误报收集站 （false positive collection）

周杰伦

红伞回复是误报的，已经解决了
We received the following archive files:



File ID  Filename  Size (Byte) Result
236446  ThunderEx.rar 7.415 OK

A listing of files contained inside archives alongside their results can be found below:

File ID  Filename  Size (Byte) Result
220247  ThunderEx.dll  10.240  CLEAN


Please find a detailed report concerning each individual sample below:

Filename Result
ThunderEx.dll  CLEAN

The file 'ThunderEx.dll' has been determined to be 'CLEAN'. Our analysts did not discovered any malicious content.

周杰伦

红伞已经回复了
We received the following archive files:



File ID  Filename  Size (Byte) Result
235442  htm.rar 5.095 OK

A listing of files contained inside archives alongside their results can be found below:

File ID  Filename  Size (Byte) Result
235443  46370080.vir  2.971  MALWARE (NOT ANALYZABLE)
235443  46370080.vir  2.971  MALWARE (NOT ANALYZABLE)
235444  infected.bmp  74.166  CLEAN


Please find a detailed report concerning each individual sample below:

Filename Result
46370080.vir  MALWARE (NOT ANALYZABLE)

The file '46370080.vir' has been determined to be 'MALWARE (NOT ANALYZABLE)'. In particular this means that this file is not working properly or not functional as a stand alone component. Nevertheless we were able to determine that it is malware. Our analysts named the threat HTML/Startpage.O. The term "HTML/" denotes a script-virus that is able to infect the system using a HTML script.Detection is added to our virus definition file (VDF) starting with version 6.36.01.105.

Filename Result
46370080.vir  MALWARE (NOT ANALYZABLE)

The file '46370080.vir' has been determined to be 'MALWARE (NOT ANALYZABLE)'. In particular this means that this file is not working properly or not functional as a stand alone component. Nevertheless we were able to determine that it is malware. Our analysts named the threat HTML/Startpage.O. The term "HTML/" denotes a script-virus that is able to infect the system using a HTML script.Detection is added to our virus definition file (VDF) starting with version 6.36.01.105.

Filename Result
infected.bmp  CLEAN

The file 'infected.bmp' has been determined to be 'CLEAN'. Our analysts did not discovered any malicious content.

benny2

红伞这个误报实在是。。。。

我的病毒库版本V6.38.00.129

Antivirus	Version	Update	Result
AhnLab-V3	2007.3.27.0	03.27.2007	no virus found
AntiVir	7.3.1.44	03.27.2007	TR/PSW.QQSpy.AF
Authentium	4.93.8	03.26.2007	no virus found
Avast	4.7.936.0	03.27.2007	no virus found
AVG	7.5.0.447	03.27.2007	no virus found
BitDefender	7.2	03.27.2007	no virus found
CAT-QuickHeal	9.00	03.27.2007	no virus found
ClamAV	devel-20070312	03.27.2007	no virus found
DrWeb	4.33	03.27.2007	no virus found
eSafe	7.0.14.0	03.27.2007	no virus found
eTrust-Vet	30.6.3515	03.27.2007	no virus found
Ewido	4.0	03.27.2007	no virus found
FileAdvisor	1	03.27.2007	No threat detected
Fortinet	2.85.0.0	03.27.2007	no virus found
F-Prot	4.3.1.45	03.26.2007	no virus found
F-Secure	6.70.13030.0	03.27.2007	no virus found
Ikarus	T3.1.1.3	03.27.2007	no virus found
Kaspersky	4.0.2.24	03.27.2007	no virus found
McAfee	4993	03.27.2007	no virus found
Microsoft	1.2306	03.27.2007	no virus found
NOD32v2	2148	03.27.2007	no virus found
Norman	5.80.02	03.27.2007	no virus found
Panda	9.0.0.4	03.27.2007	no virus found
Prevx1	V2	03.27.2007	no virus found
Sophos	4.15.0	03.27.2007	no virus found
Sunbelt	2.2.907.0	03.24.2007	no virus found
Symantec	10	03.27.2007	no virus found
TheHacker	6.1.6.080	03.23.2007	no virus found
UNA	1.83	03.16.2007	no virus found
VBA32	3.11.2	03.27.2007	no virus found
VirusBuster	4.3.7:9	03.27.2007	no virus found
Webwasher-Gateway	6.0.1	03.27.2007	Trojan.PSW.QQSpy.AF

File size: 1581056 bytes

MD5: 8829938fd1e3cd4665759929cf6d939a

SHA1: 8a713a0cf878d6866999d6948a8f824c3d9fa15d

已经上报，等待回复中

周杰伦

上报就可以解决了

evilcat

金山词霸2007的破解补丁，前一阵没有问题，刚才开机红伞却报了，报的是xdict.exe。
看了下多引擎，有点迷惑啊

Antivirus	Version	Update	Result
AhnLab-V3	2007.3.27.0	03.27.2007 [td]no virus found
AntiVir	7.3.1.44	03.28.2007	BDS/Pcclient.GV.141
Authentium	4.93.8	03.28.2007 [td]no virus found
Avast	4.7.936.0	03.27.2007 [td]no virus found
AVG	7.5.0.447	03.27.2007 [td]no virus found
BitDefender	7.2	03.28.2007	Backdoor.Pcclient.GV
CAT-QuickHeal	9.00	03.27.2007 [td]no virus found
ClamAV	devel-20070312	03.28.2007 [td]no virus found
DrWeb	4.33	03.28.2007 [td]no virus found
eSafe	7.0.14.0	03.27.2007	suspicious Trojan/Worm
eTrust-Vet	30.6.3518	03.28.2007 [td]no virus found
Ewido	4.0	03.27.2007 [td]no virus found
FileAdvisor	1	03.28.2007 [td]no virus found
Fortinet	2.85.0.0	03.28.2007	PossibleThreat!016875
F-Prot	4.3.1.45	03.28.2007 [td]no virus found
F-Secure	6.70.13030.0	03.28.2007 [td]no virus found
Ikarus	T3.1.1.3	03.28.2007	Backdoor.Win32.PcClient.GV
Kaspersky	4.0.2.24	03.28.2007 [td]no virus found
McAfee	4993	03.27.2007 [td]no virus found
Microsoft	1.2306	03.28.2007 [td]no virus found
NOD32v2	2148	03.27.2007 [td]no virus found
Norman	5.80.02	03.27.2007 [td]no virus found
Panda	9.0.0.4	03.27.2007 [td]no virus found
Prevx1	V2	03.28.2007 [td]no virus found
Sophos	4.15.0	03.27.2007 [td]no virus found
Sunbelt	2.2.907.0	03.24.2007	Backdoor.PcClient.GV
Symantec	10	03.28.2007 [td]no virus found
TheHacker	6.1.6.080	03.23.2007 [td]no virus found
UNA	1.83	03.16.2007 [td]no virus found
VBA32	3.11.2	03.27.2007	suspected of Backdoor.PcClient.3
VirusBuster	4.3.7:9	03.27.2007	Packed/NSPack
Webwasher-Gateway	6.0.1	03.28.2007	Trojan.Pcclient.GV.141

Aditional Information

File size: 645421 bytes

MD5: 88789b6b148f3915a646d83beb263b76

SHA1: 660faf3a289cc1430caecaa93b7e4f2440c58150

packers: NSPACK

packers: NSPack, PE_Patch

下载：
http://evilmetalcat.googlepages.com/xdict.rar

周杰伦

好了，已经上报了

temp444

有人上报过“超星IE阅读插件”没有？那个插件（超星图书官方提供的）也报有问题。

周杰伦

把文件打包发上来，我们上报看看

fairypyr

。。这个是不是误报？

周杰伦

红伞回复了，是误报的，下个版本就会解决这个误报了
We received the following archive files:



File ID  Filename  Size (Byte) Result
239393  AntiAdwa.rar 49.120 OK

A listing of files contained inside archives alongside their results can be found below:

File ID  Filename  Size (Byte) Result
222744  AntiAdwa.dll  139.264  FALSE POSITIVE


Please find a detailed report concerning each individual sample below:

Filename Result
AntiAdwa.dll  FALSE POSITIVE

The file 'AntiAdwa.dll' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection is removed from our virus definition file (VDF) with the version: 6.38.0.69 .