lole 2008-1-7 18:08
奇怪的現象
我用紅傘掃了老的病毒樣本, 發現報heur/malware (低啟發)
[IMG]http://i201.photobucket.com/albums/aa184/happyparadise/av1.jpg[/IMG]
[IMG]http://i201.photobucket.com/albums/aa184/happyparadise/av1b.jpg[/IMG]
C:\Documents and Settings\.....\Quarantine\15.exe
[DETECTION] Contains suspicious code HEUR/Malware
[WARNING] The file was ignored!
可是, 我把紅傘的低啟發關了卻變成下圖的樣子..:fdqyt:
[IMG]http://i201.photobucket.com/albums/aa184/happyparadise/av2a.jpg[/IMG]
[IMG]http://i201.photobucket.com/albums/aa184/happyparadise/av2b.jpg[/IMG]
C:\Documents and Settings\.....\Quarantine\15.exe
[DETECTION] Contains detection pattern of the application APPL/Killapp
[WARNING] The file was ignored!
==================================================================
開了啟發, 為什麼紅傘不直接報毒? 卻報了HEUR/Malware???:hangg
這是本月樣本包中的15.exe (2007-12.1-12.31)
真有趣, 本以為要上報, 但一改了設定便知道...不用了...:smook
這是不是偶然的? 還是紅傘先報啟發, 再報特徵碼的結果???
[[i] 本帖最後由 lole 於 2008-1-7 18:12 編輯 [/i]]
SPeter 2008-1-7 21:30
可能是設定的優先性吧。
General → Extended threat categories
預設不報Application(APPL),這類有些是駭客工具,或是修改系統參數用的程式。或許是這樣造成的?
masterchief 2008-1-12 12:38
第一次看到這種怪現象
關閉啟發功能偵測的到
開啟啟發功能卻偵測為未知病毒
:fdqyt: