收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 估计很多杀软误报,帮我用手动hips测试下
123
返回列表 发新帖
楼主: germany05400
 收起左侧

[误报文件] 估计很多杀软误报,帮我用手动hips测试下

[复制链接]
尤金卡巴斯基
发表于 2009-1-23 20:30:02 | 显示全部楼层
已上报误报
回复

举报

英九
发表于 2009-1-23 21:10:42 | 显示全部楼层
是误报~

[ 本帖最后由 英九 于 2009-1-23 21:12 编辑 ]

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

Sherry.ai
发表于 2009-1-23 21:14:45 | 显示全部楼层
Kaspersky To KL 2x
回复

举报

saga3721
发表于 2009-1-24 09:09:56 | 显示全部楼层
有一个是毒



File ID 燜ilename Size (Byte) Result
25239975  files.rar 70.01 KB OK

A listing of files contained inside archives alongside their results can be found below:

File ID 燜ilename Size (Byte) Result
3718903  fix.exe  50 KB  FALSE POSITIVE
25231693  ############.exe  9.29 KB  MALWARE
25216557  ############.exe  52 KB  FALSE POSITIVE


Please find a detailed report concerning each individual sample below:

燜ilename Result
fix.exe  FALSE POSITIVE

The file 'fix.exe' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection will be removed from our virus definition file (VDF) with one of the next updates.

燜ilename Result
############.exe  MALWARE

The file '############.exe' has been determined to be 'MALWARE'. Our analysts named the threat TR/Packed.7599. The term "TR/" denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system.Detection is added to our virus definition file (VDF) starting with version 7.00.06.105.

燜ilename Result
############.exe  FALSE POSITIVE

The file '############.exe' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection will be removed from our virus definition file (VDF) with one of the next updates.
回复

举报

evilrabbit
发表于 2009-1-24 10:05:02 | 显示全部楼层
简单的分析下 看看吧,生成文件的路径 C\WINDOWS\Downloaded Program Files\desktop.ini

*\current\「开始」菜单
*\current\「开始」菜单\程序
*\current\「开始」菜单\程序\附件
*\current\「开始」菜单\程序\附件\同步.lnk
*\current\Local Settings
*\current\Local Settings\Temp
*\current\Local Settings\Temp\Rar$EX00.797
*\current\Local Settings\Temp\Rar$EX00.797\files
*\current\SendTo
*\current\SendTo\desktop.ini
*\current\SendTo\邮件接收者.MAPIMail
*\current\SendTo\桌面快捷方式.DeskLink

*\machine\software\Classes\*\shellex\PropertySheetHandlers\CryptoSignMenu  [1] = {7444C719-39BF-11D1-8CD9-00C04FC29D45}
*\machine\software\Classes\.bmp\Content Type [1] = image/bmp
*\machine\software\Classes\.cat  [1] = CATFile
*\machine\software\Classes\.cat\Content Type [1] = application/vnd.ms-pki.seccat
*\machine\software\Classes\.cdf  [1] = ChannelFile
*\machine\software\Classes\.cdf\Content Type [1] = application/x-cdf
*\machine\software\Classes\.cer  [1] = CERFile
*\machine\software\Classes\.cer\Content Type [1] = application/x-x509-ca-cert
*\machine\software\Classes\.chm  [1] = chm.file
*\machine\software\Classes\.crl  [1] = CRLFile
*\machine\software\Classes\.crl\Content Type [1] = application/pkix-crl
*\machine\software\Classes\.crt  [1] = CERFile
*\machine\software\Classes\.crt\Content Type [1] = application/x-x509-ca-cert
*\machine\software\Classes\.css\Content Type [1] = text/css
*\machine\software\Classes\.der  [1] = CERFile
*\machine\software\Classes\.der\Content Type [1] = application/x-x509-ca-cert
*\machine\software\Classes\.DeskLink  [1] = CLSID\{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}
*\machine\software\Classes\.dib\Content Type [1] = image/bmp
*\machine\software\Classes\.grp  [1] = MSProgramGroup
*\machine\software\Classes\.htc\Content Type [1] = text/x-component
*\machine\software\Classes\.ico\Content Type [1] = image/x-icon
*\machine\software\Classes\.MAPIMail  [1] = CLSID\{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}
*\machine\software\Classes\.mht  [1] = mhtmlfile
*\machine\software\Classes\.mht\Content Type [1] = message/rfc822
*\machine\software\Classes\.mhtml  [1] = mhtmlfile
*\machine\software\Classes\.mhtml\Content Type [1] = message/rfc822
*\machine\software\Classes\.p10  [1] = P10File
*\machine\software\Classes\.p10\Content Type [1] = application/pkcs10
*\machine\software\Classes\.p12  [1] = PFXFile
*\machine\software\Classes\.p12\Content Type [1] = application/x-pkcs12
*\machine\software\Classes\.p7b  [1] = SPCFile
*\machine\software\Classes\.p7b\Content Type [1] = application/x-pkcs7-certificates
*\machine\software\Classes\.p7m  [1] = P7MFile
*\machine\software\Classes\.p7m\Content Type [1] = application/pkcs7-mime
*\machine\software\Classes\.p7r  [1] = SPCFile
*\machine\software\Classes\.p7r\Content Type [1] = application/x-pkcs7-certreqresp
*\machine\software\Classes\.p7s  [1] = P7SFile
*\machine\software\Classes\.p7s\Content Type [1] = application/pkcs7-signature
*\machine\software\Classes\.pfx  [1] = PFXFile
*\machine\software\Classes\.pfx\Content Type [1] = application/x-pkcs12
*\machine\software\Classes\.pko  [1] = PKOFile
*\machine\software\Classes\.pko\Content Type [1] = application/vnd.ms-pki.pko
*\machine\software\Classes\.prf  [1] = prffile
*\machine\software\Classes\.prf\Content Type [1] = application/pics-rules
*\machine\software\Classes\.rat  [1] = ratfile
*\machine\software\Classes\.rat\Content Type [1] = application/rat-file
*\machine\software\Classes\.sct  [1] = scriptletfile
*\machine\software\Classes\.sct\Content Type [1] = text/scriptlet
*\machine\software\Classes\.spc  [1] = SPCFile
*\machine\software\Classes\.spc\Content Type [1] = application/x-pkcs7-certificates
*\machine\software\Classes\.sst  [1] = CertificateStoreFile
*\machine\software\Classes\.sst\Content Type [1] = application/vnd.ms-pki.certstore
*\machine\software\Classes\.stl  [1] = STLFile
*\machine\software\Classes\.stl\Content Type [1] = application/vnd.ms-pki.stl
*\machine\software\Classes\.txt\Content Type [1] = text/plain
*\machine\software\Classes\.URL  [1] = InternetShortcut
*\machine\software\Classes\.URL\ShellEx\{000214EE-0000-0000-C000-000000000046}  [1] = {FBF23B40-E3F0-101B-8488-00AA003E56F8}
*\machine\software\Classes\.URL\ShellEx\{000214F9-0000-0000-C000-000000000046}  [1] = {FBF23B40-E3F0-101B-8488-00AA003E56F8}
*\machine\software\Classes\.URL\ShellEx\{00021500-0000-0000-C000-000000000046}  [1] = {FBF23B40-E3F0-101B-8488-00AA003E56F8}
*\machine\software\Classes\.URL\ShellEx\{CABB0DA0-DA57-11CF-9974-0020AFD79762}  [1] = {FBF23B40-E3F0-101B-8488-00AA003E56F8}
*\machine\software\Classes\.URL\ShellEx\{FBF23B80-E3F0-101B-8488-00AA003E56F8}  [1] = {FBF23B40-E3F0-101B-8488-00AA003E56F8}
*\machine\software\Classes\.wsc  [1] = scriptletfile
*\machine\software\Classes\.wsc\Content Type [1] = text/scriptlet
*\machine\software\Classes\Appid\{6295DF2D-35EE-11d1-8707-00C04FD93327}  [1] = MobSync
*\machine\software\Classes\Appid\{6295DF2D-35EE-11d1-8707-00C04FD93327}\RunAs [1] = Interactive User
*\machine\software\Classes\Applications\iexplore.exe\shell\open\command  [1] = "C:\Program Files\Internet Explorer\iexplore.exe" %1
*\machine\software\Classes\ASControls.InstallEngineCtl  [1] = InstallEngineCtl Object
*\machine\software\Classes\ASControls.InstallEngineCtl\CLSID  [1] = {6E449683-C509-11CF-AAFA-00AA00B6015C}
*\machine\software\Classes\ASControls.InstallEngineCtl\CurVer  [1] = ASControls.InstallEngineCtl.1
*\machine\software\Classes\ASControls.InstallEngineCtl.1  [1] = InstallEngineCtl Object
*\machine\software\Classes\ASControls.InstallEngineCtl.1\CLSID  [1] = {6E449683-C509-11CF-AAFA-00AA00B6015C}
*\machine\software\Classes\BMPFilter.CoBMPFilter  [1] = CoBMPFilter Class
*\machine\software\Classes\BMPFilter.CoBMPFilter\CLSID  [1] = {607fd4e8-0a03-11d1-ab1d-00c04fc9b304}
*\machine\software\Classes\BMPFilter.CoBMPFilter.1  [1] = CoBMPFilter Class
*\machine\software\Classes\BMPFilter.CoBMPFilter.1\CLSID  [1] = {607fd4e8-0a03-11d1-ab1d-00c04fc9b304}
*\machine\software\Classes\CATFile  [1] = 塠hQU_
*\machine\software\Classes\CATFile\FriendlyTypeName [2] = 40002500530079007300740065006D0052006F006F00740025005C00530079007300740065006D00330032005C00630072007900700074006500780074002E0064006C006C002C002D0036003100340035000000
*\machine\software\Classes\CATFile\DefaultIcon  [2] = 2500530079007300740065006D0052006F006F00740025005C00530079007300740065006D00330032005C0063007200790070007400750069002E0064006C006C002C002D0033003400310038000000
*\machine\software\Classes\CATFile\shell\open\command  [1] = rundll32.exe cryptext.dll,CryptExtOpenCAT %1
*\machine\software\Classes\CERFile  [1] = 塠hQ翄fN
*\machine\software\Classes\CERFile\FriendlyTypeName [2] = 40002500530079007300740065006D0052006F006F00740025005C00530079007300740065006D00330032005C00630072007900700074006500780074002E0064006C006C002C002D0036003100300038000000
*\machine\software\Classes\CERFile\DefaultIcon  [2] = 2500530079007300740065006D0052006F006F00740025005C00530079007300740065006D00330032005C0063007200790070007400750069002E0064006C006C002C002D0033003400310030000000
*\machine\software\Classes\CERFile\shell\add  [1] = 塠艌翄fN(&I)
*\machine\software\Classes\CERFile\shell\add\command  [1] = rundll32.exe cryptext.dll,CryptExtAddCER %1
*\machine\software\Classes\CERFile\shell\open\command  [1] = rundll32.exe cryptext.dll,CryptExtOpenCER %1
*\machine\software\Classes\CertificateStoreFile  [1] = Microsoft 鹼R翄fNX[≒
*\machine\software\Classes\CertificateStoreFile\FriendlyTypeName [2] = 40002500530079007300740065006D0052006F006F00740025005C00530079007300740065006D00330032005C00630072007900700074006500780074002E0064006C006C002C002D0036003100310032000000
*\machine\software\Classes\CertificateStoreFile\shell\open\command  [1] = rundll32.exe cryptext.dll,CryptExtOpenSTR %1
*\machine\software\Classes\ChannelFile  [1] = 憳S悋e鯪
*\machine\software\Classes\ChannelFile\EditFlags [3] = 00000100
*\machine\software\Classes\ChannelFile\CLSID  [1] = {f39a0dc0-9cc8-11d0-a599-00c04fd64433}
*\machine\software\Classes\ChannelFile\DefaultIcon  [1] = %1
*\machine\software\Classes\ChannelFile\Shell  [1] = Subscribe
*\machine\software\Classes\ChannelFile\Shell\Edit  [1] = 憦
*\machine\software\Classes\ChannelFile\Shell\Edit\Command  [1] = notepad.exe %1
*\machine\software\Classes\ChannelFile\Shell\Explore\Command  [1] = explorer /e,/root,{f39a0dc0-9cc8-11d0-a599-00c04fd64433},%L
*\machine\software\Classes\ChannelFile\Shell\Open\Command  [1] = explorer /root,{f39a0dc0-9cc8-11d0-a599-00c04fd64433},%L
*\machine\software\Classes\ChannelFile\Shell\OpenChannel  [1] = Sb_憳S?
*\machine\software\Classes\ChannelFile\Shell\OpenChannel\Command  [1] = rundll32 cdfview.dll,OpenChannel %L
*\machine\software\Classes\ChannelFile\Shell\Subscribe  [1] = AQ笅1?gO(u
*\machine\software\Classes\ChannelFile\Shell\Subscribe\Command  [1] = rundll32 cdfview.dll,Subscribe %L
*\machine\software\Classes\ChannelFile\ShellEx\IconHandler  [1] = {f3ba0dc0-9cc8-11d0-a599-00c04fd64435}
*\machine\software\Classes\ChannelFile\ShellEx\{000214EE-0000-0000-C000-000000000046}  [1] = {f3ba0dc0-9cc8-11d0-a599-00c04fd64435}
*\machine\software\Classes\ChannelFile\ShellEx\{00021500-0000-0000-C000-000000000046}  [1] = {f3ba0dc0-9cc8-11d0-a599-00c04fd64435}
*\machine\software\Classes\ChannelFile\ShellEx\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1}  [1] = {f3ba0dc0-9cc8-11d0-a599-00c04fd64435}
*\machine\software\Classes\ChannelFile\ShellFolder\Attributes [3] = FFFFFFA00100FFFFFFA0
*\machine\software\Classes\ChannelShortcut  [1] = 憳S愲_wc筫_
*\machine\software\Classes\ChannelShortcut\CLSID  [1] = {f3aa0dc0-9cc8-11d0-a599-00c04fd64434}
*\machine\software\Classes\ChannelShortcut\DefaultIcon  [1] = %1
*\machine\software\Classes\ChannelShortcut\Shell  [1] = Sb_憳S?
*\machine\software\Classes\ChannelShortcut\Shell\OpenChannel  [1] = Sb_憳S?
*\machine\software\Classes\ChannelShortcut\Shell\OpenChannel\Command  [1] = rundll32 cdfview.dll,OpenChannel %L
*\machine\software\Classes\ChannelShortcut\ShellEx\IconHandler  [1] = {f3ba0dc0-9cc8-11d0-a599-00c04fd64435}
*\machine\software\Classes\ChannelShortcut\ShellEx\{000214EE-0000-0000-C000-000000000046}  [1] = {f3ba0dc0-9cc8-11d0-a599-00c04fd64435}
*\machine\software\Classes\ChannelShortcut\ShellEx\{00021500-0000-0000-C000-000000000046}  [1] = {f3ba0dc0-9cc8-11d0-a599-00c04fd64435}
*\machine\software\Classes\ChannelShortcut\ShellEx\{BB2E617C-0920-11d1-9A0B-00C04FC2D6C1}  [1] = {f3ba0dc0-9cc8-11d0-a599-00c04fd64435}
*\machine\software\Classes\ChannelShortcut\ShellEx\{D4029EC0-0920-11d1-9A0B-00C04FC2D6C1}  [1] = {f3ba0dc0-9cc8-11d0-a599-00c04fd64435}
*\machine\software\Classes\ChannelShortcut\ShellFolder\Attributes [3] = FFFFFFA00100FFFFFFA0
*\machine\software\Classes\chm.file  [1] = 騗褘剉 HTML .^㏑噀鯪
*\machine\software\Classes\chm.file\DefaultIcon  [1] = C:\WINDOWS\hh.exe,0
*\machine\software\Classes\chm.file\shell\open\command  [1] = "C:\WINDOWS\hh.exe" %1
*\machine\software\Classes\ClientCaps.ClientCaps  [1] = ClientCaps Class
*\machine\software\Classes\ClientCaps.ClientCaps\CurVer  [1] = ClientCaps.ClientCaps.1
*\machine\software\Classes\ClientCaps.ClientCaps.1  [1] = ClientCaps Class
*\machine\software\Classes\ClientCaps.ClientCaps.1\CLSID  [1] = {7E8BC44E-AEFF-11D1-89C2-00C04FB6BFC4}
*\machine\software\Classes\CLSID\{0000002F-0000-0000-C000-000000000046}  [1] = CLSID_RecordInfo
*\machine\software\Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32  [1] = oleaut32.dll
*\machine\software\Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32\ThreadingModel [1] = Both
*\machine\software\Classes\CLSID\{00020420-0000-0000-C000-000000000046}  [1] = PSDispatch
*\machine\software\Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer  [1] = ole2disp.dll
*\machine\software\Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32  [1] = oleaut32.dll
*\machine\software\Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32\ThreadingModel [1] = Both
*\machine\software\Classes\CLSID\{00020421-0000-0000-C000-000000000046}  [1] = PSEnumVariant
*\machine\software\Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer  [1] = ole2disp.dll
*\machine\software\Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32  [1] = oleaut32.dll
*\machine\software\Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32\ThreadingModel [1] = Both
*\machine\software\Classes\CLSID\{00020422-0000-0000-C000-000000000046}  [1] = PSTypeInfo
*\machine\software\Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer  [1] = ole2disp.dll
*\machine\software\Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32  [1] = oleaut32.dll
*\machine\software\Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32\ThreadingModel [1] = Both
*\machine\software\Classes\CLSID\{00020423-0000-0000-C000-000000000046}  [1] = PSTypeLib
*\machine\software\Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer  [1] = ole2disp.dll
*\machine\software\Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32  [1] = oleaut32.dll
*\machine\software\Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32\ThreadingModel [1] = Both
*\machine\software\Classes\CLSID\{00020424-0000-0000-C000-000000000046}  [1] = PSOAInterface
*\machine\software\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer  [1] = ole2disp.dll
*\machine\software\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32  [1] = oleaut32.dll
*\machine\software\Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32\ThreadingModel [1] = Both
*\machine\software\Classes\CLSID\{00020425-0000-0000-C000-000000000046}  [1] = PSTypeComp
*\machine\software\Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer  [1] = ole2disp.dll
*\machine\software\Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32  [1] = oleaut32.dll
*\machine\software\Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32\ThreadingModel [1] = Both
*\machine\software\Classes\CLSID\{00020D75-0000-0000-C000-000000000046}\ShellFolder\Attributes [4] = 72000000
*\machine\software\Classes\CLSID\{00021401-0000-0000-C000-000000000046}\ProgID  [1] = lnkfile
*\machine\software\Classes\CLSID\{0002DF01-0000-0000-C000-000000000046}\LocalServer32  [1] = "C:\Program Files\Internet Explorer\iexplore.exe"
*\machine\software\Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}  [1] = Shell Microsoft AutoComplete
*\machine\software\Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InProcServer32  [2] = 2500530079007300740065006D0052006F006F00740025005C00730079007300740065006D00330032005C00620072006F00770073006500750069002E0064006C006C000000
*\machine\software\Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InProcServer32\ThreadingModel [1] = Apartment
*\machine\software\Classes\CLSID\{00BB2764-6A77-11D0-A535-00C04FD7D062}  [1] = Microsoft 哠騍陙≧孾bRh?
*\machine\software\Classes\CLSID\{00BB2764-6A77-11D0-A535-00C04FD7D062}\InProcServer32  [2] = 2500530079007300740065006D0052006F006F00740025005C00730079007300740065006D00330032005C00620072006F00770073006500750069002E0064006C006C000000
*\machine\software\Classes\CLSID\{00BB2764-6A77-11D0-A535-00C04FD7D062}\InProcServer32\ThreadingModel [1] = Apartment
*\machine\software\Classes\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}  [1] = Microsoft
\ No newline at end of file
回复

举报

123
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-7-20 11:23 , Processed in 0.089521 second(s), 15 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表