精睿样本测试（16.10.24）

skyboybone

心醉咖啡 发表于 2016-10-24 09:16
Huorong Security Anti-Malware Scan Log
Copyright (C) Huorong Security Lab. All rights reserved.

火绒还英文，真高档

心醉咖啡

skyboybone 发表于 2016-10-24 12:11
火绒还英文，真高档

它导出来的日志就长这鸟样

lucifer-

avg

Eset小粉絲

Avira 31x

[mw_shl_code=css,true]Start of the scan: Monday, 24 October, 2016  12:20

Starting the file scan:

Begin scan in 'C:\Users\User\Desktop\2016.10.24'
C:\Users\User\Desktop\2016.10.24\02.vir
  [DETECTION] Contains code of the W2000M/Agent.28780 macro virus
C:\Users\User\Desktop\2016.10.24\03.vir
    [0] Archive type: ZIP
    --> word/vbaProject.bin
        [DETECTION] Contains suspicious code HEUR/Macro.Agent
        [WARNING]   Infected files in archives cannot be repaired
Successful Cloud SDK initialization and license check.
The file 'C:\Users\User\Desktop\2016.10.24\04.vir' has been uploaded to the Protection Cloud and analyzed. SHA256 = C980D883C9F8AF014BE00D6E449992CC413C867B8CE3715ECD7D4385B122EB69
C:\Users\User\Desktop\2016.10.24\04.vir (SHA-256: c980d883c9f8af014be00d6e449992cc413c867b8ce3715ecd7d4385b122eb69)
  [INFO]      The file 'C:\Users\User\Desktop\2016.10.24\04.vir' has been uploaded to the Protection Cloud and analyzed.
C:\Users\User\Desktop\2016.10.24\05.vir
  [DETECTION] Contains a recognition pattern of the (harmful) BDS/Backdoor.Gen back-door program
C:\Users\User\Desktop\2016.10.24\07.vir
  [DETECTION] Contains code of the W2000M/Agent.79360 macro virus
C:\Users\User\Desktop\2016.10.24\09.vir
    [0] Archive type: ZIP
        [DETECTION] Contains recognition pattern of the HTML/ExpKit.Gen2 HTML script virus
        [WARNING]   Infected files in archives cannot be repaired
C:\Users\User\Desktop\2016.10.24\11.vir
  [DETECTION] Is the TR/Kryptik.vasiu Trojan
C:\Users\User\Desktop\2016.10.24\12.vir
    [0] Archive type: XZ
    --> AV00000038.AV$
        [1] Archive type: TAR (tape archiver)
      --> payment_swift.exe
          [DETECTION] Is the TR/Dropper.MSIL.dnsvf Trojan
          [WARNING]   Infected files in archives cannot be repaired
C:\Users\User\Desktop\2016.10.24\15.vir
  [DETECTION] Contains suspicious code HEUR/Macro.Dropper
C:\Users\User\Desktop\2016.10.24\16.vir
  [DETECTION] Is the TR/Crypt.EPACK.Gen2 Trojan
The file 'C:\Users\User\Desktop\2016.10.24\17.vir' was scanned with the Protection Cloud. SHA256 = C962FCBDE6EE63447CD10C7736BBB70266AE7BF0C08B9910D3BC35BA84926EB6
C:\Users\User\Desktop\2016.10.24\18.vir
    [0] Archive type: ZIP
        [DETECTION] Contains recognition pattern of the HTML/ExpKit.Gen2 HTML script virus
        [WARNING]   Infected files in archives cannot be repaired
C:\Users\User\Desktop\2016.10.24\19.vir
  [DETECTION] Is the TR/Drop.Small.axwqz Trojan
C:\Users\User\Desktop\2016.10.24\22.vir
  [DETECTION] Contains code of the W2000M/AgentLK.JD macro virus
C:\Users\User\Desktop\2016.10.24\23.vir
  [DETECTION] Contains code of the W2000M/Agent.28780 macro virus
C:\Users\User\Desktop\2016.10.24\25.vir
  [DETECTION] Is the TR/Dropper.MSIL.yfrr Trojan
The file 'C:\Users\User\Desktop\2016.10.24\27.vir' has been uploaded to the Protection Cloud and analyzed. SHA256 = 03D38DFB282AA3501AF29D90D7F5BD64E5764A4BE6B03ACB96A8E198C1CDF0E6
C:\Users\User\Desktop\2016.10.24\27.vir (SHA-256: 03d38dfb282aa3501af29d90d7f5bd64e5764a4be6b03acb96a8e198c1cdf0e6)
  [DETECTION] Contains suspicious code HEUR/APC (Cloud)
  [INFO]      The file 'C:\Users\User\Desktop\2016.10.24\27.vir' has been uploaded to the Protection Cloud and analyzed.
C:\Users\User\Desktop\2016.10.24\30.vir
  [DETECTION] Is the TR/Dropper.MSIL.hdakp Trojan
C:\Users\User\Desktop\2016.10.24\31.vir
    [0] Archive type: ZIP
    --> word/vbaProject.bin
        [DETECTION] Contains code of the W2000M/Agent.0403767 macro virus
        [WARNING]   Infected files in archives cannot be repaired
C:\Users\User\Desktop\2016.10.24\32.vir
  [DETECTION] Contains code of the W2000M/Drop.Zdowbot.01410 macro virus
C:\Users\User\Desktop\2016.10.24\33.vir
    [0] Archive type: ZIP
    --> word/vbaProject.bin
        [DETECTION] Contains suspicious code HEUR/Macro.Agent
        [WARNING]   Infected files in archives cannot be repaired
C:\Users\User\Desktop\2016.10.24\34.vir
  [DETECTION] Is the TR/Spy.nkpfy Trojan
C:\Users\User\Desktop\2016.10.24\35.vir
    [0] Archive type: ZIP
    --> ssssaddweeededededqaeqdwwqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqweqs.class
        [DETECTION] Contains recognition pattern of the JAVA/Adwind.179.15 Java virus
        [WARNING]   Infected files in archives cannot be repaired
    --> ssssaddweeededededqaeqdwwqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqweqf.class
        [DETECTION] Contains recognition pattern of the JAVA/Adwind.179.3 Java virus
        [WARNING]   Infected files in archives cannot be repaired
    --> ssssaddweeededededqaeqdwwqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqweqx.class
        [DETECTION] Contains recognition pattern of the JAVA/Adwind.179.19 Java virus
        [WARNING]   Infected files in archives cannot be repaired
    --> ssssaddweeededededqaeqdwwqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqweqa.class
        [DETECTION] Contains recognition pattern of the JAVA/Adwind.186 Java virus
        [WARNING]   Infected files in archives cannot be repaired
    --> ssssaddweeededededqaeqdwwqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqweqh.class
        [DETECTION] Contains recognition pattern of the JAVA/Adwind.179.4 Java virus
        [WARNING]   Infected files in archives cannot be repaired
    --> ssssaddweeededededqaeqdwwqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqweqz.class
        [DETECTION] Contains recognition pattern of the JAVA/Adwind.179.21 Java virus
        [WARNING]   Infected files in archives cannot be repaired
    --> ssssaddweeededededqaeqdwwqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqweqw.class
        [DETECTION] Contains recognition pattern of the JAVA/Adwind.179.18 Java virus
        [WARNING]   Infected files in archives cannot be repaired
    --> ssssaddweeededededqaeqdwwqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqweqc.class
        [DETECTION] Contains recognition pattern of the JAVA/Adwind.179.2 Java virus
        [WARNING]   Infected files in archives cannot be repaired
    --> ssssaddweeededededqaeqdwwqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqweqp.class
        [DETECTION] Contains recognition pattern of the JAVA/Adwind.179.12 Java virus
        [WARNING]   Infected files in archives cannot be repaired
    --> ssssaddweeededededqaeqdwwqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqweql.class
        [DETECTION] Contains recognition pattern of the JAVA/Adwind.179.8 Java virus
        [WARNING]   Infected files in archives cannot be repaired
    --> ssssaddweeededededqaeqdwwqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqweqr.class
        [DETECTION] Contains recognition pattern of the JAVA/Adwind.179.14 Java virus
        [WARNING]   Infected files in archives cannot be repaired
    --> ssssaddweeededededqaeqdwwqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqweqi.class
        [DETECTION] Contains recognition pattern of the JAVA/Adwind.179.5 Java virus
        [WARNING]   Infected files in archives cannot be repaired
    --> ssssaddweeededededqaeqdwwqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqweqj.class
        [DETECTION] Contains recognition pattern of the JAVA/Adwind.179.6 Java virus
        [WARNING]   Infected files in archives cannot be repaired
    --> ssssaddweeededededqaeqdwwqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqweqn.class
        [DETECTION] Contains recognition pattern of the JAVA/Adwind.179.10 Java virus
        [WARNING]   Infected files in archives cannot be repaired
    --> ssssaddweeededededqaeqdwwqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqweqt.class
        [DETECTION] Contains recognition pattern of the JAVA/Adwind.179.16 Java virus
        [WARNING]   Infected files in archives cannot be repaired
    --> ssssaddweeededededqaeqdwwqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqweqm.class
        [DETECTION] Contains recognition pattern of the JAVA/Adwind.179.9 Java virus
        [WARNING]   Infected files in archives cannot be repaired
    --> ssssaddweeededededqaeqdwwqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqweqy.class
        [DETECTION] Contains recognition pattern of the JAVA/Adwind.179.20 Java virus
        [WARNING]   Infected files in archives cannot be repaired
    --> DocumentLists.class
        [DETECTION] Contains recognition pattern of the JAVA/Dldr.Agent.722323.10 Java virus
        [WARNING]   Infected files in archives cannot be repaired
    --> ssssaddweeededededqaeqdwwqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqweqk.class
        [DETECTION] Contains recognition pattern of the JAVA/Adwind.179.7 Java virus
        [WARNING]   Infected files in archives cannot be repaired
    --> ssssaddweeededededqaeqdwwqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqweqo.class
        [DETECTION] Contains recognition pattern of the JAVA/Adwind.179.11 Java virus
        [WARNING]   Infected files in archives cannot be repaired
    --> ssssaddweeededededqaeqdwwqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqweqb.class
        [DETECTION] Contains recognition pattern of the JAVA/Adwind.179.1 Java virus
        [WARNING]   Infected files in archives cannot be repaired
    --> ssssaddweeededededqaeqdwwqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqwequ.class
        [DETECTION] Contains recognition pattern of the JAVA/Adwind.179.17 Java virus
        [WARNING]   Infected files in archives cannot be repaired
    --> ssssaddweeededededqaeqdwwqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqssssaddweeededededqaeqdwwqweqweqq.class
        [DETECTION] Contains recognition pattern of the JAVA/Adwind.179.13 Java virus
        [WARNING]   Infected files in archives cannot be repaired
C:\Users\User\Desktop\2016.10.24\36.vir
  [DETECTION] Is the TR/Crypt.ZPACK.ozfir Trojan
C:\Users\User\Desktop\2016.10.24\37.vir
    [0] Archive type: ZIP
    --> word/vbaProject.bin
        [DETECTION] Contains code of the W2000M/Agent.42235 macro virus
        [WARNING]   Infected files in archives cannot be repaired
C:\Users\User\Desktop\2016.10.24\40.vir
  [DETECTION] Is the TR/Dropper.Gen Trojan
C:\Users\User\Desktop\2016.10.24\42.vir
  [DETECTION] Is the TR/Crypt.Xpack.dgdib Trojan
C:\Users\User\Desktop\2016.10.24\43.vir
  [DETECTION] Contains virus patterns of Adware ADWARE/DealPly.A.17888
The file 'C:\Users\User\Desktop\2016.10.24\44.vir' has been uploaded to the Protection Cloud and analyzed. SHA256 = 9507316FFF651AC13FCEB97FBA213154A92A54438B71F74E2C31FCDDFB79AA3B
C:\Users\User\Desktop\2016.10.24\44.vir (SHA-256: 9507316fff651ac13fceb97fba213154a92a54438b71f74e2c31fcddfb79aa3b)
  [DETECTION] Contains suspicious code HEUR/APC (Cloud)
  [INFO]      The file 'C:\Users\User\Desktop\2016.10.24\44.vir' has been uploaded to the Protection Cloud and analyzed.
C:\Users\User\Desktop\2016.10.24\45.vir
  [DETECTION] Contains code of the W2000M/Fereit.19810 macro virus
C:\Users\User\Desktop\2016.10.24\46.vir
  [DETECTION] Contains recognition pattern of the JS/Drop.Agent.44747 Java script virus
C:\Users\User\Desktop\2016.10.24\48.vir
  [DETECTION] Contains suspicious code HEUR/Macro.Downloader
C:\Users\User\Desktop\2016.10.24\50.vir
  [DETECTION] Is the TR/Agent.pshdu Trojan[/mw_shl_code]

DF快递

fireherman 发表于 2016-10-24 10:02
因为Homo都喜欢吹毛求疵，发帖都务求漂漂亮亮，看着要赏心悦目。

ESET能查出并删除（通过删除 ...

修复是什么概念,有点不懂.
是把被感染的文件变回正常的文件?

DF快递

BD解压20kill
右键 1
剩余29

fireherman

DF快递 发表于 2016-10-24 12:25
修复是什么概念,有点不懂.
是把被感染的文件变回正常的文件?

差不多就是这样。

lucifer-

360tse 10X

T.Yoshiyuki

fireherman 发表于 2016-10-24 11:02
因为Homo都喜欢吹毛求疵，发帖都务求漂漂亮亮，看着要赏心悦目。

ESET能查出并删除（通过删除 ...

Emsisoft: 修復是什麼？咱家只有“隔離”和“刪除”
等等……你是Homo？
我也是強迫症 不過類型不同 不是追求漂亮 而是追求統一

fireherman

T.Yoshiyuki 发表于 2016-10-24 13:01
Emsisoft: 修復是什麼？咱家只有“隔離”和“刪除”
等等……你是Homo？
我也是強迫症 不過類 ...

你觉得一个Str8会用一张阳刚俊美的、半裸的男模照片做头像吗？

莫非阁下也是……同道中人？（Gaydar）

我从来不追求漂亮，只追求强壮。