NOD32 v3 blocked ZoneAlarm as malware

Discussion in 'ESET NOD32 Antivirus' started by DERV, May 6, 2008.

Thread Status:
Not open for further replies.
  1. DERV

    DERV Registered Member

    Joined:
    Aug 6, 2006
    Posts:
    35
    Location:
    England
    Hi guys,

    I'm back from being Linux-only and have updated to NOD32 v3. Although I have a solid SPI hardware firewall I decided to add a software firewall to my newly-installed XP Pro box simply because it's easier to control outgoing applications/connections that way.

    I downloaded ZoneAlarm personal/free edition and when I launched the .exe noticed it was simply a download app to grab the "real" install file. NOD32 blocked and deleted it. So I temporarily disabled NOD32 and downloaded the file to the desktop, then re-enabled NOD32.

    Again NOD32 blocked the install citing ad-ware installer. I allowed it thorugh (declining the offer of an anti-spyware toolbar addon) and re-enabled NOD32 again. After a reboot NOD is still throwing up "deleted" showing that the original install file was found by NOD32 in the recycle bin and eliminated.

    Here's the log file:

    I've set up NOD32 using Blackspear's XML file if that's any help. Is this a false alarm, or is something up? I have a 'clean' hdd image backed up on a spare partition from yesterday, with all SP2 and my main apps installed/activated etc just in case.

    Thanks in advance.

    Lee
     
  2. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Without being in the position at this time to download the file and check the latest, all I can offer is that months back Checkpoint\ZoneAlarm offered the Spyblocker and\or Ask Searchbar toolbar as part of the installation. It was this toolbar that AV programs were reporting.

    ZoneAlarm toolbar bundle raises a ruckus

    Bubba
     
  3. DooGie

    DooGie Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    112
    This also happens with some builds of Nero. The bundled Ask searchbar always raises a big holler from nod32.
    Quite rightly so.
     
  4. OnlyFridays

    OnlyFridays Registered Member

    Joined:
    May 6, 2008
    Posts:
    1
    Hi There,

    I also have this problem with ZoneAlarm free v7.0.473 (after trying to download the file a few times and finally it dawned on me to check the Nod32 logs), although I am using Nod32 v2.7


    Just a add some more things that I tried:

    I downloaded the full Zonealarm Security Suite trial version and that installed OK - so I guess it doesnt include the Toolbar ?? However, I dont want the Zonealarm Security Suite because it contains a whole lot of other antispyware/antispam crap that I dont want on my system. I am just after the simple, free Zonealarm firewall

    I downloaded an older version of Zonealarm Free v.7.0.408 from
    http://download.zonelabs.com/bin/free/information/znalm/zaReleaseHistory.html
    This installs and works fine - so I guess the Toolbar was added sometime after version 7.0.408 (September 12, 2007)

    Based on the ZD blog article from Bubba it seems that versions 7.0.462.000 (December 14, 2007) and onwards are the culprits


    Nod32 Threat Log:
    "04/05/2008 13:21:15 PM IMON self-extracting archive ht tp://download.zonealarm.com/bin/free/1023_zl/zlsSetup_70_473_000_en.exe a variant of Win32/AdInstaller application Connection terminated"

    I realise this is more a Zonealarm problem, but I just though I would add it here in case someone had discovered a workaround in getting it to install successfully without Nod32 deleting it
     
    Last edited by a moderator: May 6, 2008
  5. DERV

    DERV Registered Member

    Joined:
    Aug 6, 2006
    Posts:
    35
    Location:
    England
    Thanks for the replies folks :) As I said in my OP, ZA did offer to install a toolbar (anti-spyware) but I declined. I'm guessing the .exe unpacked the toolbar installer as it installed the firewall and NOD picked that up. Good catch anyways :)

    Thanks for your time.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.