大面积误报....

palfan

可是红伞上报的时候如果碰到损坏的文件都是报“damaged”，好像这次没有

IllusionWing

死不悔改啊^

wangjay1980

这个问题好比鸡生蛋的问题

如果此文件还没有被检测，上报后，被检测了，那么你可以去责怪杀软，为什么坏了还要入库。

如果是先有的特征码，刚好这个样本包含这个特征码，虽然它损坏了，但是你能说什么？

现在的杀软都是一个特征码杀数十个或者更多样本，谁知道其中没有个损坏的，有些用所谓“基因”查杀法的杀软，一个基因杀的更是多了去了，这个。。。

对了，此文件到底是不是病毒？

如果是，那你能说什么？

让我想起了以前的一个小游戏，很多杀软报“围巾”，但是你运行后，没有任何问题，不知有人记得吗

wangjay1980

原帖由 J-F-F 于 2008-6-1 22:26 发表

我只知道KL的工程师经常明知坏的还入库

你上报过KL几个样本？

我在样本区混了一年多了，上报卡巴的样本好几万了

是，确实有样本损坏卡巴也入库了，但是我没见过几个

你说“经常”，请麻烦你一个月之内，找出十个，也别十个了，尽你所能，你找吧，上报卡巴后，损坏也入库的

也许你记错了，喜欢损坏入库的另有人在，至少以我的观察，比卡巴强太多了。

下面给你贴点卡巴的回复，好好看看。

[ 本帖最后由 wangjay1980 于 2008-6-1 22:43 编辑 ]

wangjay1980

Hello,

1.exe_ - Trojan.Win32.Inject.clp,

28.exe_ - Trojan-Dropper.Win32.Delf.biz,

a.tmp_ - Trojan-Downloader.Win32.Zlob.ocp,

anistio.dll - Trojan-PSW.Win32.OnLineGames.aleb,

bincdwsa.dll - Trojan-PSW.Win32.OnLineGames.alec,

calc.exe_ - Trojan.Win32.DNSChanger.dsz,

crack.exe_ - Trojan-Downloader.Win32.Injecter.tm,

dbhlp32.dlL - Trojan-PSW.Win32.OnLineGames.aled,

fccApQJA.dll - Trojan.Win32.Monder.mc,

file.exe_,
keygen.exe_ - Trojan-Downloader.Win32.Agent.rip,

fmbiost.dll - Trojan-PSW.Win32.OnLineGames.alee,

fmsbbqi.dll - Trojan-PSW.Win32.OnLineGames.alef,

fmsjhif.dll - Trojan-PSW.Win32.OnLineGames.aleg,

hefcndy.dll - Trojan-PSW.Win32.OnLineGames.aleh,

huifitc.dll - Trojan-PSW.Win32.OnLineGames.alei,

iSecurity.cpl_ - Trojan.Win32.Emgr.ad,

mfchlp64.dll - Trojan-PSW.Win32.OnLineGames.alej,

msprint.exe_ - Trojan-Dropper.Win32.Agent.sev,

ptshell.dll - Trojan-PSW.Win32.OnLineGames.alek,

rbnpsrv.exe_ - Trojan-Downloader.Win32.Mutant.aau,

svchost.exe_ - Trojan-Dropper.Win32.Delf.biv,

ticisms.dll - Trojan-PSW.Win32.OnLineGames.alcr,

urqOHWnO.dll - Trojan.Win32.Monder.lt,

vregfwlx.dll - Trojan.Win32.Vapsup.fxp,

win 9,0,115,0f.swf,
win 9,0,115,0i.swf,
win 9,0,47,0f.swf - Exploit.SWF.Downloader.c,

wipicdec.dll - Trojan-PSW.Win32.OnLineGames.alel,

XXXmediaCodec_ver1.5051.0.exe_ - Trojan-Downloader.Win32.Zlob.ocn,

z25.exe_ - Trojan-PSW.Win32.OnLineGames.alge

These files are already detected. Please update your antivirus bases.

18.exe_,
6.exe_,
csrss.exe_,
msconfig.exe_,
services.exe_,
smss.exe_,
zfe0.exe_,
zfe01.exe_,
zfe02.exe_

These files are corrupted.认识吧

9kgen_up.int - Trojan.Win32.Obfuscated.awu,

9kgen_up1.int - Trojan.Win32.Inject.cnc,

A46C-tmp.exe_ - Trojan-Downloader.Win32.Delf.ikn,

atfxqogp.dll - Trojan.Win32.Vapsup.fyq,

boqnrwdmfrp.dll - Trojan.Win32.Vapsup.fyr,

embd.exe_ - Trojan.Win32.Vapsup.fys,

install12.exe_ - SpamTool.Win32.Agent.kx,

khfGxWqn.dll - Trojan-Downloader.Win32.ConHook.all,

nyps4.exe_ - Trojan.Win32.Obfuscated.awv,

qoMdDuvS.dll - Trojan-Downloader.Win32.ConHook.alm,

sn_pkz.int - Trojan.Win32.Obfuscated.aww,

sn_pkz1.int - Trojan.Win32.Obfuscated.awx,

vltdfabw.dll - Trojan.Win32.Vapsup.fyt,

winwil32.dll - Trojan.Win32.Agent.qwk,

xmpstean.exe_ - Trojan.Win32.Vapsup.fyu,

yaywvstT.dll - Trojan-Downloader.Win32.ConHook.aln,

z12.exe_ - Trojan-PSW.Win32.Nilage.cnj,

z17.exe_ - Trojan-PSW.Win32.Nilage.cru,

z24.exe_ - Trojan-PSW.Win32.Nilage.crt,

z3.exe_ - Trojan-PSW.Win32.Nilage.cmy,

z30.exe_ - Trojan-PSW.Win32.Nilage.cnd,

z5.exe_ - Trojan-PSW.Win32.Nilage.crr,

z6.exe_ - Trojan-PSW.Win32.Nilage.cni,

z7.exe_ - Trojan-PSW.Win32.Nilage.crs

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

ctfmona.exe_ - not-a-virus:FraudTool.Win32.Agent.c,

install.exe_ - not-a-virus:FraudTool.Win32.WinFixer.h

New potentially risk software was found in these files. Detection will be included in the next update. Thank you for your help.

qoMfdaAt.dll - not-a-virus:AdWare.Win32.Virtumonde.vwp,

setup3.exe_ - not-a-virus:AdWare.Win32.E404.bv

These files are Advertizing Tools, theirs detection will be included in the next
update of extended databases set. See more info about
extended databases here: http://www.kaspersky.com/extraavupdates

Please quote all when answering.

--
Best regards, Mikhail Bulgakov
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.

wangjay1980

Hello,

A29926F8 - Trojan.Win32.Agent.mxr,
ABCCBC50 - Trojan-Downloader.Win32.VB.eoq,
AFB1450F, BFBDAFB5 - Backdoor.Win32.Hupigon.bzwn,
B6ED3EF1, D68A110F - Trojan-Downloader.Win32.Banload.nhd,
B9B9D431 - Trojan.Win32.Dialer.bgw,
BAB37E86 - Backdoor.Win32.Agent.ila,
BD54E4C5, E8884D6D, ECFF4A2 - Trojan.Win32.Zapchast.ij,
BE0A1BB6 - Trojan-Downloader.Win32.VB.eoh,
BF04B207 - Backdoor.Win32.Hupigon.caqd,
C1F32253 - Trojan-Downloader.Win32.Injecter.rv,
C7F1EB3A - Trojan-PSW.Win32.OnLineGames.aiua,
C8B172E7 - Trojan-Downloader.Win32.QQHelper.bif,
CA2A81FD - Backdoor.Win32.Small.dwj,
CD7007E5 - Trojan.Win32.Inject.cdl,
D272A11E - Trojan-PSW.Win32.OnLineGames.aiwu,
D3E04CEE - Trojan-Downloader.Win32.FlyStudio.o,
D4AD5E46 - Trojan-Downloader.Win32.Delf.hzp,
D536CEA1 - Trojan-Downloader.Win32.Agent.qbm,
D7CE96D - Trojan-Downloader.Win32.Agent.qbp,
DD535F15 - Trojan.Win32.StartPage.bdd,
DF1406BA - Backdoor.Win32.Agent.jis,
DF58909E - Trojan.Win32.Qhost.ape,
E0CD9103 - Trojan-Clicker.HTML.IFrame.qq,
E3F1F58 - Trojan-Downloader.Win32.Agent.rkd,
E9EAE086 - Backdoor.Win32.PcClient.dmh,
EB612155 - Trojan-Downloader.Win32.Agent.rkg,
EE37CB0 - Trojan-Downloader.Win32.Agent.rkh,
EE58489D - Trojan-Downloader.Win32.Agent.rki,
F066AA83 - Trojan-Dropper.Win32.Agent.sfb,
F22361C0 - Trojan-Downloader.Win32.Delf.hwu,
F972C824 - Trojan-Downloader.Win32.Agent.rkk,
FBAD68E1 - Trojan-PSW.Win32.OnLineGames.alkh,
FE7614B6 - Trojan.Win32.Agent.qvk

These files are already detected. Please update your antivirus bases.

ABA5E293 - not-a-virus:FraudTool.Win32.WinAntiVirus.b,
ABDAA7D0 - not-a-virus:FraudTool.Win32.WinAntiVirus.c,
C8BA72DC - not-a-virus:FraudTool.Win32.WinAntiVirus.d,
E13C8878 - not-a-virus:FraudTool.Win32.WinAntiVirus.g,
F11FB3BA - not-a-virus:FraudTool.Win32.WinAntiVirus.h

New potentially risk software was found in these files. Detection will be included in the next update. Thank you for your help.

BC0178F9, C5246135, C760C02A, CD723AD0, D29FCA60, DF210170, E91FFC9B, F13F9BE7

These files are corrupted.

C51F8FDD, C9E381EA, CF675762, CFFC542A, D00EE12, D0F87AB9, D56F8071, DB186521, DDFA43D, E80B0686, E9C12BD7, F5641E, F565F6A6, F6E93232, F83A0964, FB962497, FDF94A88, FE544867

No malicious code were found in these files.

Please quote all when answering.

--
Best regards, Namestnikov Yury
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.

wangjay1980

Hello,

1172.exe_, bak2.exe_

These files are corrupted.

17PHolmes.cmt - Trojan-Downloader.Win32.Homles.br,
2008-5-30__3120C.exe_ - Trojan-PSW.Win32.OnLineGames.algl,
2008-5-30__D6A47.exe_ - Trojan-PSW.Win32.OnLineGames.algm,
baselhlxd32.dll - Trojan.Win32.SubSys.du,
dllgh8jkd1q1.exe_ - Trojan-Downloader.Win32.Tibs.abf,
Ferox.exe_ - Trojan.Win32.Qhost.aoz,
fucku.exe_ - Trojan-Downloader.Win32.Agent.rhk,
KB922638-x86.exe_ - Trojan-Downloader.Win32.Mutant.abb,
sev.exe_ - Backdoor.Win32.Visel.nm

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

2008-5-30__2EB13.exe_ - Worm.Win32.Downloader.nl,
2008-5-30__AE790.exe_ - Trojan-PSW.Win32.OnLineGames.aldp,
abe[1].exe_ - Worm.Win32.Downloader.nm,
dllgh8jkd1q5.exe_, dllgh8jkd1q6.exe_, dllgh8jkd1q7.exe_, xpupdate.exe_ - Email-Worm.Win32.Zhelatin.zi,
ie_updates3r.exe_ - Trojan-Downloader.Win32.Winlagons.ls,
winlogon.exe_ - Trojan-Proxy.Win32.Small.ps

These files are already detected. Please update your antivirus bases.

lj18n1a80k.exe_

No malicious code was found in this file.

Please quote all when answering.

--
Best regards, Evgeny Aseev
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.

wangjay1980

Hello,

1.js_, cpc[1].js3, cp[1].js3, ct[1].js3, inf[1].js3, jcidGD84.dll, jcidGEM101.dll, jcidTHTFUK.dll, jcidWATCHK.dll, jcinGEM101.dll, jcinTHTFUK.dll, jcinWATCHK.dll, show_ads[4].js_, s[4].htm_, s[8].htm_, upload.dll, you[1].htm_

No malicious code were found in these files.

17.exe_ - Trojan.Win32.Inject.cla,
8.exe_ - Trojan-PSW.Win32.OnLineGames.akyc

These files are already detected. Please update your antivirus bases.

1[1].exe_

This file is corrupted.

Please quote all when answering.

--
Best regards, Goncharov Ilya
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.

wangjay1980

Hello,

1.exe_, 2.exe_ - Trojan-PSW.Win32.OnLineGames.ajom,
11.exe_ - Trojan-PSW.Win32.OnLineGames.ajon,
14.exe_, 28.exe_, 6.exe_ - Trojan.Win32.Agent.qnn,
16.exe_ - Trojan-PSW.Win32.OnLineGames.ajpv,
22.exe_ - Trojan-PSW.Win32.OnLineGames.ajqb,
24.exe_ - Trojan-PSW.Win32.OnLineGames.ajpw,
25.exe_, 5.exe_ - Trojan-PSW.Win32.OnLineGames.ajpx,
26.exe_ - Trojan-PSW.Win32.OnLineGames.ajoi,
29.exe_, 8.exe_ - Trojan-PSW.Win32.OnLineGames.ajod,
30.exe_, 32.exe_ - Trojan-PSW.Win32.OnLineGames.ajpy,
31.exe_, 33.exe_ - Trojan-PSW.Win32.OnLineGames.ajpz,
7.exe_ - Trojan-PSW.Win32.OnLineGames.ajop,
abe.exe_, safe.exe_ - Worm.Win32.Downloader.lz,
mpbyqu.dll - Backdoor.Win32.PcClient.doh,
msdtc.exe2 - Trojan.Win32.VB.dah,
ncrzvl.dll - Backdoor.Win32.PcClient.doi,
smss.exe2 - Backdoor.Win32.Bifrose.soy,
update[1].exe2, update[2].exe3 - Trojan-Downloader.Win32.Agent.qqd

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

exe2bin.exe2, expand.exe2, Explorer.EXE2

No malicious code were found in these files.

NOTEPAD.EXE2

This file is corrupted.

Please quote all when answering.

--
Best regards, Vyacheslav Zakorzhevsky
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.

wangjay1980

Hello,

dodolook636.ex

This file is corrupted.

ha_80030.ex - Trojan-Downloader.Win32.QQHelper.bih,
Malware.exe - Trojan.Win32.Kilie.a,
page1.ex - Trojan-PSW.Win32.OnLineGames.aive,
page2.ex - Trojan-PSW.Win32.OnLineGames.aivf

These files are already detected. Please update your antivirus bases.

sethc.exe

No malicious code was found in this file.

svc.exe - Trojan.Win32.Agent.mxt,
tmp.exe - Trojan.Win32.Agent.mxu,
XXXX.exe - Trojan-PSW.Win32.OnLineGames.aivm

New malicious software was found in these files. Detection will be included in the next update. Thank you for your help.

Please quote all when answering.

--
Best regards, Vladimir Lebedev
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/

http://www.kaspersky.com/virusscanner - free online virus scanner.
http://www.kaspersky.com/helpdesk.html - technical support.