Jump to content

chen

Members
  • Content Count

    36
  • Joined

  • Last visited

  • Days Won

    1

Everything posted by chen

  1. I have sent a letter to Immunet development team, the following are Immunet development team Reply. [We're currently looking into the DLL hijacking vulnerability, we'll report back with our findings soon]
  2. Hi The following URL is what I find out from the record immunet installation site, you can try. https://sourcefire-apps.s3.amazonaws.com/av/protect/3.1.13.9671/installer-en-us-32-tcp.exe
  3. windows defender is closed or open If windows defender is open and appears that windows has detected that antispyware and malware. Make sure immunet appear connect to the immunet cloud notification icon If you do not appear connect to the immunet cloud 1 Please re-open immunet Service 2 Open 80 - TCP (HTTP) 443 - TCP (HTTPS) 32137 - TCP If not possible, please to reinstall or send a letter to immunet support.
  4. What windows version are you using.
  5. Immunet Protect Free Antivirus 3.1.13.9666
  6. About immunet some problems, I think for a long time, hope u guys discussed. 1.immunet sometimes occurs not connect immunet database (the cloud),can change the UI used in offline mode. 2.can change using engine ETHOS heuristics techniques to detect unknown virus in offline mode(there engine ETHOS is a heuristics based engine, and anything found to be malicious by ETHOS is added to the cloud so that the other products can detect it). 3.Increase in multiple languages,There are countless volunteers worldwide, only immunet team willing, can be translated into local languages. 4.can change the off monitor program install, open monitor program start, immunet can be detected as malware, do not occur open monitor program install can be detected as malware, off monitor program install( monitor program start is open) can't be detected as malware. 5.immunet analysis capabilities, response time, to detect unknown threats capabilities a lot of room for improvement, at least let me have a look W32.SPERO or W32.ETHOS, amazon ec2 network disconnection pretty big plus in each country network situation is different, so immunet must think carefully about amazon ec2 network disconnection problems, 6.Can develop Behaviour Blocker, let Behaviour Blocker and heuristics techniques together to defend.
  7. 1. So ETHOS engine is similar to the Norton sonar, find unknown malicious, will join immunet cloud, so if there is no network in the case, ETHOS engine and SPERO engine not can be protected against malware infected. 2. For ETHOS engine and SPERO engine, I have a question to ask, I have encountered a malicious program, he will block the security vendors URL, resulting in I can not use online scan way to remove the virus ,In the process immunet are without any warning messages, I did not start the game mode or off the cloud message, but immunet is without any warning messages, so I suspect immunet no effect until I the sample sent submit@samples.immunet.com, over 48 hr, immunet was detected ‧
  8. chen

    白+黑樣本

    Hi Francis This is not a great idea, but have hackers to do so, in 2012, China has this virus, when I submit samples to Avast, and inform this case, received notice from avast, the avast virus experts being processed , after 24 hours, avast! Community IQ can detect, a that Fortinet first time analysis to confirm the non-toxic, and then I wrote to them please re-analyzed to confirm is malware. I have around a sample of this type of, and Francis there is a need I can submit to Francis. The following is a sample analysis results Virustotal:https://www.virustotal.com/en/file/f247f2a9ff501d99abad91d28ecad03865229d13c7e3b47a43af927795fec86b/analysis/1366161258/
  9. Immunet can setup online sandbox(the online analysis system), like Comodo CIMA and Anubis, 1.for some users can submit suspicious files to Immunet online sandbox, not only can understand the file is not malware. If a file is suspicious, the Immunet client can be quarantine files , to avoid poisoning, compared to the general anti-virus programs submit sample, wait for some time to update signature,compared ,can enhance the response speed. 2.online sandbox can be connected to the immunet samples automated system, If a file let immunet online analysis system determined is suspicious,but Immunet samples Automated system analysis file results is security , this time can be send instructions to immunet client to restore the file from quarantine.
  10. chen

    白+黑樣本

    I would like to ask the sample immunet automation system can be analyzed white + black sample. 1. I first explain what is called white + black sample, the so-called "white + black" refers to hackers Use by formal software bundled with malicious program to spread the virus means. As we all know, most software installation need to run an exe file, the current mainstream exe installation file has loaded the process of the dll files, but not to verify the legitimacy of the dll files.The hackers took advantage of this loophole, the normal dll files replace the as malicious dll files. because the loader with a legitimate digital signature, most of the security software don't detect. 2.immunet automation system can be analyzed white + black sample.If can't,can setup an email address, by the immunet team human analysis sample and joining Immunet signature.
  11. Hi Thank you for the description, but I use the free version, so I can not start the TETRA engine detection,so this should not be TETRA engine caused, There may be other causes the generation of a problem.
  12. Q:Scan Archive Files and Scan Packed Files is turned on or off? A: on Q:Also what is the name of the detection so we know which module is detecting the zip file. A:has been detected as rogue:VLHJO-tpd. quarantine was successful
  13. I recently put a large number of samples compressed into the ZIP file submitted to immunet do analysis. I found a few things I would like to not understand 1. Immunet can be detected containing a large number of samples ZIP file. 2. Decompress containing a large number of samples ZIP file, immunet can not be detected. For example 10 samples were compressed into a zip file, and named 123, 123 zip file submitted immunet ,immunet detected 123 zip file as a virus, but the 123 zip file inside the 10 samples decompress ,use immunet to go scan ,immunet judged clean. In addition, the problem if you do not fit in the version of the district to discuss, please forgive me, because I do not know where to put the problem.
  14. hi ritchie58 107.22.2.73 and 50.17.62.228,Please ritchie58 use the ping command to test immunet in amazonaws Ec2 server, 107.22.2.73 and 50.17.62.228 presence or absence of response.
  15. chen

    Virus Sample

    hi ritchie58 I want to talk about the following things 1.This sample in 4 days ago submitted to clamav team and submit to submit@samples.immunet.com, also sent to support@immunet.com, currently determine clamav can detect, but immunet free can not be detected. clamav: Win.Trojan.PSW.Qqpass Virustotal, anubis, threatexpert and avira scan results anubis:http://anubis.iseclab.org/?action=result&task_id=16e0de2e2fee9b4b4b59314c015712f76&format=html avira:https://analysis.avira.com/en/status?uniqueid=rHMwC7CVR5Hj9x7VgDGbL89BGD4wpURD&incidentid=1321331 threatexpert:http://www.threatexpert.com/report.aspx?md5=f464888e2c71e8889d5b0917d854f607 virustotal:https://www.virustotal.com/file/21095a4a6931a8309121b05d0119db1e3ed95cb6f01ddb76b41b22655b5c5986/analysis/1353679889/ 2 .sample is by the normal EXE files and malicious DLL file a zip file, he caused fortinet For the first time analysis of the samples determined to be clean, but I please fortinet re-analysis DLL file ,before deciding is a Trojan. 3. Notification immunet team determine the samples to an automated system can determine the analysis this sample. 4.Please inform my analysis results. English is poor, so use google translate, translation is not good, please forgive
  16. virus sample password:virus immunet free Cannot detected
  17. The attached file is malware I have been sent to submit@samples.immunet.com But I do not know immunet will attach files detected as clean So please help me to check Thank you virustotal:https://www.virustot...sis/1350287596/ http://www.symantec....h-threats-japan
  18. chen

    Sample

    Sorry that URL submit to support@immunet.com Thank you
  19. chen

    Sample

    File 10.84MB, could not be submitted to submit@samples.immunet.com so I put the files on the network drive so the file download link below
  20. chen

    Sample Test

    OK 1.but sent support@immunet.com, technical support how long reply? 2.Why submit samples, after 24 hours will be detected, and even some have to wait until 36-48 hours detected, sample automated analysis system problems or signature updates time is not fast or immunet the network bandwidth is not enough or user network speed delay. Can please immunet staff look at the problem.
  21. Below is a virus test kits,The bottom of the virus test kits, Moderator download and detect ,If immunet not detected files,Moderator submit immunet,Let immunet can improve the detection ability. Password:芳林新叶催陈叶,流水前波让后波。 Virus samples to download site: [Link Removed] In addition, if the breach of the Rules, please forgive
  22. Hello immunet staff 1.Send the ZIP file encryption support@immunet.com Why was returned to the sender 2.False Positive files submit support@immunet.com, How long immunet not detect 3.can provide by immunet staff Manual analysis e-mail Address
  23. Orlando I would like to use to explain the way may make you even more unclear I would like you to sample compressed into ZIP file and add the password, then use the yahoo mailbox, e-mail containing a sample letter sent to the support@samples.immunet.com and submit@samples.immunet.com, then you know my problem. Because I was in this way, the results of the letter was returned to And received letters of immunet technical support staff, was informed that the sample did not provide immunet Analysis Services ryuusei p.s English sucks, so with the translation, if the meaning is not enough clear, please forgive
  24. But I am suspicious files compressed and join password sent submit@samples.immunet.com or bounce Attachments to the sample, analysis Password: virus sample.zip
×
×
  • Create New...