卡巴斯基又误杀了!!!

广告

最近真的是晕死,一直使用纳米盘来上传东西的,可是最近在开纳米盘的时候,卡巴斯基却提示有病毒,仔细一看,原来是说纳米盘的主程序有问题。一开始想:不会吧?这个我一直都用得好好的啊,怎么会有病毒,该不会被感染了什么吧。于是将起上传到【VirusTotal】和【virscan.org】检查,查完之后还真的晕死啊~~~大部分都是提示正常文件,只有卡巴和为数不多的几款杀毒软件提示病毒,其它的都提示正常。

然后今天又打开了纳米盘的官方网站,看了一下公告,才知道真的是卡巴的误杀啊~~~

下面贴出两个网站的检查结果:
----------------------------
http://virscan.org/report/40a3661bf98852d86dfacfe54a956c09.html
VirSCAN.org Scanned Report :
Scanner results: 22%的杀软(8/36)报告发现病毒
File Name : 纳米机器人.exe
File Size : 462848 byte
File Type : MS-DOS executable (EXE), OS/2 or MS Windows
MD5 : e68918149b2289731e959ed8297cd827
SHA1 : 893c799e9c659de12d9c694b298879c36c3e0178
Online report : http://virscan.org/report/40a3661bf98852d86dfacfe54a956c09.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 3.5.0.18 2008.06.10 2008-06-10 7.14 –
安博士V3 2008.06.11.01 2008.06.11 2008-06-11 2.37 –
AntiVir 7.8.0.55 7.0.4.180 2008-06-11 14.98 –
Arcavir 1.0.4 200806111158 2008-06-11 8.66 –
AVAST 1.0.8 080611-1 2008-06-11 13.14 –
AVG 7.5.51.442 270.2.0/1497 2008-06-11 8.81 Downloader.Generic7.SET
BitDefender 7.60825.1260373 7.19462 2008-06-11 15.08 –
CA (VET) 9.0.0.143 31.6.5865 2008-06-11 23.62 –
ClamAV 0.93 7435 2008-06-11 0.33 –
Comodo 2.11 2.0.0.552 2008-06-11 1.67 –
CP Secure 1.1.0.715 2008.06.11 2008-06-11 21.54 –
Dr.WEB 4.44.0.9170 2008.06.11 2008-06-11 20.17 –
ewido 4.0.0.2 2008.06.11 2008-06-11 4.03 –
F-PROT 4.4.1.52 20080610 2008-06-10 7.88 Possible W32/Heuristic-431!Eldorado (not disinfectable)
F-SECURE 5.51.6100 2008.06.11.05 2008-06-11 24.82 Trojan-Downloader.Win32.Delf.irn [AVP]
飞塔 2.81-3.11 9.188 2008-06-11 8.96 W32/Delf.IRN!tr.dldr
ViRobot 20080611 2008.06.11 2008-06-11 1.65 –
IKARUS T3.1.01.26 2008.06.11.70901 2008-06-11 8.21 Trojan-Downloader.Win32.Delf.irn
江民杀毒 11.0.706 2008.06.11 2008-06-11 3.33 –
卡巴斯基 5.5.10 2008.06.11 2008-06-11 31.96 Trojan-Downloader.Win32.Delf.irn
金山毒霸 2008.1.14.15 2008.6.11.17 2008-06-11 2.15 –
迈克菲 5.2.00 5314 2008-06-10 13.24 –
Microsoft 1.3604 2008.06.11 2008-06-11 8.21 –
MKS_VIR 2.01 2008.06.11 2008-06-11 6.13 –
NORMAN 5.92.08 5.92.00 2008-06-10 14.95 –
熊猫卫士 9.04.03.0001 2008.06.10 2008-06-10 4.92 –
趋势 8.700-1004 5.338.06 2008-06-11 0.06 –
Prevx V2 20080611 2008-06-11 21.16 TROJAN.DOWNLOADER.GEN
QuickHeal 9.00 2008.06.11 2008-06-11 0.58 –
瑞星 20.0 20.48.22.00 2008-06-11 1.63 –
SOPHOS 2.74.1 4.30 2008-06-11 9.03 Mal/Generic-A
赛门铁克 1.3.0.24 20080609.003 2008-06-09 0.02 –
nProtect 2008-06-11.00 1541744 2008-06-11 7.71 –
The Hacker 6.2.92 v00342 2008-06-10 1.15 –
VBA32 3.12.6.7 20080610.0747 2008-06-10 3.96 –
VirusBuster 4.3.19:9 9.131.7/11.0 2008-06-11 3.17 –
----------------------------
http://www.virustotal.com/zh-cn/analisis/9b744dac959b133f69512e7578e48666

文件 DUTool.exe 接收于 2008.06.10 09:29:52 (CET)
反病毒引擎 版本 最后更新 扫描结果
AhnLab-V3 2008.5.30.1 2008.06.10 –
AntiVir 7.8.0.55 2008.06.10 –
Authentium 5.1.0.4 2008.06.09 –
Avast 4.8.1195.0 2008.06.09 –
AVG 7.5.0.516 2008.06.09 –
BitDefender 7.2 2008.06.10 –
CAT-QuickHeal 9.50 2008.06.09 –
ClamAV 0.92.1 2008.06.10 –
DrWeb 4.44.0.09170 2008.06.10 –
eSafe 7.0.15.0 2008.06.09 –
eTrust-Vet 31.6.5858 2008.06.08 –
Ewido 4.0 2008.06.09 –
F-Prot 4.4.4.56 2008.06.09 –
F-Secure 6.70.13260.0 2008.06.10 Trojan-Downloader.Win32.Delf.irn
Fortinet 3.14.0.0 2008.06.10 –
GData 2.0.7306.1023 2008.06.10 Trojan-Downloader.Win32.Delf.irn
Ikarus T3.1.1.26.0 2008.06.10 –
Kaspersky 7.0.0.125 2008.06.10 Trojan-Downloader.Win32.Delf.irn
McAfee 5313 2008.06.09 –
Microsoft None 2008.06.10 –
NOD32v2 3171 2008.06.10 –
Norman 5.80.02 2008.06.09 –
Panda 9.0.0.4 2008.06.09 –
Prevx1 V2 2008.06.10 Malicious Software
Rising 20.48.10.00 2008.06.10 –
Sophos 4.30.0 2008.06.10 –
Sunbelt 3.0.1145.1 2008.06.05 –
Symantec 10 2008.06.10 –
TheHacker 6.2.92.341 2008.06.10 –
VBA32 3.12.6.7 2008.06.09 –
VirusBuster 4.3.26:9 2008.06.09 –
Webwasher-Gateway 6.6.2 2008.06.10 –

附加信息
File size: 462848 bytes
MD5…: e68918149b2289731e959ed8297cd827
SHA1..: 893c799e9c659de12d9c694b298879c36c3e0178
SHA256: 823ecaeb6d70b45eb8786b615ceac161fa122b1bfea8cd828f11abad13d04b4e
SHA512: e2b5b42d56dde4b83252f68075af41befd18a136cfa84045f2210c3a4afc286c
0d336b30afb473fd6607192a4b19f4e7e7ff9eea2a1629c5ef7e5212940b418c
PEiD..: –
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x43556d
timedatestamp…..: 0x4848e6a2 (Fri Jun 06 07:26:26 2008)
machinetype…….: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x594af 0x5a000 6.64 d42749a6a70629d135d82a8ebded3e8c
.rdata 0x5b000 0xc534 0xd000 5.35 3e822fe856b314cd6b0c515e2039daf1
.data 0x68000 0xd964 0x3000 2.49 c814b3fa2a490ceb20792a48fd588b1c
.rsrc 0x76000 0x5650 0x6000 4.36 ca6d3acb52635e0bc0df2ffe5b9399bc

( 12 imports )
> KERNEL32.dll: LoadLibraryA, FreeLibrary, QueryPerformanceCounter, QueryPerformanceFrequency, GetDiskFreeSpaceA, WideCharToMultiByte, MultiByteToWideChar, GetCurrentThreadId, GlobalAddAtomA, GlobalFindAtomA, GetCommandLineA, SetEnvironmentVariableA, CompareStringW, CompareStringA, GetCurrentProcessId, GetLocaleInfoA, GetSystemInfo, VirtualProtect, IsBadCodePtr, IsBadReadPtr, VirtualQuery, SetStdHandle, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, GetEnvironmentStringsW, GetProcAddress, GetEnvironmentStrings, FreeEnvironmentStringsA, UnhandledExceptionFilter, GetFileType, GetStdHandle, SetHandleCount, IsBadWritePtr, VirtualAlloc, VirtualFree, HeapCreate, HeapDestroy, HeapSize, TerminateProcess, ExitProcess, SetUnhandledExceptionFilter, GetTimeZoneInformation, TlsGetValue, TlsSetValue, TlsFree, SetLastError, TlsAlloc, GetCPInfo, GetOEMCP, GetACP, GetStartupInfoA, CreateThread, ExitThread, HeapFree, HeapAlloc, HeapReAlloc, RaiseException, RtlUnwind, GetSystemTimeAsFileTime, InterlockedCompareExchange, ResumeThread, GetFileAttributesExA, CompareFileTime, SetEndOfFile, MoveFileA, InterlockedExchange, GetExitCodeThread, Sleep, GlobalSize, GlobalLock, GlobalUnlock, CloseHandle, FlushFileBuffers, ReadFile, SetFilePointer, WriteFile, DeleteFileA, CreateFileA, GetLastError, GetFileSize, GlobalAlloc, GlobalHandle, GlobalReAlloc, GlobalFree, lstrlenA, WaitForSingleObject, ReleaseMutex, GetModuleFileNameA, GetSystemDirectoryA, CreateDirectoryA, GetFileAttributesA, EnterCriticalSection, GetModuleHandleA, FindResourceA, SizeofResource, LoadResource, LockResource, FreeResource, GetVersionExA, GetCurrentProcess, InitializeCriticalSection, DeleteCriticalSection, GetTickCount, OutputDebugStringA, LeaveCriticalSection, FreeEnvironmentStringsW
> USER32.dll: LoadStringA, FindWindowA, UnregisterClassA, LoadAcceleratorsA, SendDlgItemMessageA, MessageBoxA, DialogBoxParamA, SwitchToThisWindow, SetForegroundWindow, BringWindowToTop, IsIconic, ShowWindow, SystemParametersInfoA, PostMessageA, EndPaint, FillRect, BeginPaint, GetClientRect, SetTimer, MessageBeep, InvalidateRect, SetWindowLongA, GetWindowLongA, DrawTextA, ScreenToClient, GetCursorPos, CallWindowProcA, SetCursor, LoadCursorA, ReleaseDC, GetDC, CreateWindowExA, TrackPopupMenu, GetSubMenu, GetSystemMetrics, MoveWindow, SetWindowPos, GetWindowTextA, IsWindowEnabled, IsWindowVisible, EnableWindow, GetDlgItem, GetParent, CreateDialogParamA, DestroyMenu, EnableMenuItem, LoadMenuA, GetScrollPos, DefWindowProcA, SendMessageA, GetWindowRect, GetMessageA, IsDialogMessageA, TranslateAcceleratorA, GetFocus, TranslateMessage, DispatchMessageA, LoadIconA, RegisterClassExA, PostQuitMessage, ReleaseCapture, SetCapture, DrawFocusRect, SetRect, DestroyWindow, UpdateWindow, UnregisterHotKey, RegisterHotKey, KillTimer, GetClipboardData, GetKeyState, EndDialog, OpenClipboard, EmptyClipboard, SetClipboardData, CloseClipboard
> GDI32.dll: CreatePen, CreateSolidBrush, CreateFontA, DeleteObject, GetTextExtentPoint32A, SetBkMode, SelectObject, SetTextColor, CombineRgn, CreatePolygonRgn, CreateRoundRectRgn, RoundRect, SelectClipRgn, MoveToEx, Rectangle, ExcludeClipRect, DeleteDC, BitBlt, CreateCompatibleBitmap, CreateCompatibleDC, TextOutA, LineTo
> comdlg32.dll: GetOpenFileNameA
> ADVAPI32.dll: LookupPrivilegeValueA, AdjustTokenPrivileges, RegOpenKeyExA, RegCloseKey, OpenProcessToken, RegSetValueExA, RegDeleteKeyA, RegQueryValueExA, RegDeleteValueA, RegCreateKeyExA
> SHELL32.dll: ShellExecuteA, SHBrowseForFolderA, SHGetPathFromIDListA, SHGetMalloc, ExtractIconExA, Shell_NotifyIconA
> ole32.dll: OleInitialize, CoRegisterClassObject, RegisterDragDrop, CoInitialize, CoRevokeClassObject, OleUninitialize, CoUninitialize, CoCreateGuid, RevokeDragDrop
> WS2_32.dll: -, -, -, -, -, -, -, -, -, -, WSASetEvent, -, WSAEnumNetworkEvents, -, -, WSAEventSelect, WSACreateEvent, -, -, -, -, -, -, -, -, -, -, -, -, –
> iphlpapi.dll: GetAdaptersInfo
> WININET.dll: InternetGetCookieA, InternetSetCookieA
> MSIMG32.dll: GradientFill
> COMCTL32.dll: ImageList_EndDrag, ImageList_DragEnter, ImageList_DrawEx, -, ImageList_ReplaceIcon, ImageList_Create, ImageList_Destroy, ImageList_DragLeave, ImageList_DragMove, ImageList_DragShowNolock, -, ImageList_BeginDrag

( 0 exports )
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=31F39AF8006E3C4F103807E061D377008FC0ECE1
packers (F-Prot): embedded

----------------------------
再贴出纳米盘的官方公告:
http://help.namipan.com/43.html
热点问题和解答_2008-06-11

经过测试,1.2.0522 版是有被卡巴7.0报为病毒的现象。不过我们仔细检查后,发现是卡巴误怀疑其中的部分代码为病毒。实际其并非真正的病毒,还请网友放心。
针对此种情况,我们也做了修改,现在最新版本为,1.3.0611
这也是由于我们的原因,导致部分网友使用机器人出现异常,我们表示道歉。
另,再次声明,那不是病毒,请网友放心。
……(后面省略)


Tags: ,

发表评论

电子邮件地址不会被公开。 必填项已用*标注

百度XML GoogleXML SiteMap

游侠海外岛 is Stephen Fry proof thanks to caching by WP Super Cache