本帖最后由 小飞侠.net 于 2018-5-22 21:56 编辑
,,, X-Sec Antivirus ---(Windows 10 Creators Update(Redstone 4)....1803):
Basic Info:
---------------------
Database Version: 2018.05.19.01
Program Version: [图片]2.1.1.0
Heuristic Engine: Enabled
Cloud Engine: Enabled
Enhanced Mode: Disabled
Backup Before Resolve: Yes
Resolve Threats: Scan only
Scan Priority: Normal
---------------------
Targets:
---------------------
C:\Users\Admin\Desktop\AVtest100\Virus 5x + Modified 0520Fynloski
---------------------
2018/05/22 21:56:32 Threat Detected: C:\Users\Admin\Desktop\AVtest100\Virus 5x + Modified 0520Fynloski\Virus 5x + Modified 0520\Modified Samples\(2).exe -- [Cloud] Cloud:Trojan.Win32.Generic
2018/05/22 21:56:32 Threat Detected: C:\Users\Admin\Desktop\AVtest100\Virus 5x + Modified 0520Fynloski\Virus 5x + Modified 0520\Modified Samples\(3).exe -- [Classic] Backdoor.Win32.DarkComet.A
2018/05/22 21:56:32 Threat Detected: C:\Users\Admin\Desktop\AVtest100\Virus 5x + Modified 0520Fynloski\Virus 5x + Modified 0520\Modified Samples\(4).exe -- [Classic] Hacktool.Win32.Cobalt.A
2018/05/22 21:56:33 Threat Detected: C:\Users\Admin\Desktop\AVtest100\Virus 5x + Modified 0520Fynloski\Virus 5x + Modified 0520\Modified Samples\(5).exe -- [Cloud] Cloud:Backdoor.Win32.Generic
2018/05/22 21:56:37 Threat Detected: C:\Users\Admin\Desktop\AVtest100\Virus 5x + Modified 0520Fynloski\Virus 5x + Modified 0520\Modified Samples\(1).exe -- [Cloud] Cloud:Trojan.Win32.Generic
2018/05/22 21:56:44 Threat Detected: C:\Users\Admin\Desktop\AVtest100\Virus 5x + Modified 0520Fynloski\Virus 5x + Modified 0520\Samples\(2).exe -- [Cloud] Cloud:Trojan.Win32.Generic
2018/05/22 21:56:44 Threat Detected: C:\Users\Admin\Desktop\AVtest100\Virus 5x + Modified 0520Fynloski\Virus 5x + Modified 0520\Samples\(3).exe -- [Classic] Backdoor.Win32.DarkComet.A
2018/05/22 21:56:44 Threat Detected: C:\Users\Admin\Desktop\AVtest100\Virus 5x + Modified 0520Fynloski\Virus 5x + Modified 0520\Samples\(4).exe -- [Classic] Hacktool.Win32.Cobalt.A
2018/05/22 21:56:46 Threat Detected: C:\Users\Admin\Desktop\AVtest100\Virus 5x + Modified 0520Fynloski\Virus 5x + Modified 0520\Samples\(5).exe -- [Cloud] Cloud:Backdoor.Win32.Generic
2018/05/22 21:56:46 Threat Detected: C:\Users\Admin\Desktop\AVtest100\Virus 5x + Modified 0520Fynloski\Virus 5x + Modified 0520\Samples\(1).exe -- [Cloud] Cloud:Trojan.Win32.Generic
瑞星---(Windows 10 Creators Update(Redstone 4)....1803):云引擎(开)RDM+引擎(开)
瑞星反恶软引擎命令行扫描器(社区交流版)
编译于:Sep 22 2017 15:07:50
提示:
- 本工具供社区交流使用,请勿用于其他用途
- 本工具没有恶意软件删除、清除、隔离功能
- 本工具包含开发中的新特性,结果仅供参考
* 命令行中的选项开关:-output-json -log=C:\瑞星RDM+引擎\ScanLog_180522215105.log
* 获取恶软签名库最新版本 ...
* 下载恶软签名库配置文件 ...
* 创建恶软签名库升级组件 ...
* 计算并下载增量文件 ...
* 升级恶软签名库 ...
* 恶软签名库升级成功
* 扫描目标 : (1) C:\Users\Admin\Desktop\AVtest100\Virus 5x + Modified 0520Fynloski
* 加载恶软签名库: C:\瑞星RDM+引擎/malware.rmd
* 恶软签名库加载成功,发布序号为 4284
* 读取恶软签名库配置 ...
* 云辅助扫描组件初始化失败.
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
扫描开始: Tue May 22 21:51:33 2018
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\Virus 5x + Modified 0520Fynloski\\Virus 5x + Modified 0520\\Modified Samples\\(5).exe","infect":{"engine":"rdmk","signature":"cmRtazp5pYXkdal+mNg3/DTxHwKx","threat":"Trojan.Agent!8.B1E"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\Virus 5x + Modified 0520Fynloski\\Virus 5x + Modified 0520\\Modified Samples\\(2).exe","infect":{"engine":"rdmk","signature":"cmRtazpTZtlaBmDaw0oFyjut506E","threat":"Malware.Heuristic!ET#94%"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\Virus 5x + Modified 0520Fynloski\\Virus 5x + Modified 0520\\Samples\\(2).exe","infect":{"engine":"sha1","signature":"c2hhMTp8FIkPYnRwA6w9VZlDAvDTm4/z/g","threat":"Trojan.Kryptik!8.8"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\Virus 5x + Modified 0520Fynloski\\Virus 5x + Modified 0520\\Modified Samples\\(1).exe","infect":{"engine":"rdmk","signature":"cmRtazrXyBTbE5gObse1/M85MmKU","threat":"Trojan.Win32.Generic.19F2277B"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\Virus 5x + Modified 0520Fynloski\\Virus 5x + Modified 0520\\Samples\\(3).exe","infect":{"engine":"sha1","signature":"c2hhMTr2t3hvXUw4FFCrJVkAsfIeSy2Isg","threat":"Backdoor.Pontoeb!1.6637"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\Virus 5x + Modified 0520Fynloski\\Virus 5x + Modified 0520\\Samples\\(1).exe","infect":{"engine":"rdmk","signature":"cmRtazrXyBTbE5gObse1/M85MmKU","threat":"Trojan.Win32.Generic.19F2277B"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\Virus 5x + Modified 0520Fynloski\\Virus 5x + Modified 0520\\Modified Samples\\(4).exe","infect":{"engine":"sha1","signature":"c2hhMTpLvKr5SRSNJlzjKWsHYA/TRNzLXg","threat":"HackTool.Swrort!1.6477"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\Virus 5x + Modified 0520Fynloski\\Virus 5x + Modified 0520\\Modified Samples\\(3).exe","infect":{"engine":"rdmk","signature":"cmRtazr/+pKrwrVS1knaeZr1Wj5o","threat":"Malware.Heuristic!ET#80%"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\Virus 5x + Modified 0520Fynloski\\Virus 5x + Modified 0520\\Samples\\(5).exe","infect":{"engine":"sha1","signature":"c2hhMTqyuKR+JoYP2jVHNDykWvpMLHOzFQ","threat":"Trojan.Agent!8.B1E"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\Virus 5x + Modified 0520Fynloski\\Virus 5x + Modified 0520\\Samples\\(4).exe","infect":{"engine":"sha1","signature":"c2hhMTpXNf1wukAhceUV9gmlx/bRHAZ1NQ","threat":"HackTool.Swrort!1.6477"},"type":"scan"}
扫描结束: Tue May 22 21:51:33 2018
总扫描耗时: 0:0:685(m:s:ms)
总扫描对象: 10
总扫描文件: 10
总恶意文件: 10
有效 检出率: 100.00%
Emsisoft Emergency Kit - 版本 2018.3
上次更新: 2018/5/22 21:41:34
用户帐号: TECLAST\Admin
电脑名称: TECLAST
操作系统版本: Windows 10x64
Emsisoft Emergency Kit 绿色免费版
(已开启)加入 Emsisoft 云、更新源:测试版
Bitdefender(B)+Emsisoft(A) 双引擎
扫描设置:
扫描方式: 自定义扫描
对象: Rootkits, 内存, C:\Users\Admin\Desktop\AVtest100\Virus 5x + Modified 0520Fynloski\
检测流氓软件(PUPs): On
扫描压缩包: On
扫描邮件存档: Off
ADS数据流: On
文件扩展名过滤: Off
直接磁盘访问: Off
扫描开始于: 2018/5/22 21:48:02
C:\Users\Admin\Desktop\AVtest100\Virus 5x + Modified 0520Fynloski\Virus 5x + Modified 0520\Modified Samples\(4).exe 发现风险: Gen:Variant.Application.HackTool.CobaltStrike.1 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\Virus 5x + Modified 0520Fynloski\Virus 5x + Modified 0520\Modified Samples\(3).exe 发现风险: Trojan.Inject.AUZ (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\Virus 5x + Modified 0520Fynloski\Virus 5x + Modified 0520\Modified Samples\(2).exe 发现风险: Trojan.GenericKD.40268225 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\Virus 5x + Modified 0520Fynloski\Virus 5x + Modified 0520\Samples\(3).exe 发现风险: Trojan.Inject.AUZ (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\Virus 5x + Modified 0520Fynloski\Virus 5x + Modified 0520\Modified Samples\(5).exe 发现风险: Gen:Trojan.Heur.GZ.amX@bSrrw1m (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\Virus 5x + Modified 0520Fynloski\Virus 5x + Modified 0520\Samples\(2).exe 发现风险: Trojan.GenericKD.40268225 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\Virus 5x + Modified 0520Fynloski\Virus 5x + Modified 0520\Samples\(5).exe 发现风险: Gen:Trojan.Heur.GZ.amW@bSrrw1m (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\Virus 5x + Modified 0520Fynloski\Virus 5x + Modified 0520\Modified Samples\(1).exe 发现风险: Trojan.GenericKD.30840474 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\Virus 5x + Modified 0520Fynloski\Virus 5x + Modified 0520\Samples\(4).exe 发现风险: Gen:Variant.Application.HackTool.CobaltStrike.1 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\Virus 5x + Modified 0520Fynloski\Virus 5x + Modified 0520\Samples\(1).exe 发现风险: Trojan.GenericKD.30802895 (B) [krnl.xmd]
已扫描 1889
发现 10
扫描完成后: 2018/5/22 21:48:23
扫描时间: 0:00:21
ESET Smart Security Premium 64位(高级启发式(Y)+压缩文件(Y)+自解压加壳(Y)+DNA智能签名(Y)++(Windows 10 Creators Update(Redstone 4)....1803):
日志
正在扫描日志
检测引擎的版本: 17426P (20180522)
日期: 2018/5/22 时间: 21:44:18
已扫描的磁盘、文件夹和文件: C:\Users\Admin\Desktop\AVtest100\Virus 5x + Modified 0520Fynloski
C:\Users\Admin\Desktop\AVtest100\Virus 5x + Modified 0520Fynloski\Virus 5x + Modified 0520\Modified Samples\(1).exe - Win32/Packed.Themida 可疑应用程序 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\Virus 5x + Modified 0520Fynloski\Virus 5x + Modified 0520\Modified Samples\(2).exe - MSIL/Kryptik.NYP 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\Virus 5x + Modified 0520Fynloski\Virus 5x + Modified 0520\Modified Samples\(3).exe - Win32/Fynloski.AA 特洛伊木马 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\Virus 5x + Modified 0520Fynloski\Virus 5x + Modified 0520\Modified Samples\(4).exe - Win32/RiskWare.CobaltStrike.Beacon.A 应用程序 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\Virus 5x + Modified 0520Fynloski\Virus 5x + Modified 0520\Modified Samples\(5).exe - Win32/Agent.TCV 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\Virus 5x + Modified 0520Fynloski\Virus 5x + Modified 0520\Samples\(1).exe - Win32/Packed.Themida 可疑应用程序 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\Virus 5x + Modified 0520Fynloski\Virus 5x + Modified 0520\Samples\(2).exe - MSIL/Kryptik.NYP 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\Virus 5x + Modified 0520Fynloski\Virus 5x + Modified 0520\Samples\(3).exe - Win32/Fynloski.AA 特洛伊木马 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\Virus 5x + Modified 0520Fynloski\Virus 5x + Modified 0520\Samples\(4).exe - Win32/RiskWare.CobaltStrike.Beacon.A 应用程序 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\Virus 5x + Modified 0520Fynloski\Virus 5x + Modified 0520\Samples\(5).exe - Win32/Agent.TCV 特洛伊木马 的变种 - 通过删除清除 [1]
已扫描的对象数: 10
发现的威胁数: 10
已清除 对象数: 10
完成时间: 21:45:02 总扫描时间: 44 秒 (00:00:44)
备注:
[1] 由于对象中仅包含病毒主体,因此已被删除。
Dr.Web CureIt! 简体中文绿色免费版---( Windows 7 Ultimate with SP1 简体中文旗舰版....):
-----------------------------------------------------------------------------
Start scanning
-----------------------------------------------------------------------------
Command line used:-rpcep:\pipe\2DB50D793 -rpcpr:np
Limit the use of the computer resources to 100%
Instances used for this session: 10
Object(s) to scan:
- C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus 5x + Modified 0520
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus 5x + Modified 0520\Modified Samples\(5).exe - Ok
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus 5x + Modified 0520\Samples\(4).exe - infected with BackDoor.Meterpreter.42
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus 5x + Modified 0520\Samples\(4).exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus 5x + Modified 0520\Samples\(5).exe - Ok
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus 5x + Modified 0520\Modified Samples\(4).exe - infected with BackDoor.Meterpreter.42
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus 5x + Modified 0520\Modified Samples\(4).exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus 5x + Modified 0520\Modified Samples\(2).exe - Ok
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus 5x + Modified 0520\Modified Samples\(3).exe - infected with BackDoor.Tordev.976
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus 5x + Modified 0520\Modified Samples\(3).exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus 5x + Modified 0520\Samples\(3).exe - infected with BackDoor.Tordev.976
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus 5x + Modified 0520\Samples\(3).exe - infected
>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus 5x + Modified 0520\Samples\(1).exe - packed by FLY-CODE
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus 5x + Modified 0520\Samples\(2).exe - Ok
>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus 5x + Modified 0520\Modified Samples\(1).exe - packed by FLY-CODE
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus 5x + Modified 0520\Samples\(1).exe - Ok
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus 5x + Modified 0520\Modified Samples\(1).exe - Ok
Total 7891194 bytes in 10 files scanned
Total 6  files are clean
Total 4 files are infected
Scan time is 00:00:02.730
火绒安全---( Windows 7 Ultimate with SP1 简体中文旗舰版....):部分未知文件已发送到seclab@huorong.cn,等处理中。。。
病毒库:2018-05-22 15:22
开始时间:2018-05-22 20:57
总计用时:00:00:17
扫描对象:16个
扫描文件:10个
发现风险:2个....
已处理风险:0个
发现系统修复项:0个
处理系统修复项:0个
病毒详情
风险路径:C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus 5x + Modified 0520\Modified Samples\(3).exe, 病毒名:Backdoor/Fynloski.a, 病毒ID:[853f2ad2e234ab95], 处理结果:已忽略
风险路径:C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus 5x + Modified 0520\Samples\(3).exe, 病毒名:Backdoor/Fynloski.a, 病毒ID:[853f2ad2e234ab95], 处理结果:已忽略
文件名称: C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\Virus 5x + Modified 0520.rar
文件大小: 5.42 MB (5,687,349 字节)
修改时间: 2018年05月22日,20:55:06
MD5: 6FD18EBF13425493EF568AFDD43FDFB0
SHA1: A5EB11C570E15DA83F384BD0E6D9C0A23C015164
SHA256: 5BFCABF846DEEEEB0016483C4457FC18910A4AB739B53202D1FE40658F9C919D
SHA512: 19A931875703FFC093121E6EE25B952CC6D0EF13C6E9F5B93EF302FD33604A703402F4F782FBE3188AB8E7CD4145D16209CDEEF66F3B07FE3080732C40B6CB37
CRC32: 5FCFD446
计算时间: 0.25s
|
楼主: Jerry.Lin
发表于 2018-5-22 21:00:01