ZoneAlarm A/S False positive Win32.Application.Adware.WinAntiVirus

Hi,

Have ZoneAlarm Pro Antispyware.

Just downloaded antispyware definitions file 525.

It found what I believe to be a false positive:

Win32.Application.Adware.WinAntiVirus

RegistryKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Component Categories\{56FFCC30-D398-11d0-B2AE-00A0C908FA49}
RegistryKey: HKEY_CURRENT_USER\Software\Opera Software
RegistryKey: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VxD
RegistryKey: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Administrative Tools

WHY I BELIEVE IT IS A FALSE POSITIVE

I don't have WinAntiVirus installed on my computer.

1. I scanned the registry with Adaware, AVG Antispyware (ewido), and NAV. It's clean.

2. No other security software heard of this malware Win32.Application.Adware.WinAntiVirus

3. The first registry key is often misidentified as a false positive in other security products (Google for it):

RegistryKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Component Categories\{56FFCC30-D398-11d0-B2AE-00A0C908FA49}

It is actually the key for the Microsoft Office Antivirus API.

4. ZAP Antispyware found no appliaction installed on my computer - only registry keys.

Many thanks.

G.

 

Yes that's very odd, I had the same problem this morning with ZA at home, but I've choosen to remove that key because I don't like keys in my reg that doesn't match my installed software, even it is a false positive.

If that was a fp what was he doing in my reg?? And I saw that in my case these keys weren't related to Opera...

 

Hi, EsoxLucius,

I suppose that you removed this key:

RegistryKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Component Categories\{56FFCC30-D398-11d0-B2AE-00A0C908FA49}

The key that you removed is actually the key for the Microsoft Office Antivirus API.

Microsoft Office Antivirus API allows antivirus softwares (such as Norton Antivirus) to scan Microsoft Office products.

Try to open a Word document and see if you are having any trouble with your antivirus applications.

G.

 

UPDATE

Ran ZAP 6.1 Antispyware on an old laptop, Windows 98, not connected to the Internet since 2002 and nothing new installed on it since 2001.

Got the same results.

Now I am convinced it is a false positive. WinAntiVirus didn't even exist back in 2001-2.

G.

 

Just received this from Tech Support:

Hello,

Yes, we do believe that it is a false-positive. We are working on an
update that will fix this issue as soon as possible.

Regards,
Zone Labs.

 

It certainly is a fp because I've detected it on other computers to and it is the same, even on fresh installed machines.

I tried to run a document and my Bitdefender sanned the file succesfully, I also tried an infected document that I keep on a CD and was detected upon run, so the documents anti-virus scanning still works... for me