本帖最后由 小飞侠.net 于 2018-5-11 23:24 编辑
瑞星---(Windows 10 Creators Update(Redstone 4)....1803):云引擎(开)RDM+引擎(开)
瑞星反恶软引擎命令行扫描器(社区交流版)
编译于:Sep 22 2017 15:07:50
提示:
- 本工具供社区交流使用,请勿用于其他用途
- 本工具没有恶意软件删除、清除、隔离功能
- 本工具包含开发中的新特性,结果仅供参考
* 命令行中的选项开关:-output-json -log=C:\瑞星RDM+引擎\ScanLog_180511232317.log
* 获取恶软签名库最新版本 ...
* 下载恶软签名库配置文件 ...
* 创建恶软签名库升级组件 ...
* 计算并下载增量文件 ...
* 升级恶软签名库 ...
* 恶软签名库升级成功
* 扫描目标 : (1) C:\Users\Admin\Desktop\AVtest100\Virus8x 0511Siggen
* 加载恶软签名库: C:\瑞星RDM+引擎/malware.rmd
* 恶软签名库加载成功,发布序号为 4222
* 读取恶软签名库配置 ...
* 云辅助扫描组件初始化失败.
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
扫描开始: Fri May 11 23:23:31 2018
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\Virus8x 0511Siggen\\Virus8x 0511\\(5).exe","infect":{"engine":"rdmk","signature":"cmRtazpjr0bgCY+6YsAqqMVH+j3T","threat":"Malware.Heuristic!ET#94%"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\Virus8x 0511Siggen\\Virus8x 0511\\(4).exe","infect":{"engine":"rdmk","signature":"cmRtazq1c49ckf+bGDnUUyBAErln","threat":"Malware.Heuristic!ET#91%"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\Virus8x 0511Siggen\\Virus8x 0511\\(7).exe","infect":{"engine":"rdmk","signature":"cmRtazoXKYOWenbEMfPLd0e3lkDW","threat":"Malware.Heuristic!ET#81%"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\Virus8x 0511Siggen\\Virus8x 0511\\(2).exe","infect":{"engine":"rdmk","signature":"cmRtazqpBereoLNmbYd9cZzFzP4l","threat":"Malware.Heuristic!ET#99%"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\Virus8x 0511Siggen\\Virus8x 0511\\(1).exe","infect":{"engine":"sha1","signature":"c2hhMTqH9yzQ372oRjqHDq7nVOpa/nCCRA","threat":"Trojan.GenKryptik!8.AA55"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\Virus8x 0511Siggen\\Virus8x 0511\\(8).exe","infect":{"engine":"sha1","signature":"c2hhMTq8MxrHdgI88OG1HnRbytZvl2wktA","threat":"Exploit.Generic!8.3E1"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\Virus8x 0511Siggen\\Virus8x 0511\\(6).exe","infect":{"engine":"sha1","signature":"c2hhMTqs60IAjtBg1Z2Ovvk0Ixx3AJhnoQ","threat":"Trojan.Cloxer!8.F54F"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\Virus8x 0511Siggen\\Virus8x 0511\\(3).exe","infect":{"engine":"sha1","signature":"c2hhMTq9gdXN8VPzrNSy3yWXCqjTXcNN3g","threat":"Trojan.Ransom-Locky!8.4655"},"type":"scan"}
扫描结束: Fri May 11 23:23:32 2018
总扫描耗时: 0:0:392(m:s:ms)
总扫描对象: 8
总扫描文件: 8
总恶意文件: 8
有效检出率: 100.00%
X-Sec Antivirus ---(Windows 10 Creators Update(Redstone 4)....1803):
Basic Info:
---------------------
Database Version: 2018.05.09.01
Program Version: [图片]2.1.1.0
Heuristic Engine: Enabled
Cloud Engine: Enabled
Enhanced Mode: Disabled
Backup Before Resolve: Yes
Resolve Threats: Scan only
Scan Priority: Normal
---------------------
Targets:
---------------------
C:\Users\Admin\Desktop\AVtest100\Virus8x 0511Siggen
---------------------
2018/05/11 23:15:01 Threat Detected: C:\Users\Admin\Desktop\AVtest100\Virus8x 0511Siggen\Virus8x 0511\(2).exe -- [Cloud] Cloud:Trojan.Win32.Injector
2018/05/11 23:15:01 Threat Detected: C:\Users\Admin\Desktop\AVtest100\Virus8x 0511Siggen\Virus8x 0511\(1).exe -- [Cloud] Cloud:Trojan.Win32.AgentTesla
2018/05/11 23:15:02 Threat Detected: C:\Users\Admin\Desktop\AVtest100\Virus8x 0511Siggen\Virus8x 0511\(3).exe -- [Cloud] Cloud:Trojan.Win32.Generic
2018/05/11 23:15:02 Threat Detected: C:\Users\Admin\Desktop\AVtest100\Virus8x 0511Siggen\Virus8x 0511\(4).exe -- [Cloud] Cloud:Backdoor.Win32.ImmiRat
2018/05/11 23:15:02 Threat Detected: C:\Users\Admin\Desktop\AVtest100\Virus8x 0511Siggen\Virus8x 0511\(6).exe -- [Cloud] Cloud:Trojan.Win32.Banker
2018/05/11 23:15:02 Threat Detected: C:\Users\Admin\Desktop\AVtest100\Virus8x 0511Siggen\Virus8x 0511\(5).exe -- [Cloud] Cloud:Trojan.Win32.Generic
2018/05/11 23:15:03 Threat Detected: C:\Users\Admin\Desktop\AVtest100\Virus8x 0511Siggen\Virus8x 0511\(7).exe -- [Cloud] Cloud:Trojan.Win32.LokiBot
2018/05/11 23:15:04 Threat Detected: C:\Users\Admin\Desktop\AVtest100\Virus8x 0511Siggen\Virus8x 0511\(8).exe -- [Cloud] Cloud:Backdoor.Win32.Remcos
Emsisoft Emergency Kit - 版本 2018.3
上次更新: 2018/5/11 22:15:46
用户帐号: TECLAST\Admin
电脑名称: TECLAST
操作系统版本: Windows 10x64
Emsisoft Emergency Kit 绿色免费版
(已开启)加入 Emsisoft 云、更新源:测试版
Bitdefender(B)+Emsisoft(A) 双引擎
扫描设置:
扫描方式: 自定义扫描
对象: Rootkits, 内存, C:\Users\Admin\Desktop\AVtest100\Virus8x 0511Siggen\
检测流氓软件(PUPs): On
扫描压缩包: On
扫描邮件存档: Off
ADS数据流: On
文件扩展名过滤: Off
直接磁盘访问: Off
扫描开始于: 2018/5/11 23:11:41
C:\Users\Admin\Desktop\AVtest100\Virus8x 0511Siggen\Virus8x 0511\(2).exe 发现风险: Trojan.Injector (A) [293869]
C:\Users\Admin\Desktop\AVtest100\Virus8x 0511Siggen\Virus8x 0511\(6).exe 发现风险: Trojan.GenericKD.40231851 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\Virus8x 0511Siggen\Virus8x 0511\(3).exe 发现风险: Trojan.GenericKD.30766705 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\Virus8x 0511Siggen\Virus8x 0511\(8).exe 发现风险: Trojan.GenericKD.40230978 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\Virus8x 0511Siggen\Virus8x 0511\(5).exe 发现风险: Trojan.GenericKDZ.43918 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\Virus8x 0511Siggen\Virus8x 0511\(4).exe 发现风险: Gen:Trojan.Heur.DNP.BmW@aOHdT2F (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\Virus8x 0511Siggen\Virus8x 0511\(7).exe 发现风险: Trojan.GenericKD.30737861 (B) [krnl.xmd]
已扫描 1849
发现 7
扫描完成后: 2018/5/11 23:12:02
扫描时间: 0:00:21
ESET Smart Security Premium 64位(高级启发式(Y)+压缩文件(Y)+自解压加壳(Y)+DNA智能签名(Y)++(Windows 10 Creators Update(Redstone 4)....1803):
日志
正在扫描日志
检测引擎的版本: 17368P (20180511)
日期: 2018/5/11 时间: 23:08:41
已扫描的磁盘、文件夹和文件: C:\Users\Admin\Desktop\AVtest100\Virus8x 0511Siggen
C:\Users\Admin\Desktop\AVtest100\Virus8x 0511Siggen\Virus8x 0511\(1).exe - MSIL/Spy.Agent.AES 特洛伊木马 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\Virus8x 0511Siggen\Virus8x 0511\(2).exe - Win32/Injector.DXXS 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\Virus8x 0511Siggen\Virus8x 0511\(4).exe - MSIL/Kryptik.NCF 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\Virus8x 0511Siggen\Virus8x 0511\(5).exe - Win32/Injector.DXXE 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\Virus8x 0511Siggen\Virus8x 0511\(6).exe - Generik.CHWDKAE 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\Virus8x 0511Siggen\Virus8x 0511\(7).exe > NSIS > Script.nsi - NSIS/Injector.ABO 特洛伊木马 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\Virus8x 0511Siggen\Virus8x 0511\(8).exe - MSIL/Kryptik.OAM 特洛伊木马 的变种 - 通过删除清除 [1]
已扫描的对象数: 15
发现的威胁数: 7
已清除 对象数: 7
完成时间: 23:08:52 总扫描时间: 11 秒 (00:00:11)
备注:
[1] 由于对象中仅包含病毒主体,因此已被删除。
火绒安全---( Windows 7 Ultimate with SP1 简体中文旗舰版....):部分未知文件已发送到seclab@huorong.cn,等处理中。。。
....... ,今天全部过啦。。。。2018.5.11库
文件名称: C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus8x 0511.rar
文件大小: 2.15 MB (2,262,485 字节)
修改时间: 2018年05月11日,22:29:49
MD5: DABB0AA81B08C6F101D9B9391F028271
SHA1: DAF6733A0595473A93CFB4D03A20A1968A8F33C6
SHA256: 65F378507374BB7EDFC8EA1614D79E5BD9B4313E9A265C8B6A6E3AAE6F0B7833
SHA512: 493E5B425652E36D27E955EDF983AC857F299390425D06293672DA468BB2066F698C9B547E23E5CE7E373B5329D92B11214635488A5F5A12701B8C6F74F4C1B8
CRC32: DA53DD7C
计算时间: 0.06s
Dr.Web CureIt! 简体中文绿色免费版---(Windows 10 Creators Update(Redstone 4)....1803):
-----------------------------------------------------------------------------
Start scanning
-----------------------------------------------------------------------------
Command line used:-rpcep:\pipe\1B98D4646 -rpcpr:np
Limit the use of the computer resources to 100%
Instances used for this session: 10
Object(s) to scan:
- C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus8x 0511
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus8x 0511\(7).exe - infected with Trojan.PWS.Stealer.21240
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus8x 0511\(7).exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus8x 0511\(6).exe - infected with Trojan.MulDrop8.22696
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus8x 0511\(6).exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus8x 0511\(2).exe - is hacktool program Tool.PassView.1875
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus8x 0511\(2).exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus8x 0511\(4).exe - infected with Trojan.MulDrop8.22788
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus8x 0511\(4).exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus8x 0511\(1).exe - infected with Trojan.Siggen7.42178
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus8x 0511\(1).exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus8x 0511\(3).exe - Ok
>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus8x 0511\(5).exe - packed by UPX
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus8x 0511\(5).exe - Ok
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus8x 0511\(8).exe - infected with BackDoor.Remcos.1
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus8x 0511\(8).exe - infected
Total 3575623 bytes in 8 files scanned
Total 2 files are clean
Total 6  files are infected
Scan time is 00:00:05.572
|
楼主: Jerry.Lin
发表于 2018-5-11 20:32:24
