Author Topic: False positive - logmein.com (Read 2747 times)

myxiplx · « **on:** July 22, 2006, 03:17:28 PM »

I think I've found a false positive with the remote control software used by logmein.com.

When I logged onto the site to remotely support a friend, Avast popped up a warning about the following file:
c:\windows\system32\ractrlkeyhook.dll

Malware name: Win32:Trojan-gen. {Other}
Malware type: Virus/Worm
VPS version: 0629-2, 21/07/2006

I don't believe this file to be a virus, and the following website also records that this is a file found with the logmein software:
http://research.sunbelt-software.com/threatdisplay.aspx?name=Remotely%20Anywhere%20Server%20Edition&threatid=41649

Ross

DavidR · « **Reply #1 on:** July 22, 2006, 03:31:20 PM »

The problem with this type of tool is intent as it can be used for good as well as evil.

You could also check the offending/suspect file at: Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. You can't do this with the file in the chest, you will need to move it out.
Or VirusTotal - Multi engine on-line virus scanner

If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced and Program Settings, Exclusions) and check scan it periodically using the ashQuick scan (right click scan), when it is no longer detected then remove it from the exclusions.
Also see (Mini Sticky) False Positives

Author Topic: False positive - logmein.com (Read 2747 times)

myxiplx

False positive - logmein.com

DavidR

Re: False positive - logmein.com