Can anyone tell me why urlcaller is considered a malware? I tried to install a program that has been reviewed with good marks, ManyCam. Apparently ManyCam uses the urlcaller.exe file. This causes anti-malware programs to delete, quaranteen, disable or whatever the program (ManyCam) that uses urlcaller. I have not been able to find any information on what urlcaller.exe is or waht it does that causes BOClean or any other anti malware to kill it.
Please reply to email or this forum, Thanks

Hi rlpmaverick

Welcome to the Comodo forum

I don’t know anything about urlcaller but if you know it is safe right click on the BOClean icon in your notification area and open the program excluder. Drag your file from Windows explorer to the excluder and you’re done.


I have been unable to find out anything about urlcaller.exe. I am not ready to exclude it from a search until I can find out more info. I am in communications with the developers of ManyCam to find out if it actually is something that their software uses. Or perhaps I came across a corrupted or violated install of ManyCam. If you know of any other resource that may have info on urlcaller, let me know. Thanks!

Perhaps I can help here … urlcaller.exe is somewhat “legitimate” … it’s a proggie written for coders who don’t know how to do that “intarwebs thang” as a program they can call to perform connections when they don’t know how to code it themselves. And while it’s “technically legitimate” it has been frequently used by malware to establish that upload of personal info, or download nasties, and thus after careful consideration, we’re going to KEEP detecting it given its malware usage.

What it does is provide internet functionality which can be called by another program with parameters passed to it. Unfortunately, since “zero day” detection of new threats can be difficult, and many “ne’er-do-wells” will make use of otherwise “legitimate tools” to simplify their tasks, we’ve always considered it very important for BOClean to detect components which are not properly controlled, can be called invisibly without warning to the user and other items which can raise “false positive” claims here and there. But we DO so in order to err on the side of caution, and to prevent new malware which utilizes otherwise poorly limited programs from being able to do damage. ManyCam appears to be clean itself, only the author can explain why they used urlcaller, though I suspect it was just easier than writing their own code.

MY advice would be to drag that program to the excluder - the urlcaller.exe IS acknowledged to be harmless in and of itself, but like I said, that file has turned up often in what I used to call “pseudo-rootkits” or to make the explanation a bit simpler, the “use of legitimate software for nefarious purposes so as to avoid detection by doing so.” That was my own definition of “pseudo-rootkits” back in the old BOClean days. It’s still done frequently, and results in a lot of complaints about “false alarms” with respect to BOClean even today. Since BOClean provides an excluder, my own attitude has always been “if you WANT to run it, we’re going to detect it, exclude it if you approve of its use.” We’ll still be able to spot OTHER copies of it if dropped without your knowledge, and that’s the basis of the design of BOClean. :slight_smile:

We have no choice but to tag many things which are used for illegitimate purposes on this basis, sometimes these ARE used legitimately. But we’d prefer to err on the side of caution than to let something truly nasty slip through because it’s supposedly “legit” otherwise. This is one of those. But it’s done for very good reason. :frowning: