Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: vista exploit.php.userpic.a

  1. #1
    concerned_user Guest

    Default vista exploit.php.userpic.a

    I read that exploit.php.userpic.a is a false positive in ZA 70.483.000
    My sister ran ZA ( on Vista) scan this morning and it reported 3 instances of Exploit.PHP.Userpic.a in ZA help files.
    Two other computers in our house running ZA 7.1.248 on Vista
    were scanned this morning and reported no infections.
    Is this also a false positive?
    Definitions for all three computers were updated just before scanning.

    Operating System:Windows Vista Home Premium
    Software Version:7.1 (Vista)
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    evilimp Guest

    Default Re: vista exploit.php.userpic.a

    Doing a google search on this, there are other people with this same problem.
    I got the error too, just from downloading the update, but not even installing, it on one of my PC's.
    On that PC, I told it to delete the questionable file, and am running my zonealarm scan again.

    I'll be deleting my downloaded updates until something is resolved, as well. I hope it's a false positive, but I hope for the best and plan for the worst.

  3. #3
    signus Guest

    Default Re: vista exploit.php.userpic.a

    I have the same virus report on my XP system:Exploit.PHP.Userpic.a on file zaclients.chm inside Zone Labs\ZomeAlarm\Help\ folder
    This happened after
    instalation of 7.0.483 version fix

    Operating System: Windows XP SP2Software version: 7.0.483Product Name:
    ZoneAlarm Internet Security Suite

  4. #4
    riceorony Guest

    Default Re: vista exploit.php.userpic.a

    If it is the zaclients.chm file in the Programs/Zonealarm folder, then it has been identified as a False Positive by kaspersky

    It will be fixed in an upcoming update.

  5. #5
    mwidunn Guest

    Default Re: vista exploit.php.userpic.a

    But, what does that mean that it's a "false positive" that will be corrected?
    Does it mean there's no virus at all?Does it mean that a legitimate file in ZA is being scanned -- and, treated -- as a virus?What will be corrected:
    the possible virus?
    ZA's false reporting as a virus?

  6. #6
    riceorony Guest

    Default Re: vista exploit.php.userpic.a

    Question 1: "But, what does that mean that it's a "false positive" that will be corrected?"
    A false positive is basically what the word means. A legitimate or uninfected file is marked as being a threat/malicious malware.


    There are just TOO many different files in the world (whether it be operating system-wise or program-wise...). Some malware or viruses try to mask themselves by using some legitimate programing code shared by a legitimate file, so when an antivirus vendor writes a definition to catch the virus/malware, sometimes it will mistakenly also pick up the legitimate file because they share the same code (known as HASH files).

    Therefore, there is a virus named "Exploit.php.userpic.a" BUT if your zonealarm is detection the zlclient.chm file as a virus, then this is a false positive. Meaning zlclient.chm is a legitimate file and is being scanned and treated as a virus.

    Make note: it is not ZoneAlarms fault for the false positive detection. If you read reviews, ZA-Internet Security Suite (ZA-ISS) uses Kaspersky's Antivirus engine and definition files. So anything that your ZA-ISS detects is because of Kaspersky's engine and definitions. Kaspersky is currently the #1 in antivirus protection, detection, and new definition releases (sometimes up to 4 times a day versus other security vendors that release at max 1 time a day). Zone Alarms firewall that comes with ZA-ISS is the best firewall available that comes with any internet security suite, hands down. The ONLY drawback is that it requires a little more computer savvy-ness. So with your ZA-ISS purchase you are basically getting the #1 antivirus detection and the #1 firewall (in my opinion and also as verified by many other third party independent researchers).

    So therefore, Kaspersky has fixed the false reporting and if you update to the most current definitions (click on updates on your security suite) and unquarantine the file (restore the file). If you scan again you will see the file is no longer mis-detected.


  7. #7
    mwidunn Guest

    Default Re: vista exploit.php.userpic.a

    I'm not laying blame on anybody; I just wanted to be specific.
    A lot of people here seem to be very knowledgeable about computers, which I am not.
    So, people in the forums seemed to be
    assuming information that the average computer user doesn't know.
    Okay, . . . so, what you are saying is that the recent re-load of ZA was detecting the zlclient.chm file as
    Therefore, I should go into the Quarantine tab and remove Exploit.php.userpic.a from quarantine.

  8. #8
    concerned_user Guest

    Default Re: vista exploit.php.userpic.a

    A lot of people seem to be having this problen after downloading the update for ZA on an XP.
    There are already several threads about it here.
    My question is, in this case it's a Vista PC and no ZA update had been installed.
    Is it still a palse positive.

  9. #9
    riceorony Guest

    Default Re: vista exploit.php.userpic.a


    I apologize if my response seemed angry, it really wasn't ment to sound angry.

    Make sure to check your logs (Check the Anti-virus logs) and make sure that the file that was detected was zlclient.chm (from C:/Programs/Zone alarm....) if that was the file that was detected, then it is a false positive and can be saftely un-quarantined (restored). There is no degradation in the functionality of the ZA program if you choose to leave it in quarantine though.

  10. #10
    riceorony Guest

    Default Re: vista exploit.php.userpic.a


    As I stated above, the file being detected has nothing to do with whether you're using ZA on Windows XP or on Windows Vista (I'm using Vista Ultimate, and Vista Home Premium). The file is being detected as a false-positive due to a definitions file (the virus-definitions sent by Kaspersky's Antivirus that is used by ZA Internet Security Suite to detect infections). So therefore, if the detected file was zaclient.chm, then you can safetly restore the file from quarantine. However, if someother mysterious file was detected as Exploit.php.userpic.a, then you might have an infection.

    To check which file was detected, check your anti-virus logs. After you restore the file, you can update the newest definitions (click on update) and perform a rescan. You will notice that the file is no longer detected as a false-positive.


Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts