ESET Antivirus detected a potential threat in Winzip Utilities

3Colors · 29 Aug 2014

Hi all, there is something that ESET detected as a potential threat and I'm not sure which option to take: disinfect it or to ignore it (as this within Winzip folder)
If this within Winzip folder, which I installed from a CD (not downloaded from internet). So it is false or positive ?

I was using the pc as usual, then turn off the monitor (approximately 30 minutes), I turn it on again and i see that message.

Gator · 29 Aug 2014

3Colors said:

Hi all, there is something that ESET detected as a potential threat and I'm not sure which option to take: disinfect it or to ignore it (as this within Winzip folder)
If this within Winzip folder, which I installed from a CD (not downloaded from internet). So it is false or positive ?

I was using the pc as usual, then turn off the monitor (approximately 30 minutes), I turn it on again and i see that message.

I believe that is a false positive but you can check.

You can use an online service such as Online MD5|SHA1 Hash Generator For File And Text

At the top right you can browse to the file in question.

Go here Malware scan of WINZIPSSRegClean.exe (WinZip System Utilities Suite) 2e498be0979ea3d16fc25812c29ba7c37a2ac69b - herdProtect and compare md5/sha1 hash. Towards the bottom there is a list of more sha1 hash's for different versions of WinZipSSregclean.exe

If your sha1/md5 don't match with any of them, its possible the file is corrupted in some way.

Jacee · 29 Aug 2014

Registry cleaners are not recommended for any Windows versions .... are you experiencing malware?

3Colors · 29 Aug 2014

Gator : Wow, a little confused there.

Jacee : The Winzip come from a cd of drivers. So I'm not sure if it's virus. I downloaded, installed and uninstalled the CCleaner. Never use it.

Gator · 29 Aug 2014

3Colors said:

Gator : Wow, a little confused there.

Jacee : The Winzip come from a cd of drivers. So I'm not sure if it's virus.i downloaded, installed and uninstalled the CCleaner. Never use it.

Sorry I wasn't clear enough. Basically I was going to have you check the hash because if in some way your file has been changed (ie malicious code was added) the hash would be different.

Either way, I believe this is a false positive however you can delete it if you don't use it. It's up to you.

3Colors · 29 Aug 2014

There will be no problem disinfect it and then uninstall it(Winzip)? Since I have installed 7-Zip

It may be that with each new update of antivirus detects something that is hidden ?

Because at the end of last year also in the same way, when I came back after several minutes, I saw this message.
I clicked on disinfect.

Gator · 30 Aug 2014

Yes you can delete it, in fact, if you have 7zip, you can get rid of everything that has to do with WinZip.

A good program to use to uninstall programs from your PC is Revo Uninstaller
Download Revo Uninstaller Freeware - Free and Full Download - Uninstall software, remove programs, solve uninstall problems

Find WinZip in the list of programs
Click Uninstall
Click Advanced
Click Next
Select All entries and delete them in the next two windows that pop up
Then click finish

WinZip should be completely removed.

3Colors · 30 Aug 2014

Right now I'm running the antivirus and it detected something...

3Colors · 30 Aug 2014

In the first message I clicked disinfect. Now i see this.

Gator · 30 Aug 2014

3Colors said:

In the first message I clicked disinfect. Now i see this.

You can go ahead and let your av program delete that and uninstall WinZip. I'm still under the impression that its most likely a false positive but pretty close to a PUP one way or the other.