精睿样本测试（16.12.5）

显示全部楼层 · 发表于 2016-12-5 10:17:52

来晚了WD24个

显示全部楼层 · 发表于 2016-12-5 11:03:21

Avira 36x
[mw_shl_code=css,true]Start of the scan: Monday, 5 December, 2016  11:01

Starting the file scan:

Begin scan in 'C:\Users\Ivan\Desktop\2016.12.5'
C:\Users\Ivan\Desktop\2016.12.5\01.vir
  [DETECTION] Contains suspicious code HEUR/Macro.Dropper
Successful Cloud SDK initialization and license check.
The file 'C:\Users\Ivan\Desktop\2016.12.5\02.vir' was scanned with the Protection Cloud. SHA256 = C33E2334E868DACF8E65652D73B3E7295F48856D7E53F09DFAF630A5EAFD46D8
C:\Users\Ivan\Desktop\2016.12.5\03.vir
[0] Archive type: ZIP
--> word/vbaProject.bin
      [DETECTION] Contains code of the W2000M/Agent.376240 macro virus
      [WARNING] Infected files in archives cannot be repaired
C:\Users\Ivan\Desktop\2016.12.5\05.vir
[0] Archive type: ZIP
--> word/vbaProject.bin
      [DETECTION] Contains code of the W2000M/Agent.376240 macro virus
      [WARNING] Infected files in archives cannot be repaired
C:\Users\Ivan\Desktop\2016.12.5\07.vir
  [DETECTION] Contains code of the W2000M/Dldr.Agent.AM.42920 macro virus
The file 'C:\Users\Ivan\Desktop\2016.12.5\08.vir' was scanned with the Protection Cloud. SHA256 = 3657AE7B9CC26C8E9BA2C42EEE713E8CE0702E9E9803D46D3F9E19A07112F49D
C:\Users\Ivan\Desktop\2016.12.5\09.vir
[0] Archive type: ZIP
--> word/vbaProject.bin
      [DETECTION] Contains code of the W2000M/Agent.031553 macro virus
      [WARNING] Infected files in archives cannot be repaired
The file 'C:\Users\Ivan\Desktop\2016.12.5\11.vir' was scanned with the Protection Cloud. SHA256 = A30C8766B1732F348AE81DEE1C22C3553F196C84C6D352502FFC800BA9D295C2
C:\Users\Ivan\Desktop\2016.12.5\11.vir (SHA-256: a30c8766b1732f348ae81dee1c22c3553f196c84c6d352502ffc800ba9d295c2)
  [DETECTION] Contains suspicious code HEUR/APC (Cloud)
C:\Users\Ivan\Desktop\2016.12.5\12.vir
[0] Archive type: ZIP
--> word/vbaProject.bin
      [DETECTION] Contains code of the W2000M/Agent.031552 macro virus
      [WARNING] Infected files in archives cannot be repaired
C:\Users\Ivan\Desktop\2016.12.5\14.vir
  [DETECTION] Is the TR/Dldr.Agent.lgabm Trojan
C:\Users\Ivan\Desktop\2016.12.5\15.vir
  [DETECTION] Contains recognition pattern of the JS/Locky.valmh Java script virus
The file 'C:\Users\Ivan\Desktop\2016.12.5\16.vir' was scanned with the Protection Cloud. SHA256 = B1DA6FFA557BF07B78DD99F2D7A04C70C205312F2654B03EAB2DC6C5214C76E9
C:\Users\Ivan\Desktop\2016.12.5\16.vir (SHA-256: b1da6ffa557bf07b78dd99f2d7a04c70c205312f2654b03eab2dc6c5214c76e9)
  [DETECTION] Is the TR/Rogue.b1da6f (Cloud) Trojan
C:\Users\Ivan\Desktop\2016.12.5\17.vir
  [DETECTION] Contains suspicious code HEUR/Macro.Agent
The file 'C:\Users\Ivan\Desktop\2016.12.5\18.vir' was scanned with the Protection Cloud. SHA256 = 133CBCD8DF2BE0F105BE07F2DFCB17B2D17E2E7DFCEE18A676821EBEF4983D65
C:\Users\Ivan\Desktop\2016.12.5\18.vir (SHA-256: 133cbcd8df2be0f105be07f2dfcb17b2d17e2e7dfcee18a676821ebef4983d65)
  [DETECTION] Contains suspicious code HEUR/APC (Cloud)
C:\Users\Ivan\Desktop\2016.12.5\19.vir
  [DETECTION] Contains suspicious code HEUR/Macro.Dropper
The file 'C:\Users\Ivan\Desktop\2016.12.5\20.vir' was scanned with the Protection Cloud. SHA256 = 9894131DCAA8F7C465BD22F1F0A3DCA54FB885132CB099CE1732B00F3ADF8456
C:\Users\Ivan\Desktop\2016.12.5\20.vir (SHA-256: 9894131dcaa8f7c465bd22f1f0a3dca54fb885132cb099ce1732b00f3adf8456)
  [DETECTION] Is the TR/Crypt.XPACK.989413 (Cloud) Trojan
[0] Archive type: Portable Executable Resource
--> C:\Users\Ivan\Desktop\2016.12.5\22.vir
      [1] Archive type: ZIP
   --> word/vbaProject.bin
      [DETECTION] Contains code of the W2000M/Agent.376240 macro virus
      [WARNING] Infected files in archives cannot be repaired
C:\Users\Ivan\Desktop\2016.12.5\22.vir
  [DETECTION] Contains code of the W2000M/Agent.376240 macro virus
C:\Users\Ivan\Desktop\2016.12.5\23.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Locky.C Java script virus
--> C:\Users\Ivan\Desktop\2016.12.5\24.vir
      [1] Archive type: ZIP
   --> word/vbaProject.bin
      [DETECTION] Contains code of the W2000M/Agent.376240 macro virus
      [WARNING] Infected files in archives cannot be repaired
C:\Users\Ivan\Desktop\2016.12.5\24.vir
  [DETECTION] Contains code of the W2000M/Agent.376240 macro virus
--> C:\Users\Ivan\Desktop\2016.12.5\25.vir
      [1] Archive type: ZIP
   --> word/vbaProject.bin
      [DETECTION] Contains code of the W2000M/Agent.376240 macro virus
      [WARNING] Infected files in archives cannot be repaired
C:\Users\Ivan\Desktop\2016.12.5\25.vir
  [DETECTION] Contains code of the W2000M/Agent.376240 macro virus
C:\Users\Ivan\Desktop\2016.12.5\26.vir
  [DETECTION] Contains code of the X2000M/Agent.79265 Excel macro virus
--> C:\Users\Ivan\Desktop\2016.12.5\27.vir
      [1] Archive type: ZIP
   --> word/vbaProject.bin
      [DETECTION] Contains code of the W2000M/Agent.376240 macro virus
      [WARNING] Infected files in archives cannot be repaired
C:\Users\Ivan\Desktop\2016.12.5\27.vir
  [DETECTION] Contains code of the W2000M/Agent.376240 macro virus
C:\Users\Ivan\Desktop\2016.12.5\28.vir
  [DETECTION] Contains recognition pattern of the PHISH/Acsteal.20164 phishing file/email
C:\Users\Ivan\Desktop\2016.12.5\30.vir
  [DETECTION] Is the TR/Confuser.uoxch Trojan
The file 'C:\Users\Ivan\Desktop\2016.12.5\31.vir' was scanned with the Protection Cloud. SHA256 = 71297DA06CCABED0FE9DEC3A144082B9DE84042FF189479B3F597E23EA73B9AB
C:\Users\Ivan\Desktop\2016.12.5\32.vir
  [DETECTION] Contains recognition pattern of the JS/Locky.valmh Java script virus
C:\Users\Ivan\Desktop\2016.12.5\33.vir
  [DETECTION] Is the TR/Agent.gbgfy Trojan
--> C:\Users\Ivan\Desktop\2016.12.5\34.vir
      [1] Archive type: ZIP
   --> word/vbaProject.bin
      [DETECTION] Contains code of the W2000M/Agent.376240 macro virus
      [WARNING] Infected files in archives cannot be repaired
C:\Users\Ivan\Desktop\2016.12.5\34.vir
  [DETECTION] Contains code of the W2000M/Agent.376240 macro virus
--> C:\Users\Ivan\Desktop\2016.12.5\36.vir
      [1] Archive type: ACE
   --> Do-Dunia-0018N eta-etd.exe
      [DETECTION] Contains recognition pattern of the DR/Delphi.glvvh dropper
      [WARNING] Infected files in archives cannot be repaired
C:\Users\Ivan\Desktop\2016.12.5\36.vir
  [DETECTION] Contains recognition pattern of the DR/Delphi.glvvh dropper
C:\Users\Ivan\Desktop\2016.12.5\39.vir
  [DETECTION] Contains code of the ANDROID/Fakeinst.G.Gen virus
C:\Users\Ivan\Desktop\2016.12.5\40.vir
  [DETECTION] Contains recognition pattern of the HTML/ExpKit.Gen2 HTML script virus
C:\Users\Ivan\Desktop\2016.12.5\41.vir
  [DETECTION] Contains code of the W2000M/Agent.1686862 macro virus
C:\Users\Ivan\Desktop\2016.12.5\42.vir
  [DETECTION] Contains suspicious code HEUR/Macro.Agent
C:\Users\Ivan\Desktop\2016.12.5\43.vir
  [DETECTION] Contains recognition pattern of the JS/Locky.valmh Java script virus
C:\Users\Ivan\Desktop\2016.12.5\44.vir
  [DETECTION] Contains recognition pattern of the JS/Dldr.Locky.C Java script virus
--> C:\Users\Ivan\Desktop\2016.12.5\46.vir
      [1] Archive type: Base64
   --> Object
      [DETECTION] Contains code of the W2000M/Dldr.Agent.AM.42920 macro virus
      [WARNING] Infected files in archives cannot be repaired
C:\Users\Ivan\Desktop\2016.12.5\46.vir
  [DETECTION] Contains code of the W2000M/Dldr.Agent.AM.42920 macro virus
--> C:\Users\Ivan\Desktop\2016.12.5\47.vir
      [1] Archive type: ZIP
   --> word/vbaProject.bin
      [DETECTION] Contains code of the W2000M/Agent.376240 macro virus
      [WARNING] Infected files in archives cannot be repaired
C:\Users\Ivan\Desktop\2016.12.5\47.vir
  [DETECTION] Contains code of the W2000M/Agent.376240 macro virus
The file 'C:\Users\Ivan\Desktop\2016.12.5\49.vir' was scanned with the Protection Cloud. SHA256 = 06C76373C9C6DB8B8957DD3FBB2E596D9E739C5F78176F71BC0AD04C7C8189ED
C:\Users\Ivan\Desktop\2016.12.5\49.vir (SHA-256: 06c76373c9c6db8b8957dd3fbb2e596d9e739c5f78176f71bc0ad04c7c8189ed)
  [DETECTION] Contains suspicious code HEUR/APC (Cloud)
C:\Users\Ivan\Desktop\2016.12.5\50.vir
  [DETECTION] Contains suspicious code HEUR/Macro.Agent[/mw_shl_code]

显示全部楼层 · 发表于 2016-12-5 11:04:53

360杀毒扫描日志

病毒库版本：2016-12-04 20:06
扫描时间：2016-12-05 11:03:57
扫描用时：00:00:06
扫描类型：右键扫描
扫描文件总数：50
项目总数：29
清除项目数：29

扫描选项
----------------------
扫描所有文件：否
扫描压缩包：否
发现病毒处理方式：由用户选择处理
扫描磁盘引导区：是
扫描 Rootkit：否
使用云查杀引擎：是
使用QVM人工智能引擎：是
扫描建议修复项：是
常规引擎设置：BitDefender Avira(小红伞)

扫描内容
----------------------
C:\Users\Administrator\Downloads\2016.12.5

白名单设置
----------------------

扫描结果
======================
高危风险项
----------------------
C:\Users\Administrator\Downloads\2016.12.5\03.vir virus.office.obfuscated.1 已修复
C:\Users\Administrator\Downloads\2016.12.5\08.vir HEUR/QVM11.1.9C3D.Malware.Gen 已删除
C:\Users\Administrator\Downloads\2016.12.5\11.vir HEUR/QVM20.1.9C3D.Malware.Gen 已删除
C:\Users\Administrator\Downloads\2016.12.5\20.vir HEUR/QVM10.1.9C3D.Malware.Gen 已删除
C:\Users\Administrator\Downloads\2016.12.5\14.vir TR.Dldr.Agent.lgabm 已删除
C:\Users\Administrator\Downloads\2016.12.5\16.vir 木马程序(Trojan.Generic.17674596) 已删除
C:\Users\Administrator\Downloads\2016.12.5\30.vir TR.Confuser.uoxch 已删除
C:\Users\Administrator\Downloads\2016.12.5\18.vir Gen:Variant.MSILPerseus.28063 已删除
C:\Users\Administrator\Downloads\2016.12.5\33.vir Gen:Variant.Graftor.291486 已删除
C:\Users\Administrator\Downloads\2016.12.5\05.vir virus.office.obfuscated.1 已修复
C:\Users\Administrator\Downloads\2016.12.5\06.vir virus.bat.evilset.a 已删除
C:\Users\Administrator\Downloads\2016.12.5\07.vir virus.office.qexvmc.1080 已修复
C:\Users\Administrator\Downloads\2016.12.5\09.vir virus.office.obfuscated.1 已修复
C:\Users\Administrator\Downloads\2016.12.5\12.vir virus.office.obfuscated.1 已修复
C:\Users\Administrator\Downloads\2016.12.5\15.vir 木马程序(trojan.js.downloader.1) 已删除
C:\Users\Administrator\Downloads\2016.12.5\19.vir virus.office.qexvmc.1070 已修复
C:\Users\Administrator\Downloads\2016.12.5\13.vir 后门程序(Backdoor.Ra.V) 已删除
C:\Users\Administrator\Downloads\2016.12.5\22.vir virus.office.obfuscated.1 已修复
C:\Users\Administrator\Downloads\2016.12.5\24.vir virus.office.obfuscated.1 已修复
C:\Users\Administrator\Downloads\2016.12.5\25.vir virus.office.obfuscated.1 已修复
C:\Users\Administrator\Downloads\2016.12.5\27.vir virus.office.obfuscated.1 已修复
C:\Users\Administrator\Downloads\2016.12.5\32.vir 木马程序(trojan.js.downloader.1) 已删除
C:\Users\Administrator\Downloads\2016.12.5\29.vir 木马程序(Trojan.PDF.Scam.DE) 已删除
C:\Users\Administrator\Downloads\2016.12.5\34.vir virus.office.obfuscated.1 已修复
C:\Users\Administrator\Downloads\2016.12.5\41.vir virus.office.obfuscated.1 已修复
C:\Users\Administrator\Downloads\2016.12.5\39.vir ANDROID.Fakeinst.G.Gen 已删除
C:\Users\Administrator\Downloads\2016.12.5\43.vir 木马程序(trojan.js.downloader.1) 已删除
C:\Users\Administrator\Downloads\2016.12.5\47.vir virus.office.obfuscated.1 已修复
C:\Users\Administrator\Downloads\2016.12.5\48.vir virus.js.qexvmc.1085 已删除

显示全部楼层 · 发表于 2016-12-5 11:29:43

轩夏发表于 2016-12-5 09:28
换头像了捏

走个萌系路线，哈哈

显示全部楼层 · 发表于 2016-12-5 11:34:33

Panda Free

显示全部楼层 · 发表于 2016-12-5 11:37:51

本帖最后由 superax 于 2016-12-5 11:43 编辑

SEP14，剩余24个，杀掉26个。

显示全部楼层 · 发表于 2016-12-5 12:04:51

趋势来凑热闹的

显示全部楼层 · 发表于 2016-12-5 12:20:31

本帖最后由猪头无双于 2016-12-5 12:47 编辑

FSCS占位

一扫检测出40个，4个未处理，修复9个，隔离12个，所以实际结果应该是25个，基本和检测工具结果一致。剩余25个

[mw_shl_code=css,true]结果: 找到 40 恶意软件

Suspicious:W32/Malware!Gemini (怀疑的感染)
C:\Users\caizh\Desktop\2016.12.5\2016.12.5\11.vir
Trojan:W97M/Nastjencro.A (病毒)
C:\Users\caizh\Desktop\2016.12.5\2016.12.5\01.vir
C:\Users\caizh\Desktop\2016.12.5\2016.12.5\19.vir
Trojan.VBS.Downloader.AAN (病毒)
C:\Users\caizh\Desktop\2016.12.5\2016.12.5\07.vir
C:\Users\caizh\Desktop\2016.12.5\2016.12.5\46.vir 操作：已隔离
Backdoor.Ra.V (病毒)
C:\Users\caizh\Desktop\2016.12.5\2016.12.5\13.vir 操作：已隔离
W97M.Downloader.ETY (病毒)
C:\Users\caizh\Desktop\2016.12.5\2016.12.5\03.vir\word\vbaProject.bin
C:\Users\caizh\Desktop\2016.12.5\2016.12.5\03.vir 操作：已杀毒
C:\Users\caizh\Desktop\2016.12.5\2016.12.5\05.vir\word\vbaProject.bin
C:\Users\caizh\Desktop\2016.12.5\2016.12.5\05.vir 操作：已杀毒
C:\Users\caizh\Desktop\2016.12.5\2016.12.5\24.vir\word\vbaProject.bin
C:\Users\caizh\Desktop\2016.12.5\2016.12.5\24.vir 操作：已杀毒
C:\Users\caizh\Desktop\2016.12.5\2016.12.5\25.vir\word\vbaProject.bin
C:\Users\caizh\Desktop\2016.12.5\2016.12.5\25.vir 操作：已杀毒
W97M.Downloader.ETV (病毒)
C:\Users\caizh\Desktop\2016.12.5\2016.12.5\12.vir\word\vbaProject.bin
C:\Users\caizh\Desktop\2016.12.5\2016.12.5\12.vir 操作：已杀毒
Trojan.Doc.Downloader.WT (病毒)
C:\Users\caizh\Desktop\2016.12.5\2016.12.5\09.vir\word\vbaProject.bin
C:\Users\caizh\Desktop\2016.12.5\2016.12.5\09.vir 操作：已杀毒
Trojan.GenericKDZ.37388 (病毒)
C:\Users\caizh\Desktop\2016.12.5\2016.12.5\15.vir 操作：已隔离
Trojan.GenericKD.3799599 (病毒)
C:\Users\caizh\Desktop\2016.12.5\2016.12.5\20.vir 操作：已隔离
W97M.Downloader.ETW (病毒)
C:\Users\caizh\Desktop\2016.12.5\2016.12.5\22.vir\word\vbaProject.bin
C:\Users\caizh\Desktop\2016.12.5\2016.12.5\22.vir 操作：已杀毒
C:\Users\caizh\Desktop\2016.12.5\2016.12.5\34.vir\word\vbaProject.bin
C:\Users\caizh\Desktop\2016.12.5\2016.12.5\34.vir 操作：已杀毒
C:\Users\caizh\Desktop\2016.12.5\2016.12.5\47.vir\word\vbaProject.bin
C:\Users\caizh\Desktop\2016.12.5\2016.12.5\47.vir 操作：已杀毒
Gen:Variant.MSILPerseus.28063 (病毒)
C:\Users\caizh\Desktop\2016.12.5\2016.12.5\18.vir 操作：已隔离
Trojan.Generic.17674596 (病毒)
C:\Users\caizh\Desktop\2016.12.5\2016.12.5\16.vir 操作：已隔离
Trojan.Phishing.BL (病毒)
C:\Users\caizh\Desktop\2016.12.5\2016.12.5\28.vir 操作：已隔离
Trojan.VBS.Downloader.AAK (病毒)
C:\Users\caizh\Desktop\2016.12.5\2016.12.5\27.vir\word\vbaProject.bin
C:\Users\caizh\Desktop\2016.12.5\2016.12.5\27.vir 操作：已隔离
Gen:Variant.Graftor.291486 (病毒)
C:\Users\caizh\Desktop\2016.12.5\2016.12.5\33.vir 操作：已隔离
Trojan.PDF.Scam.DE (病毒)
C:\Users\caizh\Desktop\2016.12.5\2016.12.5\29.vir 操作：已隔离
Trojan.Agent.CBLU (病毒)
C:\Users\caizh\Desktop\2016.12.5\2016.12.5\36.vir 操作：已隔离
Trojan.Generic.19915717 (病毒)
C:\Users\caizh\Desktop\2016.12.5\2016.12.5\30.vir 操作：已隔离
Trojan.Script.Agent.JT (病毒)
C:\Users\caizh\Desktop\2016.12.5\2016.12.5\40.vir 操作：已隔离
Trojan.JS.Downloader.HEL (病毒)
C:\Users\caizh\Desktop\2016.12.5\2016.12.5\43.vir 操作：已隔离
C:\Users\caizh\Desktop\2016.12.5\2016.12.5\32.vir 操作：已隔离
Exploit.OLE-JS.Gen (病毒)
C:\Users\caizh\Desktop\2016.12.5\2016.12.5\48.vir\word\embeddings\oleObject1.bin
C:\Users\caizh\Desktop\2016.12.5\2016.12.5\48.vir 操作：已隔离[/mw_shl_code]

二扫删除4X剩余21，实际结果29

显示全部楼层 · 发表于 2016-12-5 14:08:25

显示全部楼层 · 发表于 2016-12-5 14:19:54

gdata 29x，其中修复1x

[病毒样本] 精睿样本测试（16.12.5）

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

浏览过的版块