Jump to content

win32.trojandownloader.Zlob


yelloweye

Recommended Posts

yelloweye,

 

If you don't want to accept the advice that this is a false positive, you can:

 

Contact F-Secure yourself and get their advice.

 

- or -

 

Wait and try to install CCleaner next week. In the meantime F-Secure will probably fix their problem.

 

- or -

 

Go away.

Link to comment
Share on other sites

I have been a user of ccleaner for many years, and now use it in a secure work environment where everything has to pass through many scanners, and an install watcher to check for any back doors.

 

I am happy to say that the slim package we use is 100% free of vermin, back doors, and animals that pose as horses.

 

Sample of the Scanner list

Nod32

F-secure

NAV (2000/2006)

AVG

Spybot

 

[edit]Typos/

Link to comment
Share on other sites

Hi All

 

Well... I don't like "flames" when it?s about false/positives :o

 

Users in Sweden reported exactly the same.

 

The file involved is InstallOptions.dll, this file is created during setup in a

temporarily folder.

 

From F-Secures logfile:

 

Win32.Trojandownloader.Zlob (Malware)

 

FILE:C:\DOCUME~1\GRAN~1\LOKALA~1\Temp\nsh216.tmp\InstallOptions.dll

 

 

I have scanned this file yesterday evening with Virustotal and also today with F-Secures scanner

without any alarm.

 

This must be challenge for F-Secure to solve.

 

regards

plun

 

 

Complete scanning result of "InstallOptions.dll", received in VirusTotal at 10.19.2006, 23:01:47 (CET).

 

Antivirus Version Update Result

AntiVir 7.2.0.31 10.19.2006 no virus found

Authentium 4.93.8 10.19.2006 no virus found

Avast 4.7.892.0 10.19.2006 no virus found

AVG 386 10.19.2006 no virus found

BitDefender 7.2 10.19.2006 no virus found

CAT-QuickHeal 8.00 10.19.2006 no virus found

ClamAV devel-20060426 10.19.2006 no virus found

eTrust-InoculateIT 23.73.29 10.19.2006 no virus found

eTrust-Vet 30.3.3143 10.19.2006 no virus found

DrWeb 4.33 10.19.2006 no virus found

Ewido 4.0 10.19.2006 no virus found

Fortinet 2.82.0.0 10.19.2006 no virus found

F-Prot 3.16f 10.19.2006 no virus found

F-Prot4 4.2.1.29 10.19.2006 no virus found

Ikarus 0.2.65.0 10.19.2006 no virus found

Kaspersky 4.0.2.24 10.19.2006 no virus found

McAfee 4877 10.19.2006 no virus found

Microsoft 1.1603 10.19.2006 no virus found

NOD32v2 1.1817 10.19.2006 no virus found

Norman 5.80.02 10.19.2006 no virus found

Panda 9.0.0.4 10.19.2006 no virus found

Sophos 4.10.0 10.15.2006 no virus found

TheHacker 6.0.1.101 10.19.2006 no virus found

UNA 1.83 10.19.2006 no virus found

VBA32 3.11.1 10.19.2006 no virus found

VirusBuster 4.3.7:9 10.19.2006 no virus found

 

Aditional Information

File size: 12800 bytes

MD5: 444e1109d960c307df0ca2b33a24731b

SHA1: 55e3b57d06128911ed4af44858d199d9b1945edc

 

 

 

 

http://support.f-secure.com/enu/home/ols.shtml

 

Citat:

Scanning Report

Friday, October 20, 2006 12:01:44 - 12:02:22

Computer name:

Scanning type: Scan target for viruses

Target: C:\Documents and Settings\MrX\Lokala inst?llningar\Temp\nsb95.tmp

 

 

--------------------------------------------------------------------------------

 

Result: 0 malware found

 

--------------------------------------------------------------------------------

 

Statistics

Scanned:

Files: 6

System: 0

Not scanned: 0

Actions:

Disinfected: 0

Renamed: 0

Deleted: 0

None: 0

Submitted: 0

Files not scanned:

 

--------------------------------------------------------------------------------

 

Options

Scanning engines:

F-Secure AVP: 6.0.171, 2006-10-20

F-Secure Libra: 2.4.1, 2006-10-20

F-Secure Orion: 1.2.37, 2006-10-20

F-Secure Blacklight: 1.0.31, 0000-00-00

F-Secure Pegasus: 1.19.0, 2006-08-29

F-Secure Draco: 1.0.35, 2006-10-18

Scanning options:

Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX

Use Advanced heuristics

 

Link to comment
Share on other sites

F-Secure behaviour confirmed; when I tried to install the latest CCleaner I got that warning. After a little wondering I disabled the anti-virus software first after having checked the installer package with no reaction. Then after CCleaner install I checked the system with no reaction, so it's the first time I got a false positive with F-Secure. But what have you changed to mislead F-Secure - or perhaps F-Secure definitions have changed to give that false positive. I have had CCleaner installed perhaps 2 years as well as F-Secure but it's the first time I got that warning. And I regard both softwares as highly recommended!

Link to comment
Share on other sites

I have sent another email to f-secure with a link to this thread.

 

 

Hi hazelnut

 

This is probably a better entrance for a f/P trouble and also for all F-Secure users with this "challenge".

 

http://support.f-secure.com/enu/home/virusproblem/sample/

 

Undetected viruses

If you have a virus sample that is not detected or it causes a false alarm with F-Secure Virus Protection, please submit a sample of such file to F-Secure.

 

Direct:

http://support.f-secure.com/enu/home/virus...ex_sample.shtml

 

F-Secure operates one office in Helsinki and also one in Malaysia, Kuala Lumpur so someone

is for sure awake... :)

 

regards

plun

Link to comment
Share on other sites

  • Moderators

This has gotten out of hand. The level of respect that is usually kept on this forum is nowhere to be found in this topic. <_<

 

The bottom line is that the only problem is a false positive detection from fsecure. All that will have to be done is MrG will have to contact F-Secure and have them correct their detections.

 

This topic will be locked and an update will be posted in the future when this issue has been resolved.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.