精睿样本测试（16.11.14）

显示全部楼层 · 发表于 2016-11-14 09:14:53

地址：

https://pan.baidu.com/s/1cbzjoM 提取密码 sppb

http://www.vdisk.cn/down/index/19762470

密码：bbs.vc52.cn
数量：50

显示全部楼层 · 发表于 2016-11-14 09:15:59

本帖最后由 fireherman 于 2016-11-14 09:26 编辑

今天精睿包太…… 还是ESET打鸡血了？39x，差点破40……

ESET-NOD32 ess 8 [v14438/20161113]

Total kill 39x (Fix 2x)

解压 kill 34x (Fix 2x)

[mw_shl_code=css,true]2016/11/14 9:19:55 文件系统实时防护文件 Z:\TEMP\2016.11.14\50.vir Win32/Filecoder.Locky.C 特洛伊木马通过删除清除 PC-X 在应用程序新建的文件上发生事件: D:\Program Files\7-Zip\7zG.exe (7B2B7BD690776565686AAD9757F184B43F0673AC). 4AF36418DD7111B6D8731F0A559C1D82B295B6B4 2016/11/14 9:19:54
2016/11/14 9:19:54 文件系统实时防护文件 Z:\TEMP\2016.11.14\47.vir JS/TrojanDownloader.Nemucod.BLV 特洛伊木马通过删除清除 PC-X 在应用程序新建的文件上发生事件: D:\Program Files\7-Zip\7zG.exe (7B2B7BD690776565686AAD9757F184B43F0673AC). 2A017A41440513D0C9B13AF1480B2C21FA80667D 2016/11/14 9:19:54
2016/11/14 9:19:54 文件系统实时防护文件 Z:\TEMP\2016.11.14\46.vir MSIL/TrojanDownloader.Small.API 特洛伊木马的变种通过删除清除 PC-X 在应用程序新建的文件上发生事件: D:\Program Files\7-Zip\7zG.exe (7B2B7BD690776565686AAD9757F184B43F0673AC). 312DC82185A74C87F9F4FB3709D30C360C2C45D2 2016/11/14 9:19:53
2016/11/14 9:19:53 文件系统实时防护文件 Z:\TEMP\2016.11.14\44.vir VBS/Kryptik.FT 特洛伊木马通过删除清除 PC-X 在应用程序新建的文件上发生事件: D:\Program Files\7-Zip\7zG.exe (7B2B7BD690776565686AAD9757F184B43F0673AC). E470046E6205723A871ABBFB4BD843139D1E075F 2016/11/14 9:19:52
2016/11/14 9:19:52 文件系统实时防护文件 Z:\TEMP\2016.11.14\43.vir JS/TrojanDownloader.Nemucod.BLV 特洛伊木马通过删除清除 PC-X 在应用程序新建的文件上发生事件: D:\Program Files\7-Zip\7zG.exe (7B2B7BD690776565686AAD9757F184B43F0673AC). 2F2E53453F75831A9A7DF13468C39FA90FB6C30B 2016/11/14 9:19:52
2016/11/14 9:19:52 文件系统实时防护文件 Z:\TEMP\2016.11.14\42.vir MSIL/Injector.QPM 特洛伊木马的变种通过删除清除 PC-X 在应用程序新建的文件上发生事件: D:\Program Files\7-Zip\7zG.exe (7B2B7BD690776565686AAD9757F184B43F0673AC). 16A40EA0AE74C6F713CEDF5AA01F885989A3D2A4 2016/11/14 9:19:51
2016/11/14 9:19:50 文件系统实时防护文件 Z:\TEMP\2016.11.14\40.vir Win32/Kryptik.FJKA 特洛伊木马的变种通过删除清除 PC-X 在应用程序新建的文件上发生事件: D:\Program Files\7-Zip\7zG.exe (7B2B7BD690776565686AAD9757F184B43F0673AC). 08E2BEEDCB6FE202C0885BD0939D1926FA7C3AAE 2016/11/14 9:19:49
2016/11/14 9:19:49 文件系统实时防护文件 Z:\TEMP\2016.11.14\39.vir Win32/Injector.DGLZ 特洛伊木马的变种通过删除清除 PC-X 在应用程序新建的文件上发生事件: D:\Program Files\7-Zip\7zG.exe.
2016/11/14 9:19:49 文件系统实时防护文件 Z:\TEMP\2016.11.14\37.vir JS/TrojanDownloader.Nemucod.BMA 特洛伊木马通过删除清除 PC-X 在应用程序新建的文件上发生事件: D:\Program Files\7-Zip\7zG.exe (7B2B7BD690776565686AAD9757F184B43F0673AC). 64D8B1B6DA34E8BB1C06DCC70E0BAB6A73D44CB9 2016/11/14 9:19:48
2016/11/14 9:19:48 文件系统实时防护文件 Z:\TEMP\2016.11.14\36.vir Win32/Boaxxe.EJ 特洛伊木马通过删除清除 PC-X 在应用程序新建的文件上发生事件: D:\Program Files\7-Zip\7zG.exe (7B2B7BD690776565686AAD9757F184B43F0673AC). BFC70D8A5476FC913DB1F4AB0A7AD284A9B81C90 2016/11/14 9:19:47
2016/11/14 9:19:47 文件系统实时防护文件 Z:\TEMP\2016.11.14\35.vir VBA/Kryptik.AB 特洛伊木马已清除 PC-X 在应用程序新建的文件上发生事件: D:\Program Files\7-Zip\7zG.exe (7B2B7BD690776565686AAD9757F184B43F0673AC). B078958DC5C642FCC50E4DCEB09ACD7F213D1EA8 2016/11/14 9:19:47
2016/11/14 9:19:47 文件系统实时防护文件 Z:\TEMP\2016.11.14\34.vir Win32/Filecoder.Locky.D 特洛伊木马通过删除清除 PC-X 在应用程序新建的文件上发生事件: D:\Program Files\7-Zip\7zG.exe (7B2B7BD690776565686AAD9757F184B43F0673AC). 6A461D6995812039410598485FAB06794A6CEA30 2016/11/14 9:19:47
2016/11/14 9:19:47 文件系统实时防护文件 Z:\TEMP\2016.11.14\33.vir JS/TrojanDownloader.Nemucod.BLW 特洛伊木马通过删除清除 PC-X 在应用程序新建的文件上发生事件: D:\Program Files\7-Zip\7zG.exe (7B2B7BD690776565686AAD9757F184B43F0673AC). 0FAB55180FD43DDA4BBEB14737380CED8F6A47BD 2016/11/14 9:19:46
2016/11/14 9:19:46 文件系统实时防护文件 Z:\TEMP\2016.11.14\31.vir Win32/Dridex.AV 特洛伊木马通过删除清除 PC-X 在应用程序新建的文件上发生事件: D:\Program Files\7-Zip\7zG.exe (7B2B7BD690776565686AAD9757F184B43F0673AC). 72E320F4A0A0E90D9215D0850F0991970A937C98 2016/11/14 9:19:46
2016/11/14 9:19:46 文件系统实时防护文件 Z:\TEMP\2016.11.14\30.vir Win32/Kryptik.FJKA 特洛伊木马的变种通过删除清除 PC-X 在应用程序新建的文件上发生事件: D:\Program Files\7-Zip\7zG.exe (7B2B7BD690776565686AAD9757F184B43F0673AC). E1B81C3B8EBE9D054A54C7F9D14D2E5F121921BD 2016/11/14 9:19:45
2016/11/14 9:19:45 文件系统实时防护文件 Z:\TEMP\2016.11.14\29.vir Win32/Brontok.AQ 蠕虫通过删除清除 PC-X 在应用程序新建的文件上发生事件: D:\Program Files\7-Zip\7zG.exe (7B2B7BD690776565686AAD9757F184B43F0673AC). FA1F0AB8614C75940AB56FA7924C84F229A810B1 2016/11/14 9:19:44
2016/11/14 9:19:44 文件系统实时防护文件 Z:\TEMP\2016.11.14\28.vir Win32/OrvellMonitoring.AB 潜在的不安全应用程序的变种已删除 PC-X 在应用程序新建的文件上发生事件: D:\Program Files\7-Zip\7zG.exe (7B2B7BD690776565686AAD9757F184B43F0673AC). 648F8B60AFB06D6871C6B63AC805EB4B8CD2A7D4 2016/11/14 9:19:44
2016/11/14 9:19:44 文件系统实时防护文件 Z:\TEMP\2016.11.14\27.vir MSIL/Injector.QPM 特洛伊木马的变种通过删除清除 PC-X 在应用程序新建的文件上发生事件: D:\Program Files\7-Zip\7zG.exe (7B2B7BD690776565686AAD9757F184B43F0673AC). 042374A032D7F4A7BCFF35A905FA18A8EBD85577 2016/11/14 9:19:43
2016/11/14 9:19:43 文件系统实时防护文件 Z:\TEMP\2016.11.14\25.vir Win32/Keygen.AU 潜在的不安全应用程序的变种已删除 PC-X 在应用程序新建的文件上发生事件: D:\Program Files\7-Zip\7zG.exe (7B2B7BD690776565686AAD9757F184B43F0673AC). B579AFE82BD253CB26A1F06B63E1B10FD8F165EC 2016/11/14 9:19:42
2016/11/14 9:19:42 文件系统实时防护文件 Z:\TEMP\2016.11.14\24.vir VBA/Obfuscated.AD 特洛伊木马通过删除清除 PC-X 在应用程序新建的文件上发生事件: D:\Program Files\7-Zip\7zG.exe (7B2B7BD690776565686AAD9757F184B43F0673AC). 7ED76760461A9C836E49AB9C40270ED7EADB8CE5 2016/11/14 9:19:42
2016/11/14 9:19:42 文件系统实时防护文件 Z:\TEMP\2016.11.14\22.vir Win32/PSW.Autoit.BC 特洛伊木马通过删除清除 PC-X 在应用程序新建的文件上发生事件: D:\Program Files\7-Zip\7zG.exe.
2016/11/14 9:19:40 文件系统实时防护文件 Z:\TEMP\2016.11.14\19.vir NSIS/Injector.JN 特洛伊木马通过删除清除 PC-X 在应用程序新建的文件上发生事件: D:\Program Files\7-Zip\7zG.exe.
2016/11/14 9:19:39 文件系统实时防护文件 Z:\TEMP\2016.11.14\18.vir Win32/Kryptik.FJNA 特洛伊木马的变种通过删除清除 PC-X 在应用程序新建的文件上发生事件: D:\Program Files\7-Zip\7zG.exe (7B2B7BD690776565686AAD9757F184B43F0673AC). D51F2D5A01F65F51911D8DC0724F4A4F758CF9EE 2016/11/14 9:19:39
2016/11/14 9:19:39 文件系统实时防护文件 Z:\TEMP\2016.11.14\16.vir VBA/Obfuscated.AD 特洛伊木马已清除 PC-X 在应用程序新建的文件上发生事件: D:\Program Files\7-Zip\7zG.exe (7B2B7BD690776565686AAD9757F184B43F0673AC). EE1DF4994AC8C944350C2B50352837EA597638B2 2016/11/14 9:19:38
2016/11/14 9:19:38 文件系统实时防护文件 Z:\TEMP\2016.11.14\15.vir Win32/Injector.DHIA 特洛伊木马的变种通过删除清除 PC-X 在应用程序新建的文件上发生事件: D:\Program Files\7-Zip\7zG.exe (7B2B7BD690776565686AAD9757F184B43F0673AC). FD0062AFB1869A90109AF52E561F5142B5B35825 2016/11/14 9:19:38
2016/11/14 9:19:38 文件系统实时防护文件 Z:\TEMP\2016.11.14\14.vir JS/TrojanDownloader.Nemucod.BMG 特洛伊木马通过删除清除 PC-X 在应用程序新建的文件上发生事件: D:\Program Files\7-Zip\7zG.exe (7B2B7BD690776565686AAD9757F184B43F0673AC). 0FEB996AE0520F37DD0DFDE6CC9AEF6BBE146402 2016/11/14 9:19:37
2016/11/14 9:19:37 文件系统实时防护文件 Z:\TEMP\2016.11.14\13.vir JS/TrojanDownloader.Nemucod.BMG 特洛伊木马通过删除清除 PC-X 在应用程序新建的文件上发生事件: D:\Program Files\7-Zip\7zG.exe (7B2B7BD690776565686AAD9757F184B43F0673AC). 714878769632CE545F5B4E2151CDB477987A5EAF 2016/11/14 9:19:37
2016/11/14 9:19:33 文件系统实时防护文件 Z:\TEMP\2016.11.14\10.vir JS/TrojanDownloader.Agent.PEE 特洛伊木马通过删除清除 PC-X 在应用程序新建的文件上发生事件: D:\Program Files\7-Zip\7zG.exe (7B2B7BD690776565686AAD9757F184B43F0673AC). 35F62C5321706AE5253145A61845215130C0E019 2016/11/14 9:19:33
2016/11/14 9:19:33 文件系统实时防护文件 Z:\TEMP\2016.11.14\09.vir Win32/TrojanDownloader.Wauchos.BD 特洛伊木马通过删除清除 PC-X 在应用程序新建的文件上发生事件: D:\Program Files\7-Zip\7zG.exe (7B2B7BD690776565686AAD9757F184B43F0673AC). 1BE1CE167224B22A7A0CEBE8F1472BB65FE53EDF 2016/11/14 9:19:32
2016/11/14 9:19:32 文件系统实时防护文件 Z:\TEMP\2016.11.14\08.vir NSIS/Injector.JJ 特洛伊木马通过删除清除 PC-X 在应用程序新建的文件上发生事件: D:\Program Files\7-Zip\7zG.exe.
2016/11/14 9:19:32 文件系统实时防护文件 Z:\TEMP\2016.11.14\07.vir Linux/Mirai.A 特洛伊木马的变种通过删除清除 PC-X 在应用程序新建的文件上发生事件: D:\Program Files\7-Zip\7zG.exe (7B2B7BD690776565686AAD9757F184B43F0673AC). D996D5F7ACD4A1EAA660AC3ADA7F0EF2E8E18B59 2016/11/14 9:19:31
2016/11/14 9:19:31 文件系统实时防护文件 Z:\TEMP\2016.11.14\06.vir VBS/Agent.NJP 蠕虫通过删除清除 PC-X 在应用程序新建的文件上发生事件: D:\Program Files\7-Zip\7zG.exe (7B2B7BD690776565686AAD9757F184B43F0673AC). 9DFF39A03E345EF7F5F25A012AECA02D970676FE 2016/11/14 9:19:30
2016/11/14 9:19:30 文件系统实时防护文件 Z:\TEMP\2016.11.14\04.vir MSIL/PSW.Agent.OAZ 特洛伊木马的变种通过删除清除 PC-X 在应用程序新建的文件上发生事件: D:\Program Files\7-Zip\7zG.exe (7B2B7BD690776565686AAD9757F184B43F0673AC). FD808AABA8A23DB4FC36ED8F232792B8AA340793 2016/11/14 9:19:30
2016/11/14 9:19:30 文件系统实时防护文件 Z:\TEMP\2016.11.14\01.vir JS/TrojanDownloader.Banload.EI 特洛伊木马通过删除清除 PC-X 在应用程序新建的文件上发生事件: D:\Program Files\7-Zip\7zG.exe (7B2B7BD690776565686AAD9757F184B43F0673AC). A2157815B96365C12CD5CF23B8B269C2E1BA42B2 2016/11/14 9:19:29[/mw_shl_code]

右键二扫 kill 5x (Fix 0x)

[mw_shl_code=css,true]正在扫描日志
病毒库版本: 14438 (20161113)
日期: 2016/11/14 时间: 9:21:12
已扫描的磁盘、文件夹和文件: Z:\TEMP\2016.11.14
Z:\TEMP\2016.11.14\02.vir > WINRARSFX - 压缩文件已损坏
Z:\TEMP\2016.11.14\20.vir > ZIP > classes.dex - Android/Agent.BJ 特洛伊木马的变种 - 扫描完成后再选择处理方式
Z:\TEMP\2016.11.14\23.vir > ZIP > hitoy.exe - MSIL/Injector.QPM 特洛伊木马的变种 - 已删除
Z:\TEMP\2016.11.14\32.vir > ZIP > word/vbaProject.bin - VBA/TrojanDownloader.Agent.BZF 特洛伊木马 - 扫描完成后再选择处理方式
Z:\TEMP\2016.11.14\48.vir > ZIP > dmoprttu.class - Java/TrojanDownloader.Banload.AK 特洛伊木马的变种 - 通过删除清除 [1]
Z:\TEMP\2016.11.14\49.vir > ZIP > word/embeddings/oleObject1.bin > OLEDATA > Bestellug_27_09_2016.js - JS/Retefe.C 特洛伊木马 - 扫描完成后再选择处理方式
Z:\TEMP\2016.11.14\20.vir > ZIP > classes.dex - Android/Agent.BJ 特洛伊木马的变种 - 已删除
Z:\TEMP\2016.11.14\32.vir > ZIP > word/vbaProject.bin - VBA/TrojanDownloader.Agent.BZF 特洛伊木马 - 已删除
Z:\TEMP\2016.11.14\49.vir > ZIP > word/embeddings/oleObject1.bin > OLEDATA > Bestellug_27_09_2016.js - JS/Retefe.C 特洛伊木马 - 已删除
已扫描的对象数: 69
发现的威胁数: 5
已清除对象数: 5
完成时间: 9:21:22 总扫描时间: 10 秒 (00:00:10)

备注:
[1] 由于对象中仅包含病毒主体，因此已被删除。[/mw_shl_code]

显示全部楼层 · 发表于 2016-11-14 09:18:58

卡巴
[mw_shl_code=css,true]2016-11-14 09:17:33 C:\Users\XuanXia\Desktop\2016.11.14\01.vir
2016-11-14 09:17:34 C:\Users\XuanXia\Desktop\2016.11.14\02.vir
2016-11-14 09:17:34 C:\Users\XuanXia\Desktop\2016.11.14\03.vir HEUR:Trojan-Downloader.Script.Generic
2016-11-14 09:17:34 C:\Users\XuanXia\Desktop\2016.11.14\04.vir
2016-11-14 09:17:34 C:\Users\XuanXia\Desktop\2016.11.14\05.vir
2016-11-14 09:17:35 C:\Users\XuanXia\Desktop\2016.11.14\06.vir Trojan.Script.Suspic.gen
2016-11-14 09:17:35 C:\Users\XuanXia\Desktop\2016.11.14\07.vir HEUR:Backdoor.Linux.Gafgyt.x
2016-11-14 09:17:36 C:\Users\XuanXia\Desktop\2016.11.14\08.vir
2016-11-14 09:17:36 C:\Users\XuanXia\Desktop\2016.11.14\09.vir
2016-11-14 09:17:37 C:\Users\XuanXia\Desktop\2016.11.14\10.vir HEUR:Trojan.Script.Agent.gen
2016-11-14 09:17:37 C:\Users\XuanXia\Desktop\2016.11.14\11.vir
2016-11-14 09:17:43 C:\Users\XuanXia\Desktop\2016.11.14\12.vir
2016-11-14 09:17:43 C:\Users\XuanXia\Desktop\2016.11.14\13.vir Trojan-Downloader.JS.Agent.naf
2016-11-14 09:17:44 C:\Users\XuanXia\Desktop\2016.11.14\14.vir Trojan-Downloader.JS.Agent.naf
2016-11-14 09:17:44 C:\Users\XuanXia\Desktop\2016.11.14\15.vir
2016-11-14 09:17:45 C:\Users\XuanXia\Desktop\2016.11.14\16.vir HEUR:Trojan.Script.Agent.gen
2016-11-14 09:17:45 C:\Users\XuanXia\Desktop\2016.11.14\17.vir HEUR:Trojan.Win32.Generic
2016-11-14 09:17:45 C:\Users\XuanXia\Desktop\2016.11.14\18.vir
2016-11-14 09:17:45 C:\Users\XuanXia\Desktop\2016.11.14\19.vir
2016-11-14 09:17:47 C:\Users\XuanXia\Desktop\2016.11.14\20.vir HEUR:Backdoor.AndroidOS.Agent.bl
2016-11-14 09:17:47 C:\Users\XuanXia\Desktop\2016.11.14\21.vir Trojan.PDF.Phish.be
2016-11-14 09:17:50 C:\Users\XuanXia\Desktop\2016.11.14\22.vir
2016-11-14 09:17:50 C:\Users\XuanXia\Desktop\2016.11.14\23.vir Trojan-PSW.Win32.Tepfer.psxqyz
2016-11-14 09:17:51 C:\Users\XuanXia\Desktop\2016.11.14\24.vir HEUR:Trojan.Script.Agent.gen
2016-11-14 09:17:51 C:\Users\XuanXia\Desktop\2016.11.14\25.vir
2016-11-14 09:17:51 C:\Users\XuanXia\Desktop\2016.11.14\26.vir
2016-11-14 09:17:52 C:\Users\XuanXia\Desktop\2016.11.14\27.vir HEUR:Trojan.Win32.Generic
2016-11-14 09:17:52 C:\Users\XuanXia\Desktop\2016.11.14\28.vir
2016-11-14 09:17:52 C:\Users\XuanXia\Desktop\2016.11.14\29.vir Trojan-Downloader.Win32.Brontok.c
2016-11-14 09:17:54 C:\Users\XuanXia\Desktop\2016.11.14\30.vir
2016-11-14 09:17:54 C:\Users\XuanXia\Desktop\2016.11.14\31.vir
2016-11-14 09:17:54 C:\Users\XuanXia\Desktop\2016.11.14\32.vir HEUR:Trojan.Script.Agent.gen
2016-11-14 09:17:55 C:\Users\XuanXia\Desktop\2016.11.14\33.vir HEUR:Trojan.Script.Agent.gen
2016-11-14 09:17:55 C:\Users\XuanXia\Desktop\2016.11.14\34.vir Trojan-Ransom.Win32.Locky.vqv
2016-11-14 09:17:56 C:\Users\XuanXia\Desktop\2016.11.14\35.vir HEUR:Trojan.Script.Agent.gen
2016-11-14 09:17:57 C:\Users\XuanXia\Desktop\2016.11.14\36.vir HEUR:Trojan.Win32.Generic
2016-11-14 09:17:57 C:\Users\XuanXia\Desktop\2016.11.14\37.vir
2016-11-14 09:17:57 C:\Users\XuanXia\Desktop\2016.11.14\38.vir Trojan-Downloader.MSWord.Agent.asdftf
2016-11-14 09:17:58 C:\Users\XuanXia\Desktop\2016.11.14\39.vir Trojan-Ransom.Win32.Rack.fp
2016-11-14 09:17:59 C:\Users\XuanXia\Desktop\2016.11.14\40.vir HEUR:Trojan.Win32.Generic
2016-11-14 09:18:00 C:\Users\XuanXia\Desktop\2016.11.14\41.vir
2016-11-14 09:18:00 C:\Users\XuanXia\Desktop\2016.11.14\42.vir
2016-11-14 09:18:00 C:\Users\XuanXia\Desktop\2016.11.14\43.vir Trojan-Downloader.JS.Agent.mzt
2016-11-14 09:18:00 C:\Users\XuanXia\Desktop\2016.11.14\44.vir
2016-11-14 09:18:01 C:\Users\XuanXia\Desktop\2016.11.14\45.vir HEUR:Trojan-Downloader.Script.Generic
2016-11-14 09:18:01 C:\Users\XuanXia\Desktop\2016.11.14\46.vir HEUR:Trojan.Win32.Generic
2016-11-14 09:18:02 C:\Users\XuanXia\Desktop\2016.11.14\47.vir Trojan-Downloader.JS.Agent.mzt
2016-11-14 09:18:02 C:\Users\XuanXia\Desktop\2016.11.14\48.vir HEUR:Trojan.Java.Agent.gen
2016-11-14 09:18:03 C:\Users\XuanXia\Desktop\2016.11.14\49.vir HEUR:Trojan-Downloader.Script.Generic
2016-11-14 09:18:04 C:\Users\XuanXia\Desktop\2016.11.14\50.vir Trojan-Ransom.Win32.Locky.vlp
; --- Statistics ---
; Time Start: 2016-11-14 09:17:33
; Time Finish: 2016-11-14 09:18:04
; Completion: 100%
; Processed objects: 50
; Total detected: 29
; Detected exact: 12
; Errors: 0
; ------------------[/mw_shl_code]

显示全部楼层 · 发表于 2016-11-14 09:27:09

Avira 34x

[mw_shl_code=css,true]Start of the scan: Monday, 14 November, 2016  09:24

Starting the file scan:

Begin scan in 'C:\Users\Ivan\Desktop\2016.11.14'
Retry 1 for the file 'C:\Users\Ivan\Desktop\2016.11.14\02.vir'. SHA256 = 1150B15092D43EF93CFB77310B9163316B91FFA00E007C083249C229A7C9FFFC
The file 'C:\Users\Ivan\Desktop\2016.11.14\02.vir' has been uploaded to the Protection Cloud and analyzed. SHA256 = 1150B15092D43EF93CFB77310B9163316B91FFA00E007C083249C229A7C9FFFC
C:\Users\Ivan\Desktop\2016.11.14\02.vir (SHA-256: 1150b15092d43ef93cfb77310b9163316b91ffa00e007c083249c229a7c9fffc)
  [DETECTION] Contains suspicious code HEUR/APC (Cloud)
  [INFO]    The file 'C:\Users\Ivan\Desktop\2016.11.14\02.vir' has been uploaded to the Protection Cloud and analyzed.
C:\Users\Ivan\Desktop\2016.11.14\03.vir
  [DETECTION] Contains suspicious code HEUR/Macro.Downloader
C:\Users\Ivan\Desktop\2016.11.14\04.vir
  [DETECTION] Is the TR/Spy.Gen Trojan
C:\Users\Ivan\Desktop\2016.11.14\09.vir
  [DETECTION] Is the TR/Crypt.ZPACK.jrhal Trojan
C:\Users\Ivan\Desktop\2016.11.14\12.vir
  [DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
C:\Users\Ivan\Desktop\2016.11.14\13.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Locky.A Java script virus
C:\Users\Ivan\Desktop\2016.11.14\14.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Locky.A Java script virus
C:\Users\Ivan\Desktop\2016.11.14\15.vir
  [DETECTION] Is the TR/Injector.yzhsi Trojan
C:\Users\Ivan\Desktop\2016.11.14\16.vir
  [DETECTION] Contains suspicious code HEUR/Macro.Agent
C:\Users\Ivan\Desktop\2016.11.14\17.vir
  [DETECTION] Is the TR/Dropper.Gen Trojan
C:\Users\Ivan\Desktop\2016.11.14\18.vir
  [DETECTION] Is the TR/Crypt.Xpack.pgkjj Trojan
C:\Users\Ivan\Desktop\2016.11.14\20.vir
  [DETECTION] Contains code of the ANDROID/Agent.537 virus
C:\Users\Ivan\Desktop\2016.11.14\22.vir
[0] Archive type: Runtime Packed
--> AV00000025.AV$
      [1] Archive type: Portable Executable Resource
   --> SCRIPT
      [2] Archive type: AutoIt
      --> Users\admin\AppData\Local\AutoIt v3\Aut2Exe\aut66AF.tmp.tok
         [DETECTION] Is the TR/Autoit.4790071 Trojan
         [WARNING] Infected files in archives cannot be repaired
C:\Users\Ivan\Desktop\2016.11.14\23.vir
[0] Archive type: ZIP
--> hitoy.exe
      [DETECTION] Is the TR/Dropper.MSIL.fcksu Trojan
      [WARNING] Infected files in archives cannot be repaired
C:\Users\Ivan\Desktop\2016.11.14\24.vir
  [DETECTION] Contains suspicious code HEUR/Macro.Agent
Retry 1 for the file 'C:\Users\Ivan\Desktop\2016.11.14\25.vir'. SHA256 = 35A6FC4AE8639CB815685C9F0A4A8C9866D725A5197A7A9D04415D21A501D41F
The file 'C:\Users\Ivan\Desktop\2016.11.14\25.vir' has been uploaded to the Protection Cloud and analyzed. SHA256 = 35A6FC4AE8639CB815685C9F0A4A8C9866D725A5197A7A9D04415D21A501D41F
C:\Users\Ivan\Desktop\2016.11.14\25.vir (SHA-256: 35a6fc4ae8639cb815685c9f0a4a8c9866d725a5197a7a9d04415d21a501d41f)
  [INFO]    The file 'C:\Users\Ivan\Desktop\2016.11.14\25.vir' has been uploaded to the Protection Cloud and analyzed.
Retry 1 for the file 'C:\Users\Ivan\Desktop\2016.11.14\26.vir'. SHA256 = 3309CA5B95E85BFACBA07614443DEE77598F982C1E1ED87DF4DAA59CA5BB27A9
Retry 2 for the file 'C:\Users\Ivan\Desktop\2016.11.14\26.vir'. SHA256 = 3309CA5B95E85BFACBA07614443DEE77598F982C1E1ED87DF4DAA59CA5BB27A9
The file 'C:\Users\Ivan\Desktop\2016.11.14\26.vir' has been uploaded to the Protection Cloud and analyzed. SHA256 = 3309CA5B95E85BFACBA07614443DEE77598F982C1E1ED87DF4DAA59CA5BB27A9
C:\Users\Ivan\Desktop\2016.11.14\26.vir (SHA-256: 3309ca5b95e85bfacba07614443dee77598f982c1e1ed87df4daa59ca5bb27a9)
  [INFO]    The file 'C:\Users\Ivan\Desktop\2016.11.14\26.vir' has been uploaded to the Protection Cloud and analyzed.
C:\Users\Ivan\Desktop\2016.11.14\27.vir
  [DETECTION] Is the TR/Dropper.MSIL.fcksu Trojan
The file 'C:\Users\Ivan\Desktop\2016.11.14\28.vir' has been uploaded to the Protection Cloud and analyzed. SHA256 = 2CA7B87E3A368BFE0077EF3F78B0B44E2C9F54624EAA46CA1A403606535BD979
C:\Users\Ivan\Desktop\2016.11.14\28.vir (SHA-256: 2ca7b87e3a368bfe0077ef3f78b0b44e2c9f54624eaa46ca1a403606535bd979)
  [INFO]    The file 'C:\Users\Ivan\Desktop\2016.11.14\28.vir' has been uploaded to the Protection Cloud and analyzed.
C:\Users\Ivan\Desktop\2016.11.14\30.vir
  [DETECTION] Is the TR/FileCoder.Y.55 Trojan
C:\Users\Ivan\Desktop\2016.11.14\31.vir
  [DETECTION] Is the TR/Crypt.Xpack.kbqun Trojan
C:\Users\Ivan\Desktop\2016.11.14\32.vir
[0] Archive type: ZIP
--> word/vbaProject.bin
      [DETECTION] Contains code of the W2000M/Dldr.Agent.AM.26460 macro virus
      [WARNING] Infected files in archives cannot be repaired
C:\Users\Ivan\Desktop\2016.11.14\33.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Locky.A Java script virus
C:\Users\Ivan\Desktop\2016.11.14\34.vir
  [DETECTION] Is the TR/Crypt.Xpack.enwog Trojan
C:\Users\Ivan\Desktop\2016.11.14\35.vir
  [DETECTION] Contains suspicious code HEUR/Macro.Dropper
C:\Users\Ivan\Desktop\2016.11.14\37.vir
  [DETECTION] Contains recognition pattern of the HTML/ExpKit.Gen6 HTML script virus
C:\Users\Ivan\Desktop\2016.11.14\39.vir
[0] Archive type: NSIS
--> ProgramFilesDir/OpenCandy.dll
      [DETECTION] Is the TR/Crypt.Xpack.kltqp Trojan
      [WARNING] Infected files in archives cannot be repaired
C:\Users\Ivan\Desktop\2016.11.14\40.vir
  [DETECTION] Is the TR/AD.Locky.tgtwr Trojan
C:\Users\Ivan\Desktop\2016.11.14\41.vir
  [DETECTION] Is the TR/ATRAPS.Gen Trojan
C:\Users\Ivan\Desktop\2016.11.14\42.vir
  [DETECTION] Is the TR/Dropper.MSIL.hrllc Trojan
C:\Users\Ivan\Desktop\2016.11.14\43.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Locky.74005 Java script virus
C:\Users\Ivan\Desktop\2016.11.14\44.vir
  [DETECTION] Contains recognition pattern of the VBS/Dldr.Agent.34222 VBS script virus
C:\Users\Ivan\Desktop\2016.11.14\46.vir
  [DETECTION] Is the TR/Downloader.bmplc Trojan
C:\Users\Ivan\Desktop\2016.11.14\47.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Locky.74005 Java script virus
C:\Users\Ivan\Desktop\2016.11.14\48.vir
[0] Archive type: ZIP
--> dmoprttu.class
      [DETECTION] Contains recognition pattern of the EXP/JAVA.Adwind.BY.Gen exploit
      [WARNING] Infected files in archives cannot be repaired
C:\Users\Ivan\Desktop\2016.11.14\49.vir
[0] Archive type: ZIP
      [DETECTION] Contains recognition pattern of the HTML/ExpKit.Gen2 HTML script virus
      [WARNING] Infected files in archives cannot be repaired
C:\Users\Ivan\Desktop\2016.11.14\50.vir
  [DETECTION] Is the TR/Crypt.ZPACK.vyfpj Trojan[/mw_shl_code]

显示全部楼层 · 发表于 2016-11-14 09:29:06

【扫描信息】

开始时间:2016-11-14 09:28:17
扫描用时:00:00:03
扫描类型:指定位置杀毒
扫描引擎:管家云查杀引擎管家反病毒引擎管家系统修复引擎
扫描状态:扫描完成

【扫描结果】

扫描文件数:50
发现风险数:7
已处理风险数:7

---------------------
2016-11-14 09:28:36 MD5:08cbfbca41747cdda62eaf3715837a97 F:\浏览器下载\2016.11.14\12.vir [Win32.Trojan.Crypt.hoek]  [删除成功]
2016-11-14 09:28:38 MD5:0940c3aca9fd7064bfda10a2bd948175 F:\浏览器下载\2016.11.14\28.vir [Win32.Trojan.Malware.swut]  [删除成功]
2016-11-14 09:28:38 MD5:193f20e6f45be04ef5539de13ba1aed5 F:\浏览器下载\2016.11.14\30.vir [Win32.Trojan.QMSS.13f6]  [删除成功]
2016-11-14 09:28:38 MD5:9a8f48abb7a120d6d1bad2472e1e5073 F:\浏览器下载\2016.11.14\34.vir [Win32.Trojan.QMSS.1088]  [删除成功]
2016-11-14 09:28:38 MD5:b2c89f1f0524b1b321185caa76041713 F:\浏览器下载\2016.11.14\39.vir [Win32.Trojan.Rack.tcco]  [删除成功]
2016-11-14 09:28:39 MD5:2dce9499b0814397e6d8e5d934edbaa6 F:\浏览器下载\2016.11.14\04.vir [Win32.Trojan.Spy.ednz]  [删除成功]
2016-11-14 09:28:39 MD5:37241b6d5c16349b1a982d4787319ef8 F:\浏览器下载\2016.11.14\40.vir [Win32.Trojan.QMSS.0ea1]  [删除成功]
---------------------

显示全部楼层 · 发表于 2016-11-14 09:33:35

本帖最后由 superax 于 2016-11-14 09:54 编辑

SEP14，还剩下16个，杀掉34个。

显示全部楼层 · 发表于 2016-11-14 09:43:40

360杀毒扫描日志

病毒库版本：2016-11-13 15:12
扫描时间：2016-11-14 09:42:00
扫描用时：00:00:36
扫描类型：右键扫描
扫描文件总数：50
项目总数：35
清除项目数：35

扫描选项
----------------------
扫描所有文件：否
扫描压缩包：否
发现病毒处理方式：由用户选择处理
扫描磁盘引导区：是
扫描 Rootkit：否
使用云查杀引擎：是
使用QVM人工智能引擎：是
扫描建议修复项：是
常规引擎设置：BitDefender Avira(小红伞)

扫描内容
----------------------
C:\Users\chy\Desktop\chrome\2016.11.14

白名单设置
----------------------

扫描结果
======================
高危风险项
----------------------
C:\Users\chy\Desktop\chrome\2016.11.14\01.vir js.url.downloader.k 已删除
C:\Users\chy\Desktop\chrome\2016.11.14\03.vir HEUR.Macro.Downloader 已删除
C:\Users\chy\Desktop\chrome\2016.11.14\06.vir virus.vbs.sysautorun.a 已删除
C:\Users\chy\Desktop\chrome\2016.11.14\08.vir HEUR/QVM20.1.25A2.Malware.Gen 已删除
C:\Users\chy\Desktop\chrome\2016.11.14\15.vir HEUR/QVM05.1.25A2.Malware.Gen 已删除
C:\Users\chy\Desktop\chrome\2016.11.14\04.vir TR.Spy.Gen 已删除
C:\Users\chy\Desktop\chrome\2016.11.14\19.vir HEUR/QVM20.1.25A2.Malware.Gen 已删除
C:\Users\chy\Desktop\chrome\2016.11.14\26.vir HEUR/QVM03.0.25A2.Malware.Gen 已删除
C:\Users\chy\Desktop\chrome\2016.11.14\34.vir HEUR/QVM40.1.25A2.Malware.Gen 已删除
C:\Users\chy\Desktop\chrome\2016.11.14\36.vir HEUR/QVM20.1.25A2.Malware.Gen 已删除
C:\Users\chy\Desktop\chrome\2016.11.14\39.vir HEUR/QVM42.1.25A2.Malware.Gen 已删除
C:\Users\chy\Desktop\chrome\2016.11.14\12.vir TR.Crypt.ULPM.Gen 已删除
C:\Users\chy\Desktop\chrome\2016.11.14\17.vir TR.Dropper.Gen 已删除
C:\Users\chy\Desktop\chrome\2016.11.14\18.vir TR.Crypt.XPACK.Gen7 已删除
C:\Users\chy\Desktop\chrome\2016.11.14\07.vir 木马程序(Trojan.Linux.MiraiDDoS.B) 已删除
C:\Users\chy\Desktop\chrome\2016.11.14\27.vir Gen:Variant.MSILPerseus.58593 已删除
C:\Users\chy\Desktop\chrome\2016.11.14\25.vir Gen:Variant.Graftor.294078 已删除
C:\Users\chy\Desktop\chrome\2016.11.14\28.vir 木马程序(Trojan.Generic.15509822) 已删除
C:\Users\chy\Desktop\chrome\2016.11.14\30.vir Gen:Variant.Razy.105408 已删除
C:\Users\chy\Desktop\chrome\2016.11.14\41.vir TR.ATRAPS.Gen 已删除
C:\Users\chy\Desktop\chrome\2016.11.14\40.vir Gen:Variant.Razy.105408 已删除
C:\Users\chy\Desktop\chrome\2016.11.14\31.vir Gen:Variant.Razy.105539 已删除
C:\Users\chy\Desktop\chrome\2016.11.14\42.vir HEUR/QVM03.0.25A2.Malware.Gen 已删除
C:\Users\chy\Desktop\chrome\2016.11.14\16.vir virus.office.obfuscated.1 已修复
C:\Users\chy\Desktop\chrome\2016.11.14\20.vir ANDROID.Agent.537 已删除
C:\Users\chy\Desktop\chrome\2016.11.14\24.vir virus.office.obfuscated.1 已修复
C:\Users\chy\Desktop\chrome\2016.11.14\29.vir 蠕虫病毒(Worm.Brontok.HTML.A) 已删除
C:\Users\chy\Desktop\chrome\2016.11.14\33.vir 木马程序(Trojan.Script.Agent.JE) 已删除
C:\Users\chy\Desktop\chrome\2016.11.14\37.vir virus.js.gen.90 已删除
C:\Users\chy\Desktop\chrome\2016.11.14\38.vir heur.macro.powershell.b 已修复
C:\Users\chy\Desktop\chrome\2016.11.14\43.vir virus.js.gen.80 已删除
C:\Users\chy\Desktop\chrome\2016.11.14\44.vir virus.vbs.pattdropper.b 已删除
C:\Users\chy\Desktop\chrome\2016.11.14\45.vir js.url.downloader.k 已删除
C:\Users\chy\Desktop\chrome\2016.11.14\47.vir virus.js.gen.75 已删除
C:\Users\chy\Desktop\chrome\2016.11.14\49.vir virus.js.gen.1 已删除

显示全部楼层 · 发表于 2016-11-14 14:48:47

又沒人測宇宙無敵大BD？我來

殺37x 其中修復4x

[mw_shl_code=css,true]D:\TEST\daily\2016.11.14\49.vir.DOCX=>word=>embeddings=>oleObject1.bin=>Bestellug_27_09_2016.js Exploit.OLE-JS.Gen Moved to Quarantine
D:\TEST\daily\2016.11.14\39.vir.exe=>(NSIS o)=>zlib_nsis0000 Trojan.NSIS.Androm.7 Moved to Quarantine
D:\TEST\daily\2016.11.14\13.vir.html=>(JAVASCRIPT 2) Trojan.JS.Agent.OKG Moved to Quarantine
D:\TEST\daily\2016.11.14\01.vir.JS Trojan.GenericKD.3685788 Deleted
D:\TEST\daily\2016.11.14\33.vir.html Trojan.Script.Agent.JE Moved to Quarantine
D:\TEST\daily\2016.11.14\20.vir.APK=>META-INF/CERT.RSA Android.Riskware.Agent.AF Deleted
D:\TEST\daily\2016.11.14\05.vir.DOC W97M.Downloader.ERC Disinfected
D:\TEST\daily\2016.11.14\29.vir.html Worm.Brontok.HTML.A Moved to Quarantine
D:\TEST\daily\2016.11.14\50.vir.exe Trojan.GenericKD.3685146 Deleted
D:\TEST\daily\2016.11.14\48.vir.ZIP=>dmoprttu.class Java.Trojan.GenericGB.1 Deleted
D:\TEST\daily\2016.11.14\30.vir.dll Gen:Variant.Locky.26 Deleted
D:\TEST\daily\2016.11.14\13.vir.html=>(INFECTED_JS) JS:Trojan.JS.Agent.OKH Moved to Quarantine
D:\TEST\daily\2016.11.14\39.vir.exe=>(NSIS o)=>zlib_nsis0007 Gen:Variant.Razy.101882 Moved to Quarantine
D:\TEST\daily\2016.11.14\47.vir.txt=>(INFECTED_JS) JS:Trojan.JS.Downloader.GYG Deleted
D:\TEST\daily\2016.11.14\18.vir.exe Trojan.GenericKD.3694704 Deleted
D:\TEST\daily\2016.11.14\36.vir.exe Adware.GenericKD.3684648 Deleted
D:\TEST\daily\2016.11.14\15.vir.exe Trojan.Generic.19662858 Deleted
D:\TEST\daily\2016.11.14\44.vir.txt Trojan.JS.Agent.OHW Deleted
D:\TEST\daily\2016.11.14\28.vir.exe Trojan.Generic.15509822 Deleted
D:\TEST\daily\2016.11.14\46.vir.exe Trojan.Generic.19652137 Deleted
D:\TEST\daily\2016.11.14\37.vir.JS=>(INFECTED_JS) JS:Trojan.JS.Downloader.GYK Deleted
D:\TEST\daily\2016.11.14\43.vir.txt=>(INFECTED_JS) JS:Trojan.JS.Downloader.GYG Deleted
D:\TEST\daily\2016.11.14\42.vir.exe Trojan.Generic.19643790 Deleted
D:\TEST\daily\2016.11.14\40.vir.dll Gen:Variant.Locky.26 Deleted
D:\TEST\daily\2016.11.14\34.vir.dll Trojan.GenericKD.3685937 Deleted
D:\TEST\daily\2016.11.14\12.vir.exe Gen:Trojan.Heur.VP.imLfa4iO9zI Deleted
D:\TEST\daily\2016.11.14\32.vir.DOCM=>word/vbaProject.bin Trojan.MSWord.Downloader.AN Disinfected
D:\TEST\daily\2016.11.14\31.vir.exe Trojan.GenericKD.3684097 Deleted
D:\TEST\daily\2016.11.14\09.vir.exe Trojan.GenericKD.3693231 Deleted
D:\TEST\daily\2016.11.14\27.vir.exe Gen:Variant.Zusy.211194 Deleted
D:\TEST\daily\2016.11.14\25.vir.exe Gen:Variant.Graftor.294078 Deleted
D:\TEST\daily\2016.11.14\23.vir.ZIP=>hitoy.exe Gen:Variant.Zusy.211194 Deleted
D:\TEST\daily\2016.11.14\04.vir.exe Trojan.GenericKD.3669818 Deleted
D:\TEST\daily\2016.11.14\22.vir.exe Trojan.Generic.19684360 Deleted
D:\TEST\daily\2016.11.14\19.vir.exe Trojan.RanSerKD.3697963 Deleted
D:\TEST\daily\2016.11.14\10.vir.JS Trojan.GenericKD.3682969 Deleted
D:\TEST\daily\2016.11.14\08.vir.exe Trojan.RanSerKD.3689139 Deleted
D:\TEST\daily\2016.11.14\07.vir.Linux_ELF Trojan.Linux.MiraiDDoS.B Deleted
D:\TEST\daily\2016.11.14\14.vir.html=>(JAVASCRIPT 2) Trojan.JS.Agent.OKG Moved to Quarantine
D:\TEST\daily\2016.11.14\14.vir.html=>(INFECTED_JS) JS:Trojan.JS.Agent.OKH Moved to Quarantine
[/mw_shl_code]

显示全部楼层 · 发表于 2016-11-14 15:32:59

费尔 9x

显示全部楼层 · 发表于 2016-11-14 15:53:42

McAfee VirusScan Enterprise 8.8.1588
5900 Engine Beta 2
DAT: 8348
kill - 28

[mw_shl_code=html,true]07.vir Linux/Mirai
08.vir Artemis!5385B95F1EAC
04.vir Artemis!2DCE9499B081
09.vir Artemis!B75787ABF1CD
10.vir JS/Nemucod.pe
13.vir JS/Nemucod.jg
12.vir Artemis!08CBFBCA4174
15.vir Artemis!21CD34AFBE22
19.vir Artemis!C89B3D5244E7
14.vir JS/Nemucod.jg
18.vir Artemis!F7C5C97E3B6C
20.vir Artemis!E3F8C0F63FA6
23.vir\hitoy.exe RDN/Generic.grp
24.vir\_VBA_PROJECT W97M/Downloader.bfa
28.vir Artemis!0940C3ACA9FD
29.vir W32/Rontokbro.gen!htm
30.vir Ransomware-FUJ!193F20E6F45B
31.vir Drixed-FFB!505E26D4AB39
33.vir JS/Nemucod.jg
37.vir JS/Nemucod.oe
36.vir Artemis!B4BEF298B6BE
40.vir Ransomware-FUJ!37241B6D5C16
41.vir Artemis!AA3F8E874158
39.vir\8.nsis RDN/Generic.dx
43.vir JS/Nemucod.jg
46.vir GenericRXAF-HB!EEB52D160B2D
47.vir JS/Nemucod.jg
49.vir\word/embeddings/oleObject1.bin\BESTEL~2.JS JS/Nemucod.io[/mw_shl_code]

[病毒样本] 精睿样本测试（16.11.14）

本帖子中包含更多资源

本帖子中包含更多资源