File e comportamenti sospetti

I file che sono già in esecuzione e la cui attività è dubbia vengono rilevati come comportamento sospetto, mentre i file che non sembrano affidabili ancora prima della loro esecuzione vengono rilevati come file sospetti.

In questa sezione troverete informazioni sulle due forme di rilevamento. I file segnalati come sospetti potrebbero essere malevoli: sta a voi decidere se considerarli attendibili o meno.

Rilevamento di comportamenti sospetti in fase di esecuzione

• HIPS/DriverMod-001
• HIPS/DriverMod-002
• HIPS/FileMod-001
• HIPS/FileMod-002
• HIPS/FileMod-003
• HIPS/FileMod-004
• HIPS/FileMod-005
• HIPS/FileMod-006
• HIPS/FileMod-007
• HIPS/FileMod-008
• HIPS/FileMod-009
• HIPS/FileMod-010
• HIPS/FileMod-011
• HIPS/FileWriteMod-001
• HIPS/FileWriteMod-002
• HIPS/FileWriteMod-003
• HIPS/FileWriteMod-004
• HIPS/FileWriteMod-005
• HIPS/FileWriteMod-006
• HIPS/FileWriteMod-007
• HIPS/IPConnect-001
• HIPS/IPConnect-002
• HIPS/IPConnect-003
• HIPS/IPConnect-004
• HIPS/ProcInj-001
• HIPS/ProcInj-002
• HIPS/ProcInj-003
• HIPS/ProcInj-004
• HIPS/ProcMod-001
• HIPS/ProcMod-002
• HIPS/ProcMod-003
• HIPS/ProcMod-004
• HIPS/ProcMod-005
• HIPS/ProcMod-006
• HIPS/ProcMod-007
• HIPS/RegMod-001
• HIPS/RegMod-002
• HIPS/RegMod-003
• HIPS/RegMod-004
• HIPS/RegMod-005
• HIPS/RegMod-006
• HIPS/RegMod-007
• HIPS/RegMod-008
• HIPS/RegMod-009
• HIPS/RegMod-010
• HIPS/RegMod-011
• HIPS/RegMod-012
• HIPS/RegMod-013
• HIPS/RegMod-014
• HIPS/RegMod-015
• HIPS/RegMod-016
• HIPS/RegMod-017
• HIPS/RegMod-018
• HIPS/RegMod-019
• HIPS/RegMod-020
• HIPS/RegMod-021
• HIPS/RegMod-022
• HIPS/RegMod-023
• HIPS/RegMod-024
• HIPS/RemFileMod-001
• HIPS/RemFileMod-002
• HIPS/RemFileMod-003
• HPsus/Agent-A
• HPsus/Agent-B
• HPsus/Agent-C
• HPsus/Agent-D
• HPsus/Autorun-A
• HPsus/Autorun-B
• HPsus/BadGuy-A
• HPsus/BadGuy-B
• HPsus/BadGuy-C
• HPsus/Badguy-D
• HPsus/Botta-A
• HPsus/Botta-B
• HPsus/CpLink-A
• HPsus/CpyTroj-A
• HPsus/CpyTroj-B
• HPsus/CpyTroj-C
• HPsus/DBot-A
• HPsus/Dldr-A
• HPsus/Dldr-B
• HPsus/DrvDrop-A
• HPsus/DrvDrop-B
• HPsus/FakeAV-A
• HPsus/FakeAV-C
• HPsus/FakeAV-D
• HPsus/FakeAV-E
• HPsus/Finfect-A
• HPsus/Foul-A
• HPsus/Hijack-A
• HPsus/Hijack-B
• HPsus/Hijack-C
• HPsus/Hijack-D
• HPsus/Hijack-E
• HPsus/ImgDrop-A
• HPsus/Inject-A
• HPsus/Inject-B
• HPsus/OSMod-A
• HPsus/OSMod-B
• HPsus/Palevo-A
• HPsus/Qbot-A
• HPsus/Refpron-A
• HPsus/RegDef-A
• HPsus/RunDel-A
• HPsus/Scribb-B
• HPsus/SrvDrop-A
• HPsus/Stealth-A
• HPsus/Stealth-B
• HPsus/SVCcopy-A
• HPsus/SysDrop-A
• HPsus/SysDrop-B
• HPsus/SysDrop-C
• HPsus/SysDrop-D
• HPsus/SysLoad-A
• HPsus/TDLrtk-A
• HPsus/TDLrtk-B
• HPsus/TroDrp-A
• HPsus/TSpy-A
• HPsus/TSpy-B
• HPsus/Zbot-A
• HPsus/Zbot-B
• HPsus/Zbot-C

Rilevamento dei buffer overflow

I buffer overflow li trattiamo con sospetto, perch possono essere una forma di attacco durante la fase di esecuzione di un programma, che consente a un codice malevolo di accedere a un sistema senza autorizzazione. Tuttavia, non tutti i file e i processi che causano un sovraccarico dei buffer presentano rischi di sicurezza.

Se siete sicuri che il buffer overflow rilevato non costituisca una minaccia, autorizzatelo. Se avete dei dubbi, inviate il file ai SophosLabs, che lo analizzeranno.

Rilevamento pre-esecuzione dei file sospetti

• HPsus/Autorun-D
• HPsus/Autorun-E
• HPsus/DelfInj-A
• HPsus/Dorkbot-A
• HPsus/EncPk-C
• HPsus/EncPk-D
• HPsus/EncPk-F
• HPsus/FakeAV-G
• HPsus/FakeAV-H
• HPsus/FakeAV-J
• HPsus/KrnPtch-A
• HPsus/Palevo-B
• HPsus/Poison-A
• HPsus/TDLrtk-C
• HPsus/TDLrtk-D
• HPsus/TDLrtk-E
• Sus/20111276-A
• Sus/20112110-B
• Sus/20120183-A
• Sus/AdClick-A
• Sus/AdInst-A
• Sus/Agent-EW
• Sus/Agent-IQ
• Sus/AppdURL-A
• Sus/ASFDldr-A
• Sus/AutoInf-A
• Sus/AutoInf-B
• Sus/AutoIt-A
• Sus/Autorun-E
• Sus/Autorun-IC
• Sus/AVKill-B
• Sus/BadPDF-A
• Sus/BadRar-A
• Sus/Badsrc-F
• Sus/Badsrc-G
• Sus/Badsrc-K
• Sus/BadSVC-A
• Sus/BancDl-B
• Sus/BancSpy-A
• Sus/BanHosts-A
• Sus/Banker-D
• Sus/BankPrj-A
• Sus/Banload-A
• Sus/Banspy-A
• Sus/BatFTP-A
• Sus/Behav-1000
• Sus/Behav-1001
• Sus/Behav-1002
• Sus/Behav-1003
• Sus/Behav-1004
• Sus/Behav-1005
• Sus/Behav-1006
• Sus/Behav-1007
• Sus/Behav-1009
• Sus/Behav-1010
• Sus/Behav-1011
• Sus/Behav-1012
• Sus/Behav-1013
• Sus/Behav-1014
• Sus/Behav-1015
• Sus/Behav-1016
• Sus/Behav-1017
• Sus/Behav-1018
• Sus/Behav-1019
• Sus/Behav-1020
• Sus/Behav-1022
• Sus/Behav-1023
• Sus/Behav-113
• Sus/Behav-129
• Sus/Behav-166
• Sus/Behav-168
• Sus/Behav-169
• Sus/Behav-192
• Sus/Behav-194
• Sus/Behav-200
• Sus/Behav-226
• Sus/Behav-231
• Sus/Behav-237
• Sus/Behav-258
• Sus/Behav-269
• Sus/Behav-272
• Sus/Behav-273
• Sus/Behav-277
• Sus/Behav-279
• Sus/Behav-282
• Sus/Behav-283
• Sus/Behav-287
• Sus/Behav-288
• Sus/Behav-289
• Sus/Behav-292
• Sus/Behav-297
• Sus/Behav-325
• Sus/Behav-341
• Sus/Behav-349
• Sus/Behav-373
• Sus/Behav-376
• Sus/Behav-377
• Sus/BHIfr-A
• Sus/BHO-G
• Sus/BHO-L
• Sus/BifIcon-A
• Sus/Bifrose-A
• Sus/Bredo-B
• Sus/BunIcon-A
• Sus/Cazcan-A
• Sus/CFNBehav-A
• Sus/ClassLdr-A
• Sus/CoCCEXE-A
• Sus/CoCCPDF-A
• Sus/ComPack
• Sus/ComPack-B
• Sus/ComPack-D
• Sus/ComPack-E
• Sus/ComPack-F
• Sus/ComPack-G
• Sus/Compack-H
• Sus/ComPack-I
• Sus/ComPack-J
• Sus/ComPack-K
• Sus/ComPack-L
• Sus/ComPack-M
• Sus/Conficker-A
• Sus/CoreFlood-A
• Sus/CorruptPE-A
• Sus/CP-A
• Sus/Cplink-A
• Sus/Cplink-B
• Sus/Crobot-A
• Sus/DamAG-A
• Sus/Dbot-A
• Sus/Dbot-B
• Sus/DCom-A
• Sus/DDialer-A
• Sus/DecRun-A
• Sus/Delp-E
• Sus/DialerGen-A
• Sus/DisZlob-A
• Sus/DldrFilt-A
• Sus/Dllhook-A
• Sus/DllName-B
• Sus/Dload-D
• Sus/Dload-F
• Sus/Dload-I
• Sus/Dloadr-G
• Sus/DLRedir-A
• Sus/DocDrop-B
• Sus/DodgyIc-A
• Sus/DodgyURL-A
• Sus/DOSCom-A
• Sus/DotINEXE-A
• Sus/Drop-B
• Sus/Drop-E
• Sus/Dropper-AE
• Sus/Dropper-R
• Sus/DrvDrop-A
• Sus/Emogen-AB
• Sus/Emogen-J
• Sus/Emogen-W
• Sus/EncJS-A
• Sus/EncPk-CC
• Sus/EncPk-CZ
• Sus/EncPk-FA
• Sus/EncPk-FL
• Sus/EncPk-GI
• Sus/EncPk-HV
• Sus/EncPk-HX
• Sus/EncPk-ID
• Sus/Encpk-IP
• Sus/EncPk-IX
• Sus/EncPk-JG
• Sus/EncPK-JR
• Sus/EncPk-LB
• Sus/EncPk-LT
• Sus/EncPk-LW
• Sus/EncPk-MD
• Sus/EncPk-MR
• Sus/EncPk-OC
• Sus/Encpk-OL
• Sus/Encpk-PA
• Sus/EncPk-PI
• Sus/EncPk-QB
• Sus/EncPk-RR
• Sus/EncPk-RS
• Sus/EncPk-TO
• Sus/EncPk-VO
• Sus/EncPk-WC
• Sus/ExePage-A
• Sus/ExeScript-A
• Sus/ExpApp-A
• Sus/ExpJS-AM
• Sus/ExpJS-I
• Sus/ExpSWF-A
• Sus/FakeAV-A
• Sus/FakeAV-CF
• Sus/FakeAV-CM
• Sus/FakeAV-CY
• Sus/FakeAV-Dam
• Sus/FakeAV-DJ
• Sus/FakeSnd-B
• Sus/FakeVir-F
• Sus/FakeVirPk-A
• Sus/FAVPay-A
• Sus/FBJack-A
• Sus/FBScam-A
• Sus/Feebsesk-A
• Sus/Flake-A
• Sus/Fraud-A
• Sus/GamerPSW-A
• Sus/Generic-D
• Sus/Gifar-A
• Sus/Graybird-B
• Sus/GUnkPack-A
• Sus/HcpExpl-A
• Sus/HidScr-A
• Sus/Hiloti-A
• Sus/HkAutoIT-A
• Sus/HookQSI-A
• Sus/HttpGet-A
• Sus/IExpIcon-A
• Sus/Iframe-A
• Sus/Iframe-AE
• Sus/Iframe-G
• Sus/Iframe-Gen
• Sus/Iframe-GH
• Sus/Iframe-J
• Sus/Iframe-K
• Sus/Iframe-L
• Sus/Iframe-M
• Sus/Iframe-P
• Sus/Iframe-Q
• Sus/Impy-A
• Sus/Inbase-A
• Sus/Inject-C
• Sus/Jafuzzo-A
• Sus/Jafuzzo-B
• Sus/JavaBaDo-A
• Sus/JavaCDK-A
• Sus/JavaCL-A
• Sus/JavaCmC-A
• Sus/JavaCoH-A
• Sus/JavaDes-A
• Sus/JavaDeSp-A
• Sus/JavaDUCL-A
• Sus/JavaHibis-A
• Sus/JavaHoxo-A
• Sus/JavaHr-A
• Sus/JavaHu-A
• Sus/JavaHux-A
• Sus/JavaKone-A
• Sus/JavaKP-A
• Sus/JavaKP-B
• Sus/JavaKP-C
• Sus/JavaLoBo-A
• Sus/JavaLR-A
• Sus/JavaMeO-A
• Sus/JavaMeO-B
• Sus/JavaObCL-A
• Sus/JavaObf-A
• Sus/JavaObf-B
• Sus/JavaObSnd-A
• Sus/JavaPld-A
• Sus/JavaPS-A
• Sus/JavaRuHu-A
• Sus/JavaSh-A
• Sus/JavaSnd-A
• Sus/JavaSOO-A
• Sus/JolProp-A
• Sus/JSFilt-A
• Sus/JSFilt-B
• Sus/JSFilt-C
• Sus/JSFilt-XX
• Sus/JSGetExe-A
• Sus/JSIfrLd-B
• Sus/JSRedir-G
• Sus/JVBadByt-C
• Sus/JVZelDec-A
• Sus/JVZelObf-A
• Sus/KernelHk-A
• Sus/Keygen-A
• Sus/Krap-B
• Sus/Krap-C
• Sus/Krap-D
• Sus/Krap-E
• Sus/Krap-O
• Sus/KrapJob-A
• Sus/LinAnAV-A
• Sus/LinXploit-A
• Sus/LnkFkFldr-A
• Sus/LnkFkFldr-B
• Sus/LnkFkFldr-C
• Sus/LnkZip-A
• Sus/Madcode-A
• Sus/MailBank-A
• Sus/Malware-A
• Sus/Malware-B
• Sus/Malware-C
• Sus/Mdrop-C
• Sus/Mdrop-H
• Sus/Mdrop-J
• Sus/MoleUltr-A
• Sus/MoSCamF-A
• Sus/Mourn-A
• Sus/MSIL-A
• Sus/MulVGC-A
• Sus/MxLive-A
• Sus/MzEntry-A
• Sus/NTRootK-A
• Sus/NtStDll-A
• Sus/NullAtEP-A
• Sus/ObfJS-AT
• Sus/ObfJS-AU
• Sus/ObfJS-BD
• Sus/ObfJS-BF
• Sus/ObfJS-BG
• Sus/ObfJS-BI
• Sus/ObfJS-BK
• Sus/ObfJS-BL
• Sus/ObfJS-BQ
• Sus/ObfJS-Gen
• Sus/Off38-A
• Sus/OSChkJar-A
• Sus/Parasit-A
• Sus/PDFEx-EU
• Sus/PDFEx-L
• Sus/PDFJs-AD
• Sus/PDFJs-K
• Sus/PDFJs-Q
• Sus/PDFJs-R
• Sus/PDFJs-RE
• Sus/PDFJs-S
• Sus/PDFJs-T
• Sus/Phish-B
• Sus/Pigeo-F
• Sus/Plaost-A
• Sus/ProbGrBr-A
• Sus/Proxy-A
• Sus/Proxy-B
• Sus/Psyme-A
• Sus/QHost-B
• Sus/QQDll-A
• Sus/RarHosts-A
• Sus/Refpron-A
• Sus/Rootkit-A
• Sus/RootKit-G
• Sus/RootKit-I
• Sus/Rorpian-B
• Sus/Rorpian-C
• Sus/Rugo-A
• Sus/Sality-A
• Sus/SBRedir-A
• Sus/Scribble-A
• Sus/Scribble-B
• Sus/ScribHos-A
• Sus/SCVhost-A
• Sus/Seimon-C
• Sus/SEORed-C
• Sus/SFCHck-A
• Sus/Sharbi-A
• Sus/SmDldr-A
• Sus/Spy-B
• Sus/Spytool-A
• Sus/Svchost-B
• Sus/SvchostS-A
• Sus/SWFDlr-A
• Sus/SWFRdr-A
• Sus/SWFRedir-A
• Sus/SWFScene-A
• Sus/Swizzor-G
• Sus/TDL3Sys-A
• Sus/TDSSFN-A
• Sus/TDSSPack-AT
• Sus/TDSSPack-H
• Sus/TDSSUrl-A
• Sus/TibsName-A
• Sus/TinyDL-G
• Sus/Tiotua-A
• Sus/Tiotua-B
• Sus/Trko-B
• Sus/Tweet-A
• Sus/Uddo-B
• Sus/Unescape-A
• Sus/UnkPack-B
• Sus/UnkPacker
• Sus/Varcat-A
• Sus/VB-ABS
• Sus/VB-AJ
• Sus/VB-AN
• Sus/VB-AY
• Sus/VB-BA
• Sus/VB-BB
• Sus/VB-BD
• Sus/VB-BE
• Sus/VB-BG
• Sus/VB-BI
• Sus/VB-BR
• Sus/VB-BT
• Sus/VB-FM
• Sus/VB-H
• Sus/VB-V
• Sus/VBDl-A
• Sus/VBDldr-E
• Sus/VBDrop-A
• Sus/VBDrop-B
• Sus/VBDrop-H
• Sus/VBDWN-J
• Sus/VBInject-C
• Sus/Veneb-B
• Sus/VirtSus-A
• Sus/Virtum-B
• Sus/Virtum-C
• Sus/Waled-A
• Sus/WebStart-A
• Sus/Zhengtu-A
• Sus/Zirit-A
• Sus/Zlob-O
• Sus/ZlobInst-A
• Sus/ZlobLike-A

Se avete dei dubbi sullo stato di un file, inviatelo ai SophosLabs, che ne effettueranno un'analisi.

Submit a sample

Prova gratuita dei prodotti Sophos
Scarica subito