我家买了新电脑,一台DELL,里面预装mcafee。正好不能杀一个样本,那我今天上报好了。于是打800电话联系了迈克菲服务中心,得到回复:
>尊敬的客户,您好
感谢您联络迈克菲技术支援中心。
关于您提出的问题,我们的方案如下,请您参考:
请按照如下方式发送您的病毒样本至McAfee全球病毒实验室,
收到您的病毒样本后,我们将尽快处理您的问题。
步骤一:
1.请打开McAfee
2.点击【导航】
3.点击【实时扫描】
4.将【实时扫描】选为关闭
步骤二:
1.点击【导航】
2.点击【已隔离的项目】
3.将被隔离的项目【还原】
步骤三:
1.按照路径找出被隔离的项目,使用鼠标右键单击病毒,单击“添加到压缩文件” ,压缩文件格式选择“ZIP”,单击“高级”-“设置密码”,密码设置成“infected”,单击“确定”。
2.将使用您注册McAfee的邮箱地址,将样本发送至virus_research@avertlabs.com 如果病毒样本超过3M,请发送至mcvs201204@gmail.com
3.提交成功后会回复您一个病毒分析ID,以便您查询病毒处理进度。
步骤四(此步骤中的信息需要直接回复此邮件提供):
把生成的ID 和您的系统扫描日志作为附件发送给我们,另外请告知该程序的完整名称以及程序的用途,我们会代为与病毒实验小组人员沟通解决您的问题.
*系统扫描日志(注:是Logs文件夹,请直接压缩后用附件方式添加回复给我们)
日志文件夹路径如下:
Windows XP存放路径如下
C:\document and setting\all users\application data\McAfee\virus scan\logs文件夹
Windows Vista/Windows 7存放路径如下
C:\program data\McAfee\virus scan\logs文件夹
注1:如您是Windows Vista以及Windows7用户,请务必显示电脑所有的隐藏档案
1. 应用程序的名称:
2. 应用程序的类型:
3. 应用程序的制作公司:
4. 应用程序的来源:
5. 病毒文件的作用:
6. 病毒文件的来源:
例如:
应用程序的名称:QQ音乐
应用程序的类型:音乐播放器
应用程序的制作公司:腾讯
应用程序的来源: www.qq.com (下载链接)
病毒文件的作用: 破解补丁(若不清楚可不写)
病毒文件的来源: www.xxxx.com (下载链接)
祝您有愉快的一天!
我把样本发给Virus_Research@avertlabs.com,是16:45,16:46收到tracking,
McAfee Labs - Beaverton
Current Scan Engine Version:5600.1067
Current DAT Version:7412.0000
Thank you for your submission.
Analysis ID: 8071330
File Name Findings Detection Type Extra
--------------------|------------------------------|----------------------------|------------|-----
xxxxxxxxxx.exe |inconclusive | | |no
inconclusive [xxxxxxxxxx.exe]
Automated analysis was not able to determine that this file is malware. This file is
being sent for further processing and the DAT files will potentially be updated if
detection of this sample is warranted.
Note –
Due to the prevalence of network gateway AV products, it is important that all
submissions be zipped and the zip file password-protected (password - infected). Some
products will reject an email that contains a virus that is not sent in this way. In
addition, often we receive a file that appears not to have been infected, to find
later that the file was infected when it left the sender, and was cleaned somewhere
along the line.
McAfee Labs
本以为mcafee至少也要等个1天才能给结果吧。没想到,,,今天下午17:04,也就是20分钟不到,就收到邮件-《Escalation: 8071330 - EXTRA.DAT available》
McAfee Labs Sample Analysis
ID Number: 8071330 Identified: Generic.TRA
Synopsis:
Thank you for submitting your suspicious file(s) for analysis. Attached is an EXTRA.DAT file for extra detection.
This update will be added to our daily production DATs as soon as possible. Usually this will be within the next 48 hours but may be longer in certain circumstances.
Solution:
The attached EXTRA.DAT file will detect the following submitted files:
Filename MD5 digest
-------- ----------
xxxxxxxxxx.exe 6f7cc86bc2e75a231ed35f6f00d779b2
The EXTRA.DAT file should be copied into the directory where the other DAT files reside (the default folder is: C:\Program Files\Common Files\McAfee\Engine).
Additional information, including steps to deploy EXTRA.DAT files, is available in the following location: http://www.mcafee.com/us/threat-center/system-help/extra-dat.aspx
Support:
McAfee Labs accepts file samples for analysis and possible inclusion into AV signature DAT updates.
Additional information for submitting samples to McAfee is available in the following location: https://kc.mcafee.com/corporate/index?page=content&id=KB68030
Product related questions and comments can be addressed via McAfee Technical Support and Customer Services, including:
* Assistance with detection and cleaning or removal of malware
* Product installation and update questions
* Product usage questions
Please use the following links to reach our Technical Support group:
Business Customers: http://www.mcafee.com/us/support.aspx
Home Customers: http://home.mcafee.com/root/support.aspx
Regards,
McAfee Labs: McAfee Labs
McAfee Labs: http://www.mcafee.com/us/threat-center.aspx
McAfee Labs Blog: http://blogs.mcafee.com/mcafee-labs
*Disclaimer*
McAfee Labs researchers subject EXTRA.DAT files to a careful automatic test suite to verify their detection, and in order to reduce the possibility of "false alarm" detections or other issues and to improve their overall reliability. Note, however, that the McAfee Quality Assurance team has NOT tested or approved these files for release. McAfee makes no warranty that these files will be free from errors or other interruptions or that they will meet your requirements. To the maximum extent permitted by applicable law, MCAFEE DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT WITH RESPECT TO THESE FILES. Some states and jurisdictions do not allow limitations on implied warranties, so the above limitation may not apply to you. The foregoing provisions shall be enforceable to the maximum extent permitted by applicable law.
我勒个去,这是怎样的响应速度?!这速度完爆卡巴斯基,完爆Bitdefender,完爆Avira,完爆“宇宙第一”的360,,前三者人工处理周期分别是2小时-1个工作日。
我刚想在论坛发帖问咖啡上报要多长时间响应,结果,,我还没写完帖子回复就来了。 |
[复制链接]
发表于 2014-4-19 17:32:46
楼主
现在想想看,我和消停上报样本都得托关系才能入库。。