收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 #PACKAGE 0801
1234567下一页
返回列表 发新帖
楼主: Jerry.Lin
 收起左侧

[病毒样本] #PACKAGE 0801

  [复制链接]
761773275
发表于 2018-8-1 19:43:49 | 显示全部楼层
本帖最后由 761773275 于 2018-8-1 19:50 编辑

TrustPort 删除7个

C:\Users\19285\Desktop\PACKAGE 0801\0801(1).exe已感染!Trojan.GenericKD.40356746 (Xenon)已刪除
C:\Users\19285\Desktop\PACKAGE 0801\0801(11).exe已感染!AIT:Trojan.Nymeria.1050 (Xenon)刪除
C:\Users\19285\Desktop\PACKAGE 0801\0801(12).exe已感染!Gen:Variant.Strictor.169372 (Xenon)已刪除
C:\Users\19285\Desktop\PACKAGE 0801\0801(17).exe已感染!Gen:Variant.Strictor.169372 (Xenon)已刪除
C:\Users\19285\Desktop\PACKAGE 0801\0801(4).exe已感染!Gen:Variant.Ursu.260998 (Xenon)已刪除
C:\Users\19285\Desktop\PACKAGE 0801\0801(7).exe已感染!Gen:Variant.Razy.371378 (Xenon)已刪除
C:\Users\19285\Desktop\PACKAGE 0801\0801(9).exe已感染!Gen:Variant.Razy.371378 (Xenon)已刪除




本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

小飞侠.net
发表于 2018-8-1 19:45:34 | 显示全部楼层
本帖最后由 小飞侠.net 于 2018-8-1 20:42 编辑

ESET Smart Security Premium 64位(高级启发式(Y)+压缩文件(Y)+自解压加壳(Y)+DNA智能签名(Y)++(Windows 10 Creators Update(Redstone 4)....1803):

日志
正在扫描日志
检测引擎的版本: 17810P (20180801)
日期: 2018-08-01  时间: 20:29:15
已扫描的磁盘、文件夹和文件: C:\Users\Admin\Desktop\AVtest100\PACKAGE 0801Injector2001
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0801Injector2001\PACKAGE 0801\0801(1).exe - Win32/Agent.SEQ 特洛伊木马 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0801Injector2001\PACKAGE 0801\0801(10).exe > WINRARSFX > H.exe - MSIL/GenKryptik.CFPA 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0801Injector2001\PACKAGE 0801\0801(10).exe > WINRARSFX > L.exe - MSIL/GenKryptik.CFPA 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0801Injector2001\PACKAGE 0801\0801(11).exe > AUTOIT > script.bin - Win32/Injector.Autoit.DJQ 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0801Injector2001\PACKAGE 0801\0801(12).exe - Win32/Injector.DZNU 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0801Injector2001\PACKAGE 0801\0801(13).exe - MSIL/Kryptik.PCN 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0801Injector2001\PACKAGE 0801\0801(14).exe - Win32/Injector.DZNI 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0801Injector2001\PACKAGE 0801\0801(16).exe - Win32/GenKryptik.CGEF 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0801Injector2001\PACKAGE 0801\0801(17).exe - Win32/Injector.DZNU 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0801Injector2001\PACKAGE 0801\0801(2).exe - Win32/GenKryptik.CGWM 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0801Injector2001\PACKAGE 0801\0801(3).exe - Win32/Injector.DZNW 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0801Injector2001\PACKAGE 0801\0801(4).exe > INNO > {tmp}\rr.zip > ZIP > Uninstall.dll - 错误 - 文件受密码保护
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0801Injector2001\PACKAGE 0801\0801(4).exe > INNO > {tmp}\rr.zip > ZIP > _locale.nls - 错误 - 文件受密码保护
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0801Injector2001\PACKAGE 0801\0801(4).exe > INNO - Win32/Adware.FileTour.FGT 应用程序 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0801Injector2001\PACKAGE 0801\0801(5).exe - Win32/Injector.DZNS 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0801Injector2001\PACKAGE 0801\0801(6).exe - Win32/Injector.DZNS 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0801Injector2001\PACKAGE 0801\0801(7).exe - Win32/Injector.DZNS 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0801Injector2001\PACKAGE 0801\0801(8).exe - Win32/Kryptik.GJKT 特洛伊木马 的变种 - 通过删除清除 [1]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0801Injector2001\PACKAGE 0801\0801(9).exe - Win32/Injector.DZNS 特洛伊木马 的变种 - 通过删除清除 [1]
已扫描的对象数: 28
发现的威胁数: 17
已清除对象数: 17
完成时间: 20:29:41  总扫描时间: 26 秒 (00:00:26)

备注:
[1] 由于对象中仅包含病毒主体,因此已被删除。




Dr.Web CureIt! 简体中文绿色免费版---( Windows 7 Ultimate with SP1 简体中文旗舰版....):

Anti-rootkit module version ( ver: 11.5.201806181, api: 8.07 )

Using 137803332 as Dr.Web (R) Key file

Time from server is: 2018-08-01 15:16:48
Using language: "Chinese-Simplified (简体中文)"
-----------------------------------------------------------------------------
Start scanning
-----------------------------------------------------------------------------
Command line used:-rpcep:\pipe\136957FD7 -rpcpr:np

Limit the use of the computer resources to 100%
Instances used for this session: 10
Object(s) to scan:
- C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0801


C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0801\0801(1).exe - infected with Trojan.ChanitorENT.34
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0801\0801(1).exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0801\0801(14).exe - infected with Trojan.PWS.Stealer.19347
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0801\0801(14).exe - infected
>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0801\0801(10).exe is ZIP archive
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0801\0801(10).exe - Ok
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0801\0801(10).exe - archive
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0801\0801(16).exe - Ok
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0801\0801(13).exe - infected with Trojan.PWS.Stealer.19347
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0801\0801(13).exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0801\0801(15).exe - Ok
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0801\0801(3).exe - Ok
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0801\0801(12).exe - infected with BackDoor.Siggen2.2517
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0801\0801(12).exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0801\0801(8).exe - Ok
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0801\0801(7).exe - Ok
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0801\0801(17).exe - infected with BackDoor.Siggen2.2517
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0801\0801(17).exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0801\0801(2).exe - Ok
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0801\0801(9).exe - infected with Trojan.VbCrypt.150
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0801\0801(9).exe - infected
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0801\0801(6).exe - infected with Trojan.PWS.Stealer.13052
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0801\0801(6).exe - infected
>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0801\0801(11).exe is BINARYRES container
>>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0801\0801(11).exe\data001 is AUTOIT container
>>>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0801\0801(11).exe\data001\Users\BINGHERO\AppData\Local\AutoIt v3\Aut2Exe\autF85C.tmp.tok - packed by ASCRIPT
>>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0801\0801(11).exe\data002 is ZLIB container
>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0801\0801(4).exe is INNO SETUP container
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0801\0801(11).exe - container
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0801\0801(4).exe\CompiledCode.bin - infected with Trojan.Moneyinst.621
>>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0801\0801(4).exe\Script2.bin is BINARYRES container
>>C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0801\0801(4).exe\{tmp}\sski.exe is ZIP archive
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0801\0801(4).exe\{tmp}\sski.exe - Ok
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0801\0801(4).exe\1.file - Ok
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0801\0801(4).exe - infected container
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0801\0801(4).exe - infected container
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0801\0801(5).exe - infected with Trojan.PWS.Stealer.1932
C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0801\0801(5).exe - infected

Total 22381897 bytes in 17 files scanned (32 objects)
Total 8 files (22 objects) are clean
Total 9 files are infected-----低于50%,没人上传到VirusTotal!
Scan time is 00:00:02.438





火绒安全---( Windows 7 Ultimate with SP1 简体中文旗舰版....):部分未知文件已发送到seclab@huorong.cn  ,等处理中。。。

病毒库:2018-08-01 16:58
开始时间:2018-08-01 19:57
总计用时:00:00:25
扫描对象:1035个
扫描文件:17个
发现风险:2个
已处理风险:0个
发现系统修复项:0个
处理系统修复项:0个

病毒详情

风险路径:C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0801\0801(1).exe, 病毒名:HEUR:VirTool/Obfuscator.gen!B, 病毒ID:[2d18551aef762f90], 处理结果:已忽略
风险路径:C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0801\0801(11).exe, 病毒名:HVM:Trojan/Injector.a, 病毒ID:[1f561653f5b08c39], 处理结果:已忽略

文件名称: C:\Users\xfxnet2000\Desktop\MX Player Pro\175418360\145802370\479704092\AVTest100\PACKAGE 0731Obfuscator0002.zipx
文件大小: 16.0 MB (16,870,376 字节)
修改时间: 2018年08月01日,00:14:45
MD5: 6F96F8D49040208E5A20540FA890C8B3
SHA1: 6DF5E9054CFF8B3C966CD828EE7EDF41F428C582
SHA256: 918E092D78F7BDC1412AD1A316FC51E054AC973EBA9DDE6F76EC497F2DD39216
SHA512: F33D2AD057C2F30A40CFB4763D1AC6B44450723698577515301CD9DBA4D11B63F8E26BF78720E4AC828B57DCABDD5A2B1A3F02CF826F4FA104ED5006A0940D55
CRC32: 22FAD6DD
计算时间: 0.55s
Emsisoft Emergency Kit - 版本 2018.6
上次更新: 2018-08-01 20:35:05
用户帐号: TECLAST\Admin
电脑名称: TECLAST
操作系统版本: Windows 10 x64

Emsisoft Emergency Kit 绿色免费版
(已开启)加入 Emsisoft 云、更新源:测试版
    Bitdefender(B)+Emsisoft(A) 双引擎

扫描设置:

扫描方式: 自定义扫描
对象: Rootkits, C:\Users\Admin\Desktop\AVtest100\PACKAGE 0801Injector2001\

检测流氓软件(PUPs): On
扫描压缩包: On
扫描邮件存档: Off
ADS数据流: On
文件扩展名过滤: Off
直接磁盘访问: Off

扫描开始于:        2018-08-01 20:35:38
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0801Injector2001\PACKAGE 0801\0801(11).exe -> (AutoIT r) -> (AutoIT Script) -> (unicode)         发现风险: AIT:Trojan.Nymeria.1050 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0801Injector2001\PACKAGE 0801\0801(11).exe -> (AutoIT Script) -> (unicode)         发现风险: AIT:Trojan.Nymeria.1050 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0801Injector2001\PACKAGE 0801\0801(1).exe         发现风险: Trojan.GenericKD.40356746 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0801Injector2001\PACKAGE 0801\0801(14).exe         发现风险: Trojan.Injector (A) [294905]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0801Injector2001\PACKAGE 0801\0801(13).exe         发现风险: Trojan.Agent.DCNZ (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0801Injector2001\PACKAGE 0801\0801(16).exe         发现风险: Trojan.Injector (A) [294780]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0801Injector2001\PACKAGE 0801\0801(12).exe         发现风险: Gen:Variant.Strictor.169372 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0801Injector2001\PACKAGE 0801\0801(17).exe         发现风险: Gen:Variant.Strictor.169372 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0801Injector2001\PACKAGE 0801\0801(4).exe         发现风险: Gen:Variant.Ursu.260998 (B) [krnl.xmd]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0801Injector2001\PACKAGE 0801\0801(6).exe         发现风险: Trojan.Injector (A) [294905]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0801Injector2001\PACKAGE 0801\0801(7).exe         发现风险: Trojan.Injector (A) [294905]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0801Injector2001\PACKAGE 0801\0801(9).exe         发现风险: Trojan.Injector (A) [294905]
C:\Users\Admin\Desktop\AVtest100\PACKAGE 0801Injector2001\PACKAGE 0801\0801(5).exe         发现风险: Trojan.Injector (A) [294905]

已扫描        611
发现        13

扫描完成后:        2018-08-01 20:35:55
扫描时间:        0:00:17

                          ,,,                               ,,,      
瑞星---(Windows 10 Creators Update(Redstone 4)....1803):云引擎(开)RDM+引擎(开)  

                瑞星反恶软引擎命令行扫描器(社区交流版)                 


编译于:Sep 22 2017   15:07:50

提示:
  - 本工具供社区交流使用,请勿用于其他用途
  - 本工具没有恶意软件删除、清除、隔离功能
  - 本工具包含开发中的新特性,结果仅供参考

* 命令行中的选项开关:-output-json -log=C:\瑞星RDM+引擎\ScanLog_180801203918.log
* 获取恶软签名库最新版本 ...
* 下载恶软签名库配置文件 ...
* 创建恶软签名库升级组件 ...
* 计算并下载增量文件 ...
* 升级恶软签名库 ...
* 恶软签名库升级成功
* 扫描目标 : (1) C:\Users\Admin\Desktop\AVtest100\PACKAGE 0801Injector2001

* 加载恶软签名库: C:\瑞星RDM+引擎/malware.rmd
* 恶软签名库加载成功,发布序号为 4688
* 读取恶软签名库配置 ...
* 云辅助扫描组件初始化失败.
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
* 初始化引擎环境 ...
扫描开始: Wed Aug 01 20:39:38 2018

{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0801Injector2001\\PACKAGE 0801\\0801(15).exe","infect":{"engine":"md5","signature":"bWQ1OuVpMi+3s6s9hlkgIJegKLg","threat":"Dropper.Generic!8.35E"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0801Injector2001\\PACKAGE 0801\\0801(14).exe","infect":{"engine":"md5","signature":"bWQ1OrtoZ2e+FAy1xRiCCGKwgj8","threat":"Trojan.VBKrypt!8.5C0"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0801Injector2001\\PACKAGE 0801\\0801(13).exe","infect":{"engine":"rdmk","signature":"cmRtazrOspQ8hs96FqFFdi/7a1Nn","threat":"Malware.Heuristic!ET#96%"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0801Injector2001\\PACKAGE 0801\\0801(16).exe","infect":{"engine":"md5","signature":"bWQ1OkZ2ZcMdxC2YlzyB7wmmBbs","threat":"Trojan.GenKryptik!8.AA55"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0801Injector2001\\PACKAGE 0801\\0801(1).exe","infect":{"engine":"rdmk","signature":"cmRtazokM9bWym12Igubd23MJoSH","threat":"Spyware.Zbot!8.16B"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0801Injector2001\\PACKAGE 0801\\0801(11).exe","infect":{"engine":"md5","signature":"bWQ1OmH6MkfFiBXMryGDThAg7VI","threat":"Trojan.Injector!8.C4"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0801Injector2001\\PACKAGE 0801\\0801(6).exe","infect":{"engine":"md5","signature":"bWQ1OiNWuwGVDxSSHtfmTa/iLaE","threat":"Trojan.Injector!8.C4"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0801Injector2001\\PACKAGE 0801\\0801(3).exe","infect":{"engine":"md5","signature":"bWQ1OrmChhlIVGPL3aN0eYWL52c","threat":"Dropper.Generic!8.35E"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0801Injector2001\\PACKAGE 0801\\0801(2).exe","infect":{"engine":"rdmk","signature":"cmRtazpomhgLm+O3eSCEYdFEQ6O4","threat":"Trojan.Fuery!8.EAFB"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0801Injector2001\\PACKAGE 0801\\0801(8).exe","infect":{"engine":"rdmk","signature":"cmRtazoAmv0PJHdXQG15S8q4ktPx","threat":"Trojan.Fuerboos!8.EFC8"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0801Injector2001\\PACKAGE 0801\\0801(7).exe","infect":{"engine":"md5","signature":"bWQ1Oo2Qtmx91jVgnZJpLE4G+gg","threat":"Trojan.Injector!8.C4"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0801Injector2001\\PACKAGE 0801\\0801(9).exe","infect":{"engine":"md5","signature":"bWQ1OiEMh2ssx2+YbshZbdGjWK0","threat":"Trojan.Injector!8.C4"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0801Injector2001\\PACKAGE 0801\\0801(5).exe","infect":{"engine":"md5","signature":"bWQ1OnjnRioswuGHtMOqkyOkmtI","threat":"Trojan.Injector!8.C4"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0801Injector2001\\PACKAGE 0801\\0801(10).exe","infect":{"engine":"md5","signature":"bWQ1OjR6Cnafud6IK+EtaKFicVY","threat":"Dropper.Generic!8.35E"},"type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0801Injector2001\\PACKAGE 0801\\0801(17).exe","type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0801Injector2001\\PACKAGE 0801\\0801(12).exe","type":"scan"}
{"filename":"C:\\Users\\Admin\\Desktop\\AVtest100\\PACKAGE 0801Injector2001\\PACKAGE 0801\\0801(4).exe","type":"scan"}

扫描结束: Wed Aug 01 20:39:40 2018

总扫描耗时: 0:1:669(m:s:ms)
总扫描对象: 24
总扫描文件: 17
总恶意文件: 14
有效检出率: 82.35%----有人上传到[VirusTotal] ???






回复

举报

果团团
发表于 2018-8-1 19:46:57 | 显示全部楼层
191196846 发表于 2018-8-1 19:42
卡巴开受信任应用程序模式也“不错”……

哈哈哈是的是的
现在在外面,是实机呢
等明天回去要是没人的话,测测主防呀
回复

举报

Jerry.Lin
 楼主| 发表于 2018-8-1 19:47:49 | 显示全部楼层
lqlwle 发表于 2018-8-1 19:46
哈哈哈是的是的
现在在外面,是实机呢
等明天回去要是没人的话,测测主防呀

见3楼

已经有人了
回复

举报

Jerry.Lin
 楼主| 发表于 2018-8-1 19:48:33 | 显示全部楼层
761773275 发表于 2018-8-1 19:43

链接测试正常,你检查下网络设置\链接\代{过}{滤}理 问题
回复

举报

果团团
发表于 2018-8-1 19:50:21 | 显示全部楼层
191196846 发表于 2018-8-1 19:47
见3楼

已经有人了

哈哈哈那好的呢
回复

举报

EnZhSTReLniKoVa
发表于 2018-8-1 19:52:35 | 显示全部楼层
本帖最后由 君陌潇 于 2018-8-1 19:55 编辑



扫描开始时间: 2018-08-01 19:46:09
08/01/2018,19-46-12        [INFO]        FP 报告文件 'c:\users\nokutisu\desktop\新建文件夹\0801(10).exe' 的“无误报”状态
08/01/2018,19-46-12        [INFO]        c:\users\nokutisu\desktop\新建文件夹\0801(10).exe
08/01/2018,19-46-12        [INFO]        [DETECTION] file contains 'TR/Dropper.Gen'
08/01/2018,19-46-41        [INFO]        FP 报告文件 'c:\users\nokutisu\desktop\新建文件夹\0801(11).exe' 的“无误报”状态
08/01/2018,19-46-41        [INFO]        文件 'c:\users\nokutisu\desktop\新建文件夹\0801(11).exe' 已上传至 Protection Cloud 并已进行分析。 SHA256 = 79E091D92F62AF620A13F4AF3D00E5C0306FBE451EB8E3AA5E57ED13223216CC
08/01/2018,19-46-41        [INFO]        c:\users\nokutisu\desktop\新建文件夹\0801(11).exe
08/01/2018,19-46-41        [INFO]        [DETECTION] file contains 'HEUR/APC'
08/01/2018,19-47-12        [INFO]        FP 报告文件 'c:\users\nokutisu\desktop\新建文件夹\0801(12).exe' 的“无误报”状态
08/01/2018,19-47-12        [INFO]        文件 'c:\users\nokutisu\desktop\新建文件夹\0801(12).exe' 已上传至 Protection Cloud 并已进行分析。 SHA256 = C402D45B30E8A205D3A8A14309DC5AA050FF7EBC65558E4323320275C1BE49B4
08/01/2018,19-47-12        [INFO]        c:\users\nokutisu\desktop\新建文件夹\0801(12).exe
08/01/2018,19-47-12        [INFO]        [DETECTION] file contains 'DR/Delphi.Gen'
08/01/2018,19-47-13        [INFO]        FP 报告文件 'c:\users\nokutisu\desktop\新建文件夹\0801(13).exe' 的“无误报”状态
08/01/2018,19-47-13        [INFO]        c:\users\nokutisu\desktop\新建文件夹\0801(13).exe
08/01/2018,19-47-13        [INFO]        [DETECTION] file contains 'TR/ATRAPS.Gen'
08/01/2018,19-47-27        [INFO]        FP 报告文件 'c:\users\nokutisu\desktop\新建文件夹\0801(14).exe' 的“无误报”状态
08/01/2018,19-47-27        [INFO]        文件 'c:\users\nokutisu\desktop\新建文件夹\0801(14).exe' 已上传至 Protection Cloud 并已进行分析。 SHA256 = 2A4D50AEED882139362E12E12E386455D390778226820B2D551A5F72E66ABF4C
08/01/2018,19-47-27        [INFO]        c:\users\nokutisu\desktop\新建文件夹\0801(14).exe
08/01/2018,19-47-27        [INFO]        [DETECTION] file contains 'TR/Dropper.VB.2a4d50'
08/01/2018,19-47-27        [INFO]        FP 报告文件 'c:\users\nokutisu\desktop\新建文件夹\0801(15).exe' 的“无误报”状态
08/01/2018,19-47-27        [INFO]        c:\users\nokutisu\desktop\新建文件夹\0801(15).exe
08/01/2018,19-47-27        [INFO]        [DETECTION] file contains 'TR/Dropper.Gen'
08/01/2018,19-47-47        [INFO]        FP 报告文件 'c:\users\nokutisu\desktop\新建文件夹\0801(16).exe' 的“无误报”状态
08/01/2018,19-47-47        [INFO]        文件 'c:\users\nokutisu\desktop\新建文件夹\0801(16).exe' 已上传至 Protection Cloud 并已进行分析。 SHA256 = 2DD05572BBDB381063F2292D3756525E681ED2DB4F300D187C5CBB195AF112FC
08/01/2018,19-47-47        [INFO]        c:\users\nokutisu\desktop\新建文件夹\0801(16).exe
08/01/2018,19-47-47        [INFO]        [DETECTION] file contains 'TR/Kryptik.2dd055'
08/01/2018,19-48-11        [INFO]        FP 报告文件 'c:\users\nokutisu\desktop\新建文件夹\0801(17).exe' 的“无误报”状态
08/01/2018,19-48-11        [INFO]        文件 'c:\users\nokutisu\desktop\新建文件夹\0801(17).exe' 已上传至 Protection Cloud 并已进行分析。 SHA256 = 4366E6A5964A1AB7E5D8E2C235D607FFBE13B8A36DFCD8C523B6DC765481C668
08/01/2018,19-48-11        [INFO]        c:\users\nokutisu\desktop\新建文件夹\0801(17).exe
08/01/2018,19-48-11        [INFO]        [DETECTION] file contains 'DR/Delphi.4366e6'
08/01/2018,19-48-45        [INFO]        FP 报告文件 'c:\users\nokutisu\desktop\新建文件夹\0801(2).exe' 的“无误报”状态
08/01/2018,19-48-45        [INFO]        文件 'c:\users\nokutisu\desktop\新建文件夹\0801(2).exe' 已上传至 Protection Cloud 并已进行分析。 SHA256 = 2DD8087D310D45BE0777C571957415E3D13DBC952CD23D84BB9CE6BC713FB75D
08/01/2018,19-48-45        [INFO]        c:\users\nokutisu\desktop\新建文件夹\0801(2).exe
08/01/2018,19-48-45        [INFO]        [DETECTION] file contains 'TR/Crypt.ZPACK.2dd808'
08/01/2018,19-48-46        [INFO]        FP 报告文件 'c:\users\nokutisu\desktop\新建文件夹\0801(3).exe' 的“无误报”状态
08/01/2018,19-48-46        [INFO]        c:\users\nokutisu\desktop\新建文件夹\0801(3).exe
08/01/2018,19-48-46        [INFO]        [DETECTION] file contains 'TR/Dropper.Gen'
08/01/2018,19-48-47        [INFO]        FP 报告文件 'c:\users\nokutisu\desktop\新建文件夹\0801(4).exe' 的“无误报”状态
08/01/2018,19-48-47        [INFO]        文件已通过 Protection Cloud扫描。 SHA256 = c:\users\nokutisu\desktop\新建文件夹\0801(4).exe
08/01/2018,19-48-47        [INFO]        c:\users\nokutisu\desktop\新建文件夹\0801(4).exe
08/01/2018,19-48-47        [INFO]        [DETECTION] file contains 'Adware/FileTour.89cbf5'
08/01/2018,19-48-47        [INFO]        FP 报告文件 'c:\users\nokutisu\desktop\新建文件夹\0801(5).exe' 的“无误报”状态
08/01/2018,19-48-47        [INFO]        c:\users\nokutisu\desktop\新建文件夹\0801(5).exe
08/01/2018,19-48-47        [INFO]        [DETECTION] file contains 'TR/Kryptik.atbsd'
08/01/2018,19-48-48        [INFO]        FP 报告文件 'c:\users\nokutisu\desktop\新建文件夹\0801(6).exe' 的“无误报”状态
08/01/2018,19-48-48        [INFO]        文件已通过 Protection Cloud扫描。 SHA256 = c:\users\nokutisu\desktop\新建文件夹\0801(6).exe
08/01/2018,19-48-48        [INFO]        c:\users\nokutisu\desktop\新建文件夹\0801(6).exe
08/01/2018,19-48-48        [INFO]        [DETECTION] file contains 'TR/Crypt.XPACK.a5b1a9'
08/01/2018,19-48-49        [INFO]        FP 报告文件 'c:\users\nokutisu\desktop\新建文件夹\0801(7).exe' 的“无误报”状态
08/01/2018,19-48-49        [INFO]        文件已通过 Protection Cloud扫描。 SHA256 = c:\users\nokutisu\desktop\新建文件夹\0801(7).exe
08/01/2018,19-48-49        [INFO]        c:\users\nokutisu\desktop\新建文件夹\0801(7).exe
08/01/2018,19-48-49        [INFO]        [DETECTION] file contains 'TR/Crypt.XPACK.aea0ea'
08/01/2018,19-48-49        [INFO]        FP 报告文件 'c:\users\nokutisu\desktop\新建文件夹\0801(8).exe' 的“无误报”状态
08/01/2018,19-48-49        [INFO]        文件已通过 Protection Cloud扫描。 SHA256 = c:\users\nokutisu\desktop\新建文件夹\0801(8).exe
08/01/2018,19-48-49        [INFO]        c:\users\nokutisu\desktop\新建文件夹\0801(8).exe
08/01/2018,19-48-49        [INFO]        [DETECTION] file contains 'TR/Crypt.XPACK.87e1ef'
08/01/2018,19-48-50        [INFO]        FP 报告文件 'c:\users\nokutisu\desktop\新建文件夹\0801(9).exe' 的“无误报”状态
08/01/2018,19-48-50        [INFO]        文件已通过 Protection Cloud扫描。 SHA256 = c:\users\nokutisu\desktop\新建文件夹\0801(9).exe
08/01/2018,19-48-50        [INFO]        c:\users\nokutisu\desktop\新建文件夹\0801(9).exe
08/01/2018,19-48-50        [INFO]        [DETECTION] file contains 'TR/Crypt.XPACK.0f53fa'
08/01/2018,19-49-10        [INFO]        repair.rdf loaded (version: 1.0.43.38)
08/01/2018,19-49-12        [INFO]        Repair of Generic started.
08/01/2018,19-49-17        [INFO]        Repair of Generic finished successfully.
08/01/2018,19-49-17        [INFO]        Repair of TR/Dropper.Gen started.
08/01/2018,19-49-29        [INFO]        Send Mixpanel event succeed
08/01/2018,19-49-31        [ERROR]        bad conversion
08/01/2018,19-49-35        [ERROR]        Error in calling script function Repair: Runtime error. Script file is invalid!
08/01/2018,19-49-35        [ERROR]        Repair of TR/Dropper.Gen failed.
08/01/2018,19-49-35        [INFO]        c:\users\nokutisu\desktop\新建文件夹\0801(10).exe
08/01/2018,19-49-35        [INFO]        [ACTION] Clean
08/01/2018,19-49-35        [INFO]        Repair of HEUR/APC started.
08/01/2018,19-49-47        [ERROR]        bad conversion
08/01/2018,19-49-55        [INFO]        Repair of HEUR/APC finished successfully.
08/01/2018,19-49-55        [INFO]        c:\users\nokutisu\desktop\新建文件夹\0801(11).exe
08/01/2018,19-49-55        [INFO]        [ACTION] Clean
08/01/2018,19-49-55        [INFO]        Repair of DR/Delphi.Gen started.
08/01/2018,19-50-06        [ERROR]        bad conversion
08/01/2018,19-50-11        [INFO]        Repair of DR/Delphi.Gen finished successfully.
08/01/2018,19-50-11        [INFO]        c:\users\nokutisu\desktop\新建文件夹\0801(12).exe
08/01/2018,19-50-11        [INFO]        [ACTION] Clean
08/01/2018,19-50-11        [INFO]        Repair of TR/ATRAPS.Gen started.
08/01/2018,19-50-23        [INFO]        Send Mixpanel event succeed
08/01/2018,19-50-24        [ERROR]        bad conversion
08/01/2018,19-50-29        [ERROR]        Error in calling script function Repair: Runtime error. Script file is invalid!
08/01/2018,19-50-29        [ERROR]        Repair of TR/ATRAPS.Gen failed.
08/01/2018,19-50-29        [INFO]        c:\users\nokutisu\desktop\新建文件夹\0801(13).exe
08/01/2018,19-50-29        [INFO]        [ACTION] Clean
08/01/2018,19-50-29        [INFO]        Repair of TR/Dropper.VB.2a4d50 started.
08/01/2018,19-50-41        [INFO]        Send Mixpanel event succeed
08/01/2018,19-50-42        [ERROR]        bad conversion
08/01/2018,19-50-47        [ERROR]        Error in calling script function Repair: Runtime error. Script file is invalid!
08/01/2018,19-50-47        [ERROR]        Repair of TR/Dropper.VB.2a4d50 failed.
08/01/2018,19-50-47        [INFO]        c:\users\nokutisu\desktop\新建文件夹\0801(14).exe
08/01/2018,19-50-47        [INFO]        [ACTION] Clean
08/01/2018,19-50-47        [INFO]        Repair of TR/Dropper.Gen started.
08/01/2018,19-51-00        [INFO]        Send Mixpanel event succeed
08/01/2018,19-51-01        [ERROR]        bad conversion
08/01/2018,19-51-06        [ERROR]        Error in calling script function Repair: Runtime error. Script file is invalid!
08/01/2018,19-51-06        [ERROR]        Repair of TR/Dropper.Gen failed.
08/01/2018,19-51-06        [INFO]        c:\users\nokutisu\desktop\新建文件夹\0801(15).exe
08/01/2018,19-51-06        [INFO]        [ACTION] Clean
08/01/2018,19-51-06        [INFO]        Repair of TR/Kryptik.2dd055 started.
08/01/2018,19-51-19        [INFO]        Send Mixpanel event succeed
08/01/2018,19-51-20        [ERROR]        bad conversion
08/01/2018,19-51-25        [ERROR]        Error in calling script function Repair: Runtime error. Script file is invalid!
08/01/2018,19-51-25        [ERROR]        Repair of TR/Kryptik.2dd055 failed.
08/01/2018,19-51-25        [INFO]        c:\users\nokutisu\desktop\新建文件夹\0801(16).exe
08/01/2018,19-51-25        [INFO]        [ACTION] Clean
08/01/2018,19-51-25        [INFO]        Repair of DR/Delphi.4366e6 started.
08/01/2018,19-51-37        [ERROR]        bad conversion
08/01/2018,19-51-42        [INFO]        Repair of DR/Delphi.4366e6 finished successfully.
08/01/2018,19-51-42        [INFO]        c:\users\nokutisu\desktop\新建文件夹\0801(17).exe
08/01/2018,19-51-42        [INFO]        [ACTION] Clean
08/01/2018,19-51-42        [INFO]        Repair of TR/Crypt.ZPACK.2dd808 started.
08/01/2018,19-51-54        [INFO]        Send Mixpanel event succeed
08/01/2018,19-51-55        [ERROR]        bad conversion
08/01/2018,19-52-00        [ERROR]        Error in calling script function Repair: Runtime error. Script file is invalid!
08/01/2018,19-52-00        [ERROR]        Repair of TR/Crypt.ZPACK.2dd808 failed.
08/01/2018,19-52-00        [INFO]        c:\users\nokutisu\desktop\新建文件夹\0801(2).exe
08/01/2018,19-52-00        [INFO]        [ACTION] Clean
08/01/2018,19-52-00        [INFO]        Repair of TR/Dropper.Gen started.
08/01/2018,19-52-13        [INFO]        Send Mixpanel event succeed
08/01/2018,19-52-14        [ERROR]        bad conversion
08/01/2018,19-52-18        [ERROR]        Error in calling script function Repair: Runtime error. Script file is invalid!
08/01/2018,19-52-18        [ERROR]        Repair of TR/Dropper.Gen failed.
08/01/2018,19-52-18        [INFO]        c:\users\nokutisu\desktop\新建文件夹\0801(3).exe
08/01/2018,19-52-18        [INFO]        [ACTION] Clean
08/01/2018,19-52-18        [INFO]        Repair of Adware/FileTour.89cbf5 started.
08/01/2018,19-52-30        [ERROR]        bad conversion
08/01/2018,19-52-34        [ERROR]        Error in calling script function Repair: Runtime error. Script file is invalid!
08/01/2018,19-52-34        [ERROR]        Repair of Adware/FileTour.89cbf5 failed.
08/01/2018,19-52-34        [INFO]        c:\users\nokutisu\desktop\新建文件夹\0801(4).exe
08/01/2018,19-52-34        [INFO]        [ACTION] Clean
08/01/2018,19-52-35        [INFO]        Repair of TR/Kryptik.atbsd started.
08/01/2018,19-52-48        [INFO]        Send Mixpanel event succeed
08/01/2018,19-52-49        [ERROR]        bad conversion
08/01/2018,19-52-53        [ERROR]        Error in calling script function Repair: Runtime error. Script file is invalid!
08/01/2018,19-52-53        [ERROR]        Repair of TR/Kryptik.atbsd failed.
08/01/2018,19-52-53        [INFO]        c:\users\nokutisu\desktop\新建文件夹\0801(5).exe
08/01/2018,19-52-53        [INFO]        [ACTION] Clean
08/01/2018,19-52-54        [INFO]        Repair of TR/Crypt.XPACK.a5b1a9 started.
08/01/2018,19-53-06        [INFO]        Send Mixpanel event succeed
08/01/2018,19-53-08        [ERROR]        bad conversion
08/01/2018,19-53-12        [ERROR]        Error in calling script function Repair: Runtime error. Script file is invalid!
08/01/2018,19-53-12        [ERROR]        Repair of TR/Crypt.XPACK.a5b1a9 failed.
08/01/2018,19-53-12        [INFO]        c:\users\nokutisu\desktop\新建文件夹\0801(6).exe
08/01/2018,19-53-12        [INFO]        [ACTION] Clean
08/01/2018,19-53-12        [INFO]        Repair of TR/Crypt.XPACK.aea0ea started.
08/01/2018,19-53-25        [INFO]        Send Mixpanel event succeed
08/01/2018,19-53-26        [ERROR]        bad conversion
08/01/2018,19-53-31        [ERROR]        Error in calling script function Repair: Runtime error. Script file is invalid!
08/01/2018,19-53-31        [ERROR]        Repair of TR/Crypt.XPACK.aea0ea failed.
08/01/2018,19-53-31        [INFO]        c:\users\nokutisu\desktop\新建文件夹\0801(7).exe
08/01/2018,19-53-31        [INFO]        [ACTION] Clean
08/01/2018,19-53-31        [INFO]        Repair of TR/Crypt.XPACK.87e1ef started.
08/01/2018,19-53-44        [INFO]        Send Mixpanel event succeed
08/01/2018,19-53-45        [ERROR]        bad conversion
08/01/2018,19-53-49        [ERROR]        Error in calling script function Repair: Runtime error. Script file is invalid!
08/01/2018,19-53-49        [ERROR]        Repair of TR/Crypt.XPACK.87e1ef failed.
08/01/2018,19-53-49        [INFO]        c:\users\nokutisu\desktop\新建文件夹\0801(8).exe
08/01/2018,19-53-49        [INFO]        [ACTION] Clean
08/01/2018,19-53-49        [INFO]        Repair of TR/Crypt.XPACK.0f53fa started.
08/01/2018,19-54-02        [INFO]        Send Mixpanel event succeed
08/01/2018,19-54-03        [ERROR]        bad conversion
08/01/2018,19-54-08        [ERROR]        Error in calling script function Repair: Runtime error. Script file is invalid!
08/01/2018,19-54-08        [ERROR]        Repair of TR/Crypt.XPACK.0f53fa failed.
08/01/2018,19-54-08        [INFO]        c:\users\nokutisu\desktop\新建文件夹\0801(9).exe
08/01/2018,19-54-08        [INFO]        [ACTION] Clean

---------------------------------------------------------

End of scan : 2018-08-01 19:54:08
Duration : 07m:58s:734ms

The scan has been done completely.

      1 Scanned directories
      3 Scanned archives
     17 Scanned files
      0 Skipped files
      0 Ignored files
     16 Detected files
      3 Infected files cleaned
      0 Warnings

---------------------------------------------------------


本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x

评分

参与人数 1人气 +1 收起 理由
驭龙 + 1 红伞无所畏惧

查看全部评分

回复

举报

dreams521
发表于 2018-8-1 19:53:33 | 显示全部楼层
dongwenqi 发表于 2018-8-1 19:13
卡巴斯基5/17.剩余上报

下手挺快
回复

举报

dongwenqi
发表于 2018-8-1 19:54:13 | 显示全部楼层
dreams521 发表于 2018-8-1 19:53
下手挺快

之前看到没人测试,我就测了
回复

举报

dreams521
发表于 2018-8-1 19:55:49 | 显示全部楼层
dongwenqi 发表于 2018-8-1 19:54
之前看到没人测试,我就测了

双击测了?
回复

举报

下一页 »
1234567下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-6-26 08:32 , Processed in 0.210538 second(s), 16 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表