omidomi

Level 65
Trusted
Malware Hunter
Verified
If Kaspersky isn't removing its detection against ZAM, then can it be that it's really a true detection? :D
today , here is not problem, but yesterday yes!
amazing thing is : today many of MH users (Hitman pro detected zemana as malware for them...) got this issue but for me no o_O
you can see here:
https://malwaretips.com/posts/551730/
I do't think true detection, but Dr.Web also Detected Zemana as malware(its 3 or 4 weeks until now) and my concern is...:confused:
 

harlan4096

Moderator
Staff member
Malware Hunter
Verified
This could have a thought, as it seems 1st firm in detected ZAM was Kaspersky, the others which are also detecting now it after 2 days just copied the detection :D:p

Just joking :D I know this is not true, because some detections are generic, others heur and others specific...
 

DardiM

Level 26
Trusted
Malware Hunter
Verified
I use KIS 2017(b)+ Zemana Anti Malware 2.50.133
Hitman Pro uses Kaspersky engine,today many of MH users got Fp (hitman pro detected Zemana as malware),why you said not problem with Kaspersky and zemana o_O:rolleyes:
https://malwaretips.com/threads/8-10-16-4.64264/
see here also:
http://whitelisting.kaspersky.com/advisor#search/6ba102896e1569693188362e50065163
"why you said not problem with Kaspersky and zemana o_O:rolleyes:"

=> I said that I haven't got this problem on My PC, not said that nobody has this problem :p

That is why it looked strange ...

So I tried to understand, and the result is :

zam.jpg

ZAM shows me 2.50.2.133 version, but it seems KTS auto put in quarantine the zam update exe prog (update_{DB10CABC-BE6B-4CE1-BB97-91A2C4701577}.exe) and kept the old zam.exe. That is why on my precedent post, on the picture the date seen was from 04/10/2016​

upload_2016-10-8_18-46-31.png
 
Last edited:

omidomi

Level 65
Trusted
Malware Hunter
Verified
"why you said not problem with Kaspersky and zemana o_O:rolleyes:"

=> I said that I haven't got this problem on My PC, not said that nobody has this problem :p

That is why it looked strange ...

So I tried to understand, and the result is :

View attachment 117723

ZAM shows me 2.50.133 version, but it seems KTS auto put in quarantine the zam update exe prog (update_{DB10CABC-BE6B-4CE1-BB97-91A2C4701577}.exe) and kept the old zam.exe. That is why on my precedent post, on the picture the date seen was from 04/10/2016​

oops you are right, yup its my fault, sorry my english is not good :(
btw:its strange your Kaspersky is different from the other :D
this is why I suspected to GEO problem :rolleyes:
 

DardiM

Level 26
Trusted
Malware Hunter
Verified
oops you are right, yup its my fault, sorry my english is not good :(
btw:its strange your Kaspersky is different from the other :D
In fact, i think only the setting change (not default setting), no "infection" but in this case, it have directly put in quarantine the updater, so Zam kept the good "old" zam.exe (but changes the version number in the gui lol)
 
Last edited:

XhenEd

Level 27
Content Creator
Trusted
Verified
What surprises me more right now is not that Zemana is (falsely) detected, but that the AVs detecting it are not removing the detection up to now.

It's my belief that FPs must be addressed as soon as possible because in the first place FPs are not malicious and therefore should not be detected and deleted.
 

mlnevese

Level 15
Verified
What surprises me more right now is not that Zemana is (falsely) detected, but that the AVs detecting it are still not removing the detection up to now.

It's my belief that FPs must be addressed as soon as possible because in the first place FPs are not malicious and therefore should not be detected and deleted.
If the other vendors are detecting an unencrypted malware pattern in Zemana, as I believe, then it's Zemana who must fix their software, not the other vendors.
 

DardiM

Level 26
Trusted
Malware Hunter
Verified
To make some tests :
1) I restored my system from a backup created the 14/09/2017 (dd/mm/yy) :

=> ZAM 2.30.2.75

I installed a clean version of KTS 2017 : all setting by default

=> Updating ZAM to 2.50.2.133 version didn't show any report by KTS

- KSN => all ok
- Scan zam.exe => no pb detected
- Kaspersky Application Advisor see : Trojan.Win32.Delf.efbx

So I realy don't understand, lol

Previously, it was directly the updater file that KTS put in quarantine...

Will try with the settings I usually use.

A right click on zam.exe to open the contextual menu makes KTS seems working hard on it, and the contextual menu appears almost up to 25 s after... (it opens immediately on other security exe / files)

=> With Kaspersky deactivated : instant pop of the contextual menu​

2) New Restoration of my system :

=> ZAM 2.30.2.75 : the contextual menu appears immediately (with KTS 2017 protection activated)
3) With another tools :
VoodooShield Pro :
- one prompt for the updater .exe file :

01.jpg 02.jpg

- one prompt for the .tmp file created for installation, but saying it detects it as a safe file :

03.jpg
File: C:\Users\DardiM\AppData\Local\Zemana\Zemana AntiMalware\update_{0A6BE1FB-B623-4C53-B931-6DD80B5BEE3E}.exe
Hash: f2670cb6953793a8ee1ccb3f06c7c903

Detections:
2/56
Kaspersky: UDS:DangerousObject.Multi.Generic
AegisLab: Uds.Dangerousobject.Multi!c
...
...
Threat score: 3,6%
Overall: Safe​
4 ) Personal conclusion :

- False positive
- Don't update it if your are not "sure" and want to wait a Kaspersky / ZAM official answer/correction​
 
Last edited:

omidomi

Level 65
Trusted
Malware Hunter
Verified
we never see Kaspersky detected in virus total o_O but...:rolleyes:
btw: Dr.Web detected both of them but in second link we never see detection from them :oops: