Go Back   Winamp Forums > Developer Center > NSIS Discussion

Closed Thread
Thread Tools Search this Thread Display Modes
Old 1st July 2006, 23:28   #1
intelworker
Junior Member
 
Join Date: Jul 2006
Posts: 1
Angry NSIS 2.17 vs Symantec = Trojan.Zlob (here we go again)

Yeah, it seems symantec updated it's virus definitions again and all uninstallation files recognize like Trojan.Zlob. And now i even can't download and run nsis installation package.
Checked using:
Norton Antivirus 2006.
Symantec Antivirus 10.0 Corporate Edition.
Developers, please do something with that idiots in symantec
Nsis is a Great job, btw
intelworker is offline  
Old 2nd July 2006, 00:42   #2
Joel
Debian user
(Forum King)
 
Joel's Avatar
 
Join Date: Jan 2003
Location: Arch land
Posts: 4,904
Well, so you know is a false positive...don't need to be alarm.

Have a nice day


* PC: Intel Core 2 DUO E6550 @ 2.33 GHz with 2 GB RAM: Archlinux-i686 with xfce4.
* Laptop: Intel Core 2 DUO T6600 @ 2.20 GHz with 4 GB RAM: Archlinux-x86-64 with xfce4.
Joel is offline  
Old 2nd July 2006, 01:17   #3
Brummelchen
Major Dude
 
Join Date: May 2003
Posts: 679
/ot
>> Developers, please do something with that idiots in symantec

rough words - forum, ban these (...) Symantec consumers.

Symatec products always suck - and they suck ev'time a bit more.

I never had a postive false with NOD, but i see lots with Symantec, McAfee, KAV, and some more.

and one more - symantec has a deal with microsoft that some nice tweaking and modifier tools where treaten as virus/trojans/aso.

Greets, Brummelchen
Brummelchen is offline  
Old 2nd July 2006, 03:10   #4
kookh
Junior Member
 
Join Date: Apr 2006
Posts: 37
well I am sure it is a false positive... but people using my installer are reporting Trojan.Zlob found with Norton Antivirus. I can't have that, can anyone do anything about this? or tell me what needs to be done to avoid it?
kookh is offline  
Old 2nd July 2006, 04:23   #5
kichik
M.I.A.
[NSIS Dev, Mod]
 
kichik's Avatar
 
Join Date: Oct 2001
Location: Israel
Posts: 11,342
  • Make sure they're using the latest definitions, because this has, as far as I know, already been fixed.
  • If it hasn't been fixed, report this to Symantec and give them my e-mail for more details (kichik@users.sf.net).
  • Rebuild your installer with another version, such as the newly released 2.18.

NSIS FAQ | NSIS Home Page | Donate $
"I hear and I forget. I see and I remember. I do and I understand." -- Confucius
kichik is offline  
Old 2nd July 2006, 04:51   #6
kookh
Junior Member
 
Join Date: Apr 2006
Posts: 37
Thank you, I'll follow steps 1 and 3 for now.
kookh is offline  
Old 2nd July 2006, 11:42   #7
Brummelchen
Major Dude
 
Join Date: May 2003
Posts: 679
>> such as the newly released 2.18

And again i miss the News for that...

Greets, Brummelchen
Brummelchen is offline  
Old 2nd July 2006, 14:10   #8
tigereye
Junior Member
 
Join Date: Oct 2002
Posts: 6
Kichik,

I can second intelworker's issue. SAV 10 corporate with 7/1/06 v8 defs, which are latest as of right now (10:00 AM EST). I'll email Symantec, and give them your info, as I've got over multiple packages deployed to 70,000 users that can't be updated on the fly. ;-)

Thanks for the help.

Mike
tigereye is offline  
Old 2nd July 2006, 14:30   #9
Afrow UK
Moderator
 
Afrow UK's Avatar
 
Join Date: Nov 2002
Location: Surrey, England
Posts: 8,338
Updated the false positives page.

-Stu
Afrow UK is offline  
Old 2nd July 2006, 14:38   #10
Joel
Debian user
(Forum King)
 
Joel's Avatar
 
Join Date: Jan 2003
Location: Arch land
Posts: 4,904
I think there should be a sticky about false positives


* PC: Intel Core 2 DUO E6550 @ 2.33 GHz with 2 GB RAM: Archlinux-i686 with xfce4.
* Laptop: Intel Core 2 DUO T6600 @ 2.20 GHz with 4 GB RAM: Archlinux-x86-64 with xfce4.
Joel is offline  
Old 2nd July 2006, 17:10   #11
Afrow UK
Moderator
 
Afrow UK's Avatar
 
Join Date: Nov 2002
Location: Surrey, England
Posts: 8,338
Good idea. I'll see what I can do.

Edit: I'll let Kichik create an announcement post as he knows best

-Stu
Afrow UK is offline  
Old 3rd July 2006, 11:28   #12
kookh
Junior Member
 
Join Date: Apr 2006
Posts: 37
Does 2.18 cause the same problem ?
kookh is offline  
Old 3rd July 2006, 23:20   #13
Comperio
Major Dude
 
Comperio's Avatar
 
Join Date: Jan 2005
Location: Oregon Coast
Posts: 737
I had quite a few of my installs wiped out by this latest problem with Symantec.

So far, however, rebuilding them in NSIS version 2.18 seems to have worked. (Using a different compression algorithm may also work, although I've found nothing concrete to support this claim.)
Comperio is offline  
Old 3rd July 2006, 23:32   #14
dhalsim2
Junior Member
 
Join Date: Jul 2006
Posts: 4
Thumbs down

Quote:
Does 2.18 cause the same problem ?
I just installed 2.18 to get around this problem. Didn't work.
dhalsim2 is offline  
Old 3rd July 2006, 23:52   #15
zeeh3
Senior Member
 
Join Date: Aug 2005
Location: Brazil
Posts: 121
I have installed 2.18 and no problems at all.
zeeh3 is offline  
Old 4th July 2006, 00:14   #16
dhalsim2
Junior Member
 
Join Date: Jul 2006
Posts: 4
I had 2.17 installed. Got the error. Found this message thread. Read that 2.18 doesn't have the problem, then downloaded and installed 2.18 (and selected the option to remove the old version). Right after installation, my Symantec deleted lmza_solid as shown in my attached screen shot.

I uninstalled 2.18 and reinstalled it. It didn't happen the second time. Weird.
Attached Images
File Type: gif threat history.gif (14.0 KB, 1298 views)
dhalsim2 is offline  
Old 4th July 2006, 13:51   #17
Joel
Debian user
(Forum King)
 
Joel's Avatar
 
Join Date: Jan 2003
Location: Arch land
Posts: 4,904
Well...instead unistalling NSIS, you can uninstall symantec and try another AV product?


* PC: Intel Core 2 DUO E6550 @ 2.33 GHz with 2 GB RAM: Archlinux-i686 with xfce4.
* Laptop: Intel Core 2 DUO T6600 @ 2.20 GHz with 4 GB RAM: Archlinux-x86-64 with xfce4.
Joel is offline  
Old 4th July 2006, 13:53   #18
Afrow UK
Moderator
 
Afrow UK's Avatar
 
Join Date: Nov 2002
Location: Surrey, England
Posts: 8,338
That's what I would suggest as well
Afrow UK is offline  
Old 4th July 2006, 14:56   #19
kookh
Junior Member
 
Join Date: Apr 2006
Posts: 37
Quote:
Originally posted by Joel
Well...instead unistalling NSIS, you can uninstall symantec and try another AV product?
And what about people using my installer? What kind of trust would I be showing if I tell them to uninstall Norton/Symantec?
kookh is offline  
Old 4th July 2006, 15:00   #20
Comperio
Major Dude
 
Comperio's Avatar
 
Join Date: Jan 2005
Location: Oregon Coast
Posts: 737
FYI:
After installing updates to Symantec (Corporate edition), the problems went away not only in my installations, but also 3rd party installations (such as the one for FileZilla and InkScape).

Just in case it's useful for anyone, here are the details on the version I was using:
Program version: 10.0.2.2000
Scan Engine: 61.1.0.11
Virus Definition File: 7/3/2006 rev.22
Comperio is offline  
Old 4th July 2006, 16:23   #21
Yathosho
Forum King
 
Yathosho's Avatar
 
Join Date: Jan 2002
Location: AT-DE
Posts: 3,270
Send a message via ICQ to Yathosho
brummelchen: if you miss new releases, you should monitor them!
Yathosho is offline  
Old 4th July 2006, 21:28   #22
dhalsim2
Junior Member
 
Join Date: Jul 2006
Posts: 4
Quote:
Originally posted by Joel
Well...instead unistalling NSIS, you can uninstall symantec and try another AV product?
I don't use Symantec at home, but it's the standard at my company. But even if it were up to me, I can't make my ~1,000,000 users switch and wouldn't want to.
dhalsim2 is offline  
Old 5th July 2006, 12:03   #23
Comm@nder21
Major Dude
 
Join Date: Jul 2003
Location: germany, b-w
Posts: 734
Send a message via ICQ to Comm@nder21
AntiVir, also known as Free-AV found the same virus in the installer of Ubisofts "The Settlers II - Heritage of Kings" Demo installer.

Yes, they seem to use NSIS!

False Positive was corrected in recent definition updates, but i added it to the Wiki
Comm@nder21 is offline  
Closed Thread
Go Back   Winamp Forums > Developer Center > NSIS Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump