收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 误报还是毒?
12下一页
返回列表 发新帖
查看: 3399|回复: 11
收起左侧

[误报文件] 误报还是毒?

[复制链接]
lingbo110120
发表于 2009-1-14 15:01:33 | 显示全部楼层 |阅读模式
误报还是毒?

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

dreams521
发表于 2009-1-14 15:05:09 | 显示全部楼层
TO KL
反病毒引擎版本最后更新扫描结果
a-squared4.0.0.732009.01.14Trojan-Downloader.Win32.Delf.asz!IK
AhnLab-V32009.1.13.32009.01.14-
AntiVir7.9.0.542009.01.13-
Authentium5.1.0.42009.01.13-
Avast4.8.1281.02009.01.13-
AVG8.0.0.2292009.01.13-
BitDefender7.22009.01.14-
CAT-QuickHeal10.002009.01.14Win32.Backdoor.Hupigon.ngr3
ClamAV0.94.12009.01.14Trojan.Bifrose-2048
Comodo9272009.01.13-
DrWeb4.44.0.091702009.01.13Trojan.MulDrop.27533
eSafe7.0.17.02009.01.13-
eTrust-Vet31.6.63062009.01.13-
F-Prot4.4.4.562009.01.13-
F-Secure8.0.14470.02009.01.14-
Fortinet3.117.0.02009.01.14-
GData192009.01.14-
IkarusT3.1.1.45.02009.01.14Trojan-Downloader.Win32.Delf.asz
K7AntiVirus7.10.5842009.01.09Trojan-Spy.Win32.Delf.ps
Kaspersky7.0.0.1252009.01.14-
McAfee54942009.01.13-
McAfee+Artemis54942009.01.13-
Microsoft1.42052009.01.14-
NOD3237632009.01.13-
Norman5.93.012009.01.13-
Panda9.5.1.22009.01.13-
PCTools4.4.2.02009.01.13-
Prevx1V22009.01.14-
Rising21.12.21.002009.01.14-
SecureWeb-Gateway6.7.62009.01.13-
Sophos4.37.02009.01.14-
Sunbelt3.2.1831.22009.01.09Trojan.Win32.Packed.gen (v)
Symantec102009.01.14-
TheHacker6.3.1.4.2192009.01.14-
TrendMicro8.700.0.10042009.01.14-
VBA323.12.8.102009.01.13-
ViRobot2009.1.14.15582009.01.14-
VirusBuster4.5.11.02009.01.13-
附加信息
File size: 368331 bytes
MD5...: 227304c6f0de53b6c715e08dda7b1521


[ 本帖最后由 dreams521 于 2009-1-14 15:08 编辑 ]
回复

举报

namedhao
发表于 2009-1-14 15:05:49 | 显示全部楼层
1.14病毒库,红伞没有报毒
回复

举报

雨宫优子
发表于 2009-1-14 15:21:21 | 显示全部楼层
不是毒吧....
看了半天没发现什么可疑的
就是有一个添加了一个自启动项..runonce


但同时也很奇怪...微软的东西怎么没签名...


观望一下..
回复

举报

雨宫优子
发表于 2009-1-14 15:24:41 | 显示全部楼层
大约没问题......


但同时也不是微软的东西
回复

举报

lingbo110120
 楼主| 发表于 2009-1-14 15:39:34 | 显示全部楼层
是个自动安装鼠标指针的程序
仔细看看 也没创建什么文件...就添加了个自启动
从鼠标指针来看 也没什么错

我也有点糊涂
回复

举报

星之梦
发表于 2009-1-14 16:13:12 | 显示全部楼层

Comodo Instant Malware Analysis

• File Info
NameValue
Size398336
MD504e6aa048b4f631fff4e7681676ae3f5
SHA1725b9e075aa8beed94978d81741f79df74a93afb
SHA25665ba8d0850b4ac5a5b5b1888879f56bfa16898971fca3ca9da9076abbfec074c
ProcessActive

• Keys Created
• Keys Changed
• Keys Deleted
• Values Created
• Values Changed
• Values Deleted
• Directories Created
NameLast Write TimeCreation TimeLast Access TimeAttr
C:\Documents and Settings\User\Local Settings\Temp\IXP000.TMP2009.01.12 14:48:07.3432009.01.12 14:47:58.4372009.01.12 14:48:07.3430x10

• Directories Changed
• Directories Deleted
• Files Created
NameSizeLast Write TimeCreation TimeLast Access TimeAttr
C:\Documents and Settings\User\Local Settings\Temp\IXP000.TMP\AppStarting.ani817382005.01.19 06:52:20.0002005.01.19 06:52:20.0002005.01.19 06:52:20.0000x20
C:\Documents and Settings\User\Local Settings\Temp\IXP000.TMP\Arrow.ani1548042005.01.19 06:58:22.0002005.01.19 06:58:22.0002005.01.19 06:58:22.0000x20
C:\Documents and Settings\User\Local Settings\Temp\IXP000.TMP\Arrow.cur42862005.01.19 09:39:30.0002005.01.19 09:39:30.0002005.01.19 09:39:30.0000x20
C:\Documents and Settings\User\Local Settings\Temp\IXP000.TMP\Arrow_2.ani516522005.01.19 11:09:48.0002005.01.19 11:09:48.0002005.01.19 11:09:48.0000x20
C:\Documents and Settings\User\Local Settings\Temp\IXP000.TMP\Cross.ani645462005.01.19 06:59:50.0002005.01.19 06:59:50.0002005.01.19 06:59:50.0000x20
C:\Documents and Settings\User\Local Settings\Temp\IXP000.TMP\Cross_2.ani645462005.01.19 11:12:48.0002005.01.19 11:12:48.0002005.01.19 11:12:48.0000x20
C:\Documents and Settings\User\Local Settings\Temp\IXP000.TMP\Hand.ani946322005.01.19 07:02:00.0002005.01.19 07:02:00.0002005.01.19 07:02:00.0000x20
C:\Documents and Settings\User\Local Settings\Temp\IXP000.TMP\Hand_2.ani645462005.01.19 11:14:48.0002005.01.19 11:14:48.0002005.01.19 11:14:48.0000x20
C:\Documents and Settings\User\Local Settings\Temp\IXP000.TMP\Handwriting.cur42862005.01.19 07:02:22.0002005.01.19 07:02:22.0002005.01.19 07:02:22.0000x20
C:\Documents and Settings\User\Local Settings\Temp\IXP000.TMP\Help.cur42862005.01.19 07:02:38.0002005.01.19 07:02:38.0002005.01.19 07:02:38.0000x20
C:\Documents and Settings\User\Local Settings\Temp\IXP000.TMP\IBeam.ani645462005.01.19 07:04:32.0002005.01.19 07:04:32.0002005.01.19 07:04:32.0000x20
C:\Documents and Settings\User\Local Settings\Temp\IXP000.TMP\IBeam_2.ani645462005.01.19 11:16:48.0002005.01.19 11:16:48.0002005.01.19 11:16:48.0000x20
C:\Documents and Settings\User\Local Settings\Temp\IXP000.TMP\NO.ani860362005.01.19 07:05:18.0002005.01.19 07:05:18.0002005.01.19 07:05:18.0000x20
C:\Documents and Settings\User\Local Settings\Temp\IXP000.TMP\Setup.inf23972005.01.19 07:26:02.0002005.01.19 07:26:02.0002005.01.19 07:26:02.0000x20
C:\Documents and Settings\User\Local Settings\Temp\IXP000.TMP\SizeAll.ani688442005.01.19 07:06:28.0002005.01.19 07:06:28.0002005.01.19 07:06:28.0000x20
C:\Documents and Settings\User\Local Settings\Temp\IXP000.TMP\SizeAll.cur42862005.01.19 11:17:20.0002005.01.19 11:17:20.0002005.01.19 11:17:20.0000x20
C:\Documents and Settings\User\Local Settings\Temp\IXP000.TMP\SizeNESW.ani688442005.01.19 07:08:00.0002005.01.19 07:08:00.0002005.01.19 07:08:00.0000x20
C:\Documents and Settings\User\Local Settings\Temp\IXP000.TMP\SizeNESW.cur42862005.01.19 11:17:32.0002005.01.19 11:17:32.0002005.01.19 11:17:32.0000x20
C:\Documents and Settings\User\Local Settings\Temp\IXP000.TMP\SizeNS.ani688442005.01.19 07:09:58.0002005.01.19 07:09:58.0002005.01.19 07:09:58.0000x20
C:\Documents and Settings\User\Local Settings\Temp\IXP000.TMP\SizeNS.cur42862005.01.19 11:21:26.0002005.01.19 11:21:26.0002005.01.19 11:21:26.0000x20
C:\Documents and Settings\User\Local Settings\Temp\IXP000.TMP\SizeNWSE.ani688442005.01.19 07:11:28.0002005.01.19 07:11:28.0002005.01.19 07:11:28.0000x20
C:\Documents and Settings\User\Local Settings\Temp\IXP000.TMP\SizeNWSE.cur42862005.01.19 11:19:36.0002005.01.19 11:19:36.0002005.01.19 11:19:36.0000x20
C:\Documents and Settings\User\Local Settings\Temp\IXP000.TMP\SizeWE.ani688442005.01.19 07:13:12.0002005.01.19 07:13:12.0002005.01.19 07:13:12.0000x20
C:\Documents and Settings\User\Local Settings\Temp\IXP000.TMP\SizeWE.cur42862005.01.19 11:20:04.0002005.01.19 11:20:04.0002005.01.19 11:20:04.0000x20
C:\Documents and Settings\User\Local Settings\Temp\IXP000.TMP\UpArrow.ani688442005.01.19 07:25:02.0002005.01.19 07:25:02.0002005.01.19 07:25:02.0000x20
C:\Documents and Settings\User\Local Settings\Temp\IXP000.TMP\UpArrow_2.ani688442005.01.19 11:11:10.0002005.01.19 11:11:10.0002005.01.19 11:11:10.0000x20
C:\Documents and Settings\User\Local Settings\Temp\IXP000.TMP\Wait.ani1118242005.01.19 07:17:40.0002005.01.19 07:17:40.0002005.01.19 07:17:40.0000x20

• Files Changed
• Files Deleted
• Directories Hidden
• Files Hidden
NameSizeLast Write TimeCreation TimeLast Access TimeAttr
C:\WINDOWS\inf\oem0.inf02009.01.12 14:48:12.1252009.01.12 14:48:12.1252009.01.12 14:48:12.1250x20

• Drivers Loaded
• Drivers Unloaded
• Processes Created
• Processes Terminated
• Threads Created
PIdProcess NameTIdStartStart MemWin32 StartWin32 Start Mem
0x344svchost.exe0x1700x7c810856MEM_IMAGE0x7c910760MEM_IMAGE

• Modules Loaded
• Windows Api Calls
• DNS Queries
• HTTP Queries
• Verdict
[table][tr][td]Auto Analysis Verdict[/td][/tr][tr=#ffbfbf][td]Rated as Suspicious
回复

举报

星之梦
发表于 2009-1-14 16:23:51 | 显示全部楼层

回复 7楼 星之梦 的帖子

红色为可疑行为。
回复

举报

lingbo110120
 楼主| 发表于 2009-1-14 16:55:38 | 显示全部楼层

回复 9楼 星之梦 的帖子

这行为算什么?
回复

举报

The EQs
发表于 2009-1-14 16:56:32 | 显示全部楼层
让我说就是干净的。。。。。解压后看谁还报
回复

举报

下一页 »
12下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-5-1 09:35 , Processed in 0.149048 second(s), 17 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表