NSIS 2.17 vs Symantec = Trojan.Zlob (here we go again)

intelworker · 1st July 2006, 23:28

Yeah, it seems symantec updated it's virus definitions again and all uninstallation files recognize like Trojan.Zlob. And now i even can't download and run nsis installation package.
Checked using:
Norton Antivirus 2006.
Symantec Antivirus 10.0 Corporate Edition.
Developers, please do something with that idiots in symantec

Nsis is a Great job, btw

Joel · 2nd July 2006, 00:42

Well, so you know is a false positive...don't need to be alarm.

Have a nice day

Brummelchen · 2nd July 2006, 01:17

/ot
>> Developers, please do something with that idiots in symantec

rough words - forum, ban these (...) Symantec consumers.

Symatec products always suck - and they suck ev'time a bit more.

I never had a postive false with NOD, but i see lots with Symantec, McAfee, KAV, and some more.

and one more - symantec has a deal with microsoft that some nice tweaking and modifier tools where treaten as virus/trojans/aso.

kookh · 2nd July 2006, 03:10

well I am sure it is a false positive... but people using my installer are reporting Trojan.Zlob found with Norton Antivirus. I can't have that, can anyone do anything about this? or tell me what needs to be done to avoid it?

kichik · 2nd July 2006, 04:23

Make sure they're using the latest definitions, because this has, as far as I know, already been fixed.
If it hasn't been fixed, report this to Symantec and give them my e-mail for more details (kichik@users.sf.net).
Rebuild your installer with another version, such as the newly released 2.18.

kookh · 2nd July 2006, 04:51

Thank you, I'll follow steps 1 and 3 for now.

Brummelchen · 2nd July 2006, 11:42

>> such as the newly released 2.18

And again i miss the News for that...

tigereye · 2nd July 2006, 14:10

Kichik,

I can second intelworker's issue. SAV 10 corporate with 7/1/06 v8 defs, which are latest as of right now (10:00 AM EST). I'll email Symantec, and give them your info, as I've got over multiple packages deployed to 70,000 users that can't be updated on the fly. ;-)

Thanks for the help.

Mike

Afrow UK · 2nd July 2006, 14:30

Updated the false positives page.

-Stu

Joel · 2nd July 2006, 14:38

I think there should be a sticky about false positives

Afrow UK · 2nd July 2006, 17:10

Good idea. I'll see what I can do.

Edit: I'll let Kichik create an announcement post as he knows best

-Stu

kookh · 3rd July 2006, 11:28

Does 2.18 cause the same problem ?

Comperio · 3rd July 2006, 23:20

I had quite a few of my installs wiped out by this latest problem with Symantec.

So far, however, rebuilding them in NSIS version 2.18 seems to have worked. (Using a different compression algorithm may also work, although I've found nothing concrete to support this claim.)

dhalsim2 · 3rd July 2006, 23:32

Quote:

Does 2.18 cause the same problem ?

I just installed 2.18 to get around this problem. Didn't work.

zeeh3 · 3rd July 2006, 23:52

I have installed 2.18 and no problems at all.

dhalsim2 · 4th July 2006, 00:14

I had 2.17 installed. Got the error. Found this message thread. Read that 2.18 doesn't have the problem, then downloaded and installed 2.18 (and selected the option to remove the old version). Right after installation, my Symantec deleted lmza_solid as shown in my attached screen shot.

I uninstalled 2.18 and reinstalled it. It didn't happen the second time. Weird.

Joel · 4th July 2006, 13:51

Well...instead unistalling NSIS, you can uninstall symantec and try another AV product?

Afrow UK · 4th July 2006, 13:53

That's what I would suggest as well

kookh · 4th July 2006, 14:56

Quote:

Originally posted by Joel
Well...instead unistalling NSIS, you can uninstall symantec and try another AV product?

And what about people using my installer? What kind of trust would I be showing if I tell them to uninstall Norton/Symantec?

Comperio · 4th July 2006, 15:00

FYI:
After installing updates to Symantec (Corporate edition), the problems went away not only in my installations, but also 3rd party installations (such as the one for FileZilla and InkScape).

Just in case it's useful for anyone, here are the details on the version I was using:
Program version: 10.0.2.2000
Scan Engine: 61.1.0.11
Virus Definition File: 7/3/2006 rev.22

Yathosho · 4th July 2006, 16:23

brummelchen: if you miss new releases, you should monitor them!

dhalsim2 · 4th July 2006, 21:28

Quote:

Originally posted by Joel
Well...instead unistalling NSIS, you can uninstall symantec and try another AV product?

I don't use Symantec at home, but it's the standard at my company. But even if it were up to me, I can't make my ~1,000,000 users switch and wouldn't want to.

Comm@nder21 · 5th July 2006, 12:03

AntiVir, also known as Free-AV found the same virus in the installer of Ubisofts "The Settlers II - Heritage of Kings" Demo installer.

Yes, they seem to use NSIS!

False Positive was corrected in recent definition updates, but i added it to the Wiki

1st July 2006, 23:28	#1
intelworker Junior Member Join Date: Jul 2006 Posts: 1	NSIS 2.17 vs Symantec = Trojan.Zlob (here we go again) Yeah, it seems symantec updated it's virus definitions again and all uninstallation files recognize like Trojan.Zlob. And now i even can't download and run nsis installation package. Checked using: Norton Antivirus 2006. Symantec Antivirus 10.0 Corporate Edition. Developers, please do something with that idiots in symantec Nsis is a Great job, btw

2nd July 2006, 00:42	#2
Joel Debian user (Forum King) Join Date: Jan 2003 Location: Arch land Posts: 4,917	Well, so you know is a false positive...don't need to be alarm. Have a nice day * PC: Intel Core 2 DUO E6550 @ 2.33 GHz with 2 GB RAM: Archlinux-i686 with MATE. * Laptop: Intel Core 2 DUO T6600 @ 2.20 GHz with 4 GB RAM: Archlinux-x86-64 with MATE.

2nd July 2006, 01:17	#3
Brummelchen Major Dude Join Date: May 2003 Posts: 681	/ot >> Developers, please do something with that idiots in symantec rough words - forum, ban these (...) Symantec consumers. Symatec products always suck - and they suck ev'time a bit more. I never had a postive false with NOD, but i see lots with Symantec, McAfee, KAV, and some more. and one more - symantec has a deal with microsoft that some nice tweaking and modifier tools where treaten as virus/trojans/aso. Greets, Brummelchen

2nd July 2006, 04:23	#5
kichik M.I.A. [NSIS Dev, Mod] Join Date: Oct 2001 Location: Israel Posts: 11,343	Make sure they're using the latest definitions, because this has, as far as I know, already been fixed. If it hasn't been fixed, report this to Symantec and give them my e-mail for more details (kichik@users.sf.net). Rebuild your installer with another version, such as the newly released 2.18. NSIS FAQ \| NSIS Home Page \| Donate $ "I hear and I forget. I see and I remember. I do and I understand." -- Confucius

2nd July 2006, 11:42	#7
Brummelchen Major Dude Join Date: May 2003 Posts: 681	>> such as the newly released 2.18 And again i miss the News for that... Greets, Brummelchen

2nd July 2006, 03:10	#4
kookh Junior Member Join Date: Apr 2006 Posts: 37	well I am sure it is a false positive... but people using my installer are reporting Trojan.Zlob found with Norton Antivirus. I can't have that, can anyone do anything about this? or tell me what needs to be done to avoid it?

2nd July 2006, 04:51	#6
kookh Junior Member Join Date: Apr 2006 Posts: 37	Thank you, I'll follow steps 1 and 3 for now.

2nd July 2006, 14:10	#8
tigereye Junior Member Join Date: Oct 2002 Posts: 6	Kichik, I can second intelworker's issue. SAV 10 corporate with 7/1/06 v8 defs, which are latest as of right now (10:00 AM EST). I'll email Symantec, and give them your info, as I've got over multiple packages deployed to 70,000 users that can't be updated on the fly. ;-) Thanks for the help. Mike

2nd July 2006, 14:30	#9
Afrow UK Moderator Join Date: Nov 2002 Location: Surrey, England Posts: 8,434	Updated the false positives page. -Stu

2nd July 2006, 14:38	#10
Joel Debian user (Forum King) Join Date: Jan 2003 Location: Arch land Posts: 4,917	I think there should be a sticky about false positives * PC: Intel Core 2 DUO E6550 @ 2.33 GHz with 2 GB RAM: Archlinux-i686 with MATE. * Laptop: Intel Core 2 DUO T6600 @ 2.20 GHz with 4 GB RAM: Archlinux-x86-64 with MATE.

2nd July 2006, 17:10	#11
Afrow UK Moderator Join Date: Nov 2002 Location: Surrey, England Posts: 8,434	Good idea. I'll see what I can do. Edit: I'll let Kichik create an announcement post as he knows best -Stu

3rd July 2006, 11:28	#12
kookh Junior Member Join Date: Apr 2006 Posts: 37	Does 2.18 cause the same problem ?

3rd July 2006, 23:20	#13
Comperio Major Dude Join Date: Jan 2005 Location: Oregon Coast Posts: 737	I had quite a few of my installs wiped out by this latest problem with Symantec. So far, however, rebuilding them in NSIS version 2.18 seems to have worked. (Using a different compression algorithm may also work, although I've found nothing concrete to support this claim.)

3rd July 2006, 23:52	#15
zeeh3 Senior Member Join Date: Aug 2005 Posts: 121	I have installed 2.18 and no problems at all.

4th July 2006, 13:51	#17
Joel Debian user (Forum King) Join Date: Jan 2003 Location: Arch land Posts: 4,917	Well...instead unistalling NSIS, you can uninstall symantec and try another AV product? * PC: Intel Core 2 DUO E6550 @ 2.33 GHz with 2 GB RAM: Archlinux-i686 with MATE. * Laptop: Intel Core 2 DUO T6600 @ 2.20 GHz with 4 GB RAM: Archlinux-x86-64 with MATE.

4th July 2006, 13:53	#18
Afrow UK Moderator Join Date: Nov 2002 Location: Surrey, England Posts: 8,434	That's what I would suggest as well

4th July 2006, 15:00	#20
Comperio Major Dude Join Date: Jan 2005 Location: Oregon Coast Posts: 737	FYI: After installing updates to Symantec (Corporate edition), the problems went away not only in my installations, but also 3rd party installations (such as the one for FileZilla and InkScape). Just in case it's useful for anyone, here are the details on the version I was using: Program version: 10.0.2.2000 Scan Engine: 61.1.0.11 Virus Definition File: 7/3/2006 rev.22

4th July 2006, 16:23	#21
Yathosho Forum King Join Date: Jan 2002 Location: AT-DE Posts: 3,366	brummelchen: if you miss new releases, you should monitor them! NSIS IDE for Atom \| NSIS for Visual Studio Code \| NSIS for Sublime Text \| NSIS.docset

5th July 2006, 12:03	#23
Comm@nder21 Major Dude Join Date: Jul 2003 Location: germany, b-w Posts: 734	AntiVir, also known as Free-AV found the same virus in the installer of Ubisofts "The Settlers II - Heritage of Kings" Demo installer. Yes, they seem to use NSIS! False Positive was corrected in recent definition updates, but i added it to the Wiki hand by comm@nder21 ---------- WiKi pages:CreateInternetShortcut\|Enhanced FindWindow\|Parse CSV-Data\|Open/Close CD-Drive\|Installer without Icon\|Vista application compatibility

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode