ZDaemon a virus? [false positive]

So after a few months of Skulltag, I decided to try out ZDaemon because I heard the deathmatch scene was more active there. I download the port (version 1.08.08, the one on the frontpage), and lo and behold, my anti-virus deletes it:

http://www.zdaemon.org/download/zdaemon10808_win32_bin.zip
probably unknown NewHeur_PE virus	
connection terminated - quarantined	
Threat was detected upon access to web by the application: C:\Program Files\Mozilla Firefox\firefox.exe.

This is taken from ESET 3.0.669.0, virus signature database 4501(20091012)

Could I get a link to a version that won't be construed as a virus?

v v v Thanks. v v v

http://www.doomworld.com/vb/doom-general/40679-zdaemon-virus-false-positive-from-avg/

mammajamma said:

I download the port (version 1.08.08, the one on the frontpage), and lo and behold, my anti-virus deletes it:

Check Nod32's quarantine folder - it should be in there.

I'm using ESET Smart Security 3.0.621.0 with the same virus signature database, which fortunately didn't automatically quarantine the download but reported zslupdt.exe as a probably unknown NewHeur_PE virus* when I scanned the zip file. I've submitted it to ESET for closer examination, with any luck they'll modify the database so it won't be picked up as a false positive. If Nod32 will allow you to restore the file from quarantine - open it in your favourite archive manager and delete zslupdt.exe, with any luck you won't need it.

* Probably the virus scanner's internal name for unknown-but-potentially-malicious files.

All that program does is download updates to ZSL (the server launcher) if a newer version is available (hence the false positive). It's not required unless you intend to run your own servers, and intend to use the update feature within the program. You can safely delete it.

Thanks for the advice, guys. I just simply used the installer. Why does ZDaemon even have an installer?

mammajamma said:

Why does ZDaemon even have an installer?

Because most Windows users would be hopelessly lost without one. Sad but true.

e: deleted due to whiny emo midnight post

It's already been verified as a false positive. It happens to benevolent programs occasionally, big whoop. Also there is a zip download in case you don't want to use the installation program. So what are you still crying about?

I downloaded the zipped version at first, but it gave me the false positive, so I used the installer. Also that tangent was posted very late at night. Looking at it, it was very immature, and I'm sorry for that. So I should just get the new ESET virus database and just leave it at that?

Don't know how long it takes them to remove false positives - zslupdt.exe is still being reported as an unidentified threat and might well have been last year when I downloaded ZDaemon 1.08.07.

GreyGhost said:
Don't know how long it takes them to remove false positives

I doubt they do anything in regard to non-commercial fan-made apps.

Point taken - though if I manage to persuade the entire ZDaemon community to switch to ESET antivirus products the spike in false-positive reports could force a change. Could also make a tidy sum by way of finders fees. ;-)

myk said:

I doubt they do anything in regard to non-commercial fan-made apps.

Even that will cost them customers if the word spreads. No self-respecting AV developer should be that lazy. If I was using an AV tool and got information that the developer doesn't care about a proper database I'd have to assume they'd be sloppy in both directions and I'd change to a different tool.

Continuing to use this program is - to be blunt - stupid.

Graf Zahl said:

Even that will cost them customers if the word spreads. No self-respecting AV developer should be that lazy. If I was using an AV tool and got information that the developer doesn't care about a proper database I'd have to assume they'd be sloppy in both directions and I'd change to a different tool.

Continuing to use this program is - to be blunt - stupid.

Is there an AV you'd recommend? Preferably free.