Reaper Grimm
Register | User Profile | Member List | F.A.Q | Privacy Policy | New Blog | Search Forums | Forums Home
Doomworld Forums : Powered by vBulletin version 2.2.5 Doomworld Forums > Classic Doom > Source Ports > ZDaemon a virus? [false positive]
 
Author
All times are GMT. The time now is 16:55. Post New Thread    Post A Reply
mammajamma
Junior Member


Posts: 212
Registered: 08-09
So after a few months of Skulltag, I decided to try out ZDaemon because I heard the deathmatch scene was more active there. I download the port (version 1.08.08, the one on the frontpage), and lo and behold, my anti-virus deletes it:

code:

http://www.zdaemon.org/download/zda...8_win32_bin.zip
probably unknown NewHeur_PE virus	
connection terminated - quarantined	
Threat was detected upon access to web by the application: C:\Program Files\Mozilla Firefox\firefox.exe.


This is taken from ESET 3.0.669.0, virus signature database 4501(20091012)

Could I get a link to a version that won't be construed as a virus?

v v v Thanks. v v v

Last edited by mammajamma on 10-13-09 at 02:52
Old Post 10-13-09 01:08 #
mammajamma is offline Profile || Blog || PM || Email || Search || Add Buddy IP || Edit/Delete || Quote
Catoptromancy
Forum Regular


Posts: 713
Registered: 08-06
http://www.doomworld.com/vb/doom-ge...itive-from-avg/
Old Post 10-13-09 01:21 #
Catoptromancy is offline Profile || Blog || PM || Search || Add Buddy IP || Edit/Delete || Quote
GreyGhost
a ghost... only grey


Posts: 5188
Registered: 01-08
mammajamma said:
I download the port (version 1.08.08, the one on the frontpage), and lo and behold, my anti-virus deletes it:
Check Nod32's quarantine folder - it should be in there.

I'm using ESET Smart Security 3.0.621.0 with the same virus signature database, which fortunately didn't automatically quarantine the download but reported zslupdt.exe as a probably unknown NewHeur_PE virus* when I scanned the zip file. I've submitted it to ESET for closer examination, with any luck they'll modify the database so it won't be picked up as a false positive. If Nod32 will allow you to restore the file from quarantine - open it in your favourite archive manager and delete zslupdt.exe, with any luck you won't need it.

* Probably the virus scanner's internal name for unknown-but-potentially-malicious files.
Old Post 10-13-09 12:52 #
GreyGhost is offline Profile || Blog || PM || Email || Search || Add Buddy IP || Edit/Delete || Quote
EarthQuake
9.5 on the Richter!


Posts: 2710
Registered: 05-03
All that program does is download updates to ZSL (the server launcher) if a newer version is available (hence the false positive). It's not required unless you intend to run your own servers, and intend to use the update feature within the program. You can safely delete it.
Old Post 10-13-09 19:33 #
EarthQuake is offline Profile || Blog || PM || Email || Homepage || Search || Add Buddy IP || Edit/Delete || Quote
mammajamma
Junior Member


Posts: 212
Registered: 08-09
Thanks for the advice, guys. I just simply used the installer. Why does ZDaemon even have an installer?
Old Post 10-14-09 08:32 #
mammajamma is offline Profile || Blog || PM || Email || Search || Add Buddy IP || Edit/Delete || Quote
Graf Zahl
Why don't I have a custom title by now?!


Posts: 6962
Registered: 01-03
mammajamma said:
Why does ZDaemon even have an installer?



Because most Windows users would be hopelessly lost without one. Sad but true.
Old Post 10-14-09 09:44 #
Graf Zahl is offline Profile || Blog || PM || Email || Search || Add Buddy IP || Edit/Delete || Quote
mammajamma
Junior Member


Posts: 212
Registered: 08-09
e: deleted due to whiny emo midnight post

Last edited by mammajamma on 10-15-09 at 19:25
Old Post 10-15-09 05:53 #
mammajamma is offline Profile || Blog || PM || Email || Search || Add Buddy IP || Edit/Delete || Quote
EarthQuake
9.5 on the Richter!


Posts: 2710
Registered: 05-03
It's already been verified as a false positive. It happens to benevolent programs occasionally, big whoop. Also there is a zip download in case you don't want to use the installation program. So what are you still crying about?
Old Post 10-15-09 06:13 #
EarthQuake is offline Profile || Blog || PM || Email || Homepage || Search || Add Buddy IP || Edit/Delete || Quote
mammajamma
Junior Member


Posts: 212
Registered: 08-09
I downloaded the zipped version at first, but it gave me the false positive, so I used the installer. Also that tangent was posted very late at night. Looking at it, it was very immature, and I'm sorry for that. So I should just get the new ESET virus database and just leave it at that?
Old Post 10-15-09 19:24 #
mammajamma is offline Profile || Blog || PM || Email || Search || Add Buddy IP || Edit/Delete || Quote
GreyGhost
a ghost... only grey


Posts: 5188
Registered: 01-08
Don't know how long it takes them to remove false positives - zslupdt.exe is still being reported as an unidentified threat and might well have been last year when I downloaded ZDaemon 1.08.07.
Old Post 10-16-09 07:04 #
GreyGhost is offline Profile || Blog || PM || Email || Search || Add Buddy IP || Edit/Delete || Quote
myk
webbed digits


Posts: 14316
Registered: 04-02
GreyGhost said:
Don't know how long it takes them to remove false positives
I doubt they do anything in regard to non-commercial fan-made apps.
Old Post 10-16-09 08:22 #
myk is offline Profile || Blog || PM || Email || Homepage || Search || Add Buddy IP || Edit/Delete || Quote
GreyGhost
a ghost... only grey


Posts: 5188
Registered: 01-08
Point taken - though if I manage to persuade the entire ZDaemon community to switch to ESET antivirus products the spike in false-positive reports could force a change. Could also make a tidy sum by way of finders fees. ;-)
Old Post 10-17-09 05:35 #
GreyGhost is offline Profile || Blog || PM || Email || Search || Add Buddy IP || Edit/Delete || Quote
Graf Zahl
Why don't I have a custom title by now?!


Posts: 6962
Registered: 01-03
myk said:
I doubt they do anything in regard to non-commercial fan-made apps.



Even that will cost them customers if the word spreads. No self-respecting AV developer should be that lazy. If I was using an AV tool and got information that the developer doesn't care about a proper database I'd have to assume they'd be sloppy in both directions and I'd change to a different tool.

Continuing to use this program is - to be blunt - stupid.
Old Post 10-17-09 07:26 #
Graf Zahl is offline Profile || Blog || PM || Email || Search || Add Buddy IP || Edit/Delete || Quote
mammajamma
Junior Member


Posts: 212
Registered: 08-09
Graf Zahl said:

Even that will cost them customers if the word spreads. No self-respecting AV developer should be that lazy. If I was using an AV tool and got information that the developer doesn't care about a proper database I'd have to assume they'd be sloppy in both directions and I'd change to a different tool.

Continuing to use this program is - to be blunt - stupid.


Is there an AV you'd recommend? Preferably free.
Old Post 10-17-09 18:55 #
mammajamma is offline Profile || Blog || PM || Email || Search || Add Buddy IP || Edit/Delete || Quote
All times are GMT. The time now is 16:55. Post New Thread    Post A Reply
 
Doomworld Forums : Powered by vBulletin version 2.2.5 Doomworld Forums > Classic Doom > Source Ports > ZDaemon a virus? [false positive]

Show Printable Version | Email this Page | Subscribe to this Thread

 

Forum Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts 		HTML code is OFF
vB code is ON
Smilies are OFF
[IMG] code is ON
 

< Contact Us - Doomworld >

Powered by: vBulletin Version 2.2.5
Copyright ©2000, 2001, Jelsoft Enterprises Limited.

Forums Directory