Advice Request Is "zlunwise.exe" a Windows process ?

Please provide comments and solutions that are helpful to the author of this topic.

silversurfer

Super Moderator
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,207
Hello,
I'm wondering if "zlunwise" is safe and a normal Windows 10 process ?
VT link : VirusTotal
You may uploading to Kaspersky Threat Intelligence Portal

I found your file hash on AnyRun:
 

JB007

Level 26
Thread author
Verified
Top Poster
Well-known
May 19, 2016
1,580
Which antivirus do you have installed on that system?

You may uploading to Kaspersky Threat Intelligence Portal

I found your file hash on AnyRun:

It should be part of ZoneAlarm. So if you are using a ZoneAlarm product, then you have nothing to worry about.
Thanks @SecureKongo and @silversurfer for your answers.
I'll upload the file to KTIP.
Currently I'm using ESET SSP since the end of march (previously KSC) but I remember to have installed ZoneAlarm on this PC 1 or 2 years ago...
 

silversurfer

Super Moderator
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,207
This file seems to be something like "uninstaller" software from Wise, that's shown on AnyRun... but might be related to ZoneAlarm as mentioned by @SecureKongo

new.png

 

JB007

Level 26
Thread author
Verified
Top Poster
Well-known
May 19, 2016
1,580
This file seems to be something like "uninstaller" software from Wise, that's shown on AnyRun... but might be related to ZoneAlarm as mentioned by @SecureKongo

WiseVector ?
Also tested on this PC.
 

silversurfer

Super Moderator
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,207

silversurfer

Super Moderator
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,207
Your file also uploaded to Hybrid Analysis, marked as "whitelisted, based on MD5" so this file hash was known there:

EDIT: But a new file analysis 64-bit, looks different and marked red as "ambiguous"
 
Last edited:

JB007

Level 26
Thread author
Verified
Top Poster
Well-known
May 19, 2016
1,580
Last edited:

Gandalf_The_Grey

Level 83
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,367
Not an answer to the question, but maybe it's time to check your system for leftovers from other antivirus software:
Optimal removal for me is now:
1) Use the av's own uninstaller (Programs and Features).
2) Use the Antivirus Removal Tool to scan for leftovers and optionally run the included av's official specialized uninstaller.
3) Use the Farbar Recovery Scan Tool to clean registered security programs.
4) Use the Registrar Registry Manager to clean the registry
From this thread:
EDIT: added links to the mentioned software.
 
Last edited:

JB007

Level 26
Thread author
Verified
Top Poster
Well-known
May 19, 2016
1,580
Not an answer to the question, but maybe it's time to check your system for leftovers from other antivirus software:

From this thread:
Thanks @Gandalf_The_Grey
I will take a look at this ASAP.
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,545
Last edited:

JB007

Level 26
Thread author
Verified
Top Poster
Well-known
May 19, 2016
1,580
@JB007

Do you also have zatutor.exe, zonestub.exe, and zclient.exe?
What is the location of zlunwise.exe? Is it a part of some installation?

See also:

The file hash is present on the nsrl list.
Thanks @Andy Ful for your interest.
The file is not located in any folder; only in C:\zlunwise.exe ; no I did not find "zatutor.exe, zonestub.exe, and zclient.exe".
Is the presence on tyhe NSRL list mening that this file should be malicious ?
 
Last edited:
  • Like
Reactions: Andy Ful

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top