Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: not-a-virus:RemoteAdmin ... false positive?

  1. #1
    PTRio Guest

    Default not-a-virus:RemoteAdmin ... false positive?

    not-a-virus:RemoteAdmin.Win32.WinVNC-based.f

    I remove the "threat" and Windows initiates an install program for QuickBooks when I open QB. Then, next time there is a virus scan (I scan daily) the same not-a-virus appears and I remove it. Open QB and Windows initiates an install program for QB. Ground Hogs day begins again. This is getting old.

  2. #2
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,287

    Default Re: not-a-virus:RemoteAdmin ... false positive?

    If you think its a false positive then follow the instruction below to report it:

    How to diagnose and/or report antivirus/antispyware false positives

    Thanks,
    Fax
    P.S. If you keep your ZA updated and always active a scan a day is way too much.

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    PTRio Guest

    Default Re: not-a-virus:RemoteAdmin ... false positive?

    I have no idea whether it is a false positive. I have seen other instances of this posted on the web, and on the Kaspersky site, but no real solution provided.

    What is the harm in daily scanning?

  4. #4
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,287

    Default Re: not-a-virus:RemoteAdmin ... false positive?

    Quote Originally Posted by PTRio View Post
    I have no idea whether it is a false positive.
    Of course you have no idea and the link given to you is to check if it is a false positive. This is by checking with virustotal and then sending to Kaspersky as indicated. A malware expert will confirm or not if it is a false positive. Just follow the instruction.

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  5. #5
    PTRio Guest

    Default Re: not-a-virus:RemoteAdmin ... false positive?

    I appreciate your help. Thanks. I did the upload, below is the report it produced, which seems to say that nobody knows whether it is a malware or not, despite the fact it has been uploaded a number of time.

    0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
    File name:
    RemoteAssist.exe
    Submission date:
    2010-10-02 18:53:39 (UTC)
    Current status:
    queued queued (#3) analysing finished

    Result:
    0/ 43 (0.0%)

    VT Community

    not reviewed
    Safety score: -


    AntivirusVersionLast UpdateResultAhnLab-V32010.10.02.002010.10.01-AntiVir7.10.12.1112010.10.01-Antiy-AVL2.0.3.72010.10.02-Authentium5.2.0.52010.10.02-Avast4.8.1351.02010.10.02-Avast55.0.594.02010.10.02-AVG9.0.0.8512010.10.02-BitDefender7.22010.10.02-CAT-QuickHeal11.002010.10.01-ClamAV0.96.2.0-git2010.10.02-Comodo62622010.10.02-DrWeb5.0.2.033002010.10.02-Emsisoft5.0.0.502010.10.02-eSafe7.0.17.02010.09.30-eTrust-Vet36.1.78892010.10.02-F-Prot4.6.2.1172010.10.01-F-Secure9.0.15370.02010.10.02-Fortinet4.1.143.02010.10.02-GData212010.10.02-IkarusT3.1.1.90.02010.10.02-Jiangmin13.0.9002010.10.02-K7AntiVirus9.63.26622010.10.02-Kaspersky7.0.0.1252010.10.02-McAfee5.400.0.11582010.10.02-McAfee-GW-Edition2010.1C2010.10.02-Microsoft1.62012010.10.02-NOD3254982010.10.02-Norman6.06.072010.10.02-nProtect2010-10-02.012010.10.02-Panda10.0.2.72010.10.02-PCTools7.0.3.52010.10.02-Prevx3.02010.10.02-Rising22.67.02.072010.09.30-Sophos4.58.02010.10.02-Sunbelt69662010.10.02-SUPERAntiSpyware4.40.0.10062010.10.02-Symantec20101.2.0.1612010.10.02-TheHacker6.7.0.1.0462010.10.02-TrendMicro9.120.0.10042010.10.02-TrendMicro-HouseCall9.120.0.10042010.10.02-VBA323.12.14.12010.10.01-ViRobot2010.8.31.40172010.10.02-VirusBuster12.66.11.02010.10.02-Additional information
    Show all
    MD5 : 3c47359db2e66a05e19bac793bb7ddb5SHA1 : 4fc622e4f08d868e5b7c8fbd3a1e0982a321d38dSHA256: 16d9c8f2a4fc00a01816fb51f76a9498e934f7d7b27af1b97b 3b12c8961866e7ssdeep: 98304:fwZfGMTPQLco1gufrVqV26hgDFrteSdr8PQfZ93EAqGA Jj7RdMi:fwZfGMkASVqV26hgD
    neSlTZ9U9UiFile size : 6299589 bytesFirst seen: 2009-07-25 23:01:59Last seen : 2010-10-02 18:53:39TrID:
    Win64 Executable Generic (59.6%)
    Win32 Executable MS Visual C++ (generic) (26.2%)
    Win32 Executable Generic (5.9%)
    Win32 Dynamic Link Library (generic) (5.2%)
    Generic Win/DOS Executable (1.3%)sigcheck:
    publisher....: SupportSoft
    copyright....: Copyright (C) 2004 InstallShield Software Corp.
    product......: SupportSoft Agent Controls
    description..: Setup Launcher
    original name: setup.exe
    internal name: setup.exe
    file version.: 1.02.0006
    comments.....:
    signers......: -
    signing date.: -
    verified.....: Unsigned
    PEiD: Armadillo v1.71PEInfo: PE structure information

    [[ basic data ]]
    entrypointaddress: 0x1D92C
    timedatestamp....: 0x40844969 (Mon Apr 19 21:49:29 2004)
    machinetype......: 0x14c (I386)

    [[ 4 section(s) ]]
    name, viradd, virsiz, rawdsiz, ntropy, md5
    .text, 0x1000, 0x26EB6, 0x27000, 6.57, 9e3ee622222dea8209d8bb3ba612a293
    .rdata, 0x28000, 0x4A78, 0x5000, 5.11, 9b8526767d0e9fcd79803bcb8f534898
    .data, 0x2D000, 0x9358, 0x5000, 3.21, 7e2390cb81c469170e93c4bdf34cea2a
    .rsrc, 0x37000, 0xA2D0, 0xB000, 7.24, 1c4655b630936c55b4c1d784d1d27bb2

    [[ 9 import(s) ]]
    VERSION.dll: VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
    SHELL32.dll: SHBrowseForFolderA, SHGetMalloc, SHGetPathFromIDListA
    COMCTL32.dll: -
    KERNEL32.dll: GetLastError, WideCharToMultiByte, DeleteFileA, lstrlenW, InterlockedIncrement, InterlockedDecrement, QueryPerformanceFrequency, CreateEventA, Sleep, lstrcatA, CompareStringA, CompareStringW, GetVersionExA, SetFilePointer, SetFileAttributesA, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, FreeLibrary, GetProcAddress, LoadLibraryA, LockResource, LoadResource, SizeofResource, FindResourceA, CreateProcessA, GetSystemDefaultLCID, GlobalHandle, VerLanguageNameA, SetCurrentDirectoryA, WaitForSingleObject, GetSystemInfo, MulDiv, GetModuleFileNameA, IsValidCodePage, GetVersion, FlushFileBuffers, SetEndOfFile, LocalFree, FormatMessageA, GetDiskFreeSpaceA, GetDriveTypeA, CreateDirectoryA, RemoveDirectoryA, GetExitCodeProcess, GetCurrentProcess, GetCurrentThread, GetLocaleInfoA, UnhandledExceptionFilter, lstrlenA, GetACP, GetCPInfo, SetUnhandledExceptionFilter, IsBadWritePtr, VirtualAlloc, VirtualFree, SetLastError, HeapDestroy, GetEnvironmentVariableA, LCMapStringW, LCMapStringA, DeleteCriticalSection, InitializeCriticalSection, TlsGetValue, TlsAlloc, TlsSetValue, GetCurrentThreadId, HeapSize, HeapReAlloc, LeaveCriticalSection, EnterCriticalSection, GetCommandLineA, GetStartupInfoA, GetModuleHandleA, TerminateProcess, ExitProcess, RaiseException, RtlUnwind, SystemTimeToFileTime, QueryPerformanceCounter, ResetEvent, SetEvent, GetShortPathNameA, SearchPathA, FindFirstFileA, VirtualProtect, VirtualQuery, GetStdHandle, FindClose, GetFileType, GetStringTypeA, GetStringTypeW, IsBadReadPtr, IsBadCodePtr, SetStdHandle, CreateFileA, GetFileSize, GlobalAlloc, CloseHandle, GlobalLock, ReadFile, GlobalUnlock, GlobalFree, CopyFileA, MultiByteToWideChar, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, CreateThread, GetExitCodeThread, GetTickCount, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GetTempPathA, SetErrorMode, GetWindowsDirectoryA, GetTempFileNameA, GetFileAttributesA, GetProcessHeap, HeapAlloc, HeapFree, WriteFile, lstrcpynA, lstrcpyA, CreateFileMappingA, MapViewOfFile, HeapCreate, UnmapViewOfFile, GetEnvironmentStringsW, SetHandleCount, GetOEMCP
    USER32.dll: GetParent, GetWindowTextLengthA, GetWindowTextA, MoveWindow, GetWindowPlacement, DrawIcon, DestroyIcon, GetDlgCtrlID, SetWindowTextA, FillRect, GetSysColor, GetSysColorBrush, IsDialogMessageA, EnableWindow, GetDlgItemTextA, GetWindow, SetCursor, UpdateWindow, GetClassInfoA, wvsprintfA, LoadStringA, SendMessageA, GetSystemMetrics, SetRect, FindWindowA, IntersectRect, SubtractRect, CharPrevA, DestroyWindow, CreateDialogParamA, CharNextA, MessageBoxA, WaitForInputIdle, GetWindowLongA, BeginPaint, EndPaint, SetWindowLongA, GetClientRect, ClientToScreen, SetWindowPos, GetWindowDC, EndDialog, GetDlgItem, ShowWindow, DialogBoxParamA, GetDesktopWindow, wsprintfA, MsgWaitForMultipleObjects, PeekMessageA, DefWindowProcA, PostMessageA, KillTimer, PostQuitMessage, SetTimer, LoadIconA, LoadCursorA, RegisterClassA, CreateWindowExA, GetMessageA, TranslateMessage, DispatchMessageA, GetDC, ReleaseDC, ExitWindowsEx, SendDlgItemMessageA, IsWindow, CharLowerBuffA, GetWindowRect
    GDI32.dll: GetTextExtentPoint32A, SetBkMode, SetTextColor, GetObjectA, CreateFontIndirectA, CreateSolidBrush, CreateCompatibleDC, SelectObject, CreateFontA, DeleteDC, DeleteObject, GetStockObject, GetSystemPaletteEntries, CreatePalette, GetDeviceCaps, SelectPalette, RealizePalette, CreateDIBitmap, BitBlt, TranslateCharsetInfo
    ADVAPI32.dll: RegQueryValueA, RegOpenKeyA, RegOpenKeyExA, RegQueryValueExA, RegCloseKey, RegSetValueExA, RegCreateKeyExA, RegEnumValueA, RegDeleteKeyA, AdjustTokenPrivileges, LookupPrivilegeValueA, OpenProcessToken, FreeSid, EqualSid, AllocateAndInitializeSid, GetTokenInformation, OpenThreadToken, RegDeleteValueA
    ole32.dll: StringFromCLSID, CoTaskMemFree, CoCreateGuid, CoCreateInstance, GetRunningObjectTable, StgIsStorageFile, StgOpenStorage, CoUninitialize, CoInitialize, CreateItemMoniker
    OLEAUT32.dll: -, -, -, -, -, -, -
    ExifTool:
    file metadata
    CharacterSet: Windows, Latin1
    CodeSize: 159744
    Comments:
    CompanyName: SupportSoft
    EntryPoint: 0x1d92c
    FileDescription: Setup Launcher
    FileFlagsMask: 0x0002
    FileOS: Windows 16-bit
    FileSize: 6.0 MB
    FileSubtype: 0
    FileType: Win32 EXE
    FileVersion: 1.02.0006
    FileVersionNumber: 9.50.98.0
    ImageVersion: 0.0
    InitializedDataSize: 106496
    InternalName: setup.exe
    LanguageCode: English (U.S.)
    LegalCopyright: Copyright (C) 2004 InstallShield Software Corp.
    LinkerVersion: 6.0
    MIMEType: application/octet-stream
    MachineType: Intel 386 or later, and compatibles
    OSVersion: 4.0
    ObjectFileType: Executable application
    OriginalFilename: setup.exe
    PEType: PE32
    ProductName: SupportSoft Agent Controls
    ProductVersion: 1.02.0006
    ProductVersionNumber: 9.50.0.0
    Subsystem: Windows GUI
    SubsystemVersion: 4.0
    TimeStamp: 2004:04:19 23:49:29+02:00
    UninitializedDataSize: 0

    VT Community

    0
    This file has never been reviewed by any VT Community member. Be the first one to comment on it!

  6. #6
    Join Date
    Jun 2006
    Location
    The 3rd Coast - South Central Texas
    Posts
    10,463

    Default Re: not-a-virus:RemoteAdmin ... false positive?

    Quote Originally Posted by PTRio View Post
    \\

    What is the harm in daily scanning?
    I agree with Guru Fax..

    however, Checkpoint recommends Scanning once a month..
    If you Keep Windows Updated, and you keep your Zone Alarm updated and always active a scan a day is not necessary..

    There is no Harm in Scanning Daily, other than tying up computer Resource time..
    GeorgeV
    ZoneAlarm® Extreme Security


    Click here for ZA Support
    Monday-Saturday__ 6am to 10pm Central time
    Closed Sundays and Holidays

  7. #7
    PTRio Guest

    Default Re: not-a-virus:RemoteAdmin ... false positive?

    My scans are timed to run at 3:00 AM, so there is no downtime during working hours. I rather enjoy the feeling of sitting down for the work day and knowing there has been nothing detected (other than the annoying "virus" suspect mentioned in this thread, apparently related to Quickbooks). I travel frequently, and though I never use wireless one never knows what might be picked up from a hotel or other foreign connection.

  8. #8
    Join Date
    Jun 2006
    Location
    The 3rd Coast - South Central Texas
    Posts
    10,463

    Default Re: not-a-virus:RemoteAdmin ... false positive?

    What I get from the Results of the Virus-Total Scan, indicate to me that None of the 43 Virus Test detected your submission as a Virus..

    So you can assume that it is most likely a False Positive and not a known Virus..

    Result:
    0/ 43 (0.0%)
    GeorgeV
    ZoneAlarm® Extreme Security


    Click here for ZA Support
    Monday-Saturday__ 6am to 10pm Central time
    Closed Sundays and Holidays

  9. #9
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,287

    Default Re: not-a-virus:RemoteAdmin ... false positive?

    At the same time the name of file indicates its function... i.e. "remote control" of the system and thus the warning seems correct. A potentially dangerous software if used improperly.

    Why quickbook need this remote software? Is it normal? I never used quickbook so I cannot judge. If you trust the source than simply exclude it from the detection. This way:

    Go to the advanced options of the antivirus/antispyware section (Automatic Treatment) and set it to "Alert me - Do no treat automatically". Restore the file from Quarantine and next time the threat is detected, from the drop down menu choose: "ignore always". Next UNcheck the file from the 'on-demand' scanning under the advanced options of the antivirus/antispyware section (Scan targets).

    From now on you will not be bored by the detection.

    Cheers,
    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  10. #10
    PTRio Guest

    Default Re: not-a-virus:RemoteAdmin ... false positive?

    Thanks for your help on this. What bothers me about the "not a virus" is that QB will not run without it, it keeps reloading and installing that program at start up. So, I really have no choice but to accept it and have ZA ignore it.

    I presume the program has something to do with their support being able to remotely access the program. But, that too is very scary as QB is a financial bookkeeping software and has bank account numbers, balances, and other highly sensitive data which would be the very last thing I want to have accessed remotely by anyone. Now that I have a better idea as to what the file is and does I plan to take it up on the QB user board.

    Thanks again for your time and assistance.

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. not-a-virus:RemoteAdmin ... false positive?
    By anicius in forum ZoneAlarm Anti-virus & Anti-spyware
    Replies: 3
    Last Post: August 18th, 2010, 01:46 AM
  2. Virus or False Positive? Help
    By imtheslaw in forum ZoneAlarm Anti-virus & Anti-spyware
    Replies: 4
    Last Post: January 29th, 2009, 07:14 AM
  3. Virus.Win32.Virut.q false positive
    By kiwifella in forum ZoneAlarm Anti-virus & Anti-spyware
    Replies: 3
    Last Post: October 19th, 2008, 09:46 PM
  4. Is this a "false positive" or a real virus?
    By dlawrence in forum ZoneAlarm Anti-virus & Anti-spyware
    Replies: 21
    Last Post: April 12th, 2008, 06:21 PM
  5. Is this a "false positive" or real virus?
    By kludikovsky in forum ZoneAlarm Anti-virus & Anti-spyware
    Replies: 1
    Last Post: March 25th, 2008, 04:50 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •