a VNC false positive?

I used BO Cleaner last year for a while but had trouble with it. Thought I would give it another try. So far so good, except… While using VNC viewer I got a notice that a trojan was found in the VNC viewer file. I selected the option to stop it, and VNC worked fine. I ran VNC again and got the same warning. The BO Cleaner report is attached. Is this a false positive, or is it something to worry about?

[attachment deleted by admin]

Hey, Im unsure of the program cause I’ve never used VNC before… Have you submitted the file to www.virustotal.com \ http://camas.comodo.com/cgi-bin/submit ?

I have a similar problem, although I don’t think BOClean reports VNC viewer (RealVNC) as a virus. I have the VNC viewer excluded but every day it reports the file has changed (or something similar) so I have to exclude it again (everyday). Anyone else noticed this or is it just me?


Yes, I should say it is RealVNC Viewer. I ran it through virustotal and comodo malware analysis. Both said the files were okay. It is not a problem, just a minor inconvenience.

Did you send an email saying it is a false positive to comodo?

Heya boys :slight_smile:

Personaly I don’t know RealVNC - VNC Viewer, but when Googling it I see it is Remote Control Software. So I do think it is detected correctly by BOClean, but I am curious about Kevins opinion. Ofcource if you want to use the VNC Viewer, you can always add it to the Excluder.

Greetz, Red.

Being detected as RSK-WINVNC I guess it pertains the Riskware category. This means that it is possible to use that applicatin for malicious purposes if the user is not aware that a Remote Control software has been installed on his machine.

I guess IRC apps would fall in the same category too as it would be possible to install them on a compromised system in order to create a botnet

In the past every upgrade of the Comodo Antivirus software resulted in the exclusion list being erased, now (at least in regards to VNC) the exclusion list is just being out-right ignored.

I happen to use the TightVNC variant of VNC (some additional compression possible).

VNC is in and of itself not a malicious application, but it is remote control software, similar to Terminal Services, ICA(Citrix (R)), X-Wndows, and GoToMyPC (R).

I also happen to be a networking professional and happen to use a handful of PCs and other computer hardware for my own personal benefit. Under these circumstances, there are times when I need remote access to my computer and it is not necessarily possible to be physically infront of the PC in question.

I have done everything I can think of to prevent CAV from performing a quarantine on the winvnc.exe and vnchooks.dll files necessary to run the VNC server process.

Application path: C:\Program Files\TightVNC (this is the default)

Product Version: 3.8.65951.477
Virus Signature Database Version: 1049

I would not care if the only thing done when this application is accessed was a warning popup even with the files listed as both trusted for the Defense+ and Excluded for AV. The issue is that each time my PC starts up, these files get quarantined irregardless of the settings on any/all of the free Comodo products.