Today, a colleague has a problem with his computer: Opening an Excel file always prompts whether to run a macro. It is obviously a macro virus. The colleague's computer was originally equipped with ris2011. He thought ris2011 had slowed down the system and uninstalled ris2011. Let the computer crash, now the cup ......
My colleague heard that Kingsoft's drug overlord is small, fast, and doesn't need to be stuck, so I can install it.
I haven't used Kingsoft drug overlord for a long time. I just want to test it.
Download Kingsoft drug overlord from http://www.duba.net, the installation process is indeed very fast, and then the entire killing:
We can see the promotional slogan on Kingsoft's drug overlord window: "Kingsoft's drug overlord fully supports macro virus killing and immunization, and office documents are no longer worried about virus poisoning !" It makes people shine.
Unfortunately, the virus in the Excel file was not detected, and several normal program files were killed as viruses.
I found an Excel file in my colleague's computer and uploaded it to https://www.virustotal.com/on-line scanning. The result is as follows:
Sha256: |
8fc3abc66b663732836d9af342a879704ad1c8f4636488592b0dad4356af6231 |
Sha1: |
B7bcee683154aeb001a93277383ce950d094d9d6 |
MD5: |
Ab1b33ea97f92fcsc1332ecc8c6b1bf4 |
File Size: |
197.0 KB (201728 bytes) |
File Name: |
1. xls |
File Type: |
MS Excel spreadsheet |
Detection ratio: |
35/43 |
Analysis Date: |
10:28:53 UTC (0 minutes ago) |
More details
Antivirus |
Result |
Update |
Agnitum |
- |
20120929 |
AhnLab-V3 |
XF/SiC |
20120928 |
AntiVir |
X2000m/mailcab. |
20120929 |
Antiy-AVL |
- |
20120928 |
Avast |
Mx97: mailcab-C [trj] |
20120929 |
AVG |
X97m/dropper. Agent. B |
20120928 |
BitDefender |
X97m. mailcab. A @ MM |
20120929 |
Bytehero |
- |
20120918 |
Cat-quickheal |
XF. Sic. f |
20120927 |
ClamAV |
X97m. Agent |
20120928 |
Commtouch |
Heuristic-21! Vbamacro |
20120928 |
Comodo |
Worm. MSExcel. mailcab. |
20120929 |
Drweb |
W97m. keylog.1 |
20120927 |
Emsisoft |
X97.delall! Ik |
20120919 |
Esafe |
- |
20120927 |
ESET-NOD32 |
XF/SiC. h1 |
20120928 |
F-Prot |
Heuristic-20! Vbamacro |
20120926 |
F-Secure |
X97m. mailcab. A @ MM |
20120927 |
Fortinet |
X97m/agent. f @ MM |
20120929 |
Gdata |
X97m. mailcab. A @ MM |
20120929 |
Ikarus |
X97.delall |
20120929 |
Jiangmin |
XM. delall. Ra |
20120928 |
K7antivirus |
Virus |
20120928 |
Kaspersky |
Virus. MSExcel. Agent. f |
20120929 |
Kingsoft |
- |
20120925 |
McAfee |
XF/SiC. gen |
20120927 |
McAfee-GW-Edition |
XF/SiC. gen |
20120928 |
Microsoft |
Virus: XF/SiC. h |
20120926 |
Norman |
- |
20120928 |
Nprotect |
X97m. mailcab. A @ MM |
20120929 |
Panda |
W97/mailcab. |
20120929 |
Pctools |
XF. helpopy |
20120929 |
Rising |
Trojan. Script. vbs. DOLE. |
20120928 |
Sophos |
Xm97/mailcab- |
20120929 |
SUPERAntiSpyware |
- |
20120911 |
Symantec |
XF. helpopy |
20120929 |
Thehacker |
X97m/generico |
20120929 |
Totaldefense |
Mailcab. |
20120928 |
TrendMicro |
Xf_helpopy.aw |
20120929 |
TrendMicro-housecall |
Xf_helpopy.aw |
20120926 |
Vba32 |
- |
20120929 |
Vipre |
Virus. MSExcel. mailcab. A (V) |
20120928 |
ViRobot |
X97m. x97m. ecsys |
20120929 |
Sure enough, Kingsoft (Kingsoft drug overlord) won't be able to detect and kill.
Unmount Kingsoft drug overlord and install it back to rising ...... Feel at ease!