精睿样本测试（16.10.26）

显示全部楼层 · 发表于 2016-10-26 13:09:03

火绒18X
[mw_shl_code=css,true]Huorong Network Security Suite v3.0.49.12 (Last update: 2016-10-25 17:28)
Copyright (C) Huorong Borui (Beijing) Technology Co., Ltd. All rights reserved.

Scan engine version:v3.0.4.0
Signature database fingerprint: ac19e5c:8c1758e:a5b47a6:a5b47a6
Signature database timestamp: 2016-10-25 17:28

Scan started at: 2016-10-26 11:48:34

D:\vc52\2016.10.26\01.vir: HEUR:Trojan/Agent.e
D:\vc52\2016.10.26\03.vir: OMacro/Banker
D:\vc52\2016.10.26\07.vir: TrojanDownloader/JS.Agent.ad
D:\vc52\2016.10.26\21.vir: TrojanDownloader/JS.Nemucod.dl
D:\vc52\2016.10.26\25.vir: OMacro/Downloader
D:\vc52\2016.10.26\32.vir: TrojanDownloader/JS.Agent.ad
D:\vc52\2016.10.26\36.vir: Trojan/VBS.Obfuscated.i
D:\vc52\2016.10.26\37.vir: HEUR:OMacro/WinA.d
D:\vc52\2016.10.26\41.vir: VirTool/MSIL.Obfuscator.b
D:\vc52\2016.10.26\42.vir: Constructor/Drpbat.a
D:\vc52\2016.10.26\43.vir: TrojanDownloader/JS.Nemucod
D:\vc52\2016.10.26\40.vir: Trojan/Bladabindi.c
D:\vc52\2016.10.26\44.vir: TrojanDownloader/JS.Nemucod.cx
D:\vc52\2016.10.26\47.vir: HEUR:Backdoor/Lybsus
D:\vc52\2016.10.26\48.vir: HEUR:OMacro/WinA.d
D:\vc52\2016.10.26\49.vir >> word\vbaProject.bin: OMacro/Downloader.ni
D:\vc52\2016.10.26\50.vir: OMacro/Downloader
D:\vc52\2016.10.26\45.vir: HEUR:VirTool/Obfuscator.gen!B

Scan completed at: 2016-10-26 11:48:51

Total:          50 file(s), 211 objects(s)
Infected:       18 file(s), 18 objects(s)
Deleted:          0 file(s), 0 failure(s)
Disinfected:    0 file(s), 0 failure(s)
Duration:       00:00:17
[/mw_shl_code]

显示全部楼层 · 发表于 2016-10-26 13:20:50

avira kill26x
红伞今天怎么回事，连修复都没有

显示全部楼层 · 发表于 2016-10-26 13:24:52

Avira 34x @a1414007

[mw_shl_code=css,true]Start of the scan: Wednesday, 26 October, 2016  13:21

Starting the file scan:

Begin scan in 'C:\Users\User\Desktop\2016.10.26'
C:\Users\User\Desktop\2016.10.26\01.vir
  [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\Users\User\Desktop\2016.10.26\06.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Locky.VALZ Java script virus
C:\Users\User\Desktop\2016.10.26\07.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Krypt.ipix Java script virus
C:\Users\User\Desktop\2016.10.26\08.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Locky.BCN Java script virus
C:\Users\User\Desktop\2016.10.26\09.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Locky.VALZ Java script virus
C:\Users\User\Desktop\2016.10.26\10.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Locky.VALY Java script virus
C:\Users\User\Desktop\2016.10.26\11.vir
  [DETECTION] Is the TR/FileCoder.gybjk Trojan
C:\Users\User\Desktop\2016.10.26\12.vir
  [DETECTION] Is the TR/Ipac.ihyjc Trojan
Successful Cloud SDK initialization and license check.
The file 'C:\Users\User\Desktop\2016.10.26\13.vir' has been uploaded to the Protection Cloud and analyzed. SHA256 = 6D355AC406A801232A2F85AD57868E12A5A7E9C60BF22B1CFC5B7ED2965AD9E4
C:\Users\User\Desktop\2016.10.26\13.vir (SHA-256: 6d355ac406a801232a2f85ad57868e12a5a7e9c60bf22b1cfc5b7ed2965ad9e4)
  [INFO]    The file 'C:\Users\User\Desktop\2016.10.26\13.vir' has been uploaded to the Protection Cloud and analyzed.
C:\Users\User\Desktop\2016.10.26\14.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Locky.BCN Java script virus
The file 'C:\Users\User\Desktop\2016.10.26\17.vir' has been uploaded to the Protection Cloud and analyzed. SHA256 = B90ED9659F0E355070538FD5B94692BB159A16CD6E1AFEE906D9ABEE6284F463
C:\Users\User\Desktop\2016.10.26\17.vir (SHA-256: b90ed9659f0e355070538fd5b94692bb159a16cd6e1afee906d9abee6284f463)
  [DETECTION] Contains suspicious code HEUR/APC (Cloud)
  [INFO]    The file 'C:\Users\User\Desktop\2016.10.26\17.vir' has been uploaded to the Protection Cloud and analyzed.
C:\Users\User\Desktop\2016.10.26\18.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Locky.VALY Java script virus
The file 'C:\Users\User\Desktop\2016.10.26\20.vir' has been uploaded to the Protection Cloud and analyzed. SHA256 = 54BCBE949BEFB4A191112AB1FDE3AFE324B7F1FBCC51D4CDF917F6D135EE35C0
C:\Users\User\Desktop\2016.10.26\20.vir (SHA-256: 54bcbe949befb4a191112ab1fde3afe324b7f1fbcc51d4cdf917f6d135ee35c0)
  [DETECTION] Is the TR/Crypt.ZPACK.Gen4 (Cloud) Trojan
  [INFO]    The file 'C:\Users\User\Desktop\2016.10.26\20.vir' has been uploaded to the Protection Cloud and analyzed.
C:\Users\User\Desktop\2016.10.26\21.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Nemucod.psa Java script virus
C:\Users\User\Desktop\2016.10.26\22.vir
  [DETECTION] Is the TR/Dropper.MSIL.Gen Trojan
C:\Users\User\Desktop\2016.10.26\23.vir
  [DETECTION] Is the TR/Dropper.VB.hyjvl Trojan
C:\Users\User\Desktop\2016.10.26\24.vir
  [DETECTION] Is the TR/Dropper.MSIL.Gen Trojan
C:\Users\User\Desktop\2016.10.26\25.vir
  [DETECTION] Contains code of the W2000M/Agent.11670 macro virus
C:\Users\User\Desktop\2016.10.26\30.vir
  [DETECTION] Is the TR/Agent.hfjzt Trojan
C:\Users\User\Desktop\2016.10.26\31.vir
  [DETECTION] Is the TR/Confuser.yknys Trojan
C:\Users\User\Desktop\2016.10.26\32.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Krypt.ipix Java script virus
The file 'C:\Users\User\Desktop\2016.10.26\33.vir' has been uploaded to the Protection Cloud and analyzed. SHA256 = 4B8E0708BC3AA5327B3D908F3A0B8682B73157B32F90B3C6633932CFCDC35D6A
C:\Users\User\Desktop\2016.10.26\33.vir (SHA-256: 4b8e0708bc3aa5327b3d908f3a0b8682b73157b32f90b3c6633932cfcdc35d6a)
  [DETECTION] Is the TR/Dropper.VB.Gen4 (Cloud) Trojan
  [INFO]    The file 'C:\Users\User\Desktop\2016.10.26\33.vir' has been uploaded to the Protection Cloud and analyzed.
C:\Users\User\Desktop\2016.10.26\34.vir
  [DETECTION] Is the TR/Crypt.ZPACK.rgcxf Trojan
C:\Users\User\Desktop\2016.10.26\35.vir
  [DETECTION] Is the TR/Crypt.Xpack.yaftj Trojan
C:\Users\User\Desktop\2016.10.26\37.vir
  [DETECTION] Contains code of the W2000M/Agent.28780 macro virus
The file 'C:\Users\User\Desktop\2016.10.26\38.vir' has been uploaded to the Protection Cloud and analyzed. SHA256 = 0C0DACFBBB62547BAE82520181B911DAB0B044843F827CBE0AE533DC84D41365
C:\Users\User\Desktop\2016.10.26\38.vir (SHA-256: 0c0dacfbbb62547bae82520181b911dab0b044843f827cbe0ae533dc84d41365)
  [INFO]    The file 'C:\Users\User\Desktop\2016.10.26\38.vir' has been uploaded to the Protection Cloud and analyzed.
C:\Users\User\Desktop\2016.10.26\40.vir
  [DETECTION] Is the TR/Dropper.Gen7 Trojan
C:\Users\User\Desktop\2016.10.26\41.vir
  [DETECTION] Is the TR/Dropper.Gen Trojan
The file 'C:\Users\User\Desktop\2016.10.26\42.vir' has been uploaded to the Protection Cloud and analyzed. SHA256 = BE923E8EDF65E55315882ACAA942E746F29A41F193A359E70E62A19F5EE02635
C:\Users\User\Desktop\2016.10.26\42.vir (SHA-256: be923e8edf65e55315882acaa942e746f29a41f193a359e70e62a19f5ee02635)
  [DETECTION] Contains suspicious code HEUR/APC (Cloud)
  [INFO]    The file 'C:\Users\User\Desktop\2016.10.26\42.vir' has been uploaded to the Protection Cloud and analyzed.
C:\Users\User\Desktop\2016.10.26\43.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Agent.73445 Java script virus
C:\Users\User\Desktop\2016.10.26\44.vir
  [DETECTION] Contains recognition pattern of the HTML/ExpKit.Gen2 HTML script virus
C:\Users\User\Desktop\2016.10.26\45.vir
  [DETECTION] Is the TR/Crypt.ZPACK.vorqe Trojan
C:\Users\User\Desktop\2016.10.26\47.vir
  [DETECTION] Is the TR/Dropper.VB.iutyb Trojan
C:\Users\User\Desktop\2016.10.26\48.vir
  [DETECTION] Contains suspicious code HEUR/Macro.Dropper
C:\Users\User\Desktop\2016.10.26\49.vir
[0] Archive type: ZIP
--> word/vbaProject.bin
      [DETECTION] Contains suspicious code HEUR/Macro.Agent
      [WARNING] Infected files in archives cannot be repaired
C:\Users\User\Desktop\2016.10.26\50.vir
  [DETECTION] Contains code of the W2000M/Agent.97931338 macro virus[/mw_shl_code]

显示全部楼层 · 发表于 2016-10-26 14:01:17

Panda Free 12X

事件更多详细信息日期/时间状态
---------------------------------------------------------------------------------------------------------------------------------------
扫描正在扫描：C:\Users\heche\Downloads\2016.10.26 2016/10/26 13:59 已完成
检测到木马 Trj/Genetic.gen 位置：C:\Users\heche\Downloads\2016.10.26\2016.10.26\47.vir 2016/10/26 13:59 已删除
检测到木马 Trj/Genetic.gen 位置：C:\Users\heche\Downloads\2016.10.26\2016.10.26\45.vir 2016/10/26 13:59 已删除
检测到木马 Trj/GdSda.A 位置：C:\Users\heche\Downloads\2016.10.26\2016.10.26\41.vir 2016/10/26 13:59 已删除
检测到木马 Trj/GdSda.A 位置：C:\Users\heche\Downloads\2016.10.26\2016.10.26\40.vir 2016/10/26 13:58 已删除
检测到木马 Trj/GdSda.A 位置：C:\Users\heche\Downloads\2016.10.26\2016.10.26\34.vir 2016/10/26 13:58 已删除
检测到木马 Trj/GdSda.A 位置：C:\Users\heche\Downloads\2016.10.26\2016.10.26\30.vir 2016/10/26 13:58 已删除
检测到木马 Trj/GdSda.A 位置：C:\Users\heche\Downloads\2016.10.26\2016.10.26\24.vir 2016/10/26 13:58 已删除
检测到木马 Trj/Genetic.gen 位置：C:\Users\heche\Downloads\2016.10.26\2016.10.26\20.vir 2016/10/26 13:58 已删除
检测到木马 Trj/Genetic.gen 位置：C:\Users\heche\Downloads\2016.10.26\2016.10.26\12.vir 2016/10/26 13:57 已删除
检测到木马 Trj/GdSda.A 位置：C:\Users\heche\Downloads\2016.10.26\2016.10.26\11.vir 2016/10/26 13:57 已删除
检测到木马 JS/Downloader.VWW 位置：C:\Users\heche\Downloads\2016.10.26\2016.10.26\44.vir 2016/10/26 13:57 已删除
检测到木马 Trj/Downloader.XYZ 位置：C:\Users\heche\Downloads\2016.10.26\2016.10.26\21.vir 2016/10/26 13:57 已删除
扫描正在扫描：C:\Users\heche\Downloads\2016.10.26 2016/10/26 13:56 已启动
计算机已免疫您的计算机已免疫。 2016/10/26 13:52 已检疫

复制代码

显示全部楼层 · 发表于 2016-10-26 14:03:12

百度呢？来一个

显示全部楼层 · 发表于 2016-10-26 14:23:50

萧萧先生发表于 2016-10-26 14:03
百度呢？来一个

李先生的东西太高端，我等屁民用不起。

显示全部楼层 · 发表于 2016-10-26 15:12:25

轩夏发表于 2016-10-26 10:13
卡巴

[mw_shl_code=css,true]2016-10-26 10:12:08 C:%users\XuanXia\Desktop\2016.10.26\01.vir ok

尊敬的用户您好，

Hello,

We are working on these files.
01.vir
04.vir
08.vir
10.vir
16.vir
17.vir
20.vir
27.vir
28.vir
29.vir
39.vir
41.vir
43.vir
44.vir
47.vir
49.vir
50.vir

This files are already detected. Please update your bases:
02.vir - Trojan-Dropper.MSWord.Agent.or
03.vir - Trojan-Downloader.MSWord.Agent.ast
05.vir - HEUR:Trojan.Win32.Generic
06.vir - HEUR:Trojan.Script.Agent.gen
07.vir - Trojan-Downloader.MSWord.Agent.atc
09.vir - HEUR:Trojan-Downloader.Script.Generic
11.vir - HEUR:Trojan.Win32.Generic
13.vir - HEUR:Exploit.Script.Generic
14.vir - HEUR:Trojan.Script.Agent.gen
15.vir - HEUR:Trojan-Downloader.Script.Generic
18.vir - HEUR:Trojan-Downloader.Script.Generic
19.vir - Trojan.Win32.Diss.sutjk
21.vir - HEUR:Trojan.Win32.Generic
22.vir - HEUR:Trojan-Downloader.Script.Generic
23.vir - Trojan-Dropper.MSWord.Agent.or
25.vir - Trojan-Spy.MSIL.Agent.yvt
30.vir - Trojan.Win32.Scar.pjei
31.vir - HEUR:Trojan.Script.Agent.gen
32.vir - Trojan-Downloader.MSWord.Agent.asdfto
33.vir - Trojan-Downloader.MSWord.Agent.ast
35.vir - Trojan.Java.Agent.gz
37.vir - HEUR:Trojan.Script.Agent.gen
38.vir - Trojan-Dropper.VBS.Agent.hd
42.vir - Trojan-Downloader.Win32.Agent.adsfyh
45.vir - Trojan-Downloader.MSWord.Agent.asp
46.vir - Trojan.VBS.Agent.adi
48.vir - Trojan-Downloader.MSWord.Agent.asv

The format of these files is safe:
12.vir

Malicious application that may be detected by Mail Anti-Virus was found in files:
24.vir - HEUR:Trojan.PDF.Badur.b

This files are already detected as Adware. Please update your bases:
26.vir - HackTool.MSIL.Skype.a

Malicious application was detected in files. Its detection will be included in the next update 26/10/2016 11:27:19:
34.vir - Trojan.MSIL.Locker.n
36.vir - Trojan-Banker.Win32.Tuhkit.nd

This files are already detected as Riskware. Please update your bases:
40.vir - not-a-virus:RiskTool.Win32.MyPCBackup.lj

显示全部楼层 · 发表于 2016-10-26 15:36:04

Escan TSS 解压加右键扫描共kill 34,剩余16

显示全部楼层 · 发表于 2016-10-26 15:44:55

AVG KILL 27X

显示全部楼层 · 发表于 2016-10-26 15:55:25

FSCS 解压加右键扫描共计35X,剩余15X

[病毒样本] 精睿样本测试（16.10.26）

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源