红伞误报收集站

woai_jolin

Welcome back, Mr Jason!
A listing of files alongside their results can be found below:

File ID  Filename Size (Byte) Result
25210958  SEP1132bitRemoval.exe  248.6 KB  FALSE POSITIVE


Please find a detailed report concerning each individual sample below:

Filename Result
SEP1132bitRemoval.exe  FALSE POSITIVE

The file 'SEP1132bitRemoval.exe' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection is removed from our virus definition file (VDF) with the version: 7.1.0.235.

lxs0801

C:\N
C:\WINDOWS\MY_70104.EXE
C:\WINDOWS\SYSTEM\1KO5BNS4T.DLL
C:\WINDOWS\SYSTEM\VP4FL3.DLL

sxuway

我进入163的邮箱，简约模式，每封邮件都报警，极速模式没有报警，大家是这样的吗？

571102775

文件名/美语听力及发音小技巧02.MP3
误报名/伞显示是：TR/Dldr.WMA.Wimad.C
下载地址/链接地址（如有的话）--这个没有，很久了不记得哪里下载的了。
附件（方便上传的话）--见附件
是否上报：未上报（该帖子是第一个上报的地方）
补充，有1到2个月了，伞升级后扫描都是说有问题，也不知道怎么处理就来上报了，
由于是首次上报，有不足之处请版主指正，谢谢！

附件：大家解压后用红伞扫一下就报毒，卡巴不会的。

应该不会是病毒吧，至少我没见过.MP3结尾的病毒？？？想不明白，请教大家

[ 本帖最后由 571102775 于 2009-1-19 14:30 编辑 ]

ldyong

文件名/软件名：三国志11
误报名       ：つ (NoCD Patch)(060317) 三國志11.EXE
下载地址/链接地址：

weelun94

Dear Sir or Madam,

Thank you for your email to Avira's virus lab.
Tracking number: INC00250504.




We received the following archive files:



File ID 燜ilename Size (Byte) Result
25238486  ? (NoCD Patch)(06...11.rar 11.09 KB OK

A listing of files contained inside archives alongside their results can be found below:

File ID 燜ilename Size (Byte) Result
25236981  ## (NoCD Patch)(0...11.EXE  21.82 KB  FALSE POSITIVE


Please find a detailed report concerning each individual sample below:

燜ilename Result
## (NoCD Patch)(0...11.EXE  FALSE POSITIVE

The file '## (NoCD Patch)(060317) ######11.EXE' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection will not be removed due to the fact that the file does not belong to a regular piece of software. This software can be used for an evasion of security protections in several computer programs. If we will find some malicious code inside the suspicious file anyway, we will integrate the pattern recognition in one of our next updates. In case AntiVir can detect this file we will not change or remove our detection.

Alternatively you can see the analysis result here:
http://analysis.avira.com/sample ... p;incidentid=250504

An overview of all your submissions can be found here:
http://analysis.avira.com/sample ... VLkYg7Sg7cXjRWU2byy


Please note: The detection of Spy/Adware is not available in the product "AntiVir PersonalEdition Classic". Please address specific questions to support@avira.com

Kind regards
Avira Virus Lab

---------------------------------------------
Avira GmbH
Lindauer Str. 21, D-88069 Tettnang, Germany
Phone: +49 (0) 7542-500 0
Fax: +49 (0) 7542-525 10
Internet: http://www.avira.com

CEO: Tjark Auerbach
Headquarter: Tettnang
Commercial register: AG Ulm HRB 630992
---------------------------------------------

weelun94

Dear Sir or Madam,

Thank you for your email to Avira's virus lab.
Tracking number: INC00250500.

We received the following archive files:
File ID          Filename         Size (Byte)         Result
25238511          ??????????02.rar...02.rar         470.24 KB         OK

A listing of files contained inside archives alongside their results can be found below:
File ID          Filename         Size (Byte)         Result
25117463          #################...02.MP3          508.83 KB          DAMAGED FILE (MALWARE)


Please find a detailed report concerning each individual sample below:
Filename         Result
#################...02.MP3          DAMAGED FILE (MALWARE)

The file '####################02.MP3' has been determined to be 'DAMAGED FILE (MALWARE)'. In particular this means that this file is damaged and not working properly. Nevertheless we were able to determine that it contains malicious code fragments. Our analysts named the threat TR/Dldr.WMA.Wimad.C. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection is added to our virus definition file (VDF) starting with version 7.00.05.222.

Alternatively you can see the analysis result here:
http://analysis.avira.com/sample ... p;incidentid=250500

An overview of all your submissions can be found here:
http://analysis.avira.com/sample ... VLkYg7Sg7cXjRWU2byy

Please note: The detection of Spy/Adware is not available in the product "AntiVir PersonalEdition Classic". Please address specific questions to support@avira.com

Kind regards
Avira Virus Lab

---------------------------------------------
Avira GmbH
Lindauer Str. 21, D-88069 Tettnang, Germany
Phone: +49 (0) 7542-500 0
Fax: +49 (0) 7542-525 10
Internet: http://www.avira.com

CEO: Tjark Auerbach
Headquarter: Tettnang
Commercial register: AG Ulm HRB 630992
---------------------------------------------

lucifer0

很久之前已经上传过给小红伞，可是还是误报qq，应该是qq医生的程序。。
只有截图。。。

weelun94

文件名/软件名:冒险王中王冒险岛登陆器V5.4
误报名:TR/Dropper.Gen Trojan
下载地址/链接地址（如有的话）:http://www.kingmxd.cn/
是否上报：已上报/未上报:已上报
附件（方便上传的话）:
上报分析结果:
Dear Sir or Madam,

Thank you for your email to Avira's virus lab.
Tracking number: INC00251370.

We received the following archive files:
File ID         燜ilename         Size (Byte)         Result
25240284          ???????????V5.4.r....4.rar         3.07 MB         OK

A listing of files contained inside archives alongside their results can be found below:
File ID         燜ilename         Size (Byte)         Result
25240285          #################....4.exe          8.27 MB          FALSE POSITIVE


Please find a detailed report concerning each individual sample below:
燜ilename         Result
#################....4.exe          FALSE POSITIVE

The file '##########################V5.4.exe' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection will be removed from our virus definition file (VDF) with one of the next updates.

Alternatively you can see the analysis result here:
http://analysis.avira.com/sample ... p;incidentid=251370

An overview of all your submissions can be found here:
http://analysis.avira.com/sample ... VLkYg7Sg7cXjRWU2byy

Please note: The detection of Spy/Adware is not available in the product "AntiVir PersonalEdition Classic". Please address specific questions to support@avira.com

Kind regards
Avira Virus Lab

---------------------------------------------
Avira GmbH
Lindauer Str. 21, D-88069 Tettnang, Germany
Phone: +49 (0) 7542-500 0
Fax: +49 (0) 7542-525 10
Internet: http://www.avira.com

CEO: Tjark Auerbach
Headquarter: Tettnang
Commercial register: AG Ulm HRB 630992
---------------------------------------------

Moonlasth

昨晚更新完后 任务管理器 误报 为木马

[ 本帖最后由 Moonlasth 于 2009-1-24 15:05 编辑 ]