精睿样本测试（16.10.20）

小小瞻

BD：共检测出28个，其中修复8个。今天的样本有点狠，BD成绩跌出30以外！

XZ8SM7Sx0bVkoUV

火绒 10X
[mw_shl_code=css,true]Huorong Network Security Suite v3.0.49.9 (Last update: 2016-10-19 16:22)
Copyright (C) Huorong Borui (Beijing) Technology Co., Ltd. All rights reserved.

Scan engine version:v3.0.4.0
Signature database fingerprint: 988ab08:d438d3e:d438d3e:d438d3e
Signature database timestamp: 2016-10-19 16:22

Scan started at:   2016-10-20 10:28:58

D:\vc52\2016.10.20\01.vir: TrojanDownloader/VBS.Agent.u
D:\vc52\2016.10.20\10.vir: TrojanDownloader/JS.Nemucod.fj
D:\vc52\2016.10.20\13.vir: TrojanDownloader/JS.Nemucod.ej
D:\vc52\2016.10.20\17.vir: HEUR:OMacro/WinA.d
D:\vc52\2016.10.20\25.vir: HEUR:VirTool/Obfuscator.gen!C
D:\vc52\2016.10.20\29.vir: OMacro/Downloader
D:\vc52\2016.10.20\32.vir: HEUR:OMacro/WinA.d
D:\vc52\2016.10.20\28.vir: VirTool/Kovter.p
D:\vc52\2016.10.20\41.vir: TrojanSpy/AutoIt.Agent.b
D:\vc52\2016.10.20\43.vir: HEUR:OMacro/WinA.d

Scan completed at: 2016-10-20 10:29:09

Total:             50 file(s), 484 objects(s)
Infected:          10 file(s), 10 objects(s)
Deleted:           0 file(s), 0 failure(s)
Disinfected:       0 file(s), 0 failure(s)
Duration:          00:00:11
[/mw_shl_code]

windows7爱好者

fireherman 发表于 2016-10-20 09:57
ESET-NOD32 ess 8 [v14308/20161019]

Total kill 33x (Fix 5x)

ESET的成绩真是高的吓人
不过像我这种用主防的肯定要把双击算进去和你比
看能不能超过ESET了，看着吧

windows7爱好者

扫描+监控
剩下27个，其中修复一个48号

03号双击是个cmd窗口，输入OK或者NO都是出来一段代码然后闪退，未发现可疑行为

12停止工作

14是个js，运行后自删除，并且下载了一个tmp，可惜无法运行

最后的50挺有意思

暂时观察中
所以，总成绩（除去自删除的JS）

检测24个，其中删除23个，修复1个

Eset小粉絲

Avira 24x

[mw_shl_code=css,true]Start of the scan: Thursday, 20 October, 2016  12:50

Starting the file scan:

Begin scan in 'C:\Users\User\Desktop\2016.10.20'
C:\Users\User\Desktop\2016.10.20\02.vir
  [DETECTION] Contains suspicious code HEUR/Macro.Downloader
C:\Users\User\Desktop\2016.10.20\07.vir
    [0] Archive type: ZIP
    --> SDFGWERTG324DSDFG/ASDFSDFQWERASDFA.class
        [DETECTION] Contains recognition pattern of the JAVA/Dldr.Agent.55436 Java virus
        [WARNING]   Infected files in archives cannot be repaired
C:\Users\User\Desktop\2016.10.20\08.vir
    [0] Archive type: ZIP
    --> word/vbaProject.bin
        [DETECTION] Contains code of the W2000M/Agent.8514635 macro virus
        [WARNING]   Infected files in archives cannot be repaired
C:\Users\User\Desktop\2016.10.20\09.vir
    [0] Archive type: ZIP
    --> miner/Miner.class
        [DETECTION] Contains recognition pattern of the JAVA/Adwind.4220 Java virus
        [WARNING]   Infected files in archives cannot be repaired
    --> sCryptMinerStub.class
        [DETECTION] Contains recognition pattern of the JAVA/JRat.E.1 Java virus
        [WARNING]   Infected files in archives cannot be repaired
C:\Users\User\Desktop\2016.10.20\10.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Krypt.lkjjh Java script virus
C:\Users\User\Desktop\2016.10.20\11.vir
    [0] Archive type: ZIP
    --> word/vbaProject.bin
        [DETECTION] Contains code of the W2000M/Agent.42235 macro virus
        [WARNING]   Infected files in archives cannot be repaired
C:\Users\User\Desktop\2016.10.20\13.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Kript.830162 Java script virus
C:\Users\User\Desktop\2016.10.20\15.vir
  [DETECTION] Is the TR/Crypt.Xpack.jhlsn Trojan
C:\Users\User\Desktop\2016.10.20\16.vir
  [DETECTION] Is the TR/Crypt.Xpack.olxyz Trojan
C:\Users\User\Desktop\2016.10.20\17.vir
  [DETECTION] Contains code of the W2000M/Fereit.19810 macro virus
C:\Users\User\Desktop\2016.10.20\18.vir
    [0] Archive type: ACE
    --> New Order  for ebeudave co. ltd.pdf.exe
        [DETECTION] Is the TR/Dropper.MSIL.audfr Trojan
        [WARNING]   Infected files in archives cannot be repaired
C:\Users\User\Desktop\2016.10.20\27.vir
  [DETECTION] Is the TR/Dropper.VB.ojblf Trojan
C:\Users\User\Desktop\2016.10.20\29.vir
  [DETECTION] Contains code of the W2000M/Agent.97931068 macro virus
C:\Users\User\Desktop\2016.10.20\32.vir
  [DETECTION] Contains code of the W2000M/Drop.Agent.58240 macro virus
C:\Users\User\Desktop\2016.10.20\33.vir
  [DETECTION] Is the TR/Spy.Gen Trojan
C:\Users\User\Desktop\2016.10.20\34.vir
  [DETECTION] Is the TR/Dropper.VB.izqxh Trojan
C:\Users\User\Desktop\2016.10.20\36.vir
  [DETECTION] Contains recognition pattern of the HTML/ExpKit.Gen2 HTML script virus
C:\Users\User\Desktop\2016.10.20\39.vir
  [DETECTION] Is the TR/Dropper.Gen Trojan
C:\Users\User\Desktop\2016.10.20\41.vir
  [DETECTION] Is the TR/Dropper.Gen Trojan
C:\Users\User\Desktop\2016.10.20\42.vir
  [DETECTION] Is the TR/Crypt.ZPACK.nxglq Trojan
C:\Users\User\Desktop\2016.10.20\43.vir
  [DETECTION] Contains code of the W2000M/Drop.Agent.21820 macro virus
C:\Users\User\Desktop\2016.10.20\45.vir
  [DETECTION] Is the TR/Dropper.MSIL.bmqt Trojan
    [0] Archive type: RSRC
    --> C:\Users\User\Desktop\2016.10.20\48.vir
        [1] Archive type: ZIP
      --> VhosxQRU.class
          [DETECTION] Contains recognition pattern of the EXP/JAVA.Banlaod.J.Gen exploit
          [WARNING]   Infected files in archives cannot be repaired
C:\Users\User\Desktop\2016.10.20\48.vir
  [DETECTION] Contains recognition pattern of the EXP/JAVA.Banlaod.J.Gen exploit
C:\Users\User\Desktop\2016.10.20\49.vir
  [DETECTION] Is the TR/Dldr.Agent.zuqsr Trojan[/mw_shl_code]

540923555

驭龙 发表于 2016-10-20 10:57
WD测试时间2016年10月20日 11:00
测试版本和特征库

看来精锐最近换样本源以后，卡巴受影响也不小啊

驭龙

540923555 发表于 2016-10-20 13:03
看来精锐最近换样本源以后，卡巴受影响也不小啊

是的，最近卡巴确实是有一点受影响了，其实最开始两天WD也有一点不适应

fanyunlong

我的 歌德塔套装 也出来秀秀
扫描出30个 清除感染20 隔离10个

T.Yoshiyuki

fanyunlong 发表于 2016-10-20 15:50
我的 歌德塔套装 也出来秀秀
扫描出30个 清除感染20 隔离10个

建議貼一下日誌
看看報毒名是蠻好玩的一件事 比如你既然說殺30個 比BD本家還多2個
說不定有兩個是GD引擎殺的

小小瞻

windows7爱好者 发表于 2016-10-20 12:33
扫描+监控
剩下27个，其中修复一个48号

折腾了半天，还是没干过BD的扫描