Advice Request Is "zlunwise.exe" a Windows process ?

Please provide comments and solutions that are helpful to the author of this topic.
JB007 said:
Thanks @Andy Ful for your interest.
The file is not located in any folder; only in C:\zlunwise.exe ; no I did not find "zatutor.exe, zonestub.exe, and zclient.exe".
Is the presence on tyhe NSRL list mening that this file should be malicious ?
Click to expand...
The file itself is not malicious, but non-malicious legal files can be abused to execute malware. I doubt if this file in C: root location could be leftover after some legal installation. Thre are two very probable possibilities:
  1. You intentionally/accidentally downloaded this file to this location for some reason.
  2. The file was dropped there by a suspicious (or malicious ) process.
If there are no other signs of a possible infection then there is no need to worry. You can look if there are some other PE files (DLLs, etc.) in the root C: location (the files can be hidden when using default Explorer settings).
 
  • Thanks
  • Like
Reactions: JB007 and marcopaone
Andy Ful said:
The file itself is not malicious, but non-malicious legal files can be abused to execute malware. I doubt if this file in C: root location could be leftover after some legal installation. Thre are two very probable possibilities:
  1. You intentionally/accidentally downloaded this file to this location for some reason.
  2. The file was dropped there by a suspicious (or malicious ) process.
If there are no other signs of a possible infection then there is no need to worry. You can look if there are some other PE files (DLLs, etc.) in the root C: location (the files can be hidden when using default Explorer settings).
Click to expand...
Thanks @Andy Ful for the explanations.
I found 3 "dll" related to "Check Point Software Technologies Ltd." I think that these are ZoneAlarm' leftovers :unsure:

1.PNG
2.PNG
 
  • Like
Reactions: roger_m, harlan4096 and Andy Ful
JB007 said:
Thanks @Andy Ful for the explanations.
I found 3 "dll" related to "Check Point Software Technologies Ltd." I think that these are ZoneAlarm' leftovers :unsure:

View attachment 265671
View attachment 265672
Click to expand...
You can check the DLLs on VT. If all PE files (DLLs, etc.) are clean and there are no other signs of a possible infection then it is probably OK. I have no idea how these files could be dropped at the root C: location. This is not a location that could be chosen by the ZoneAlarm installer. It would be also untypical for the malware. :)(y)
 
  • Like
  • Thanks
Reactions: JB007 and harlan4096
Andy Ful said:
You can check the DLLs on VT. If all PE files (DLLs, etc.) are clean and there are no other signs of a possible infection then it is probably OK. I have no idea how these files could be dropped at the root C: location. This is not a location that could be chosen by the ZoneAlarm installer. It would be also untypical for the malware. :)(y)
Click to expand...
Thanks @Andy Ful
I'll check with VT ASAP (this desktop is not at my home).
 
  • Like
Reactions: Andy Ful

You may also like...