avast 4.7 Home Edition
Build Apr 20 4.7.817
VPS File apr 20 0616-3
re:
cz2stub.exe is a trojan named Win32:Delf-AAR
avast identifies a file that is installed by zipgenius
installer as a trojan. can you clarify whether this is
a false positive or a zipgenius problem?
i have followed avast advice and impounded the file.
i uninstalled and reinstalled zip genius with the
same result.
Hello 
Well, it’s probably a false positive, but can you first update your VPS to the latest one - 0616-4 and after that if the file is still shown as a virus, submit the file to virusscan.jotti.org to see if only avast! detects the file as a virus, if so - zip the file in password protected archive (usually the password is “virus”) and for e-mail subject write something like"False Positive" and send the e-mail with the file to virus@avast.com 
If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced and Program Settings, Exclusions) and check scan it periodically using the ashQuick scan (right click scan), when it is no longer detected then remove it from the exclusions.
Also see (Mini Sticky) False Positives
Hello.
That IS a false positive.
I updated my Avast! to v4.7.817 and latest VPS and got the same warning.
I can confirm because I am the developer: the file cz2stub.exe is a small executable file that can convert ZIP archives in executable CZIP files (executable encrypted archives). This module is UPX-compressed and Avast! fails the same way just like NOD32 and F-Prot did for other UPX-ed ZipGenius files.
Cheers
I’m just an avast user so you might want to send a sample of the cz2stub.exe zipped and password protected (‘virus’, will do) to virus @ avast.com (no spaces).
Give a brief outline of the problem (possibly a link to this thread), the fact that as the developer, you believe it to be a false positive and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.
You might want to say why it fails “This module is UPX-compressed and Avast! fails the same way just like NOD32 and F-Prot did for other UPX-ed ZipGenius files” as you said.
anything new about this?
i did a bootscan less then 5min all go and got the same thing?
my Avast Version is: 4.7 home edition
some time ago i instill gozilla! a download manager it was loaded with adware-trojan crap, i remove all the items from it, maybe this is a left over and got into
could not send it in a e-mail:
Subject: Positive
Sent: 4/25/2006 2:41 AM
The following recipient(s) could not be reached:
'virus@avast.com' on 4/25/2006 2:42 AM
552 5.7.0 Illegal Attachment 45sm3200008wri
sorry i try;)
Avast! AVS updated today i rescan that file it clean, i have restore it to were it came from.
thanks all ;D
That’s good to hear.
If you have a similar problem with sending a sample in the future, did you zip and password protect the attachment or just send it as an exe file ? This may cause many email servers to deny the email.
You could also add the file to the User Files, Open the avast Chest, click User Files (1), File, Add (2), this will copy the suspect file into the chest. Once you have done that, highlight the file and email to Alwil Software (3).
A pop-up window will allow for the addition of any comments, leave the email method at IMAP (default) and send it to Alwil.
i zip it up and made it into a password. try to send it got that message
Strange, I assume that you used ZipGenius to zip it, perhaps that may have been the problem since the detection was on a zipgenius file. Thankfully the false positive is now resolved.
I confirm: VPS 0617-1 resolves the false positive.
Thank you all
ZipGenius -
Thank you for coming to the forum and posting.
It is always helpful when a developer comes in and posts in a helpful manner.
All of us on this forum appreciate this.