Archivos y comportamiento sospechosos

Los archivos en ejecución que se comportan de forma cuestionable se detectan como comportamiento sospechoso, mientras que los archivos con aspecto de poca confianza antes de su ejecución se detectan como archivos sospechosos.

En esta sección, encontrará información sobre ambas formas de detección. Es probable que los archivos marcados como sospechosos sean maliciosos, pero usted decide si confiar en ellos o no.

Detección en tiempo de ejecución de comportamientos sospechosos

• HIPS/DriverMod-001
• HIPS/DriverMod-002
• HIPS/FileMod-001
• HIPS/FileMod-002
• HIPS/FileMod-003
• HIPS/FileMod-004
• HIPS/FileMod-005
• HIPS/FileMod-006
• HIPS/FileMod-007
• HIPS/FileMod-008
• HIPS/FileMod-009
• HIPS/FileMod-010
• HIPS/FileMod-011
• HIPS/FileWriteMod-001
• HIPS/FileWriteMod-002
• HIPS/FileWriteMod-003
• HIPS/FileWriteMod-004
• HIPS/FileWriteMod-005
• HIPS/FileWriteMod-006
• HIPS/FileWriteMod-007
• HIPS/IPConnect-001
• HIPS/IPConnect-002
• HIPS/IPConnect-003
• HIPS/IPConnect-004
• HIPS/ProcInj-001
• HIPS/ProcInj-002
• HIPS/ProcInj-003
• HIPS/ProcInj-004
• HIPS/ProcMod-001
• HIPS/ProcMod-002
• HIPS/ProcMod-003
• HIPS/ProcMod-004
• HIPS/ProcMod-005
• HIPS/ProcMod-006
• HIPS/ProcMod-007
• HIPS/RegMod-001
• HIPS/RegMod-002
• HIPS/RegMod-003
• HIPS/RegMod-004
• HIPS/RegMod-005
• HIPS/RegMod-006
• HIPS/RegMod-007
• HIPS/RegMod-008
• HIPS/RegMod-009
• HIPS/RegMod-010
• HIPS/RegMod-011
• HIPS/RegMod-012
• HIPS/RegMod-013
• HIPS/RegMod-014
• HIPS/RegMod-015
• HIPS/RegMod-016
• HIPS/RegMod-017
• HIPS/RegMod-018
• HIPS/RegMod-019
• HIPS/RegMod-020
• HIPS/RegMod-021
• HIPS/RegMod-022
• HIPS/RegMod-023
• HIPS/RegMod-024
• HIPS/RemFileMod-001
• HIPS/RemFileMod-002
• HIPS/RemFileMod-003
• HPsus/Agent-A
• HPsus/Agent-B
• HPsus/Agent-C
• HPsus/Agent-D
• HPsus/Autorun-A
• HPsus/Autorun-B
• HPsus/BadGuy-A
• HPsus/BadGuy-B
• HPsus/BadGuy-C
• HPsus/Badguy-D
• HPsus/Botta-A
• HPsus/Botta-B
• HPsus/CpLink-A
• HPsus/CpyTroj-A
• HPsus/CpyTroj-B
• HPsus/CpyTroj-C
• HPsus/DBot-A
• HPsus/Dldr-A
• HPsus/Dldr-B
• HPsus/DrvDrop-A
• HPsus/DrvDrop-B
• HPsus/FakeAV-A
• HPsus/FakeAV-B
• HPsus/FakeAV-C
• HPsus/FakeAV-D
• HPsus/FakeAV-E
• HPsus/Finfect-A
• HPsus/Foul-A
• HPsus/Hijack-A
• HPsus/Hijack-B
• HPsus/Hijack-C
• HPsus/Hijack-D
• HPsus/Hijack-E
• HPsus/ImgDrop-A
• HPsus/Inject-A
• HPsus/Inject-B
• HPsus/OSMod-A
• HPsus/OSMod-B
• HPsus/Palevo-A
• HPsus/Qbot-A
• HPsus/Refpron-A
• HPsus/RegDef-A
• HPsus/RunDel-A
• HPsus/Scribb-B
• HPsus/SrvDrop-A
• HPsus/Stealth-A
• HPsus/Stealth-B
• HPsus/SVCcopy-A
• HPsus/SysDrop-A
• HPsus/SysDrop-B
• HPsus/SysDrop-C
• HPsus/SysDrop-D
• HPsus/SysLoad-A
• HPsus/TDLrtk-A
• HPsus/TDLrtk-B
• HPsus/TroDrp-A
• HPsus/TSpy-A
• HPsus/TSpy-B
• HPsus/Zbot-A
• HPsus/Zbot-B
• HPsus/Zbot-C

Detección de desbordamientos del búfer

Los desbordamientos del búfer se consideran sospechosos porque pueden utilizarse como ataques en tiempo de ejecución en los que el código malicioso accede a los sistemas de forma no autorizada. Sin embargo, no todos los archivos o procesos que provocan desbordamientos del búfer representan riesgos para la seguridad.

Si está seguro de que un determinado desbordamiento del búfer no es una amenaza, autorícelo. Si no lo está, envíe el archivo a SophosLabs para que lo analicen.

Detección previa ejecución de archivos sospechosos

• HPsus/Autorun-D
• HPsus/Dorkbot-A
• HPsus/EncPk-C
• HPsus/EncPk-D
• HPsus/EncPk-F
• HPsus/FakeAV-G
• HPsus/FakeAV-H
• HPsus/FakeAV-J
• HPsus/Palevo-B
• HPsus/Poison-A
• HPsus/TDLrtk-C
• HPsus/TDLrtk-D
• HPsus/TDLrtk-E
• Sus/20111276-A
• Sus/20112110-B
• Sus/AdClick-A
• Sus/AdInst-A
• Sus/Agent-EW
• Sus/Agent-IQ
• Sus/AppdURL-A
• Sus/ASFDldr-A
• Sus/AutoInf-A
• Sus/AutoInf-B
• Sus/AutoIt-A
• Sus/Autorun-E
• Sus/Autorun-IC
• Sus/AVKill-B
• Sus/BadPDF-A
• Sus/BadRar-A
• Sus/Badsrc-F
• Sus/Badsrc-G
• Sus/BadSVC-A
• Sus/BancDl-B
• Sus/BancSpy-A
• Sus/BanHosts-A
• Sus/Banker-D
• Sus/BankPrj-A
• Sus/Banload-A
• Sus/Banspy-A
• Sus/BatFTP-A
• Sus/Behav-1000
• Sus/Behav-1001
• Sus/Behav-1002
• Sus/Behav-1003
• Sus/Behav-1004
• Sus/Behav-1005
• Sus/Behav-1006
• Sus/Behav-1007
• Sus/Behav-1009
• Sus/Behav-1010
• Sus/Behav-1011
• Sus/Behav-1012
• Sus/Behav-1013
• Sus/Behav-1014
• Sus/Behav-1015
• Sus/Behav-1016
• Sus/Behav-1017
• Sus/Behav-1018
• Sus/Behav-1019
• Sus/Behav-1020
• Sus/Behav-1021
• Sus/Behav-1022
• Sus/Behav-1023
• Sus/Behav-113
• Sus/Behav-129
• Sus/Behav-166
• Sus/Behav-168
• Sus/Behav-169
• Sus/Behav-192
• Sus/Behav-194
• Sus/Behav-200
• Sus/Behav-226
• Sus/Behav-231
• Sus/Behav-237
• Sus/Behav-258
• Sus/Behav-269
• Sus/Behav-272
• Sus/Behav-273
• Sus/Behav-277
• Sus/Behav-278
• Sus/Behav-279
• Sus/Behav-282
• Sus/Behav-283
• Sus/Behav-287
• Sus/Behav-288
• Sus/Behav-289
• Sus/Behav-292
• Sus/Behav-297
• Sus/Behav-325
• Sus/Behav-341
• Sus/Behav-349
• Sus/Behav-373
• Sus/Behav-376
• Sus/Behav-377
• Sus/BHIfr-A
• Sus/BHO-G
• Sus/BHO-L
• Sus/BifIcon-A
• Sus/Bifrose-A
• Sus/Bredo-B
• Sus/BunIcon-A
• Sus/Cazcan-A
• Sus/CFNBehav-A
• Sus/ClassLdr-A
• Sus/CoCCEXE-A
• Sus/CoCCPDF-A
• Sus/ComPack
• Sus/ComPack-B
• Sus/ComPack-D
• Sus/ComPack-E
• Sus/ComPack-F
• Sus/ComPack-G
• Sus/Compack-H
• Sus/ComPack-I
• Sus/ComPack-J
• Sus/ComPack-K
• Sus/ComPack-L
• Sus/ComPack-M
• Sus/Conficker-A
• Sus/CoreFlood-A
• Sus/CorruptPE-A
• Sus/CP-A
• Sus/Cplink-A
• Sus/Cplink-B
• Sus/Crobot-A
• Sus/DamAG-A
• Sus/Dbot-A
• Sus/Dbot-B
• Sus/DCom-A
• Sus/DDialer-A
• Sus/DecRun-A
• Sus/Delf-J
• Sus/Delp-C
• Sus/Delp-E
• Sus/DialerGen-A
• Sus/DisZlob-A
• Sus/DldrFilt-A
• Sus/Dllhook-A
• Sus/DllName-B
• Sus/Dload-D
• Sus/Dload-F
• Sus/Dload-I
• Sus/Dloadr-G
• Sus/DLRedir-A
• Sus/DocDrop-B
• Sus/DodgyIc-A
• Sus/DodgyURL-A
• Sus/DOSCom-A
• Sus/DotINEXE-A
• Sus/Drop-B
• Sus/Drop-E
• Sus/Dropper-AE
• Sus/Dropper-R
• Sus/DrvDrop-A
• Sus/Emogen-AB
• Sus/Emogen-J
• Sus/Emogen-W
• Sus/Emogen-X
• Sus/EncJS-A
• Sus/EncPk-CC
• Sus/EncPk-CZ
• Sus/EncPk-FA
• Sus/EncPk-FL
• Sus/EncPk-GI
• Sus/EncPk-HV
• Sus/EncPk-HX
• Sus/EncPk-ID
• Sus/Encpk-IP
• Sus/EncPk-IX
• Sus/EncPk-JG
• Sus/EncPK-JR
• Sus/EncPk-LB
• Sus/EncPk-LT
• Sus/EncPk-LW
• Sus/EncPk-MD
• Sus/EncPk-MR
• Sus/EncPk-OC
• Sus/Encpk-OL
• Sus/Encpk-PA
• Sus/EncPk-PI
• Sus/EncPk-QB
• Sus/EncPk-RR
• Sus/EncPk-RS
• Sus/EncPk-TO
• Sus/EncPk-VO
• Sus/EncPk-WC
• Sus/EnkPk-A
• Sus/ExePage-A
• Sus/ExeScript-A
• Sus/ExpApp-A
• Sus/ExpJS-I
• Sus/ExpSWF-A
• Sus/FakeAV-A
• Sus/FakeAV-CF
• Sus/FakeAV-CM
• Sus/FakeAV-CY
• Sus/FakeAV-Dam
• Sus/FakeAV-DJ
• Sus/FakeSnd-B
• Sus/FakeVir-F
• Sus/FakeVirPk-A
• Sus/FAVPay-A
• Sus/FBJack-A
• Sus/Feebsesk-A
• Sus/Flake-A
• Sus/Fraud-A
• Sus/GamerPSW-A
• Sus/Generic-D
• Sus/Gifar-A
• Sus/Graybird-B
• Sus/GUnkPack-A
• Sus/HcpExpl-A
• Sus/HidScr-A
• Sus/Hiloti-A
• Sus/HkAutoIT-A
• Sus/HookQSI-A
• Sus/HttpGet-A
• Sus/IExpIcon-A
• Sus/Iframe-A
• Sus/Iframe-G
• Sus/Iframe-Gen
• Sus/Iframe-GH
• Sus/Iframe-J
• Sus/Iframe-K
• Sus/Iframe-L
• Sus/Iframe-M
• Sus/Iframe-P
• Sus/Iframe-Q
• Sus/Impy-A
• Sus/Inbase-A
• Sus/Inject-C
• Sus/Jafuzzo-A
• Sus/Jafuzzo-B
• Sus/JavaBaDo-A
• Sus/JavaCDK-A
• Sus/JavaCL-A
• Sus/JavaCmC-A
• Sus/JavaCoH-A
• Sus/JavaDes-A
• Sus/JavaDeSp-A
• Sus/JavaDUCL-A
• Sus/JavaHibis-A
• Sus/JavaHoxo-A
• Sus/JavaHr-A
• Sus/JavaHu-A
• Sus/JavaHux-A
• Sus/JavaKone-A
• Sus/JavaKP-A
• Sus/JavaKP-B
• Sus/JavaKP-C
• Sus/JavaLoBo-A
• Sus/JavaLR-A
• Sus/JavaMeO-A
• Sus/JavaMeO-B
• Sus/JavaObCL-A
• Sus/JavaObSnd-A
• Sus/JavaPld-A
• Sus/JavaPS-A
• Sus/JavaRuHu-A
• Sus/JavaSh-A
• Sus/JavaSnd-A
• Sus/JavaSOO-A
• Sus/JolProp-A
• Sus/JSFilt-A
• Sus/JSFilt-B
• Sus/JSFilt-C
• Sus/JSFilt-XX
• Sus/JSGetExe-A
• Sus/JSIfrLd-B
• Sus/JSRedir-G
• Sus/JVBadByt-A
• Sus/JVBadByt-C
• Sus/KernelHk-A
• Sus/Keygen-A
• Sus/Krap-B
• Sus/Krap-C
• Sus/Krap-D
• Sus/Krap-E
• Sus/Krap-O
• Sus/KrapJob-A
• Sus/LinAnAV-A
• Sus/LinXploit-A
• Sus/LnkFkFldr-A
• Sus/LnkFkFldr-B
• Sus/LnkFkFldr-C
• Sus/LnkZip-A
• Sus/Madcode-A
• Sus/MailBank-A
• Sus/Malware-A
• Sus/Malware-B
• Sus/Malware-C
• Sus/Mdrop-C
• Sus/Mdrop-H
• Sus/Mdrop-J
• Sus/MoleUltr-A
• Sus/MoSCamF-A
• Sus/Mourn-A
• Sus/MSIL-A
• Sus/MulVGC-A
• Sus/MxLive-A
• Sus/MzEntry-A
• Sus/NTRootK-A
• Sus/NtStDll-A
• Sus/NullAtEP-A
• Sus/ObfJS-AT
• Sus/ObfJS-AU
• Sus/ObfJS-BD
• Sus/ObfJS-BF
• Sus/ObfJS-BG
• Sus/ObfJS-BI
• Sus/ObfJS-BK
• Sus/ObfJS-BL
• Sus/ObfJS-BQ
• Sus/ObfJS-Gen
• Sus/Off38-A
• Sus/Parasit-A
• Sus/PDFEx-EU
• Sus/PDFJs-AD
• Sus/PDFJs-K
• Sus/PDFJs-Q
• Sus/PDFJs-R
• Sus/PDFJs-RE
• Sus/PDFJs-S
• Sus/PDFJs-T
• Sus/Phish-B
• Sus/Pigeo-F
• Sus/Plaost-A
• Sus/ProbGrBr-A
• Sus/Proxy-A
• Sus/Proxy-B
• Sus/Psyme-A
• Sus/QHost-B
• Sus/QQDll-A
• Sus/RarHosts-A
• Sus/Refpron-A
• Sus/Rootkit-A
• Sus/RootKit-G
• Sus/RootKit-I
• Sus/Rorpian-B
• Sus/Rorpian-C
• Sus/Rugo-A
• Sus/Sality-A
• Sus/SBRedir-A
• Sus/Scribble-A
• Sus/Scribble-B
• Sus/ScribHos-A
• Sus/SCVhost-A
• Sus/Seimon-C
• Sus/SEORed-C
• Sus/SFCHck-A
• Sus/Sharbi-A
• Sus/SmDldr-A
• Sus/Spy-B
• Sus/Spytool-A
• Sus/Svchost-B
• Sus/SvchostS-A
• Sus/SWFDlr-A
• Sus/SWFRdr-A
• Sus/SWFRedir-A
• Sus/SWFScene-A
• Sus/Swizzor-G
• Sus/TDL3Sys-A
• Sus/TDSSFN-A
• Sus/TDSSPack-AT
• Sus/TDSSPack-H
• Sus/TDSSUrl-A
• Sus/TibsName-A
• Sus/TinyDL-G
• Sus/Tiotua-A
• Sus/Tiotua-B
• Sus/Trko-B
• Sus/Tweet-A
• Sus/Uddo-B
• Sus/Unescape-A
• Sus/UnkPack-B
• Sus/UnkPacker
• Sus/Varcat-A
• Sus/VB-ABS
• Sus/VB-AJ
• Sus/VB-AN
• Sus/VB-AY
• Sus/VB-BA
• Sus/VB-BB
• Sus/VB-BD
• Sus/VB-BE
• Sus/VB-BG
• Sus/VB-BI
• Sus/VB-BR
• Sus/VB-BT
• Sus/VB-FM
• Sus/VB-H
• Sus/VB-V
• Sus/VBDl-A
• Sus/VBDldr-E
• Sus/VBDrop-A
• Sus/VBDrop-B
• Sus/VBDrop-H
• Sus/VBDWN-J
• Sus/VBInject-C
• Sus/Veneb-B
• Sus/VirtSus-A
• Sus/Virtum-B
• Sus/Virtum-C
• Sus/Waled-A
• Sus/WebStart-A
• Sus/Zhengtu-A
• Sus/Zirit-A
• Sus/Zlob-O
• Sus/ZlobInst-A
• Sus/ZlobLike-A

Si duda de la naturaleza de algún archivo, envíelo a SophosLabs para que lo analicen.

Enviar una muestra

Pruebe los productos de Sophos totalmente gratis
Descargue una evaluación gratuita