Assigned Kaspersky Marked Zemana as Malware!

This thread is being handled by a member of the staff.
Status
Not open for further replies.
H

hjlbx

Exactly ;) and we are seeing who are the "copy-cats" ;) I am thinking now, Kaspersky testing vendors with this way "Who copied our signatures guys :D ?"

Maybe Eugene is up to his old tricks; he got into some hot water over this sort of thing months back... remember the deliberate false positive submissions to VT by Kaspersky that every other vendor then created the exact same false positive ?

Eugene made a point - that everyone knew was true - but all the vendors said: "Nahhh, that ain't true... we don't create signatures based upon what other vendors submit to VT..."

WTF ? VT was created to submit malware and for the exchange of malicious files... but it is obvious - that at the very least the vendors are not closely inspecting the files and at worst just creating signatures for what some other vendor created...

This is a problem that just isn't going to go away.
 
Last edited by a moderator:

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,635
That's so strange, I have a friend/colleague at Kaspersky Forum (also Moderator), He also lives in Spain but in a different region than me, and He is not getting the issue with ZAM false positive and his Kaspersky product... so it's clear an issue only affecting to some Kaspersky Geo servers...
 

omidomi

Level 71
Thread author
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Apr 5, 2014
6,001
Exactly ;) and we are seeing who are the "copy-cats" ;) I am thinking now, Kaspersky testing vendors with this way "Who copied our signatures guys :D ?"
if you ask me I reply you!
the first AV that detected Zemana as Malware is Dr.Web :D (you can see my test in MH)
after that Kaspersky and now Avira..:p
see here :https://malwaretips.com/threads/01-08-2016-6.61881/
Dr.Web detected zemana on 01-08-2016...
 
Last edited:

omidomi

Level 71
Thread author
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Apr 5, 2014
6,001
That's so strange, I have a friend/colleague at Kaspersky Forum (also Moderator), He also lives in Spain but in a different region than me, and He is not getting the issue with ZAM false positive and his Kaspersky product... so it's clear an issue only affecting to some Kaspersky Geo servers...
In my country my problem is same as you :D
 

omidomi

Level 71
Thread author
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Apr 5, 2014
6,001
This whole thread shows the uselessness of signature-based model...
problem is : In part of Kaspersky product this issue occurred hens if this problem from signature directly why this issue cause for a part of users...
All Of Us know signature is "death" :D
stranger is this problem occurred for me when I use EU and US IP o_O
 

DardiM

Level 26
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
May 14, 2016
1,597
VoodooShield/Crystal Security and other base cloud tools only shows 2/56 on VT :
=> the updater
- Kaspersky: UDS : DangerousObject.Multi.Generic
- AegisLab: Uds.Dangerousobject.Multi!c​

I successfully installed last ZAM (with Shadow Defender enable) deactivating VS, and letting KTS makes its job
=> the ZAM.exe
- KSN => all ok
- Scan zam.exe => no pb detected
- Kaspersky Application Advisor see : Trojan.Win32.Delf.efbx
https://malwaretips.com/threads/kaspersky-marked-zemana-as-malware.64248/page-4#post-551887

One more time: one FP is better than a real infection... (if its really a FP :D)
 
Last edited:

vindiesel

Level 7
Verified
Apr 15, 2013
333
ESET no problem.
rlm5ow.png
 

DardiM

Level 26
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
May 14, 2016
1,597
The problem seems to be gone with the latest Kaspersky signatures... or maybe Zemana fixed their installer... who knows...
I have just done the same tests I have done before => always the same strange things :

- One test wit settings :

Trust digitally signed applications =
Load rules for application form KSN​

- And another with Application Control disabled:

Always the same results :

On my PC :

It is in the Kaspersky advisor that Kaspersky reports a problem,
and there is always the 20/25 s between a right click on zam.exe and the apparition of the contextual menu !?
(KTS working "hard" during this period)​

https://malwaretips.com/threads/kaspersky-marked-zemana-as-malware.64248/page-5#post-552284
https://malwaretips.com/threads/kaspersky-marked-zemana-as-malware.64248/page-4#post-551887
 
Last edited:

Ana_Filiz

Level 4
Verified
Well-known
Aug 23, 2016
193
if you ask me I reply you!
the first AV that detected Zemana as Malware is Dr.Web :D (you can see my test in MH)
after that Kaspersky and now Avira..:p
see here :https://malwaretips.com/threads/01-08-2016-6.61881/
Dr.Web detected zemana on 01-08-2016...


I also have and had Dr.Web now and at the date of 01-08-2016 and had no problems at all with Zemana but remember that at the date of 01-08-2016 Zemana version was different than the one that was detected now. :)
Tanam: I run the portable version of Zemana and it`s for the first time it asks me if I want to update. I think this is the issue that changed and didn`t like to other AVs. Until now it updated itself automatically. I`ll stick with my 2.30.2.75 version until all settles down.
 

omidomi

Level 71
Thread author
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Apr 5, 2014
6,001
In my case Kaspersky as well as Hitmanpro.Alert detected ZAM.exe as a Trojan.
Now that is too much to accept.\
I let kaspersky do its job and delete zemana.
Perhaps someone hacked Zemana installer and infected it.
Who knows.
may be...
I also have and had Dr.Web now and at the date of 01-08-2016 and had no problems at all with Zemana but remember that at the date of 01-08-2016 Zemana version was different than the one that was detected now. :)
Tanam: I run the portable version of Zemana and it`s for the first time it asks me if I want to update. I think this is the issue that changed and didn`t like to other AVs. Until now it updated itself automatically. I`ll stick with my 2.30.2.75 version until all settles down.
pfffff I have nothing to said :D
it seems Dr.Web and Kaspersky detected viruses by random selection :D:p
 

uninfected1

Level 11
Verified
Top Poster
Well-known
Jan 28, 2016
525
I have just received this response from Zemana answering my concerns about HitmanPro detecting it as malware and they assure me there is nothing to worry about:

"There is nothing to worry about, this is a false positive. We are aware of it and have filed a request with SurfRight. As a temporary solution, you can choose the exclude option of your HitmanPro.
We are expecting whitelisting, but in the meanwhile we would ask you to report the case as well. This may speed up the process."

 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top