Author Topic: Is RtVOsd.exe ok to allow?  (Read 40080 times)

Offline ALANT

  • Comodo Family Member
  • ***
  • Posts: 68
Is RtVOsd.exe ok to allow?
« on: May 11, 2011, 05:44:14 PM »
Hello everyone,
  I got tired of sandboxing RtVOsd.exe, so I started blocking it.  Now I allow it.  Is this a safe executable?  Where do I enter this in the application so I don't need to keep acting on it?  Note:  this is only on my laptop and not my pc.  Thanks, Alan
1.) Gateway DX4831 PC / Windows 7 Home Premium
      64-BIT OS / 6GB RAM / 1TB HDD / Verizon DSL/Comodo Internet Security Premium
2.) Compaq Presario laptop CQ56-115DX/Windows 7 Home Premium
      64-BIT OS / 2GB RAM / 250GB HDD / Verizon DSL/Comodo Internet Security Premium
3.) Dell Inspiron Mi

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 19722
Re: Is RtVOsd.exe ok to allow?
« Reply #1 on: May 11, 2011, 06:22:07 PM »
It looks like it belongs to one of Realtek's driver according to this: http://www.backgroundtask.eu/Systeemtaken/taakinfo/41374/RtVOsd.exe/ .

This page gives for two versions the matching Hash code. Can you check if the hash code is the same as the one given there? I use Hashtab to retrieve and compare hash codes of files.

Can you see if this file is digitally signed? If so check the signature and see if it is valid.

Offline disPPlay

  • Malware Research Group
  • Comodo's Hero
  • *****
  • Posts: 843
  • WE <3 COMODO
Re: Is RtVOsd.exe ok to allow?
« Reply #2 on: May 15, 2011, 01:49:11 PM »
RtVOsd.exe is not signed so there is no need to see the certificate since if it's from realtek it will not have it.


Like Eric said the best way to determine if the file is really a part of realtek compare the hash to one of there

Code: [Select]
1846B3350918FD3197AC004182079959
AC7E8D970E94D70C8B06FE68C658BB8F

Offline ALANT

  • Comodo Family Member
  • ***
  • Posts: 68
Re: Is RtVOsd.exe ok to allow?
« Reply #3 on: May 16, 2011, 05:10:29 PM »
Ok.  I installed HASHTAB, but now what?  This isn't a Windows pop-up box that I get.  It's a COMODO DEFENSE+ ALERT pop-up.  I can't right click on it.
1.) Gateway DX4831 PC / Windows 7 Home Premium
      64-BIT OS / 6GB RAM / 1TB HDD / Verizon DSL/Comodo Internet Security Premium
2.) Compaq Presario laptop CQ56-115DX/Windows 7 Home Premium
      64-BIT OS / 2GB RAM / 250GB HDD / Verizon DSL/Comodo Internet Security Premium
3.) Dell Inspiron Mi

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 19722
Re: Is RtVOsd.exe ok to allow?
« Reply #4 on: May 16, 2011, 05:21:25 PM »
Can you post a screenshot of the D+ alert you get and it what situation it occurs?

Offline ALANT

  • Comodo Family Member
  • ***
  • Posts: 68
Re: Is RtVOsd.exe ok to allow?
« Reply #5 on: May 17, 2011, 08:06:12 PM »
I might be reposting this same reply.  I can't see it took.  Anyway, I attached the screenshot.  Here's steps followed for the  error:
-restarted laptop
-appeared when clicked firefox
-restarted
-appeared when clicked ie
-restarted
-popped up after about 2 minutes (no browser open)
-started composing this message.
-walked away for half hour
-came back and woke up laptop
web page still up with no popup box
-popup appeared.
1.) Gateway DX4831 PC / Windows 7 Home Premium
      64-BIT OS / 6GB RAM / 1TB HDD / Verizon DSL/Comodo Internet Security Premium
2.) Compaq Presario laptop CQ56-115DX/Windows 7 Home Premium
      64-BIT OS / 2GB RAM / 250GB HDD / Verizon DSL/Comodo Internet Security Premium
3.) Dell Inspiron Mi

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 19722
Re: Is RtVOsd.exe ok to allow?
« Reply #6 on: May 18, 2011, 09:18:13 AM »
Ok.  I installed HASHTAB, but now what?  This isn't a Windows pop-up box that I get.  It's a COMODO DEFENSE+ ALERT pop-up.  I can't right click on it.
To see the Hash code of RtVOsd.exe you need to look up the file in Windows Explorer. Select it, right click , choose Properties and navigate to the File Hashes tab. Now you can compare the hash provided in this topic with the hash code of the file.

When in the Properties dialogue please check the version number of RtVOsd.exe.

Offline ALANT

  • Comodo Family Member
  • ***
  • Posts: 68
Re: Is RtVOsd.exe ok to allow?
« Reply #7 on: May 19, 2011, 05:19:59 AM »
Where do I find the file?
1.) Gateway DX4831 PC / Windows 7 Home Premium
      64-BIT OS / 6GB RAM / 1TB HDD / Verizon DSL/Comodo Internet Security Premium
2.) Compaq Presario laptop CQ56-115DX/Windows 7 Home Premium
      64-BIT OS / 2GB RAM / 250GB HDD / Verizon DSL/Comodo Internet Security Premium
3.) Dell Inspiron Mi

Offline panic

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11458
  • Linux is free only if your time is worthless.;-)
Re: Is RtVOsd.exe ok to allow?
« Reply #8 on: May 19, 2011, 06:52:39 AM »
Where do I find the file?

Assuming you have Windows 7;

1. Open Device Manager
2. Open the "Sound, video and game controllers" item
3. Locate your Realtek audio device in the list
4. Right click this entry and select PROPERTIES
5. In the Properties windows, click DRIVER DETAILS
6. In the Drive File Details windows, scroll down until you find the entry for RtVOsd.exe
7. This will show the file location path
8. In Explorer, go to the file path from step 7
9. Find RtVOsd.exe and then right click, select Properties and navigate to the File Hashes tab
10. Now you can compare the hash provided in this topic with the hash code of the file on your system

Hope this helps,
Ewen :-)

As your mums would say, "If you can't play nice with all the other kiddies, go home".
All users are asked to please read and abide by the  Comodo Forum Policy.
If you can't conform, don't use the forum.

Offline ALANT

  • Comodo Family Member
  • ***
  • Posts: 68
Re: Is RtVOsd.exe ok to allow?
« Reply #9 on: May 19, 2011, 06:47:52 PM »
These are the only executables on the list:
aertsr64
ravbg64
ravcpl64
rtkngui64
rtlupd64

Is it one of these?
1.) Gateway DX4831 PC / Windows 7 Home Premium
      64-BIT OS / 6GB RAM / 1TB HDD / Verizon DSL/Comodo Internet Security Premium
2.) Compaq Presario laptop CQ56-115DX/Windows 7 Home Premium
      64-BIT OS / 2GB RAM / 250GB HDD / Verizon DSL/Comodo Internet Security Premium
3.) Dell Inspiron Mi

Offline panic

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11458
  • Linux is free only if your time is worthless.;-)
Re: Is RtVOsd.exe ok to allow?
« Reply #10 on: May 19, 2011, 09:43:36 PM »
These are the only executables on the list:
aertsr64
ravbg64
ravcpl64
rtkngui64
rtlupd64

Is it one of these?

No, so RtVOsd.exe is an application not a driver.

Have you tried doing a Windows search for RtVOsd.exe? Either that or tried looking for a folder called something like "Realtek" in your PROGRAM FILES folder?

Ewen :-)
As your mums would say, "If you can't play nice with all the other kiddies, go home".
All users are asked to please read and abide by the  Comodo Forum Policy.
If you can't conform, don't use the forum.

Offline Radaghast

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 4068
Re: Is RtVOsd.exe ok to allow?
« Reply #11 on: May 19, 2011, 10:29:49 PM »
If you've been blocking the file, all the information you need to find it will be in the firewall and/or Defense+ log files. However, if I remember correctly, it should be found in:

C:\Program Files\Realtek\Audio\OSD\

It's related to the Realtek audio subsystem.
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.”

Offline ALANT

  • Comodo Family Member
  • ***
  • Posts: 68
Re: Is RtVOsd.exe ok to allow?
« Reply #12 on: May 20, 2011, 07:46:43 PM »
Attached is a snapshot of the hash.
1.) Gateway DX4831 PC / Windows 7 Home Premium
      64-BIT OS / 6GB RAM / 1TB HDD / Verizon DSL/Comodo Internet Security Premium
2.) Compaq Presario laptop CQ56-115DX/Windows 7 Home Premium
      64-BIT OS / 2GB RAM / 250GB HDD / Verizon DSL/Comodo Internet Security Premium
3.) Dell Inspiron Mi

Offline Radaghast

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 4068
Re: Is RtVOsd.exe ok to allow?
« Reply #13 on: May 20, 2011, 08:58:42 PM »
If you copy the MD5 hash from the site Eric linked to http://www.backgroundtask.eu/Systeemtaken/taakinfo/41374/RtVOsd.exe/ in to the Has Comparison text field and click Compare a file, it will tell you if they're same. try the third one for version 1.0.0.6
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.”

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 19722
Re: Is RtVOsd.exe ok to allow?
« Reply #14 on: May 21, 2011, 09:20:59 AM »
AlanT is using a 64 bits Win 7. It is not clear to me whether the files at that page are for 32 bits or 64 bits OS.

I have an Realtek onboard audio chip. The executables of the driver suite are all digitally signed. The quickest way to get an answer to whether the file is what it says it is,is to see if the file is digitally signed and has a valid signature.

 

Seo4Smf 2.0 © SmfMod.Com | Smf Destek