Community


VirusTotal detection

Links used in this discussion
smile smurf, User (Posts: 1)
Jun 13, 2014 9:39:47 pm EDT
Support level: Free or trial
Hello,

Should we be concern that VirusTotal website detect that the remote utilities "agent.exe" as a risk, while others like  [censored] .exe does not?

https://www.virustotal.com
Edited:smile smurf - Jun 13, 2014 9:40:31 pm EDT
Anton Kalugin, User (Posts: 209)
Jun 15, 2014 3:06:44 am EDT
Support level: Free or trial
Hello,

At the moment only 2 of the 54 submitted antivirus programs detect Agent as a virus. This is a 100% false positive result and we already contacted the developers to solve this problem.
As you can see, such giants like DrWeb, ESET-NOD32 and Kaspersky already changed their response to our signatures to Program., RemoteUtilities. and not-a-virus:RemoteAdmin respectively. I think they can be trusted.

Don't hesitate to ask me, if you have any questions.
john kumpf, User (Posts: 85)
Dec 12, 2014 4:37:25 pm EST
Support level: Free or trial
Gah, it's gotten worse!

I looked up agent.exe at VirusTotal today.

13 detections.

I up-voted it, so now it has 4 up-votes, zero down.  But still.

Some have "RemoteUtilities" right in the name of the detection. What's up with that?
I mean, if they know exactly what program it is, why are they blocking it?

I suppose it's always possible that some malicious folk is trying to use the
RemoteUtilities agent to spy on their machine.
But agent requires user intervention before someone can do that, so, what gives?

The reason i looked this up is that Chrome would not let someone download it.

The VirusTotal report is at https://www.virustotal.com/en/file/00ac7713d4eb20fcf58c61d827c84105b979fef83a127d7e­f1799bb322f8c26a/analysis/

Here's it's header (I had trouble posting the entire report in here):

SHA256:          00ac7713d4eb20fcf58c61d827c84105b979fef83a127d7ef1799bb322f8c26a
File name:       agent.exe
Detection ratio: 13 / 55
Analysis date:   2014-12-08 13:53:17 UTC ( 4 days, 7 hours ago )

Edited:john kumpf - Dec 12, 2014 4:56:11 pm EST
john kumpf, User (Posts: 85)
Dec 12, 2014 4:55:05 pm EST
Support level: Free or trial
Note 1: Internet Explorer (IE) let me download it.

Note 2: the workaround for downloading on Chrome (at least on this day, 12/12/2014--they change stuff over time) is:

In Chrome, after trying to download, Click "Show all downloads" in the lower right.

That pops up a list of all downloads. The top one should be the one we just tried to download. It is not marked in any way as agent.exe nor RemoteUtilities, just "This file is malicious, and Chrome has blocked it." with a big red scary icon.

Click "Recover malicious file" (the top one, if there is more than one).

A dialog pops up, click "Hurt me plenty" (lol).

And then it will download the file.

FYI:

Chrome's page on "Binary malware or unwanted software"
https://support.google.com/webmasters/answer/3258249

Points you to "Request a malware review or unwanted software review"
https://developers.google.com/web/fundamentals/security/hacked/request_review?visit_id=637346591669087141-1862447713&rd=1

You rut guys may have already done this, dunno.
Conrad Sallian, Support (Posts: 3074)
Dec 12, 2014 4:56:14 pm EST
Hi John

What's up with that? I mean, if they know exactly what program it is, why are they blocking it?

This is a good question and we constantly ask ourselves the same. Our website is clean and is being daily monitored by Symantec Norton Secured malware check. The program is signed with a valid VeriSign code signing certificate issued to our company name "Remote Utilities LLC". And we routinely send false positive reports to AV software vendors.    

There is only one explanation to this - many antivirus programs are simply poorly made and the business processes behind signature updates aren't thought out well. It's far easier to mark a file as "malicious" than it is to develop a thorough and foolproof review procedures to avoid false detection.

We are aware of this issue with Chrome and do our best to contact Google and resolve the issue. For some reason they keep detecting Agent as malicious even though we already sent them a review request and explained that the program is perfectly legitimate, signed and is being put on our website which itself is monitored for malware by a third-party (Symantec in this case).  

We'll keep working on this though. Hopefully it will be fixed soon.
Conrad Sallian, Support (Posts: 3074)
Dec 12, 2014 4:59:57 pm EST


You rut guys may have already done this, dunno.

Thank you John for taking the time writing this instruction. I hope it will help everyone to resolve the issue while our request to Google is being reviewed. We sent it couple of hours ago and normally such requests are reviewed for 24 hours or so.
john kumpf, User (Posts: 85)
Dec 16, 2014 9:28:42 pm EST
Support level: Free or trial
I wrote in https://www.remoteutilities.com/support/forums/forum5/403-another-workaround-for-downloading-agent.exe-in-firefox-which-results-in_-blocked_-may-contain-a-virus-or-spyware that the trick of downloading a .zip version of agent.exe, which works for Firefox, does NOT eliminate the problem for Chrome, unfortunately.

* Website time zone: America/New_York (UTC -5)