【11.20】#VirusPackage 50x

Jerry.Lin

https://abuaaedugr-my.sharepoint ... a4c83bdc431aa13d27e

所采集样本均为当日流行病毒，建议二扫上报，欢迎双击。


火绒KILL9

1. 病毒库：2017/11/17 17:05
   
2. 开始时间：2017/11/20 20:05
   
3. 总计用时：00:00:27
   
4. 扫描对象：3360个
   
5. 扫描文件：50个
   
6. 发现风险：9个
   
7. 已处理风险：9个
   
8. 发现系统修复项：0个
   
9. 处理系统修复项：0个
   
10. 
    
11. 病毒详情
    
12. 
    
13. 风险路径：C:\Users\USER\Downloads\Compressed\Virus Test\Virus50x 1120\Virus(11).vir.XLS, 病毒名：HEUR:OMacro/Autoex.a, 病毒ID：[a845db595363c490], 处理结果：已处理
    
14. 风险路径：C:\Users\USER\Downloads\Compressed\Virus Test\Virus50x 1120\Virus(10).vir.dll, 病毒名：Trojan/Urlbot.b, 病毒ID：[20c51be6f78c41be], 处理结果：已处理
    
15. 风险路径：C:\Users\USER\Downloads\Compressed\Virus Test\Virus50x 1120\Virus(12).vir.exe, 病毒名：HVM:Trojan/Injector.gen!A, 病毒ID：[cc4a875f53a5d678], 处理结果：已处理
    
16. 风险路径：C:\Users\USER\Downloads\Compressed\Virus Test\Virus50x 1120\Virus(22).vir.exe, 病毒名：Ransom/Skunk.a, 病毒ID：[cc6a2d79f08bcaba], 处理结果：已处理
    
17. 风险路径：C:\Users\USER\Downloads\Compressed\Virus Test\Virus50x 1120\Virus(13).vir.html, 病毒名：SVM:TrojanDownloader/JS.Nemucod.y, 病毒ID：[89692fc7045db0f], 处理结果：已处理
    
18. 风险路径：C:\Users\USER\Downloads\Compressed\Virus Test\Virus50x 1120\Virus(39).vir.XLS, 病毒名：OMacro/Downloader.vm, 病毒ID：[473d1835839b1d4e], 处理结果：已处理
    
19. 风险路径：C:\Users\USER\Downloads\Compressed\Virus Test\Virus50x 1120\Virus(34).vir.exe, 病毒名：VirTool/Kovter.p, 病毒ID：[e92bbf97494898d2], 处理结果：已处理
    
20. 风险路径：C:\Users\USER\Downloads\Compressed\Virus Test\Virus50x 1120\Virus(8).vir.exe, 病毒名：Adware/Destiny, 病毒ID：[f1bc38934c79103a], 处理结果：已处理
    
21. 风险路径：C:\Users\USER\Downloads\Compressed\Virus Test\Virus50x 1120\Virus(47).vir.exe, 病毒名：HEUR:VirTool/Obfuscator.gen!C, 病毒ID：[9f7c74f7afee22c], 处理结果：已处理
    

复制代码

更新后二扫+1

1. 病毒库：2017/11/20 16:09
   
2. 开始时间：2017/11/20 20:45
   
3. 总计用时：00:00:24
   
4. 扫描对象：3375个
   
5. 扫描文件：43个
   
6. 发现风险：1个
   
7. 已处理风险：1个
   
8. 发现系统修复项：0个
   
9. 处理系统修复项：0个
   
10. 
    
11. 病毒详情
    
12. 
    
13. 风险路径：C:\Users\USER\Downloads\Compressed\Virus Test\Virus50x 1120\Virus(41).vir.exe, 病毒名：Trojan/Generic!CC22F0F7D24CFBAC, 病毒ID：[cc22f0f7d24cfbac], 处理结果：已处理
    

复制代码

猥琐大叔

bbs2811125

ESET kill 35x，其中修复3x

1. 
   
2. Version of virus signature database: 16440P (20171120)
   
3. Scanned disks, folders and files: D:\搜狗高速下载\Virus50x 1120\Virus50x 1120
   
4. D:\搜狗高速下载\Virus50x 1120\Virus50x 1120\Virus(1).vir.exe - a variant of Win32/Injector.DTMG trojan - cleaned by deleting [1]
   
5. D:\搜狗高速下载\Virus50x 1120\Virus50x 1120\Virus(10).vir.dll - a variant of Win32/Urlbot.NAX trojan - cleaned by deleting [1]
   
6. D:\搜狗高速下载\Virus50x 1120\Virus50x 1120\Virus(17).vir.exe - a variant of MSIL/Filecoder.FU trojan - cleaned by deleting [1]
   
7. D:\搜狗高速下载\Virus50x 1120\Virus50x 1120\Virus(2).vir.exe - a variant of Win32/Injector.DTMG trojan - cleaned by deleting [1]
   
8. D:\搜狗高速下载\Virus50x 1120\Virus50x 1120\Virus(20).vir.vbs - VBS/Kryptik.AV trojan - cleaned by deleting [1]
   
9. D:\搜狗高速下载\Virus50x 1120\Virus50x 1120\Virus(22).vir.exe - a variant of Win32/Filecoder.FV trojan - cleaned by deleting [1]
   
10. D:\搜狗高速下载\Virus50x 1120\Virus50x 1120\Virus(23).vir.DOCX - DOC/TrojanDownloader.Agent.CO trojan - cleaned by deleting [1]
    
11. D:\搜狗高速下载\Virus50x 1120\Virus50x 1120\Virus(24).vir.exe - a variant of Win32/TrojanDownloader.Delf.CFW trojan - cleaned by deleting [1]
    
12. D:\搜狗高速下载\Virus50x 1120\Virus50x 1120\Virus(25).vir.js - VBS/Obfuscated.G trojan - cleaned by deleting [1]
    
13. D:\搜狗高速下载\Virus50x 1120\Virus50x 1120\Virus(26).vir.exe - a variant of Win32/GenKryptik.BEIB trojan - cleaned by deleting [1]
    
14. D:\搜狗高速下载\Virus50x 1120\Virus50x 1120\Virus(27).vir.exe - a variant of Win32/Injector.DTQR trojan - cleaned by deleting [1]
    
15. D:\搜狗高速下载\Virus50x 1120\Virus50x 1120\Virus(29).vir.DOCX - a variant of Generik.IQDJHC trojan - cleaned by deleting [1]
    
16. D:\搜狗高速下载\Virus50x 1120\Virus50x 1120\Virus(31).vir.exe - a variant of Win32/Injector.DTQY trojan - cleaned by deleting [1]
    
17. D:\搜狗高速下载\Virus50x 1120\Virus50x 1120\Virus(32).vir.exe - a variant of MSIL/Packed.Confuser.J suspicious application - cleaned by deleting [1]
    
18. D:\搜狗高速下载\Virus50x 1120\Virus50x 1120\Virus(33).vir.vbs - VBS/Kryptik.D trojan - cleaned by deleting [1]
    
19. D:\搜狗高速下载\Virus50x 1120\Virus50x 1120\Virus(34).vir.exe - a variant of Generik.LBVIEQN trojan - cleaned by deleting [1]
    
20. D:\搜狗高速下载\Virus50x 1120\Virus50x 1120\Virus(35).vir.Linux_ELF - a variant of Linux/Dnsamp.D trojan - cleaned by deleting [1]
    
21. D:\搜狗高速下载\Virus50x 1120\Virus50x 1120\Virus(36).vir.exe - a variant of Win32/GenKryptik.BEOO trojan - cleaned by deleting [1]
    
22. D:\搜狗高速下载\Virus50x 1120\Virus50x 1120\Virus(37).vir.DOC - VBA/TrojanDownloader.Agent.FJH trojan - cleaned
    
23. D:\搜狗高速下载\Virus50x 1120\Virus50x 1120\Virus(39).vir.XLS - VBA/TrojanDownloader.Agent.FGU trojan - cleaned
    
24. D:\搜狗高速下载\Virus50x 1120\Virus50x 1120\Virus(40).vir.exe - a variant of Win32/GenKryptik.BEOO trojan - cleaned by deleting [1]
    
25. D:\搜狗高速下载\Virus50x 1120\Virus50x 1120\Virus(41).vir.exe - a variant of Win32/GenKryptik.BDIN trojan - cleaned by deleting [1]
    
26. D:\搜狗高速下载\Virus50x 1120\Virus50x 1120\Virus(42).vir.exe - a variant of Win32/GenKryptik.BDIN trojan - cleaned by deleting [1]
    
27. D:\搜狗高速下载\Virus50x 1120\Virus50x 1120\Virus(43).vir.exe - a variant of MSIL/Injector.SSQ trojan - cleaned by deleting [1]
    
28. D:\搜狗高速下载\Virus50x 1120\Virus50x 1120\Virus(44).vir.exe » NSIS » Script.nsi - NSIS/TrojanDownloader.Agent.NWV trojan - cleaned by deleting [1]
    
29. D:\搜狗高速下载\Virus50x 1120\Virus50x 1120\Virus(45).vir.exe - Win32/Spy.Ursnif.BK trojan - cleaned by deleting [1]
    
30. D:\搜狗高速下载\Virus50x 1120\Virus50x 1120\Virus(47).vir.exe - a variant of Win32/Kryptik.FZFA trojan - cleaned by deleting [1]
    
31. D:\搜狗高速下载\Virus50x 1120\Virus50x 1120\Virus(48).vir.exe - a variant of Win32/Injector.DTQS trojan - cleaned by deleting [1]
    
32. D:\搜狗高速下载\Virus50x 1120\Virus50x 1120\Virus(49).vir.Linux_ELF - a variant of Linux/CoinMiner.B trojan - cleaned by deleting [1]
    
33. D:\搜狗高速下载\Virus50x 1120\Virus50x 1120\Virus(5).vir.html - VBS/TrojanDownloader.Agent.PJI trojan - cleaned by deleting [1]
    
34. D:\搜狗高速下载\Virus50x 1120\Virus50x 1120\Virus(50).vir.jar - Java/Adwind.AAU trojan - cleaned by deleting [1]
    
35. D:\搜狗高速下载\Virus50x 1120\Virus50x 1120\Virus(6).vir.exe - a variant of Win32/Injector.DTQV trojan - cleaned by deleting [1]
    
36. D:\搜狗高速下载\Virus50x 1120\Virus50x 1120\Virus(7).vir.exe - a variant of Win32/GenKryptik.BENW trojan - cleaned by deleting [1]
    
37. D:\搜狗高速下载\Virus50x 1120\Virus50x 1120\Virus(8).vir.exe » ZIP »  - archive damaged
    
38. D:\搜狗高速下载\Virus50x 1120\Virus50x 1120\Virus(9).vir.exe - a variant of Win32/Injector.DTRA trojan - cleaned by deleting [1]
    

复制代码

SEP补充4x，4 advml.B、21 trojan、12ransom 、15 downloader 剩余12x

DF快递

avast kill 32x, 剩下18x

ELOHIM

一扫余文件如下：

1. 2017/11/20  16:52           776,242 VIRUS(~1.EXE Virus(1).vir.exe
   
2. 2017/11/20  19:02           632,320 VIRUS(~1.DLL Virus(10).vir.dll
   
3. 2017/11/20  19:08           293,376 VIRUS(~1.XLS Virus(11).vir.XLS
   
4. 2017/11/20  09:11            33,483 VIRUS(~1.HTM Virus(13).vir.html
   
5. 2017/11/20  19:04             9,381 VIRUS(~1.RTF Virus(14).vir.rtf
   
6. 2017/11/20  16:53           166,966 VIRUS(~1.DOC Virus(16).vir.DOCX
   
7. 2017/11/20  19:06             9,383 VIRUS(~2.RTF Virus(18).vir.rtf
   
8. 2017/11/20  16:48         2,432,695 VIRUS(~3.RTF Virus(19).vir.rtf
   
9. 2017/11/20  16:49           694,322 VI21C9~1.EXE Virus(2).vir.exe
   
10. 2017/11/20  09:08           224,768 VIDF26~1.EXE Virus(21).vir.exe
    
11. 2017/11/20  09:08            72,804 VIRUS(~2.DOC Virus(23).vir.DOCX
    
12. 2017/11/20  09:13         1,417,216 VI72AC~1.EXE Virus(24).vir.exe
    
13. 2017/11/20  09:19            17,158 VIRUS(~1.JS  Virus(25).vir.js
    
14. 2017/11/20  16:48           450,560 VI7A47~1.EXE Virus(27).vir.exe
    
15. 2017/11/20  19:05           548,429 VIRUS(~1.JAR Virus(28).vir.jar
    
16. 2017/11/20  19:05            50,481 VIRUS(~3.DOC Virus(29).vir.DOCX
    
17. 2017/11/20  09:11           286,706 VIRUS(~4.RTF Virus(3).vir.rtf
    
18. 2017/11/20  16:52             8,867 VI607C~1.RTF Virus(30).vir.rtf
    
19. 2017/11/20  19:03           260,608 VIDDD3~1.EXE Virus(34).vir.exe
    
20. 2017/11/20  16:46            35,137 VIRUS(~1.LIN Virus(35).vir.Linux_ELF
    
21. 2017/11/20  19:07           670,720 VIAA8A~1.EXE Virus(36).vir.exe
    
22. 2017/11/20  19:06           969,380 VI8395~1.EXE Virus(38).vir.exe
    
23. 2017/11/20  09:18            12,800 VI25F1~1.EXE Virus(4).vir.exe
    
24. 2017/11/20  16:45           852,480 VIDB6A~1.EXE Virus(40).vir.exe
    
25. 2017/11/20  09:10           315,392 VI1189~1.EXE Virus(43).vir.exe
    
26. 2017/11/20  09:13           107,771 VI850F~1.EXE Virus(44).vir.exe
    
27. 2017/11/20  09:18           780,504 VI3159~1.EXE Virus(46).vir.exe
    
28. 2017/11/20  16:45           487,936 VICCC3~1.EXE Virus(47).vir.exe
    
29. 2017/11/20  09:21         2,375,985 VIRUS(~2.LIN Virus(49).vir.Linux_ELF
    
30. 2017/11/20  09:13             8,253 VIRUS(~2.HTM Virus(5).vir.html
    
31. 2017/11/20  09:22           523,044 VIRUS(~2.JAR Virus(50).vir.jar
    
32. 2017/11/20  09:19           840,904 VI3C77~1.EXE Virus(8).vir.exe

复制代码

QQ137

管家 kill8

卡巴kill38x，其中清除16号docx（但貌似清的不彻底，清除后的文件https://www.virustotal.com/#/fil ... 7f05f627e/detection，估计释放的东西清了，漏洞利用的释放行为还在。）

dongwenqi

卡巴修复1个，剩余13个，KILL36个

Monismith

fsp kill 33X

zst470396853

3Q