楼主: www-tekeze
收起左侧

[病毒样本] EML样本50X

[复制链接]
a233
发表于 2019-10-11 11:55:53 | 显示全部楼层
Avast扫描Kill 13X
Avast好像对这些文件的查杀不太行
a939707506
头像被屏蔽
发表于 2019-10-11 12:22:21 | 显示全部楼层
咖啡

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
nicaicaikan
发表于 2019-10-11 12:29:40 | 显示全部楼层
本帖最后由 nicaicaikan 于 2019-10-11 16:58 编辑

dr.web 48X
全扔进了隔离区
MISS 40# 50#

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
wajika
发表于 2019-10-11 12:36:40 | 显示全部楼层
F-PROT Antivirus CLS version 6.7.10.6267, 32bit (built: 2012-03-27T12-34-14)


FRISK Software International (C) Copyright 1989-2011
Engine version:   4.6.5.141
Arguments:        --adware --heurlevel=4 /opt/50X
Virus signatures: 201910110324
                  (/opt/f-prot/antivir.def)

[Found trojan] <New or modified X97M/Downldr (not disinfectable)>         /opt/50X/Samp(11).vir->S1800265072_H0088808.xls
[Contains infected objects]        /opt/50X/Samp(11).vir
[Found worm] <W32/Mydoom.M@mm (exact, not disinfectable)>         /opt/50X/Samp(10).vir->attachment.zip->ATTACHMENT.SCR
[Found worm] <W32/Mydoom.M@mm (exact, not disinfectable)>         /opt/50X/Samp(13).vir->message.pif
[Found worm] <W32/Mydoom.M@mm (exact, not disinfectable)>         /opt/50X/Samp(18).vir->hfqgbha.zip->hfqgbha.html                                .scr
[Found worm] <W32/Mydoom.M@mm (exact, not disinfectable)>         /opt/50X/Samp(2).vir->vluvhna.zip->vluvhna.txt                                                         .scr
[Found worm] <W32/Mydoom.M@mm (exact, not disinfectable)>         /opt/50X/Samp(29).vir->basel.zip->basel.scr
[Found worm] <W32/Mydoom.M@mm (exact, not disinfectable)>         /opt/50X/Samp(3).vir->mail.zip->mail.scr
[Found worm] <W32/Mydoom.M@mm (exact, not disinfectable)>         /opt/50X/Samp(34).vir->attachment.zip->attachment.html                                                                                                                                                                    .exe
[Found trojan] <New or modified X97M/Downldr (not disinfectable)>         /opt/50X/Samp(37).vir->S1800441094_H0089531.xls
[Contains infected objects]        /opt/50X/Samp(37).vir
[Found worm] <W32/Mydoom.M@mm (exact, not disinfectable)>         /opt/50X/Samp(4).vir->text.zip->text.html                                                                                .scr
[Unscannable] <File is encrypted>        /opt/50X/Samp(40).vir->Urology.zip->info_08.27.doc
[Found worm] <W32/Mydoom.M@mm (exact, not disinfectable)>         /opt/50X/Samp(42).vir->text.zip->text.pif
[Found trojan] <New or modified X97M/Downldr (not disinfectable)>         /opt/50X/Samp(45).vir->S1800409337_H0020034.xls
[Contains infected objects]        /opt/50X/Samp(45).vir
[Found trojan] <New or modified X97M/Downldr (not disinfectable)>         /opt/50X/Samp(5).vir->S1800206938_H0073474.xls
[Contains infected objects]        /opt/50X/Samp(5).vir
Scanning: \

Results:

Files: 50
Skipped files: 1
MBR/boot sectors checked: 0
Objects scanned: 270
Infected objects: 13
Infected files: 13
Files with errors: 0
Disinfected: 0

Running time: 00:01

评分

参与人数 1人气 +1 收起 理由
Jirehlov1234 + 1

查看全部评分

wajika
发表于 2019-10-11 12:41:37 | 显示全部楼层
SAVScan virus detection utility
Version 5.63.0 [Linux/AMD64]
Virus data version 5.68, September 2019
Includes detection for 41977552 viruses, Trojans and worms
Copyright (c) 1989-2019 Sophos Limited. All rights reserved.

System time 12:41:06 PM, System date 11 October 2019
Command line qualifiers are: -all -pua -archive -mime -suspicious

IDE directory is: /usr/local/sophos/lib/sav

Using IDE file dofoi-gd.ide
Using IDE file banl-csq.ide
Using IDE file spy-aya.ide
Using IDE file inje-enb.ide
Using IDE file teslaa-h.ide
Using IDE file rans-fpo.ide
Using IDE file blada-yp.ide
Using IDE file miner-up.ide
Using IDE file atmrip-b.ide
Using IDE file zbot-nnz.ide
Using IDE file steal-yv.ide
Using IDE file drid-abx.ide
Using IDE file msil-msc.ide
Using IDE file docd-vlz.ide
Using IDE file dneti-el.ide
Using IDE file fare-ist.ide
Using IDE file phis-fxg.ide
Using IDE file trikb-ek.ide
Using IDE file remco-li.ide
Using IDE file dneti-em.ide
Using IDE file encdo-mz.ide
Using IDE file hupig-xh.ide
Using IDE file puma-y.ide
Using IDE file orcusr-f.ide
Using IDE file truebo-c.ide
Using IDE file remco-lk.ide
Using IDE file apost-o.ide
Using IDE file lokib-dw.ide
Using IDE file andro-tv.ide
Using IDE file autinj-j.ide
Using IDE file miner-vb.ide
Using IDE file blada-zj.ide
Using IDE file bifro-bm.ide
Using IDE file grmasi-a.ide
Using IDE file netwi-nz.ide
Using IDE file wont-afr.ide
Using IDE file formb-by.ide
Using IDE file fare-ium.ide
Using IDE file blada-zz.ide
Using IDE file dldr-sd.ide
Using IDE file msil-mtj.ide
Using IDE file fare-iuo.ide
Using IDE file nanoc-xj.ide
Using IDE file docd-vob.ide
Using IDE file msil-mtl.ide
Using IDE file phobo-g.ide
Using IDE file vb-kme.ide
Using IDE file keylo-xh.ide
Using IDE file nukesp-d.ide
Using IDE file teslaa-k.ide
Using IDE file inje-eou.ide
Using IDE file pirpi-e.ide
Using IDE file darkc-it.ide
Using IDE file urela-ap.ide
Using IDE file bat-gp.ide
Using IDE file rans-fqc.ide
Using IDE file netwi-oa.ide
Using IDE file msil-mum.ide
Using IDE file zbot-noz.ide
Using IDE file fare-iwk.ide
Using IDE file gozi-su.ide
Using IDE file keylo-xk.ide
Using IDE file dofoi-ge.ide
Using IDE file batdrp-x.ide
Using IDE file upatr-yv.ide
Using IDE file zbot-npe.ide
Using IDE file msil-muu.ide
Using IDE file vb-kml.ide
Using IDE file msil-muv.ide
Using IDE file formb-rt.ide
Using IDE file trick-sq.ide
Using IDE file hawke-ya.ide
Using IDE file blada-af.ide
Using IDE file dneti-gz.ide
Using IDE file dofoi-gg.ide
Using IDE file emot-bgf.ide
Using IDE file emot-bgi.ide
Using IDE file emot-bgj.ide
Using IDE file formb-rv.ide
Using IDE file azoru-cg.ide
Using IDE file emot-bgl.ide
Using IDE file age-bcpy.ide
Using IDE file pdfu-hsd.ide
Using IDE file dofoi-gh.ide
Using IDE file remco-mb.ide
Using IDE file qakbo-dj.ide
Using IDE file inje-ept.ide
Using IDE file htmld-ml.ide
Using IDE file sinow-cj.ide
Using IDE file phis-gaq.ide
Using IDE file miner-vl.ide
Using IDE file cobmin-b.ide
Using IDE file emot-bhe.ide
Using IDE file blada-bd.ide
Using IDE file azden-b.ide
Using IDE file trick-sv.ide
Using IDE file xtbl-ei.ide
Using IDE file hawke-yi.ide
Using IDE file nanoc-yp.ide
Using IDE file docdr-no.ide
Using IDE file phis-gay.ide
Using IDE file inje-epx.ide
Using IDE file blada-bg.ide
Using IDE file vb-kmq.ide
Using IDE file docd-vuf.ide
Using IDE file emot-bhx.ide
Using IDE file dneti-ie.ide
Using IDE file spy-ayj.ide
Using IDE file qbot-fd.ide
Using IDE file bckd-rwg.ide
Using IDE file docd-vvm.ide
Using IDE file ryuk-v.ide
Using IDE file qakbo-dk.ide
Using IDE file trick-sx.ide
Using IDE file rtfd-alm.ide
Using IDE file docd-vwh.ide
Using IDE file drid-acd.ide
Using IDE file keylo-xu.ide
Using IDE file emot-bjo.ide
Using IDE file blada-rx.ide
Using IDE file emot-bfj.ide
Using IDE file hawke-uc.ide
Using IDE file zbot-nhi.ide
Using IDE file msil-miz.ide
Using IDE file emot-bjp.ide
Using IDE file steal-sa.ide
Using IDE file delf-hda.ide
Using IDE file phis-fjh.ide
Using IDE file htmld-kw.ide
Using IDE file nemty-c.ide
Using IDE file delf-hds.ide
Using IDE file phis-fkc.ide
Using IDE file zbot-nid.ide
Using IDE file qakbo-dl.ide
Using IDE file azoru-ck.ide
Using IDE file phorpi-o.ide
Using IDE file docd-uib.ide
Using IDE file netwi-nu.ide
Using IDE file psdl-dw.ide
Using IDE file emot-bib.ide
Using IDE file emot-bkm.ide
Using IDE file emot-bkp.ide
Using IDE file hawke-zf.ide
Using IDE file docd-urj.ide
Using IDE file keylo-xt.ide
Using IDE file offdde-j.ide
Using IDE file emot-blh.ide
Using IDE file emot-bli.ide
Using IDE file phis-gcp.ide
Using IDE file msil-mxy.ide
Using IDE file dneti-jc.ide
Using IDE file msil-mxz.ide
Using IDE file nanoc-pg.ide
Using IDE file azoru-cm.ide
Using IDE file lokib-du.ide
Using IDE file hawke-zi.ide
Using IDE file formb-sj.ide
Using IDE file fare-iyd.ide
Using IDE file emot-blq.ide
Using IDE file azoru-cq.ide
Using IDE file steal-we.ide
Using IDE file teslaa-r.ide
Using IDE file bank-gys.ide
Using IDE file formb-sl.ide
Using IDE file vb-kmp.ide
Using IDE file retefe-p.ide
Using IDE file wont-afq.ide
Using IDE file nemty-d.ide
Using IDE file teslaa-y.ide
Using IDE file emot-bms.ide

Quick Scanning

>>> Virus 'Troj/DocPh-HA' found in file /opt/50X/Samp(11).vir/S1800265072_H0088808.xls
>>> Virus 'W32/MyDoom-N' found in file /opt/50X/Samp(10).vir/attachment.zip/ATTACHMENT.SCR
>>> Virus 'W32/MyDoom-N' found in file /opt/50X/Samp(10).vir/attachment.zip
>>> Virus 'W32/MyDoom-N' found in file /opt/50X/Samp(13).vir/message.pif
>>> Virus 'W32/MyDoom-N' found in file /opt/50X/Samp(18).vir/hfqgbha.zip/hfqgbha.html                                .scr
>>> Virus 'W32/MyDoom-N' found in file /opt/50X/Samp(18).vir/hfqgbha.zip
>>> Virus 'W32/MyDoom-N' found in file /opt/50X/Samp(2).vir/vluvhna.zip/vluvhna.txt                                                         .scr
>>> Virus 'W32/MyDoom-N' found in file /opt/50X/Samp(2).vir/vluvhna.zip
>>> Virus 'W32/MyDoom-N' found in file /opt/50X/Samp(29).vir/basel.zip/basel.scr
>>> Virus 'W32/MyDoom-N' found in file /opt/50X/Samp(29).vir/basel.zip
>>> Virus 'W32/MyDoom-N' found in file /opt/50X/Samp(3).vir/mail.zip/mail.scr
>>> Virus 'W32/MyDoom-N' found in file /opt/50X/Samp(3).vir/mail.zip
>>> Virus 'W32/MyDoom-N' found in file /opt/50X/Samp(34).vir/attachment.zip/attachment.html                                                                                                                                                                    .exe
>>> Virus 'W32/MyDoom-N' found in file /opt/50X/Samp(34).vir/attachment.zip
>>> Virus 'Troj/DocPh-HA' found in file /opt/50X/Samp(37).vir/S1800441094_H0089531.xls
>>> Virus 'W32/MyDoom-N' found in file /opt/50X/Samp(4).vir/text.zip/text.html                                                                                .scr
>>> Virus 'W32/MyDoom-N' found in file /opt/50X/Samp(4).vir/text.zip
Password protected file /opt/50X/Samp(40).vir/Urology.zip/info_08.27.doc
>>> Virus 'W32/MyDoom-N' found in file /opt/50X/Samp(42).vir/text.zip/text.pif
>>> Virus 'W32/MyDoom-N' found in file /opt/50X/Samp(42).vir/text.zip
>>> Virus 'Troj/DocPh-HA' found in file /opt/50X/Samp(45).vir/S1800409337_H0020034.xls
>>> Virus 'Troj/DocPh-HA' found in file /opt/50X/Samp(5).vir/S1800206938_H0073474.xls

50 files scanned in 16 seconds.
1 error was encountered.
21 viruses were discovered.
No PUAs were discovered.
13 files out of 50 were infected.
If you need further advice regarding any detections please visit our
Threat Center at: http://www.sophos.com/en-us/threat-center.aspx
1 encrypted file was not checked.
End of Scan.
wajika
发表于 2019-10-11 12:42:37 | 显示全部楼层
F-Secure Anti-Virus CLI version 1.0  build 0069

Scan started at Fri Oct 11 12:42:17 2019
Database version: 2019-10-10_01

[/opt/50X/Samp(11).vir] [From <<dgl.billing@dhl.com> (DHL)>][Subject:DHL DOCUMENTS; BL, CI; S1800265072_H0088808]S1800265072_H0088808.xls: Infected: Malware.X2000M/Agent.54950 [Aquarius]
[/opt/50X/Samp(10).vir] [From "Post Office" <postmaster@documentfoundation.org>][Subject:Returned mail: Data format error]attachment.zip: Infected: Trojan-Downloader:W32/Kavala.B [FSE]
[/opt/50X/Samp(10).vir] [From "Post Office" <postmaster@documentfoundation.org>][Subject:Returned mail: Data format error]attachment.zip: Infected: Worm.WORM/Agent [Aquarius]
[/opt/50X/Samp(10).vir] [[From "Post Office" <postmaster@documentfoundation.org>][Subject:Returned mail: Data format error]attachment.zip] [1] ATTACHMENT.SCR: Infected: Email-Worm:W32/Mydoom.gen!A [FSE]
[/opt/50X/Samp(10).vir] [[From "Post Office" <postmaster@documentfoundation.org>][Subject:Returned mail: Data format error]attachment.zip] [1] ATTACHMENT.SCR: Infected: Worm.WORM/Mydoom.L.1 [Aquarius]
[/opt/50X/Samp(12).vir] [[From "FedEx  Inc." <fedex@southcentraltexasrealestate.com>][Subject:Tracking number from FedEx]19682233186_816934201.zip] [1] 19682233186_816934201.vbs: Infected: Worm:VBS/Njw0rm.B [FSE]
[/opt/50X/Samp(13).vir] [From specialsavings@specialsavings.com][Subject:MESSAGE COULD NOT BE DELIVERED]message.pif: Infected: Email-Worm:W32/Mydoom.gen!A [FSE]
[/opt/50X/Samp(13).vir] [From specialsavings@specialsavings.com][Subject:MESSAGE COULD NOT BE DELIVERED]message.pif: Infected: Worm.WORM/Mydoom.L.1 [Aquarius]
[/opt/50X/Samp(15).vir] [[From "FedEx " <fedex@southcentraltexasrealestate.com>][Subject:Waybill number from FedEx]19682233186_816934201.zip] [1] 19122774418_796211866.vbs: Infected: Worm:VBS/Njw0rm.B [FSE]
[/opt/50X/Samp(16).vir] [[From "FedEx  Inc." <fedex@southcentraltexasrealestate.com>][Subject:Track from FedEx]19682233186_816934201.zip] [1] 19682233186_816934201.vbs: Infected: Worm:VBS/Njw0rm.B [FSE]
[/opt/50X/Samp(17).vir] [[From "FedEx Services" <fedex@southcentraltexasrealestate.com>][Subject:Tracking from FedEx]19122774418_796211866.zip] [1] 19122774418_796211866.vbs: Infected: Worm:VBS/Njw0rm.B [FSE]
[/opt/50X/Samp(18).vir] [From brian.kelk@cl.cam.ac.uk][Subject:Mail System Error - Returned Mail]hfqgbha.zip: Infected: Trojan:W32/Kavala.PI [FSE]
[/opt/50X/Samp(18).vir] [From brian.kelk@cl.cam.ac.uk][Subject:Mail System Error - Returned Mail]hfqgbha.zip: Infected: Trojan-Downloader:W32/Kavala.B [FSE]
[/opt/50X/Samp(18).vir] [From brian.kelk@cl.cam.ac.uk][Subject:Mail System Error - Returned Mail]hfqgbha.zip: Infected: Worm.WORM/Agent [Aquarius]
[/opt/50X/Samp(18).vir] [[From brian.kelk@cl.cam.ac.uk][Subject:Mail System Error - Returned Mail]hfqgbha.zip] [1] hfqgbha.html                                .scr: Infected: Email-Worm:W32/Mydoom.gen!A [FSE]
[/opt/50X/Samp(18).vir] [[From brian.kelk@cl.cam.ac.uk][Subject:Mail System Error - Returned Mail]hfqgbha.zip] [1] hfqgbha.html                                .scr: Infected: Worm.WORM/Mydoom.L.1 [Aquarius]
[/opt/50X/Samp(19).vir] [[From "FedEx Services Inc." <fedex@southcentraltexasrealestate.com>][Subject:Track from FedEx]19682233186_816934201.zip] [1] 19682233186_816934201.vbs: Infected: Worm:VBS/Njw0rm.B [FSE]
[/opt/50X/Samp(2).vir] [From "Mail Delivery Subsystem" <noreply@pobox.com>][Subject:RETURNED MAIL: SEE TRANSCRIPT FOR DETAILS]vluvhna.zip: Infected: Trojan:W32/Kavala.PI [FSE]
[/opt/50X/Samp(2).vir] [From "Mail Delivery Subsystem" <noreply@pobox.com>][Subject:RETURNED MAIL: SEE TRANSCRIPT FOR DETAILS]vluvhna.zip: Infected: Trojan-Downloader:W32/Kavala.B [FSE]
[/opt/50X/Samp(2).vir] [From "Mail Delivery Subsystem" <noreply@pobox.com>][Subject:RETURNED MAIL: SEE TRANSCRIPT FOR DETAILS]vluvhna.zip: Infected: Worm.WORM/Agent [Aquarius]
[/opt/50X/Samp(2).vir] [[From "Mail Delivery Subsystem" <noreply@pobox.com>][Subject:RETURNED MAIL: SEE TRANSCRIPT FOR DETAILS]vluvhna.zip] [1] vluvhna.txt                                                         .scr: Infected: Email-Worm:W32/Mydoom.gen!A [FSE]
[/opt/50X/Samp(2).vir] [[From "Mail Delivery Subsystem" <noreply@pobox.com>][Subject:RETURNED MAIL: SEE TRANSCRIPT FOR DETAILS]vluvhna.zip] [1] vluvhna.txt                                                         .scr: Infected: Worm.WORM/Mydoom.L.1 [Aquarius]
[/opt/50X/Samp(24).vir] [[From "FedEx  Inc." <fedex@southcentraltexasrealestate.com>][Subject:Waybill number from FedEx]19122774418_796211866.zip] [1] 19122774418_796211866.vbs: Infected: Worm:VBS/Njw0rm.B [FSE]
[/opt/50X/Samp(27).vir] [[From "FedEx  Inc." <fedex@southcentraltexasrealestate.com>][Subject:Track from FedEx]19682233186_816934201.zip] [1] 19682233186_816934201.vbs: Infected: Worm:VBS/Njw0rm.B [FSE]
[/opt/50X/Samp(28).vir] [[From "FedEx  Inc." <fedex@southcentraltexasrealestate.com>][Subject:Tracking number from FedEx]30222256575_820099259.zip] [1] 30222256575_820099259.vbs: Infected: Worm:VBS/Njw0rm.B [FSE]
[/opt/50X/Samp(29).vir] [From "Automatic Email Delivery Software" <postmaster@protonmail.ch>]basel.zip: Infected: Trojan-Downloader:W32/Kavala.B [FSE]
[/opt/50X/Samp(29).vir] [From "Automatic Email Delivery Software" <postmaster@protonmail.ch>]basel.zip: Infected: Worm.WORM/Agent [Aquarius]
[/opt/50X/Samp(29).vir] [[From "Automatic Email Delivery Software" <postmaster@protonmail.ch>]basel.zip] [1] basel.scr: Infected: Email-Worm:W32/Mydoom.gen!A [FSE]
[/opt/50X/Samp(29).vir] [[From "Automatic Email Delivery Software" <postmaster@protonmail.ch>]basel.zip] [1] basel.scr: Infected: Worm.WORM/Mydoom.L.1 [Aquarius]
[/opt/50X/Samp(3).vir] [From ira_kim_2012@mail.ru][Subject:Returned mail: Data format error]mail.zip: Infected: Trojan-Downloader:W32/Kavala.B [FSE]
[/opt/50X/Samp(3).vir] [From ira_kim_2012@mail.ru][Subject:Returned mail: Data format error]mail.zip: Infected: Worm.WORM/Agent [Aquarius]
[/opt/50X/Samp(3).vir] [[From ira_kim_2012@mail.ru][Subject:Returned mail: Data format error]mail.zip] [1] mail.scr: Infected: Email-Worm:W32/Mydoom.gen!A [FSE]
[/opt/50X/Samp(3).vir] [[From ira_kim_2012@mail.ru][Subject:Returned mail: Data format error]mail.zip] [1] mail.scr: Infected: Worm.WORM/Mydoom.L.1 [Aquarius]
[/opt/50X/Samp(30).vir] [[From "FedEx " <fedex@southcentraltexasrealestate.com>][Subject:Track from FedEx]19122774418_796211866.zip] [1] 19122774418_796211866.vbs: Infected: Worm:VBS/Njw0rm.B [FSE]
[/opt/50X/Samp(32).vir] [[From "FedEx Services" <fedex@southcentraltexasrealestate.com>][Subject:Tracking number from FedEx]30222256575_820099259.zip] [1] 30222256575_820099259.vbs: Infected: Worm:VBS/Njw0rm.B [FSE]
[/opt/50X/Samp(34).vir] [From "Post Office" <postmaster@apache.org>][Subject:Returned mail: Data format error]attachment.zip: Infected: Trojan:W32/Kavala.PI [FSE]
[/opt/50X/Samp(34).vir] [From "Post Office" <postmaster@apache.org>][Subject:Returned mail: Data format error]attachment.zip: Infected: Worm.WORM/Agent [Aquarius]
[/opt/50X/Samp(34).vir] [[From "Post Office" <postmaster@apache.org>][Subject:Returned mail: Data format error]attachment.zip] [1] attachment.html                                                                                                                                                                    .exe: Infected: Email-Worm:W32/Mydoom.gen!A [FSE]
[/opt/50X/Samp(34).vir] [[From "Post Office" <postmaster@apache.org>][Subject:Returned mail: Data format error]attachment.zip] [1] attachment.html                                                                                                                                                                    .exe: Infected: Worm.WORM/Mydoom.L.1 [Aquarius]
[/opt/50X/Samp(36).vir] [[From "FedEx " <fedex@southcentraltexasrealestate.com>][Subject:Waybill number from FedEx]19682233186_816934201.zip] [1] 19682233186_816934201.vbs: Infected: Worm:VBS/Njw0rm.B [FSE]
[/opt/50X/Samp(37).vir] [From <dgu.billing@dhl.com> (DHL)][Subject:DHL DOCUMENTS; BL, CI; S1800441094_H0089531]S1800441094_H0089531.xls: Infected: Malware.X2000M/Agent.54950 [Aquarius]
[/opt/50X/Samp(38).vir] [[From "FedEx Services Inc." <fedex@southcentraltexasrealestate.com>][Subject:Track from FedEx]30222256575_820099259.zip] [1] 30222256575_820099259.vbs: Infected: Worm:VBS/Njw0rm.B [FSE]
[/opt/50X/Samp(4).vir] [From newsletter-noreply@qq.com][Subject:Mail System Error - Returned Mail]text.zip: Infected: Trojan:W32/Kavala.PI [FSE]
[/opt/50X/Samp(4).vir] [From newsletter-noreply@qq.com][Subject:Mail System Error - Returned Mail]text.zip: Infected: Trojan-Downloader:W32/Kavala.B [FSE]
[/opt/50X/Samp(4).vir] [From newsletter-noreply@qq.com][Subject:Mail System Error - Returned Mail]text.zip: Infected: Worm.WORM/Agent [Aquarius]
[/opt/50X/Samp(4).vir] [[From newsletter-noreply@qq.com][Subject:Mail System Error - Returned Mail]text.zip] [1] text.html                                                                                .scr: Infected: Email-Worm:W32/Mydoom.gen!A [FSE]
[/opt/50X/Samp(4).vir] [[From newsletter-noreply@qq.com][Subject:Mail System Error - Returned Mail]text.zip] [1] text.html                                                                                .scr: Infected: Worm.WORM/Mydoom.L.1 [Aquarius]
[/opt/50X/Samp(41).vir] [[From "FedEx " <fedex@southcentraltexasrealestate.com>][Subject:Track from FedEx]19682233186_816934201.zip] [1] 19122774418_796211866.vbs: Infected: Worm:VBS/Njw0rm.B [FSE]
[/opt/50X/Samp(42).vir] [From "Returned mail" <postmaster@translate.org.za>][Subject:Returned mail: Data format error]text.zip: Infected: Worm.WORM/Agent [Aquarius]
[/opt/50X/Samp(42).vir] [[From "Returned mail" <postmaster@translate.org.za>][Subject:Returned mail: Data format error]text.zip] [1] text.pif: Infected: Email-Worm:W32/Mydoom.gen!A [FSE]
[/opt/50X/Samp(42).vir] [[From "Returned mail" <postmaster@translate.org.za>][Subject:Returned mail: Data format error]text.zip] [1] text.pif: Infected: Worm.WORM/Mydoom.L.1 [Aquarius]
[/opt/50X/Samp(44).vir] [[From "FedEx Services Inc." <fedex@southcentraltexasrealestate.com>][Subject:Tracking from FedEx]19682233186_816934201.zip] [1] 19122774418_796211866.vbs: Infected: Worm:VBS/Njw0rm.B [FSE]
[/opt/50X/Samp(45).vir] [From DHL <dgp.billing@dhl.com>][Subject:DHL DOCUMENTS; BL, CI; S1800409337_H0020034]S1800409337_H0020034.xls: Infected: Malware.X2000M/Agent.54950 [Aquarius]
[/opt/50X/Samp(46).vir] [[From "FedEx  Inc." <fedex@southcentraltexasrealestate.com>][Subject:Track from FedEx]19682233186_816934201.zip] [1] 19682233186_816934201.vbs: Infected: Worm:VBS/Njw0rm.B [FSE]
[/opt/50X/Samp(47).vir] [[From "FedEx Services" <fedex@southcentraltexasrealestate.com>][Subject:Tracking from FedEx]19122774418_796211866.zip] [1] 19122774418_796211866.vbs: Infected: Worm:VBS/Njw0rm.B [FSE]
[/opt/50X/Samp(48).vir] [[From "FedEx Services" <fedex@southcentraltexasrealestate.com>][Subject:Track from FedEx]30222256575_820099259.zip] [1] 30222256575_820099259.vbs: Infected: Worm:VBS/Njw0rm.B [FSE]
[/opt/50X/Samp(5).vir] [From <<dgk.billing@dhl.com> (DHL)>][Subject:DHL DOCUMENTS; BL, CI; S1800206938_H0073474]S1800206938_H0073474.xls: Infected: Malware.X2000M/Agent.54950 [Aquarius]
[/opt/50X/Samp(50).vir] [From grady@northcoast.com][Subject:Message could not be delivered]message.exe: Infected: Worm.WORM/Mydoom.L [Aquarius]
[/opt/50X/Samp(6).vir] [[From "FedEx " <fedex@southcentraltexasrealestate.com>][Subject:Tracking from FedEx]19682233186_816934201.zip] [1] 19122774418_796211866.vbs: Infected: Worm:VBS/Njw0rm.B [FSE]
[/opt/50X/Samp(7).vir] [[From "FedEx " <fedex@southcentraltexasrealestate.com>][Subject:Tracking from FedEx]30222256575_820099259.zip] [1] 30222256575_820099259.vbs: Infected: Worm:VBS/Njw0rm.B [FSE]
[/opt/50X/Samp(8).vir] [[From "FedEx " <fedex@southcentraltexasrealestate.com>][Subject:Tracking from FedEx]30222256575_820099259.zip] [1] 30222256575_820099259.vbs: Infected: Worm:VBS/Njw0rm.B [FSE]
[/opt/50X/Samp(9).vir] [[From "FedEx  Inc." <fedex@southcentraltexasrealestate.com>][Subject:Tracking number from FedEx]19682233186_816934201.zip] [1] 19682233186_816934201.vbs: Infected: Worm:VBS/Njw0rm.B [FSE]

Scan ended at Fri Oct 11 12:42:23 2019
50 files scanned
35 files infected
www-tekeze
 楼主| 发表于 2019-10-11 15:57:14 | 显示全部楼层
a233 发表于 2019-10-11 11:55
Avast扫描Kill 13X
Avast好像对这些文件的查杀不太行

SEP很亮眼,杀48X而且全部修复,企业版原因?不清楚NS怎么样。。。发帖时的截图,牛逼!

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
无语~
发表于 2019-10-11 16:04:51 | 显示全部楼层
连comodo都能杀42个
www-tekeze
 楼主| 发表于 2019-10-11 16:06:47 | 显示全部楼层
无语~ 发表于 2019-10-11 16:04
连comodo都能杀42个

有木有修复,说说。。


无语~
发表于 2019-10-11 16:08:44 | 显示全部楼层
www-tekeze 发表于 2019-10-11 16:06
有木有修复,说说。。

没有修复,对comodo的杀毒别太抱希望
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-3-29 01:46 , Processed in 0.098480 second(s), 15 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表