Zemana False Positive Report Thread

Discussion in 'Zemana' started by Tornado, Jan 24, 2016.

  1. TwinHeadedEagle

    TwinHeadedEagle Removal Expert
    Staff Member

    Mar 8, 2013
    21,734
    2,655
    Malware Removal, Gaming
    Windows 7
    ESET
    Not working for Zemana anymore ;)
     
  2. KevinYu0504

    KevinYu0504 Level 3

    Mar 10, 2017
    129
    291
    Taiwan
    Windows 10
    Emsisoft
    Oh...ok ,
    thx for telling ~

    But still great to see your are keep helping many people in Malware Removal Assistance :cool:

    By the way , is there any member in MalwareTips was from Zemana official ?
    i seems never see any Zemana official or developer appear at Malwaretips ...
     
    frogboy likes this.
  3. Winter Soldier

    Winter Soldier Level 25

    Feb 13, 2017
    1,466
    10,344
    PLC programmer - Robotics industry
    Wormhole
    Windows 10
    Emsisoft
    @Mert Can ALICI
     
    dinosaur07, frogboy and KevinYu0504 like this.
  4. KevinYu0504

    KevinYu0504 Level 3

    Mar 10, 2017
    129
    291
    Taiwan
    Windows 10
    Emsisoft
    Hi , bro , sorry to tell you the wrong information before ,
    but TwinHeadedEagle already confirm that he is not working for Zemana anymore ,
    so if you had any false alert want to report ,
    i will suggest you to send a email to official .

    you can find their email address at official website ,
    and feel free to contact them , you can just type a easy title with " false alert report " ,
    than Zemana will handle it .
     
  5. KevinYu0504

    KevinYu0504 Level 3

    Mar 10, 2017
    129
    291
    Taiwan
    Windows 10
    Emsisoft
    Cool , Thanks for tell me :)

    It's great to know there is still had Zemana official on Malwaretips ;)
     
    frogboy and Winter Soldier like this.
  6. Mops21

    Mops21 Level 22
    Trusted

    Oct 25, 2014
    1,131
    2,500
    #246 Mops21, Jun 14, 2017
    Last edited: Jun 14, 2017
    Hi all

    I have 2 False Positives for you

    shellfile.exe
    Status : Gescannt
    Object : %programfiles%\xvirus anti-malware\shellfile.exe
    MD5 : D291CD2D33AD06E8A85C8539DC8BF08B
    Publisher : -
    Size : 50688
    Version : 7.0.0.0
    Detection : Adware:Win32/Droon.A!Tttm
    Cleaning Action : Quarantäne
    Related Objects :
    Datei - %programfiles%\xvirus anti-malware\shellfile.exe
    Registry Eintrag - HKLM\Software\Classes\*\shell\xvirus_context\Command\@ = C:\Program Files (x86)\Xvirus Anti-Malware\shellfile.exe %1

    Antivirus scan for 0e520551c75b61fc9b25ceb55b81d78d3a0a906491fe1a2ee8ce1b8b877d755d at 2017-06-14 16:41:59 UTC - VirusTotal

    xvirusstart.exe
    Status : Gescannt
    Object : %programfiles%\xvirus anti-malware\xvirusstart.exe
    MD5 : 3BD1D71482C05A466AD251F2A51E1734
    Publisher : -
    Size : 82944
    Version : 7.0.0.8
    Detection : Adware:Win32/Fortif!Ekrk
    Cleaning Action : Quarantäne
    Related Objects :
    Datei - %programfiles%\xvirus anti-malware\xvirusstart.exe
    Planmäßige Aufgabe - C:\WINDOWS\System32\Tasks\Xvirus Startup

    Antivirus scan for 2907720a31faf7bacfc571e60a39b32d52609c81800675cb9fec9dd5bf56fbde at 2017-06-14 16:55:19 UTC - VirusTotal

    With best Regards
    Mops21
     

    Attached Files:

  7. KevinYu0504

    KevinYu0504 Level 3

    Mar 10, 2017
    129
    291
    Taiwan
    Windows 10
    Emsisoft
    @Mert Can ALICI

    Please help ;)
     
  8. steel9

    steel9 Level 3

    Jun 23, 2017
    143
    400
    Sweden
    Windows 10
    F-Secure
    Zemana also detects Chocolatey as a PUA. I think it's a false positive, I don't see anything unwanted with it.
     
  9. Mops21

    Mops21 Level 22
    Trusted

    Oct 25, 2014
    1,131
    2,500
    Hi @TwinHeadedEagle and Hi @Dani Santos

    I have 2 Files for you

    shellfile.exe
    Status : Gescannt
    Object : %programfiles%\xvirus anti-malware\shellfile.exe
    MD5 : D291CD2D33AD06E8A85C8539DC8BF08B
    Publisher : -
    Size : 50688
    Version : 7.0.0.0
    Detection : Adware:Win32/Droon.A!Tttm
    Cleaning Action : Quarantäne
    Related Objects :
    Datei - %programfiles%\xvirus anti-malware\shellfile.exe
    Registry Eintrag - HKLM\Software\Classes\*\shell\xvirus_context\Command\@ = C:\Program Files (x86)\Xvirus Anti-Malware\shellfile.exe %1

    xvirusstart.exe
    Status : Gescannt
    Object : %programfiles%\xvirus anti-malware\xvirusstart.exe
    MD5 : 3BD1D71482C05A466AD251F2A51E1734
    Publisher : -
    Size : 82944
    Version : 7.0.0.8
    Detection : Adware:Win32/Fortif!Ekrk
    Cleaning Action : Quarantäne
    Related Objects :
    Datei - %programfiles%\xvirus anti-malware\xvirusstart.exe
    Planmäßige Aufgabe - C:\WINDOWS\System32\Tasks\Xvirus startup

    shellfile.exe

    Antivirus scan for 0e520551c75b61fc9b25ceb55b81d78d3a0a906491fe1a2ee8ce1b8b877d755d at 2017-07-29 14:24:30 UTC - VirusTotal

    VirusTotal

    xvirusstart.exe

    Antivirus scan for 2907720a31faf7bacfc571e60a39b32d52609c81800675cb9fec9dd5bf56fbde at 2017-07-29 14:26:08 UTC - VirusTotal

    VirusTotal

    With best Regards
    Mops21
     

    Attached Files:

  10. pistol22cal

    pistol22cal New Member

    Jul 29, 2017
    1
    0
    United States
    Windows 10
    Avast
    Zemana reports aeroadmin as malware and will not allow the application to run and automatically deletes the exe when downloaded.

    aeroadmin is not malware at all
     
  11. KevinYu0504

    KevinYu0504 Level 3

    Mar 10, 2017
    129
    291
    Taiwan
    Windows 10
    Emsisoft
    If you use automatically , usually Zemana only quarantine the files ,
    But if your Zemana deletes the files , you can change in the setting ,
    using quarantine still can save back the files .

    By the way ,
    I think Zemana official won't come here and see this post ,
    if you are sure there is a false alert , you can send a email to them :)
     
  12. Valinorum

    Valinorum Removal Expert
    Staff Member

    Apr 21, 2014
    2
    20
    Just an update, as a Zemana Official, I will be monitoring the thread. Thank you for all the input. Your contribution helps us to make the product better to aid your protection. :)
     
  13. ispx

    ispx Level 13

    Jun 21, 2017
    612
    3,653
    not reachable
    it is a pleasure to have you around (y)

    regards.
     
  14. catspc

    catspc New Member

    Sep 28, 2017
    1
    0
    New Zealand
    Windows 10
    Zemana
    Today the Windows Store on my Win 10 x64 machine updated the built-in MS "Mail & Calendar" app. After it had installed, I launched the mail app and my Zemana Antimalware (Premium) flagged it as malware. So I tried the calendar app and the same thing happened. Both apps were quarantined.

    I could not find an option within the Zemana software to report a false positive, and I was unable to upload the file to virustotal or jotti's as the files are in the WindowsApps folder which does not permit access. So I took a screen snip to show the file paths from the quarantine. I imagine this is a FP as the app is Microsoft's own software and was updated via the Windows Store. It hasn't flagged any other version of this app - just the one released today (version 17.8500.40955.0). I did try contacting Zemana via their support page using the bug report form, but I'm not sure it went through OK (the page it redirected to after submitting didn't finish loading). Here is the snip from my quarantine.

    If Zemana monitor this thread, would they be able to advise me if this is a genuine detection or a false positive? If it's a FP I'd like to restore it as I do use both. Thanks.
     

    Attached Files:

  15. Valinorum

    Valinorum Removal Expert
    Staff Member

    Apr 21, 2014
    2
    20
    This is indeed an FP. I will ask the dev to whitelist the latest files. In the meantime, restore them from Quarantine and exclude them.
    Thank you for reporting.
     
    GonzitoVir likes this.
  16. cc2150dx

    cc2150dx Level 1

    May 4, 2014
    42
    51
    Windows 10
    Kaspersky
    Zemana reports 'Kaspersky Protection' addon.

    false positive.jpg

    VirusTotal
     
    frogboy likes this.
  17. harlan4096

    harlan4096 Moderator
    Staff Member AV Tester

    Apr 28, 2015
    2,632
    20,735
    Almería (Spain)
    Windows 10
    Kaspersky
    You should report to Zemana this false positive...
     
    cc2150dx, Sunshine-boy and frogboy like this.
  18. cc2150dx

    cc2150dx Level 1

    May 4, 2014
    42
    51
    Windows 10
    Kaspersky
    did that :)

    This happened during a full scan. When this file is scanned manually by Zemana, it is safe. Odd
     
    GonzitoVir, frogboy and harlan4096 like this.
  19. Emanuel.

    Emanuel. Level 2

    Nov 28, 2016
    80
    123
    World
    [​IMG]

    False positive in FF search engine. Mercadolibre is a Latin American company like Amazon.
     
    GonzitoVir likes this.
Loading...