红伞误报收集站

显示全部楼层 · 发表于 2009-1-25 00:03:36

误报终极解码部分程序及斗地主主程序

显示全部楼层 · 发表于 2009-1-27 15:33:36

文件名/软件名:taskmgr.exe
误报名:TR/EggDrop.246532.A.
附件（方便上传的话）
是否上报：已上报
上报分析结果：
Dear Sir or Madam,

Thank you for your email to Avira's virus lab.
Tracking number: INC00251833.

We received the following archive files:
File ID       Filename       Size (Byte)       Result
25241045       taskmgr.rar       84.91 KB       OK

A listing of files contained inside archives alongside their results can be found below:
File ID       Filename       Size (Byte)       Result
235700       taskmgr.exe       115.5 KB       MALWARE

Please find a detailed report concerning each individual sample below:
Filename       Result
taskmgr.exe       MALWARE

The file 'taskmgr.exe' has been determined to be 'MALWARE'. Our analysts named the threat TR/EggDrop.246532.A. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection is added to our virus definition file (VDF) starting with version 7.01.01.171.

Alternatively you can see the analysis result here:
http://analysis.avira.com/samples/details.php?uniqueid=dqYsJvkydAbgKVLkYg7Sg7cXjRWU2byy&incidentid=251833

An overview of all your submissions can be found here:
http://analysis.avira.com/samples/details.php?uniqueid=dqYsJvkydAbgKVLkYg7Sg7cXjRWU2byy

Please note: The detection of Spy/Adware is not available in the product "AntiVir PersonalEdition Classic". Please address specific questions to support@avira.com

Kind regards
Avira Virus Lab

---------------------------------------------
Avira GmbH
Lindauer Str. 21, D-88069 Tettnang, Germany
Phone: +49 (0) 7542-500 0
Fax: +49 (0) 7542-525 10
Internet: http://www.avira.com

CEO: Tjark Auerbach
Headquarter: Tettnang
Commercial register: AG Ulm HRB 630992
---------------------------------------------

[ 本帖最后由 weelun94 于 2009-1-29 15:06 编辑 ]

显示全部楼层 · 发表于 2009-1-28 21:01:29

别动我的坏电脑
别动我的坏电脑.exe

AntiVir

7.9.0.60

7.1.1.193

2009-01-28

TR/Agent.293062.A

是否上报：未上报

显示全部楼层 · 发表于 2009-1-29 13:04:27

文件名/软件名:ppmate.exe
误报名:TR/Dropper.Gen

是否上报：已上报
上报分析结果：

Welcome back, Mr Fausto!
A listing of files alongside their results can be found below:

File ID  Filename Size (Byte) Result
25243985  ppmate.exe  620 KB  FALSE POSITIVE

Please find a detailed report concerning each individual sample below:

Filename Result
ppmate.exe  FALSE POSITIVE

The file 'ppmate.exe' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection is removed from our virus definition file (VDF) with the version: 7.1.1.197.

The file 'ppmate.exe' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection is removed from our virus definition file (VDF) with the version: 7.1.1.197.

显示全部楼层 · 发表于 2009-1-29 17:58:50

We received the following archive files:
File ID    Filename Size (Byte) Result
25245389    别动我的坏电脑.rar 298.63 KB OK

A listing of files contained inside archives alongside their results can be found below:
File ID    Filename Size (Byte) Result
25245390    bdMYPC.gif    9.7 KB    CLEAN
3649089    Devior.smf    31.46 KB    DAMAGED FILE (UNKNOWN)
3649090    SkinMagicTrial.dll    408 KB    CLEAN
25245391    ########.txt    435 Byte    CLEAN
3649091    ##############.exe    286.19 KB    MALWARE

Please find a detailed report concerning each individual sample below:
Filename Result
bdMYPC.gif    CLEAN

The file 'bdMYPC.gif' has been determined to be 'CLEAN'. Our analysts did not discover any malicious content.
Filename Result
Devior.smf    DAMAGED FILE (UNKNOWN)

The file 'Devior.smf' has been determined to be 'DAMAGED FILE (UNKNOWN)'. In particular this means that this file is damaged and not working properly. We could not find any malicious content. However the heuristic detection module may still detect this particular file even though it is damaged. In that case we will not adjust and remove detection for this damaged file.
Filename Result
SkinMagicTrial.dll    CLEAN

The file 'SkinMagicTrial.dll' has been determined to be 'CLEAN'. Our analysts did not discover any malicious content.
Filename Result
########.txt    CLEAN

The file '########.txt' has been determined to be 'CLEAN'. Our analysts did not discover any malicious content.
Filename Result
##############.exe    MALWARE

The file '##############.exe' has been determined to be 'MALWARE'. Our analysts named the threat TR/Agent.293062.A. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection will be added to our virus definition file (VDF) starting with the next update.

显示全部楼层 · 发表于 2009-1-29 23:51:40

P版误报！
文件名/软件名: ACDSee.exe
误报名: TR/Agent.GPZG
下载地址/链接地址: http://download2.gbaopan.com/a389bee7116749969fe2d5a80c1e0992.gbp?supplierID=2245181是否上报：已上报
上报分析结果:不清楚

[ 本帖最后由 dfyd007 于 2009-1-29 23:55 编辑 ]

显示全部楼层 · 发表于 2009-1-31 19:39:08

这个文件我同时上报了红伞、NOD32和卡巴，前两家报是木马，卡巴没报
文件名/软件名：1002.exe
误报名：TR/
附件（方便上传的话）附件大了点，无法上传
是否上报：已上报
上报分析结果：
Dear Sir or Madam,

Thank you for your email to Avira's virus lab.
Tracking number: INC00254378.

A listing of files alongside their results can be found below:
File ID    Filename    Size (Byte)    Result
25245382    1002.exe    3.31 MB    MALWARE

Please find a detailed report concerning each individual sample below:
Filename    Result
1002.exe    MALWARE

The file '1002.exe' has been determined to be 'MALWARE'. Our analysts named the threat TR/Proxy.Delf.CA. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection is added to our virus definition file (VDF) starting with version 6.37.01.162.

Alternatively you can see the analysis result here:
http://analysis.avira.com/samples/details.php?uniqueid=BwSCIjEjsFgd0y1xqLH56yh7v1fYS0Sg&incidentid=254378

An overview of all your submissions can be found here:
http://analysis.avira.com/samples/details.php?uniqueid=BwSCIjEjsFgd0y1xqLH56yh7v1fYS0Sg

Please note: The detection of Spy/Adware is not available in the product "AntiVir PersonalEdition Classic". Please address specific questions to support@avira.com

Kind regards
Avira Virus Lab

---------------------------------------------
Avira GmbH
Lindauer Str. 21, D-88069 Tettnang, Germany
Phone: +49 (0) 7542-500 0
Fax: +49 (0) 7542-525 10
Internet: http://www.avira.com

CEO: Tjark Auerbach
Headquarter: Tettnang
Commercial register: AG Ulm HRB 630992
---------------------------------------------

[ 本帖最后由 hxz 于 2009-1-31 19:40 编辑 ]

显示全部楼层 · 发表于 2009-2-3 18:53:16

文件名/软件名：Wakoopa Tracker Setup 1.0.7.exe
误报名：TR/Zlob

是否上报：已上报
上报分析结果：
A listing of files alongside their results can be found below:File ID    Filename Size (Byte) Result
25248815    Wakoopa Tracker S....7.exe    309.72 KB    FALSE POSITIVE

Please find a detailed report concerning each individual sample below: Filename Result
Wakoopa Tracker S....7.exe    FALSE POSITIVE

The file 'Wakoopa Tracker Setup 1.0.7.exe' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection will be removed from our virus definition file (VDF) with one of the next updates.

显示全部楼层 · 发表于 2009-2-6 00:57:07

文件名：小红伞动态汉化补丁P.exe
误报名：TR/Dropper.Gen
下载地址/链接地址：卡饭置顶帖里有
附件：最下方
是否上报：已上报
上报分析结果：继续认为是间谍软件.....

Dear Sir or Madam,

Thank you for your email to Avira's virus lab.
Tracking number: INC00258168.

A listing of files alongside their results can be found below:

File ID	Filename	Size (Byte)	Result
25246959	?????????P.exe...?P.exe	36 KB	DAMAGED FILE (MALWARE)

Please find a detailed report concerning each individual sample below:

Filename

Result

?????????P.exe...?P.exe

DAMAGED FILE (MALWARE)

The file '?????????P.exe' has been determined to be 'DAMAGED FILE (MALWARE)'. In particular this means that this file is damaged and not working properly. Nevertheless we were able to determine that it contains malicious code fragments. Our analysts named the threat TR/Dropper.Gen. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.This malware is detected by a special detection routine from the engine module.

Alternatively you can see the analysis result here:
http://analysis.avira.com/samples/details.php?uniqueid=z7Q3hISn1FR53r9nkXkBW7Wy4NBZHCHz&incidentid=258168

An overview of all your submissions can be found here:
http://analysis.avira.com/samples/details.php?uniqueid=z7Q3hISn1FR53r9nkXkBW7Wy4NBZHCHz

Please note: The detection of Spy/Adware is not available in the product "AntiVir PersonalEdition Classic". Please address specific questions to support@avira.com
Kind regards
Avira Virus Lab

---------------------------------------------
Avira GmbH
Lindauer Str. 21, D-88069 Tettnang, Germany
Phone: +49 (0) 7542-500 0
Fax: +49 (0) 7542-525 10
Internet: http://www.avira.com

CEO: Tjark Auerbach
Headquarter: Tettnang
Commercial register: AG Ulm HRB 630992
---------------------------------------------

只有红伞一家报：http://www.virscan.org/report/4f26cd156385d26838ce3df01b5b2cf4.htmlj

[ 本帖最后由 cs9874123 于 2009-2-10 22:37 编辑 ]

显示全部楼层 · 发表于 2009-2-7 11:44:42

文件名：迅雷&快车地址加解密工具 0.2.exe
误报名：TR/Agent.68892
下载地址/链接地址：http://www.xdowns.com/soft/1/70/2007/Soft_36311.html
附件：最下方
是否上报：没上报

[ 本帖最后由 sxingang 于 2009-2-7 11:47 编辑 ]

[讨论] 红伞误报收集站

本帖子中包含更多资源

本帖子中包含更多资源

本帖子中包含更多资源

回复 203楼 cs9874123 的帖子

本帖子中包含更多资源

本帖子中包含更多资源

可能是误报

本帖子中包含更多资源