Ztree is a malware site?

Discussion in 'Spyware' started by Han, Jun 16, 2011.

  1. Han

    Han Guest

    Avira warned me that <http://www.zedtek.com/download/ztw22x86.exe> would be
    accessing a malware site. zedtek.com itself didn't get flagged. Is Ztree
    malware? It seemed nice to have a modern tool similar to the old Xtree
    program, but I don't need malware ...
     
    Han, Jun 16, 2011
    #1
    1. Advertisements


  2. Hi Han:

    It is most likely a False Positive declaration. The executable is digitally signed with 0
    hits on Virus Total.

    While I have not heard of them, zedtek.com has been around since 1998.
     
    David H. Lipman, Jun 16, 2011
    #2
    1. Advertisements

  3. From: "David H. Lipman" <DLipman~nospam~@Verizon.Net>

    ADDENDUM:

    Analysis of the installer does not show malicious activity.
     
    David H. Lipman, Jun 16, 2011
    #3
  4. Han

    Han Guest

    Thanks, David!!
     
    Han, Jun 16, 2011
    #4
  5. All the best Han :)
     
    David H. Lipman, Jun 16, 2011
    #5
  6. Han

    Han Guest

    I forgot all about how to use it. Steeper learning curve than I thought.
    If all one wants is to search for file or folder names, "Search
    Everything" can't be beat ...
     
    Han, Jun 16, 2011
    #6
  7. Han

    VanguardLH Guest

    So are you talking about Avast's Web Shield issuing an alert? If so,
    does that site permit 3rd party content on their site? Do links go
    through some "selector", especially an offsite redirector, rather than
    provide a direct link to the content? I didn't notice (visually, not by
    HTML inspection) this stuff at http://www.ztree.com/html/download.htm
    (would've been nice if you gave the web page where is the link you
    gave).

    Did the warning about "accessing a malware site" come when you visited
    the download page, when you clicked on the link for the file, during the
    download of the file, or after you tried running the file from a local
    copy deposited on your host after the download completed?

    I downloaded (but did not run) the ztw22x86.exe file. No alert from
    Avast (Web Shield or File Shield). I don't want the product so I didn't
    run the installer. You never mentioned running the installer so
    presumably just downloading the file cause the alert for you. I didn't
    get one. I right-clicked on the file and scanned again. No alert.

    I have Avast Free 6.0.1125 installed. You never mentioned which version
    you have and if free or paid version. For me, signatures were updated
    6/16/2011 @ 3:16:05AM, version 110616-0. You didn't mention when was
    your last signature update. It's also possible you have your instance
    of Avast configured to be more aggressive than mine.

    Submitting the .exe file to VirusTotal. Got 1 hit: VBA32
    (Trojan.SB.0505). Haven't a clue what is VBA32. After 5 minutes of
    drilling around their site looking for a list of AV vendors, I gave up
    and did a Google Search. Never heard of VirusBlokAda before today
    (http://en.wikipedia.org/wiki/Vba32_AntiVirus). With the preponderance
    of well-known AV products not triggering on this file, it doesn't look
    infected (using only signatures for detection).
     
    VanguardLH, Jun 16, 2011
    #7
  8. Han

    Han Guest

    I do NOT have Avast, I have Avira Premium (paid), fully up to date. I
    did give the full link to the file
    <http://www.zedtek.com/download/ztw22x86.exe>, obviously on
    www.zedtek.com.

    To me it seemed indeed a false positive malware alert, since the
    downloaded file did not give an alert, and having installed Ztree, it
    didn't result in anything bad that I know off.

    Thanks for your concern!
     
    Han, Jun 17, 2011
    #8
  9. Han

    VanguardLH Guest

    Ooops. But, as I recall, the payware version of Avira includes its Web
    Guard (same thing as Web Shield that comes in the free version of
    Avast).
     
    VanguardLH, Jun 17, 2011
    #9
  10. Han

    Han Guest

    Yes, and for some reason it now flags downloads of exe files. SO I have to
    turn the guard off and then back on again, or enter all the "exceptions".
    Never happened before, but it happened again today with an updated version
    of Roboform.
     
    Han, Jun 17, 2011
    #10
  11. Han

    VanguardLH Guest

    Guess I'd start by asking over in the Avira forums (forum.avira.com).
    Could be a new "feature" was added and enabled by default and you'll
    have to disable the new option. Avast used to have a Behavior Shield
    that was passive (used to report behavior to Avast) but when they made
    it active it started causing problems and some users had to change its
    settings (which weren't there before when it was passive).
     
    VanguardLH, Jun 17, 2011
    #11
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.