Assigned Zemana False Positive Report Thread

  • Thread starter Deleted Member 333v73x
  • Start date
This thread is being handled by a member of the staff.
M

Mops21

Level 35
Verified
Honorary Member
Content Creator
Oct 25, 2014
2,489
Hi

I have 1 File for you for check

Security Center Disabled
Status : Gescannt
Object : HKLM\SYSTEM\CurrentControlSet\services\wscsvc\Start
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Verdächtige Einstellung
Cleaning Action : Reparieren
Related Objects :
Registry Eintrag - HKLM\SYSTEM\CurrentControlSet\services\wscsvc\Start = 4

With best Regards
Mops21
 

Attachments

  • Zemana Anti-Malware 2.70.2.118 FP 01.jpg
    Zemana Anti-Malware 2.70.2.118 FP 01.jpg
    264.9 KB · Views: 699
  • Like
Reactions: Der.Reisende
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
Mops21 said:
Hi

I have 1 File for you for check

Security Center Disabled
Status : Gescannt
Object : HKLM\SYSTEM\CurrentControlSet\services\wscsvc\Start
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Verdächtige Einstellung
Cleaning Action : Reparieren
Related Objects :
Registry Eintrag - HKLM\SYSTEM\CurrentControlSet\services\wscsvc\Start = 4

With best Regards
Mops21
Click to expand...

This isn't a false positive. It is a potentially unwanted modification sometimes made by malware. If you personally set this setting, you can exclude it.
 
  • Like
Reactions: XhenEd and Der.Reisende
M

Mops21

Level 35
Verified
Honorary Member
Content Creator
Oct 25, 2014
2,489
TwinHeadedEagle said:
This isn't a false positive. It is a potentially unwanted modification sometimes made by malware. If you personally set this setting, you can exclude it.
Click to expand...

Ah okay thank you very much for your info, but why I have this now and not earlier this some Versions ago

With best Regards
Mops21
 
  • Like
Reactions: Der.Reisende
M

Mops21

Level 35
Verified
Honorary Member
Content Creator
Oct 25, 2014
2,489
TwinHeadedEagle said:
This option was introduced on stable release from 23rd November.
Click to expand...

Hi

Yes, but I do not see this on the Changelog Site. I have contacted the Zemana Support for this. I will get Back then i have an andere from them

Zemana - AntiMalware and AntiLogger Protection

Zemana AntiMalware 2.70.2.25

Wednesday, November 23, 2016 10:40 AM
  • This is the stable release of the previous BETA version (2.70.1.25)
Zemana AntiMalware 2.70.1.25 Beta

Tuesday, November 22, 2016 12:42 PM
  • Improved cleaner.
  • Other minor improvements and fixes.
With best Regards
Mops21
 
  • Like
Reactions: _CyberGhosT_ and Der.Reisende
WinXPert

WinXPert

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Jan 9, 2013
1,457
Here are some programs I have installed that are flagged by ZAM

YTD Video Downloader 5.8.2.1 (ytd.exe)
MD5: 53FAFEDCC195E2A50B45997EED6EDB88

KnowBe4 Ran Sim 1.0.2.4 (RanSimSetup.exe)
MD5: 6bf1b9589f41ff4108d114915f5a61c4

USB Guardian 3.9.0.0 (usb-guardian-setup.exe)
MD5: e0a541e0d9f7ccf195d8222c521ad591
 
TwinHeadedEagle

TwinHeadedEagle

Level 41
Verified
Mar 8, 2013
22,627
They are all blacklisted in our database and you can see why:

Antivirus scan for 7caff78c6848f5e1e76ec349f68924d269eb85fdfe86f10f314fb9de72fcc572 at 2017-03-10 06:50:05 UTC - VirusTotal
Antivirus scan for 39da0ef064108e5d75428d726fa820d5283f40436d31845f4e3bc66fb5a4a486 at 2017-02-16 17:20:19 UTC - VirusTotal
Antivirus scan for fc4166df308a7ce17b0b370bb000163ffc8b2fb502789e7060dc0995475b25ca at 2017-03-13 04:59:42 UTC - VirusTotal

When I tried to download USB Guardian I was redirected to Reimage pop-ups so you should re-think what are you doing. These programs are far from legitimate and will stay blacklisted.
 
  • Like
Reactions: _CyberGhosT_ and Ink
Lord Ami

Lord Ami

Level 21
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Sep 14, 2014
1,036
Avast Web/Mail Shield Root
Status : Scanned
Object : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F9454AAA90B14EF80C495649B5512087426CAE4E\Blob
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Root CA
Cleaning Action : Exclude
Related Objects :
Registry Entry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F9454AAA90B14EF80C495649B5512087426CAE4E\Blob = 190000000100000010000000B6741A37045CDDB96B7D989290BDE40D0F00000001000000200000001C3A2AA592C58E225D98BFECE7723CB1F3CD7EDA1C74046F7F653130DEC66802030000000100000014000000F9454AAA90B14EF80C495649B5512087426CAE4E14000000010000001400000074C417CC7E09EC651E32F547497F857213BC6B1820000000010000000704000030820403308202EBA0030201020210773CCA941F71F040BB18044CE75F1298300D06092A864886F70D01010B0500308181313A3038060355040B0C3167656E65726174656420627920417661737420416E7469766972757320666F722053534C2F544C53207363616E6E696E67311E301C060355040A0C154176617374205765622F4D61696C20536869656C643123302106035504030C1A4176617374205765622F4D61696C20536869656C6420526F6F74301E170D3130303130313132303030305A170D3430303130313132303030305A308181313A3038060355040B0C3167656E65726174656420627920417661737420416E7469766972757320666F722053534C2F544C53207363616E6E696E67311E301C060355040A0C154176617374205765622F4D61696C20536869656C643123302106035504030C1A4176617374205765622F4D61696C20536869656C6420526F6F7430820122300D06092A864886F70D01010105000382010F003082010A0282010100C61FC5E2275C75D6791E680C069AB38348D7EFDE54A42BC3AD70AF77F422A9C10B2F1CA9C2450EA946F557AFFEF28AF8B6CAF86E907FBE61971075A4B23401B3CBA2B8F3128FC48DFBAAC7327F9DE0CB0BB7BB0D193FADC93420C1F66E240C56722BA59F878FB9C3C582D8F2FEC230EED99117B44F1A7A5F53FD006D791A596D2F0E426B4FFF88C4C04F64521EDB736A6DEF842E9FD16FDC757C4604557DDC07F9A8B35F87F7CEF6E2AD153F5C32C36B74663723F5ECAED2291251A45F0E9E175B91E6293690A8CEDC23D2E0511D1EA20CB0A58D974311FF60C033AEFF81BAD3DFE142CE26BCBEC5A67B68E97C142DA60D8A174A46495DFDE1B4E415F4E3703D0203010001A3753073300F0603551D13040830060101FF020100300B0603551D0F04040302020430130603551D25040C300A06082B06010505070301301D0603551D0E0416041474C417CC7E09EC651E32F547497F857213BC6B18301F0603551D2304183016801474C417CC7E09EC651E32F547497F857213BC6B18300D06092A864886F70D01010B05000382010100340F695C2477F744A20FDEDB231D6C16A29AB34606F72BFBC9E340F1D54F53D45DFAF1556641D02E229A128EF27A86FE6E8B12E4378AC37F24C0831D64C9F41F47DE60209BA5080DE0747C8C061A3F87D88DC40525C36FF25CC647900A056CA99950F8F321A06F25491B536EC0AF0510B825679B319935247CB7176863548F173961EC20041D51E79FDAE9A3AE40018ADC68D86E2A1F94B368DDD6F05F1BA41DEF161D4FEB68FF56F95AEC278492FF36150A33916D34AF3BC64A3309D860FF13438B34F85A006976A465C1DAAE006BA7AFBC96A8DD228A7AD2065FDEC50386CBF08937594C70C1138DA30F62EC65B6EDEE5C27E6854280FC3F1E2FAE4A893BF4

Firefox Search
Status : Scanned
Object : ƕigekeelsussƵnaraamat - EKI.ee - Eesti Keele Instituut
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Exclude
Related Objects :
Browser Setting - Firefox Search

Firefox Search
Status : Scanned
Object : ƕigekeelsussƵnaraamat - EKI.ee - Eesti Keele Instituut
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Exclude
Related Objects :
Browser Setting - Firefox Search

Firefox Search
Status : Scanned
Object : Osta - Oksjonid, kuulutused ja eripakkumised - enam pakkumisi - Osta.ee
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Firefox Search

Avast root CA. Also some pre-set Estonian search providers in Firefox (came with original install).
 
L

LiteManager

Level 1
Verified
Developer
Mar 13, 2017
8
LiteManager False positive report
File

I am developer of LiteManager it is a legal remote control software, it is similar to TeamViewer. We have very friendly and safety interface. Our software is not virus or spy.
We don't have special secret functions all code is clear. Please remove us from virus (malware software).

When you run ROMServer.exe you can see License agreement window, User must accept it otherwise litemanager will not be running.

Our site LiteManager - unattended remote access software and support tools.

ashampoo_snap_2017-03-15_12h15m23s_002_-jpg.142905
 
Last edited by a moderator:
  • Like
Reactions: KevinYu0504 and RXZ6Q
deemanthax

deemanthax

Level 1
Verified
Dec 13, 2016
20
im new to zemana and MalwareTips i think this is the right place to post this..
adware ad block
 

Attachments

  • zal.PNG
    zal.PNG
    61.9 KB · Views: 590
A

Ayman A R

New Member
Jun 12, 2017
1
We are getting a false positive with these installers:

Is this the official place to report these?
 
Last edited by a moderator:
KevinYu0504

KevinYu0504

Level 5
Verified
Well-known
Mar 10, 2017
228
Ayman A R said:
We are getting a false positive with these installers:
Is this the official place to report these?
Click to expand...

No , but ususally @TwinHeadedEagle will come here and take a look ,
he is working in Zemana ( if i do not make mistake) .
if the issue is confirm , than he will help to report to Zemana official .

If him do not response , you can send a message to him :)
 
  • Like
Reactions: frogboy

Similar threads

Andy Ful
    • Like
    • Wow
Serious Discussion Problem with submitting false positives to Norton and Bitdefender.
Replies
31
Views
3,224
General Security Discussions
partha_roy
partha_roy
Bot
    • Like
New in 2023.12: Smarter and faster detection
Replies
9
Views
896
Emsisoft
Zartarra
Zartarra
[correlate]
    • Like
Vulnerable HTTP Report
Replies
0
Views
1,095
News Archive
[correlate]
[correlate]

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top