Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: Symantec detecting NSIS as trojan.zlob. - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Symantec detecting NSIS as trojan.zlob.
We have received several emails regarding Wireshark ( the new version of Ethereal) being detected as infected with trojan.zlob.  After investigation it appears that this is a false positive with Symantec AV def's that are currently in use and that it is actually the NSIS (Nullsoft Installer) that is triggering the alert. 

NSIS Installers

Nullsoft Installer (NSIS) is an open source program that is used by many companies including WINAMP, WireShark and probably others to create low cost installers.  Apparently this is not the first time that Symantec has had a false positive on the NSIS installer. 

WinAmp Advisory


279 Posts
ISC Handler
Jul 4th 2006

Sign Up for Free or Log In to start participating in the conversation!