Ztree is a malware site?

Avira warned me that <http://www.zedtek.com/download/ztw22x86.exe> would be
accessing a malware site. zedtek.com itself didn't get flagged. Is Ztree
malware? It seemed nice to have a modern tool similar to the old Xtree
program, but I don't need malware ...

 

Hi Han:

It is most likely a False Positive declaration. The executable is digitally signed with 0
hits on Virus Total.

While I have not heard of them, zedtek.com has been around since 1998.

 

From: "David H. Lipman" <DLipman~nospam~@Verizon.Net>

ADDENDUM:

Analysis of the installer does not show malicious activity.

 

Thanks, David!!

 

All the best Han

 

I forgot all about how to use it. Steeper learning curve than I thought.
If all one wants is to search for file or folder names, "Search
Everything" can't be beat ...

 

So are you talking about Avast's Web Shield issuing an alert? If so,
does that site permit 3rd party content on their site? Do links go
through some "selector", especially an offsite redirector, rather than
provide a direct link to the content? I didn't notice (visually, not by
HTML inspection) this stuff at http://www.ztree.com/html/download.htm
(would've been nice if you gave the web page where is the link you
gave).

Did the warning about "accessing a malware site" come when you visited
the download page, when you clicked on the link for the file, during the
download of the file, or after you tried running the file from a local
copy deposited on your host after the download completed?

I downloaded (but did not run) the ztw22x86.exe file. No alert from
Avast (Web Shield or File Shield). I don't want the product so I didn't
run the installer. You never mentioned running the installer so
presumably just downloading the file cause the alert for you. I didn't
get one. I right-clicked on the file and scanned again. No alert.

I have Avast Free 6.0.1125 installed. You never mentioned which version
you have and if free or paid version. For me, signatures were updated
6/16/2011 @ 3:16:05AM, version 110616-0. You didn't mention when was
your last signature update. It's also possible you have your instance
of Avast configured to be more aggressive than mine.

Submitting the .exe file to VirusTotal. Got 1 hit: VBA32
(Trojan.SB.0505). Haven't a clue what is VBA32. After 5 minutes of
drilling around their site looking for a list of AV vendors, I gave up
and did a Google Search. Never heard of VirusBlokAda before today
(http://en.wikipedia.org/wiki/Vba32_AntiVirus). With the preponderance
of well-known AV products not triggering on this file, it doesn't look
infected (using only signatures for detection).

 

I do NOT have Avast, I have Avira Premium (paid), fully up to date. I
did give the full link to the file
<http://www.zedtek.com/download/ztw22x86.exe>, obviously on
www.zedtek.com.

To me it seemed indeed a false positive malware alert, since the
downloaded file did not give an alert, and having installed Ztree, it
didn't result in anything bad that I know off.

Thanks for your concern!

 

Ooops. But, as I recall, the payware version of Avira includes its Web
Guard (same thing as Web Shield that comes in the free version of
Avast).

 

Yes, and for some reason it now flags downloads of exe files. SO I have to
turn the guard off and then back on again, or enter all the "exceptions".
Never happened before, but it happened again today with an updated version
of Roboform.

 

Guess I'd start by asking over in the Avira forums (forum.avira.com).
Could be a new "feature" was added and enabled by default and you'll
have to disable the new option. Avast used to have a Behavior Shield
that was passive (used to report behavior to Avast) but when they made
it active it started causing problems and some users had to change its
settings (which weren't there before when it was passive).