D
Deleted member 178
This whole thread shows the uselessness of signature-based model...
Kaspersky Marked Zemana as Malware!
- Thread starter omidomi
- Start date
This thread is being handled by a member of the staff.
- Status
H
hjlbx
The false positive is probably happening via Virus Total and the "sharing" - errr, hmmm - creation of "copy-cat" signatures; this is not uncommon...
Well, Voodooshield also block them if Zemana trying to update its signature in Auto-Mode. But other than that, it's totally fine.
Y
yigido
Exactly
and we are seeing who are the "copy-cats" I am thinking now, Kaspersky testing vendors with this way "Who copied our signatures guys ?"
H
hjlbx
Exactly
Maybe Eugene is up to his old tricks; he got into some hot water over this sort of thing months back... remember the deliberate false positive submissions to VT by Kaspersky that every other vendor then created the exact same false positive ?
Eugene made a point - that everyone knew was true - but all the vendors said: "Nahhh, that ain't true... we don't create signatures based upon what other vendors submit to VT..."
WTF ? VT was created to submit malware and for the exchange of malicious files... but it is obvious - that at the very least the vendors are not closely inspecting the files and at worst just creating signatures for what some other vendor created...
This is a problem that just isn't going to go away.
Last edited by a moderator:
For sure a botched signature update occurred on connected AV's.
No more surprise cause that's a part of lapses.
No more surprise cause that's a part of lapses.
- Apr 28, 2015
- 9,386
- 1
- 84,789
- 8,389
That's so strange, I have a friend/colleague at Kaspersky Forum (also Moderator), He also lives in Spain but in a different region than me, and He is not getting the issue with ZAM false positive and his Kaspersky product... so it's clear an issue only affecting to some Kaspersky Geo servers...
omidomi
Level 71
Thread author
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Forum Veteran
if you ask me I reply you!Exactly
the first AV that detected Zemana as Malware is Dr.Web
(you can see my test in MH)after that Kaspersky and now Avira..
see here :https://malwaretips.com/threads/01-08-2016-6.61881/
Dr.Web detected zemana on 01-08-2016...
Last edited:
omidomi
Level 71
Thread author
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Forum Veteran
In my country my problem is same as you
omidomi
Level 71
Thread author
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Forum Veteran
problem is : In part of Kaspersky product this issue occurred hens if this problem from signature directly why this issue cause for a part of users...
All Of Us know signature is "death"
stranger is this problem occurred for me when I use EU and US IP
VoodooShield/Crystal Security and other base cloud tools only shows 2/56 on VT :
=> the updater
I successfully installed last ZAM (with Shadow Defender enable) deactivating VS, and letting KTS makes its job
=> the ZAM.exe
One more time: one FP is better than a real infection... (if its really a FP)
=> the updater
- Kaspersky: UDS : DangerousObject.Multi.Generic
- AegisLab: Uds.Dangerousobject.Multi!c
- AegisLab: Uds.Dangerousobject.Multi!c
I successfully installed last ZAM (with Shadow Defender enable) deactivating VS, and letting KTS makes its job
=> the ZAM.exe
- KSN => all ok
- Scan zam.exe => no pb detected
- Kaspersky Application Advisor see : Trojan.Win32.Delf.efbx
https://malwaretips.com/threads/kaspersky-marked-zemana-as-malware.64248/page-4#post-551887- Scan zam.exe => no pb detected
- Kaspersky Application Advisor see : Trojan.Win32.Delf.efbx
One more time: one FP is better than a real infection... (if its really a FP
)
Last edited:
Y
yigido
We are investigating the problem in Istanbulif you ask me I reply you!
the first AV that detected Zemana as Malware is Dr.Web
after that Kaspersky and now Avira..
see here :https://malwaretips.com/threads/01-08-2016-6.61881/
Dr.Web detected zemana on 01-08-2016...
LOL
Webroot: no problem everything is working fine
The problem seems to be gone with the latest Kaspersky signatures... or maybe Zemana fixed their installer... who knows...
I have just done the same tests I have done before => always the same strange things :
- One test wit settings :
Trust digitally signed applications =
Load rules for application form KSN
Load rules for application form KSN
- And another with Application Control disabled:
Always the same results :
On my PC :
It is in the Kaspersky advisor that Kaspersky reports a problem,
and there is always the 20/25 s between a right click on zam.exe and the apparition of the contextual menu !?
(KTS working "hard" during this period)
and there is always the 20/25 s between a right click on zam.exe and the apparition of the contextual menu !?
(KTS working "hard" during this period)
https://malwaretips.com/threads/kaspersky-marked-zemana-as-malware.64248/page-5#post-552284
https://malwaretips.com/threads/kaspersky-marked-zemana-as-malware.64248/page-4#post-551887
Last edited:
if you ask me I reply you!
the first AV that detected Zemana as Malware is Dr.Web
after that Kaspersky and now Avira..
see here :https://malwaretips.com/threads/01-08-2016-6.61881/
Dr.Web detected zemana on 01-08-2016...
I also have and had Dr.Web now and at the date of 01-08-2016 and had no problems at all with Zemana but remember that at the date of 01-08-2016 Zemana version was different than the one that was detected now.
Tanam: I run the portable version of Zemana and it`s for the first time it asks me if I want to update. I think this is the issue that changed and didn`t like to other AVs. Until now it updated itself automatically. I`ll stick with my 2.30.2.75 version until all settles down.
In my case Kaspersky as well as Hitmanpro.Alert detected ZAM.exe as a Trojan.
Now that is too much to accept.\
I let kaspersky do its job and delete zemana.
Perhaps someone hacked Zemana installer and infected it.
Who knows.
Now that is too much to accept.\
I let kaspersky do its job and delete zemana.
Perhaps someone hacked Zemana installer and infected it.
Who knows.
omidomi
Level 71
Thread author
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Forum Veteran
may be...
pfffff I have nothing to saidI also have and had Dr.Web now and at the date of 01-08-2016 and had no problems at all with Zemana but remember that at the date of 01-08-2016 Zemana version was different than the one that was detected now.
Tanam: I run the portable version of Zemana and it`s for the first time it asks me if I want to update. I think this is the issue that changed and didn`t like to other AVs. Until now it updated itself automatically. I`ll stick with my 2.30.2.75 version until all settles down.
it seems Dr.Web and Kaspersky detected viruses by random selection
I have just received this response from Zemana answering my concerns about HitmanPro detecting it as malware and they assure me there is nothing to worry about:
"There is nothing to worry about, this is a false positive. We are aware of it and have filed a request with SurfRight. As a temporary solution, you can choose the exclude option of your HitmanPro.
We are expecting whitelisting, but in the meanwhile we would ask you to report the case as well. This may speed up the process."
"There is nothing to worry about, this is a false positive. We are aware of it and have filed a request with SurfRight. As a temporary solution, you can choose the exclude option of your HitmanPro.
We are expecting whitelisting, but in the meanwhile we would ask you to report the case as well. This may speed up the process."
- Status
You may also like...
-
Frogblight Android Malware Spoofs Government Sites to Collect SMS and Device Details- Started by Brownie2019
- Replies: 1
-
-
I had to use a few second opinion scanners alongside Kaspersky premium. Any chance of Kaspersky corruption.
- Started by nonamebob567
- Replies: 18
-
-
Kaspersky and various other AVs can't detect simple ransomware script
- Started by Ahmed Uchiha
- Replies: 84