Assigned Zemana dropped files

[Evjl's Rain]

Hi, I have a problem with zemana both install and portable version

I completely removed the install version and just use the portable version. However, as soon as zemana is executed, it immediately creates 2 files in C:\windows/system32/drivers/zamguard64.sys and zam64.sys
a few minutes later, these 2 files will create new files ZAM.krnl.trace & ZAM_Guard.krnl.trace in C:\windows folder
I completely closed zemana portable and made sure that there was no process and service running in the background. I tried to delete all 4 files but I could only delete the last 2 trace files, the other 2 sys files couldn't be deleted. After 2 minutes, 2 trace files were created again. Tried a second time, the result was still the same
zemana portable is not running so why do those 2 trace files are continuously created after a few minutes? What are they doing to the system? They are running in the background to do what as zemana is not running? Is this the reason for other AV vendors detected ZAM as malware because of this malware-like behaviour?
I noticed they did cause some battery drain and a bit increased CPU usage due to my AV scanning those zemana files

also it is hard to get rid of those files as I had to use Autoruns to disable and delete 2 sys files, couldn't delete them still -> reboot -> deleted successfully

 

[shukla44]

I have portable version of Zemana & i have this too.
What is happening?

 

[askmark]

Annoying isn't it? I've mentioned it in this post where everyone else was singing the praises of ZAM...

FileHippo News: Zemana AntiMalware: Antivirus Software That Blocks The Threat Before It Occurs

Plus a few posts down I mentioned the ZAM.trace file which actually upset Windows Defender on my machine.

I had to manually delete all traces of the product and as a result nothing Zemana is going back on until I can trust them again.

Thanks for posting the problem in more detail. I really couldn't be bothered as I was that angry

 

[shukla44]

Annoying isn't it? I've mentioned it in this post where everyone else was singing the praises of ZAM...

FileHippo News: Zemana AntiMalware: Antivirus Software That Blocks The Threat Before It Occurs

Plus a few posts down I mentioned the ZAM.trace file which actually upset Windows Defender on my machine.

I had to manually delete all traces of the product and as a result nothing Zemana is going back on until I can trust them again.

Thanks for posting the problem in more detail. I really couldn't be bothered as I was that angry

How did you manage to stop the trace file from being created in Windows folder?

I deleted the portable version, deleted the 2 driver files, deleted the autorun entries for 2 driver files. Is something left?

NOTE: Will see after a reboot.

 

[askmark]

How did you manage to stop the trace file from being created in Windows folder?

I deleted the portable version, deleted the 2 driver files, deleted the autorun entries for 2 driver files. Is something left?

I think I deleted it after the drivers were deleted but I'm not 100% sure. I know I used Process Explorer's handle search to determine which process was holding the file open and killed it.

 

[Exterminator]

I know one winner from the Zemana Giveaway mentioned that the installer was flagged as a Trojan.
Has anyone contacted Zemana or consulted @TwinHeadedEagle on this ?

 

[TwinHeadedEagle]

Upon execution Zemana is installing its drivers needed to get privileges in order to remove malware. Corresponding files are

zam32.sys or zam64.sys and zamguard32.sys or zamguard64.sys

These are called drivers and they run all the time even if you close Zam. They also create zam trace files in order to log Zemana usage in case it of some errors or problem that we can later use to see what was the issue. Until you delete driver files they will keep recreating trace files.

Zemana also creates %localappdata%\Zemana folder that you can also remove.

As soon as you close Zemana you can delete first its drivers and then trace files manually. I will talk with developers about this, they can probably implement some cleanup after closing.

Hoping it is now clear what are these components for.


EDIT: To safely remove drivers, it is recommended to reboot your system first after running Zemana.

 

[askmark]

As soon as you close Zemana you can delete first its drivers and then trace files manually. I will talk with developers about this, they can probably implement some cleanup after closing.

ThIs is supposed to be the portable/standalone version of the product so shouldn't be leaving any trace after being closed.

I wonder how many inexperienced computer users unknowingly and unwitingly now have these drivers active on their systems. And will do until they reinstall their OS

On my system WD went crazy trying to continually scan the trace files until I made an exclusion.

I think Zemana should post an uninstaller on their site and make their users aware on their blog or something.

 

[adnage19]

Upon execution Zemana is installing its drivers needed to get privileges in order to remove malware. Corresponding files are

zam32.sys or zam64.sys and zamguard32.sys or zamguard64.sys

These are called drivers and they run all the time even if you close Zam. They also create zam trace files in order to log Zemana usage in case it of some errors or problem that we can later use to see what was the issue. Until you delete driver files the will keep recreating trace files.

Zemana also creates %localappdata%\Zemana folder that you can also remove.

As soon as you close Zemana you can delete first its drivers and then trace files manually. I will talk with developers about this, they can probably implement some cleanup after closing.

Hoping it is now clear what are these components for.


EDIT: To safely remove drivers, it is recommended to reboot your system first after running Zemana.

I think the biggest problem is that after unistalling normal version of Zemana, there are still drivers and other stuff. The unistaller doesn't care about it at all.

 

[ZeroTolerance]

Hi, as mentioned by @Exterminator Im one of the winner from the Zemana Giveaways. Upon installing, VoodooShield prompted Zemana AM as as a trojan (false positive). So i immediately checked it on Process Explorer and they flagged zam.exe has a trojan.

@TwinHeadedEagle Can i delete these drivers on regedit? or How do i delete this drivers?. Newbie here.

Thanks

 

[TwinHeadedEagle]

You can use Autoruns to delete them. But first reboot your system after running Zemana portable:

 

[Malakke]

This is no good for Zemana. I had several problems for deleting those files. Finally with Autoruns and booting in secure mode i was able to deleting them, but it was no easy. Also, i've found (thanks to Autoruns) that Zemana Antilogger dropped another .sys file that uninstaller not removed. I wait for a real uninstaller and some explanations about it.

 

[LabZero]

Zemana portable by its nature can not be like a normal/simple portable app.
As already mentioned, in normal situations it is advisable to use and maintain the installable version.

 

[askmark]

Zemana portable by its nature can not be like a normal/simple portable app.
As already mentioned, in normal situations it is advisable to use and maintain the installable version.

I agree but it's not obvious to everyone it's not like a normal/simple portable app.

I personally when testing new software will always choose to download the portable version if one is available. I run the program to see if it's any good and then either keep or delete it. I don't however expect any portable software to leave drivers active on my system permanently.

Zemana needs to either remove their drivers on exit or provide an uninstaller.

 

[LabZero]

I agree but it's not obvious to everyone it's not like a normal/simple portable app.

I personally when testing new software will always choose to download the portable version if one is available. I run the program to see if it's any good and then either keep or delete it. I don't however expect any portable software to leave drivers active on my system permanently.

Zemana needs to either remove their drivers on exit or provide an uninstaller.

Sure, agree on that

 

[Berny]

provide an uninstaller.

JV16 PowerTools X + Reboot did a perfect job here ...

 

[askmark]

JV16 PowerTools X + Reboot did a perfect job here ...

I'm sure it did, but it shouldn't be necessary for anyone to have to use third party tools or in my case the command line to remove files that shouldn't be there in the first place.

 

[Berny]

I agree ...

 

[Evjl's Rain]

this problem has still not been solved. Trace files are still being created frequently
Other problems:
- ZAL still causes problem with typing/proofing tool for typing in my language after standby for 30 minutes. Reported long long time ago, was confirmed by zemana by email but not fixed in the most recent version
- a trace file created by the free portable version after running a smart scan and a manual C: scan = ~102Mb
- 2 trace files created by 2 ZAM drivers in portable version

 

[TwinHeadedEagle]

I think I already explained the purpose of trace files. They log Zemana activity and help us solve the bugs. They will always be there. What we can do is to move them to some non-visible location.