A netizen told me this morning that the Excel file he sent to the customer via email was then reported by the customer that the Excel file contains viruses. The user scanned the Excel file with the 360 antivirus software installed on the computer. As a result, the 360 antivirus software did not prompt to discover the virus.
Two days ago, I saw a piece of information entitled "five security software macro virus detection and repair effect horizontal evaluation test, 20 samples of office documents infected with macro virus (including Doc and XLS files) on the pure Windows 7 Platform) we tested and tested the five antivirus software: 360 antivirus software, NOD32, Kaspersky, Kingsoft antivirus software, and rising star. The final conclusion is:
Based on the results of this test, the 360 antivirus version with a separate macro virus detection and removal engine is the most outstanding. It not only effectively detects and removes macro viruses in office documents, it can also repair the exposure document and resume normal use, which is very practical for common users. Kaspersky, the old anti-virus manufacturer, also performed well, especially in virus detection and removal. Kingsoft and rising's two old-fashioned targets in China also need to work harder on macro virus detection and removal.
I have also seen 360 anti-virus software detect the virus, and I was surprised by this test conclusion. So I asked a netizen to upload the Excel file via QQ. The full-featured version of rising in my computer (23.00.76.73) did not respond. Then, compress the Excel file with a password, right-click the Excel file, and use Rising Antivirus. The result is as follows:
The scan and removal records are as follows:
Trojan. Script. vbs. DOLE. A and Trojan. Script. vbs. DOLE. e are found and cleared.
Let the netizens unload the 360 antivirus software and install the Rising antivirus software for Comprehensive scanning. The results showed that the virus had been cleared in a pile of Excel files ......
To upload the files with viruses to virustotal for testing tonight, I decompressed the Excel files with viruses from the compressed files. This time, rising monitoring responded:
We had to turn the rising monitoring off, decompress the upload, And the scan results are as follows:
Https://www.virustotal.com/file/a48b0dc978971f9ed4434a5f1c18f0723c3215a4b067b045b05ba5d9875fff0f/analysis/1355146758/
Sha256: |
Bytes |
Sha1: |
E03574768c8838c1a87c8fd60c2f7ceef7ce51de |
MD5: |
A7dae86ec4d15fcab9c2f5081d9bbe5a |
File Size: |
84.0 KB (86016 bytes) |
File Name: |
1. xls |
File Type: |
MS Excel spreadsheet |
Detection ratio: |
33/44 |
Analysis Date: |
2012-12-10 13:39:18 UTC (0 minutes ago) |
Antivirus |
Result |
Update |
ViRobot |
X97m. x97m. ecsys |
20121210 |
Vipre |
Virus. MSExcel. mailcab. A (V) |
20121210 |
Vba32 |
- |
20121210 |
TrendMicro-housecall |
Troj_gen.f47v0914 |
20121210 |
TrendMicro |
X97m_olemal.a |
20121210 |
Totaldefense |
Mailcab. |
20121210 |
Thehacker |
X97m/generico |
20121210 |
Symantec |
XM. mailcab @ MM |
20121210 |
SUPERAntiSpyware |
- |
20121210 |
Sophos |
Xm97/mailcab- |
20121210 |
Rising |
Trojan. Script. vbs. DOLE. |
20121210 |
Panda |
X97m/mailcab. B |
20121210 |
Nprotect |
X97m. mailcab. A @ MM |
20121210 |
Norman |
- |
20121209 |
Nano-Antivirus |
Virus. Macro. Agent. ssfat |
20121210 |
Microworld-Escan |
- |
20121210 |
Microsoft |
Virus: x97m/mailcab. |
20121210 |
McAfee |
X97m/generic @ MM |
20121210 |
Malwarebytes |
- |
20121210 |
Kingsoft |
- |
20121210 |
Kaspersky |
Virus. MSExcel. Agent. f |
20121210 |
K7antivirus |
Virus |
20121208 |
Jiangmin |
XM. delall. Ra |
20121210 |
Ikarus |
X97.delall |
20121210 |
Gdata |
X97m. mailcab. A @ MM |
20121210 |
Fortinet |
X97m/agent. f @ MM |
20121210 |
F-Secure |
X97m. mailcab. A @ MM |
20121210 |
F-Prot |
X97m/mailcab. |
20121210 |
ESET-NOD32 |
X97m/mailcab. |
20121210 |
Esafe |
- |
20121205 |
Emsisoft |
X97m. mailcab. A @ MM (B) |
20121210 |
Drweb |
W97m. keylog.1 |
20121210 |
Comodo |
Worm. MSExcel. mailcab. |
20121210 |
Commtouch |
X97m/mailcab. |
20121210 |
ClamAV |
X97m. Agent |
20121210 |
Cat-quickheal |
- |
20121210 |
Bytehero |
- |
20121130 |
BitDefender |
X97m. mailcab. A @ MM |
20121210 |
AVG |
X97m/dropper. Agent. B |
20121210 |
Avast |
Mx97: dropper-f [trj] |
20121210 |
Antiy-AVL |
- |
20121204 |
AntiVir |
X2000m/mailcab. |
20121210 |
AhnLab-V3 |
X97m/ecsys |
20121210 |
Agnitum |
- |
20121209 |