红伞误报收集站
若发现误报(无论是网页误报还是文件误报),请按照以下方式回帖,让红伞更完美:
[quote]文件名/软件名
误报名
下载地址/链接地址(如有的话)
附件(方便上传的话)
是否上报:已上报/未上报
上报分析结果[/quote]
[b]上报得到分析回复后再将回复结果贴出[/b]
[color=red]贴出误报分析结果的伞友将得到经验奖励。[/color]
[quote]PS.
1.[b]欢迎伞友承包误报上报[/b],详情如下:
a.仅上报没有人上报的误报样本(已经上报的就不必了)
b.需要有较强的毅力,能坚持上报
c.得到上报回复后将分析结果贴出
d.坚持上报的伞友每月将有50经验奖励
有意者请PM伞区版主
2.[b]可疑及误报样本上报详解[/b] by jimmyleo [url=http://bbs.kafan.cn/viewthread.php?tid=50650]点击查看[/url]
3.[b]此贴禁止发布误报外的任何内容,否则一律删除[/quote][/b]
[[i] 本帖最后由 yimike 于 2008-4-21 11:55 编辑 [/i]] 文件名/软件名: 大智慧的HSHOOK.dll
误报名 : MALWARE
下载地址/链接地址: 东北证券的大智慧完全版C
是否上报: 已上报
上报分析结果:
Thank you for your submission. Below you can see the current status of the uploaded files.
We received the following archive files:
File ID Filename Size (Byte) Result
3805588 4839f81c.qua 38.28 KB OK
A listing of files contained inside archives alongside their results can be found below:
File ID Filename Size (Byte) Result
3655412 4839f81c.vir 38 KB MALWARE
Please find a detailed report concerning each individual sample below:
Filename Result
4839f81c.vir MALWARE
The file '4839f81c.vir' has been determined to be 'MALWARE'. Our analysts named the threat HEUR/Malware. This malware is detected by a special detection routine from the engine module.已被确定为'恶意软件'
Please note that you will receive an email which will contain the results shown above. In case the final outcome of the analysis is not yet finished for all files the notification will be sent once ready. 文件名/软件名: 大智慧的PYDLL.dll
误报名 : MALWARE
下载地址/链接地址: 东北证券的大智慧完全版C
是否上报: 已上报
上报分析结果:
Thank you for your submission. Below you can see the current status of the uploaded files.
We received the following archive files:
File ID Filename Size (Byte) Result
3805585 4835f80d.qua 138.28 KB OK
A listing of files contained inside archives alongside their results can be found below:
File ID Filename Size (Byte) Result
3804281 4835f80d.vir 138 KB FALSE POSITIVE
Please find a detailed report concerning each individual sample below:
Filename Result
4835f80d.vir FALSE POSITIVE
The file '4835f80d.vir' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection will be removed from our virus definition file (VDF) with one of the next updates.这意味着,这个文件是没有恶意的,但只是虚惊一场。检测将被删除.
Please note that you will receive an email which will contain the results shown above. In case the final outcome of the analysis is not yet finished for all files the notification will be sent once ready. 文件名/软件名:WinUpdatelist.exe
误报名 :MALWARE
是否上报:已上报
上报分析结果:
Dear Sir or Madam,
Thank you for your email to Avira's virus lab.
Tracking number: INC00135038.
We received the following archive files:
File ID Filename Size (Byte) Result
3805588 4839f81c.qua 38.28 KB OK
A listing of files contained inside archives alongside their results can be found below:
File ID Filename Size (Byte) Result
3655412 4839f81c.vir 38 KB MALWARE
Please find a detailed report concerning each individual sample below:
Filename Result
4839f81c.vir MALWARE
The file '4839f81c.vir' has been determined to be 'MALWARE'. Our analysts named the threat HEUR/Malware. This malware is detected by a special detection routine from the engine module.
Alternatively you can see the analysis result here:
http://analysis.avira.com/samples/details.php?uniqueid=BIkhrVxZ2EvyS4EcwV1jFrTttKVABkx1&incidentid=135038
An overview of all your submissions can be found here:
http://analysis.avira.com/samples/details.php?uniqueid=BIkhrVxZ2EvyS4EcwV1jFrTttKVABkx1
Please note: The detection of Spy/Adware is not available in the product "AntiVir PersonalEdition Classic". Please address specific questions to support@avira.com
Kind regards
Avira Virus Lab
---------------------------------------------
Avira GmbH
Lindauer Str. 21, D-88069 Tettnang, Germany
Phone: +49 (0) 7542-500 0
Fax: +49 (0) 7542-525 10
Internet: http://www.avira.com
CEO: Tjark Auerbach
Headquarter: Tettnang
Commercial register: AG Ulm HRB 630992
--------------------------------------------- 文件名/软件名: 企业之星的update.dll
误报名 : MALWARE
是否上报: 已上报
上报分析结果:
Thank you for your submission. Below you can see the current status of the uploaded files.
We received the following archive files:
File ID Filename Size (Byte) Result
3805588 4839f81c.qua 92.36 KB OK
A listing of files contained inside archives alongside their results can be found below:
File ID Filename Size (Byte) Result
3655412 4839f81c.vir 92.36KB MALWARE
Please find a detailed report concerning each individual sample below:
Filename Result
4839f81c.vir MALWARE
The file '4839f81c.vir' has been determined to be 'MALWARE'. Our analysts named the threat HEUR/Malware. This malware is detected by a special detection routine from the engine module
Please note that you will receive an email which will contain the results shown above. In case the final outcome of the analysis is not yet finished for all files the notification will be sent once ready. 文件名/软件名:NEWordAddin.dll/NoteExpress v1.9.3.198
误报名:is TR/Crypt.xpack.gen Trojan horse ?
下载地址/链接地址(如有的话):[url]http://www.scinote.com/support/cgi-bin/download_sch.cgi?code=SXDZKJDX[/url]
附件(方便上传的话)[attach]250622[/attach]
[attach]250623[/attach]
[attach]250624[/attach]
[attach]250625[/attach]
[attach]250626[/attach]
[attach]250627[/attach][attach]250628[/attach][attach]250629[/attach]
是否上报:未上报上报分析结果
回复 6楼 sice 的帖子
Dear Sir or Madam,Thank you for your email to Avira's virus lab.
Tracking number: INC00143526.
A listing of files alongside their results can be found below:
File ID 燜ilename Size (Byte) Result
25001470 NEWordAddin.dll 2.39 MB FALSE POSITIVE
Please find a detailed report concerning each individual sample below:
燜ilename Result
NEWordAddin.dll FALSE POSITIVE
The file 'NEWordAddin.dll' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection will be removed from our virus definition file (VDF) with one of the next updates. 文件名:cmdow.exe pskill.exe
是否上报:未上报
回复 8楼 geforce 的帖子
确认,这种报法无误File ID Filename Size (Byte) Result
25013876 cmdow.exe 18 KB MALWARE
218854 pskill.exe 92 KB MALWARE
Please find a detailed report concerning each individual sample below:
Filename Result
cmdow.exe MALWARE
The file 'cmdow.exe' has been determined to be 'MALWARE'. Our analysts named the threat SPR/HideWindows.I. The term "SPR/" ("Security or Privacy Risk") denotes a program that might possibly be able to affect the security of your system, might trigger activities you might not want or might violate your privacy.Detection is added to our virus definition file (VDF) starting with version 6.34.00.141.
Filename Result
pskill.exe MALWARE
The file 'pskill.exe' has been determined to be 'MALWARE'. Our analysts named the threat APPL/PsKill.E. The term APPL/ denotes an application of dubious origin or which might be hazardous to use.Detection is added to our virus definition file (VDF) starting with version 6.37.00.216.
[[i] 本帖最后由 无尽藏海 于 2008-5-10 10:18 编辑 [/i]]
回复 9楼 无尽藏海 的帖子
pskil好久以前就上报过还曾经在样本区发过帖子[:xi32:] l
http://bbs.kafan.cn/viewthread.php?tid=199275
红伞报autorun病毒防火墙的VirusDef.dll文件为TR/Cinmus.167936
软件名称:autorun病毒防火墙的VirusDef.dll文件下载地址:[url]http://download.pchome.net/utility/antivirus/others/detail-66081-0.html[/url]
误报名称:TR/Cinmus.167936
尚未上报,请楼主帮忙上报,谢谢
回复 11楼 zhangxueyou 的帖子
请将误报文件以附件发上来,谢谢回复 11楼 zhangxueyou 的帖子
File ID Filename Size (Byte) Result3812465 VirusDef.dll 164 KB FALSE POSITIVE
Please find a detailed report concerning each individual sample below: Filename Result VirusDef.dll FALSE POSITIVE
The file 'VirusDef.dll' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection will not be removed due to the fact that the file contains unencrypted malicious patterns. This is an indicator that a legitimate detection or removal program did not encrypt parts that are used to identify malicious content. Please contact the manufacture of this file.
貌似这玩意以前上报过误报……“Please contact the manufacture of this file.”,呵呵 误报的病毒,谢谢了,我不太懂上报
红伞报网游天龙八部的Launch.exe和Launch.bin文件为ADSPY/Sohu.k
软件名称:网游天龙八部的Launch.exe和Launch.bin文件下载地址:[url=http://download.tl.sohu.com/tlbb/TLBB_0.33.0580.exe]http://download.tl.sohu.com/tlbb/TLBB_0.33.0580.exe[/url]
误报名称:ADSPY/Sohu.k
尚未上报
说明:下载下来的安装程序没报毒,是安装完,并且自动升级到最新版本才报毒的.
希望大家能帮忙上报一下,谢谢了
回复 14楼 nvhaichina 的帖子
File ID Filename Size (Byte) Result25019772 HostsSetter.exe 44 KB MALWARE
25019773 SMX.dll 233.5 KB DAMAGED FILE (UNKNOWN)
25019774 x##.dll 204.5 KB DAMAGED FILE (UNKNOWN)
25019777 ########.txt 129 Byte CLEAN
25019775 ######.ALG 2.27 KB CLEAN
25019776 ######.dll 307.33 KB CLEAN
The file 'HostsSetter.exe' has been determined to be 'MALWARE'. Our analysts named the threat PCK/PESpin. File has been compressed with an unusual runtime compression tool. Please make sure that this file comes from a trustworthy source.This malware is detected by a special detection routine from the engine module.
The file 'SMX.dll' has been determined to be 'DAMAGED FILE (UNKNOWN)'. In particular this means that this file is damaged and not working properly. We could not find any malicious content. However the heuristic detection module may still detect this particular file even though it is damaged. In that case we will not adjust and remove detection for this damaged file.
The file 'x##.dll' has been determined to be 'DAMAGED FILE (UNKNOWN)'. In particular this means that this file is damaged and not working properly. We could not find any malicious content. However the heuristic detection module may still detect this particular file even though it is damaged. In that case we will not adjust and remove detection for this damaged file. 文件名/软件名:魔兽中文名修改器
误报名:TR/FlyStudio.D.22
下载地址/链接地址:U9资源分享置顶帖([url=http://bbs.uuu9.com/viewthread.php?tid=1287514&extra=page%3D1]http://bbs.uuu9.com/viewthread.php?tid=1287514&extra=page%3D1[/url])
附件:[attach]266912[/attach][attach]266913[/attach]
是否上报:未上报
(PS:刚接触伞,还不知怎么上报,有人教下吗?3Q~)
回复 12楼 ykz1991 的帖子
附件不会上传啊,选项里没有,可能我积分不够,今天上传到virustotal,红伞还是报的,以前我是上报过的,记得是无尽藏海帮我上报的吧。下载地址是[url]http://download.pchome.net/utility/antivirus/others/detail-66081-0.html[/url],把下载到的压缩包解压缩后就看到VirusDef.dll这个文件,谢谢了
回复 18楼 zhangxueyou 的帖子
Detection will not be removed due to the fact that the file contains unencrypted malicious patterns.自己加排除吧,红伞不会排除的 The file 'Launch.exe' has been determined to be 'MALWARE'. Our analysts named the threat ADSPY/Sohu.K. The term "ADSPY/" denotes adware or spyware. This type of malware is able to change browser settings for example by manipulating registry settings or by using of NTFS-streams. Very often IEexploits are used to manipulate the browserhelp.dll.Detection is added to our virus definition file (VDF) starting with version 6.39.00.127.
报的无误~