mammajamma Posted October 13, 2009 So after a few months of Skulltag, I decided to try out ZDaemon because I heard the deathmatch scene was more active there. I download the port (version 1.08.08, the one on the frontpage), and lo and behold, my anti-virus deletes it: http://www.zdaemon.org/download/zdaemon10808_win32_bin.zip probably unknown NewHeur_PE virus connection terminated - quarantined Threat was detected upon access to web by the application: C:\Program Files\Mozilla Firefox\firefox.exe. This is taken from ESET 3.0.669.0, virus signature database 4501(20091012) Could I get a link to a version that won't be construed as a virus? v v v Thanks. v v v 0 Share this post Link to post
Catoptromancy Posted October 13, 2009 http://www.doomworld.com/vb/doom-general/40679-zdaemon-virus-false-positive-from-avg/ 0 Share this post Link to post
GreyGhost Posted October 13, 2009 mammajamma said:I download the port (version 1.08.08, the one on the frontpage), and lo and behold, my anti-virus deletes it: Check Nod32's quarantine folder - it should be in there. I'm using ESET Smart Security 3.0.621.0 with the same virus signature database, which fortunately didn't automatically quarantine the download but reported zslupdt.exe as a probably unknown NewHeur_PE virus* when I scanned the zip file. I've submitted it to ESET for closer examination, with any luck they'll modify the database so it won't be picked up as a false positive. If Nod32 will allow you to restore the file from quarantine - open it in your favourite archive manager and delete zslupdt.exe, with any luck you won't need it. * Probably the virus scanner's internal name for unknown-but-potentially-malicious files. 0 Share this post Link to post
EarthQuake Posted October 13, 2009 All that program does is download updates to ZSL (the server launcher) if a newer version is available (hence the false positive). It's not required unless you intend to run your own servers, and intend to use the update feature within the program. You can safely delete it. 0 Share this post Link to post
mammajamma Posted October 14, 2009 Thanks for the advice, guys. I just simply used the installer. Why does ZDaemon even have an installer? 0 Share this post Link to post
Graf Zahl Posted October 14, 2009 mammajamma said:Why does ZDaemon even have an installer? Because most Windows users would be hopelessly lost without one. Sad but true. 0 Share this post Link to post
mammajamma Posted October 15, 2009 e: deleted due to whiny emo midnight post 0 Share this post Link to post
EarthQuake Posted October 15, 2009 It's already been verified as a false positive. It happens to benevolent programs occasionally, big whoop. Also there is a zip download in case you don't want to use the installation program. So what are you still crying about? 0 Share this post Link to post
mammajamma Posted October 15, 2009 I downloaded the zipped version at first, but it gave me the false positive, so I used the installer. Also that tangent was posted very late at night. Looking at it, it was very immature, and I'm sorry for that. So I should just get the new ESET virus database and just leave it at that? 0 Share this post Link to post
GreyGhost Posted October 16, 2009 Don't know how long it takes them to remove false positives - zslupdt.exe is still being reported as an unidentified threat and might well have been last year when I downloaded ZDaemon 1.08.07. 0 Share this post Link to post
myk Posted October 16, 2009 GreyGhost said: Don't know how long it takes them to remove false positives I doubt they do anything in regard to non-commercial fan-made apps. 0 Share this post Link to post
GreyGhost Posted October 17, 2009 Point taken - though if I manage to persuade the entire ZDaemon community to switch to ESET antivirus products the spike in false-positive reports could force a change. Could also make a tidy sum by way of finders fees. ;-) 0 Share this post Link to post
Graf Zahl Posted October 17, 2009 myk said:I doubt they do anything in regard to non-commercial fan-made apps. Even that will cost them customers if the word spreads. No self-respecting AV developer should be that lazy. If I was using an AV tool and got information that the developer doesn't care about a proper database I'd have to assume they'd be sloppy in both directions and I'd change to a different tool. Continuing to use this program is - to be blunt - stupid. 0 Share this post Link to post
mammajamma Posted October 17, 2009 Graf Zahl said:Even that will cost them customers if the word spreads. No self-respecting AV developer should be that lazy. If I was using an AV tool and got information that the developer doesn't care about a proper database I'd have to assume they'd be sloppy in both directions and I'd change to a different tool. Continuing to use this program is - to be blunt - stupid. Is there an AV you'd recommend? Preferably free. 0 Share this post Link to post