今天上午一位網友跟我說,他通過電子郵箱的給客戶發的excel檔案,隨後客戶反映該excel檔案包含病毒。這位網友用電腦中裝的360殺毒軟體對該excel檔案進行了掃描,結果360殺毒軟體沒有提示發現病毒。
前兩天正好看到一則題為《五款安全軟體巨集病毒查殺修複效果橫評測試》的資訊,文中稱在純淨的Windows 7平台上用20個被巨集病毒感染的Office文檔樣本(包括DOC與XLS檔案)對360殺毒、NOD32、卡巴斯基、金山毒霸、瑞星五款殺毒軟體進行了巨集病毒查殺修複評測,最後得出的結論是:
綜合此次測試結果,擁有單獨的巨集病毒查殺引擎的360殺毒4.0版的表現最為出眾,不僅能有效查殺寄生在Office文檔中的巨集病毒,還能修複染毒文檔恢複正常使用,這對普通使用者來說非常的實用。老牌殺毒廠商卡巴斯基的表現也很不俗,特別是在病毒查殺方面。金山與瑞星兩家國內老牌殺軟還則需要在巨集病毒查殺上多下功夫了。
我還來從來見過360殺毒軟體檢測出寵病毒的,對這個測試結論相當驚訝。於是讓網友把該excel檔案通過QQ傳了過來,我電腦中的瑞星全功能版(23.00.76.73)監控沒有反應。於是將該excel檔案加密碼壓縮備份,然後右擊該excel檔案,使用瑞星殺毒,結果如下:
查殺記錄為:
發現並清除了Trojan.Script.VBS.Dole.a和Trojan.Script.VBS.Dole.e。
讓網友把360殺毒軟體卸掉,裝上瑞星殺毒軟體全面掃描,結果在一堆excel檔案中發現並清除了寵病毒……
今晚為了把帶毒檔案上傳到virustotal上測試,我從壓縮檔中解壓帶毒的excel檔案,這次瑞星監控有反應了:
只好把瑞星監控關掉,再解壓上傳,掃描結果如下:
https://www.virustotal.com/file/a48b0dc978971f9ed4434a5f1c18f0723c3215a4b067b045b05ba5d9875fff0f/analysis/1355146758/
| SHA256: | a48b0dc978971f9ed4434a5f1c18f0723c3215a4b067b045b05ba5d9875fff0f |
| SHA1: | e03574768c8838c1a87c8fd60c2f7ceef7ce51de |
| MD5: | a7dae86ec4d15fcab9c2f5081d9bbe5a |
| File size: | 84.0 KB ( 86016 bytes ) |
| File name: | 1.xls |
| File type: | MS Excel Spreadsheet |
| Detection ratio: | 33 / 44 |
| Analysis date: | 2012-12-10 13:39:18 UTC ( 0 分鐘 ago ) |
| Antivirus | Result | Update |
|---|---|---|
| ViRobot | X97M.X97M.Ecsys | 20121210 |
| VIPRE | Virus.MSExcel.Mailcab.a (v) | 20121210 |
| VBA32 | - | 20121210 |
| TrendMicro-HouseCall | TROJ_GEN.F47V0914 | 20121210 |
| TrendMicro | X97M_OLEMAL.A | 20121210 |
| TotalDefense | Mailcab.A | 20121210 |
| TheHacker | X97M/Generico | 20121210 |
| Symantec | XM.Mailcab@mm | 20121210 |
| SUPERAntiSpyware | - | 20121210 |
| Sophos | XM97/MailCab-A | 20121210 |
| Rising | Trojan.Script.VBS.Dole.a | 20121210 |
| Panda | X97M/Mailcab.b | 20121210 |
| nProtect | X97M.Mailcab.A@mm | 20121210 |
| Norman | - | 20121209 |
| NANO-Antivirus | Virus.Macro.Agent.ssfat | 20121210 |
| MicroWorld-eScan | - | 20121210 |
| Microsoft | Virus:X97M/Mailcab.A | 20121210 |
| McAfee | X97M/Generic@MM | 20121210 |
| Malwarebytes | - | 20121210 |
| Kingsoft | - | 20121210 |
| Kaspersky | Virus.MSExcel.Agent.f | 20121210 |
| K7AntiVirus | Virus | 20121208 |
| Jiangmin | XM.DelAll.ra | 20121210 |
| Ikarus | X97.DelAll | 20121210 |
| GData | X97M.Mailcab.A@mm | 20121210 |
| Fortinet | X97M/Agent.F@mm | 20121210 |
| F-Secure | X97M.Mailcab.A@mm | 20121210 |
| F-Prot | X97M/MailCab.A | 20121210 |
| ESET-NOD32 | X97M/Mailcab.A | 20121210 |
| eSafe | - | 20121205 |
| Emsisoft | X97M.Mailcab.A@mm (B) | 20121210 |
| DrWeb | W97M.Keylog.1 | 20121210 |
| Comodo | Worm.MSExcel.Mailcab.A | 20121210 |
| Commtouch | X97M/MailCab.A | 20121210 |
| ClamAV | X97M.Agent | 20121210 |
| CAT-QuickHeal | - | 20121210 |
| ByteHero | - | 20121130 |
| BitDefender | X97M.Mailcab.A@mm | 20121210 |
| AVG | X97M/Dropper.Agent.B | 20121210 |
| Avast | MX97:Dropper-F [Trj] | 20121210 |
| Antiy-AVL | - | 20121204 |
| AntiVir | X2000M/Mailcab.A | 20121210 |
| AhnLab-V3 | X97M/Ecsys | 20121210 |
| Agnitum | - | 20121209 |
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
