Zemana AntiMalware and WinRAR archive scans

Discussion in 'other anti-malware software' started by nameless, Jul 12, 2017.

  1. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,194
    I use Windows Defender and am running Zemana AntiMalware Premium on a trial. i'd like to be able to scan archives by invoking WD from WinRAR. The problem is that ZAM interferes with this.

    When WinRAR performs an archive scan, it creates a batch file in the system temporary directory. The batch file is created in a subdirectory. Both the subdir and the BAT file have variable names. For example, given C:\Temp as the system temp directory, a BAT file created by WinRAR might be:

    C:\Temp\Rar$VR0.463\Rar$Scan1939.bat

    Given that the path and file name are variably named, I see no way to exclude them from ZAM. Given that ZAM blocks every BAT created by WinRAR, this seems to mean I have no options other than:

    1. Don't scan from WinRAR.
    2. Disable ZAM real-time protection, or remove ZAM completely.
    3. Exclude the entire temporary directory.

    Am I missing something?

    I've exchanged quite a few emails with Zemana support, but I'm really frustrated, because they don't seem to even read what I send. I've sent screenshots and a video (!) and we're just not on the same page.
     
  2. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    6,062
    An alternate option is to use HaoZip instead of WinRAR, as it automatically scans the files in any archive you open, with Avira, Qihoo 360 and Tencent.
    It is free, and has been translated to English.
    http://haozip.ru/en/index.html
     
  3. IvoShoen

    IvoShoen Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    628
    Yes, but 360 Total Security finds that haozip_v5.9.3.exe contains malware when it's downloaded.
     
  4. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    6,062
    Don't worry, it's a false positive, related to the installer being used. I just scanned every exe file in the HaoZip folder in C:\Program Files, at VirusTotal and they are all clean.
     
  5. IvoShoen

    IvoShoen Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    628
    I still don't trust it. Zemana AntiMalware also finds a browser hijack in the files. It's not from the official site, but from Russia. No thanks!
     
  6. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    6,062
    It most definitely is safe to use. I just scanned the installer and the HaoZip folder in Program Files with Zemana and HitmanPro and they both detected nothing. I've been using Russian versions of HaoZip for some time now, as well as the original version.
     
  7. KevinYu0504

    KevinYu0504 Registered Member

    Joined:
    Mar 10, 2017
    Posts:
    31
    Location:
    Taiwan
    http://haozip.ru/en/index.html

    This website had also blocked by Emsisoft ,
    and note it " Malware site " .
     
    Last edited by a moderator: Jul 13, 2017
  8. IvoShoen

    IvoShoen Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    628
    Haozip1.jpg
     
  9. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    710
    Location:
    Baden Germany
    QmScan.dll belongs to Tencent.
    ZAM flags everything Tencent, whether it's malicious, or not.
     
  10. Hiltihome

    Hiltihome Registered Member

    Joined:
    Jul 5, 2013
    Posts:
    710
    Location:
    Baden Germany
    Recently there was a discussion, in another thread, that WinRAR keeps the attribute "from internet", while 7-zip does not.
    How does haozip?
    Where is the related thread?
     
  11. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    6,062
    Okay, that file is installed in the AppData folder and I only scanned the HaoZip folder in Program Files. It is used to scan files for malware with Tencent, and as @Hiltihome stated, Zemana detects anything related to Tencent.

    I scanned the file at VirusTotal and with HitmanPro, and ZAM is the only program which detects it. So, I will say once again, that HaoZip is safe to use, and 62 different malware scanners confirm this.
     
  12. IvoShoen

    IvoShoen Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    628
    Stay away from HaoZip. The installer is malware according to VirusTotal.

    ~ Removed VirusTotal Results Image as per Policy ~
     
    Last edited by a moderator: Jul 14, 2017
  13. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    6,062
    Actually, as I keep posting, it is most definitely not malware. To prove my point, I just scanned every file in the C:\Program Files\HaoZip folder and the HaoZip folder in the roaming AppData folder, at VirusTotal. Out of 65 files scanned, four files were identified as malicious by just a single scanner. This was usually Zillya, which has major issues with false positives. Another file was detected by three scanners. Baidu detected it as Trojan.WisdomEyes, which is a false positive and it has been detecting many clean files as this during the last few months. It was also detected by the heuristics of Trend and Endgame, both of which have overly sensitive heuristics. The remaining 61 files were not flagged by any scanners.
     
  14. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,725
  15. IvoShoen

    IvoShoen Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    628
    VirusTotal shows that AVG, Avast, Avira, McAfee, Trend Micro, Symantic and others all say that HaoZip is Malware. Certainly these top av's can't all be wrong.

    ~ Removed VirusTotal Results as per Policy ~
     
    Last edited by a moderator: Jul 14, 2017
  16. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,725
    The installer may have bundled something. According to @roger_m, the program files are clean.

    Anyhow, can we please get back on topic?
     
  17. IvoShoen

    IvoShoen Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    628
    Agreed :thumb:
     
  18. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    486
    It shouldn't be. But it is possible.

    You only need one trusted and reputable company (for example Symantec or Kaspersky) to incorrectly classify a file as malware(or pup), and other vendors will simply copy that detection without doing any proper analysis.
    I'm not saying that is what happened here but it is something people should consider

    There are so many malware being discovered every day that they need to rely on each other in other to classify them all.
     
Loading...