FP - WINVNC.EXE

Tazzin · March 28, 2009, 1:27pm

Comodo Internet Security has detected this a malware, this started detecting on the date of 3-23-2009 but I have been usingUltraVNC for several months now… I add this to ‘My Own Safe Files’ each time it pops up but it re-captures this as a new malware each of time I start my computer. View attached screenshots of My Own Safe Files & Anti-Virus Events… UltraVNC version Win32 Server 1.0.5.3, link for this version of install is http://sc.uvnc.com/download/click.php?id=2

Product Web Site: http://www.uvnc.com/
Name of Detection: Unclassified Malware (or) Unclassified Malware[at]12274344
Virus Signature Database Version: 1087

If you need any further information please just ask, I will gladly provide.

Thanks,
Tazzin

[attachment deleted by admin]

sriramp · March 28, 2009, 1:41pm

Hi tazzin,

The reported file is an unsafe WinVNC application. It is a potentially unsafe application belonging to UltraVNC. Please add this file to your exclusion list if you really want to continue using the software.

Regards,
Sriram.P

Tazzin · March 31, 2009, 3:19am

Thanks, sriramp, i’m trying to find the Exclusion section now… thanks for the information, I haven’t had a issue until recently so something in the updates is triggering this… but thanks for the info…

sriramp · March 31, 2009, 9:57am

Hi tazzin,

In CIS, You have an option in “AntiVirus” tab, select ScannerSettings-> Exclusions. From where you can exclude the sample from detection.

Thanks and Regards,
Sriram.P

Tazzin · April 14, 2009, 1:42am

Well, I guess I’m just an idiot… :o I have added the exclusion to my machine and all is fine… I have added it to my wifes machine as an exclusion and it still keeps popping up as a threat, and the winvnc.exe is now added to the exclusions list about 5 or more times now (each time is pops up I add it to the exclusions list). I have tried removing and only adding it once and that is still no good… any other suggestions?

Thanks for all the help, let me know if you need any information, i’ll gladly provide to help troubleshoot…

Tazzin…

Vladimyr · April 15, 2009, 5:29am

You may need to add the folder location to the list of exclusions.

Typically:
C:\Program Files\UltraVNC*.*

Did the trick for me (and I was even able to do it remotely ). I just hope no malware writers are now poised to exploit this necessary “hiding place”. :o

fOrTy_7 · April 15, 2009, 5:28pm

You can add C:\Program Files\UltraVNC* to My Protected Files so that any change to that folder made by an unsafe application would be caught by Defense+.

Vladimyr · April 16, 2009, 3:27am

Thanks fOrTy_7 for the extra advice.

So because CIS considers VNC software to be “unsafe” but can only deal with it as if was a virus, I have added its location to:

Antivirus,>Scanner Settings>Exclusions
Defense+>My own Safe Files

and in order to protect what CIS considers to be an unsafe application from any truly unsafe application, I’ve now also added it to:

Defense+>My Protected Files

I can’t help thinking that there needs to be a greater level of sophistiaction built-in to the CIS program, rather than relying so much on the user’s knowledge and diligence to control malware actions!