Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - Symantec detecting NSIS as trojan.zlob. InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Symantec detecting NSIS as trojan.zlob.

Published: 2006-07-04
Last Updated: 2006-07-04 23:20:58 UTC
by Deborah Hale (Version: 1)
0 comment(s)
We have received several emails regarding Wireshark ( the new version of Ethereal) being detected as infected with trojan.zlob.  After investigation it appears that this is a false positive with Symantec AV def's that are currently in use and that it is actually the NSIS (Nullsoft Installer) that is triggering the alert. 

NSIS Installers

Nullsoft Installer (NSIS) is an open source program that is used by many companies including WINAMP, WireShark and probably others to create low cost installers.  Apparently this is not the first time that Symantec has had a false positive on the NSIS installer. 

WinAmp Advisory


Keywords:
0 comment(s)
Diary Archives