x3-lnk-downloader 輕鬆過主流-Result: 3/41 (7.32%)

linjw

?Filename        Result
123.nk         CLEAN

The file '123.nk' has been determined to be 'CLEAN'. Our analysts did not discover any malicious content.

R.T

厉害啊 修改系统时间

黑衣~魂

原帖由 linjw 于 2009-8-27 17:10 发表
?Filename        Result
123.nk         CLEAN

The file '123.nk' has been determined to be 'CLEAN'. Our analysts did not discover any malicious content.

avira誤判clean我不覺得稀奇，他們的檢測程序我早就發現很多問題了，找不到malicious code一樣可以用該FILE的檔案大小來當定義名入庫。這些80％都是誤報。

只是像是KL這些比較嚴謹都可能發生，不過只要EMAIL過去前告知行為就可以避免誤判CLEAN的問題。

[ 本帖最后由 黑衣~魂 于 2009-8-27 19:00 编辑 ]

hj5abc

嗯. 还有，比如说上报N个同类变种，大小相同，md5不同，它也会误判成一个样本。

黑衣~魂

瑞星js誤判才誇張，合法link挖掉也啟發，所以國外的人這樣評價avira

Some AV, offer fake protection, they dont follow the same rules as everyone else.
ie, No doubt, a new file that is unknown to "AV-Labs" will be automatically detected, even if it finds no viral code, same applies for any new file that is packed etc, (lots of many HEUR/generic detections)

IllusionWing

嗯。antivir这上面分析能力确实不行

尤金卡巴斯基

2009/8/27 23:40:03        已清除        木马程序 Trojan-GameThief.Win32.OnLineGames.vmkn        G:\Temp\Virus\X3-tr.rar/s.exe               
To KL

尤金卡巴斯基

Hello,


123.nk - Trojan-Downloader.Win32.Pif.qq

At the moment this file is detected. Please update your antivirus bases.

ro.dll - Trojan-GameThief.Win32.Magania.bwyk

New malicious software was found in this file. It's detection will be included in the next update. Thank you for your help.


Best Regards,
Oleg Yurzin

Malware Analyst
Kaspersky Lab