BOClean breaks UltraVNC again[Resolved]

BOClean insists that the server for WinVNC (winvnc.exe) is a trojan. However, unlike the viewer which BOClean would leave alone if you put it in the ‘exclude’ folder, BOC seems to not care that you want to exclude it.

Bad BOClean. “Help us, KevinWan, you’re our only hope”…

Hi CyberGuy,
Sorry to here that there seems to be a FP on this. :-[
Part of the secret to BOClean’s success has always been customer participation in helping us keep things running smoothly… too many bad guys and never enough guns. :wink:
Please, any time you notice something like this, first submit a sample as outlined in our FAQ.

[u][b]Suspected False Positives?[/b][/u]

Q: Where do we send the files that are being alerted on that we suspect are FPs?

A: You can email them to: malwaresubmit [ at ] .
You may want to specify in the subject line “False Positive?” for clarity’s sake.
As usual, zip and password protect with “infected” including that information in the body.

Secondly, submit a support ticket here:

I’ll flag this to get the process started so we can get this looked into asap.
Appreciate the heads up!


Well, it’s not really a false positive, as VNC is a remote admin program that behaves like a trojan. It’s ok for BOC to flag it, cause if someone didn’t intentionally install it then it is good that they be warned that access to their system has been compromised. The problem I was having was that BOC wouldn’t let me exclude it from the scans.

However, this morning I had occasion to shut down the system in question and do a reboot. Just for the heck of it I tried to exclude winvnc.exe again, and this time it obeyed my request and is ignoring the file. I don’t know what is different today, as I did reboot last night as well, but it is working as expected today. I’ll try this on another system later today to see what happens.

Did you guys take the VNC detection out of the definitions? On a different computer I don’t seem to need to exclude vncviewer.exe or winvnc.exe.

Nevermind. The VNC on that box was an older version. The current version of VNC rings the bell with both vncviewer.exe and winvnc.exe. They do exclude fine, tho, so not to worry.

Feel free to mark this thread resolved/closed.

That’s weird that it now allows exclusion.
I wonder if something was interfering…
Marked and locked.