两个病毒，NOD报为查明的

beat2

两个上网乱逛时下的病毒，NOD报未查明的NewHeur_PE病毒，已上报。

7-zip不能打rar的包，下载后请把后缀名改为zip。

mofunzone

秒杀
Starting the file scan:

Begin scan in 'C:\Documents and Settings\Administrator\My Documents\viur.zip'
C:\Documents and Settings\Administrator\My Documents\
  viur.zip
    [0] Archive type: ZIP
    --> pKBrFPy.com
        [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
        [WARNING]   Infected files in archives cannot be repaired!
    --> top[1].exe
        [DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
        [WARNING]   Infected files in archives cannot be repaired!
        [WARNING]   The file was ignored!

hsjj2005

费尔扫描未报

pamier2001

top[1].exe           GenPack:Backdoor.Agent.AIR
bd报的

200p

我的avk2006没报

solcroft

鞭尸啊，鞭尸~

mofunzone

原帖由 solcroft 于 2007-3-7 18:23 发表
鞭尸啊，鞭尸~  

不能说是鞭尸，可能是被感染文件，或者是文件没写好，不能运行不代表鞭尸，如果有可疑代码的话就算不用运行也完全可以侦测出来

solcroft

原帖由 mofunzone 于 2007-3-8 10:36 发表

  不能说是鞭尸，可能是被感染文件，或者是文件没写好，不能运行不代表鞭尸，如果有可疑代码的话就算不用运行也完全可以侦测出来

抱歉了，还是觉得用英语说比较方便，有些电脑词汇我不懂怎么翻成中文...

If an antivirus product detects corrupted files as infected, then the only thing that can be deduced is that they the bits of the viral string the developers have chosen to identify are not optimal. They have targeted sections of malicious code that can be present even in a harmless file. After all, if a file exhibits no malicious behavior whatsoever, then what reason is there for a scanner to flag it as malware? They might as well start flagging the hundreds and thousands of other harmless files out there.

It is files like these that skew up the results of antivirus comparison tests. IBK has stated that any such files are weeded from his collection as soon as they are found, and I believe Stefan Kurtzhals has mentioned something of this sort as well when he commented on the test results from Malware-Test. Admittedly, it can be difficult for developers to completely eliminate such errors, especially with a product like AntiVir that uses some very powerful generic detection signatures; Avira may feel that the small amount of such false positives is worth the exchange of increased detection.

mofunzone

原帖由 solcroft 于 2007-3-7 18:55 发表

抱歉了，还是觉得用英语说比较方便，有些电脑词汇我不懂怎么翻成中文...

If an antivirus product detects corrupted files as infected, then the only thing that can be deduced is that they the bits ...

启发式扫描和所谓的虚拟机运行是两个概念
也就是说，不能运行的不等于不是病毒，虽然很多厂商不是这么定义的，类似dr.web
但是通过对代码进行highlight，就算是无法运行的文件也可以被定义为病毒，因为即使文件无法运行，其代码中具有威胁的语句已经可以视为threat，就像很多bat病毒，即使无法执行，上报一样会被报病毒
当然每个厂家和人对病毒的定义不同，我认为具有某些威胁特性的文件就可以判定为病毒了，就像你用刀子对着人笔画，虽然没有真的砍，所以无法定义为谋杀，但是定义为威胁已经足够了
病毒的道理同上

mofunzone

雨伞上报病毒经常会回复Malware(Damaged)，就是说即使文件已经损坏，但是依然可以识别出其威胁特性，启发扫描道理也是一样的
这种文件，勉强算是误报吧。。