红伞误报收集站

浩宇瀚海

误报QQ内的一个EXE文件，报的是木马，具体文件见附件

独孤九剑

文件名/软件名:  通达信的委托程序  tc.exe
误报名             :  MALWARE
下载地址/链接地址: 通达信
是否上报：        已上报
上报分析结果:

Dear Sir or Madam,

Thank you for your email to Avira's virus lab.
Tracking number: INC00228745.


A listing of files alongside their results can be found below:

File ID	Filename	Size (Byte)	Result
25095675	Tc.exe	64 KB	FALSE POSITIVE

Please find a detailed report concerning each individual sample below:

Filename

Result

Tc.exe

FALSE POSITIVE

The file 'Tc.exe' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection will be removed from our virus definition file (VDF) with one of the next updates.

Alternatively you can see the analysis result here:

funzone

软件名:hash03.exe
误报名:HEUR/Crypted
下载地址/链接地址  :《加密与解密（第二版）》光盘
附件：
是否上报：未上报
MD5         : A4184E77F0B2ED37FDC850A9758382A7

nbnbsbsb

原帖由 nbnbsbsb 于 2008-11-22 14:38 发表
fphelper.dll
fine plus  qq插件

还是这个文件，虽然已经排除，不是误报了，但是如果他在qq安装目录里(也就是与fine plus外挂安装的目录)还是会被删掉，单独取出来就没关系。
文件:
http://bbs.kafan.cn/attachment.php?aid=403904&k=6c9442b207293cf2434c492a0c8d197c&t=1228582819

我把这个qq的集成安装包地址发来，看avira能将这个问题解决不。
http://xz6.997.cn/997dtb/tb/SPEEDQQ2008_997.CN.rar
http://tb.997.cn/997tb/tb/SPEEDQQ2008_997.CN.rar
http://key.997.cn/997/tb/SPEEDQQ2008_997.CN.rar
http://www1.997.cn/tb/tb/SPEEDQQ2008_997.CN.rarhttp://xz5.997.cn/997tb/tb/SPEEDQQ2008_997.CN.rar

wingout

一个可疑文件，扫描结果：http://virscan.org/report/bdb2dc49032711c0c3d346fb05d9ce63.html

文件名：winMd5Sum.exe
是否上报：已上报
上报分析结果：

Dear Sir or Madam,
Thank you for your email to Avira's virus lab.
Tracking number: INC00234202.

A listing of files alongside their results can be found below:
File ID FilenameSize (Byte)Result
25205004 winMd5Sum.exe 48 KB CLEAN

Please find a detailed report concerning each individual sample below:
FilenameResult winMd5Sum.exe CLEAN
The file 'winMd5Sum.exe' has been determined to be 'CLEAN'. Our analysts did not discovered any malicious content.
Alternatively you can see the analysis result here:
http://analysis.avira.com/samples/details.php?uniqueid=qnSBWVLdrQZZAEXT3ykIjgrymNWhCrcT&incidentid=234202
An overview of all your submissions can be found here:
http://analysis.avira.com/samples/details.php?uniqueid=qnSBWVLdrQZZAEXT3ykIjgrymNWhCrcT
Please note: The detection of Spy/Adware is not available in the product "AntiVir PersonalEdition Classic". Please address specific questions to support@avira.com
Kind regards
Avira Virus Lab

[ 本帖最后由 wingout 于 2008-12-14 23:53 编辑 ]

ccc-a

文件名/软件名:PPlive里面的“MngModule.dll”文件。
An overview of all your submissions can be found here:
http://analysis.avira.com/sample ... QbqwgwHfXgDM0O6HBrk


Please note: The detection of Spy/Adware is not available in the product "AntiVir PersonalEdition Classic". Please address specific questions to support@avira.com

Kind regards
Avira Virus Lab

---------------------------------------------
Avira GmbH
Lindauer Str. 21, D-88069 Tettnang, Germany
Phone: +49 (0) 7542-500 0
Fax: +49 (0) 7542-525 10
Internet: http://www.avira.com

CEO: Tjark Auerbach
Headquarter: Tettnang
Commercial register: AG Ulm HRB 630992
---------------------------------------------

ccc-a

文件名/软件名:PPlive里面的“ Update.exe”文件
Alternatively you can see the analysis result here:
http://analysis.avira.com/sample ... p;incidentid=233910

An overview of all your submissions can be found here:
http://analysis.avira.com/sample ... QbqwgwHfXgDM0O6HBrk


Please note: The detection of Spy/Adware is not available in the product "AntiVir PersonalEdition Classic". Please address specific questions to support@avira.com

Kind regards
Avira Virus Lab

---------------------------------------------
Avira GmbH
Lindauer Str. 21, D-88069 Tettnang, Germany
Phone: +49 (0) 7542-500 0
Fax: +49 (0) 7542-525 10
Internet: http://www.avira.com

CEO: Tjark Auerbach
Headquarter: Tettnang
Commercial register: AG Ulm HRB 630992
---------------------------------------------

a279003350

今天误报了好多。

LZM329

Exported events:
2008-12-27 12:09 [Guard] Malware found
      Virus or unwanted program 'ADSPY/Sohu.K [adware]'
      detected in file 'D:\游戏\天龙八部\Launch.exe.
      Action performed: Delete file

LZM329

Exported events:
2008-12-27 12:12 [Scanner] Malware found
      The file 'C:\Program Files\OFFICE办公软件\office.exe'
      contained a virus or unwanted program 'HTML/Crypted.Gen' [virus]
      Action(s) taken:
      The file was deleted!
Exported events:
2008-12-27 12:12 [Scanner] Malware found
      The file 'C:\Program Files\OFFICE办公软件\word.exe'
      contained a virus or unwanted program 'HTML/Crypted.Gen' [virus]
      Action(s) taken:
      The file was deleted!