精睿样本测试（16.12.2）

显示全部楼层 · 发表于 2016-12-2 10:15:25

看起来脚本类文件也有云端响应了。应该是云端改造+本地引擎改进，新引擎初见端倪

显示全部楼层 · 发表于 2016-12-2 10:24:04

本帖最后由 superax 于 2016-12-2 11:32 编辑

SEP14，还剩下27个，杀掉23个。

显示全部楼层 · 发表于 2016-12-2 10:26:13

BullGuard 解压实时监控干掉18 ，右键扫描5.

显示全部楼层 · 发表于 2016-12-2 10:31:05

剩余样本测了个遍，脚本类都是拦截后台下载然后样本就被over了，exe可执行文件都是被文件监控干掉了，或者没什么行为就退出了

显示全部楼层 · 发表于 2016-12-2 10:56:33

本帖最后由 wjy19800315 于 2016-12-2 10:58 编辑

fscs12发现30个

扫描报告
[mw_shl_code=css,true]扫描报告
2016年12月2日 10:56:44 - 10:56:49
计算机名称: DESKTOP-AST124V
扫描类型: 扫描目标
目标: C:\Users\wjy19\Desktop\2016.12.2

结果: 找到 30 恶意软件
Trojan.VBS.Downloader.AAR (病毒)
C:\Users\wjy19\Desktop\2016.12.2\2016.12.2\07.vir\word\vbaProject.bin
C:\Users\wjy19\Desktop\2016.12.2\2016.12.2\07.vir 操作：已隔离
Trojan.GenericKD.3799560 (病毒)
C:\Users\wjy19\Desktop\2016.12.2\2016.12.2\05.vir 操作：已隔离
Trojan.GenericKD.3799873 (病毒)
C:\Users\wjy19\Desktop\2016.12.2\2016.12.2\06.vir 操作：已隔离
Trojan.GenericKD.3798085 (病毒)
C:\Users\wjy19\Desktop\2016.12.2\2016.12.2\09.vir 操作：已隔离
Trojan.PDF.Phishing.FW (病毒)
C:\Users\wjy19\Desktop\2016.12.2\2016.12.2\11.vir 操作：已隔离
X97M.Downloader.BZ (病毒)
C:\Users\wjy19\Desktop\2016.12.2\2016.12.2\13.vir\xl\vbaProject.bin
C:\Users\wjy19\Desktop\2016.12.2\2016.12.2\13.vir 操作：已隔离
Trojan.GenericKD.3796747 (病毒)
C:\Users\wjy19\Desktop\2016.12.2\2016.12.2\02.vir 操作：已隔离
Trojan.VBS.Downloader.AAK (病毒)
C:\Users\wjy19\Desktop\2016.12.2\2016.12.2\20.vir\word\vbaProject.bin
C:\Users\wjy19\Desktop\2016.12.2\2016.12.2\20.vir 操作：已隔离
Trojan.Generic.19844682 (病毒)
C:\Users\wjy19\Desktop\2016.12.2\2016.12.2\17.vir 操作：已隔离
Trojan.JS.Downloader.HEL (病毒)
C:\Users\wjy19\Desktop\2016.12.2\2016.12.2\26.vir 操作：已隔离
C:\Users\wjy19\Desktop\2016.12.2\2016.12.2\45.vir 操作：已隔离
Trojan.GenericKD.3793114 (病毒)
C:\Users\wjy19\Desktop\2016.12.2\2016.12.2\28.vir 操作：已隔离
Java.Trojan.GenericGB.37 (病毒)
C:\Users\wjy19\Desktop\2016.12.2\2016.12.2\31.vir\zcxvaqwerfqwe\dafaszxcvzcqwerqwdfazxcvzxcv.class
Trojan.GenericKD.3798139 (病毒)
C:\Users\wjy19\Desktop\2016.12.2\2016.12.2\18.vir 操作：已隔离
Trojan.GenericKD.3657447 (病毒)
C:\Users\wjy19\Desktop\2016.12.2\2016.12.2\29.vir 操作：已隔离
Trojan.VBS.Downloader.AAL (病毒)
C:\Users\wjy19\Desktop\2016.12.2\2016.12.2\34.vir\word\vbaProject.bin
C:\Users\wjy19\Desktop\2016.12.2\2016.12.2\32.vir\word\vbaProject.bin
C:\Users\wjy19\Desktop\2016.12.2\2016.12.2\34.vir 操作：已隔离
C:\Users\wjy19\Desktop\2016.12.2\2016.12.2\32.vir 操作：已隔离
Trojan-Downloader:Java/Lecpetex.C (病毒)
C:\Users\wjy19\Desktop\2016.12.2\2016.12.2\31.vir 操作：已隔离
Java.Trojan.GenericGB.39 (病毒)
C:\Users\wjy19\Desktop\2016.12.2\2016.12.2\38.vir 操作：已隔离
Trojan.GenericKD.3800044 (病毒)
C:\Users\wjy19\Desktop\2016.12.2\2016.12.2\41.vir 操作：已隔离
Trojan.GenericKD.3798954 (病毒)
C:\Users\wjy19\Desktop\2016.12.2\2016.12.2\46.vir 操作：已隔离
Gen:Malware.Heur.lqX@bKqtYanj (病毒)
C:\Users\wjy19\Desktop\2016.12.2\2016.12.2\39.vir 操作：已隔离
Gen:Variant.Symmi.61765 (病毒)
C:\Users\wjy19\Desktop\2016.12.2\2016.12.2\33.vir 操作：已隔离
Gen:Variant.Zusy.212974 (病毒)
C:\Users\wjy19\Desktop\2016.12.2\2016.12.2\50.vir 操作：已隔离
Gen:Trojan.Heur.UT.nmX@by6rIeei (病毒)
C:\Users\wjy19\Desktop\2016.12.2\2016.12.2\44.vir 操作：已隔离

统计信息
已扫描:
文件: 247
未扫描: 0
结果:
病毒: 30
间谍软件: 0
可疑项目: 0
危险软件: 0
操作:
已杀毒: 0
已重命名: 0
删除: 0
已隔离: 24
失败: 0
启动扇区:
已扫描: 0
受感染: 0
可疑项目: 0
已杀毒: 0

选项
定义版本:
病毒: 2016-12-02_02
间谍软件: 2016-12-02_02
扫描引擎：
F-Secure Aquarius: 11.00.01, 2016-12-02
F-Secure Hydra: 5.15.154, 2016-12-01
F-Secure Online: 16.15.23, 0-00-00
F-Secure Gemini: 3.02.414, 2016-12-01
扫描选项：
扫描所有文件
扫描内部存档
排除：
对象： F:\我的视频\ F:\windows\ F:\我的相册\ E:\Game\ E:\游戏仓库\ D:\我的音乐\ D:\手机文件\
操作:
病毒: 对受感染文件进行杀毒
间谍软件: 隔离和删除 [/mw_shl_code]

显示全部楼层 · 发表于 2016-12-2 11:21:35

qwe12301 发表于 2016-12-2 09:38
每天这么快干嘛，蹲点啊？

每天差不多都这个时间点啊

显示全部楼层 · 发表于 2016-12-2 11:45:20

360杀毒扫描日志

病毒库版本：2016-12-01 11:46
扫描时间：2016-12-02 11:44:41
扫描用时：00:00:08
扫描类型：右键扫描
扫描文件总数：50
项目总数：26
清除项目数：26

扫描选项
----------------------
扫描所有文件：否
扫描压缩包：否
发现病毒处理方式：由用户选择处理
扫描磁盘引导区：是
扫描 Rootkit：否
使用云查杀引擎：是
使用QVM人工智能引擎：是
扫描建议修复项：是
常规引擎设置：BitDefender Avira(小红伞)

扫描内容
----------------------
C:\Users\Administrator\Downloads\2016.12.2

白名单设置
----------------------

扫描结果
======================
高危风险项
----------------------
C:\Users\Administrator\Downloads\2016.12.2\07.vir virus.office.obfuscated.1 已修复
C:\Users\Administrator\Downloads\2016.12.2\10.vir 木马程序(trojan.js.downloader.1) 已删除
C:\Users\Administrator\Downloads\2016.12.2\03.vir HEUR/QVM16.0.8C45.Malware.Gen 已删除
C:\Users\Administrator\Downloads\2016.12.2\05.vir HEUR/QVM40.1.8C45.Malware.Gen 已删除
C:\Users\Administrator\Downloads\2016.12.2\17.vir HEUR/QVM18.1.7AA5.Malware.Gen 已删除
C:\Users\Administrator\Downloads\2016.12.2\25.vir HEUR/QVM20.1.8C45.Malware.Gen 已删除
C:\Users\Administrator\Downloads\2016.12.2\02.vir Gen:Variant.Kazy.252142 已删除
C:\Users\Administrator\Downloads\2016.12.2\46.vir HEUR/QVM03.0.8C45.Malware.Gen 已删除
C:\Users\Administrator\Downloads\2016.12.2\06.vir TR.Dropper.Gen 已删除
C:\Users\Administrator\Downloads\2016.12.2\09.vir TR.Crypt.ZPACK.Gen 已删除
C:\Users\Administrator\Downloads\2016.12.2\33.vir 木马程序(Gen:Trojan.Heur.QmLfr0z0U4mi) 已删除
C:\Users\Administrator\Downloads\2016.12.2\39.vir Gen:Malware.Heur.lqX@bKqtYanj 已删除
C:\Users\Administrator\Downloads\2016.12.2\41.vir TR.Dropper.Gen 已删除
C:\Users\Administrator\Downloads\2016.12.2\43.vir TR.Crypt.XPACK.Gen3 已删除
C:\Users\Administrator\Downloads\2016.12.2\44.vir TR.Crypt.ULPM.Gen 已删除
C:\Users\Administrator\Downloads\2016.12.2\13.vir virus.office.obfuscated.1 已修复
C:\Users\Administrator\Downloads\2016.12.2\50.vir TR.Crypt.Xpack.oltos 已删除
C:\Users\Administrator\Downloads\2016.12.2\20.vir virus.office.obfuscated.1 已修复
C:\Users\Administrator\Downloads\2016.12.2\26.vir 木马程序(trojan.js.downloader.1) 已删除
C:\Users\Administrator\Downloads\2016.12.2\27.vir virus.office.obfuscated.1 已修复
C:\Users\Administrator\Downloads\2016.12.2\29.vir virus.js.qexvmc.1065 已删除
C:\Users\Administrator\Downloads\2016.12.2\31.vir Java.Trojan.GenericGB.37 已删除
C:\Users\Administrator\Downloads\2016.12.2\32.vir virus.office.obfuscated.1 已修复
C:\Users\Administrator\Downloads\2016.12.2\34.vir virus.office.obfuscated.1 已修复
C:\Users\Administrator\Downloads\2016.12.2\38.vir Java.Trojan.GenericGB.39 已删除
C:\Users\Administrator\Downloads\2016.12.2\45.vir 木马程序(trojan.js.downloader.1) 已删除

显示全部楼层 · 发表于 2016-12-2 11:57:18

Virus4 发表于 2016-12-2 10:10
瑞星新引擎Kill 19

新引擎可以啊，希望早日成熟，加入到杀毒软件中，每天的成绩都很不错，就是不知道误报怎么样？

显示全部楼层 · 发表于 2016-12-2 12:58:01

Avira 21x
[mw_shl_code=css,true]Start of the scan: Friday, 2 December, 2016  12:55

Starting the file scan:

Begin scan in 'C:\Users\Ivan\Desktop\2016.12.2'
C:\Users\Ivan\Desktop\2016.12.2\02.vir
  [DETECTION] Is the TR/Crypt.ZPACK.lceta Trojan
Successful Cloud SDK initialization and license check.
The file 'C:\Users\Ivan\Desktop\2016.12.2\03.vir' has been uploaded to the Protection Cloud and analyzed. SHA256 = 9BAA024423FC7946590C341E7E254B751FB859B89D533DC473CC74C86D281D84
C:\Users\Ivan\Desktop\2016.12.2\03.vir (SHA-256: 9baa024423fc7946590c341e7e254b751fb859b89d533dc473cc74c86d281d84)
  [INFO]    The file 'C:\Users\Ivan\Desktop\2016.12.2\03.vir' has been uploaded to the Protection Cloud and analyzed.
The file 'C:\Users\Ivan\Desktop\2016.12.2\04.vir' has been uploaded to the Protection Cloud and analyzed. SHA256 = E01ABE00C27D857EDA928555320B3AA4ADA7ADA52E4EDD882FF35A402AA6ED14
C:\Users\Ivan\Desktop\2016.12.2\04.vir (SHA-256: e01abe00c27d857eda928555320b3aa4ada7ada52e4edd882ff35a402aa6ed14)
  [DETECTION] Contains suspicious code HEUR/APC (Cloud)
  [INFO]    The file 'C:\Users\Ivan\Desktop\2016.12.2\04.vir' has been uploaded to the Protection Cloud and analyzed.
C:\Users\Ivan\Desktop\2016.12.2\05.vir
  [DETECTION] Is the TR/Crypt.ZPACK.pepgr Trojan
C:\Users\Ivan\Desktop\2016.12.2\06.vir
  [DETECTION] Is the TR/Dropper.Gen Trojan
C:\Users\Ivan\Desktop\2016.12.2\07.vir
[0] Archive type: ZIP
--> word/vbaProject.bin
      [DETECTION] Contains code of the W2000M/Agent.376240 macro virus
      [WARNING] Infected files in archives cannot be repaired
C:\Users\Ivan\Desktop\2016.12.2\09.vir
  [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\Users\Ivan\Desktop\2016.12.2\13.vir
[0] Archive type: ZIP
--> xl/vbaProject.bin
      [DETECTION] Contains code of the W2000M/Agent.5524188 macro virus
      [WARNING] Infected files in archives cannot be repaired
The file 'C:\Users\Ivan\Desktop\2016.12.2\17.vir' was scanned with the Protection Cloud. SHA256 = 4ACD2FA58BE8496C0190D5DB0D9CECA4D677D8F7C9C206DF3D695426E531DF95
C:\Users\Ivan\Desktop\2016.12.2\17.vir (SHA-256: 4acd2fa58be8496c0190d5db0d9ceca4d677d8f7c9c206df3d695426e531df95)
  [DETECTION] Contains recognition pattern of the SPR/TPE.4acd2f (Cloud) program
C:\Users\Ivan\Desktop\2016.12.2\18.vir
  [DETECTION] Is the TR/Crypt.Xpack.ehqcn Trojan
The file 'C:\Users\Ivan\Desktop\2016.12.2\19.vir' has been uploaded to the Protection Cloud and analyzed. SHA256 = 3F572B89C9B3C4E74061314D1C5BD8BBE699E9840DD54068673328E3E5CF6B89
C:\Users\Ivan\Desktop\2016.12.2\19.vir (SHA-256: 3f572b89c9b3c4e74061314d1c5bd8bbe699e9840dd54068673328e3e5cf6b89)
  [INFO]    The file 'C:\Users\Ivan\Desktop\2016.12.2\19.vir' has been uploaded to the Protection Cloud and analyzed.
C:\Users\Ivan\Desktop\2016.12.2\20.vir
[0] Archive type: ZIP
--> word/vbaProject.bin
      [DETECTION] Contains code of the W2000M/Agent.376240 macro virus
      [WARNING] Infected files in archives cannot be repaired
C:\Users\Ivan\Desktop\2016.12.2\24.vir
  [DETECTION] Contains code of the X2000M/Agent.79265 Excel macro virus
C:\Users\Ivan\Desktop\2016.12.2\27.vir
[0] Archive type: ZIP
--> word/vbaProject.bin
      [DETECTION] Contains code of the W2000M/Agent.376240 macro virus
      [WARNING] Infected files in archives cannot be repaired
C:\Users\Ivan\Desktop\2016.12.2\28.vir
  [DETECTION] Contains recognition pattern of the HTML/ExpKit.Gen6 HTML script virus
C:\Users\Ivan\Desktop\2016.12.2\32.vir
[0] Archive type: ZIP
--> word/vbaProject.bin
      [DETECTION] Contains code of the W2000M/Agent.376240 macro virus
      [WARNING] Infected files in archives cannot be repaired
C:\Users\Ivan\Desktop\2016.12.2\33.vir
  [DETECTION] Is the TR/Injector.ixyuz Trojan
C:\Users\Ivan\Desktop\2016.12.2\34.vir
[0] Archive type: ZIP
--> word/vbaProject.bin
      [DETECTION] Contains code of the W2000M/Agent.376240 macro virus
      [WARNING] Infected files in archives cannot be repaired
Retry 1 for the file 'C:\Users\Ivan\Desktop\2016.12.2\39.vir'. SHA256 = B88E85EFFF7C37B85A2DD8D42ED35260089D24519B572F9ABEC172FAD806FC3F
The file 'C:\Users\Ivan\Desktop\2016.12.2\39.vir' has been uploaded to the Protection Cloud and analyzed. SHA256 = B88E85EFFF7C37B85A2DD8D42ED35260089D24519B572F9ABEC172FAD806FC3F
C:\Users\Ivan\Desktop\2016.12.2\39.vir (SHA-256: b88e85efff7c37b85a2dd8d42ed35260089d24519b572f9abec172fad806fc3f)
  [INFO]    The file 'C:\Users\Ivan\Desktop\2016.12.2\39.vir' has been uploaded to the Protection Cloud and analyzed.
C:\Users\Ivan\Desktop\2016.12.2\41.vir
  [DETECTION] Is the TR/Dropper.Gen Trojan
C:\Users\Ivan\Desktop\2016.12.2\43.vir
  [DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan
C:\Users\Ivan\Desktop\2016.12.2\44.vir
  [DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
C:\Users\Ivan\Desktop\2016.12.2\46.vir
  [DETECTION] Is the TR/AD.Fareit.byusk Trojan
C:\Users\Ivan\Desktop\2016.12.2\50.vir
  [DETECTION] Is the TR/Crypt.Xpack.oltos Trojan[/mw_shl_code]

显示全部楼层 · 发表于 2016-12-2 20:24:21

360杀毒扫描日志

病毒库版本：2016-12-02 12:58
扫描时间：2016-12-02 20:21:02
扫描用时：00:00:27
扫描类型：右键扫描
扫描文件总数：50
项目总数：27
清除项目数：27

扫描选项
----------------------
扫描所有文件：否
扫描压缩包：否
发现病毒处理方式：由用户选择处理
扫描磁盘引导区：是
扫描 Rootkit：否
使用云查杀引擎：是
使用QVM人工智能引擎：是
扫描建议修复项：是
常规引擎设置：BitDefender Avira(小红伞)

扫描内容
----------------------
C:\Users\MeiZu\Desktop\2016.12.2

白名单设置
----------------------

扫描结果
======================
高危风险项
----------------------
C:\Users\MeiZu\Desktop\2016.12.2\07.vir virus.office.obfuscated.1 已删除
C:\Users\MeiZu\Desktop\2016.12.2\10.vir 木马程序(trojan.js.downloader.1) 已删除
C:\Users\MeiZu\Desktop\2016.12.2\02.vir HEUR/QVM09.0.8CC1.Malware.Gen 已删除
C:\Users\MeiZu\Desktop\2016.12.2\03.vir HEUR/QVM16.0.8CC1.Malware.Gen 已删除
C:\Users\MeiZu\Desktop\2016.12.2\05.vir HEUR/QVM40.1.8C83.Malware.Gen 已删除
C:\Users\MeiZu\Desktop\2016.12.2\06.vir HEUR/QVM42.1.8CC1.Malware.Gen 已删除
C:\Users\MeiZu\Desktop\2016.12.2\09.vir HEUR/QVM16.0.8CC1.Malware.Gen 已删除
C:\Users\MeiZu\Desktop\2016.12.2\17.vir HEUR/QVM18.1.7AA5.Malware.Gen 已删除
C:\Users\MeiZu\Desktop\2016.12.2\18.vir 感染型病毒(Win32/Trojan.a84) 已删除
C:\Users\MeiZu\Desktop\2016.12.2\25.vir 木马程序(Trojan.Generic) 已删除
C:\Users\MeiZu\Desktop\2016.12.2\33.vir 感染型病毒(Win32/Trojan.ec2) 已删除
C:\Users\MeiZu\Desktop\2016.12.2\39.vir 感染型病毒(Win32/Trojan.f79) 已删除
C:\Users\MeiZu\Desktop\2016.12.2\41.vir HEUR/QVM42.1.8CC1.Malware.Gen 已删除
C:\Users\MeiZu\Desktop\2016.12.2\43.vir 感染型病毒(Win32/Trojan.160) 已删除
C:\Users\MeiZu\Desktop\2016.12.2\13.vir virus.office.obfuscated.1 已删除
C:\Users\MeiZu\Desktop\2016.12.2\46.vir 感染型病毒(Win32/Trojan.dde) 已删除
C:\Users\MeiZu\Desktop\2016.12.2\50.vir HEUR/QVM09.0.8CC1.Malware.Gen 已删除
C:\Users\MeiZu\Desktop\2016.12.2\44.vir TR.Crypt.ULPM.Gen 已删除
C:\Users\MeiZu\Desktop\2016.12.2\20.vir virus.office.obfuscated.1 已删除
C:\Users\MeiZu\Desktop\2016.12.2\26.vir 木马程序(trojan.js.downloader.1) 已删除
C:\Users\MeiZu\Desktop\2016.12.2\27.vir virus.office.obfuscated.1 已删除
C:\Users\MeiZu\Desktop\2016.12.2\29.vir virus.js.qexvmc.1065 已删除
C:\Users\MeiZu\Desktop\2016.12.2\31.vir Java.Trojan.GenericGB.37 已删除
C:\Users\MeiZu\Desktop\2016.12.2\32.vir virus.office.obfuscated.1 已删除
C:\Users\MeiZu\Desktop\2016.12.2\34.vir virus.office.obfuscated.1 已删除
C:\Users\MeiZu\Desktop\2016.12.2\38.vir Java.Trojan.GenericGB.39 已删除
C:\Users\MeiZu\Desktop\2016.12.2\45.vir 木马程序(trojan.js.downloader.1) 已删除

[病毒样本] 精睿样本测试（16.12.2）

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

浏览过的版块