D+ Scan Detections [Resolved]

I ran a scan today and it showed six detections.

Four of them, according to other posts I’ve read on these forums, are false positives. They are simply Windows time zone routines.

But there are two that I’m a little concerned about, and they are both associated with CrossLoop:

I know CrossLoop uses the TightVNC open source module, and it is a Remote Assistance type of software. Hence, it likely uses something similar to a trojan to manipulate someone else’s desktop.

My AntiVir virus scan DID NOT detect anything on this, which makes me believe more that this is a false positive.

I Googled these detections, and all I got was removal techniques. I’m reluctant to remove these things because I don’t want to disable Crossloop if indeed they are false positives and CrossLoop needs them.

(BTW, I’ve used CrossLoop with ZA and had no problems, but I understand from a few posts here that you need to open a port with Comodo . . . obviously I haven’t used it yet with Comodo. Will have to fasten my seat belt when I do I guess)



tzchange.exe you are right about. Unsure about first 2.




Yes. Leoni, that link is about the time zone false positives, but it’s the two CrossLoop detections I’m worried about.

A friend on another forum sent me his CrossLoop VNCHooks.dll file, and I compared it with mine and it had the same number of bytes. But I’d like to compare the two in more depth, like byte-for-byte. So is there some program I can do that with??

I did scan both the files (the dll and winvnc.exe that showed up in the Comodo scan) with my AntiVir and they both showed clean.

I’m thinking about doing an on line scan on those files.

It’s probably a false positive, but I’m paranoid about these things.

Phewwww . . . I had a friend who had the same files and sent me a cryptographic hash (digital fingerprint . . . MD5 Algorithm) of them. And he had scanned his on the Virustotal site and it returned 7 hits out of 36 scanners. However, most of the hits have a little note that it’s not a virus. For example:

Kaspersky: “not-a-virus:RemoteAdmin.Win32.WinVNC-based.b”
McAfee: “potentially unwanted program RemAdm-TightVNC”

(BTW, you also get an MD5 hash on the file and if it has already been scanned recently, it will show you the last results.)

Anyway, I did the digital fingerprint on mine and they were the same as his. Plus I ran them through virustotal also and got the same results he did.

So, it was indeed a false positive.

Phewww, again.

+1 :wink:


Is this resolved yet for you?

It’s resolved for me.

Yes . . . you can close this, or mark it “solved” or whatever you Mods do to these things when the original poster says it’s solved . . . and it’s solved for me.