Assigned Kaspersky Marked Zemana as Malware!

This thread is being handled by a member of the staff.
Status
Not open for further replies.
omidomi

omidomi

Level 71
Thread author
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Apr 5, 2014
6,001
XhenEd said:
If Kaspersky isn't removing its detection against ZAM, then can it be that it's really a true detection? :D
Click to expand...
today , here is not problem, but yesterday yes!
amazing thing is : today many of MH users (Hitman pro detected zemana as malware for them...) got this issue but for me no o_O
you can see here:
https://malwaretips.com/posts/551730/
I do't think true detection, but Dr.Web also Detected Zemana as malware(its 3 or 4 weeks until now) and my concern is...:confused:
 
  • Like
Reactions: uninfected1, JB007, Der.Reisende and 2 others
D

Der.Reisende

Level 45
Honorary Member
Top Poster
Content Creator
Malware Hunter
Dec 27, 2014
3,423
frogboy said:
I had ZAL mark Emsisoft as malware today. :eek:
Click to expand...
This seems to been fixed, nice :)
ZAL.JPG

harlan4096 said:
Since yesterday I'm getting the same issue, I already reported (yesterday) it as False Positive to KL VirusDesk, still waiting for an answer...
Click to expand...
Great job, thank you!
 
  • Like
Reactions: frogboy, uninfected1, DardiM and 2 others
harlan4096

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,672
This could have a thought, as it seems 1st firm in detected ZAM was Kaspersky, the others which are also detecting now it after 2 days just copied the detection :D:p

Just joking :D I know this is not true, because some detections are generic, others heur and others specific...
 
  • Like
Reactions: Ana_Filiz, frogboy, uninfected1 and 4 others
DardiM

DardiM

Level 26
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
May 14, 2016
1,597
omidomi said:
I use KIS 2017(b)+ Zemana Anti Malware 2.50.133
Hitman Pro uses Kaspersky engine,today many of MH users got Fp (hitman pro detected Zemana as malware),why you said not problem with Kaspersky and zemana o_O:rolleyes:
https://malwaretips.com/threads/8-10-16-4.64264/
see here also:
http://whitelisting.kaspersky.com/advisor#search/6ba102896e1569693188362e50065163
Click to expand...
"why you said not problem with Kaspersky and zemana o_O:rolleyes:"

=> I said that I haven't got this problem on My PC, not said that nobody has this problem :p

That is why it looked strange ...

So I tried to understand, and the result is :

zam.jpg

ZAM shows me 2.50.2.133 version, but it seems KTS auto put in quarantine the zam update exe prog (update_{DB10CABC-BE6B-4CE1-BB97-91A2C4701577}.exe) and kept the old zam.exe. That is why on my precedent post, on the picture the date seen was from 04/10/2016​

upload_2016-10-8_18-46-31.png
 
Last edited:
  • Like
Reactions: harlan4096, Ana_Filiz, Der.Reisende and 5 others
omidomi

omidomi

Level 71
Thread author
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Apr 5, 2014
6,001
DardiM said:
"why you said not problem with Kaspersky and zemana o_O:rolleyes:"

=> I said that I haven't got this problem on My PC, not said that nobody has this problem :p

That is why it looked strange ...

So I tried to understand, and the result is :

View attachment 117723

ZAM shows me 2.50.133 version, but it seems KTS auto put in quarantine the zam update exe prog (update_{DB10CABC-BE6B-4CE1-BB97-91A2C4701577}.exe) and kept the old zam.exe. That is why on my precedent post, on the picture the date seen was from 04/10/2016​

Click to expand...
oops you are right, yup its my fault, sorry my english is not good :(
btw:its strange your Kaspersky is different from the other :D
this is why I suspected to GEO problem :rolleyes:
 
  • Like
Reactions: Ana_Filiz, harlan4096, Der.Reisende and 4 others
DardiM

DardiM

Level 26
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
May 14, 2016
1,597
omidomi said:
oops you are right, yup its my fault, sorry my english is not good :(
btw:its strange your Kaspersky is different from the other :D
Click to expand...
In fact, i think only the setting change (not default setting), no "infection" but in this case, it have directly put in quarantine the updater, so Zam kept the good "old" zam.exe (but changes the version number in the gui lol)
 
Last edited:
  • Like
Reactions: Ana_Filiz, harlan4096, Der.Reisende and 4 others
uninfected1

uninfected1

Level 11
Verified
Top Poster
Well-known
Jan 28, 2016
525
pablozi said:
I just have scanned the installation package again and HMP says it is clean.
Issue looks to be solved now.
Click to expand...
Not solved for me unfortunately. HitmanPro still detecting ZAL as malware (picking up Kaspersky's findings I guess). So what's the general consensus? FP (malicious or otherwise) or is there a ZAL problem?
 
Last edited:
  • Like
Reactions: Ana_Filiz, Der.Reisende, DardiM and 1 other person
mlnevese

mlnevese

Level 26
Verified
Top Poster
Well-known
May 3, 2015
1,540
I would say that the most likely explanation is that Zemana has an unencrypted malware pattern in their latest update and THAT is what is being recognized by other security software. It would not be the first time a security program makes a mistake like this.
 
  • Like
Reactions: uninfected1, harlan4096, Ana_Filiz and 2 others
XhenEd

XhenEd

Level 28
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 1, 2014
1,708
What surprises me more right now is not that Zemana is (falsely) detected, but that the AVs detecting it are not removing the detection up to now.

It's my belief that FPs must be addressed as soon as possible because in the first place FPs are not malicious and therefore should not be detected and deleted.
 
  • Like
Reactions: Ana_Filiz, uninfected1, harlan4096 and 4 others
mlnevese

mlnevese

Level 26
Verified
Top Poster
Well-known
May 3, 2015
1,540
XhenEd said:
What surprises me more right now is not that Zemana is (falsely) detected, but that the AVs detecting it are still not removing the detection up to now.

It's my belief that FPs must be addressed as soon as possible because in the first place FPs are not malicious and therefore should not be detected and deleted.
Click to expand...

If the other vendors are detecting an unencrypted malware pattern in Zemana, as I believe, then it's Zemana who must fix their software, not the other vendors.
 
  • Like
Reactions: uninfected1, Ana_Filiz, XhenEd and 1 other person
XhenEd

XhenEd

Level 28
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 1, 2014
1,708
mlnevese said:
If the other vendors are detecting an unencrypted malware pattern in Zemana, as I believe, then it's Zemana who must fix their software, not the other vendors.
Click to expand...
That's why there's a possibility that the detection is a true detection, which might explain the AVs' refusal to remove the detection. :eek:
 
  • Like
Reactions: uninfected1, mlnevese, Ana_Filiz and 1 other person
mlnevese

mlnevese

Level 26
Verified
Top Poster
Well-known
May 3, 2015
1,540
Ana_Filiz said:
What is this unencrypted malware pattern?
Click to expand...

Antivirus software does not store entire viruses in their databases for recognition as it would make the databases easily go over a terabyte in size. They use patterns long enough to allow the malware to be recognized but not dangerous at all and even those are usually encrypted.
 
  • Like
Reactions: aragornnnn, Ana_Filiz, Der.Reisende and 3 others
Ink

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Only version 2.50.204.133 of ZAM.exe detected.

Previous version 2.50.2xxx.xxx
http://whitelisting.kaspersky.com/advisor#search/0x4A70D3D04C11948712B0D536AE61E088
https://virustotal.com/en/file/5b50...97bca1eb5e9176af526a6151/analysis/1476020545/ (Definitions may differ per system)

Current version 2.50.204.133
http://whitelisting.kaspersky.com/advisor#search/0x6BA102896E1569693188362E50065163
https://virustotal.com/en/file/6552...daaa1006dfe08358de77fe73/analysis/1476020872/ (Definitions may differ per system)

If you can't beat them, destroy them. :p
 
  • Like
Reactions: omidomi, yigido, harlan4096 and 6 others
DardiM

DardiM

Level 26
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
May 14, 2016
1,597
To make some tests :
1) I restored my system from a backup created the 14/09/2017 (dd/mm/yy) :

=> ZAM 2.30.2.75

I installed a clean version of KTS 2017 : all setting by default

=> Updating ZAM to 2.50.2.133 version didn't show any report by KTS

- KSN => all ok
- Scan zam.exe => no pb detected
- Kaspersky Application Advisor see : Trojan.Win32.Delf.efbx

So I realy don't understand, lol

Previously, it was directly the updater file that KTS put in quarantine...

Will try with the settings I usually use.

A right click on zam.exe to open the contextual menu makes KTS seems working hard on it, and the contextual menu appears almost up to 25 s after... (it opens immediately on other security exe / files)

=> With Kaspersky deactivated : instant pop of the contextual menu​

2) New Restoration of my system :

=> ZAM 2.30.2.75 : the contextual menu appears immediately (with KTS 2017 protection activated)
3) With another tools :
VoodooShield Pro :
- one prompt for the updater .exe file :

01.jpg 02.jpg

- one prompt for the .tmp file created for installation, but saying it detects it as a safe file :

03.jpg
File: C:\Users\DardiM\AppData\Local\Zemana\Zemana AntiMalware\update_{0A6BE1FB-B623-4C53-B931-6DD80B5BEE3E}.exe
Hash: f2670cb6953793a8ee1ccb3f06c7c903

Detections:
2/56
Kaspersky: UDS:DangerousObject.Multi.Generic
AegisLab: Uds.Dangerousobject.Multi!c
...
...
Threat score: 3,6%
Overall: Safe​
4 ) Personal conclusion :

- False positive
- Don't update it if your are not "sure" and want to wait a Kaspersky / ZAM official answer/correction​
 
Last edited:
  • Like
Reactions: Ana_Filiz, omidomi, XhenEd and 4 others
omidomi

omidomi

Level 71
Thread author
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Apr 5, 2014
6,001
Spawn said:
Only version 2.50.204.133 of ZAM.exe detected.

Previous version 2.50.2xxx.xxx
http://whitelisting.kaspersky.com/advisor#search/0x4A70D3D04C11948712B0D536AE61E088
https://virustotal.com/en/file/5b50...97bca1eb5e9176af526a6151/analysis/1476020545/ (Definitions may differ per system)

Current version 2.50.204.133
http://whitelisting.kaspersky.com/advisor#search/0x6BA102896E1569693188362E50065163
https://virustotal.com/en/file/6552...daaa1006dfe08358de77fe73/analysis/1476020872/ (Definitions may differ per system)

If you can't beat them, destroy them. :p
Click to expand...
we never see Kaspersky detected in virus total o_O but...:rolleyes:
btw: Dr.Web detected both of them but in second link we never see detection from them :oops:
 
  • Like
Reactions: uninfected1, XhenEd, aragornnnn and 1 other person
Status
Not open for further replies.

Similar threads

Brownie2019
    • Like
On Sale! Kaspersky Standard 2024 - $ 15.59
Replies
0
Views
189
Discounts and Deals
Brownie2019
Brownie2019
Xeno1234
    • Like
    • Wow
Question Is Kaspersky good at Detecting Rootkits?
Replies
6
Views
1,103
Kaspersky
Jengo
Jengo
P
  • Locked
Solved This is not detected by Kaspersky for some strange reason...
Replies
35
Views
1,896
Kaspersky
harlan4096
harlan4096

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top