Avira warned me that <http://www.zedtek.com/download/ztw22x86.exe> would be
accessing a malware site. zedtek.com itself didn't get flagged. Is Ztree
malware? It seemed nice to have a modern tool similar to the old Xtree
program, but I don't need malware ...
--
Best regards
Han
email address is invalid
From: "Han" <nobody@nospam.not>
> Avira warned me that <http://www.zedtek.com/download/ztw22x86.exe> would be
> accessing a malware site. zedtek.com itself didn't get flagged. Is Ztree
> malware? It seemed nice to have a modern tool similar to the old Xtree
> program, but I don't need malware ...
>
Hi Han:
It is most likely a False Positive declaration. The executable is digitally signed with 0
hits on Virus Total.
While I have not heard of them, zedtek.com has been around since 1998.
--
Dave
Multi-AV Scanning Tool - http://www.pctipp.ch/downloads/dl/35905.asp
From: "David H. Lipman" <DLipman~nospam~@Verizon.Net>
ADDENDUM:
Analysis of the installer does not show malicious activity.
--
Dave
Multi-AV Scanning Tool - http://www.pctipp.ch/downloads/dl/35905.asp
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in
news:itd46e023va@news3.newsguy.com:
> From: "David H. Lipman" <DLipman~nospam~@Verizon.Net>
>
> ADDENDUM:
>
> Analysis of the installer does not show malicious activity.
Thanks, David!!
--
Best regards
Han
email address is invalid
From: "Han" <nobody@nospam.not>
> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in
> news:itd46e023va@news3.newsguy.com:
>
>> From: "David H. Lipman" <DLipman~nospam~@Verizon.Net>
>>
>> ADDENDUM:
>>
>> Analysis of the installer does not show malicious activity.
>
> Thanks, David!!
>
All the best Han :-)
--
Dave
Multi-AV Scanning Tool - http://www.pctipp.ch/downloads/dl/35905.asp
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in news:itdbph02g60
@news1.newsguy.com:
> From: "Han" <nobody@nospam.not>
>
>> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in
>> news:itd46e023va@news3.newsguy.com:
>>
>>> From: "David H. Lipman" <DLipman~nospam~@Verizon.Net>
>>>
>>> ADDENDUM:
>>>
>>> Analysis of the installer does not show malicious activity.
>>
>> Thanks, David!!
>>
>
> All the best Han :-)
I forgot all about how to use it. Steeper learning curve than I thought.
If all one wants is to search for file or folder names, "Search
Everything" can't be beat ...
--
Best regards
Han
email address is invalid
Han wrote:
> Avira warned me that <http://www.zedtek.com/download/ztw22x86.exe> would be
> accessing a malware site. zedtek.com itself didn't get flagged. Is Ztree
> malware? It seemed nice to have a modern tool similar to the old Xtree
> program, but I don't need malware ...
So are you talking about Avast's Web Shield issuing an alert? If so,
does that site permit 3rd party content on their site? Do links go
through some "selector", especially an offsite redirector, rather than
provide a direct link to the content? I didn't notice (visually, not by
HTML inspection) this stuff at http://www.ztree.com/html/download.htm
(would've been nice if you gave the web page where is the link you
gave).
Did the warning about "accessing a malware site" come when you visited
the download page, when you clicked on the link for the file, during the
download of the file, or after you tried running the file from a local
copy deposited on your host after the download completed?
I downloaded (but did not run) the ztw22x86.exe file. No alert from
Avast (Web Shield or File Shield). I don't want the product so I didn't
run the installer. You never mentioned running the installer so
presumably just downloading the file cause the alert for you. I didn't
get one. I right-clicked on the file and scanned again. No alert.
I have Avast Free 6.0.1125 installed. You never mentioned which version
you have and if free or paid version. For me, signatures were updated
6/16/2011 @ 3:16:05AM, version 110616-0. You didn't mention when was
your last signature update. It's also possible you have your instance
of Avast configured to be more aggressive than mine.
Submitting the .exe file to VirusTotal. Got 1 hit: VBA32
(Trojan.SB.0505). Haven't a clue what is VBA32. After 5 minutes of
drilling around their site looking for a list of AV vendors, I gave up
and did a Google Search. Never heard of VirusBlokAda before today
(http://en.wikipedia.org/wiki/Vba32_AntiVirus). With the preponderance
of well-known AV products not triggering on this file, it doesn't look
infected (using only signatures for detection).
VanguardLH <V@nguard.LH> wrote in news:itdmhq$898$1@news.albasani.net:
> Han wrote:
>
>> Avira warned me that <http://www.zedtek.com/download/ztw22x86.exe>
>> would be accessing a malware site. zedtek.com itself didn't get
>> flagged. Is Ztree malware? It seemed nice to have a modern tool
>> similar to the old Xtree program, but I don't need malware ...
>
> So are you talking about Avast's Web Shield issuing an alert? If so,
> does that site permit 3rd party content on their site? Do links go
> through some "selector", especially an offsite redirector, rather than
> provide a direct link to the content? I didn't notice (visually, not
> by HTML inspection) this stuff at
> http://www.ztree.com/html/download.htm (would've been nice if you gave
> the web page where is the link you gave).
>
> Did the warning about "accessing a malware site" come when you visited
> the download page, when you clicked on the link for the file, during
> the download of the file, or after you tried running the file from a
> local copy deposited on your host after the download completed?
>
> I downloaded (but did not run) the ztw22x86.exe file. No alert from
> Avast (Web Shield or File Shield). I don't want the product so I
> didn't run the installer. You never mentioned running the installer
> so presumably just downloading the file cause the alert for you. I
> didn't get one. I right-clicked on the file and scanned again. No
> alert.
>
> I have Avast Free 6.0.1125 installed. You never mentioned which
> version you have and if free or paid version. For me, signatures were
> updated 6/16/2011 @ 3:16:05AM, version 110616-0. You didn't mention
> when was your last signature update. It's also possible you have your
> instance of Avast configured to be more aggressive than mine.
>
> Submitting the .exe file to VirusTotal. Got 1 hit: VBA32
> (Trojan.SB.0505). Haven't a clue what is VBA32. After 5 minutes of
> drilling around their site looking for a list of AV vendors, I gave up
> and did a Google Search. Never heard of VirusBlokAda before today
> (http://en.wikipedia.org/wiki/Vba32_AntiVirus). With the
> preponderance of well-known AV products not triggering on this file,
> it doesn't look infected (using only signatures for detection).
I do NOT have Avast, I have Avira Premium (paid), fully up to date. I
did give the full link to the file
<http://www.zedtek.com/download/ztw22x86.exe>, obviously on
www.zedtek.com.
To me it seemed indeed a false positive malware alert, since the
downloaded file did not give an alert, and having installed Ztree, it
didn't result in anything bad that I know off.
Thanks for your concern!
--
Best regards
Han
email address is invalid
Han wrote:
> I do NOT have Avast, I have Avira Premium (paid), fully up to date. I
> did give the full link to the file
Ooops. But, as I recall, the payware version of Avira includes its Web
Guard (same thing as Web Shield that comes in the free version of
Avast).
VanguardLH <V@nguard.LH> wrote in news:itebqe$htp$1@news.albasani.net:
> Han wrote:
>
>> I do NOT have Avast, I have Avira Premium (paid), fully up to date. I
>> did give the full link to the file
>
> Ooops. But, as I recall, the payware version of Avira includes its Web
> Guard (same thing as Web Shield that comes in the free version of
> Avast).
Yes, and for some reason it now flags downloads of exe files. SO I have to
turn the guard off and then back on again, or enter all the "exceptions".
Never happened before, but it happened again today with an updated version
of Roboform.
--
Best regards
Han
email address is invalid
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote