Threat Level: green Handler on Duty: Tom Webb

SANS ISC: Symantec detecting NSIS as trojan.zlob. - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Symantec detecting NSIS as trojan.zlob.
We have received several emails regarding Wireshark ( the new version of Ethereal) being detected as infected with trojan.zlob.  After investigation it appears that this is a false positive with Symantec AV def's that are currently in use and that it is actually the NSIS (Nullsoft Installer) that is triggering the alert. 

NSIS Installers

Nullsoft Installer (NSIS) is an open source program that is used by many companies including WINAMP, WireShark and probably others to create low cost installers.  Apparently this is not the first time that Symantec has had a false positive on the NSIS installer. 

WinAmp Advisory


Deborah

278 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!