Jump to content


Photo

false positive on Zinstall files


  • Please log in to reply
3 replies to this topic

#1 biker

biker

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 18 October 2010 - 07:37 AM

Ad-aware crashing Zinstall virtual XP machine running on Win 7. Having problems with several Zinstall file. A sample log file attached for zinstallhelperservice.exe quarentine and subsequent deletion.

Sid

Attached Files



#2 LS Andy

LS Andy

    Lavasoft Staff/Forum Overlord

  • Root Admin
  • 1534 posts

Posted 18 October 2010 - 02:58 PM

Ad-aware crashing Zinstall virtual XP machine running on Win 7. Having problems with several Zinstall file. A sample log file attached for zinstallhelperservice.exe quarentine and subsequent deletion.

Sid


Hi Sid,

Thanks for posting. Could I ask you to take the detected "C:\windows\SysWOW64\zinstall_xp7\ZinstallHelperService.exe" file out of quarantine and upload it here?

Andy
Lavasoft Malware Labs
unsolicited@tenalia.com

#3 biker

biker

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 18 October 2010 - 04:43 PM

Hi Sid,

Thanks for posting. Could I ask you to take the detected "C:\windows\SysWOW64\zinstall_xp7\ZinstallHelperService.exe" file out of quarantine and upload it here?

Andy
Lavasoft Malware Labs


The file is not in quarantine as it was deleted when the computer reboted. I reinstalled the whole program'
and have it back. (a real pain)

The file is ~ 11 Mb regular or zipped, I think I'll have to e-mail it to you. There are 4,738 Files, 390 Folders in that SysWOW64 folder, several of which have gotten false positives already. I think you will need to contact the people at Zinstall.com to get a list of their files so ad-aware can stop removing them. Zinstall is a big program with many moving parts that can be impacted by virus scanners and malware searchs like yours. I'm just a Zinstall and Ad-Aware user caught in the middle.

Sid

#4 LS Andy

LS Andy

    Lavasoft Staff/Forum Overlord

  • Root Admin
  • 1534 posts

Posted 19 October 2010 - 12:42 PM

Hi Sid,

Thanks for getting back to me. The reason I'm asking for the files is that they are detected by the heuristic engine - there is no specific signature that detects these exact files. Without access to the files, it makes it impossible to investigate.

Since you have the detected files on your PC, it would be really helpful if you could send them to me. I've sent you a PM with an alternative way to get the files to me. If that's not an option for you, let me know and we'll work something else out. Thanks!

Andy



The file is not in quarantine as it was deleted when the computer reboted. I reinstalled the whole program'
and have it back. (a real pain)

The file is ~ 11 Mb regular or zipped, I think I'll have to e-mail it to you. There are 4,738 Files, 390 Folders in that SysWOW64 folder, several of which have gotten false positives already. I think you will need to contact the people at Zinstall.com to get a list of their files so ad-aware can stop removing them. Zinstall is a big program with many moving parts that can be impacted by virus scanners and malware searchs like yours. I'm just a Zinstall and Ad-Aware user caught in the middle.

Sid


unsolicited@tenalia.com




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users