TightVNC is NOT malware, per se...

[Jaz]

I have two home PCs, each running Avast home. Today they are barking that WinVNC.exe & VNCHOOKS.dll are malware. (They are not!) Perhaps they can be used by worm/trojan/spyware writing jerks, but TightVNC itself was developed for good, not evil.

Is there a way that I can tell Avast [permanently] that TightVNC is not spyware?

Should I consider running RealVNC instead of TightVNC?

Thanks -- Jaz

[Seb2]

Check this thread.

http://forum.avast.com/index.php?topic=21246.0

[Jaz]

Thanks for that pointer. I excluded both WinVNC.exe and VNCHOOKS.dll, but Avast still warns me about them. Do I need to reboot?

Would Avast warn me against RealVNC too?

[Lisandro]

Thanks for that pointer. I excluded both WinVNC.exe and VNCHOOKS.dll, but Avast still warns me about them. Do I need to reboot?

Would Avast warn me against RealVNC too?

For the Standard Shield provider (on-access scanning):
Left click the 'a' blue icon, click on the provider icon at left and then Customize.
Go to Advanced tab and click on Add button...

For the other providers (on-demmand scanning):
Right click the 'a' blue icon, click Program Settings.
Go to Exclusions tab and click on Add button...

You can use wildcards like * and ?.
But be carefull, you should 'exclude' that many files that let your system in danger.

[Jaz]

For On-Access Scanner, this brings up a box named 'Resident Protection'. I don't see anyway to make changes to any providers. That window/box has only Pause, Terminate, and Details buttons.

To set VNC exclusion, do I need to find Network Provider settings? Sorry, I just don't understand why the exclusion in program settings doesn't stop the alerts.

[DavidR]

Click on the Details button it will show you the list of all providers, select the Standard Shield provider, Customize... button, Advanced Tab, Add, then enter the path to the file.

[hashinclude]

OK - This really sucks.

I was happily using Avast (4) and TightVNC (1.2.9) for quite some time now. I went out for about 10 days, leaving my home PC running with VNC, and routinely used to VNC into it for my personal work.

I come back, and find the "Malware found" screen staring at me. I hit no action, and it keeps complaining about something or the other (everything to do ONLY WITH TightVNC).

Because I couldn't find an easy way to put VNC in the "safe list" (as described in this and http://forum.avast.com/index.php?topic=21246.0 forums), I uninstalled Avast (bad user interface in another thread!)

Now -- because Avast "blocked access" to the file EVEN THOUGH I SAID TO NOT TAKE ANY ACTION, I can no longer use VNC, even though Avast is long gone and forgotten from my system. Or is it ...


I tried to remove and install VNC - no luck. Into a different directory, no luck. WinVNC.EXE (the one from the installation) is NOT ALLOWED TO BE EXECUTED. How on earth do I tell windows (save a reinstall) to IGNORE THE CRAP Avast put there?

The exact error from the command line is this:
-----------------------------------------------------------
C:\Program Files\Virtual Network Connection>WinVNC
Access is denied.
-------------------------------------------------------------

~h

[igor]

avast! didn't put "any crap" there.
avast! blocks access to the files detected as viruses only when it's running - the block is certainly not permanent. So, either avast! is still there (but I believe the detection of VNC is already gone for some time, so it wouldn't be the cause either), or you have some other program (antivirus?) installed that blocks the access. Or, according to the message, you might simply not have enough rights for the file (try the "security" tab) - but you'd have to have removed them yourself.

[hashinclude]

avast! blocks access to the files detected as viruses only when it's running - the block is certainly not permanent.

I thought so too, but

So, either avast! is still there (but I believe the detection of VNC is already gone for some time, so it wouldn't be the cause either), or you have some other program (antivirus?) installed that blocks the access.

Nope, and nope. I do NOT have another antivirus, and I have UNINSTALLED avast (so, hopefully, it should no longer be running - what is the name it comes up as in the process list?)

Or, according to the message, you might simply not have enough rights for the file (try the "security" tab) - but you'd have to have removed them yourself.

Uh huh. An administrator not having rights ... even after a re-install into a new directory !?!

Apparantly, whatever is blocking access is doing so on the file hash, rather than where it is installed (I tried changing the directory for VNC in a fresh install, which still wouldnt work). For the moment, I've sorted it out with using a different version of VNC (so a different, and "safe" hash).

[igor]

Nope, and nope. I do NOT have another antivirus, and I have UNINSTALLED avast (so, hopefully, it should no longer be running - what is the name it comes up as in the process list?)

Let's say at least ashServ.exe would have to be running.

Uh huh. An administrator not having rights ... even after a re-install into a new directory !?!

Sure it's possible that administrator doesn't have rights (but he has the right to grant these rights, if he wants) - just check the file properties. But you are right that it would be rather strange for newly installed location.

Apparantly, whatever is blocking access is doing so on the file hash, rather than where it is installed (I tried changing the directory for VNC in a fresh install, which still wouldnt work). For the moment, I've sorted it out with using a different version of VNC (so a different, and "safe" hash).

Hmm... do you use any firewall?

[hashinclude]

Let's say at least ashServ.exe would have to be running.

Stupid! Stupid! Stupid! (thwacks self with cluebat). I am supposed to REBOOT  :'( Sorry about that (ashServ was, indeed, running).

But quite strange that an uninstall doesnt kill the running process though. Oh well ... this is added to list of things to remember

Thanks for the help. Considering that I now know how to put VNC in the safe list, avast!'s getting installed again.

EDIT

Hmm... do you use any firewall?

Just the windows firewall, but I already had VNC in its Exceptions List (and was using it quite a bit too)

~h