symantec的误报？

显示全部楼层 · 发表于 2007-5-18 11:04:13

AhnLab-V3	2007.5.16.1	05.17.2007 [td]no virus found
AntiVir	7.4.0.23	05.17.2007 [td]no virus found
Authentium	4.93.8	05.16.2007 [td]no virus found
Avast	4.7.997.0	05.17.2007 [td]no virus found
AVG	7.5.0.467	05.17.2007 [td]no virus found
BitDefender	7.2	05.18.2007 [td]no virus found
CAT-QuickHeal	9.00	05.17.2007 [td]no virus found
ClamAV	devel-20070416	05.17.2007 [td]no virus found
DrWeb	4.33	05.17.2007 [td]no virus found
eSafe	7.0.15.0	05.17.2007 [td]no virus found
eTrust-Vet	30.7.3641	05.17.2007 [td]no virus found
Ewido	4.0	05.17.2007 [td]no virus found
FileAdvisor	1	05.18.2007 [td]no virus found
Fortinet	2.85.0.0	05.18.2007 [td]no virus found
F-Prot	4.3.2.48	05.16.2007 [td]no virus found
F-Secure	6.70.13030.0	05.18.2007 [td]no virus found
Ikarus	T3.1.1.7	05.17.2007 [td]no virus found
Kaspersky	4.0.2.24	05.18.2007 [td]no virus found
McAfee	5033	05.17.2007 [td]no virus found
Microsoft	1.2503	05.18.2007 [td]no virus found
NOD32v2	2275	05.17.2007 [td]no virus found
Norman	5.80.02	05.17.2007 [td]no virus found
Panda	9.0.0.4	05.17.2007 [td]no virus found
Prevx1	V2	05.18.2007 [td]no virus found
Sophos	4.17.0	05.16.2007 [td]no virus found
Sunbelt	2.2.907.0	05.17.2007 [td]no virus found
Symantec	10	05.18.2007	Backdoor.Haxdoor
TheHacker	6.1.6.115	05.15.2007 [td]no virus found
VBA32	3.12.0	05.17.2007 [td]no virus found
VirusBuster	4.3.7:9	05.17.2007 [td]no virus found
Webwasher-Gateway	6.0.1	05.18.2007 [td]no virus found

显示全部楼层 · 发表于 2007-5-18 11:08:34

dll 。。。
不能运行，帮不了你了。
估计是误报吧。。
最近发现symantec误报挺多的，莫非病毒泛滥，改变了作风？

显示全部楼层 · 发表于 2007-5-18 11:14:05

lsasrv - lsasrv.dll - DLL文件信息
DLL 文件： lsasrv 或者 lsasrv.dll
DLL 名称： Microsoft Local Security Authority Server

描述：
lsasrv.dll用于本地安全密码验证相关动态链接库文件。

属于： Microsoft Windows Operating System
系统 DLL文件：是

常见错误： File Not Found, Missing File, Exception Errors

安全等级 (0-5): 0
间谍软件：否
广告软件：否

netapi32 - netapi32.dll - DLL文件信息

DLL 文件： netapi32 或者 netapi32.dll
DLL 名称： Microsoft LAN Manager DLL

描述：
netapi32.dll是Windows网络应用程序接口，用于支持访问微软网络。

属于： Microsoft network
系统 DLL文件：是

常见错误： File Not Found, Missing File, Exception Errors

安全等级 (0-5): 0
间谍软件：否
广告软件：否

显示全部楼层 · 发表于 2007-5-18 12:53:03

今天更新的诺顿杀毒软件，将部分XP系统的netapi32.dll和lsasrv.dll视为Backdoor.Haxdoor后门加以清除，结果导致系统出现严重故障，无法启动，而Windows则警告有文件被替换，需要插入原安装盘恢复文件，而电脑在重新启动后蓝屏，即使在安全模式下也无法正常进入系统。赛门铁克官方表示，将在下午发表声明和解决方案。

经了解，没有升级到诺顿最新病毒库的电脑未发生问题，这次事故应该是因为诺顿的误报原因，导致netapi32.dll和lsasrv.dll这两个文件毁坏。目前搜狐IT已接到多名网友和多家公司举报，多台电脑已经瘫痪无法工作。

　　目前，赛门铁克官方表示，将在下午发表声明和解决方案。

显示全部楼层 · 发表于 2007-5-18 13:14:39

晕，赛门铁克不是不误报的吗，这次应该是忙中出错，把特征码给提错了

，但是以赛门铁克这么慢的反应速度应该有足够的时间让他们测试自己要升级出去的病毒码啊，这么多人是吃干饭的吗？？看来赛门铁客廉颇老矣

显示全部楼层 · 发表于 2007-5-18 13:41:53

原帖由 绅博周幸 于 2007-5-18 13:14 发表
晕，赛门铁克不是不误报的吗，这次应该是忙中出错，把特征码给提错了，但是以赛门铁克这么慢的反应速度应该有足够的时间让他们测试自己要升级出去的病毒码啊，这么多人是吃干饭的吗？？看来赛门铁 ...

连NSANTI都报了
还能做到0误报？

显示全部楼层 · 发表于 2007-5-18 14:24:20

刚刚再一次升级病毒码..电脑没事..

上报后也好像还没改

filename:  system32.rar
machine: Machine
result: See the developer notes

filename: lsasrv.dll
machine: Machine
result: NAV is falsely identifying this file as a virus

filename: netapi32.dll
machine: Machine
result: This file is detected as Backdoor.Haxdoor.
http://www.symantec.com/avcenter/venc/data/backdoor.haxdoor.html

Developer notes:
system32.rar is an infected container file of type  RAR
lsasrv.dll This file was incorrectly identified as malicious.  Please
download the latest definitions.  This file is contained by
system32.rar
netapi32.dll This archive contains malicious code. Any malicious
contents will be detected by NAV with the latest available definitions if
they are extracted from the archive. Please delete this file.  This file
is contained by system32.rar

Symantec Security Response has determined that the sample(s) that you
provided are infected with a virus, worm, or Trojan. We have created
RapidRelease definitions that will detect this threat. Please follow the
instruction at the end of this email message to download and install the
latest RapidRelease definitions.
Virus definition detail:

Sequence Number: 68644
Defs Version: 90517ce
Extended Version: 05/17/2007 rev.83

Should you have any questions about your submission, please contact
your regional technical support from the Symantec website and give them
the tracking number in the subject of this message.

[病毒样本] symantec的误报？

本帖子中包含更多资源