今天就来好好聊聊ARES的问题,一直以来,这个报法都被作为拉黑报法而饱受吐槽,而且仅仅只有楼主一直这样做。
IDP确实有与云联动,但我还没发现过其有拉黑的迹象。
现在开始举出几个典例:
[mw_shl_code=css,true]"";"IDP.ARES.Generic, C:\Users\Killer\Desktop\and515.exe";"Deleted, Moved to Virus Vault";"File or Directory";"2015/12/1, 20:10:31"
"";", C:\Users\Killer\Desktop\and515.exe";"Object was blocked";"Process";"2015/12/1, 20:10:31"
"";", C:\Windows\System32\msiexec.exe";"Object was blocked";"Process";"2015/12/1, 20:10:31"
"";", C:\Windows\System32\WerFault.exe";"Object was blocked";"Process";"2015/12/1, 20:10:31"
"";", C:\Users\Killer\Desktop\and515.exe";"Object was blocked";"Process";"2015/12/1, 20:10:31"[/mw_shl_code]
[mw_shl_code=css,true]"";"IDP.ARES.Generic, C:\Users\killer.Killer-PC\Desktop\d669379ad2f0af5f5df9940a7f2247883e9beb2e96a791a0c0ac9869ca9c49d9.exe";"Deleted, Moved to Virus Vault";"File or Directory";"2015/12/7, 22:09:01"
"";", C:\Windows\System32\sdbinst.exe";"Object was blocked";"Process";"2015/12/7, 22:09:01"
"";", C:\Windows\System32\sdbinst.exe";"Object was blocked";"Process";"2015/12/7, 22:09:01"
"";", C:\Windows\System32\iscsicli.exe";"Object was blocked";"Process";"2015/12/7, 22:09:01"
"";", C:\Windows\System32\iscsicli.exe";"Object was blocked";"Process";"2015/12/7, 22:09:01"
"";", C:\Users\killer.Killer-PC\AppData\Local\tPl4yheX\zh3VOgUZ.exe";"Deleted, Moved to Virus Vault";"File or Directory";"2015/12/7, 22:09:01"
"";", C:\Users\killer.Killer-PC\AppData\LocalLow\Po6MnKzz.bat";"Deleted, Moved to Virus Vault";"File or Directory";"2015/12/7, 22:09:01"
"";", C:\Users\killer.Killer-PC\Desktop\d669379ad2f0af5f5df9940a7f2247883e9beb2e96a791a0c0ac9869ca9c49d9.exe";"Object was blocked";"Process";"2015/12/7, 22:09:01"[/mw_shl_code]
[mw_shl_code=css,true]"";"IDP.ARES.Generic, C:\Users\Killer\Desktop\bc054e7d840f8e93c599c0bff2686fd9486509eca968700da1bcd1622a6caf2f.exe";"Deleted, Moved to Virus Vault";"File or Directory";"2015/11/30, 22:10:51"
"";", C:\Users\Killer\Desktop\bc054e7d840f8e93c599c0bff2686fd9486509eca968700da1bcd1622a6caf2f.exe";"Object was blocked";"Process";"2015/11/30, 22:10:51"
"";", C:\Users\Killer\Desktop\bc054e7d840f8e93c599c0bff2686fd9486509eca968700da1bcd1622a6caf2f.exe";"Object was blocked";"Process";"2015/11/30, 22:10:51"
"";", C:\Windows\System32\sdbinst.exe";"Object was blocked";"Process";"2015/11/30, 22:10:51"
"";", C:\Windows\System32\sdbinst.exe";"Object was blocked";"Process";"2015/11/30, 22:10:51"
"";", C:\Windows\System32\iscsicli.exe";"Object was blocked";"Process";"2015/11/30, 22:10:51"
"";", C:\Windows\System32\iscsicli.exe";"Object was blocked";"Process";"2015/11/30, 22:10:51"
"";", C:\Users\Killer\AppData\Local\6aC2RnQZ\lXMinAbJ.exe";"Deleted, Moved to Virus Vault";"File or Directory";"2015/11/30, 22:10:51"
"";", C:\Users\Killer\AppData\LocalLow\Fa4mmKX7.bat";"Deleted, Moved to Virus Vault";"File or Directory";"2015/11/30, 22:10:51"
"";", C:\Users\Killer\Desktop\bc054e7d840f8e93c599c0bff2686fd9486509eca968700da1bcd1622a6caf2f.exe";"Object was blocked";"Process";"2015/11/30, 22:10:51"[/mw_shl_code]
[mw_shl_code=css,true]"";"IDP.ARES.Generic, C:\Users\Killer\Desktop\TMPC93F.exe";"Deleted, Moved to Virus Vault";"File or Directory";"2015/12/4, 19:11:37"
"";", C:\Users\Killer\Desktop\TMPC93F.exe";"Object was blocked";"Process";"2015/12/4, 19:11:37"
"";", C:\Users\Killer\Desktop\TMPC93F.exe";"Object was blocked";"Process";"2015/12/4, 19:11:37"
"";", C:\Users\Killer\Desktop\TMPC93F.exe";"Object was blocked";"Process";"2015/12/4, 19:11:37"
"";", C:\Windows\explorer.exe";"Object was blocked";"Process";"2015/12/4, 19:11:37"
"";", C:\Windows\ubofymhs.exe";"Deleted, Moved to Virus Vault";"File or Directory";"2015/12/4, 19:11:37"
"";", HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\HGWZUFOQ";"Deleted, Moved to Virus Vault";"Registry value";"2015/12/4, 19:11:37"
"";", C:\Users\Killer\Desktop\TMPC93F.exe";"Object was blocked";"Process";"2015/12/4, 19:11:37[/mw_shl_code]
以上均是ARES报法的几个典型例子。如果硬要说是因为网络延迟而导致的反应迟钝,那对不起,我这边的网络环境非常良好,是不太也不可能出现因为网络延迟而导致的反应迟钝;如果说这是一种纯粹的拉黑报法,在网络环境良好的情况下,又怎么会轻易地让威胁得手,只要在运行前弹个窗拦截一下,意思意思就行了。
另根据AVG官方提供的文档显示,无论是与云联动,或者是本地的特征样式发力,它无疑是一种通杀报法。
[mw_shl_code=css,true]IDP ARES Generic is a potential threat. Threats, when malicious, can be used to interfere with the normal operation of a computer, gather personal information or allow a hacker to access the device remotely without the user's consent.
This kind of software usually arrives in the form of an unwanted download from a malicious website or as code illegally injected into a legitimate website without the webmaster's knowledge. It can also be received as an email attachment or an instant message from an untrusted source.
What does IDP ARES Generic do?
If determined to be malware, actions can include:
- Stealing hard disk space and memory, slowing down or completing stopping the PC
- Corrupting or deleting data
- Compromising the entire system by providing remote access to hackers
- Stealing passwords and other sensitive information
- Gathering information about your web-browsing habits without your consent for advertising purposes
- Installing other unwanted software
Generally, most malicious threats can be detected and removed by AVG.[/mw_shl_code]
帖子来源:
http://bbs.kafan.cn/thread-1867798-1-1.html
http://bbs.kafan.cn/thread-1866977-1-1.html
http://bbs.kafan.cn/thread-1868415-1-1.html
http://bbs.kafan.cn/thread-1867194-1-1.html
http://bbs.kafan.cn/thread-2030207-1-1.html
|
发表于 2016-3-15 19:04:21
