精睿样本测试（16.11.15）

驭龙

猪头无双 发表于 2016-11-15 11:25
MSE,25kill, 1 repair total 26x, miss 24x

你确定不是WD么？看系统主题，你应该是Windows 10，应该不可能安装MSE啊

猪头无双

驭龙 发表于 2016-11-15 11:29
你确定不是WD么？看系统主题，你应该是Windows 10，应该不可能安装MSE啊

额，直接拿WD=MSE了

驭龙

猪头无双 发表于 2016-11-15 11:29
额，直接拿WD=MSE了

现在的云方面，MSE好像弱于WD

Eset小粉絲

Avira 32x

[mw_shl_code=css,true]Start of the scan: Tuesday, 15 November, 2016  11:29

Starting the file scan:

Begin scan in 'C:\Users\Ivan\Desktop\2016.11.15'
C:\Users\Ivan\Desktop\2016.11.15\01.vir
  [DETECTION] Contains code of the W2000M/Agent.9815386 macro virus
Successful Cloud SDK initialization and license check.
The file 'C:\Users\Ivan\Desktop\2016.11.15\02.vir' has been uploaded to the Protection Cloud and analyzed. SHA256 = E5D342684BCA7AACF876569B65984ED1A3654C0274035E42F77BDF86312AE6B4
C:\Users\Ivan\Desktop\2016.11.15\02.vir (SHA-256: e5d342684bca7aacf876569b65984ed1a3654c0274035e42f77bdf86312ae6b4)
  [INFO]      The file 'C:\Users\Ivan\Desktop\2016.11.15\02.vir' has been uploaded to the Protection Cloud and analyzed.
C:\Users\Ivan\Desktop\2016.11.15\03.vir
  [DETECTION] Contains recognition pattern of the VBS/Dldr.Agent.sgds VBS script virus
C:\Users\Ivan\Desktop\2016.11.15\04.vir
  [DETECTION] Contains recognition pattern of the HTML/ExpKit.Gen6 HTML script virus
C:\Users\Ivan\Desktop\2016.11.15\06.vir
  [DETECTION] Contains code of the W2000M/Agent.15660 macro virus
C:\Users\Ivan\Desktop\2016.11.15\07.vir
  [DETECTION] Is the TR/Crypt.ZPACK.gqflj Trojan
C:\Users\Ivan\Desktop\2016.11.15\09.vir
  [DETECTION] Contains code of the W2000M/Agent.15660 macro virus
C:\Users\Ivan\Desktop\2016.11.15\11.vir
    [0] Archive type: RAR SFX (self extracting)
    --> server2.sfx.exe
        [1] Archive type: RAR SFX (self extracting)
      --> CMT
          [DETECTION] Is the TR/Dropper.Gen Trojan
          [WARNING]   Infected files in archives cannot be repaired
C:\Users\Ivan\Desktop\2016.11.15\12.vir
  [DETECTION] Contains code of the W2000M/Agent.15660 macro virus
C:\Users\Ivan\Desktop\2016.11.15\13.vir
  [DETECTION] Is the TR/Genasom.damvh Trojan
The file 'C:\Users\Ivan\Desktop\2016.11.15\14.vir' has been uploaded to the Protection Cloud and analyzed. SHA256 = A8B0997A82BF29FFF15D22AF13462958398BCC7C9D496C40D694584AA72B29DD
C:\Users\Ivan\Desktop\2016.11.15\14.vir (SHA-256: a8b0997a82bf29fff15d22af13462958398bcc7c9d496c40d694584aa72b29dd)
  [DETECTION] Contains suspicious code HEUR/APC (Cloud)
  [INFO]      The file 'C:\Users\Ivan\Desktop\2016.11.15\14.vir' has been uploaded to the Protection Cloud and analyzed.
C:\Users\Ivan\Desktop\2016.11.15\15.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Locky.A Java script virus
C:\Users\Ivan\Desktop\2016.11.15\16.vir
  [DETECTION] Is the TR/Spy.Agent.bdyox Trojan
C:\Users\Ivan\Desktop\2016.11.15\18.vir
  [DETECTION] Contains code of the W2000M/Agent.15660 macro virus
C:\Users\Ivan\Desktop\2016.11.15\19.vir
  [DETECTION] Is the TR/Dropper.tbybk Trojan
C:\Users\Ivan\Desktop\2016.11.15\20.vir
  [DETECTION] Is the TR/Dropper.MSIL.nnqfg Trojan
C:\Users\Ivan\Desktop\2016.11.15\21.vir
  [DETECTION] Is the TR/Dropper.MSIL.nllch Trojan
The file 'C:\Users\Ivan\Desktop\2016.11.15\22.vir' has been uploaded to the Protection Cloud and analyzed. SHA256 = E59D1F500972706818C553F677A4A648BA807A9B206E8EEF555E58EEC31F8A3F
C:\Users\Ivan\Desktop\2016.11.15\22.vir (SHA-256: e59d1f500972706818c553f677a4a648ba807a9b206e8eef555e58eec31f8a3f)
  [DETECTION] Contains suspicious code HEUR/APC (Cloud)
  [INFO]      The file 'C:\Users\Ivan\Desktop\2016.11.15\22.vir' has been uploaded to the Protection Cloud and analyzed.
C:\Users\Ivan\Desktop\2016.11.15\23.vir
  [DETECTION] Is the TR/Dropper.Gen Trojan
C:\Users\Ivan\Desktop\2016.11.15\24.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Locky.A Java script virus
C:\Users\Ivan\Desktop\2016.11.15\25.vir
  [DETECTION] Contains recognition pattern of the HTML/ExpKit.Gen6 HTML script virus
C:\Users\Ivan\Desktop\2016.11.15\26.vir
    [0] Archive type: ZIP
    --> sgahuetrwa/rwdfshsdsadqwq.class
        [DETECTION] Contains recognition pattern of the EXP/JAVA.Adwind.BZ.Gen exploit
        [WARNING]   Infected files in archives cannot be repaired
C:\Users\Ivan\Desktop\2016.11.15\27.vir
  [DETECTION] Is the TR/Ransom.Locky.vmjij Trojan
C:\Users\Ivan\Desktop\2016.11.15\29.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Locky.B Java script virus
C:\Users\Ivan\Desktop\2016.11.15\31.vir
  [DETECTION] Contains recognition pattern of the HTML/ExpKit.Gen6 HTML script virus
C:\Users\Ivan\Desktop\2016.11.15\34.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Locky.B Java script virus
C:\Users\Ivan\Desktop\2016.11.15\35.vir
  [DETECTION] Contains recognition pattern of the HTML/ExpKit.Gen6 HTML script virus
C:\Users\Ivan\Desktop\2016.11.15\39.vir
  [DETECTION] Is the TR/Crypt.ZPACK.pyjzz Trojan
C:\Users\Ivan\Desktop\2016.11.15\41.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Locky.VALB Java script virus
C:\Users\Ivan\Desktop\2016.11.15\43.vir
    [0] Archive type: RAR
    --> Inquiry.exe
        [DETECTION] Is the TR/Dropper.VB.rgqup Trojan
        [WARNING]   Infected files in archives cannot be repaired
The file 'C:\Users\Ivan\Desktop\2016.11.15\46.vir' has been uploaded to the Protection Cloud and analyzed. SHA256 = 2D742CE57992D3479D5BDDDB08EC91D01911414A7634B38F4E59F29BECE24925
C:\Users\Ivan\Desktop\2016.11.15\46.vir (SHA-256: 2d742ce57992d3479d5bdddb08ec91d01911414a7634b38f4e59f29bece24925)
  [DETECTION] Is the TR/Crypt.ZPACK.Gen2 (Cloud) Trojan
  [INFO]      The file 'C:\Users\Ivan\Desktop\2016.11.15\46.vir' has been uploaded to the Protection Cloud and analyzed.
C:\Users\Ivan\Desktop\2016.11.15\47.vir
  [DETECTION] Is the TR/Crypt.ZPACK.qsgdk Trojan
C:\Users\Ivan\Desktop\2016.11.15\50.vir
  [DETECTION] Contains recognition pattern of the HTML/ExpKit.Gen6 HTML script virus[/mw_shl_code]

猪头无双

驭龙 发表于 2016-11-15 11:30
现在的云方面，MSE好像弱于WD

嗯，确实，现在WD开着基于云的防护，有样本直接提示上传

效率比MSE高不少

心醉咖啡

【扫描信息】

开始时间:2016-11-15 12:02:14
扫描用时:00:00:02
扫描类型:指定位置杀毒
扫描引擎:管家云查杀引擎 管家反病毒引擎 管家系统修复引擎
扫描状态:扫描完成


【扫描结果】

扫描文件数:50
发现风险数:13
已处理风险数:13


---------------------
2016-11-15 12:02:26 MD5:dbefd996730df2b4bc8a38b915cce758 F:\浏览器下载\2016.11.15\11.vir [Win32.Trojan.Dropper.Wvut]  [删除成功]
2016-11-15 12:02:26 MD5:72a6c2ee199a314e2e769394e6a875b5 F:\浏览器下载\2016.11.15\20.vir [Win32.Trojan.Inject.Auto]  [删除成功]
2016-11-15 12:02:27 MD5:30dda05a141dd1ca2b877c112490bd75 F:\浏览器下载\2016.11.15\07.vir [Win32.Trojan.Inject.Auto]  [删除成功]
2016-11-15 12:02:28 MD5:c4f95f1263c6b236322a0228f09603af F:\浏览器下载\2016.11.15\46.vir [Win32.Trojan.Bp-generic.Wpav]  [删除成功]
2016-11-15 12:02:28 MD5:80cefcfb1d216bb080337d9d2aa33c1d F:\浏览器下载\2016.11.15\19.vir [Win32.Trojan.Kryptik.Eadq]  [删除成功]
2016-11-15 12:02:28 MD5:60b4ddbea276060f3d3dc9761295e5fa F:\浏览器下载\2016.11.15\10.vir [Trojan.Linux.Tsunami.t]  [删除成功]
2016-11-15 12:02:28 MD5:a66ab749a3fb7e6bc6560f316a20ff19 F:\浏览器下载\2016.11.15\39.vir [Win32.Trojan.Filecoder.Lmas]  [删除成功]
2016-11-15 12:02:29 MD5:6802aeeaef2d158043ce315a18e92cb2 F:\浏览器下载\2016.11.15\47.vir [Win32.Trojan.Kryptik.Wmso]  [删除成功]
2016-11-15 12:02:29 MD5:dff018e7343ab25f1b4123fa4e9d0cfc F:\浏览器下载\2016.11.15\03.vir [Unk.Win32.Script.400760]  [删除成功]
2016-11-15 12:02:29 MD5:5c8761b117b4a43b4bd36d8690e669e2 F:\浏览器下载\2016.11.15\27.vir [Win32.Trojan.Kryptik.Syih]  [删除成功]
2016-11-15 12:02:29 MD5:25fd76466f9b29db5c081bc09da26567 F:\浏览器下载\2016.11.15\23.vir [Win32.Trojan.Generic.Htmr]  [删除成功]
2016-11-15 12:02:29 MD5:692d9a2745d98e5ae35d6388674be3c4 F:\浏览器下载\2016.11.15\13.vir [Win32.Trojan.Generic.Wnwn]  [删除成功]
2016-11-15 12:02:30 MD5:10e4baa3f21807a9db05b7c792adbbe7 F:\浏览器下载\2016.11.15\21.vir [Win32.Trojan.Inject.Auto]  [删除成功]
---------------------

轩夏

驭龙 发表于 2016-11-15 11:30
现在的云方面，MSE好像弱于WD

扯，MSE哪方面都弱WD，而且是确定的，不是好像
铁粉泪奔飘过

驭龙

轩夏 发表于 2016-11-15 12:13
扯，MSE哪方面都弱WD，而且是确定的，不是好像
铁粉泪奔飘过

其实只是云，别的功能差不太多的，包括行为监控也差不多的

fireherman

轩夏 发表于 2016-11-15 12:13
扯，MSE哪方面都弱WD，而且是确定的，不是好像
铁粉泪奔飘过

还铁粉？很明显你已经抛弃美国佬，暗渡陈仓，向俄国佬献媚。

轩夏

fireherman 发表于 2016-11-15 12:43
还铁粉？很明显你已经抛弃美国佬，暗渡陈仓，向俄国佬献媚。

工作需要，虚拟机里用的卡巴，但是我本机还是MSE~~~~~