WINAMP.COM | Forums : Powered by vBulletin version 2.3.9 WINAMP.COM | Forums > Developer Center > NSIS Discussion > NSIS 2.17 vs Symantec = Trojan.Zlob (here we go again)
  Last Thread   Next Thread
Author
Thread Post New Thread    Post A Reply
intelworker
Junior Member

Registered: Jul 2006
From:

Angry NSIS 2.17 vs Symantec = Trojan.Zlob (here we go again)

Yeah, it seems symantec updated it's virus definitions again and all uninstallation files recognize like Trojan.Zlob. And now i even can't download and run nsis installation package.
Checked using:
Norton Antivirus 2006.
Symantec Antivirus 10.0 Corporate Edition.
Developers, please do something with that idiots in symantec
Nsis is a Great job, btw

Quick Link | Report this post to a moderator | IP: Logged

intelworker is offline Old Post 07-01-2006 11:28 PM
Click Here to See the Profile for intelworker Click here to Send intelworker a Private Message Find more posts by intelworker Add intelworker to your buddy list Edit/Delete Message Reply w/Quote
Joel
Debian user
(Forum King)

Registered: Jan 2003
From: Ubuntu land

Well, so you know is a false positive...don't need to be alarm.

Have a nice day

__________________

* Intel Core 2 DUO E6550 @ 2.33 GHz with 2 GB RAM.
* Ubuntu 9.10 64-bits.
* Firefox (Namoroka) 3.6.2.
* lighttpd, php5, perl, eruby, python.
* geany, XHTML & CSS & JavaScript, Gtk+, QT4, bindings.

Quick Link | Report this post to a moderator | IP: Logged

Joel is offline Old Post 07-02-2006 12:42 AM
Click Here to See the Profile for Joel Click here to Send Joel a Private Message Click Here to Email Joel Visit Joel's homepage! Find more posts by Joel Add Joel to your buddy list Edit/Delete Message Reply w/Quote
Brummelchen
Major Dude

Registered: May 2003
From:

/ot
>> Developers, please do something with that idiots in symantec

rough words - forum, ban these (...) Symantec consumers.

Symatec products always suck - and they suck ev'time a bit more.

I never had a postive false with NOD, but i see lots with Symantec, McAfee, KAV, and some more.

and one more - symantec has a deal with microsoft that some nice tweaking and modifier tools where treaten as virus/trojans/aso.

__________________
Greets, Brummelchen

Quick Link | Report this post to a moderator | IP: Logged

Brummelchen is offline Old Post 07-02-2006 01:17 AM
Click Here to See the Profile for Brummelchen Click here to Send Brummelchen a Private Message Find more posts by Brummelchen Add Brummelchen to your buddy list Edit/Delete Message Reply w/Quote
kookh
Junior Member

Registered: Apr 2006
From:

well I am sure it is a false positive... but people using my installer are reporting Trojan.Zlob found with Norton Antivirus. I can't have that, can anyone do anything about this? or tell me what needs to be done to avoid it?

Quick Link | Report this post to a moderator | IP: Logged

kookh is offline Old Post 07-02-2006 03:10 AM
Click Here to See the Profile for kookh Click here to Send kookh a Private Message Find more posts by kookh Add kookh to your buddy list Edit/Delete Message Reply w/Quote
kichik
M.I.A.
[NSIS Dev, Mod]

Registered: Oct 2001
From: Israel

  • Make sure they're using the latest definitions, because this has, as far as I know, already been fixed.
  • If it hasn't been fixed, report this to Symantec and give them my e-mail for more details (kichik@users.sf.net).
  • Rebuild your installer with another version, such as the newly released 2.18.

__________________
NSIS FAQ | NSIS Home Page | Donate $
"I hear and I forget. I see and I remember. I do and I understand." -- Confucius

Quick Link | Report this post to a moderator | IP: Logged

kichik is offline Old Post 07-02-2006 04:23 AM
Click Here to See the Profile for kichik Click here to Send kichik a Private Message Visit kichik's homepage! Find more posts by kichik Add kichik to your buddy list Edit/Delete Message Reply w/Quote
kookh
Junior Member

Registered: Apr 2006
From:

Thank you, I'll follow steps 1 and 3 for now.

Quick Link | Report this post to a moderator | IP: Logged

kookh is offline Old Post 07-02-2006 04:51 AM
Click Here to See the Profile for kookh Click here to Send kookh a Private Message Find more posts by kookh Add kookh to your buddy list Edit/Delete Message Reply w/Quote
Brummelchen
Major Dude

Registered: May 2003
From:

>> such as the newly released 2.18

And again i miss the News for that...

__________________
Greets, Brummelchen

Quick Link | Report this post to a moderator | IP: Logged

Brummelchen is offline Old Post 07-02-2006 11:42 AM
Click Here to See the Profile for Brummelchen Click here to Send Brummelchen a Private Message Find more posts by Brummelchen Add Brummelchen to your buddy list Edit/Delete Message Reply w/Quote
tigereye
Junior Member

Registered: Oct 2002
From:

Kichik,

I can second intelworker's issue. SAV 10 corporate with 7/1/06 v8 defs, which are latest as of right now (10:00 AM EST). I'll email Symantec, and give them your info, as I've got over multiple packages deployed to 70,000 users that can't be updated on the fly. ;-)

Thanks for the help.

Mike

Quick Link | Report this post to a moderator | IP: Logged

tigereye is offline Old Post 07-02-2006 02:10 PM
Click Here to See the Profile for tigereye Click here to Send tigereye a Private Message Click Here to Email tigereye Find more posts by tigereye Add tigereye to your buddy list Edit/Delete Message Reply w/Quote
Afrow UK
Moderator

Registered: Nov 2002
From: Shropshire, England

Updated the false positives page.

-Stu

__________________
afrowuk.co.uk

Quick Link | Report this post to a moderator | IP: Logged

Afrow UK is offline Old Post 07-02-2006 02:30 PM
Click Here to See the Profile for Afrow UK Click here to Send Afrow UK a Private Message Click Here to Email Afrow UK Visit Afrow UK's homepage! Find more posts by Afrow UK Add Afrow UK to your buddy list Edit/Delete Message Reply w/Quote
Joel
Debian user
(Forum King)

Registered: Jan 2003
From: Ubuntu land

I think there should be a sticky about false positives

__________________

* Intel Core 2 DUO E6550 @ 2.33 GHz with 2 GB RAM.
* Ubuntu 9.10 64-bits.
* Firefox (Namoroka) 3.6.2.
* lighttpd, php5, perl, eruby, python.
* geany, XHTML & CSS & JavaScript, Gtk+, QT4, bindings.

Quick Link | Report this post to a moderator | IP: Logged

Joel is offline Old Post 07-02-2006 02:38 PM
Click Here to See the Profile for Joel Click here to Send Joel a Private Message Click Here to Email Joel Visit Joel's homepage! Find more posts by Joel Add Joel to your buddy list Edit/Delete Message Reply w/Quote
Afrow UK
Moderator

Registered: Nov 2002
From: Shropshire, England

Good idea. I'll see what I can do.

Edit: I'll let Kichik create an announcement post as he knows best

-Stu

__________________
afrowuk.co.uk

Quick Link | Report this post to a moderator | IP: Logged

Afrow UK is offline Old Post 07-02-2006 05:10 PM
Click Here to See the Profile for Afrow UK Click here to Send Afrow UK a Private Message Click Here to Email Afrow UK Visit Afrow UK's homepage! Find more posts by Afrow UK Add Afrow UK to your buddy list Edit/Delete Message Reply w/Quote
kookh
Junior Member

Registered: Apr 2006
From:

Does 2.18 cause the same problem ?

Quick Link | Report this post to a moderator | IP: Logged

kookh is offline Old Post 07-03-2006 11:28 AM
Click Here to See the Profile for kookh Click here to Send kookh a Private Message Find more posts by kookh Add kookh to your buddy list Edit/Delete Message Reply w/Quote
Comperio
Major Dude

Registered: Jan 2005
From: Oregon Coast

I had quite a few of my installs wiped out by this latest problem with Symantec.

So far, however, rebuilding them in NSIS version 2.18 seems to have worked. (Using a different compression algorithm may also work, although I've found nothing concrete to support this claim.)

Quick Link | Report this post to a moderator | IP: Logged

Comperio is offline Old Post 07-03-2006 11:20 PM
Click Here to See the Profile for Comperio Click here to Send Comperio a Private Message Find more posts by Comperio Add Comperio to your buddy list Edit/Delete Message Reply w/Quote
dhalsim2
Junior Member

Registered: Jul 2006
From:

Thumbs down

quote:
Does 2.18 cause the same problem ?


I just installed 2.18 to get around this problem. Didn't work.

Quick Link | Report this post to a moderator | IP: Logged

dhalsim2 is offline Old Post 07-03-2006 11:32 PM
Click Here to See the Profile for dhalsim2 Find more posts by dhalsim2 Add dhalsim2 to your buddy list Edit/Delete Message Reply w/Quote
zeeh3
Senior Member

Registered: Aug 2005
From: Brazil

I have installed 2.18 and no problems at all.

Quick Link | Report this post to a moderator | IP: Logged

zeeh3 is offline Old Post 07-03-2006 11:52 PM
Click Here to See the Profile for zeeh3 Click here to Send zeeh3 a Private Message Find more posts by zeeh3 Add zeeh3 to your buddy list Edit/Delete Message Reply w/Quote
dhalsim2
Junior Member

Registered: Jul 2006
From:

I had 2.17 installed. Got the error. Found this message thread. Read that 2.18 doesn't have the problem, then downloaded and installed 2.18 (and selected the option to remove the old version). Right after installation, my Symantec deleted lmza_solid as shown in my attached screen shot.

I uninstalled 2.18 and reinstalled it. It didn't happen the second time. Weird.

Attachment: threat history.gif
This has been downloaded 1107 time(s).

Quick Link | Report this post to a moderator | IP: Logged

dhalsim2 is offline Old Post 07-04-2006 12:14 AM
Click Here to See the Profile for dhalsim2 Find more posts by dhalsim2 Add dhalsim2 to your buddy list Edit/Delete Message Reply w/Quote
Joel
Debian user
(Forum King)

Registered: Jan 2003
From: Ubuntu land

Well...instead unistalling NSIS, you can uninstall symantec and try another AV product?

__________________

* Intel Core 2 DUO E6550 @ 2.33 GHz with 2 GB RAM.
* Ubuntu 9.10 64-bits.
* Firefox (Namoroka) 3.6.2.
* lighttpd, php5, perl, eruby, python.
* geany, XHTML & CSS & JavaScript, Gtk+, QT4, bindings.

Quick Link | Report this post to a moderator | IP: Logged

Joel is offline Old Post 07-04-2006 01:51 PM
Click Here to See the Profile for Joel Click here to Send Joel a Private Message Click Here to Email Joel Visit Joel's homepage! Find more posts by Joel Add Joel to your buddy list Edit/Delete Message Reply w/Quote
Afrow UK
Moderator

Registered: Nov 2002
From: Shropshire, England

That's what I would suggest as well

__________________
afrowuk.co.uk

Quick Link | Report this post to a moderator | IP: Logged

Afrow UK is offline Old Post 07-04-2006 01:53 PM
Click Here to See the Profile for Afrow UK Click here to Send Afrow UK a Private Message Click Here to Email Afrow UK Visit Afrow UK's homepage! Find more posts by Afrow UK Add Afrow UK to your buddy list Edit/Delete Message Reply w/Quote
kookh
Junior Member

Registered: Apr 2006
From:

quote:
Originally posted by Joel
Well...instead unistalling NSIS, you can uninstall symantec and try another AV product?

And what about people using my installer? What kind of trust would I be showing if I tell them to uninstall Norton/Symantec?

Quick Link | Report this post to a moderator | IP: Logged

kookh is offline Old Post 07-04-2006 02:56 PM
Click Here to See the Profile for kookh Click here to Send kookh a Private Message Find more posts by kookh Add kookh to your buddy list Edit/Delete Message Reply w/Quote
Comperio
Major Dude

Registered: Jan 2005
From: Oregon Coast

FYI:
After installing updates to Symantec (Corporate edition), the problems went away not only in my installations, but also 3rd party installations (such as the one for FileZilla and InkScape).

Just in case it's useful for anyone, here are the details on the version I was using:
Program version: 10.0.2.2000
Scan Engine: 61.1.0.11
Virus Definition File: 7/3/2006 rev.22

Quick Link | Report this post to a moderator | IP: Logged

Comperio is offline Old Post 07-04-2006 03:00 PM
Click Here to See the Profile for Comperio Click here to Send Comperio a Private Message Find more posts by Comperio Add Comperio to your buddy list Edit/Delete Message Reply w/Quote
Yathosho
Forum King

Registered: Jan 2002
From: AT-DE

brummelchen: if you miss new releases, you should monitor them!

__________________
Fossil 2002 III | VISBOT TV | NSIS Icons | PimpBot | Old Winamp Forums look?

Quick Link | Report this post to a moderator | IP: Logged

Yathosho is offline Old Post 07-04-2006 04:23 PM
Click Here to See the Profile for Yathosho Click here to Send Yathosho a Private Message Visit Yathosho's homepage! Find more posts by Yathosho Add Yathosho to your buddy list Edit/Delete Message Reply w/Quote
dhalsim2
Junior Member

Registered: Jul 2006
From:

quote:
Originally posted by Joel
Well...instead unistalling NSIS, you can uninstall symantec and try another AV product?


I don't use Symantec at home, but it's the standard at my company. But even if it were up to me, I can't make my ~1,000,000 users switch and wouldn't want to.

Quick Link | Report this post to a moderator | IP: Logged

dhalsim2 is offline Old Post 07-04-2006 09:28 PM
Click Here to See the Profile for dhalsim2 Find more posts by dhalsim2 Add dhalsim2 to your buddy list Edit/Delete Message Reply w/Quote
Comm@nder21
Major Dude

Registered: Jul 2003
From: germany, b-w

AntiVir, also known as Free-AV found the same virus in the installer of Ubisofts "The Settlers II - Heritage of Kings" Demo installer.

Yes, they seem to use NSIS!

False Positive was corrected in recent definition updates, but i added it to the Wiki

__________________
hand by comm@nder21
----------
WiKi pages:CreateInternetShortcut|Enhanced FindWindow|Parse CSV-Data|Open/Close CD-Drive|Installer without Icon|Vista application compatibility

Quick Link | Report this post to a moderator | IP: Logged

Comm@nder21 is offline Old Post 07-05-2006 12:03 PM
Click Here to See the Profile for Comm@nder21 Click here to Send Comm@nder21 a Private Message Click Here to Email Comm@nder21 Visit Comm@nder21's homepage! Find more posts by Comm@nder21 Add Comm@nder21 to your buddy list Edit/Delete Message Reply w/Quote
All times are GMT. The time now is 07:01 PM. Post New Thread    Post A Reply
  Last Thread   Next Thread
WINAMP.COM | Forums : Powered by vBulletin version 2.3.9 WINAMP.COM | Forums > Developer Center > NSIS Discussion > NSIS 2.17 vs Symantec = Trojan.Zlob (here we go again)
Show Printable Version
 | 
Email this Page
 | 
Subscribe to this Thread

Forum Jump:
 

Forum Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts 		HTML code is off
vB code is ON
Smilies are ON
[IMG] code is ON