Assigned Zemana False Positive Report Thread

  • Thread starter Thread starter Deleted Member 333v73x
  • Start date Start date
This thread is being handled by a member of the staff.
Hi

I have 1 File for you for check

Security Center Disabled
Status : Gescannt
Object : HKLM\SYSTEM\CurrentControlSet\services\wscsvc\Start
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Verdächtige Einstellung
Cleaning Action : Reparieren
Related Objects :
Registry Eintrag - HKLM\SYSTEM\CurrentControlSet\services\wscsvc\Start = 4

With best Regards
Mops21
 

Attachments

  • Zemana Anti-Malware 2.70.2.118 FP 01.jpg
    Zemana Anti-Malware 2.70.2.118 FP 01.jpg
    264.9 KB · Views: 771
  • Like
Reactions: Der.Reisende
Mops21 said:
Hi

I have 1 File for you for check

Security Center Disabled
Status : Gescannt
Object : HKLM\SYSTEM\CurrentControlSet\services\wscsvc\Start
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Verdächtige Einstellung
Cleaning Action : Reparieren
Related Objects :
Registry Eintrag - HKLM\SYSTEM\CurrentControlSet\services\wscsvc\Start = 4

With best Regards
Mops21
Click to expand...

This isn't a false positive. It is a potentially unwanted modification sometimes made by malware. If you personally set this setting, you can exclude it.
 
  • Like
Reactions: XhenEd and Der.Reisende
TwinHeadedEagle said:
This isn't a false positive. It is a potentially unwanted modification sometimes made by malware. If you personally set this setting, you can exclude it.
Click to expand...

Ah okay thank you very much for your info, but why I have this now and not earlier this some Versions ago

With best Regards
Mops21
 
  • Like
Reactions: Der.Reisende
TwinHeadedEagle said:
This option was introduced on stable release from 23rd November.
Click to expand...

Hi

Yes, but I do not see this on the Changelog Site. I have contacted the Zemana Support for this. I will get Back then i have an andere from them

Zemana - AntiMalware and AntiLogger Protection

Zemana AntiMalware 2.70.2.25

Wednesday, November 23, 2016 10:40 AM
  • This is the stable release of the previous BETA version (2.70.1.25)
Zemana AntiMalware 2.70.1.25 Beta

Tuesday, November 22, 2016 12:42 PM
  • Improved cleaner.
  • Other minor improvements and fixes.
With best Regards
Mops21
 
  • Like
Reactions: _CyberGhosT_ and Der.Reisende
Here are some programs I have installed that are flagged by ZAM

YTD Video Downloader 5.8.2.1 (ytd.exe)
MD5: 53FAFEDCC195E2A50B45997EED6EDB88

KnowBe4 Ran Sim 1.0.2.4 (RanSimSetup.exe)
MD5: 6bf1b9589f41ff4108d114915f5a61c4

USB Guardian 3.9.0.0 (usb-guardian-setup.exe)
MD5: e0a541e0d9f7ccf195d8222c521ad591
 
They are all blacklisted in our database and you can see why:

Antivirus scan for 7caff78c6848f5e1e76ec349f68924d269eb85fdfe86f10f314fb9de72fcc572 at 2017-03-10 06:50:05 UTC - VirusTotal
Antivirus scan for 39da0ef064108e5d75428d726fa820d5283f40436d31845f4e3bc66fb5a4a486 at 2017-02-16 17:20:19 UTC - VirusTotal
Antivirus scan for fc4166df308a7ce17b0b370bb000163ffc8b2fb502789e7060dc0995475b25ca at 2017-03-13 04:59:42 UTC - VirusTotal

When I tried to download USB Guardian I was redirected to Reimage pop-ups so you should re-think what are you doing. These programs are far from legitimate and will stay blacklisted.
 
  • Like
Reactions: _CyberGhosT_ and Ink
Avast Web/Mail Shield Root
Status : Scanned
Object : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F9454AAA90B14EF80C495649B5512087426CAE4E\Blob
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Root CA
Cleaning Action : Exclude
Related Objects :
Registry Entry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F9454AAA90B14EF80C495649B5512087426CAE4E\Blob = 190000000100000010000000B6741A37045CDDB96B7D989290BDE40D0F00000001000000200000001C3A2AA592C58E225D98BFECE7723CB1F3CD7EDA1C74046F7F653130DEC66802030000000100000014000000F9454AAA90B14EF80C495649B5512087426CAE4E14000000010000001400000074C417CC7E09EC651E32F547497F857213BC6B1820000000010000000704000030820403308202EBA0030201020210773CCA941F71F040BB18044CE75F1298300D06092A864886F70D01010B0500308181313A3038060355040B0C3167656E65726174656420627920417661737420416E7469766972757320666F722053534C2F544C53207363616E6E696E67311E301C060355040A0C154176617374205765622F4D61696C20536869656C643123302106035504030C1A4176617374205765622F4D61696C20536869656C6420526F6F74301E170D3130303130313132303030305A170D3430303130313132303030305A308181313A3038060355040B0C3167656E65726174656420627920417661737420416E7469766972757320666F722053534C2F544C53207363616E6E696E67311E301C060355040A0C154176617374205765622F4D61696C20536869656C643123302106035504030C1A4176617374205765622F4D61696C20536869656C6420526F6F7430820122300D06092A864886F70D01010105000382010F003082010A0282010100C61FC5E2275C75D6791E680C069AB38348D7EFDE54A42BC3AD70AF77F422A9C10B2F1CA9C2450EA946F557AFFEF28AF8B6CAF86E907FBE61971075A4B23401B3CBA2B8F3128FC48DFBAAC7327F9DE0CB0BB7BB0D193FADC93420C1F66E240C56722BA59F878FB9C3C582D8F2FEC230EED99117B44F1A7A5F53FD006D791A596D2F0E426B4FFF88C4C04F64521EDB736A6DEF842E9FD16FDC757C4604557DDC07F9A8B35F87F7CEF6E2AD153F5C32C36B74663723F5ECAED2291251A45F0E9E175B91E6293690A8CEDC23D2E0511D1EA20CB0A58D974311FF60C033AEFF81BAD3DFE142CE26BCBEC5A67B68E97C142DA60D8A174A46495DFDE1B4E415F4E3703D0203010001A3753073300F0603551D13040830060101FF020100300B0603551D0F04040302020430130603551D25040C300A06082B06010505070301301D0603551D0E0416041474C417CC7E09EC651E32F547497F857213BC6B18301F0603551D2304183016801474C417CC7E09EC651E32F547497F857213BC6B18300D06092A864886F70D01010B05000382010100340F695C2477F744A20FDEDB231D6C16A29AB34606F72BFBC9E340F1D54F53D45DFAF1556641D02E229A128EF27A86FE6E8B12E4378AC37F24C0831D64C9F41F47DE60209BA5080DE0747C8C061A3F87D88DC40525C36FF25CC647900A056CA99950F8F321A06F25491B536EC0AF0510B825679B319935247CB7176863548F173961EC20041D51E79FDAE9A3AE40018ADC68D86E2A1F94B368DDD6F05F1BA41DEF161D4FEB68FF56F95AEC278492FF36150A33916D34AF3BC64A3309D860FF13438B34F85A006976A465C1DAAE006BA7AFBC96A8DD228A7AD2065FDEC50386CBF08937594C70C1138DA30F62EC65B6EDEE5C27E6854280FC3F1E2FAE4A893BF4

Firefox Search
Status : Scanned
Object : ƕigekeelsussƵnaraamat - EKI.ee - Eesti Keele Instituut
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Exclude
Related Objects :
Browser Setting - Firefox Search

Firefox Search
Status : Scanned
Object : ƕigekeelsussƵnaraamat - EKI.ee - Eesti Keele Instituut
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Exclude
Related Objects :
Browser Setting - Firefox Search

Firefox Search
Status : Scanned
Object : Osta - Oksjonid, kuulutused ja eripakkumised - enam pakkumisi - Osta.ee
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Suspicious Browser Setting
Cleaning Action : Repair
Related Objects :
Browser Setting - Firefox Search

Avast root CA. Also some pre-set Estonian search providers in Firefox (came with original install).
 
LiteManager False positive report
File

I am developer of LiteManager it is a legal remote control software, it is similar to TeamViewer. We have very friendly and safety interface. Our software is not virus or spy.
We don't have special secret functions all code is clear. Please remove us from virus (malware software).

When you run ROMServer.exe you can see License agreement window, User must accept it otherwise litemanager will not be running.

Our site LiteManager - unattended remote access software and support tools.

ashampoo_snap_2017-03-15_12h15m23s_002_-jpg.142905
 
Last edited by a moderator:
  • Like
Reactions: KevinYu0504 and RXZ6Q
Ayman A R said:
We are getting a false positive with these installers:
Is this the official place to report these?
Click to expand...

No , but ususally @TwinHeadedEagle will come here and take a look ,
he is working in Zemana ( if i do not make mistake) .
if the issue is confirm , than he will help to report to Zemana official .

If him do not response , you can send a message to him :)
 
  • Like
Reactions: frogboy

You may also like...