本帖最后由 小飞侠.net 于 2018-5-23 23:03 编辑
X-Sec Antivirus ---(Windows 10 Creators Update(Redstone 4)....1803):
Basic Info:
---------------------
Database Version: 2018.05.21.01
Program Version: [图片]2.1.1.0
Heuristic Engine: Enabled
Cloud Engine: Enabled
Enhanced Mode: Disabled
Backup Before Resolve: Yes
Resolve Threats: Scan only
Scan Priority: Normal
---------------------
Targets:
---------------------
C:\Users\Admin\Desktop\AVtest100\jdwd180521Generic
---------------------
2018/05/23 23:01:50 Threat Detected: C:\Users\Admin\Desktop\AVtest100\jdwd180521Generic\jdwd180521\180521-2-Backdoor.Strictor.exe.infected -- [Cloud] Cloud:Trojan.Win32.Generic
2018/05/23 23:01:50 Threat Detected: C:\Users\Admin\Desktop\AVtest100\jdwd180521Generic\jdwd180521\180521-1-VBA.Powershell.doc.infected -- [Cloud] Cloud:Macro.MSWord.Downloader
2018/05/23 23:01:50 Threat Detected: C:\Users\Admin\Desktop\AVtest100\jdwd180521Generic\jdwd180521\180521-3-Backdoor.Socelars.exe.infected -- [Classic] [图片]Trojan.Win32.Agent.AR
2018/05/23 23:01:51 Threat Detected: C:\Users\Admin\Desktop\AVtest100\jdwd180521Generic\jdwd180521\180521-5-VBA.Powershell.doc.infected -- [Cloud] Cloud:Macro.MSWord.Downloader
2018/05/23 23:01:51 Threat Detected: C:\Users\Admin\Desktop\AVtest100\jdwd180521Generic\jdwd180521\180521-4-Backdoor.Hokelambert.exe.infected -- [Cloud] Cloud:Backdoor.Win32.Generic
2018/05/23 23:01:52 Threat Detected: C:\Users\Admin\Desktop\AVtest100\jdwd180521Generic\jdwd180521\180521-6-Backdoor.Xow4.exe.infected -- [Cloud] Cloud:Backdoor.Win32.Generic
2018/05/23 23:01:53 Threat Detected: C:\Users\Admin\Desktop\AVtest100\jdwd180521Generic\jdwd180521\modifed\modifed.180521-2-Backdoor.Strictor.exe.infected -- [Cloud] Cloud:Trojan.Win32.Generic
2018/05/23 23:01:53 Threat Detected: C:\Users\Admin\Desktop\AVtest100\jdwd180521Generic\jdwd180521\modifed\modifed.180521-3-Backdoor.Socelars.exe.infected -- [Classic] [图片]Trojan.Win32.Agent.AR
2018/05/23 23:01:55 Threat Detected: C:\Users\Admin\Desktop\AVtest100\jdwd180521Generic\jdwd180521\modifed\modifed.180521-4-Backdoor.Hokelambert.exe.infected -- [Cloud] Cloud:Backdoor.Win32.Generic
2018/05/23 23:01:57 Threat Detected: C:\Users\Admin\Desktop\AVtest100\jdwd180521Generic\jdwd180521\modifed\modifed.180521-6-Backdoor.Xow4.exe.infected -- [Cloud] Cloud:Backdoor.Win32.Generic
瑞星---(Windows 10 Creators Update(Redstone 4)....1803):云引擎(开)RDM+引擎(开)
瑞星反恶软引擎命令行扫描器(社区交流版)
编译于:Sep 22 2017 15:07:50
提示:
- 本工具供社区交流使用,请勿用于其他用途
- 本工具没有恶意软件删除、清除、隔离功能
- 本工具包含开发中的新特性,结果仅供参考
* 命令行中的选项开关:-output-json -log=C:\瑞星RDM+引擎\ScanLog_180523225519.log
* 获取恶软签名库最新版本 ...
* 下载恶软签名库配置文件 ...
* 创建恶软签名库升级组件 ...
* 计算并下载增量文件 ...
* 升级恶软签名库 ...
* 恶软签名库升级成功
* 扫描目标 : (1) C:\Users\Admin\Desktop\AVtest100\jdwd180521Generic
* 加载恶软签名库: C:\瑞星RDM+引擎/malware.rmd
* 恶软签名库加载成功,发布序号为 4289
* 读取恶软签名库配置 ...
* 云辅助扫描组件初始化失败.
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
扫描开始: Wed May 23 22:55:32 2018
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\jdwd180521Generic\\jdwd180521\\180521-4-Backdoor.Hokelambert.exe.infected","infect":{"engine":"sha1","signature":"c2hhMTofvjKNI9BXXYFwnDVlY8eLIDrgqw","threat":"Trojan.Kryptik!8.8"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\jdwd180521Generic\\jdwd180521\\180521-3-Backdoor.Socelars.exe.infected","infect":{"engine":"sha1","signature":"c2hhMTpSGnMyrQm0gBV5hp98oyDGF7yFdg","threat":"Spyware.Socelars!8.EBE4"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\jdwd180521Generic\\jdwd180521\\180521-6-Backdoor.Xow4.exe.infected","infect":{"engine":"sha1","signature":"c2hhMTqFjwc5rU2/TM8uNKSUmOTphCVo4w","threat":"Trojan.Agentb!8.F8"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\jdwd180521Generic\\jdwd180521\\modifed\\modifed.180521-2-Backdoor.Strictor.exe.infected","infect":{"engine":"sha1","signature":"c2hhMTqEFIsc0idUrUP56PC0/YtNDu33rQ","threat":"Malware.Undefined!8.C"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\jdwd180521Generic\\jdwd180521\\180521-2-Backdoor.Strictor.exe.infected","infect":{"engine":"sha1","signature":"c2hhMTrkcKG/4E/nfHMG31bu7htF22tOuw","threat":"Malware.Undefined!8.C"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\jdwd180521Generic\\jdwd180521\\modifed\\modifed.180521-4-Backdoor.Hokelambert.exe.infected","infect":{"engine":"sha1","signature":"c2hhMTryblMAofUZXgj+s8orQuev2YlSaA","threat":"Trojan.Kryptik!8.8"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\jdwd180521Generic\\jdwd180521\\modifed\\modifed.180521-3-Backdoor.Socelars.exe.infected","infect":{"engine":"sha1","signature":"c2hhMTqk2sabAg+3YxlR6o6l/KZ32/WCCw","threat":"Spyware.Socelars!8.EBE4"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\jdwd180521Generic\\jdwd180521\\modifed\\modifed.180521-6-Backdoor.Xow4.exe.infected","infect":{"engine":"rdmk","signature":"cmRtazqPNMT4AkotIrrUDMTfBO9H","threat":"Trojan.Agentb!8.F8"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\jdwd180521Generic\\jdwd180521\\180521-7-Backdoor.Avialance.exe.infected","infect":{"engine":"sha1","signature":"c2hhMTp4DbZCByjpSE061j+30UEKaydwaw","threat":"Trojan.Tiggre!8.ED98"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\jdwd180521Generic\\jdwd180521\\modifed\\modifed.180521-7-Backdoor.Avialance.exe.infected","infect":{"engine":"sha1","signature":"c2hhMTp2Ge0KDIukN4ApguAtHSqWuLdKDQ","threat":"Trojan.Fuerboos!8.EFC8"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\jdwd180521Generic\\jdwd180521\\180521-1-VBA.Powershell.doc.infected","infect":{"engine":"topis","signature":"VcNmICzPcdS","threat":"Downloader.Agent!8.B23"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\jdwd180521Generic\\jdwd180521\\180521-5-VBA.Powershell.doc.infected","infect":{"engine":"topis","signature":"BEdVVFpeC1O","threat":"Downloader.Agent!8.B23"},"type":"scan"}
扫描结束: Wed May 23 22:55:33 2018
总扫描耗时: 0:1:236(m:s:ms)
总扫描对象: 14
总扫描文件: 12
总恶意文件: 12
有效检出率: 100.00%
Emsisoft Emergency Kit - 版本 2018.3
上次更新: 2018/5/23 21:42:24
用户帐号: TECLAST\Admin
电脑名称: TECLAST
操作系统版本: Windows 10x64
Emsisoft Emergency Kit 绿色免费版
(已开启)加入 Emsisoft 云、更新源:测试版
Bitdefender(B)+Emsisoft(A) 双引擎
扫描设置:
扫描方式: 自定义扫描
对象: Rootkits, 内存, C:\Users\Admin\Desktop\AVtest100\jdwd180521Generic\
检测流氓软件(PUPs): On
扫描压缩包: On
扫描邮件存档: Off
ADS数据流: On
文件扩展名过滤: Off
直接磁盘访问: Off
扫描开始于: 2018/5/23 22:43:36
C:\Users\Admin\Desktop\AVtest100\jdwd180521Generic\jdwd180521\180521-1-VBA.Powershell.doc.infected 发现风险: VB:Trojan.Valyria.1776 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\jdwd180521Generic\jdwd180521\180521-5-VBA.Powershell.doc.infected 发现风险: VB:Trojan.Valyria.1776 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\jdwd180521Generic\jdwd180521\180521-2-Backdoor.Strictor.exe.infected 发现风险: Gen:Variant.Jaik.24161 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\jdwd180521Generic\jdwd180521\180521-3-Backdoor.Socelars.exe.infected 发现风险: Gen:Variant.Adware.ConvertAD.1396 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\jdwd180521Generic\jdwd180521\modifed\modifed.180521-2-Backdoor.Strictor.exe.infected 发现风险: Trojan.GenericKD.30843992 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\jdwd180521Generic\jdwd180521\180521-6-Backdoor.Xow4.exe.infected 发现风险: Trojan.GenericKD.30843099 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\jdwd180521Generic\jdwd180521\modifed\modifed.180521-4-Backdoor.Hokelambert.exe.infected 发现风险: Trojan.GenericKD.30838561 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\jdwd180521Generic\jdwd180521\modifed\modifed.180521-6-Backdoor.Xow4.exe.infected 发现风险: Trojan.GenericKD.30843099 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\jdwd180521Generic\jdwd180521\180521-4-Backdoor.Hokelambert.exe.infected 发现风险: Trojan.GenericKD.30838561 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\jdwd180521Generic\jdwd180521\modifed\modifed.180521-3-Backdoor.Socelars.exe.infected 发现风险: Gen:Variant.Adware.ConvertAD.1396 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\jdwd180521Generic\jdwd180521\180521-7-Backdoor.Avialance.exe.infected 发现风险: Gen:Variant.Ursu.194549 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\jdwd180521Generic\jdwd180521\modifed\modifed.180521-7-Backdoor.Avialance.exe.infected 发现风险: Gen:Variant.Barys.53803 (B) [krnl.xmd]
已扫描 1832
发现 12
扫描完成后: 2018/5/23 22:44:21
扫描时间: 0:00:45
ESET Smart Security Premium 64位(高级启发式(Y)+压缩文件(Y)+自解压加壳(Y)+DNA智能签名(Y)++(Windows 10 Creators Update(Redstone 4)....1803):
日志
正在扫描日志
检测引擎的版本: 17432P (20180523)
日期: 2018/5/23 时间: 22:38:27
已扫描的磁盘、文件夹和文件: C:\Users\Admin\Desktop\AVtest100\jdwd180521Generic
C:\Users\Admin\Desktop\AVtest100\jdwd180521Generic\jdwd180521\180521-1-VBA.Powershell.doc.infected - VBA/TrojanDownloader.Agent.IIM 特洛伊木马 - 已清除
C:\Users\Admin\Desktop\AVtest100\jdwd180521Generic\jdwd180521\180521-2-Backdoor.Strictor.exe.infected - Generik.DHGVZKC 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\jdwd180521Generic\jdwd180521\180521-3-Backdoor.Socelars.exe.infected - Win32/Spy.Socelars.G 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\jdwd180521Generic\jdwd180521\180521-4-Backdoor.Hokelambert.exe.infected - MSIL/Kryptik.ODU 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\jdwd180521Generic\jdwd180521\180521-5-VBA.Powershell.doc.infected - VBA/TrojanDownloader.Agent.IIF 特洛伊木马 - 已清除
C:\Users\Admin\Desktop\AVtest100\jdwd180521Generic\jdwd180521\180521-6-Backdoor.Xow4.exe.infected - Generik.MMZNHYL 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\jdwd180521Generic\jdwd180521\180521-7-Backdoor.Avialance.exe.infected - MSIL/Packed.Confuser.J 可疑应用程序 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\jdwd180521Generic\jdwd180521\modifed\modifed.180521-3-Backdoor.Socelars.exe.infected - Win32/Spy.Socelars.G 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\jdwd180521Generic\jdwd180521\modifed\modifed.180521-4-Backdoor.Hokelambert.exe.infected - MSIL/Kryptik.ODU 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\jdwd180521Generic\jdwd180521\modifed\modifed.180521-7-Backdoor.Avialance.exe.infected - MSIL/Packed.Confuser.J 可疑应用程序 的变种 - 通过删除清除 [1]
已扫描的对象数: 12
发现的威胁数: 10
已清除 对象数: 10
完成时间: 22:38:51 总扫描时间: 24 秒 (00:00:24)
备注:
[1] 由于对象中仅包含病毒主体,因此已被删除。
Dr.Web CureIt! 简体中文绿色免费版---( Windows 7 Ultimate with SP1 简体中文旗舰版....):
-----------------------------------------------------------------------------
Start scanning
-----------------------------------------------------------------------------
Command line used:-rpcep:\pipe\2197D95DD -rpcpr:np
Limit the use of the computer resources to 100%
Instances used for this session: 10
Object(s) to scan:
- C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180521Generic
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180521Generic\jdwd180521\180521-1-VBA.Powershell.doc.infected - infected with W97M.DownLoader.2736
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180521Generic\jdwd180521\180521-1-VBA.Powershell.doc.infected - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180521Generic\jdwd180521\modifed\modifed.180521-4-Backdoor.Hokelambert.exe.infected - infected with Trojan.MulDrop8.23716
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180521Generic\jdwd180521\modifed\modifed.180521-4-Backdoor.Hokelambert.exe.infected - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180521Generic\jdwd180521\180521-4-Backdoor.Hokelambert.exe.infected - infected with Trojan.MulDrop8.23716
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180521Generic\jdwd180521\180521-4-Backdoor.Hokelambert.exe.infected - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180521Generic\jdwd180521\modifed\modifed.180521-2-Backdoor.Strictor.exe.infected - Ok
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180521Generic\jdwd180521\180521-5-VBA.Powershell.doc.infected - Ok
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180521Generic\jdwd180521\180521-3-Backdoor.Socelars.exe.infected - Ok
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180521Generic\jdwd180521\180521-2-Backdoor.Strictor.exe.infected - Ok
>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180521Generic\jdwd180521\180521-6-Backdoor.Xow4.exe.infected - packed by FLY-CODE
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180521Generic\jdwd180521\modifed\modifed.180521-3-Backdoor.Socelars.exe.infected - Ok
>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180521Generic\jdwd180521\modifed\modifed.180521-6-Backdoor.Xow4.exe.infected - packed by FLY-CODE
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180521Generic\jdwd180521\180521-6-Backdoor.Xow4.exe.infected - Ok
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180521Generic\jdwd180521\modifed\modifed.180521-6-Backdoor.Xow4.exe.infected - Ok
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180521Generic\jdwd180521\180521-7-Backdoor.Avialance.exe.infected - Ok
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180521Generic\jdwd180521\modifed\modifed.180521-7-Backdoor.Avialance.exe.infected - Ok
Total 4432830 bytes in 12 files scanned
Total 9 files are clean
Total  3 files are infected
Scan time is 00:00:00.833
火绒安全---( Windows 7 Ultimate with SP1 简体中文旗舰版....):部分未知文件已发送到seclab@huorong.cn,等处理中。。。
文件名称: C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180521.7z
文件大小: 1.47 MB (1,551,294 字节)
修改时间: 2018年05月23日,21:56:04
MD5: 264FC6CB5D5DEAEB4B71C18621479D9D
SHA1: CDDAEEB42A3F7C93358BCFE5E9F51BD56C875F58
SHA256: 0B6B26B4DB83FFC4269358BB539AC349FBFB170045674D517F145ACFBAB87E51
SHA512: F1E6E7FE7DD5C0EBB2C5EDDD6DC7F3DF641D7682D1068F1F87976F8D647D648093BAD100D686ECA81363DF885C2B9315966CBB0E060546358B5F782F29ED87CE
CRC32: 6849822C
计算时间: 0.05s
病毒库:2018-05-23 16:41
开始时间:2018-05-23 21:58
总计用时:00:00:12
扫描对象:16个
扫描文件:12个
发现风险 :8个
已处理风险:0个
发现系统修复项:0个
处理系统修复项:0个
病毒详情
风险路径:C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180521\180521-1-VBA.Powershell.doc.infected, 病毒名:Trojan/Generic!68863A5E3570DF51, 病毒ID:[68863a5e3570df51], 处理结果:已忽略
风险路径:C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180521\180521-5-VBA.Powershell.doc.infected, 病毒名:Trojan/Generic!E13051611A6F8ADD, 病毒ID:[e13051611a6f8add], 处理结果:已忽略
风险路径:C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180521\180521-4-Backdoor.Hokelambert.exe.infected, 病毒名:Trojan/Generic!139D1C1F27683E3A, 病毒ID:[139d1c1f27683e3a], 处理结果:已忽略
风险路径:C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180521\180521-7-Backdoor.Avialance.exe.infected, 病毒名:Trojan/Generic!F38BC2E2E54D8CCE, 病毒ID:[f38bc2e2e54d8cce], 处理结果:已忽略
风险路径:C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180521\180521-3-Backdoor.Socelars.exe.infected, 病毒名:TrojanDownloader/Socelars.a, 病毒ID:[a194df1a081fd5d3], 处理结果:已忽略
风险路径:C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180521\modifed\modifed.180521-3-Backdoor.Socelars.exe.infected, 病毒名:TrojanDownloader/Socelars.a, 病毒ID:[a194df1a081fd5d3], 处理结果:已忽略
风险路径:C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180521\modifed\modifed.180521-4-Backdoor.Hokelambert.exe.infected, 病毒名:Trojan/Generic!C27CAC85C0CF2F0F, 病毒ID:[c27cac85c0cf2f0f], 处理结果:已忽略
风险路径:C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\jdwd180521\modifed\modifed.180521-7-Backdoor.Avialance.exe.infected, 病毒名:Trojan/Generic!100B9288CD8FB199, 病毒ID:[100b9288cd8fb199], 处理结果:已忽略
|
楼主: 神龟Turmi
[复制链接]
发表于 2018-5-22 10:11:20
