x2 (2023-01-26)

kuroandsan

1. 扫描开始：        2023/1/26 20:36:08
   
2. D:\Download\vir\2\1.iso -> Invoice_97157.vbs         发现风险： VB:Trojan.Valyria.7861 (B) [krnl.xmd]
   
3. D:\Download\vir\2\2.iso -> Invoice_20928.vbs         发现风险： VB:Trojan.Valyria.7861 (B) [krnl.xmd]

复制代码

Eset小粉絲

VBS/TrojanDropper.Agent.PCS trojan

expected version: 26650.

a2340145

金山毒霸MISS

aboringman

Avast：2（但应该是因为恶意文件在压缩包里，所以没有办法处理了？？？？？？后来尝试打开那些iso文件，触发IDP全部处理了）

1. D:\测试专用\2\1.iso|>Invoice_97157.vbs [L] Script:SNH-gen [Trj] (0)
   
2. While moving file to chest, error occurred: Error 0x0000A47F
   
3. D:\测试专用\2\2.iso|>Invoice_20928.vbs [L] Script:SNH-gen [Trj] (0)
   
4. While moving file to chest, error occurred: Error 0x0000A47F

复制代码

1. 
   
2. <ChestId>00000114</ChestId>
   
3. 
   
4. <FileTime>1674759778</FileTime>
   
5. 
   
6. <OrigFileName>1.iso</OrigFileName>
   
7. 
   
8. <OrigFolder>D:\测试专用\2</OrigFolder>
   
9. 
   
10. <Comment/>
    
11. 
    
12. <Virus>IDP.Generic.fa3a9b975c2a.3.2</Virus>
    
13. 
    
14. <Category>Vir</Category>
    
15. 
    
16. <Restore>yes</Restore>
    
17. 
    
18. <TransferTime>1674759778</TransferTime>
    
19. 
    
20. <FileSize>290816</FileSize>
    
21. 
    
22. <Viruses>IDP.Generic.fa3a9b975c2a.3.2</Viruses>
    
23. 
    
24. <SupportExceptions>yes</SupportExceptions>
    
25. 
    
26. <SendToAnalysis>yes</SendToAnalysis>
    
27. 
    
28. </ChestEntry>
    
29. 
    
30. 
    
31. -<ChestEntry>
    
32. 
    
33. <ChestId>00000115</ChestId>
    
34. 
    
35. <FileTime>1674759801</FileTime>
    
36. 
    
37. <OrigFileName>2.iso</OrigFileName>
    
38. 
    
39. <OrigFolder>D:\测试专用\2</OrigFolder>
    
40. 
    
41. <Comment/>
    
42. 
    
43. <Virus>IDP.Generic.1649b879a199.3.2</Virus>
    
44. 
    
45. <Category>Vir</Category>
    
46. 
    
47. <Restore>yes</Restore>
    
48. 
    
49. <TransferTime>1674759801</TransferTime>
    
50. 
    
51. <FileSize>290816</FileSize>
    
52. 
    
53. <Viruses>IDP.Generic.1649b879a199.3.2</Viruses>
    
54. 
    
55. <SupportExceptions>yes</SupportExceptions>
    
56. 
    
57. <SendToAnalysis>yes</SendToAnalysis>

复制代码

GDHJDSYDH

MD一扫miss，过了一会儿二扫kill

Jerry.Lin

drweb scan miss

petr0vic

您好，火绒暂不支持iso格式文件的识别，感谢您的反馈。

wwwab

petr0vic 发表于 2023-1-27 18:35

It means unpacking and scanning of iso files is not supported (Не поддерживается распаковка и сканирование файлов ISO)

iso file is usually used to store the system image, so they are often huge. For such extreme compression formats, there are usually many antivirus software that do not support unpacking and scanning, because it wastes resources and time. And even all compressed package files will not be scanned by WiseVector at present. However, all types of compressed package files, including iso files, must be decompressed to run the files in them, and anti-virus software can monitor them for processing at this time, so as long as the files in them can be detected, there will be no risk. You can manually decompress them to test the anti-virus software.

nikonikoni

GDHJDSYDH 发表于 2023-1-27 09:00
MD一扫miss，过了一会儿二扫kill

其实直接把vbs从iso里拖出来就能直接杀了

网名丢失

火绒MISS