Possibly false-pos in malware scan when installing CFP

Hi there

I’d like to ask you I’m installing the comodo firewall pro latest version and after it’s installed a malware scan was offered by CFP so I decided to run it. It found something in the file upgradeTool_360JJ9C0.exe that is a firmware upgrade tool for the Zyxel routers and can be downloaded from www.zyxel.com.
There’s written that it’s an “Anti.Zipexe.02(ID = 0x152e6)” that I don’t understand what it is.

Is it false-positive? I checked it on www.virustotal.com and only one of 36 scans found this>
F-Secure 7.60.13501.0 2008.08.31 Suspicious:W32/Torvil.a!Gemini

But I don’t believe the Zyxel would provide an upgrade tool with a malicious code in it.

What do you suggest to do now?

Thx in advance…


p.s. I know this issue is related to malware scan but I made it in firewall topic because it’s happening when installing the firewall pro but if moderators decide move it please elsewhere (I couldn’t decide if the malware scan is external program or an internal one of the firewall installer).

HE!!O tc20

Hmmm… ZYXEL is a BRAND of IPDSLAM and Routers that PHILIPPINE LONG DISTANCE TELEPHONE COMPANY (PLDT) is using here for a DSL Services. just go to Miscellaneous then SUBMIT those executable to Comodo Lab if you suspect that the updates are compromised.

(:LOV) (:LOV) (:LOV)
(:LOV) (:LOV) (:LOV)
(:LOV) (:LOV) (:LOV)

kdone !

thx for fast response…

I’d also report it to Zyxel, just incase an update has been compromised. They’re quite responsive to user reports.

Ewen :slight_smile:

As it says Anti Zip my guess this .exe has a lot of files in it and is therefore seen as a antizip bomb.

Say you have a zip file with a very huge number of files which compress very high, and you should extract this than your disk will be filled until it’s full. This attack is used to do DOS attacks on virus scanners (SMTP/WEB) etc…


wow guys I haven’t experienced such quick responses even m$ should learn from you how to keep their customers, not to say that their software are paid…but I could talk about some of bank customer centers also or corporate helpdesk etc…


Well, thank you panic for that one I’d have done it too I just didn’t think about making a report - maybe for waiting the result from you first… - they sure should know about this issue ^^