红伞误报收集站

emutony

Dear Sir or Madam,

Thank you for your email to Avira's virus lab.
Tracking number: INC00193567.



A listing of files alongside their results can be found below:

File ID  Filename Size (Byte) Result
1298608  1KG_su.exe  545.81 KB  FALSE POSITIVE


Please find a detailed report concerning each individual sample below:

Filename Result  1KG_su.exe  FALSE POSITIVE

The file '1KG_su.exe' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection will be removed from our virus definition file (VDF) with one of the next updates.

Alternatively you can see the analysis result here:
http://analysis.avira.com/sample ... p;incidentid=193567

An overview of all your submissions can be found here:
http://analysis.avira.com/sample ... AhC951ZZDXdGwBz9fLL

sanhu35

今天更新后的误报。

choso

文件名：UltraISO.exe (版本7.6.5.1269)
误报名：HEUR/Malware
是否上报：
Tracking number: INC00195013.

A listing of files alongside their results can be found below:

File ID	Filename	Size (Byte)	Result
25121155	UltraISO.exe	2.79 MB	FALSE POSITIVE

Please find a detailed report concerning each individual sample below:

Filename

Result

UltraISO.exe

FALSE POSITIVE

The file 'UltraISO.exe' has been determined to be 'FALSE POSITIVE'.In particular this means that this file is not malicious but a false alarm.Detection will not be removed due to the fact that the file doesnot belong to a regular piece of software. This software can be usedfor an evasion of security protections in several computer programs. Ifwe will find some malicious code inside the suspicious file anyway, wewill integrate the pattern recognition in one of our next updates. Incase AntiVir can detect this file we will not change or remove ourdetection.
Alternatively you can see the analysis result here:
http://analysis.avira.com/samples/details.php?uniqueid=YpRqD4OYxYYVt0WPADJVFBw55gOAzspV&incidentid=195013

An overview of all your submissions can be found here:
http://analysis.avira.com/samples/details.php?uniqueid=YpRqD4OYxYYVt0WPADJVFBw55gOAzspV

Please note: The detection of Spy/Adware is not available in theproduct "AntiVir PersonalEdition Classic". Please address specificquestions to support@avira.com

[ 本帖最后由 choso 于 2008-8-27 12:44 编辑 ]

lookljl

文件名/软件名:清除所有多余的启动项目.cmd
是否上报：        已上报
上报分析结果:
Thank you for your email to Avira's virus lab.
Tracking number: INC00195862.



A listing of files alongside their results can be found below:

File ID             Filename Size (Byte)                            Result
3822998  ???????????.cmd...??.cmd  4.96 KB  FALSE POSITIVE


Please find a detailed report concerning each individual sample below:

Filename Result
???????????.cmd...??.cmd  FALSE POSITIVE

The file '???????????.cmd' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection is removed from our virus definition file (VDF) with the version: 7.0.6.71.
Alternatively you can see the analysis result here:
http://analysis.avira.com/samples/details.php?uniqueid=8DdKz5X7MrfDGQkwYSskQrPLCrU4D5K6&incidentid=195862

An overview of all your submissions can be found here:
http://analysis.avira.com/samples/details.php?uniqueid=8DdKz5X7MrfDGQkwYSskQrPLCrU4D5K6


翻译：
档案'???????????. cmd '已被确定为'假阳性' 。尤其是这意味着，这个档案是没有恶意，但虚惊一场。检测是从我们的病毒定义档器（ VDF ）与版本： 7.0.6.71 。
                        英文邮件中中文变成？
清除所有多余的启动项目.cmd是安装GHOST XP3 9.2后，出现在C:\Program Files\装机人员工具\
清除所有多余的启动项目.cmd

[ 本帖最后由 lookljl 于 2008-8-27 08:53 编辑 ]

emutony

Dear Sir or Madam,

Thank you for your email to Avira's virus lab.
Tracking number: INC00195175.



A listing of files alongside their results can be found below:

File ID  Filename Size (Byte) Result
25121315  ?????????V1.0.exe....0.exe  858.18 KB  FALSE POSITIVE


Please find a detailed report concerning each individual sample below:

Filename Result  ?????????V1.0.exe....0.exe  FALSE POSITIVE

The file '?????????V1.0.exe' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection will be removed from our virus definition file (VDF) with one of the next updates.

Alternatively you can see the analysis result here:
http://analysis.avira.com/sample ... p;incidentid=195175

An overview of all your submissions can be found here:
http://analysis.avira.com/sample ... AhC951ZZDXdGwBz9fLL

yao2003

文件名:vray.exe(vr注册机）
误报名:TR/Agent.49152.BE
附件（）
是否上报：已上报
上报分析结果:
A listing of files alongside their results can be found below:

File ID	Filename	Size (Byte)	Result
25056265	VRay.exe	48 KB	FALSE POSITIVE

Please find a detailed report concerning each individual sample below:

Filename	Result
VRay.exe	FALSE POSITIVE

The file 'VRay.exe' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection will not be removed due to the fact that the file does not belong to a regular piece of software. This software can be used for an evasion of security protections in several computer programs. If we will find some malicious code inside the suspicious file anyway, we will integrate the pattern recognition in one of our next updates. In case AntiVir can detect this file we will not change or remove our detection.


Please note that you will receive an email which will contain the results shown above. In case the final outcome of the analysis is not yet finished for all files the notification will be sent once ready.

痛苦的信仰

文件名 TerSafe.dll
误报名 Is the TRCrypt.XPACK.Gen.Trojan]
穿越火线的程序
已上报
结果分析
The file 'TerSafe.dll' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection will be removed from our virus definition file (VDF) with one of the next updates.

T_Tmac

Virus or unwanted program 'TR/Dropper.Gen [trojan]'
detected in file 'C:\boot\ghos\gho_run.exe.
Action performed: Allow access

这个算嘛？  ghost 文件夹里的东西 别的杀毒软件都没报过的

llydmissile

文件名 误报名
C:\WINDOWS\system32\MakeRun.exe
Date: 13.07.2005  Time: 13:56:26  Size: 2560
ALERT: [TR/Rootkit.Gen] C:\WINDOWS\system32\MakeRun.exe <<< Is the Trojan horse TR/Rootkit.Gen

已上报。AL不认为是误报
病毒库为今天的。下载完毕时间 2008年8月31日, 6:23:58 下午
使用will的命令行扫描期发现

The file 'MakeRun.exe' has been determined to be 'DAMAGED FILE (MALWARE)'.In particular this means that this file is damaged and notworking properly. Nevertheless we were able to determine that itcontains malicious code fragments.

附VirSCAN扫描结果
————————————————————
VirSCAN.org Scanned Report :
Scanned time   : 2008/09/01 17:20:02 (CST)
Scanner results: 3%的杀软(1/36)报告发现病毒
File Name      : MakeRun.rar
File Size      : 920 byte
File Type      : RAR archive data, v1d, os
MD5            : 8afa8db5d29f79bce6f8c8249bfb6e0a
SHA1           : aa31450dc05e2a4c70bcfbd747ac991f91a1a6b1
Online report  : http://virscan.org/report/5c4180554a2d98a2805a16c1438cf1f4.html

Scanner        Engine Ver      Sig Ver           Sig Date    Time   Scan result
a-squared      3.5.0.22        2008.08.31        2008-08-31  2.31   -
安博士V3       2008.09.01.00   2008.09.01        2008-09-01  0.88   -
AntiVir        7.8.1.23        7.0.6.97          2008-09-01  2.27   TR/Rootkit.Gen
Arcavir        1.0.5           200808311533      2008-08-31  1.19   -
AVAST!         3.0.1           080831-0          2008-08-31  0.00   -
AVG            7.5.51.442      270.6.14/1645     2008-09-01  1.54   -
BitDefender    7.60825.1690752 7.20766           2008-09-01  2.94   -
CA (VET)       9.0.0.143       31.6.6057         2008-08-29  5.25   -
ClamAV         0.93.3          8126              2008-09-01  0.00   -
Comodo         2.11            2.0.0.634         2008-09-01  0.44   -
CP Secure      1.1.0.715       2008.09.01        2008-09-01  6.51   -
Dr.Web         4.44.0.9170     2008.09.01        2008-09-01  3.15   -
ewido          4.0.0.2         2008.08.31        2008-08-31  2.44   -
F-Prot         4.4.4.56        20080831          2008-08-31  1.26   -
F-Secure       5.51.6100       2008.09.01.01     2008-09-01  3.21   -
飞塔           2.81-3.11       9.499             2008-09-01  1.75   -
ViRobot        20080901        2008.09.01        2008-09-01  0.41   -
Ikarus         T3.1.01.34      2008.08.31.71372  2008-08-31  3.28   -
江民杀毒       11.0.706        2008.09.01        2008-09-01  1.19   -
卡巴斯基       5.5.10          2008.09.01        2008-09-01  0.03   -
金山毒霸       2008.1.14.15    2008.9.1.17       2008-09-01  0.61   -
迈克菲         5.3.00          5373              2008-08-29  2.11   -
Microsoft      1.3807          2008.09.01        2008-09-01  4.14   -
mks_vir        2.01            2008.08.25        2008-08-25  2.59   -
Norman         5.93.01         5.93.00           2008-08-29  4.92   -
熊猫卫士       9.05.01         2008.08.31        2008-08-31  2.15   -
趋势科技       8.700-1004      5.512.01          2008-08-31  0.02   -
Quick Heal     9.50            2008.08.29        2008-08-29  1.68   -
瑞星           20.0            20.60.01.00       2008-09-01  0.74   -
Sophos         2.78.0          4.33              2008-09-01  1.70   -
Sunbelt        3.1.1592.1      2210              2008-08-29  0.42   -
赛门铁克       1.3.0.24        20080831.003      2008-08-31  0.06   -
nProtect       2008-08-29.00   1993388           2008-08-29  3.66   -
The Hacker     6.3.0.6         v00068            2008-08-29  0.40   -
VBA32          3.12.8.4        20080831.1339     2008-08-31  1.20   -
VirusBuster    4.5.11.10       10.86.1/623289    2008-08-31  0.80   -

[ 本帖最后由 llydmissile 于 2008-9-1 17:23 编辑 ]

llydmissile

文件名 误报名
C:\Documents and Settings\fangzheng\Local Settings\Temporary Internet Files\Content.IE5\Q1LQ369W\welcome.he.vnet[1].htm
Date: 31.08.2008  Time: 11:28:56  Size: 10426
ALERT: [HTML/Infected.WebPage.Gen] C:\Documents andSettings\fangzheng\Local Settings\Temporary InternetFiles\Content.IE5\Q1LQ369W\welcome.he.vnet[1].htm <<< Containsdetection pattern of the HTML script virus HTML/Infected.WebPage.Gen



已上报。AL认为是malware.
病毒库为今天的。下载完毕时间 2008年8月31日, 6:23:58 下午
使用will的命令行扫描期发现

The file 'welcome.he.vnet[1].htm' has been determined to be 'MALWARE'.
Our analysts named the threat HTML/Infected.WebPage.Gen.The term "HTML/" denotes a script-virus that is able to infect the system using a HTML script.This malware is detected by a special detection routine from the engine module.

这可是互联星空起始页啊！被硬件锁定的开猫第一页啊！这。。。

[ 本帖最后由 llydmissile 于 2008-9-1 22:46 编辑 ]