两个可疑样本?

guaicai1976

第一个是photoshop压缩文件中的,我用卡巴、bitfrender、金山、诺顿、nod32、瑞星、大蜘蛛等都没扫到，但小红伞每次都报，只有排除。







第二个是我下清理dll文件的小程序是下的。小红伞报。我昨天发到卡巴却没发现什么。
Hello.
No malicious software was found in the attached file.

Please quote all when answering. Do not forget to include you registration data.
-----------------
Regards, Tatarinov Ivan
Virus Analyst, Kaspersky Lab.

Ph.: +7(095) 797-8700
E-mail: newvirus@kaspersky.com
http://www.kaspersky.com   http://www.viruslist.com


> Attachment: SkypeClient.rar

>  
>  
>    kyU




望各位给我扫一下看看！！

[ 本帖最后由 guaicai1976 于 2008-10-21 11:58 编辑 ]

dadingdading

adobe_cs_keygen.rar
kv扫描发现病毒 一会补上截图

[ 本帖最后由 dadingdading 于 2008-10-21 11:33 编辑 ]

scottxzt

Begin scan in 'C:\Users\IBM\Desktop\SkypeClient.rar'
C:\Users\IBM\Desktop\SkypeClient.rar
    [0] Archive type: RAR
    --> SkypeClient.exe
      [DETECTION] Contains recognition pattern of the ADSPY/AdSpy.Gen adware or spyware
    [NOTE]      The file was successfully wiped!
    [NOTE]      The file was deleted!

star_xing

[:1:]

guaicai1976

哦?
你的和小伞报的是一样的

tiancai2nd

注册机经常被报，很正常

08红伞威点

红伞官方回复如下：  Suspicious Files and Miscellaneous Uploads
Thank you for your submission. Below you can see the current status of the uploaded files.

We received the following archive files:

File ID	Filename	Size (Byte)	Result
25168092	adobe_cs_keygen.rar	42.14 KB	OK

A listing of files contained inside archives alongside their results can be found below:

File ID	Filename	Size (Byte)	Result
1091897	adobe_cs_keygen.exe	47 KB	FALSE POSITIVE

Please find a detailed report concerning each individual sample below:

Filename	Result
adobe_cs_keygen.exe	FALSE POSITIVE

The file 'adobe_cs_keygen.exe' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection will not be removed due to the fact that the file does not belong to a regular piece of software. This software can be used for an evasion of security protections in several computer programs. If we will find some malicious code inside the suspicious file anyway, we will integrate the pattern recognition in one of our next updates. In case AntiVir can detect this file we will not change or remove our detection.
-------------------------------------------------------------------------------------------------------------------------------------------------
文件 'adobe_cs_keygen.exe' 已经决定是 '误报'. ～～ 如果我们无论如何将会在可疑的文件内找一些怀恶意的码，我们将会整合我们的下个更新之一的图案识别。（在线翻译）

08红伞威点

红伞官方回复如下： Suspicious Files and Miscellaneous Uploads
Thank you for your submission. Below you can see the current status of the uploaded files.

We received the following archive files:

File ID	Filename	Size (Byte)	Result
25168097	SkypeClient.rar	28.58 KB	OK

A listing of files contained inside archives alongside their results can be found below:

File ID	Filename	Size (Byte)	Result
25168098	SkypeClient.exe	80 KB	MALWARE

Please find a detailed report concerning each individual sample below:

Filename	Result
SkypeClient.exe	MALWARE

The file 'SkypeClient.exe' has been determined to be 'MALWARE'.
Our analysts named the threat ADSPY/AdSpy.Gen. The term "ADSPY/" denotes adware or spyware. This type of malware is able to change browser settings for example by manipulating registry settings or by using of NTFS-streams. Very often IEexploits are used to manipulate the browserhelp.dll.This malware is detected by a special detection routine from the engine module.
-------------------------------------------------------------------------------------------------------------------------------------------------
文件 'SkypeClient.exe' 已经决定是 '恶意程序'. 我们的分析师命名了威胁 ADSPY/AdSpy.Gen 。 期限 "ADSPY/" 指示 adware 或间谍软体。 这类型的恶意软体能够改变藉由操纵登录设定举例来说置位的浏览器或藉着 NTFS 的使用-水流。 时常， IEexploits 被用操纵 browserhelp.dll 。这一个恶意软体被来自发动机模组的一个特别检波常式发现。 （在线翻译）

hzyw

第一个nis2009报 第2个miss。。。  nis也误报了啊

plwukai

我以前机器上photoshop安装包里的算号器keygen.exe也报。