好像是误报？

基哥

文件信息

文件名称 :	perfmte.rar
文件大小 :	47070 byte
文件类型 :	RAR archive data, v1d, os
MD5 :	86ab6e1362e4b37d5c5d31d8752c2037
SHA1 :	807af911824abef0fe5a3ea451a66b9049992e68

扫描结果

扫描结果 :	6%的杀软(2/35)报告发现病毒
时间 :	2008/02/05 20:12:56 (CST)

软件名称	引擎版本	病毒库版本	病毒库时间	扫描结果	时间
a-squared	3.0.0.126	2008.02.04	2008-02-04	-	4.521
AntiVir	7.6.0.62	7.0.2.93	2008-02-05	HEUR/Malware	11.415
Arcavir	1.0.4	200802041635	2008-02-04	-	9.080
AVAST	1.0.8	080204-0	2008-02-04	-	14.008
AVG	7.5.51.442	269.19.20/1260	2008-02-05	-	8.966
BitDefender	7.60825.978997	7.17339	2008-02-05	-	16.367
CA (VET)	9.0.0.143	31.3.5512	2008-02-05	-	22.829
ClamAV	0.92	5692	2008-02-05	-	0.069
Comodo	2.11	2.0.0.426	2008-02-05	-	1.521
CP Secure	1.1.0.695	2008.02.04	2008-02-04	-	21.995
Dr.WEB	4.44.0.9170	2008.02.05	2008-02-05	-	10.703
ewido	4.0.0.2	2008.02.05	2008-02-05	-	2.703
F-PROT	4.4.1.52	20080204	2008-02-04	-	2.205
F-SECURE	5.51.6100	2008.02.04.04	2008-02-04	-	3.299
IKARUS	T3.1.01.15	2008.02.05.70261	2008-02-05	-	1.864
MKS_VIR	2.01	2008.02.05	2008-02-05	-	10.086
NORMAN	5.91.10	5.90	2008-02-04	-	7.982
nProtect	2008-02-05.00	1162497	2008-02-05	-	5.117
Prevx	V2	20080205	2008-02-05	-	3.578
QuickHeal	9.00	2008.02.04	2008-02-04	-	3.908
SOPHOS	2.53.1	4.25	2008-02-04	-	3.984
The Hacker	6.2.9	v00209	2008-02-04	-	1.218
VBA32	3.12.6.0	20080204.2223	2008-02-04	-	3.097
ViRobot	20080205	2008.02.05	2008-02-05	-	0.732
VirusBuster	4.3.19:9	9.121.1/11.0	2008-02-04	-	3.758
卡巴斯基	5.5.10	2008.02.05	2008-02-05	-	13.606
安博士V3	2008.02.05.10	2008.02.05	2008-02-05	-	1.973
江民杀毒	10.00.650	2008.02.05	2008-02-05	-	1.604
熊猫卫士	9.04.03.0001	2008.02.04	2008-02-04	-	2.838
瑞星	20.0	20.31.50.00	2008-02-16	-	1.507
赛门铁克	1.3.0.24	20080204.003	2008-02-04	-	0.273
趋势	8.500-1001	4.978.08	2008-02-04	-	0.045
迈克菲	5.2.00	5222	2008-02-04	-	5.010
金山毒霸	2007.6.20.249	2008.2.5	2008-02-05	-	1.094
飞塔	2.81-3.11	8.714	2008-02-05	Suspicious	2.445

注意: 就算报告发现病毒，也可能是杀软误报，请根据查毒结果自行判断

复制到剪贴板

Graybird

The file 'perfmte.exe' has been determined to be 'UNDER ANALYSIS'.

上报~

冷冷

SBie 跑了下

Graybird

Starting the file scan:

Begin scan in 'E:\system32.rar'
E:\system32.rar
  [0] Archive type: RAR
  --> system32\javaiehlp.dll
      [DETECTION] Contains suspicious code HEUR/Malware
  --> system32\wmpdvdex.dll
      [DETECTION] Contains suspicious code HEUR/Malware
      [WARNING]   The file was ignored!

上报~

leonfg

原帖由 冷_冷 于 2008-2-5 20:28 发表
SBie 跑了下

196821196822

nod 蜘蛛 继续过

Graybird

The file 'perfmte.exe' has been determined to be 'MALWARE'. Our analysts named the threat TR/Agent.135203. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection will be added to our virus definition file (VDF) with one of the next updates. Please note that Avira's proactive heuristic detection module AHeAD detected this threat up front without the latest VDF update as: HEUR/Malware.

wangjay1980

可能是某个音频软件的，扔给KL

Graybird

The file 'wmpdvdex.dll' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection will be removed from our virus definition file (VDF) with one of the next updates

FALSE POSITIVE~

基哥

真的是误报

wangjay1980

Hello,

msfv32.dll, perfmte.exe_

No malicious code were found in these files.

Please quote all when answering.

--
Best regards, Goncharov Ilya
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.



> Attachment: msfv32.rar
> Attachment: perfmte.rar