2016.8.16\\01.vir","infect":{"engine":"classic","threat":"Malware.Obscure/Heur!1.9E03","type":"scan"
"C:\\Users\\alfred\\Desktop\\2016.8.16\\07.vir","infect":{"engine":"classic","threat":"Malware.XPACK-HIE/Heur!1.9C48","type":"scan"
"C:\\Users\\alfred\\Desktop\\2016.8.16\\12.vir","type":"scan"
"C:\\Users\\alfred\\Desktop\\2016.8.16\\08.vir","type":"scan"
"C:\\Users\\alfred\\Desktop\\2016.8.16\\14.vir","infect":{"engine":"classic","threat":"Trojan.Obfus/VBA@DT!1.A540","type":"scan"
"C:\\Users\\alfred\\Desktop\\2016.8.16\\15.vir","type":"scan"
"C:\\Users\\alfred\\Desktop\\2016.8.16\\11.vir","infect":{"engine":"rdm+","threat":"Malware.Heuristic!ET","type":"scan"
"C:\\Users\\alfred\\Desktop\\2016.8.16\\10.vir","infect":{"engine":"rdm+","threat":"Malware.Heuristic!ET","type":"scan"
"C:\\Users\\alfred\\Desktop\\2016.8.16\\17.vir","infect":{"engine":"classic","threat":"Trojan.Obfus/VBA@DT!1.A540","type":"scan"
"C:\\Users\\alfred\\Desktop\\2016.8.16\\16.vir","infect":{"engine":"cloud","threat":"Downloader.Nemucod!8.34-R8oSwbDqy2M","type":"scan"
"C:\\Users\\alfred\\Desktop\\2016.8.16\\20.vir","type":"scan"
"C:\\Users\\alfred\\Desktop\\2016.8.16\\13.vir","type":"scan"
"C:\\Users\\alfred\\Desktop\\2016.8.16\\22.vir","type":"scan"
"C:\\Users\\alfred\\Desktop\\2016.8.16\\18.vir","type":"scan"
"C:\\Users\\alfred\\Desktop\\2016.8.16\\21.vir","infect":{"engine":"cloud","threat":"Malware.Undefined!8.C-2JobEAPh3wI","type":"scan"
"C:\\Users\\alfred\\Desktop\\2016.8.16\\19.vir","infect":{"engine":"cloud","threat":"Downloader.Nemucod!8.34-PMz784AXB2O","type":"scan"
"C:\\Users\\alfred\\Desktop\\2016.8.16\\26.vir","type":"scan"
"C:\\Users\\alfred\\Desktop\\2016.8.16\\23.vir","type":"scan"
"C:\\Users\\alfred\\Desktop\\2016.8.16\\27.vir","type":"scan"
"C:\\Users\\alfred\\Desktop\\2016.8.16\\24.vir","type":"scan"
"C:\\Users\\alfred\\Desktop\\2016.8.16\\29.vir","infect":{"engine":"classic","threat":"Trojan.Obfus/VBA!1.A60A","type":"scan"
"C:\\Users\\alfred\\Desktop\\2016.8.16\\31.vir","type":"scan"
"C:\\Users\\alfred\\Desktop\\2016.8.16\\25.vir","infect":{"engine":"rdm+","threat":"Malware.Heuristic!ET","type":"scan"
"C:\\Users\\alfred\\Desktop\\2016.8.16\\33.vir","infect":{"engine":"classic","threat":"Trojan.Obfus/VBA!1.A60A","type":"scan"
"C:\\Users\\alfred\\Desktop\\2016.8.16\\30.vir","infect":{"engine":"cloud","threat":"Downloader.Nemucod!8.34-LeH2BS2arqK","type":"scan"
"C:\\Users\\alfred\\Desktop\\2016.8.16\\34.vir","type":"scan"
"C:\\Users\\alfred\\Desktop\\2016.8.16\\28.vir","infect":{"engine":"cloud","threat":"Downloader.Nemucod!8.34-meC7t3lmH5J","type":"scan"
"C:\\Users\\alfred\\Desktop\\2016.8.16\\36.vir","type":"scan"
"C:\\Users\\alfred\\Desktop\\2016.8.16\\38.vir","infect":{"engine":"classic","threat":"Downloader.Agent/VBA!1.A514","type":"scan"
"C:\\Users\\alfred\\Desktop\\2016.8.16\\35.vir","infect":{"engine":"classic","threat":"Trojan.Downloader!1.A52A","type":"scan"
"C:\\Users\\alfred\\Desktop\\2016.8.16\\40.vir","infect":{"engine":"classic","threat":"Trojan.Obfus/VBA!1.A60A","type":"scan"
"C:\\Users\\alfred\\Desktop\\2016.8.16\\37.vir","infect":{"engine":"rdm+","threat":"Malware.Heuristic!ET","type":"scan"
"C:\\Users\\alfred\\Desktop\\2016.8.16\\42.vir","infect":{"engine":"classic","threat":"Trojan.Obfus/VBA!1.A60A","type":"scan"
"C:\\Users\\alfred\\Desktop\\2016.8.16\\32.vir","type":"scan"
"C:\\Users\\alfred\\Desktop\\2016.8.16\\43.vir","infect":{"engine":"classic","threat":"Trojan.Obfus/VBA!1.A60A","type":"scan"
"C:\\Users\\alfred\\Desktop\\2016.8.16\\44.vir","infect":{"engine":"cloud","threat":"Trojan.ObfusJS/Heur!1.A4CA-NEwzs0FO1qP","type":"scan"
"C:\\Users\\alfred\\Desktop\\2016.8.16\\46.vir","type":"scan"
"C:\\Users\\alfred\\Desktop\\2016.8.16\\47.vir","type":"scan"
"C:\\Users\\alfred\\Desktop\\2016.8.16\\41.vir","infect":{"engine":"rdm+","threat":"Malware.Heuristic!ET","type":"scan"
"C:\\Users\\alfred\\Desktop\\2016.8.16\\39.vir","infect":{"engine":"cloud","threat":"Downloader.Nemucod!8.34-JEDgQBIH05Q","type":"scan"
"C:\\Users\\alfred\\Desktop\\2016.8.16\\50.vir","infect":{"engine":"classic","threat":"Trojan.Obfus/VBA!1.A60A","type":"scan"
"C:\\Users\\alfred\\Desktop\\2016.8.16\\45.vir","infect":{"engine":"thunder","threat":"Malware.Generic!MVpRfmgWdtH@3","type":"scan"
"C:\\Users\\alfred\\Desktop\\2016.8.16\\48.vir","type":"scan"
"C:\\Users\\alfred\\Desktop\\2016.8.16\\49.vir","infect":{"engine":"cloud","threat":"Downloader.Nemucod!8.34-aLrQBjEsT7E","type":"scan"

扫描结束: Tue Aug 16 10:24:57 2016

总共耗时: 0:3:806(m:s:ms)[/mw_shl_code]


AVG
高严重性;"34";"0";"34"
中等严重性;"1";"0";"1"
[mw_shl_code=css,true]
C:\Users\alfred\Desktop\2016.8.16\32.vir;"特洛伊木马 Generic_s.JDW";"未解决";"未解决";"高"
C:\Users\alfred\Desktop\2016.8.16\16.vir;"发现病毒 JS/Downloader.Agent.45_5";"未解决";"未解决";"高"
C:\Users\alfred\Desktop\2016.8.16\43.vir;"发现病毒 W97M/Downloader";"未解决";"未解决";"高"
C:\Users\alfred\Desktop\2016.8.16\49.vir;"发现病毒 JS/Downloader.Agent.43_7";"未解决";"未解决";"高"
C:\Users\alfred\Desktop\2016.8.16\24.vir;"发现病毒 JS/Downloader.Agent.45_5";"未解决";"未解决";"高"
C:\Users\alfred\Desktop\2016.8.16\18.vir;"发现 MalSign.KuaiZip.E5B";"未解决";"未解决";"中等"
C:\Users\alfred\Desktop\2016.8.16\38.vir;"发现病毒 W97M/Downloader";"未解决";"未解决";"高"
C:\Users\alfred\Desktop\2016.8.16\25.vir;"特洛伊木马 Exploit.Java_c.TDM";"未解决";"未解决";"高"
C:\Users\alfred\Desktop\2016.8.16\05.vir;"特洛伊木马 LockScreen.BO";"未解决";"未解决";"高"
C:\Users\alfred\Desktop\2016.8.16\12.vir;"可能是特洛伊木马 Exploit";"未解决";"未解决";"高"
C:\Users\alfred\Desktop\2016.8.16\40.vir;"发现病毒 W97M/Downloader";"未解决";"未解决";"高"
C:\Users\alfred\Desktop\2016.8.16\07.vir;"特洛伊木马 LockScreen.BO";"未解决";"未解决";"高"
C:\Users\alfred\Desktop\2016.8.16\47.vir;"发现病毒 W97M/Downloader.AW";"未解决";"未解决";"高"
C:\Users\alfred\Desktop\2016.8.16\30.vir;"发现病毒 JS/Downloader.Agent.45_5";"未解决";"未解决";"高"
C:\Users\alfred\Desktop\2016.8.16\19.vir;"发现病毒 JS/Downloader.Agent.43_7";"未解决";"未解决";"高"
C:\Users\alfred\Desktop\2016.8.16\11.vir;"特洛伊木马 MSIL10.AVOH";"未解决";"未解决";"高"
C:\Users\alfred\Desktop\2016.8.16\09.vir;"发现病毒 SWF/Exploit";"未解决";"未解决";"高"
C:\Users\alfred\Desktop\2016.8.16\13.vir;"发现病毒 JS/Downloader.Agent.43_7";"未解决";"未解决";"高"
C:\Users\alfred\Desktop\2016.8.16\37.vir;"特洛伊木马 Generic16_c.OM";"未解决";"未解决";"高"
C:\Users\alfred\Desktop\2016.8.16\36.vir;"特洛伊木马 Generic_r.MFH";"未解决";"未解决";"高"
C:\Users\alfred\Desktop\2016.8.16\41.vir;"特洛伊木马 Atros3.CORB";"未解决";"未解决";"高"
C:\Users\alfred\Desktop\2016.8.16\50.vir;"发现病毒 W97M/Downloader";"未解决";"未解决";"高"
C:\Users\alfred\Desktop\2016.8.16\29.vir;"发现病毒 W97M/Downloader";"未解决";"未解决";"高"
C:\Users\alfred\Desktop\2016.8.16\39.vir;"发现病毒 JS/Downloader.Agent.43_7";"未解决";"未解决";"高"
C:\Users\alfred\Desktop\2016.8.16\26.vir;"发现病毒 W97M/Downloader.AW";"未解决";"未解决";"高"
C:\Users\alfred\Desktop\2016.8.16\14.vir;"发现病毒 W97M/Downloader";"未解决";"未解决";"高"
C:\Users\alfred\Desktop\2016.8.16\01.vir;"特洛伊木马 Inject3.BAYZ";"未解决";"未解决";"高"
C:\Users\alfred\Desktop\2016.8.16\42.vir;"发现病毒 W97M/Downloader";"未解决";"未解决";"高"
C:\Users\alfred\Desktop\2016.8.16\10.vir;"特洛伊木马 LockScreen.BO";"未解决";"未解决";"高"
C:\Users\alfred\Desktop\2016.8.16\44.vir;"发现病毒 JS/Heur";"未解决";"未解决";"高"
C:\Users\alfred\Desktop\2016.8.16\33.vir;"发现病毒 W97M/Downloader";"未解决";"未解决";"高"
C:\Users\alfred\Desktop\2016.8.16\15.vir;"发现病毒 W97M/Downloader.AW";"未解决";"未解决";"高"
C:\Users\alfred\Desktop\2016.8.16\31.vir;"发现病毒 W97M/Downloader";"未解决";"未解决";"高"
C:\Users\alfred\Desktop\2016.8.16\45.vir;"特洛伊木马 Generic_vb.MOS";"未解决";"未解决";"高"
C:\Users\alfred\Desktop\2016.8.16\28.vir;"发现病毒 JS/Downloader.Agent.43_7";"未解决";"未解决";"高"
[/mw_shl_code]

轩夏

MSE 表示今天没有休息好，一定是这样

[mw_shl_code=css,true]Scan started on Tue Aug 16 09:34:55 2016

C:\Users\XuanXia\Desktop\2016.8.16\05.vir   Infected: Virus:Win32/Nabucur.D
C:\Users\XuanXia\Desktop\2016.8.16\07.vir   Infected: Virus:Win32/Nabucur.D
C:\Users\XuanXia\Desktop\2016.8.16\10.vir   Infected: Virus:Win32/Nabucur.D
C:\Users\XuanXia\Desktop\2016.8.16\14.vir   Infected: TrojanDownloader:O97M/Donoff
C:\Users\XuanXia\Desktop\2016.8.16\31.vir   Infected: Trojan:O97M/Macrobe.D
Successfully checked: C:\Users\XuanXia\Desktop\2016.8.16

Scan ended on Tue Aug 16 09:35:38 2016

Time: 43 second(s). [0h:00m:43s]
Files/second: 6 (385 Kb/s).
Objects scanned: 272.
Infected: 5. Suspicious: 0. Clean: 267. Different virus bodies: 3.
Files: 50. Directories: 1. Archives: 14. Packed: 21. Mail files: 0.
Warnings: 5. Scan errors: 0. Protected: 0. Damaged: 0. Unknown method: 0. Spanned: 0.[/mw_shl_code]

Eset小粉絲

Avira 33X

[mw_shl_code=css,true]Start of the scan: Tuesday, 16 August, 2016  09:36

Starting the file scan:

Begin scan in 'C:\Users\User\Downloads\2016.8.16'
C:\Users\User\Downloads\2016.8.16\01.vir
  [DETECTION] Is the TR/Injector.tjcu Trojan
C:\Users\User\Downloads\2016.8.16\02.vir
  [DETECTION] Is the TR/Razy.hhub Trojan
C:\Users\User\Downloads\2016.8.16\05.vir
  [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\Users\User\Downloads\2016.8.16\07.vir
  [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\Users\User\Downloads\2016.8.16\09.vir
  [DETECTION] Contains recognition pattern of the EXP/FLASH.Pubenush.T.Gen exploit
C:\Users\User\Downloads\2016.8.16\10.vir
  [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\Users\User\Downloads\2016.8.16\11.vir
  [DETECTION] Is the TR/Dropper.MSIL.vckg Trojan
C:\Users\User\Downloads\2016.8.16\12.vir
  [DETECTION] Contains recognition pattern of the EXP/CVE-2012-0158 exploit
C:\Users\User\Downloads\2016.8.16\13.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Locky.lks Java script virus
C:\Users\User\Downloads\2016.8.16\14.vir
  [DETECTION] Contains code of the W2000M/Agent.01991865 macro virus
C:\Users\User\Downloads\2016.8.16\15.vir
  [DETECTION] Contains code of the W2000M/Agent.756516 macro virus
C:\Users\User\Downloads\2016.8.16\16.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Locky.AMVALA Java script virus
C:\Users\User\Downloads\2016.8.16\17.vir
  [DETECTION] Contains code of the W2000M/Agent.6792458 macro virus
C:\Users\User\Downloads\2016.8.16\18.vir
  [DETECTION] Contains virus patterns of Adware ADWARE/Ocna.A
C:\Users\User\Downloads\2016.8.16\19.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Locky.lks Java script virus
C:\Users\User\Downloads\2016.8.16\24.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Locky.AMVALA Java script virus
C:\Users\User\Downloads\2016.8.16\25.vir
    [0] Archive type: ZIP SFX (self extracting)
    --> New Xpress Money Certificate Signed And Sealed..exe
        [DETECTION] Is the TR/Dropper.Gen Trojan
        [WARNING]   Infected files in archives cannot be repaired
C:\Users\User\Downloads\2016.8.16\26.vir
  [DETECTION] Contains suspicious code HEUR/Macro.Dropper
C:\Users\User\Downloads\2016.8.16\28.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Locky.lks Java script virus
C:\Users\User\Downloads\2016.8.16\29.vir
    [0] Archive type: ZIP
    --> word/vbaProject.bin
        [DETECTION] Contains code of the W2000M/Agent.0628244 macro virus
        [WARNING]   Infected files in archives cannot be repaired
C:\Users\User\Downloads\2016.8.16\30.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Locky.AMVALA Java script virus
C:\Users\User\Downloads\2016.8.16\31.vir
  [DETECTION] Contains code of the W2000M/Agent.866387 macro virus
C:\Users\User\Downloads\2016.8.16\32.vir
    [0] Archive type: NSIS
    --> ProgramFilesDir/CabDLL.dll
        [DETECTION] Is the TR/Inject.evtl Trojan
        [WARNING]   Infected files in archives cannot be repaired
C:\Users\User\Downloads\2016.8.16\33.vir
    [0] Archive type: ZIP
    --> word/vbaProject.bin
        [DETECTION] Contains code of the W2000M/Agent.0628244 macro virus
        [WARNING]   Infected files in archives cannot be repaired
C:\Users\User\Downloads\2016.8.16\37.vir
    [0] Archive type: Portable Executable Resource
    --> CABINET
        [1] Archive type: CAB (Microsoft)
      --> @.cmd
          [DETECTION] Is the TR/Injector.tjcu Trojan
          [WARNING]   Infected files in archives cannot be repaired
C:\Users\User\Downloads\2016.8.16\39.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Locky.lks Java script virus
C:\Users\User\Downloads\2016.8.16\40.vir
    [0] Archive type: ZIP
    --> word/vbaProject.bin
        [DETECTION] Contains code of the W2000M/Agent.0628244 macro virus
        [WARNING]   Infected files in archives cannot be repaired
C:\Users\User\Downloads\2016.8.16\41.vir
  [DETECTION] Is the TR/Dropper.MSIL.apek Trojan
C:\Users\User\Downloads\2016.8.16\42.vir
    [0] Archive type: ZIP
    --> word/vbaProject.bin
        [DETECTION] Contains code of the W2000M/Agent.0628244 macro virus
        [WARNING]   Infected files in archives cannot be repaired
C:\Users\User\Downloads\2016.8.16\43.vir
    [0] Archive type: ZIP
    --> word/vbaProject.bin
        [DETECTION] Contains code of the W2000M/Agent.0628244 macro virus
        [WARNING]   Infected files in archives cannot be repaired
C:\Users\User\Downloads\2016.8.16\47.vir
  [DETECTION] Contains code of the W2000M/Agent.756516 macro virus
C:\Users\User\Downloads\2016.8.16\49.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Locky.lks Java script virus
C:\Users\User\Downloads\2016.8.16\50.vir
    [0] Archive type: ZIP
    --> word/vbaProject.bin
        [DETECTION] Contains code of the W2000M/Agent.0628244 macro virus
        [WARNING]   Infected files in archives cannot be repaired[/mw_shl_code]

Luca.l

管家国际版
[mw_shl_code=xml,true][Scan information]

Start time:2016-8-16 09:56:39
Elapsed time:00:00:02
Scan type:Custom scan
Antivirus engines:Tencent cloud protection engine    Tencent antivirus engine II    Tencent system repair engine    Bitdefender local antivirus engine   
Scan status:Scan complete


[Scan Report]

Files scanned:50
Threats detected:30
Threats processed:30


---------------------
2016-8-16 09:56:42 MD5:98027cfa126018f341e5f0e014b34f7a C:\Users\Joyzz_Android01\Desktop\样本\2016.8.16\29.vir --> word/vbaProject.bin [W97M.Downloader.EDD]  [Delete success]
2016-8-16 09:56:43 MD5:2ea4baada484b54209f957ec0e0264e9 C:\Users\Joyzz_Android01\Desktop\样本\2016.8.16\13.vir [Trojan.JS.Downloader.FEG]  [Delete success]
2016-8-16 09:56:43 MD5:6d6cbd7d0d36497626fff2cdb4af4ddd C:\Users\Joyzz_Android01\Desktop\样本\2016.8.16\11.vir [Trojan.Agent.BXEI]  [Delete success]
2016-8-16 09:56:43 MD5:c629c18af3c8ea2a92742d88b5569a11 C:\Users\Joyzz_Android01\Desktop\样本\2016.8.16\47.vir [W97M.Downloader.EDF]  [Clean success]
2016-8-16 09:56:43 MD5:7de07d0c4275a1f9ec89cb64ce69f631 C:\Users\Joyzz_Android01\Desktop\样本\2016.8.16\18.vir [Trojan.Agent.BTGJ]  [Delete success]
2016-8-16 09:56:43 MD5:d7b4d2f5447b4c5e92ee71475c00dd47 C:\Users\Joyzz_Android01\Desktop\样本\2016.8.16\28.vir [Trojan.JS.Downloader.FEG]  [Delete success]
2016-8-16 09:56:43 MD5:a2e5f1437635767a7318cd82fccfe64a C:\Users\Joyzz_Android01\Desktop\样本\2016.8.16\15.vir [W97M.Downloader.EDF]  [Clean success]
2016-8-16 09:56:43 MD5:850e480d00b4c31acd25d5641aadaf88 C:\Users\Joyzz_Android01\Desktop\样本\2016.8.16\36.vir [Trojan.GenericKD.3458066]  [Delete success]
2016-8-16 09:56:43 MD5:c8f0ae90082a7b150ba3bc4bf12662e4 C:\Users\Joyzz_Android01\Desktop\样本\2016.8.16\02.vir [Gen:Variant.Razy.84351]  [Delete success]
2016-8-16 09:56:43 MD5:affa6d1f5cf8bd20d44f381c155ebc66 C:\Users\Joyzz_Android01\Desktop\样本\2016.8.16\43.vir --> word/vbaProject.bin [W97M.Downloader.EDD]  [Delete success]
2016-8-16 09:56:43 MD5:6e3e8d61d2ba948b9d5c99c56c89c2fa C:\Users\Joyzz_Android01\Desktop\样本\2016.8.16\25.vir [Gen:Variant.Razy.78162]  [Delete success]
2016-8-16 09:56:44 MD5:7983124763323a5f59e2bbc485a47207 C:\Users\Joyzz_Android01\Desktop\样本\2016.8.16\26.vir [Trojan.Agent.BXLK]  [Delete success]
2016-8-16 09:56:44 MD5:c6f0a3d6e35a8bba12b220f902d7c80a C:\Users\Joyzz_Android01\Desktop\样本\2016.8.16\37.vir [Trojan.GenericKD.3462472]  [Delete success]
2016-8-16 09:56:44 MD5:2a9316b8a50a21241fa7bc5836203602 C:\Users\Joyzz_Android01\Desktop\样本\2016.8.16\01.vir [Trojan.GenericKD.3462196]  [Delete success]
2016-8-16 09:56:44 MD5:96c724d20d15d044948e299f73b908ee C:\Users\Joyzz_Android01\Desktop\样本\2016.8.16\42.vir --> word/vbaProject.bin [W97M.Downloader.EDD]  [Delete success]
2016-8-16 09:56:44 MD5:e2cb205c195f5fdd3c508ef53b6ac007 C:\Users\Joyzz_Android01\Desktop\样本\2016.8.16\24.vir [Trojan.JS.Downloader.FEV]  [Delete success]
2016-8-16 09:56:44 MD5:d6a8283a7c75f10de1b196c9dffa275f C:\Users\Joyzz_Android01\Desktop\样本\2016.8.16\41.vir [Trojan.GenericKD.3459668]  [Delete success]
2016-8-16 09:56:44 MD5:be52c02a3e47a224cca4b43bd5886da0 C:\Users\Joyzz_Android01\Desktop\样本\2016.8.16\05.vir [Win32.Virlock.Gen.3]  [Delete success]
2016-8-16 09:56:45 MD5:53d07333571c37278688fc08409350be C:\Users\Joyzz_Android01\Desktop\样本\2016.8.16\33.vir [Trojan.Agent.BXKD]  [Delete success]
2016-8-16 09:56:45 MD5:31bf043519da2e086041c78e6eeafb73 C:\Users\Joyzz_Android01\Desktop\样本\2016.8.16\40.vir --> word/vbaProject.bin [W97M.Downloader.EDD]  [Delete success]
2016-8-16 09:56:45 MD5:66af834516560249871bca4d3217fdb8 C:\Users\Joyzz_Android01\Desktop\样本\2016.8.16\20.vir --> (IFRAME     1) [Trojan.Iframe.CHU]  [Delete success]
2016-8-16 09:56:45 MD5:33a18eac147c231c0528f98a40f50398 C:\Users\Joyzz_Android01\Desktop\样本\2016.8.16\50.vir --> word/vbaProject.bin [W97M.Downloader.EDD]  [Delete success]
2016-8-16 09:56:45 MD5:39eecdf5480edca5d444e537cb3d5cce C:\Users\Joyzz_Android01\Desktop\样本\2016.8.16\45.vir [Trojan.GenericKD.3458050]  [Delete success]
2016-8-16 09:56:45 MD5:42fa89b4aa5ef022033e31d9bf9491ac C:\Users\Joyzz_Android01\Desktop\样本\2016.8.16\07.vir [Win32.Virlock.Gen.3]  [Delete success]
2016-8-16 09:56:46 MD5:169a6ec61001d0e68e428fb223ad319c C:\Users\Joyzz_Android01\Desktop\样本\2016.8.16\31.vir [w97m.Downloader.EBI]  [Clean success]
2016-8-16 09:56:46 MD5:cc5d2fa11c0ddcebcb49c7a9832ae636 C:\Users\Joyzz_Android01\Desktop\样本\2016.8.16\39.vir [Trojan.JS.Downloader.FEG]  [Delete success]
2016-8-16 09:56:46 MD5:f8cf502057d2e8a3f3b5ad9ff067b0e9 C:\Users\Joyzz_Android01\Desktop\样本\2016.8.16\19.vir [Trojan.JS.Downloader.FEG]  [Delete success]
2016-8-16 09:56:46 MD5:fa903812a37fee98a81ccdb76c810e58 C:\Users\Joyzz_Android01\Desktop\样本\2016.8.16\32.vir [Trojan.GenericKD.3461377]  [Delete success]
2016-8-16 09:56:46 MD5:c9bab062c8f1d026114e640420e2139a C:\Users\Joyzz_Android01\Desktop\样本\2016.8.16\49.vir [Trojan.JS.Downloader.FEG]  [Delete success]
2016-8-16 09:56:46 MD5:24d8ec46aed06f2aa22f69613ed585f6 C:\Users\Joyzz_Android01\Desktop\样本\2016.8.16\10.vir [Win32.Virlock.Gen.3]  [Delete success]
---------------------
[/mw_shl_code]

心醉咖啡

幽独空林色 发表于 2016-8-16 09:27
火绒不改后缀杀3，红伞未改后缀实时保护kill24，右键扫没测
附火绒扫描日志
Huorong Network Security Su ...

火绒9个呀

Huorong Network Security Suite v3.0.43.2 (Last update: 2016-08-15 16:41)
Copyright (C) Huorong Borui (Beijing) Technology Co., Ltd. All rights reserved.

Scan engine version:v3.0.4.0
Signature database fingerprint: f2a3446:c774c4b:a8aba16:a8aba16
Signature database timestamp: 2016-08-15 16:41

Scan started at:   2016-08-16 09:56:50

F:\浏览器下载\2016.8.16\05.vir: HVM:Virus/Nabucur.d
F:\浏览器下载\2016.8.16\07.vir: HVM:Virus/Nabucur.d
F:\浏览器下载\2016.8.16\10.vir: HVM:Virus/Nabucur.d
F:\浏览器下载\2016.8.16\13.vir: TrojanDownloader/JS.Nemucod.dl
F:\浏览器下载\2016.8.16\19.vir: TrojanDownloader/JS.Nemucod.dl
F:\浏览器下载\2016.8.16\28.vir: TrojanDownloader/JS.Nemucod.dl
F:\浏览器下载\2016.8.16\35.vir >> [NSIS].nsi: TrojanDownloader/Wiuti.a
F:\浏览器下载\2016.8.16\39.vir: TrojanDownloader/JS.Nemucod.dl
F:\浏览器下载\2016.8.16\49.vir: TrojanDownloader/JS.Nemucod.dl

Scan completed at: 2016-08-16 09:57:12

Total:             50 file(s), 588 objects(s)
Infected:          9 file(s), 9 objects(s)
Deleted:           0 file(s), 0 failure(s)
Disinfected:       0 file(s), 0 failure(s)
Duration:          00:00:22

540923555

轩夏 发表于 2016-8-16 09:36
MSE 表示今天没有休息好，一定是这样

[mw_shl_code=css,true]Scan started on Tue Aug 16 09:34:55 2016 ...

WD来给你报仇了

查杀+修复=29，未处理样本=21个

msswenqing

日期/時間,安全威脅,來源類型,受影響的檔案,處理行動,偵測方式
2016/8/16 10:49,VBS_BANLOAD.SMEM2,安全威脅,E:\2016.8.16\03.vir,已移除,即時掃瞄
2016/8/16 10:49,PE_VIRLOCK.A,病毒,E:\2016.8.16\05.vir,已清除,即時掃瞄
2016/8/16 10:49,PE_VIRLOCK.A,病毒,E:\2016.8.16\07.vir,已清除,即時掃瞄
2016/8/16 10:49,PE_VIRLOCK.A,病毒,E:\2016.8.16\10.vir,已清除,即時掃瞄
2016/8/16 10:49,W2KM_DLOADR.YYSRH,安全威脅,E:\2016.8.16\14.vir,已移除,即時掃瞄
2016/8/16 10:49,W2KM_DLOADR.YYSRJ,安全威脅,E:\2016.8.16\15.vir,已移除,即時掃瞄
2016/8/16 10:49,W2KM_LOCKY.DLDVEW,安全威脅,E:\2016.8.16\17.vir,已移除,即時掃瞄
2016/8/16 10:49,TROJ_GEN.R047C0FHC16,病毒,E:\2016.8.16\25.vir\New Xpress Money Certificate Signed And Sealed..exe,已移除,即時掃瞄
2016/8/16 10:49,W2KM_DLOADER.BVFM,安全威脅,E:\2016.8.16\26.vir,已移除,即時掃瞄
2016/8/16 10:49,W2KM_DLOADER.BVFI,安全威脅,E:\2016.8.16\31.vir,已移除,即時掃瞄
2016/8/16 10:49,TROJ_GEN.R00JC0DHF16,病毒,E:\2016.8.16\37.vir\@.cmd,已移除,即時掃瞄
2016/8/16 10:49,W2KM_DLOADR.YYSRJ,安全威脅,E:\2016.8.16\47.vir,已移除,即時掃瞄
2016/8/16 10:52,W2KM_LOCKY.DLDVEW,安全威脅,E:\2016.8.16\42.vir\word\vbaProject.bin,已移除,手動掃瞄
2016/8/16 10:52,W2KM_LOCKY.DLDVEZ,安全威脅,E:\2016.8.16\33.vir\word\vbaProject.bin,已移除,手動掃瞄
2016/8/16 10:52,W2KM_LOCKY.K,安全威脅,E:\2016.8.16\29.vir\word\vbaProject.bin,已移除,手動掃瞄
2016/8/16 10:52,W2KM_LOCKY.N,安全威脅,E:\2016.8.16\40.vir\word\vbaProject.bin,已移除,手動掃瞄
2016/8/16 10:52,W2KM_LOCKY.J,安全威脅,E:\2016.8.16\43.vir\word\vbaProject.bin,已移除,手動掃瞄
2016/8/16 10:52,W2KM_LOCKY.L,安全威脅,E:\2016.8.16\50.vir\word\vbaProject.bin,已移除,手動掃瞄
2016/8/16 10:52,W2KM_DLOADR.YYSRK,安全威脅,E:\2016.8.16\38.vir\word\vbaProject.bin,已移除,手動掃瞄
趋势香港繁体中文版杀19个，今天还凑合....