红伞误报收集站

点球射飞

文件名  ResourcesExtract   (用于扫描并提取DLL OCX EXE 文件中的资源)
误报名  TR/Peed.A.1028

附件   

未上报,请帮忙上报 谢谢

注册马甲真难

文件名/软件名:WinXP SP3 Ex v1.3.exe
误报名:SPR/Hacktool.EvID
下载地址/链接地址:（实在忘记在哪下的了……）
附件：见下
是否上报：未上报


[ 本帖最后由 注册马甲真难 于 2009-2-15 21:26 编辑 ]

llzy3575

这个是小红伞人工回复的。

Dear Sir or Madam,

Thank you for your email to Avira's virus lab.
Tracking number: INC00263934.



We received the following archive files:File ID        燜ilename        Size (Byte)        Result
25262822         ResourcesExtract.7z        15.78 KB        OK


A listing of files contained inside archives alongside their results can be found below:File ID        燜ilename        Size (Byte)        Result
25238853         ResourcesExtract.exe         20 KB         MALWARE



Please find a detailed report concerning each individual sample below:燜ilename        Result
ResourcesExtract.exe         MALWARE


The file 'ResourcesExtract.exe' has been determined to be 'MALWARE'. Our analysts named the threat TR/Peed.A.1028. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection is added to our virus definition file (VDF) starting with version 7.01.01.150.

Alternatively you can see the analysis result here:
http://analysis.avira.com/samples/details.php?uniqueid=Jx1I7wygtEX8bn7P0B1q9PYfW3YAgWDM&incidentid=263934

An overview of all your submissions can be found here:
http://analysis.avira.com/samples/details.php?uniqueid=Jx1I7wygtEX8bn7P0B1q9PYfW3YAgWDM

Please note: The detection of Spy/Adware is not available in the product "AntiVir PersonalEdition Classic". Please address specific questions to support@avira.com

Kind regards
Avira Virus Lab

---------------------------------------------
Avira GmbH
Lindauer Str. 21, D-88069 Tettnang, Germany
Phone: +49 (0) 7542-500 0
Fax: +49 (0) 7542-525 10
Internet: http://www.avira.com

CEO: Tjark Auerbach
Headquarter: Tettnang
Commercial register: AG Ulm HRB 630992
---------------------------------------------

[ 本帖最后由 llzy3575 于 2009-2-16 21:45 编辑 ]

llzy3575

这个是小红伞人工回复的。

Dear Sir or Madam,

Thank you for your email to Avira's virus lab.
Tracking number: INC00263935.



We received the following archive files:File ID        燜ilename        Size (Byte)        Result
25262823         WinXP SP3 Ex v1.3.rar        252.19 KB        OK


A listing of files contained inside archives alongside their results can be found below:File ID        燜ilename        Size (Byte)        Result
25090642         WinXP SP3 Ex v1.3.exe         259.74 KB         FALSE POSITIVE



Please find a detailed report concerning each individual sample below:燜ilename        Result
WinXP SP3 Ex v1.3.exe         FALSE POSITIVE


The file 'WinXP SP3 Ex v1.3.exe' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection will not be removed due to the fact that the file does not belong to a regular piece of software. This software can be used for an evasion of security protections in several computer programs. If we will find some malicious code inside the suspicious file anyway, we will integrate the pattern recognition in one of our next updates. In case AntiVir can detect this file we will not change or remove our detection.

Alternatively you can see the analysis result here:
http://analysis.avira.com/samples/details.php?uniqueid=Jx1I7wygtEX8bn7P0B1q9PYfW3YAgWDM&incidentid=263935

An overview of all your submissions can be found here:
http://analysis.avira.com/samples/details.php?uniqueid=Jx1I7wygtEX8bn7P0B1q9PYfW3YAgWDM

Please note: The detection of Spy/Adware is not available in the product "AntiVir PersonalEdition Classic". Please address specific questions to support@avira.com

Kind regards
Avira Virus Lab

---------------------------------------------
Avira GmbH
Lindauer Str. 21, D-88069 Tettnang, Germany
Phone: +49 (0) 7542-500 0
Fax: +49 (0) 7542-525 10
Internet: http://www.avira.com

CEO: Tjark Auerbach
Headquarter: Tettnang
Commercial register: AG Ulm HRB 630992
---------------------------------------------

[ 本帖最后由 llzy3575 于 2009-2-16 21:52 编辑 ]

llzy3575

额……
附件……附件……附件……
可以去隔离区找

点球射飞

好的,谢谢你,辛苦了,不知道红伞会不会更新病毒库后不报它了,这个确实是误报来的

weelun94

文件名/软件名:联想一键恢复的拆卸程序
误报名:HEUR/Malware
下载地址/链接地址:http://bbs.kafan.cn/viewthread.php?tid=424605&highlight=%CE%F3%B1%A8
附件：
是否上报：上报
We received the following archive files:

File ID	Filename	Size (Byte)	Result
25261176	uninstall.rar	242.96 KB	OK

A listing of files contained inside archives alongside their results can be found below:

File ID	Filename	Size (Byte)	Result
25261177	uninstall.exe	546.59 KB	FALSE POSITIVE

Please find a detailed report concerning each individual sample below:

Filename	Result
uninstall.exe	FALSE POSITIVE

The file 'uninstall.exe' has been determined to be 'FALSE POSITIVE'.In particular this means that this file is not malicious but a false alarm.Detection will be removed from our virus definition file (VDF) with one of the next updates.

llzy3575

已上报

llzy3575

小红伞分析好快，三分钟内就解决了
这是病毒分析师人工回复的：
Welcome back, Mr llzy3575!


We received the following archive files:
File ID         Filename        Size (Byte)        Result
25261176         uninstall.rar        242.96 KB        OK


A listing of files contained inside archives alongside their results can be found below:File ID         Filename        Size (Byte)        Result
25261177         uninstall.exe         546.59 KB         FALSE POSITIVE



Please find a detailed report concerning each individual sample below: Filename        Result
uninstall.exe         FALSE POSITIVE


The file 'uninstall.exe' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection will be removed from our virus definition file (VDF) with one of the next updates.

[ 本帖最后由 llzy3575 于 2009-2-16 21:56 编辑 ]

451102995

这个安装程序是emr协议插件的安装程序！安装的时候所释放的临时文件被红伞P版报木马！可是当我手动扫描这个安装程序的时候红伞又没有任何警报！所以上传上来希望你们帮我看看是怎么回事和上报给红伞解决误报！
文件名：emrplug.exe
误报名：由于我已经把警报的记录删除了，所以我已经没办法知道误报的名字，不过可以肯定误报成一个木马！
上报情况：未上报