红伞误报收集站

zhangxueyou

软件名称：autorun病毒防火墙的VirusDef.dll文件
下载地址：http://download.pchome.net/utili ... detail-66081-0.html
误报名称：TR/Cinmus.167936
尚未上报，请楼主帮忙上报，谢谢

ykz1991

请将误报文件以附件发上来，谢谢

无尽藏海

File ID         Filename        Size (Byte)        Result
3812465         VirusDef.dll         164 KB         FALSE POSITIVE



Please find a detailed report concerning each individual sample below: Filename        Result         VirusDef.dll         FALSE POSITIVE


The file 'VirusDef.dll' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection will not be removed due to the fact that the file contains unencrypted malicious patterns. This is an indicator that a legitimate detection or removal program did not encrypt parts that are used to identify malicious content. Please contact the manufacture of this file.


貌似这玩意以前上报过误报……“Please contact the manufacture of this file.”，呵呵

nvhaichina

误报的病毒，谢谢了，我不太懂上报

urge

软件名称:网游天龙八部的Launch.exe和Launch.bin文件
下载地址:http://download.tl.sohu.com/tlbb/TLBB_0.33.0580.exe
误报名称:ADSPY/Sohu.k
尚未上报
说明:下载下来的安装程序没报毒,是安装完,并且自动升级到最新版本才报毒的.
希望大家能帮忙上报一下,谢谢了

无尽藏海

File ID         Filename        Size (Byte)        Result
25019772         HostsSetter.exe         44 KB         MALWARE
25019773         SMX.dll         233.5 KB         DAMAGED FILE (UNKNOWN)
25019774         x##.dll         204.5 KB         DAMAGED FILE (UNKNOWN)
25019777         ########.txt         129 Byte         CLEAN
25019775         ######.ALG         2.27 KB         CLEAN
25019776         ######.dll         307.33 KB         CLEAN

The file 'HostsSetter.exe' has been determined to be 'MALWARE'. Our analysts named the threat PCK/PESpin. File has been compressed with an unusual runtime compression tool. Please make sure that this file comes from a trustworthy source.This malware is detected by a special detection routine from the engine module.

The file 'SMX.dll' has been determined to be 'DAMAGED FILE (UNKNOWN)'. In particular this means that this file is damaged and not working properly. We could not find any malicious content. However the heuristic detection module may still detect this particular file even though it is damaged. In that case we will not adjust and remove detection for this damaged file.

The file 'x##.dll' has been determined to be 'DAMAGED FILE (UNKNOWN)'. In particular this means that this file is damaged and not working properly. We could not find any malicious content. However the heuristic detection module may still detect this particular file even though it is damaged. In that case we will not adjust and remove detection for this damaged file.

注册马甲真难

文件名/软件名：魔兽中文名修改器
误报名：TR/FlyStudio.D.22
下载地址/链接地址：U9资源分享置顶帖（http://bbs.uuu9.com/viewthread.php?tid=1287514&extra=page%3D1）
附件：
是否上报：未上报
（PS：刚接触伞，还不知怎么上报，有人教下吗？3Q~）

zhangxueyou

附件不会上传啊，选项里没有，可能我积分不够，今天上传到virustotal，红伞还是报的，以前我是上报过的，记得是无尽藏海帮我上报的吧。
下载地址是http://download.pchome.net/utili ... detail-66081-0.html，把下载到的压缩包解压缩后就看到VirusDef.dll这个文件，谢谢了

无尽藏海

Detection will not be removed due to the fact that the file contains unencrypted malicious patterns.
自己加排除吧，红伞不会排除的

无尽藏海

The file 'Launch.exe' has been determined to be 'MALWARE'. Our analysts named the threat ADSPY/Sohu.K. The term "ADSPY/" denotes adware or spyware. This type of malware is able to change browser settings for example by manipulating registry settings or by using of NTFS-streams. Very often IEexploits are used to manipulate the browserhelp.dll.Detection is added to our virus definition file (VDF) starting with version 6.39.00.127.

报的无误~