AntiVir false alarm?

显示全部楼层 · 发表于 2008-6-5 23:07:49

Begin scan in 'C:\Documents and Settings\kato9096\桌面\JuniorEngineCheck.exe'
C:\Documents and Settings\kato9096\桌面\JuniorEngineCheck.exe
   [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
   [WARNING] The file was ignored!

Begin scan in 'C:\Documents and Settings\kato9096\桌面\MoonLightEngine.exe'
C:\Documents and Settings\kato9096\桌面\MoonLightEngine.exe
   [DETECTION] Contains detection pattern of the worm WORM/SdBot.3103744
   [WARNING] The file was ignored!

JuniorEngineCheck:
反病毒引擎    版本    最後更新    掃瞄結果
AhnLab-V3 2008.5.30.1 2008.06.05 -
AntiVir 7.8.0.26 2008.06.05 TR/Crypt.XPACK.Gen
Authentium 5.1.0.4 2008.06.05 -
Avast 4.8.1195.0 2008.06.05 Win32:Crypt-CGI
AVG 7.5.0.516 2008.06.05 -
BitDefender 7.2 2008.06.05 -
CAT-QuickHeal 9.50 2008.06.05 (Suspicious) - DNAScan
ClamAV 0.92.1 2008.06.05 PUA.Packed.nPack-3
DrWeb 4.44.0.09170 2008.06.05 -
eSafe 7.0.15.0 2008.06.05 -
eTrust-Vet 31.6.5850 2008.06.05 -
Ewido 4.0 2008.06.05 -
F-Prot 4.4.4.56 2008.06.05 -
F-Secure 6.70.13260.0 2008.06.05 -
Fortinet 3.14.0.0 2008.06.05 -
GData 2.0.7306.1023 2008.06.05 Win32:Crypt-CGI
Ikarus T3.1.1.26.0 2008.06.05 Virus.Trojan.Win32.Pakes.cfj
Kaspersky 7.0.0.125 2008.06.05 -
McAfee 5310 2008.06.04 New Malware.eb
Microsoft 1.3604 2008.06.05 -
NOD32v2 3161 2008.06.05 -
Norman 5.80.02 2008.06.05 -
Panda 9.0.0.4 2008.06.05 Suspicious file
Prevx1 V2 2008.06.05 Malicious Software
Rising 20.47.32.00 2008.06.05 -
Sophos 4.30.0 2008.06.05 Mal/EncPk-AO
Sunbelt 3.0.1145.1 2008.06.05 Trojan.Win32.Pakes.cfj
Symantec 10 2008.06.05 -
TheHacker 6.2.92.335 2008.06.05 -
VBA32 3.12.6.7 2008.06.05 suspected of Trojan-PSW.Game.59 (paranoid heuristics)
VirusBuster 4.3.26:9 2008.06.04 Packed/nPack
Webwasher-Gateway 6.6.2 2008.06.05 Trojan.Crypt.XPACK.Gen

MoonLightEngine:
反病毒引擎    版本    最後更新    掃瞄結果
AhnLab-V3 2008.5.30.1 2008.06.05 -
AntiVir 7.8.0.26 2008.06.05 Worm/SdBot.3103744
Avast 4.8.1195.0 2008.06.05 Win32:Trojan-gen {Other}
AVG 7.5.0.516 2008.06.05 IRC/BackDoor.SdBot4.ABX
BitDefender 7.2 2008.06.05 Backdoor.SDBot.DFPK
CAT-QuickHeal 9.50 2008.06.05 -
ClamAV 0.92.1 2008.06.05 PUA.Packed.Themida
DrWeb 4.44.0.09170 2008.06.05 -
eSafe 7.0.15.0 2008.06.05 -
eTrust-Vet 31.6.5850 2008.06.05 -
Ewido 4.0 2008.06.05 -
F-Prot 4.4.4.56 2008.06.05 W32/Heuristic-THX!Eldorado
F-Secure 6.70.13260.0 2008.06.05 -
Fortinet 3.14.0.0 2008.06.05 W32/SDBot.GAV!worm
GData 2.0.7306.1023 2008.06.05 Win32:Trojan-gen
Ikarus T3.1.1.26.0 2008.06.05 Generic.Sdbot
Kaspersky 7.0.0.125 2008.06.05 -
McAfee 5310 2008.06.04 W32/Sdbot.worm
Microsoft 1.3604 2008.06.05 -
NOD32v2 3161 2008.06.05 -
Norman 5.80.02 2008.06.05 -
Panda 9.0.0.4 2008.06.05 Generic Worm
Prevx1 V2 2008.06.05 Worm
Rising 20.47.32.00 2008.06.05 -
Sophos 4.30.0 2008.06.05 Mal/Generic-A
Sunbelt 3.0.1145.1 2008.06.05 -
Symantec 10 2008.06.05 W32.IRCBot
TheHacker 6.2.92.335 2008.06.05 -
VBA32 3.12.6.7 2008.06.05 -
VirusBuster 4.3.26:9 2008.06.05 -
Webwasher-Gateway 6.6.2 2008.06.05 Worm.SdBot.3103744

Radix_Engine:
反病毒引擎    版本    最後更新    掃瞄結果
AhnLab-V3 2008.5.30.1 2008.06.05 -
AntiVir 7.8.0.26 2008.06.05 -
Authentium 5.1.0.4 2008.06.05 -
Avast 4.8.1195.0 2008.06.05 -
AVG 7.5.0.516 2008.06.05 -
BitDefender 7.2 2008.06.05 -
CAT-QuickHeal 9.50 2008.06.05 (Suspicious) - DNAScan
ClamAV 0.92.1 2008.06.05 PUA.Packed.nPack-3
DrWeb 4.44.0.09170 2008.06.05 -
eSafe 7.0.15.0 2008.06.05 -
eTrust-Vet 31.6.5850 2008.06.05 -
Ewido 4.0 2008.06.05 -
F-Prot 4.4.4.56 2008.06.05 -
F-Secure 6.70.13260.0 2008.06.05 -
Fortinet 3.14.0.0 2008.06.05 -
GData 2.0.7306.1023 2008.06.05 -
Ikarus T3.1.1.26.0 2008.06.05 Virus.Trojan.Win32.Pakes.cfj
Kaspersky 7.0.0.125 2008.06.05 -
McAfee 5310 2008.06.04 New Malware.eb
Microsoft 1.3604 2008.06.05 -
NOD32v2 3161 2008.06.05 -
Norman 5.80.02 2008.06.05 -
Panda 9.0.0.4 2008.06.05 -
Prevx1 V2 2008.06.05 Malicious Software
Rising 20.47.32.00 2008.06.05 -
Sophos 4.30.0 2008.06.05 Mal/EncPk-AO
Sunbelt 3.0.1145.1 2008.06.05 -
Symantec 10 2008.06.05 -
TheHacker 6.2.92.335 2008.06.05 -
VBA32 3.12.6.7 2008.06.05 suspected of Trojan-PSW.Game.59 (paranoid heuristics)
VirusBuster 4.3.26:9 2008.06.04 Packed/nPack
Webwasher-Gateway 6.6.2 2008.06.05 Virus.Win32.FileInfector.gen (suspicious)

紅傘报:
JuniorEngineCheck.exe
MoonLightEngine.exe
但
Radix_Engine
則不报

卡巴三个都不报,已上报

同时,已上报誤报到紅傘

Filename Result
JuniorEngineCheck.exe    FALSE POSITIVE

The file 'JuniorEngineCheck.exe' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection will not be removed due to the fact that the file does not belong to a regular piece of software. This software can be used for an evasion of security protections in several computer programs. If we will find some malicious code inside the suspicious file anyway, we will integrate the pattern recognition in one of our next updates. In case AntiVir can detect this file we will not change or remove our detection.
Filename Result
MoonLightEngine.exe    DAMAGED FILE (MALWARE)

The file 'MoonLightEngine.exe' has been determined to be 'DAMAGED FILE (MALWARE)'. In particular this means that this file is damaged and not working properly. Nevertheless we were able to determine that it contains malicious code fragments. Our analysts named the threat Worm/SdBot.3103744. The term "WORM/" denotes a worm that is able to spread itself for instance over the Internet (using eMail, peer-to-peer networks, IRC networks etc.).
Filename Result
Radix Engine.exe    DAMAGED FILE (UNKNOWN)

The file 'Radix Engine.exe' has been determined to be 'DAMAGED FILE (UNKNOWN)'. In particular this means that this file is damaged and not working properly. We could not find any malicious content. However the heuristic detection module may still detect this particular file even though it is damaged. In that case we will not adjust and remove detection for this damaged file.

Hello, all files are clean.

-----------------
Regards, Vladimir Lebedev
Virus Analyst, Kaspersky Lab.

Ph.: +7(095) 797-8700
E-mail: newvirus@kaspersky.com
http://www.kaspersky.com http://www.viruslist.com

[ 本帖最后由 kato9096 于 2008-6-6 18:51 编辑 ]

显示全部楼层 · 发表于 2008-6-5 23:16:21

等待消息。

显示全部楼层 · 发表于 2008-6-6 17:17:24

AntiVir的回复真令人吐血

显示全部楼层 · 发表于 2008-6-6 17:20:26

有可疑的就杀，很好嘛。

显示全部楼层 · 发表于 2008-6-6 17:39:21

传说中的鞭尸

显示全部楼层 · 发表于 2008-6-6 18:51:35

Hello, all files are clean.

-----------------
Regards, Vladimir Lebedev
Virus Analyst, Kaspersky Lab.

Ph.: +7(095) 797-8700
E-mail: newvirus@kaspersky.com
http://www.kaspersky.com http://www.viruslist.com

显示全部楼层 · 发表于 2008-6-6 20:50:10

汗颜！

[病毒样本] AntiVir false alarm?

本帖子中包含更多资源

回复 3楼 kato9096 的帖子

回复 6楼 kato9096 的帖子