Zemana False Positive Report Thread

  • This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.
Mar 10, 2017
157
360
Operating System
Windows 10
Installed Antivirus
Emsisoft
Hi , bro , sorry to tell you the wrong information before ,
but TwinHeadedEagle already confirm that he is not working for Zemana anymore ,
so if you had any false alert want to report ,
i will suggest you to send a email to official .

you can find their email address at official website ,
and feel free to contact them , you can just type a easy title with " false alert report " ,
than Zemana will handle it .
 

Mops21

Level 23
Verified
Oct 25, 2014
1,208
2,706
Hi all

I have 2 False Positives for you

shellfile.exe
Status : Gescannt
Object : %programfiles%\xvirus anti-malware\shellfile.exe
MD5 : D291CD2D33AD06E8A85C8539DC8BF08B
Publisher : -
Size : 50688
Version : 7.0.0.0
Detection : Adware:Win32/Droon.A!Tttm
Cleaning Action : Quarantäne
Related Objects :
Datei - %programfiles%\xvirus anti-malware\shellfile.exe
Registry Eintrag - HKLM\Software\Classes\*\shell\xvirus_context\Command\@ = C:\Program Files (x86)\Xvirus Anti-Malware\shellfile.exe %1

Antivirus scan for 0e520551c75b61fc9b25ceb55b81d78d3a0a906491fe1a2ee8ce1b8b877d755d at 2017-06-14 16:41:59 UTC - VirusTotal

xvirusstart.exe
Status : Gescannt
Object : %programfiles%\xvirus anti-malware\xvirusstart.exe
MD5 : 3BD1D71482C05A466AD251F2A51E1734
Publisher : -
Size : 82944
Version : 7.0.0.8
Detection : Adware:Win32/Fortif!Ekrk
Cleaning Action : Quarantäne
Related Objects :
Datei - %programfiles%\xvirus anti-malware\xvirusstart.exe
Planmäßige Aufgabe - C:\WINDOWS\System32\Tasks\Xvirus Startup

Antivirus scan for 2907720a31faf7bacfc571e60a39b32d52609c81800675cb9fec9dd5bf56fbde at 2017-06-14 16:55:19 UTC - VirusTotal

With best Regards
Mops21
 

Attachments

Last edited:
Mar 10, 2017
157
360
Operating System
Windows 10
Installed Antivirus
Emsisoft
Hi all

I have 2 False Positives for you

shellfile.exe
Status : Gescannt
Object : %programfiles%\xvirus anti-malware\shellfile.exe
MD5 : D291CD2D33AD06E8A85C8539DC8BF08B
Publisher : -
Size : 50688
Version : 7.0.0.0
Detection : Adware:Win32/Droon.A!Tttm
Cleaning Action : Quarantäne
Related Objects :
Datei - %programfiles%\xvirus anti-malware\shellfile.exe
Registry Eintrag - HKLM\Software\Classes\*\shell\xvirus_context\Command\@ = C:\Program Files (x86)\Xvirus Anti-Malware\shellfile.exe %1

Antivirus scan for 0e520551c75b61fc9b25ceb55b81d78d3a0a906491fe1a2ee8ce1b8b877d755d at 2017-06-14 16:41:59 UTC - VirusTotal

xvirusstart.exe
Status : Gescannt
Object : %programfiles%\xvirus anti-malware\xvirusstart.exe
MD5 : 3BD1D71482C05A466AD251F2A51E1734
Publisher : -
Size : 82944
Version : 7.0.0.8
Detection : Adware:Win32/Fortif!Ekrk
Cleaning Action : Quarantäne
Related Objects :
Datei - %programfiles%\xvirus anti-malware\xvirusstart.exe
Planmäßige Aufgabe - C:\WINDOWS\System32\Tasks\Xvirus Startup

Antivirus scan for 679a2e65317168123538082fb1abfc3977ccfcfd07b4ca172206c967b5c440fc at 2017-06-14 16:48:07 UTC - VirusTotal

With best Regards
Mops21
@Mert Can ALICI

Please help ;)
 
Jun 23, 2017
144
408
Operating System
Windows 10
Installed Antivirus
F-Secure
Zemana also detects Chocolatey as a PUA. I think it's a false positive, I don't see anything unwanted with it.
 

Mops21

Level 23
Verified
Oct 25, 2014
1,208
2,706
Hi @TwinHeadedEagle and Hi @Dani Santos

I have 2 Files for you

shellfile.exe
Status : Gescannt
Object : %programfiles%\xvirus anti-malware\shellfile.exe
MD5 : D291CD2D33AD06E8A85C8539DC8BF08B
Publisher : -
Size : 50688
Version : 7.0.0.0
Detection : Adware:Win32/Droon.A!Tttm
Cleaning Action : Quarantäne
Related Objects :
Datei - %programfiles%\xvirus anti-malware\shellfile.exe
Registry Eintrag - HKLM\Software\Classes\*\shell\xvirus_context\Command\@ = C:\Program Files (x86)\Xvirus Anti-Malware\shellfile.exe %1

xvirusstart.exe
Status : Gescannt
Object : %programfiles%\xvirus anti-malware\xvirusstart.exe
MD5 : 3BD1D71482C05A466AD251F2A51E1734
Publisher : -
Size : 82944
Version : 7.0.0.8
Detection : Adware:Win32/Fortif!Ekrk
Cleaning Action : Quarantäne
Related Objects :
Datei - %programfiles%\xvirus anti-malware\xvirusstart.exe
Planmäßige Aufgabe - C:\WINDOWS\System32\Tasks\Xvirus startup

shellfile.exe

Antivirus scan for 0e520551c75b61fc9b25ceb55b81d78d3a0a906491fe1a2ee8ce1b8b877d755d at 2017-07-29 14:24:30 UTC - VirusTotal

VirusTotal

xvirusstart.exe

Antivirus scan for 2907720a31faf7bacfc571e60a39b32d52609c81800675cb9fec9dd5bf56fbde at 2017-07-29 14:26:08 UTC - VirusTotal

VirusTotal

With best Regards
Mops21
 

Attachments

Jul 29, 2017
1
0
Operating System
Windows 10
Installed Antivirus
Avast
Zemana reports aeroadmin as malware and will not allow the application to run and automatically deletes the exe when downloaded.

aeroadmin is not malware at all
 
Mar 10, 2017
157
360
Operating System
Windows 10
Installed Antivirus
Emsisoft
Zemana reports aeroadmin as malware and will not allow the application to run and automatically deletes the exe when downloaded.

aeroadmin is not malware at all
If you use automatically , usually Zemana only quarantine the files ,
But if your Zemana deletes the files , you can change in the setting ,
using quarantine still can save back the files .

By the way ,
I think Zemana official won't come here and see this post ,
if you are sure there is a false alert , you can send a email to them :)
 

catspc

New Member
Sep 28, 2017
1
0
Operating System
Windows 10
Installed Antivirus
Zemana
Today the Windows Store on my Win 10 x64 machine updated the built-in MS "Mail & Calendar" app. After it had installed, I launched the mail app and my Zemana Antimalware (Premium) flagged it as malware. So I tried the calendar app and the same thing happened. Both apps were quarantined.

I could not find an option within the Zemana software to report a false positive, and I was unable to upload the file to virustotal or jotti's as the files are in the WindowsApps folder which does not permit access. So I took a screen snip to show the file paths from the quarantine. I imagine this is a FP as the app is Microsoft's own software and was updated via the Windows Store. It hasn't flagged any other version of this app - just the one released today (version 17.8500.40955.0). I did try contacting Zemana via their support page using the bug report form, but I'm not sure it went through OK (the page it redirected to after submitting didn't finish loading). Here is the snip from my quarantine.

If Zemana monitor this thread, would they be able to advise me if this is a genuine detection or a false positive? If it's a FP I'd like to restore it as I do use both. Thanks.
 

Attachments

Valinorum

Removal Expert
Staff member
Apr 21, 2014
2
20
This is indeed an FP. I will ask the dev to whitelist the latest files. In the meantime, restore them from Quarantine and exclude them.
Thank you for reporting.
 
Likes: GonzitoVir