红伞误报收集站

显示全部楼层 · 发表于 2008-7-27 13:55:40

文件名/软件名:  vnchooks.dll
误报名          :  TR/RemoteAdmin.VH
下载地址：网络人http://netman123.cn/index.asp
是否上报：       已上报
分析结果：
Thank you for your submission. Below you can see the current status of the uploaded files.

A listing of files alongside their results can be found below:

File ID	Filename	Size (Byte)	Result
2253871	vnchooks.dll	44 KB	MALWARE

Please find a detailed report concerning each individual sample below:

Filename	Result
vnchooks.dll	MALWARE

The file 'vnchooks.dll' has been determined to be 'MALWARE'.
Our analysts named the threat TR/RemoteAdmin.VH. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection is added to our virus definition file (VDF) starting with version 7.00.05.102.

Please note that you will receive an email which will contain the results shown above. In case the final outcome of the analysis is not yet finished for all files the notification will be sent once ready.

显示全部楼层 · 发表于 2008-7-27 14:05:09

文件名/软件名:  tsengine.dat
误报名          :
下载地址/链接地址: 传美qq 5.1

是否上报：       已上报
上报分析结果:
Suspicious Files and Miscellaneous Uploads
Thank you for your submission. Below you can see the current status of the uploaded files.

A listing of files alongside their results can be found below:

File ID	Filename	Size (Byte)	Result
25094621	tsengine.dat	90.31 KB	FALSE POSITIVE

Please find a detailed report concerning each individual sample below:

Filename	Result
tsengine.dat	FALSE POSITIVE

The file 'tsengine.dat' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection is removed from our virus definition file (VDF) with the version: 7.0.5.166.

Please note that you will receive an email which will contain the results shown above. In case the final outcome of the analysis is not yet finished for all files the notification will be sent once ready.

[ 本帖最后由 yao2003 于 2008-7-27 21:13 编辑 ]

显示全部楼层 · 发表于 2008-7-27 20:23:39

谢谢

显示全部楼层 · 发表于 2008-7-27 21:12:26

文件名/软件名 :setup-real.exe
误报名:DR/Agent.199848
下载地址/链接地址（如有的话）: http://realplayer.cn.real.com/?lang=cn&loc=cn
附件（方便上传的话）
是否上报：已上报
上报分析结果

Thank you for your submission. Below you can see the current status of the uploaded files.

A listing of files alongside their results can be found below:

File ID Filename Size (Byte) Result
1329049 setup-real.exe 195.16 KB MALWARE

Please find a detailed report concerning each individual sample below:

Filename Result
setup-real.exe MALWARE

The file 'setup-real.exe' has been determined to be 'MALWARE'.
Our analysts named the threat DR/Agent.199848. The term "DR/" denotes a program that is able to place a virus or a malware discretely on a system.Detection is added to our virus definition file (VDF) starting with version 7.00.00.69.

Please note that you will receive an email which will contain the results shown above. In case the final outcome of the analysis is not yet finished for all files the notification will be sent once ready.

文件 setup-real.exe 接收于 2008.07.24 02:07:05 (CET)
当前状态: 完成
结果: 13/33 (39.39%)

格式化文本
打印结果

反病毒引擎版本最后更新扫描结果
AhnLab-V3 - - -
AntiVir - - DR/Agent.199848
Authentium - - W32/Backdoor2.BRUR
Avast - - Win32:Adware-gen
AVG - - Downloader.Generic6.AIGE
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - Adware.Cdn
eSafe - - -
eTrust-Vet - - -
Ewido - - -
F-Prot - - W32/Backdoor2.BRUR
F-Secure - - -
Fortinet - - Adware/Cdnhelper
GData - - -
Ikarus - - Win32.AdWare.CDN
Kaspersky - - -
McAfee - - -
Microsoft - - BrowserModifier:Win32/CNNIC
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - Malicious Software
Rising - - -
Sophos - - CNav
Sunbelt - - -
Symantec - - -
TheHacker - - -
TrendMicro - - -
VBA32 - - Win32.Adware.CDN
VirusBuster - - -
Webwasher-Gateway - - Trojan.Dropper.Agent.199848
附加信息
MD5: 6a36608cd65ea44c197a70bfb8c97502
SHA1: 411a40ea14d8f51da2cce3f70b88eb934ed76ed6
SHA256: 03f2f4ed8fdaac9ee31f143515bc14f8049e294a78b4cc6a809d30840f6c8699
SHA512: 61570cf1019ae8f90409a0ffdde9d9cc00b51476ceecc0422b5d8297d83dc4c558a4e7f1da

显示全部楼层 · 发表于 2008-7-28 10:43:03

文件名/软件名 Autorun病毒防御者
误报名          adware or spyware
下载地址/链接地址（如有的话）    http://www.rensoft.com.cn/releases/1.html
附件（方便上传的话）    有
是否上报：已上报/未上报上报
上报分析结果
File ID FilenameSize (Byte)Result
25098023 AutoGuarder.rar713.5
A listing of files contained inside archives alongside their results can be found below:
File ID FilenameSize (Byte)Result
25055383 AutoGuarder.exe 429.5 KB FALSE POSITIVE
25057359 LiveUpdate.exe 328 KB FALSE POSITIVE
25055384 Update.exe 86 KB FALSE POSITIVE

[ 本帖最后由 xfgb 于 2008-7-30 08:42 编辑 ]

显示全部楼层 · 发表于 2008-7-28 10:51:29

文件名/软件名 PorxyThorn ┊花刺代理
误报名    TR/Agent.467032 Trojan
下载地址/链接地址（如有的话） http://sinofreebird.bokee.com/
附件（方便上传的话）    有
是否上报：已上报/未上报    是
上报分析结果
We received the following archive files:
File ID FilenameSize (Byte)Result
25098043 ProxyThorn.rar184.63 KBOK
A listing of files contained inside archives alongside their results can be found below:
File ID FilenameSize (Byte)Result
25098044 ProxyThorn.exe 456.22 KB FALSE POSITIVE

[ 本帖最后由 xfgb 于 2008-7-30 08:40 编辑 ]

显示全部楼层 · 发表于 2008-7-29 14:00:05

软件名~街机游戏里的WinKawaks
误报名 WinKawaks.exe
Is the TR/Proxy.Q0F Trojan
未上报

显示全部楼层 · 发表于 2008-7-29 15:57:00

QQ升级文件QQUpdateCenter.exe误报为TR/Dldr.Agent.xna 木马

显示全部楼层 · 发表于 2008-7-30 08:58:23

文件名/软件名 iDreamPiano
误报名 Contains HEUR/Crypted suspicious code
下载地址/链接地址 http://www.skycn.com/soft/41715.html#download
附件有
是否上报：已上报
上报分析结果

File ID Filename Size (Byte) Result
25100140 iDreamPiano3_Demo.exe 257 KB UNDER ANALYSIS

Please find a detailed report concerning each individual sample below:

Filename Result
iDreamPiano3_Demo.exe UNDER ANALYSIS

-------------------------------------------------------------
收到回复了：
A listing of files alongside their results can be found below:

File ID Filename Size (Byte) Result
25100140 iDreamPiano3_Demo.exe 257 KB FALSE POSITIVE

Please find a detailed report concerning each individual sample below:

Filename Result
iDreamPiano3_Demo.exe FALSE POSITIVE

The file 'iDreamPiano3_Demo.exe' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection will be removed from our virus definition file (VDF) with one of the next updates.

[ 本帖最后由 xfgb 于 2008-7-30 17:32 编辑 ]

显示全部楼层 · 发表于 2008-7-31 09:17:19

Dear Sir or Madam,

Thank you for your email to Avira's virus lab.
Tracking number: INC00185308.

A listing of files alongside their results can be found below:

File ID  Filename Size (Byte) Result
25100716  asx-in.exe  12.72 KB  FALSE POSITIVE

Please find a detailed report concerning each individual sample below:

Filename Result  asx-in.exe  FALSE POSITIVE

The file 'asx-in.exe' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection will be removed from our virus definition file (VDF) with one of the next updates.

Alternatively you can see the analysis result here:
http://analysis.avira.com/sample ... p;incidentid=185308

An overview of all your submissions can be found here:
http://analysis.avira.com/sample ... AhC951ZZDXdGwBz9fLL

Please note: The detection of Spy/Adware is not available in the product "AntiVir PersonalEdition Classic". Please address specific questions to support@avira.com

Kind regards
Avira Virus Lab

---------------------------------------------
Avira GmbH
Lindauer Str. 21, D-88069 Tettnang, Germany
Phone: +49 (0) 7542-500 0
Fax: +49 (0) 7542-525 10
Internet: http://www.avira.com

CEO: Tjark Auerbach
Headquarter: Tettnang
Commercial register: AG Ulm HRB 630992
---------------------------------------------

[讨论] 红伞误报收集站

本帖子中包含更多资源

评分

本帖子中包含更多资源

评分

本帖子中包含更多资源

评分

本帖子中包含更多资源

评分

本帖子中包含更多资源

评分

评分

评分