带壳入库者可以哭了ed1c8

kristen2

原帖由 EQ2 于 2007-7-24 15:34 发表
你是如此的搞笑

没看出怎么搞笑，你根本没有运行。

lsyer

不是误报
我上报给雨伞的了
雨伞说的确是毒。。。

qwerasdf123

卡巴作出反应 ：D

Hello.
Sorry, it's false alarm. It's detection will be deleted in the next update. Thank you for your help.
-----------------
Regards, Vladimir Krylov
Virus Analyst, Kaspersky Lab.

Ph.: +7(495) 797-8700
E-mail: newvirus@kaspersky.com
http://www.kaspersky.com   http://www.viruslist.com


> Attachment: calc.rar

>  password : virus
>
>

qwerasdf123

这是红伞的反应， 我倒
Dear Sir or Madam,

Thank you for your email to Avira's virus lab.
Tracking number: INC00066023.



A listing of files alongside their results can be found below:

File ID  Filename  Size (Byte) Result
1113893  _calc.exe  78.5 KB  MALWARE


Please find a detailed report concerning each individual sample below:

Filename Result  _calc.exe  MALWARE

The file '_calc.exe' has been determined to be 'MALWARE'. Our analysts named the threat TR/Dropper.Delf.AAH.19. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection is added to our virus definition file (VDF) starting with version 6.39.00.181.

Alternatively you can see the analysis result here:
http://analysis.avira.com/sample ... mp;incidentid=66023

An overview of all your submissions can be found here:
http://analysis.avira.com/sample ... ZYFOPbEdGv37Gqy8tmJ


Please note: The detection of Spy/Adware is not available in the product "AntiVir PersonalEdition Classic". Please address specific questions to support@avira.com

Kind regards
Avira Virus Lab

---------------------------------------------
Avira GmbH
Lindauer Str. 21, D-88069 Tettnang, Germany
Phone: +49 (0) 7542-500 0
Fax: +49 (0) 7542-525 10
Internet: http://www.avira.com

CEO: Tjark Auerbach
Headquarter: Tettnang
Commercial register: AG Ulm HRB 630992
---------------------------------------------

lsyer

原帖由 qwerasdf123 于 2007-7-24 21:47 发表
这是红伞的反应， 我倒
Dear Sir or Madam,

Thank you for your email to Avira's virus lab.
Tracking number: INC00066023.



A listing of files alongside their results can be found below:

...

的确有点诧异
我刚才实体机运行了下
没有什么动作 自动退出~

[ 本帖最后由 lsyer 于 2007-7-24 22:00 编辑 ]

solcroft

这个红伞所谓的dropper不知到底想drop什么鬼，根本就没有生成物

AVG报Dropper.Delf.aah

chow2006

原帖由 Nblock 于 2007-7-24 09:54 发表
费尔就会这样

不单费尔会这样吧? 加了壳只要软件脱不了的就算是自己的也不认识了.当然会报,其它杀软的也一样.
当然,费尔本身没有脱壳模块.

scottxzt

这东西难说了,这么多杀软报,一定有病毒特征,运行后也没有反映,也不是个完整的程序.现在只能这么说是个带病毒特征码的损坏文件.

lsyer

原帖由 chow2006 于 2007-7-25 12:10 发表



不单费尔会这样吧? 加了壳只要软件脱不了的就算是自己的也不认识了.当然会报,其它杀软的也一样.
当然,费尔本身没有脱壳模块.

我认为报壳无可厚非~
但是说明白是壳啊
别胡说八道什么的
觉得雨伞这方面有进步了
IKARUS大有取代雨伞之势~