Nullsoft Scriptable Install System false positive

khufu
edited May 2007 in Malware talk

Nullsoft Scriptable Install System version 2.27 is detected as Trojan.Downloader.Zlob.ZS.


I have scanned files at virustotal.com and Bd is the only Av that detected this file as infected.


password: infected

/applications/core/interface/file/attachment.php?id=106" data-fileid="106" rel="">nsis_2.27_setup.zip

Comments

  • Detection has been fixed. Thanks!

  • Why would NSIS be detected by BitDefender as Zlob, unless BitDefender had added only a signature for the NSIS packed version of Zlob and not for the unpacked version?

  • AndreiASM
    edited May 2007

    The detection could have been wrong even because of some sequences of bytes inside the code/data of the program, which could have triggered the false alarm. I have found a simple "Hello world program!" written in assembler, which was detected as Trojan.Injecter because of the string "iczelion" inside the program (althogh the program was only 9 instructions long...). It's a very good ideea this forum because this kind of bugs can be posted and they are solved very quick by the programmers at BitDefender. Congratulations again, BitDefender team!