查看: 9792|回复: 52
收起左侧

[病毒样本] 精睿样本测试(17.5.26)

  [复制链接]
Eset小粉絲
发表于 2017-5-26 09:33:59 | 显示全部楼层 |阅读模式
地址:


http://pan.baidu.com/s/1pLwNQXl 密码: kr4g


密码:http://bbs.vc52.cn  
数量:120


评分

参与人数 1人气 +1 收起 理由
小飞侠.net + 1 火绒安全----175个

查看全部评分

Eset小粉絲
 楼主| 发表于 2017-5-26 09:47:55 | 显示全部楼层
本帖最后由 Eset小粉絲 于 2017-5-26 10:21 编辑

Avira 79x
误报3x
[mw_shl_code=css,true]Starting the file scan:

Begin scan in 'C:\Users\Ivan\Desktop\2017.5.26'
C:\Users\Ivan\Desktop\2017.5.26\002.vir
  [DETECTION] Is the TR/Downloader.Gen Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '5e811a44.qua'!
C:\Users\Ivan\Desktop\2017.5.26\003.vir
    [0] Archive type: PDF
    --> pdf_file_12.avp
        [1] Archive type: ZIP
      --> word/vbaProject.bin
          [DETECTION] Contains code of the W2000M/Agent.4582217 macro virus
          [WARNING]   Infected files in archives cannot be repaired
  [NOTE]      The file was moved to the quarantine directory under the name '461535e3.qua'!
C:\Users\Ivan\Desktop\2017.5.26\004.vir
    [0] Archive type: PDF
    --> pdf_file_11.avp
        [1] Archive type: ZIP
      --> word/vbaProject.bin
          [DETECTION] Contains code of the W2000M/Agent.4582217 macro virus
          [WARNING]   Infected files in archives cannot be repaired
  [NOTE]      The file was moved to the quarantine directory under the name '144b6f0c.qua'!
C:\Users\Ivan\Desktop\2017.5.26\005.vir
  [DETECTION] Is the TR/Crypt.Xpack.tutnv Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '727b20c1.qua'!
C:\Users\Ivan\Desktop\2017.5.26\006.vir
  [DETECTION] Is the TR/Dropper.VB.roaue Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '37fe0c05.qua'!
C:\Users\Ivan\Desktop\2017.5.26\009.vir
  [DETECTION] Is the TR/Crypt.ZPACK.rlufl Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '48d83e6c.qua'!
C:\Users\Ivan\Desktop\2017.5.26\011.vir
  [DETECTION] Contains recognition pattern of the WORM/VBNA.jdy worm
  [NOTE]      The file was moved to the quarantine directory under the name '0458123e.qua'!
C:\Users\Ivan\Desktop\2017.5.26\013.vir
  [DETECTION] Is the TR/Kryptik.nsnls Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '78425268.qua'!
C:\Users\Ivan\Desktop\2017.5.26\015.vir
  [DETECTION] Is the TR/Dropper.MSIL.cnzao Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '551e7d2d.qua'!
C:\Users\Ivan\Desktop\2017.5.26\017.vir
  [DETECTION] Is the TR/Dropper.MSIL.jlgvf Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '4c74468e.qua'!
C:\Users\Ivan\Desktop\2017.5.26\019.vir
  [DETECTION] Is the TR/Crypt.ZPACK.ghwqa Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '20166ab4.qua'!
C:\Users\Ivan\Desktop\2017.5.26\022.vir
  [DETECTION] Contains a recognition pattern of the (harmful) BDS/Backdoor.pgzbk back-door program
  [NOTE]      The file was moved to the quarantine directory under the name '51965339.qua'!
C:\Users\Ivan\Desktop\2017.5.26\024.vir
  [DETECTION] Is the TR/Spy.hxucx Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '5f8e63f1.qua'!
C:\Users\Ivan\Desktop\2017.5.26\025.vir
  [DETECTION] Is the TR/Spy.Agent.twnbf Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '1aa01aca.qua'!
C:\Users\Ivan\Desktop\2017.5.26\026.vir
  [DETECTION] Is the TR/Dropper.Gen Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '13aa1e6b.qua'!
C:\Users\Ivan\Desktop\2017.5.26\027.vir
  [DETECTION] Is the TR/Dropper.VB.yrndh Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '4be80705.qua'!
C:\Users\Ivan\Desktop\2017.5.26\029.vir
  [DETECTION] Is the TR/Crypt.ZPACK.xjudl Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '67227ed0.qua'!
C:\Users\Ivan\Desktop\2017.5.26\030.vir
  [DETECTION] Contains code of the W97M/Ozwer.B Word macro virus
  [NOTE]      The file was moved to the quarantine directory under the name '59eb1e0b.qua'!
C:\Users\Ivan\Desktop\2017.5.26\032.vir
  [DETECTION] Is the TR/Spy.ivvdc Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '3aeb354f.qua'!
C:\Users\Ivan\Desktop\2017.5.26\033.vir
  [DETECTION] Is the TR/Crypt.Xpack.pziuk Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '1c207555.qua'!
C:\Users\Ivan\Desktop\2017.5.26\036.vir
  [DETECTION] Is the TR/Dropper.VB.nlpju Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '2eb30ef9.qua'!
C:\Users\Ivan\Desktop\2017.5.26\038.vir
  [DETECTION] Is the TR/Crypt.ZPACK.mpoog Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '24f4259d.qua'!
C:\Users\Ivan\Desktop\2017.5.26\039.vir
  [DETECTION] Is the TR/AD.Remcos.wmfdo Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '1b9841d7.qua'!
C:\Users\Ivan\Desktop\2017.5.26\040.vir
  [DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.188418 back-door program
  [NOTE]      The file was moved to the quarantine directory under the name '65834d08.qua'!
C:\Users\Ivan\Desktop\2017.5.26\041.vir
  [DETECTION] Is the TR/Spy.pzirm Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '30f449c9.qua'!
C:\Users\Ivan\Desktop\2017.5.26\042.vir
  [DETECTION] Is the TR/Crypt.Xpack.hjqgf Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '3d6338f8.qua'!
C:\Users\Ivan\Desktop\2017.5.26\043.vir
  [DETECTION] Is the TR/AD.MalwareCrypter.ivjfk Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '213d2cf7.qua'!
C:\Users\Ivan\Desktop\2017.5.26\044.vir
  [DETECTION] Is the TR/Agent.KV Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '10ef6132.qua'!
C:\Users\Ivan\Desktop\2017.5.26\045.vir
  [DETECTION] Is the TR/Dropper.Gen Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '7cbe753a.qua'!
C:\Users\Ivan\Desktop\2017.5.26\046.vir
  [DETECTION] Is the TR/Crypt.ZPACK.gcmxg Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '35255034.qua'!
C:\Users\Ivan\Desktop\2017.5.26\048.vir
  [DETECTION] Is the TR/Crypt.ZPACK.jyifo Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '6eb258fe.qua'!
C:\Users\Ivan\Desktop\2017.5.26\051.vir
  [DETECTION] Is the TR/Downloader.nhceb Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '0807541f.qua'!
C:\Users\Ivan\Desktop\2017.5.26\052.vir
  [DETECTION] Is the TR/Dropper.VB.ssaxe Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '5f8826b1.qua'!
C:\Users\Ivan\Desktop\2017.5.26\054.vir
  [DETECTION] Is the TR/Dropper.Gen Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '7dfa71bc.qua'!
C:\Users\Ivan\Desktop\2017.5.26\056.vir
    [0] Archive type: ZIP
    --> word/vbaProject.bin
        [DETECTION] Contains code of the W2000M/Agent.4582217 macro virus
        [WARNING]   Infected files in archives cannot be repaired
  [NOTE]      The file was moved to the quarantine directory under the name '15ec0b2a.qua'!
C:\Users\Ivan\Desktop\2017.5.26\058.vir
  [DETECTION] Is the TR/Dropper.VB.vfmhv Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '35980fa4.qua'!
C:\Users\Ivan\Desktop\2017.5.26\059.vir
  [DETECTION] Contains code of the W2000M/Dldr.Agent.69230 macro virus
  [NOTE]      The file was moved to the quarantine directory under the name '60834910.qua'!
C:\Users\Ivan\Desktop\2017.5.26\060.vir
  [DETECTION] Is the TR/Crypt.ZPACK.lwxie Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '019468b7.qua'!
C:\Users\Ivan\Desktop\2017.5.26\061.vir
    [0] Archive type: PDF
    --> pdf_file_12.avp
        [1] Archive type: ZIP
      --> word/vbaProject.bin
          [DETECTION] Contains code of the W2000M/Agent.4582217 macro virus
          [WARNING]   Infected files in archives cannot be repaired
  [NOTE]      The file was moved to the quarantine directory under the name '64372a3c.qua'!
C:\Users\Ivan\Desktop\2017.5.26\062.vir
  [DETECTION] Is the TR/Dropper.Gen Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '01e15e94.qua'!
C:\Users\Ivan\Desktop\2017.5.26\063.vir
    [0] Archive type: Base64
    --> Object
        [DETECTION] Contains code of the WM/Agent.246687 Word macro virus
        [WARNING]   Infected files in archives cannot be repaired
  [NOTE]      The file was moved to the quarantine directory under the name '12066207.qua'!
C:\Users\Ivan\Desktop\2017.5.26\064.vir
  [DETECTION] Is the TR/AD.ZbotCitadel.poqrx Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '00be1e85.qua'!
C:\Users\Ivan\Desktop\2017.5.26\066.vir
  [DETECTION] Is the TR/Spy.Agent.fmbdi Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '17e87d3e.qua'!
C:\Users\Ivan\Desktop\2017.5.26\067.vir
  [DETECTION] Is the TR/Crypt.Xpack.lwzwo Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '4dc94fb4.qua'!
C:\Users\Ivan\Desktop\2017.5.26\068.vir
  [DETECTION] Is the TR/Dropper.VB.evrol Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '68c535a7.qua'!
Successful Cloud SDK initialization and license check.
The file 'C:\Users\Ivan\Desktop\2017.5.26\070.vir' has been uploaded to the Protection Cloud and analyzed. SHA256 = A788124FD1DE301D1AD7326D863F8492CC2481CC974BAC74CA5B2BAC0F7AB38B
C:\Users\Ivan\Desktop\2017.5.26\070.vir (SHA-256: a788124fd1de301d1ad7326d863f8492cc2481cc974bac74ca5b2bac0f7ab38b)
  [DETECTION] Is the TR/Dropper.VB.Gen (Cloud) Trojan
  [INFO]      The file 'C:\Users\Ivan\Desktop\2017.5.26\070.vir' has been uploaded to the Protection Cloud and analyzed.
  [NOTE]      The file was moved to the quarantine directory under the name '52c628b9.qua'!
C:\Users\Ivan\Desktop\2017.5.26\071.vir
  [DETECTION] Is the TR/Dropper.MSIL.fxmmd Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '1c99223b.qua'!
C:\Users\Ivan\Desktop\2017.5.26\072.vir
  [DETECTION] Contains code of the W2000M/Agent.88231537 macro virus
  [NOTE]      The file was moved to the quarantine directory under the name '3e9a70b7.qua'!
C:\Users\Ivan\Desktop\2017.5.26\075.vir
  [DETECTION] Is the TR/Dropper.VB.ydckf Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '4b0c0896.qua'!
The file 'C:\Users\Ivan\Desktop\2017.5.26\078.vir' has been uploaded to the Protection Cloud and analyzed. SHA256 = 9057A2E7ACF8A611695D520341EA01A972B5A0AD316019C15E15E665C8DAD728
C:\Users\Ivan\Desktop\2017.5.26\078.vir (SHA-256: 9057a2e7acf8a611695d520341ea01a972b5a0ad316019c15e15e665c8dad728)
  [INFO]      The file 'C:\Users\Ivan\Desktop\2017.5.26\078.vir' has been uploaded to the Protection Cloud and analyzed.
The file 'C:\Users\Ivan\Desktop\2017.5.26\079.vir' has been uploaded to the Protection Cloud and analyzed. SHA256 = 1B0E2F458B31C39DFA1B59625D191ADEA9991447A5EB3B3CBF41D9BBEE6C7E00
C:\Users\Ivan\Desktop\2017.5.26\079.vir (SHA-256: 1b0e2f458b31c39dfa1b59625d191adea9991447a5eb3b3cbf41d9bbee6c7e00)
  [DETECTION] Contains suspicious code HEUR/APC (Cloud)
  [INFO]      The file 'C:\Users\Ivan\Desktop\2017.5.26\079.vir' has been uploaded to the Protection Cloud and analyzed.
  [NOTE]      The file was moved to the quarantine directory under the name '4a660733.qua'!
C:\Users\Ivan\Desktop\2017.5.26\080.vir
    [0] Archive type: PDF
    --> pdf_file_12.avp
        [1] Archive type: ZIP
      --> word/vbaProject.bin
          [DETECTION] Contains code of the W2000M/Agent.4582217 macro virus
          [WARNING]   Infected files in archives cannot be repaired
  [NOTE]      The file was moved to the quarantine directory under the name '605054f6.qua'!
C:\Users\Ivan\Desktop\2017.5.26\081.vir
  [DETECTION] Is the TR/Dropper.MSIL.erejb Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '07381c4e.qua'!
C:\Users\Ivan\Desktop\2017.5.26\082.vir
    [0] Archive type: ZIP
    --> word/vbaProject.bin
        [DETECTION] Contains code of the W2000M/Agent.88231497 macro virus
        [WARNING]   Infected files in archives cannot be repaired
  [NOTE]      The file was moved to the quarantine directory under the name '4c492558.qua'!
The file 'C:\Users\Ivan\Desktop\2017.5.26\084.vir' has been uploaded to the Protection Cloud and analyzed. SHA256 = E69EFED689A66321A9AD96BE4F5A4EF8333B8B7930FB375E29D7800A05CB05A0
C:\Users\Ivan\Desktop\2017.5.26\084.vir (SHA-256: e69efed689a66321a9ad96be4f5a4ef8333b8b7930fb375e29d7800a05cb05a0)
  [DETECTION] Contains suspicious code HEUR/APC (Cloud)
  [INFO]      The file 'C:\Users\Ivan\Desktop\2017.5.26\084.vir' has been uploaded to the Protection Cloud and analyzed.
  [NOTE]      The file was moved to the quarantine directory under the name '18025db8.qua'!
C:\Users\Ivan\Desktop\2017.5.26\085.vir
    [0] Archive type: PDF
    --> pdf_file_12.avp
        [1] Archive type: ZIP
      --> word/vbaProject.bin
          [DETECTION] Contains code of the W2000M/Agent.4582217 macro virus
          [WARNING]   Infected files in archives cannot be repaired
  [NOTE]      The file was moved to the quarantine directory under the name '4cb22f13.qua'!
C:\Users\Ivan\Desktop\2017.5.26\086.vir
  [DETECTION] Is the TR/Crypt.Xpack.mshjq Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '061c7a3d.qua'!
C:\Users\Ivan\Desktop\2017.5.26\089.vir
  [DETECTION] Is the TR/AD.RansomHeur.xrlrg Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '680855fc.qua'!
C:\Users\Ivan\Desktop\2017.5.26\090.vir
  [DETECTION] Is the TR/Dropper.VB.ielnl Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '251f0b94.qua'!
C:\Users\Ivan\Desktop\2017.5.26\092.vir
  [DETECTION] Is the TR/AD.BetaBot.tcybm Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '4d352ca5.qua'!
C:\Users\Ivan\Desktop\2017.5.26\093.vir
  [DETECTION] Is the TR/Crypt.Xpack.kaoxq Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '3787166a.qua'!
C:\Users\Ivan\Desktop\2017.5.26\094.vir
  [DETECTION] Is the TR/ATRAPS.Gen Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '46d44ad4.qua'!
The file 'C:\Users\Ivan\Desktop\2017.5.26\095.vir' has been uploaded to the Protection Cloud and analyzed. SHA256 = F55CFF0C8CAC01CA7BE2774619DE4F4FE00CDF94D2786E08CA415DC9081D578C
C:\Users\Ivan\Desktop\2017.5.26\095.vir (SHA-256: f55cff0c8cac01ca7be2774619de4f4fe00cdf94d2786e08ca415dc9081d578c)
  [DETECTION] Contains suspicious code HEUR/APC (Cloud)
  [INFO]      The file 'C:\Users\Ivan\Desktop\2017.5.26\095.vir' has been uploaded to the Protection Cloud and analyzed.
  [NOTE]      The file was moved to the quarantine directory under the name '7e3212bd.qua'!
C:\Users\Ivan\Desktop\2017.5.26\097.vir
    [0] Archive type: PDF
    --> pdf_file_15.avp
        [1] Archive type: ZIP
      --> [Content_Types].xml
          [DETECTION] Contains recognition pattern of the JS/Dldr.Agent.zumac Java script virus
          [WARNING]   Infected files in archives cannot be repaired
      --> word/vbaProject.bin
          [DETECTION] Contains code of the W2000M/Agent.4582217 macro virus
          [WARNING]   Infected files in archives cannot be repaired
  [NOTE]      The file was moved to the quarantine directory under the name '363660da.qua'!
C:\Users\Ivan\Desktop\2017.5.26\098.vir
  [DETECTION] Is the TR/Crypt.ZPACK.rssgx Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '4d471cb6.qua'!
C:\Users\Ivan\Desktop\2017.5.26\099.vir
  [DETECTION] Is the TR/Downloader.vsdfn Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '03236fd6.qua'!
C:\Users\Ivan\Desktop\2017.5.26\101.vir
  [DETECTION] Is the TR/Crypt.ZPACK.orcvu Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '7d6014fe.qua'!
C:\Users\Ivan\Desktop\2017.5.26\102.vir
  [DETECTION] Is the TR/Dropper.MSIL.cpdfg Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '09fb3c87.qua'!
C:\Users\Ivan\Desktop\2017.5.26\103.vir
  [DETECTION] Is the TR/Crypt.Xpack.vmdvt Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '02cc60f1.qua'!
The file 'C:\Users\Ivan\Desktop\2017.5.26\104.vir' has been uploaded to the Protection Cloud and analyzed. SHA256 = 3CF6B09DC35A0FA5037D8D62349B4F1CC91BD5F8F3EEC150A355CCDD284348A3
C:\Users\Ivan\Desktop\2017.5.26\104.vir (SHA-256: 3cf6b09dc35a0fa5037d8d62349b4f1cc91bd5f8f3eec150a355ccdd284348a3)
  [DETECTION] Contains suspicious code HEUR/APC (Cloud)
  [INFO]      The file 'C:\Users\Ivan\Desktop\2017.5.26\104.vir' has been uploaded to the Protection Cloud and analyzed.
  [NOTE]      The file was moved to the quarantine directory under the name '3bb13fd2.qua'!
The file 'C:\Users\Ivan\Desktop\2017.5.26\105.vir' has been uploaded to the Protection Cloud and analyzed. SHA256 = 93F86F4C5995C545AA361F475C0F7E12F25EB24182489077B104D2BFAD6FEDB9
C:\Users\Ivan\Desktop\2017.5.26\105.vir (SHA-256: 93f86f4c5995c545aa361f475c0f7e12f25eb24182489077b104d2bfad6fedb9)
  [DETECTION] Is the TR/Dropper.MSIL.Gen2 (Cloud) Trojan
  [INFO]      The file 'C:\Users\Ivan\Desktop\2017.5.26\105.vir' has been uploaded to the Protection Cloud and analyzed.
  [NOTE]      The file was moved to the quarantine directory under the name '44ad0da4.qua'!
C:\Users\Ivan\Desktop\2017.5.26\107.vir
  [DETECTION] Is the TR/Crypt.Xpack.oowcb Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '51107364.qua'!
C:\Users\Ivan\Desktop\2017.5.26\109.vir
  [DETECTION] Is the TR/Dropper.VB.mceaj Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '34475800.qua'!
C:\Users\Ivan\Desktop\2017.5.26\110.vir
    [0] Archive type: PDF
    --> pdf_file_15.avp
        [1] Archive type: ZIP
      --> word/vbaProject.bin
          [DETECTION] Contains code of the W2000M/Agent.4582217 macro virus
          [WARNING]   Infected files in archives cannot be repaired
  [NOTE]      The file was moved to the quarantine directory under the name '1c8b08a3.qua'!
C:\Users\Ivan\Desktop\2017.5.26\111.vir
  [DETECTION] Is the TR/Dropper.MSIL.sxyuy Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '68275100.qua'!
C:\Users\Ivan\Desktop\2017.5.26\114.vir
  [DETECTION] Is the TR/Dropper.VB.zxrkw Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '27292983.qua'!
C:\Users\Ivan\Desktop\2017.5.26\115.vir
    [0] Archive type: PDF
    --> pdf_file_12.avp
        [1] Archive type: ZIP
      --> word/vbaProject.bin
          [DETECTION] Contains code of the W2000M/Agent.4582217 macro virus
          [WARNING]   Infected files in archives cannot be repaired
  [NOTE]      The file was moved to the quarantine directory under the name '18fa7025.qua'!
The file 'C:\Users\Ivan\Desktop\2017.5.26\118.vir' has been uploaded to the Protection Cloud and analyzed. SHA256 = 8D03DC2BF1B0626F99853672EADDA6BE779C0219AAC99FE178E5B2C582E01BE0
C:\Users\Ivan\Desktop\2017.5.26\118.vir (SHA-256: 8d03dc2bf1b0626f99853672eadda6be779c0219aac99fe178e5b2c582e01be0)
  [DETECTION] Is the TR/Snarasite.8d03dc (Cloud) Trojan
  [INFO]      The file 'C:\Users\Ivan\Desktop\2017.5.26\118.vir' has been uploaded to the Protection Cloud and analyzed.
  [NOTE]      The file was moved to the quarantine directory under the name '08162026.qua'!
C:\Users\Ivan\Desktop\2017.5.26\119.vir
  [DETECTION] Is the TR/Crypt.Xpack.rguxi Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '62f07270.qua'!
The file 'C:\Users\Ivan\Desktop\2017.5.26\120.vir' has been uploaded to the Protection Cloud and analyzed. SHA256 = ECC1AE5584FB74B886032204DB0881F558D76F7462A21DA192D9A45039F20F20
C:\Users\Ivan\Desktop\2017.5.26\120.vir (SHA-256: ecc1ae5584fb74b886032204db0881f558d76f7462a21da192d9a45039f20f20)
  [DETECTION] Contains suspicious code HEUR/APC (Cloud)
  [INFO]      The file 'C:\Users\Ivan\Desktop\2017.5.26\120.vir' has been uploaded to the Protection Cloud and analyzed.
  [NOTE]      The file was moved to the quarantine directory under the name '7406605a.qua'![/mw_shl_code]
心醉咖啡
发表于 2017-5-26 09:51:09 | 显示全部楼层
管家

[mw_shl_code=css,true]【扫描信息】

开始时间:2017-5-26 09:49:55
扫描用时:00:00:04
扫描类型:指定位置杀毒
扫描引擎:管家云查杀引擎 管家反病毒引擎 管家系统修复引擎
扫描状态:扫描完成


【扫描结果】

扫描文件数:120
发现风险数:33
已处理风险数:33


---------------------
2017-5-26 09:50:29 MD5:d73585f44d51f46e7b79c865577a8e60 F:\浏览器下载\2017.5.26\026.vir [Win32.Trojan.Pws.akft]  [删除成功]
2017-5-26 09:50:30 MD5:b2657bb9e56be761310a74ee36baabcf F:\浏览器下载\2017.5.26\048.vir [Win32.Trojan.Kryptik.akzi]  [删除成功]
2017-5-26 09:50:30 MD5:7cb657c59e38d80634c0637e139c82e5 F:\浏览器下载\2017.5.26\033.vir [Win32.Trojan.Sporas.wqcp]  [删除成功]
2017-5-26 09:50:30 MD5:f570ef639b177b51c3de8049e8bd98b1 F:\浏览器下载\2017.5.26\009.vir [Win32.Trojan.Kryptik.huzb]  [删除成功]
2017-5-26 09:50:30 MD5:d10bcbbf260e3ff7c05ea1dbf1985700 F:\浏览器下载\2017.5.26\103.vir [Win32.Trojan.Sporas.eegz]  [删除成功]
2017-5-26 09:50:30 MD5:09605e1bc0f76b83d9f259261409c4f5 F:\浏览器下载\2017.5.26\081.vir [Msil.Trojan.Agent.apcu]  [删除成功]
2017-5-26 09:50:31 MD5:a7537e864e13a679d9d8341b34bd251e F:\浏览器下载\2017.5.26\027.vir [Win32.Trojan.Filecoder.sxeu]  [删除成功]
2017-5-26 09:50:31 MD5:cb9d0cc5e02845a6b844bc6bab72d46e F:\浏览器下载\2017.5.26\043.vir [Win32.Trojan.Win32.Trojan.Filecoder.jaff.supy]  [删除成功]
2017-5-26 09:50:31 MD5:c1848192296ceee5635354b7a467c3c7 F:\浏览器下载\2017.5.26\038.vir [Win32.AdWare.Icloader.gvj]  [删除成功]
2017-5-26 09:50:31 MD5:2c3a894b1fb04459c1c1f9c9b9a41260 F:\浏览器下载\2017.5.26\019.vir [Win32.Trojan.Kryptik.szlj]  [删除成功]
2017-5-26 09:50:31 MD5:ff3cc9441ff209102c4e5297db0f1194 F:\浏览器下载\2017.5.26\105.vir [Win32.Trojan.Generic.hupp]  [删除成功]
2017-5-26 09:50:32 MD5:d44909afd60c18a85af9cd06507620a2 F:\浏览器下载\2017.5.26\084.vir [Win32.Trojan.Zerber.piag]  [删除成功]
2017-5-26 09:50:32 MD5:392e2e4c690ff423c6e4cfa106c7f8e3 F:\浏览器下载\2017.5.26\028.vir [Win32.Trojan-QQPass.QQRob.lqer]  [删除成功]
2017-5-26 09:50:32 MD5:6580fc22d961a6e0e44b76c54de07050 F:\浏览器下载\2017.5.26\114.vir [Win32.Trojan.Vbkrypt.pfjc]  [删除成功]
2017-5-26 09:50:32 MD5:04383c10f95163b81cf470f5ef5ef3bb F:\浏览器下载\2017.5.26\051.vir [Win32.Trojan.Malware.Rsil]  [删除成功]
2017-5-26 09:50:33 MD5:9521b1b343fadad10d60b14ddcc6ef19 F:\浏览器下载\2017.5.26\024.vir [Win32.Exploit.Bypassuac.eckd]  [删除成功]
2017-5-26 09:50:33 MD5:94ce33fcdfa526278dcef7aa0964d97b F:\浏览器下载\2017.5.26\086.vir [Win32.Trojan.Kryptik.ajlp]  [删除成功]
2017-5-26 09:50:33 MD5:112f2673857ca17a5e89d6df45f90592 F:\浏览器下载\2017.5.26\029.vir [Win32.Trojan.Generic.jmf]  [删除成功]
2017-5-26 09:50:33 MD5:7c8bfe31856aedc052785f94b59a5d87 F:\浏览器下载\2017.5.26\119.vir [Win32.Trojan.Zerber.wlzb]  [删除成功]
2017-5-26 09:50:33 MD5:683d52589b11a81470675c223a920725 F:\浏览器下载\2017.5.26\067.vir [Win32.Trojan.Nymaim.losj]  [删除成功]
2017-5-26 09:50:34 MD5:09995058c42fd70da175b96da270be09 F:\浏览器下载\2017.5.26\040.vir [Win32.Trojan.Agent.akpf]  [删除成功]
2017-5-26 09:50:34 MD5:3482ea8ff2fbd45df599f76267abc26b F:\浏览器下载\2017.5.26\068.vir [Win32.Trojan.Cmy3u.ebzw]  [删除成功]
2017-5-26 09:50:34 MD5:8449e4fb42ef0961e7bf235b6192e781 F:\浏览器下载\2017.5.26\089.vir [Win32.Trojan.Filecoder.wkvh]  [删除成功]
2017-5-26 09:50:34 MD5:c98e73f9808e424030537cf69194c16d F:\浏览器下载\2017.5.26\041.vir [Win32.Trojan.Generic.akyo]  [删除成功]
2017-5-26 09:50:34 MD5:60efb8099e44bedb4dc9dc1ae3b24607 F:\浏览器下载\2017.5.26\011.vir [Win32.Worm.VBNA.crf]  [删除成功]
2017-5-26 09:50:35 MD5:8a8d0bb8a8c1f895fbc626bc0655f0cc F:\浏览器下载\2017.5.26\002.vir [Win32.Trojan.Generic.pbyx]  [删除成功]
2017-5-26 09:50:35 MD5:86814d6bcfa62d2d4bd4edf16dc8ca3b F:\浏览器下载\2017.5.26\092.vir [Win32.Trojan.Kryptik.ssqi]  [删除成功]
2017-5-26 09:50:35 MD5:37ea19d2a945abb46e122c0e4665f204 F:\浏览器下载\2017.5.26\070.vir [Win32.Trojan.Fsysna.edoi]  [删除成功]
2017-5-26 09:50:35 MD5:af1a7e7cdd16b8316407bcf7f6768311 F:\浏览器下载\2017.5.26\062.vir [Win32.Trojan.Xtrat.pgdp]  [删除成功]
2017-5-26 09:50:36 MD5:7c477b61f49b3effc4a019d5d7ee5197 F:\浏览器下载\2017.5.26\042.vir [Win32.Trojan.Zerber.edxh]  [删除成功]
2017-5-26 09:50:36 MD5:b8668dfa354776c0f429f03b9fb9c50e F:\浏览器下载\2017.5.26\005.vir [Win32.Trojan.Kryptik.angh]  [删除成功]
2017-5-26 09:50:36 MD5:5f3af297b52325bec01c1be1f9465db6 F:\浏览器下载\2017.5.26\093.vir [Win32.Backdoor.Androm.egek]  [删除成功]
2017-5-26 09:50:36 MD5:0d1775513c14276bd9e4279e38c2dbbe F:\浏览器下载\2017.5.26\078.vir [Win32.Trojan.Generic.lknw]  [删除成功]
---------------------
[/mw_shl_code]
Gollum
发表于 2017-5-26 09:56:21 | 显示全部楼层
BDTS

解压后


扫描后

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
XZ8SM7Sx0bVkoUV
发表于 2017-5-26 10:23:14 | 显示全部楼层
本帖最后由 XZ8SM7Sx0bVkoUV 于 2017-5-26 10:26 编辑

火绒

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
猥琐大叔
发表于 2017-5-26 10:30:33 | 显示全部楼层

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
275751198
发表于 2017-5-26 11:39:00 | 显示全部楼层
本帖最后由 275751198 于 2017-5-26 11:40 编辑

360 无BD无红伞,但改后缀名  72个

360杀毒扫描日志

病毒库版本:
扫描时间:2017-05-26 23:33:57
扫描用时:00:00:14
扫描类型:右键扫描
扫描文件总数:461
项目总数:72
清除项目数:72

扫描选项
----------------------
扫描所有文件:是
扫描压缩包:是
发现病毒处理方式:由用户选择处理
扫描磁盘引导区:是
扫描 Rootkit:是
使用云查杀引擎:是
使用QVM人工智能引擎:是
扫描建议修复项:是
常规引擎设置:未使用

扫描内容
----------------------
D:\360安全浏览器下载\2017.5.26


白名单设置
----------------------


扫描结果
======================
高危风险项
----------------------
D:\360安全浏览器下载\2017.5.26\001.rtf        virus.exp.20170199        已删除
D:\360安全浏览器下载\2017.5.26\003.pdf        virus.office.obfuscated.1        已删除
D:\360安全浏览器下载\2017.5.26\004.pdf        virus.office.obfuscated.1        已删除
D:\360安全浏览器下载\2017.5.26\007        virus.vbs.qexvmc.1        已删除
D:\360安全浏览器下载\2017.5.26\021.rtf        virus.exp.20170199        已删除
D:\360安全浏览器下载\2017.5.26\061.pdf        virus.office.obfuscated.1        已删除
D:\360安全浏览器下载\2017.5.26\069        virus.vbs.crypt.c        已删除
D:\360安全浏览器下载\2017.5.26\080.pdf        virus.office.obfuscated.1        已删除
D:\360安全浏览器下载\2017.5.26\085.pdf        virus.office.obfuscated.1        已删除
D:\360安全浏览器下载\2017.5.26\005.exe        HEUR/QVM20.1.6493.Malware.Gen        已删除
D:\360安全浏览器下载\2017.5.26\006.exe        HEUR/QVM03.0.6493.Malware.Gen        已删除
D:\360安全浏览器下载\2017.5.26\009.exe        HEUR/QVM20.1.6493.Malware.Gen        已删除
D:\360安全浏览器下载\2017.5.26\011.exe        HEUR/QVM03.0.6493.Malware.Gen        已删除
D:\360安全浏览器下载\2017.5.26\013.exe        HEUR/QVM03.0.6493.Malware.Gen        已删除
D:\360安全浏览器下载\2017.5.26\015.exe        HEUR/QVM03.0.6493.Malware.Gen        已删除
D:\360安全浏览器下载\2017.5.26\002.exe        HEUR/QVM07.1.6493.Malware.Gen        已删除
D:\360安全浏览器下载\2017.5.26\028.exe        感染型病毒(Win32/Trojan.d5f)        已删除
D:\360安全浏览器下载\2017.5.26\017.exe        HEUR/QVM03.0.6493.Malware.Gen        已删除
D:\360安全浏览器下载\2017.5.26\019.exe        HEUR/QVM07.1.6493.Malware.Gen        已删除
D:\360安全浏览器下载\2017.5.26\037.exe        感染型病毒(Win32/Trojan.a2f)        已删除
D:\360安全浏览器下载\2017.5.26\026.exe        HEUR/QVM19.1.6493.Malware.Gen        已删除
D:\360安全浏览器下载\2017.5.26\027.exe        HEUR/QVM03.0.6493.Malware.Gen        已删除
D:\360安全浏览器下载\2017.5.26\029.exe        HEUR/QVM20.1.6493.Malware.Gen        已删除
D:\360安全浏览器下载\2017.5.26\031.exe        HEUR/QVM10.1.6493.Malware.Gen        已删除
D:\360安全浏览器下载\2017.5.26\033.exe        HEUR/QVM20.1.6493.Malware.Gen        已删除
D:\360安全浏览器下载\2017.5.26\032.exe        HEUR/QVM03.0.6493.Malware.Gen        已删除
D:\360安全浏览器下载\2017.5.26\038.exe        HEUR/QVM07.1.6493.Malware.Gen        已删除
D:\360安全浏览器下载\2017.5.26\039.exe        HEUR/QVM03.0.6493.Malware.Gen        已删除
D:\360安全浏览器下载\2017.5.26\041.exe        HEUR/QVM03.0.6493.Malware.Gen        已删除
D:\360安全浏览器下载\2017.5.26\078.exe        HEUR/QVM18.1.6450.Malware.Gen        已删除
D:\360安全浏览器下载\2017.5.26\042.exe        HEUR/QVM20.1.6493.Malware.Gen        已删除
D:\360安全浏览器下载\2017.5.26\043.exe        HEUR/QVM09.0.6493.Malware.Gen        已删除
D:\360安全浏览器下载\2017.5.26\048.exe        HEUR/QVM10.1.6493.Malware.Gen        已删除
D:\360安全浏览器下载\2017.5.26\051.exe        HEUR/QVM05.1.6493.Malware.Gen        已删除
D:\360安全浏览器下载\2017.5.26\052.exe        HEUR/QVM03.0.6493.Malware.Gen        已删除
D:\360安全浏览器下载\2017.5.26\054.exe        HEUR/QVM20.1.6493.Malware.Gen        已删除
D:\360安全浏览器下载\2017.5.26\058.exe        HEUR/QVM03.0.6493.Malware.Gen        已删除
D:\360安全浏览器下载\2017.5.26\094.exe        HEUR/QVM05.1.6450.Malware.Gen        已删除
D:\360安全浏览器下载\2017.5.26\095.exe        HEUR/QVM06.2.6450.Malware.Gen        已删除
D:\360安全浏览器下载\2017.5.26\064.exe        HEUR/QVM09.0.6493.Malware.Gen        已删除
D:\360安全浏览器下载\2017.5.26\062.exe        HEUR/QVM03.0.6493.Malware.Gen        已删除
D:\360安全浏览器下载\2017.5.26\067.exe        HEUR/QVM20.1.6493.Malware.Gen        已删除
D:\360安全浏览器下载\2017.5.26\068.exe        HEUR/QVM03.0.6493.Malware.Gen        已删除
D:\360安全浏览器下载\2017.5.26\070.exe        HEUR/QVM03.0.6493.Malware.Gen        已删除
D:\360安全浏览器下载\2017.5.26\084.exe        感染型病毒(Win32/Trojan.2ff)        已删除
D:\360安全浏览器下载\2017.5.26\086.exe        HEUR/QVM20.1.6493.Malware.Gen        已删除
D:\360安全浏览器下载\2017.5.26\089.exe        HEUR/QVM11.1.6493.Malware.Gen        已删除
D:\360安全浏览器下载\2017.5.26\090.exe        HEUR/QVM03.0.6493.Malware.Gen        已删除
D:\360安全浏览器下载\2017.5.26\093.exe        HEUR/QVM07.1.6493.Malware.Gen        已删除
D:\360安全浏览器下载\2017.5.26\102.exe        HEUR/QVM03.0.6493.Malware.Gen        已删除
D:\360安全浏览器下载\2017.5.26\103.exe        HEUR/QVM20.1.6493.Malware.Gen        已删除
D:\360安全浏览器下载\2017.5.26\105.exe        HEUR/QVM03.0.6493.Malware.Gen        已删除
D:\360安全浏览器下载\2017.5.26\107.exe        HEUR/QVM07.1.6493.Malware.Gen        已删除
D:\360安全浏览器下载\2017.5.26\109.exe        HEUR/QVM03.0.6493.Malware.Gen        已删除
D:\360安全浏览器下载\2017.5.26\114.exe        HEUR/QVM03.0.6493.Malware.Gen        已删除
D:\360安全浏览器下载\2017.5.26\111.exe        HEUR/QVM03.0.6493.Malware.Gen        已删除
D:\360安全浏览器下载\2017.5.26\119.exe        HEUR/QVM20.1.6493.Malware.Gen        已删除
D:\360安全浏览器下载\2017.5.26\023.doc        virus.office.qexvmc.1100        已修复
D:\360安全浏览器下载\2017.5.26\097.pdf        virus.office.obfuscated.1        已删除
D:\360安全浏览器下载\2017.5.26\040.exe        后门程序(Backdoor.Win32.Gh0st.FR)        已删除
D:\360安全浏览器下载\2017.5.26\076.JS        virus.js.qexvmc.1        已删除
D:\360安全浏览器下载\2017.5.26\091.doc        感染型病毒(Win32/Trojan.Script.af7)        已删除
D:\360安全浏览器下载\2017.5.26\110.pdf        virus.office.obfuscated.1        已删除
D:\360安全浏览器下载\2017.5.26\030.doc        宏病毒(macro.office.vba.gen.3037)        已修复
D:\360安全浏览器下载\2017.5.26\059.doc        macro.ole.downloader.35        已修复
D:\360安全浏览器下载\2017.5.26\056.docx        virus.office.obfuscated.1        已删除
D:\360安全浏览器下载\2017.5.26\100.docx        virus.vbs.qexvmc.1090        已删除
D:\360安全浏览器下载\2017.5.26\106.docx        virus.vbs.qexvmc.1090        已删除
D:\360安全浏览器下载\2017.5.26\065.docx        virus.vbs.qexvmc.1090        已删除
D:\360安全浏览器下载\2017.5.26\117.docx        virus.vbs.qexvmc.1090        已删除
D:\360安全浏览器下载\2017.5.26\115.pdf        virus.office.obfuscated.1        已删除
D:\360安全浏览器下载\2017.5.26\014.exe=>osk1.cmd        virus.bat.restrictrun.a        已删除




可疑文件上传结果
----------------------
d:\360安全浏览器下载\2017.5.26\002.exe        上传成功
d:\360安全浏览器下载\2017.5.26\005.exe        上传成功
d:\360安全浏览器下载\2017.5.26\006.exe        上传成功
d:\360安全浏览器下载\2017.5.26\015.exe        上传成功
d:\360安全浏览器下载\2017.5.26\017.exe        上传成功
d:\360安全浏览器下载\2017.5.26\019.exe        上传成功
d:\360安全浏览器下载\2017.5.26\026.exe        上传成功
d:\360安全浏览器下载\2017.5.26\027.exe        上传成功
d:\360安全浏览器下载\2017.5.26\029.exe        上传成功
d:\360安全浏览器下载\2017.5.26\030.doc        上传成功
d:\360安全浏览器下载\2017.5.26\031.exe        上传成功
d:\360安全浏览器下载\2017.5.26\032.exe        上传成功
d:\360安全浏览器下载\2017.5.26\033.exe        上传成功
d:\360安全浏览器下载\2017.5.26\038.exe        上传成功
d:\360安全浏览器下载\2017.5.26\041.exe        上传成功
d:\360安全浏览器下载\2017.5.26\043.exe        上传成功
d:\360安全浏览器下载\2017.5.26\048.exe        上传成功
d:\360安全浏览器下载\2017.5.26\051.exe        上传成功
d:\360安全浏览器下载\2017.5.26\054.exe        上传成功
d:\360安全浏览器下载\2017.5.26\056.docx        上传成功
d:\360安全浏览器下载\2017.5.26\059.doc        上传成功
d:\360安全浏览器下载\2017.5.26\062.exe        上传成功
d:\360安全浏览器下载\2017.5.26\064.exe        上传成功
d:\360安全浏览器下载\2017.5.26\065.docx        上传成功
d:\360安全浏览器下载\2017.5.26\068.exe        上传成功
d:\360安全浏览器下载\2017.5.26\070.exe        上传成功
d:\360安全浏览器下载\2017.5.26\081.exe        上传成功
d:\360安全浏览器下载\2017.5.26\086.exe        上传成功
d:\360安全浏览器下载\2017.5.26\089.exe        上传成功
d:\360安全浏览器下载\2017.5.26\090.exe        上传成功
d:\360安全浏览器下载\2017.5.26\093.exe        上传成功
d:\360安全浏览器下载\2017.5.26\100.docx        上传成功
d:\360安全浏览器下载\2017.5.26\102.exe        上传成功
d:\360安全浏览器下载\2017.5.26\103.exe        上传成功
d:\360安全浏览器下载\2017.5.26\105.exe        上传成功
d:\360安全浏览器下载\2017.5.26\106.docx        上传成功
d:\360安全浏览器下载\2017.5.26\107.exe        上传成功
d:\360安全浏览器下载\2017.5.26\109.exe        上传成功
d:\360安全浏览器下载\2017.5.26\111.exe        上传成功
d:\360安全浏览器下载\2017.5.26\114.exe        上传成功
d:\360安全浏览器下载\2017.5.26\117.docx        上传成功
d:\360安全浏览器下载\2017.5.26\119.exe        上传成功

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
尘梦幽然
发表于 2017-5-26 12:00:40 | 显示全部楼层

BD只有删除没有修复吗
学雷锋做人
头像被屏蔽
发表于 2017-5-26 12:25:59 | 显示全部楼层
本帖最后由 学雷锋做人 于 2017-5-26 12:45 编辑

火绒25日病毒库,最新的

360安全卫士 无红伞


本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
Gollum
发表于 2017-5-26 12:26:59 | 显示全部楼层
尘梦幽然 发表于 2017-5-26 12:00
BD只有删除没有修复吗

修复指的是
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-12-23 18:51 , Processed in 0.159359 second(s), 18 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表