universebreaker 发表于 2008-5-1 22:43:32

minirosetta有沒有毒?

我打開r@h抓包的時候
它下載了兩個mini版r@h的exe
一個是graphic版,另一個是原版
兩個都被nod32掃出有毒
我放行了graphic,擋了另一個
後來它也下載了另一個版本
順利運行,一個小時算起了
沒有出現錯誤

請問mini r@h的exe是不是真的有毒?


下付信息一堆,希望有用吧~

2008/5/1 下午 08:37:20|rosetta@home|Sending scheduler request: Requested by user.Requesting 34560 seconds of work, reporting 0 completed tasks
2008/5/1 下午 08:37:25|rosetta@home|Scheduler request succeeded: got 1 new tasks
2008/5/1 下午 08:37:27|rosetta@home|Started download of minirosetta_1.15_windows_intelx86.exe
2008/5/1 下午 08:37:27|rosetta@home|Started download of minirosetta_graphics_1.15_windows_intelx86.exe
2008/5/1 下午 08:38:43|rosetta@home|Finished download of minirosetta_graphics_1.15_windows_intelx86.exe
2008/5/1 下午 08:38:43|rosetta@home|Started download of Helvetica.txf
2008/5/1 下午 08:39:35||Project communication failed: attempting access to reference site
2008/5/1 下午 08:39:35|rosetta@home|Temporarily failed download of minirosetta_1.15_windows_intelx86.exe: HTTP error
2008/5/1 下午 08:39:36|rosetta@home|Started download of minirosetta_database_rev21566.zip
2008/5/1 下午 08:39:37||Internet access OK - project servers may be temporarily down.
2008/5/1 下午 08:39:37|rosetta@home|Finished download of Helvetica.txf
2008/5/1 下午 08:39:37|rosetta@home|Started download of boinc_apr28_aa1shfA09_05.200_v1_3.gz
2008/5/1 下午 08:39:50|rosetta@home|Finished download of boinc_apr28_aa1shfA09_05.200_v1_3.gz
2008/5/1 下午 08:39:50|rosetta@home|Started download of boinc_apr28_aa1shfA03_05.200_v1_3.gz
2008/5/1 下午 08:39:57|rosetta@home|Finished download of boinc_apr28_aa1shfA03_05.200_v1_3.gz
2008/5/1 下午 08:39:57|rosetta@home|Started download of apr25_1shf.pdb.gz
2008/5/1 下午 08:39:58|rosetta@home|Finished download of apr25_1shf.pdb.gz
2008/5/1 下午 08:39:59|rosetta@home|Started download of minirosetta_1.15_windows_intelx86.exe
2008/5/1 下午 08:40:10|rosetta@home|Finished download of minirosetta_1.15_windows_intelx86.exe
2008/5/1 下午 08:41:28|rosetta@home|Sending scheduler request: To fetch work.Requesting 17280 seconds of work, reporting 0 completed tasks
2008/5/1 下午 08:41:33|rosetta@home|Scheduler request succeeded: got 1 new tasks
2008/5/1 下午 08:41:35|rosetta@home|Started download of boinc_apr28_aa1scjB09_05.200_v1_3.gz
2008/5/1 下午 08:41:49|rosetta@home|Finished download of minirosetta_database_rev21566.zip
2008/5/1 下午 08:41:49|rosetta@home|Started download of boinc_apr28_aa1scjB03_05.200_v1_3.gz
2008/5/1 下午 08:41:50|rosetta@home|Starting 1shfA_BOINC_ABINITIO_IGNORE_THE_REST-S25-9-S3-3--1shfA-_3125_458_0
2008/5/1 下午 08:41:50|rosetta@home|Starting task 1shfA_BOINC_ABINITIO_IGNORE_THE_REST-S25-9-S3-3--1shfA-_3125_458_0 using minirosetta version 115
2008/5/1 下午 08:41:52|rosetta@home|Finished download of boinc_apr28_aa1scjB09_05.200_v1_3.gz
2008/5/1 下午 08:41:52|rosetta@home|Started download of apr25_1scj.pdb.gz
2008/5/1 下午 08:41:53|rosetta@home|Finished download of apr25_1scj.pdb.gz
2008/5/1 下午 08:42:01|rosetta@home|Finished download of boinc_apr28_aa1scjB03_05.200_v1_3.gz
2008/5/1 下午 08:42:02|rosetta@home|Starting 1scjB_BOINC_ABINITIO_IGNORE_THE_REST-S25-9-S3-3--1scjB-_3125_314_0
2008/5/1 下午 08:42:02|rosetta@home|Starting task 1scjB_BOINC_ABINITIO_IGNORE_THE_REST-S25-9-S3-3--1scjB-_3125_314_0 using minirosetta version 115
2008/5/1 下午 08:42:54|rosetta@home|Sending scheduler request: Requested by user.Requesting 0 seconds of work, reporting 0 completed tasks
2008/5/1 下午 08:43:00|rosetta@home|Scheduler request succeeded: got 0 new tasks
2008/5/1 下午 08:43:10|rosetta@home|Sending scheduler request: Requested by user.Requesting 0 seconds of work, reporting 0 completed tasks
2008/5/1 下午 08:43:15|rosetta@home|Scheduler request succeeded: got 0 new tasks
2008/5/1 下午 09:34:32|rosetta@home|Computation for task 1scjB_BOINC_ABINITIO_IGNORE_THE_REST-S25-9-S3-3--1scjB-_3125_314_0 finished
2008/5/1 下午 09:34:34|rosetta@home|Started upload of 1scjB_BOINC_ABINITIO_IGNORE_THE_REST-S25-9-S3-3--1scjB-_3125_314_0_0
2008/5/1 下午 09:34:39|rosetta@home|Finished upload of 1scjB_BOINC_ABINITIO_IGNORE_THE_REST-S25-9-S3-3--1scjB-_3125_314_0_0
2008/5/1 下午 09:35:42|rosetta@home|Computation for task 1shfA_BOINC_ABINITIO_IGNORE_THE_REST-S25-9-S3-3--1shfA-_3125_458_0 finished
2008/5/1 下午 09:35:44|rosetta@home|Started upload of 1shfA_BOINC_ABINITIO_IGNORE_THE_REST-S25-9-S3-3--1shfA-_3125_458_0_0
2008/5/1 下午 09:35:50|rosetta@home|Finished upload of 1shfA_BOINC_ABINITIO_IGNORE_THE_REST-S25-9-S3-3--1shfA-_3125_458_0_0
2008/5/1 下午 09:47:45|rosetta@home|Sending scheduler request: Requested by user.Requesting 0 seconds of work, reporting 2 completed tasks
2008/5/1 下午 09:47:50|rosetta@home|Scheduler request succeeded: got 0 new tasks
2008/5/1 下午 09:47:55|rosetta@home|Sending scheduler request: Requested by user.Requesting 0 seconds of work, reporting 0 completed tasks
2008/5/1 下午 09:48:00|rosetta@home|Scheduler request succeeded: got 0 new tasks
2008/5/1 下午 09:48:06|rosetta@home|Sending scheduler request: Requested by user.Requesting 0 seconds of work, reporting 0 completed tasks
2008/5/1 下午 09:48:11|rosetta@home|Scheduler request succeeded: got 0 new tasks

Tynox 发表于 2008-5-1 22:52:42

回复 #1 universebreaker 的帖子

我现在使用的是ESS.在下载minirosetta时有时也会报毒.应该是误报.
报的只是graphic[这个应该只是一个屏保程序].在运行mini版计算程序时,还是可以打开屏保的.

应该把这个问题向ESET公司反映一下.

Youth 发表于 2008-5-1 23:09:13

我用的avg free edition,算个好几个minirosetta的包,没报毒

Julian_Yuen 发表于 2008-5-2 11:26:46

对于是否误报的话,有兴趣的人可以自己简单排除一下。
----
理论上来说,传统的特征码等方式来报毒是有缺陷的。从行为判断上来说可能更加准确一些。
可以考虑用HIPS来查看某个程序进行了哪些(高危)步骤。
或者用sandbox、虚拟机之类来验毒。

Tynox 发表于 2008-5-2 13:51:01

回复 #4 Julian_Yuen 的帖子

ESS的监控就是使用行为检测的.

Julian_Yuen 发表于 2008-5-2 14:05:38

回复 #5 Tynox 的帖子

报了什么行为?
----
我用的eq或者comodo3firewallpro的D+做主防...

Tynox 发表于 2008-5-2 16:07:19

回复 #6 Julian_Yuen 的帖子

2008-4-26 9:11:58        HTTP filter        file        http://srv1.bakerlab.org/rosetta/download/minirosetta_graphics_1.15_windows_intelx86.exe        probably a variant of Win32/Statik application        connection terminated - quarantined        7C6AD9B35FDC4E8\Administrator        Threat was detected upon access to web by the application: D:\Program Files\BOINC\boinc.exe.
2008-4-26 9:11:48        HTTP filter        file        http://srv1.bakerlab.org/rosetta/download/minirosetta_1.15_windows_intelx86.exe        probably a variant of Win32/Statik application        connection terminated - quarantined        7C6AD9B35FDC4E8\Administrator        Threat was detected upon access to web by the application: D:\Program Files\BOINC\boinc.exe.

对杀毒软件不是很了解.根据官方的技术说明,也是检测病毒的行为来进行判断的.当然特征码也是使用的.监控方面应该是使用虚拟机一类的技术,判断病毒行为.

Julian_Yuen 发表于 2008-5-2 16:21:00

回复 #7 Tynox 的帖子

http://www.virustotal.com/

http://www.virscan.org/

多引擎扫描

----------
没厂商能做到从不误杀的。包括第一梯队的某星

Tynox 发表于 2008-5-2 16:25:49

回复 #8 Julian_Yuen 的帖子

这个应该是误杀.
英文好一点的朋友可以上报给ESET.

老冬腌菜 发表于 2008-5-2 18:26:13

裸奔的飘过~~
ms boinc/ riesel proteins lhc 都没被 ssm 打报告的说,除了boinc 第一次运行项目文件
页: [1]
查看完整版本: minirosetta有沒有毒?

论坛官方淘宝店开业啦~