H

hjlbx

Exactly ;) and we are seeing who are the "copy-cats" ;) I am thinking now, Kaspersky testing vendors with this way "Who copied our signatures guys :D ?"
Maybe Eugene is up to his old tricks; he got into some hot water over this sort of thing months back... remember the deliberate false positive submissions to VT by Kaspersky that every other vendor then created the exact same false positive ?

Eugene made a point - that everyone knew was true - but all the vendors said: "Nahhh, that ain't true... we don't create signatures based upon what other vendors submit to VT..."

WTF ? VT was created to submit malware and for the exchange of malicious files... but it is obvious - that at the very least the vendors are not closely inspecting the files and at worst just creating signatures for what some other vendor created...

This is a problem that just isn't going to go away.
 
Last edited by a moderator:

harlan4096

Level 61
Verified
Staff member
Malware Hunter
That's so strange, I have a friend/colleague at Kaspersky Forum (also Moderator), He also lives in Spain but in a different region than me, and He is not getting the issue with ZAM false positive and his Kaspersky product... so it's clear an issue only affecting to some Kaspersky Geo servers...
 

omidomi

Level 66
Verified
Trusted
Malware Hunter
Exactly ;) and we are seeing who are the "copy-cats" ;) I am thinking now, Kaspersky testing vendors with this way "Who copied our signatures guys :D ?"
if you ask me I reply you!
the first AV that detected Zemana as Malware is Dr.Web :D (you can see my test in MH)
after that Kaspersky and now Avira..:p
see here :https://malwaretips.com/threads/01-08-2016-6.61881/
Dr.Web detected zemana on 01-08-2016...
 
Last edited:

DardiM

Level 26
Verified
Trusted
Malware Hunter
VoodooShield/Crystal Security and other base cloud tools only shows 2/56 on VT :
=> the updater
- Kaspersky: UDS : DangerousObject.Multi.Generic
- AegisLab: Uds.Dangerousobject.Multi!c​

I successfully installed last ZAM (with Shadow Defender enable) deactivating VS, and letting KTS makes its job
=> the ZAM.exe
- KSN => all ok
- Scan zam.exe => no pb detected
- Kaspersky Application Advisor see : Trojan.Win32.Delf.efbx
https://malwaretips.com/threads/kaspersky-marked-zemana-as-malware.64248/page-4#post-551887

One more time: one FP is better than a real infection... (if its really a FP :D)
 
Last edited:

DardiM

Level 26
Verified
Trusted
Malware Hunter
The problem seems to be gone with the latest Kaspersky signatures... or maybe Zemana fixed their installer... who knows...
I have just done the same tests I have done before => always the same strange things :

- One test wit settings :

Trust digitally signed applications =
Load rules for application form KSN​

- And another with Application Control disabled:

Always the same results :

On my PC :

It is in the Kaspersky advisor that Kaspersky reports a problem,
and there is always the 20/25 s between a right click on zam.exe and the apparition of the contextual menu !?
(KTS working "hard" during this period)​

https://malwaretips.com/threads/kaspersky-marked-zemana-as-malware.64248/page-5#post-552284
https://malwaretips.com/threads/kaspersky-marked-zemana-as-malware.64248/page-4#post-551887
 
Last edited:

Ana_Filiz

Level 4
Verified
if you ask me I reply you!
the first AV that detected Zemana as Malware is Dr.Web :D (you can see my test in MH)
after that Kaspersky and now Avira..:p
see here :https://malwaretips.com/threads/01-08-2016-6.61881/
Dr.Web detected zemana on 01-08-2016...

I also have and had Dr.Web now and at the date of 01-08-2016 and had no problems at all with Zemana but remember that at the date of 01-08-2016 Zemana version was different than the one that was detected now. :)
Tanam: I run the portable version of Zemana and it`s for the first time it asks me if I want to update. I think this is the issue that changed and didn`t like to other AVs. Until now it updated itself automatically. I`ll stick with my 2.30.2.75 version until all settles down.
 

omidomi

Level 66
Verified
Trusted
Malware Hunter
In my case Kaspersky as well as Hitmanpro.Alert detected ZAM.exe as a Trojan.
Now that is too much to accept.\
I let kaspersky do its job and delete zemana.
Perhaps someone hacked Zemana installer and infected it.
Who knows.
may be...
I also have and had Dr.Web now and at the date of 01-08-2016 and had no problems at all with Zemana but remember that at the date of 01-08-2016 Zemana version was different than the one that was detected now. :)
Tanam: I run the portable version of Zemana and it`s for the first time it asks me if I want to update. I think this is the issue that changed and didn`t like to other AVs. Until now it updated itself automatically. I`ll stick with my 2.30.2.75 version until all settles down.
pfffff I have nothing to said :D
it seems Dr.Web and Kaspersky detected viruses by random selection :D:p
 

uninfected1

Level 10
Verified
I have just received this response from Zemana answering my concerns about HitmanPro detecting it as malware and they assure me there is nothing to worry about:

"There is nothing to worry about, this is a false positive. We are aware of it and have filed a request with SurfRight. As a temporary solution, you can choose the exclude option of your HitmanPro.
We are expecting whitelisting, but in the meanwhile we would ask you to report the case as well. This may speed up the process."