Re: [問題] papago裡面一個檔案被卡巴偵測為病毒=.=a

看板AntiVirus (防毒)作者blman (我愛亦潔我愛亦潔)時間18年前 (2007/10/23 22:53)推噓5(5推 0噓 3→)

留言8則, 4人參與討論串1/1

目前所知 PAPAGO! R12 & R15 兩個版本會被防毒軟體判為木馬或廣告軟體。 PAPAGO! R12 的 Advertise_PC.exe PAPAGO! R15 的 Advertise_PC.exe PAPAGO! R15 的 TMC_PC.exe Advertise_PC.exe 是 PAPAGO! 的廣告軟體。 TMC_PC.exe 是氣候與交通等的更新程式。網路有網友將這兩個檔發佈給小紅傘(AntiVir)分析，回報如下： File ID Filename Size (Byte) Result 1108589 TMC_PC.exe 6.5 KB MALWARE 1108588 Advertise_PC.exe 6.5 KB MALWARE The file 'TMC_PC.exe' has been determined to be 'MALWARE'. Our analysts named the threat ADSPY/AdAgent.K. The term "ADSPY/" denotes adware or spyware. This type of malware is able to change browser settings for example by manipulating registry settings or by using of NTFS-streams. Very often IEexploits are used to manipulate the browserhelp.dll.Detection is added to our virus definition file (VDF) starting with version 6.39.00.160. Please note that Avira's proactive heuristic detection module AHeAD detected this threat up front without the latest VDF update as: HEUR/Malware. The file 'Advertise_PC.exe' has been determined to be 'MALWARE'. Our analysts named the threat ADSPY/AdAgent.I. The term "ADSPY/" denotes adware or spyware. This type of malware is able to change browser settings for example by manipulating registry settings or by using of NTFS-streams. Very often IEexploits are used to manipulate the browserhelp.dll.Detection is added to our virus definition file (VDF) starting with version 6.39.00.160. Please note that Avira's proactive heuristic detection module AHeAD detected this threat up front without the latest VDF update as: HEUR/Malware. 簡單來說，這兩個程式的操作手法不合正義程序，就是偷偷摸摸的，所以防毒軟體公司才會這麼明確的要判定為惡意程式。例如，Advertise_PC.exe 不經過你的同意，就偷偷下載以下檔案到你的電腦裡， http://www.papago.com.tw/mapcenter/ad10.bmp http://www.papago.com.tw/mapcenter/ad20.bmp http://www.papago.com.tw/mapcenter/ad40.bmp http://www.papago.com.tw/mapcenter/ad_list.htm http://www.papago.com.tw/mapcenter/ad_data.htm 以及 Advertise_PC.pdb 而 TMC_PC.exe 也不經過你的同意，偷偷下載以下檔案到你的電腦裡， http://www.papago.com.tw/mapcenter/roadmsg.htm http://www.papago.com.tw/mapcenter/weather.htm http://www.papago.com.tw/mapcenter/weather2.htm 以及 TMC_PC.pdb 解決方法？有兩個方法一，將防毒軟體將此兩個檔案設定為例外，即掃瞄時跳過這兩個檔。但意謂著你要承受這兩個程式可能帶來的風險。方法二，刪掉這兩個檔，但也意謂著你無法使用氣候與交通等更新功能。但砍掉時發現執行 PAPAGO! 會要求你重裝系統？！那麼就把桌面的捷徑砍掉，並進到 C:\Program Files\Maction\PAPAGO! R??\ 底下，直接執行 PaPaGOR??.exe 就可以了，要方便一點的話，就拖拉這個檔到桌面當捷徑。 -- ※ 發信站: 批踢踢實業坊(ptt.cc) ◆ From: 218.167.59.202