Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: WIN32.ZLOB.LPS - is it a false positive with AOL VR 9?

  1. #1
    seahorizons Guest

    Default WIN32.ZLOB.LPS - is it a false positive with AOL VR 9?

    Zonealarm internet security suite has detected win32.zlab.lps.However, I have reason to think that this might be a false positive.
    The reason is that I use AOL VR9 and the "virus" is quarantined as derived from aol\acs\multiOS.dll.I have reinstalled AOL VR9 and immediately win32.zlab.lps was picked up again by ZoneAlarm.
    When I tried to start AOL I received a message saying that AOL would reload various files but to no avail.
    However, when the quarantined file was restored, AOL loaded and started.SEAHORIZONS

    Operating System:Windows Vista Home Premium
    Software Version:7.1 (Vista)
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,286

    Default Re: WIN32.ZLOB.LPS - is it a false positive with AOL VR 9?

    Hi!
    is it the antivirus or the antispyware detecting it?
    Just look into the quarantine and see if it is quarantined in the antivirus section or antispyware section.

    First I would try to upload the file to www.virustotal.com, just to check what other malware engines will say about it.

    Then if it is a detection of the spyware engine, submit the false positive here (include as much details as possible so it can be corrected faster): http://www.zonealarm.com/store/conte...are_report.jsp

    If it is a detection of the antivirus engine then e-mail to newvirus at kaspersky dot com. Subject: false positive. Attach the file in a password protected zip. Include the password in the e-mail.

    Cheers,
    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    seahorizons Guest

    Default Re: WIN32.ZLOB.LPS - is it a false positive with AOL VR 9?

    Thanks FaxIt was picked as part of a virus scan and appears in the virus quarantine.Kaspersky are saying that it is a ZA issue first!
    But I can give the email idea a go.Seahorizons

  4. #4
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,286

    Default Re: WIN32.ZLOB.LPS - is it a false positive with AOL VR 9?

    <blockquote><hr>SEAHORIZONS wrote:
    Kaspersky are saying that it is a ZA issue first!

    <hr></blockquote>

    Uuuhm? ZA issue? Upload the file to virustotal and report back about Kaspersky results. It should detect the same.
    If not, probably your signature are not updated or you are uploading a 0 file size or you have a problem in ZA.

    Kaspersky do not discriminate between OEM, you can submit virus or false positive without problems to them.

    Cheers,
    Fax

    Message Edited by fax on 04-24-2008 12:37 PM

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  5. #5
    seahorizons Guest

    Default Re: WIN32.ZLOB.LPS - is it a false positive with AOL VR 9?

    Hi FaxI have uploaded a zipped file to Kaspersky.
    I will keep you posted.Seahorizons

  6. #6
    seahorizons Guest

    Default Re: WIN32.ZLOB.LPS - is it a false positive with AOL VR 9?

    Hi FaxI sent the file off to Kaspersky Lab UK, and I should record the fact that they have been incredibly helpful and responded very swiftly to all communications.
    The report was that there file did not contain anything malicious.
    The file being acs\multiOS.dll.I would not like to say that it is therefore a false positive. I can only report what I have found.
    I updated the virus definitions file today (as I do every day) and the problem did not repeat itself even though I restored the &quot;quarantined&quot; file.
    It seems to be a necessary file for AOL VR9 - without which the user cannot load the browser and connect to the internet.Hope that helps - and, indeed, many thanks for yours.Seahorizons

  7. #7
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,286

    Default Re: WIN32.ZLOB.LPS - is it a false positive with AOL VR 9?

    Hi!
    I am not sure I follow but, did you restored the file from the quarantine?
    Is it still detected as malicious by ZA?

    To sum up. Kaspersky products have same signature than ZASS products.
    So, something that is detected by ZASS is also detected by KAV.

    When you are confronted with false positives, you should:

    1. Upload the file to virustotal.com to double check that KAV (at virustotal) also detects the same.
    2. If yes, then send the file to Kaspersky. If it is a false positive you will be notified.
    3. If it is not and KAV (at virustotal) does not detect anything then, you have different possibilities:

    a) It was the AS engine and not the AV engine
    b) The false positive have been corrected but your signature are not yet updated (manual update)
    c) Your ZA is not working correctly

    Hope this helps.

    Cheers,
    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  8. #8
    seahorizons Guest

    Default Re: WIN32.ZLOB.LPS - is it a false positive with AOL VR 9?

    Hi Fax
    Yes, the file &quot;acs\multiOS.dll&quot; - which was quarantined - is part of
    the aol connectivity service.

    The
    file
    was sent in a zipped file to Kaspersky to check.
    The reply was &quot;No malicious software was found in the attached file&quot;.
    I restored the 'infected' file
    from quarantine in ZA (virus quarantine - not spyware)
    - I turned off ZA - and I then restarted AOL which this time loaded correctly.

    When I turned ZA back on, the multi)OS.dll
    file was detected on a virus scan (not a spyware scan), and ZA put the file
    back into quarantine (virus).
    However, I updated the virus definitions
    at about midday (UK time).
    I again restored the multiOS.dll
    file (out of quarantine)
    and for some reason the file is no longer treated as a zlop virus by ZA.
    And that really is it.
    ZA has been working well for months on my vista machine -
    very impressed with the package - so it might have been a blip.
    Odd
    - but there it is.

    Seahorizons

  9. #9
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,286

    Default Re: WIN32.ZLOB.LPS - is it a false positive with AOL VR 9?

    Hi!
    ok, now its clear... it was a false positive that at the time of reporting it was already corrected.
    Once you have updated the AV signature the file was not anymore detected as malware.

    May be you could set your AV to update every hour, so to speed up the release of AV signatures.

    Thanks.

    Cheers,
    Fax

    Message Edited by fax on 04-25-2008 10:07 AM

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  10. #10
    seahorizons Guest

    Default Re: WIN32.ZLOB.LPS - is it a false positive with AOL VR 9?

    Hi FaxYes, sounds a good idea.
    I am pretty good about updating definitions but there is an object lesson here - it shows you the pace of change!!Many thanks for all your help.Seahorizons

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •