Advice Request Is "zlunwise.exe" a Windows process ?

Please provide comments and solutions that are helpful to the author of this topic.

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,545
Thanks @Andy Ful for your interest.
The file is not located in any folder; only in C:\zlunwise.exe ; no I did not find "zatutor.exe, zonestub.exe, and zclient.exe".
Is the presence on tyhe NSRL list mening that this file should be malicious ?
The file itself is not malicious, but non-malicious legal files can be abused to execute malware. I doubt if this file in C: root location could be leftover after some legal installation. Thre are two very probable possibilities:
  1. You intentionally/accidentally downloaded this file to this location for some reason.
  2. The file was dropped there by a suspicious (or malicious ) process.
If there are no other signs of a possible infection then there is no need to worry. You can look if there are some other PE files (DLLs, etc.) in the root C: location (the files can be hidden when using default Explorer settings).
 

JB007

Level 26
Thread author
Verified
Top Poster
Well-known
May 19, 2016
1,580
The file itself is not malicious, but non-malicious legal files can be abused to execute malware. I doubt if this file in C: root location could be leftover after some legal installation. Thre are two very probable possibilities:
  1. You intentionally/accidentally downloaded this file to this location for some reason.
  2. The file was dropped there by a suspicious (or malicious ) process.
If there are no other signs of a possible infection then there is no need to worry. You can look if there are some other PE files (DLLs, etc.) in the root C: location (the files can be hidden when using default Explorer settings).
Thanks @Andy Ful for the explanations.
I found 3 "dll" related to "Check Point Software Technologies Ltd." I think that these are ZoneAlarm' leftovers :unsure:

1.PNG
2.PNG
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,545
Thanks @Andy Ful for the explanations.
I found 3 "dll" related to "Check Point Software Technologies Ltd." I think that these are ZoneAlarm' leftovers :unsure:

View attachment 265671
View attachment 265672
You can check the DLLs on VT. If all PE files (DLLs, etc.) are clean and there are no other signs of a possible infection then it is probably OK. I have no idea how these files could be dropped at the root C: location. This is not a location that could be chosen by the ZoneAlarm installer. It would be also untypical for the malware. :)(y)
 

JB007

Level 26
Thread author
Verified
Top Poster
Well-known
May 19, 2016
1,580
You can check the DLLs on VT. If all PE files (DLLs, etc.) are clean and there are no other signs of a possible infection then it is probably OK. I have no idea how these files could be dropped at the root C: location. This is not a location that could be chosen by the ZoneAlarm installer. It would be also untypical for the malware. :)(y)
Thanks @Andy Ful
I'll check with VT ASAP (this desktop is not at my home).
 
  • Like
Reactions: Andy Ful

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top