Author Topic: VNCHOOKS.DLL  (Read 14193 times)

0 Members and 1 Guest are viewing this topic.

[QEH]Nick

  • Guest
VNCHOOKS.DLL
« on: May 23, 2006, 11:49:19 AM »
Just recently (since yesterday I think) Avast has been deleting VNCHOOKS.DLL and calling it WIN32-Radmin[Tool].
This is causing us some headaches as we use VNC in our support duties.
I've marked up an exception in the meantime, but it will take a couple of days for that to deseminate and take effect.

Is this a deliberated detection or a false positive?

Offline seb

  • Newbie
  • *
  • Posts: 10
  • 'ELLO.
Re: VNCHOOKS.DLL
« Reply #1 on: May 23, 2006, 11:59:46 AM »
same here--- headache!

Offline Vlk

  • Global Moderator
  • Serious Graphoman
  • **
  • Posts: 11665
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: VNCHOOKS.DLL
« Reply #2 on: May 23, 2006, 01:45:05 PM »
It is an intentional detection (VNC - remote admin). It's marked as [Tool] - ie. potentially dangerous application...

However, given the feedback we've got from this, we've decided to remove the detection for now.

Hopefully, the headaches were not TOO hard - I mean, I hope you don't have VNC installed on a large number of machines...


I apologize for this trouble. Seems that before we can add these remote admin tools into the database, we'll have to provide you with a way to ignore them.
If at first you don't succeed, then skydiving's not for you.

[QEH]Nick

  • Guest
Re: VNCHOOKS.DLL
« Reply #3 on: May 23, 2006, 03:35:51 PM »
We do have it on all our machines, but it's been modified to not be active unless we initiate a connection.
Just a thought, why target the DLL instead of the EXE in that case?
« Last Edit: May 23, 2006, 03:37:23 PM by [QEH]Nick »

Offline Vlk

  • Global Moderator
  • Serious Graphoman
  • **
  • Posts: 11665
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re: VNCHOOKS.DLL
« Reply #4 on: May 23, 2006, 03:49:10 PM »
And the exe itself is not being detected?

It might be that the code that matters (i.e. the "backdoor" handling code) really resides in the DLL - hence the DLL is what gets detected...
If at first you don't succeed, then skydiving's not for you.

Offline seb

  • Newbie
  • *
  • Posts: 10
  • 'ELLO.
Re: VNCHOOKS.DLL
« Reply #5 on: May 23, 2006, 03:52:56 PM »
only the dll - on all our pcs... 80 seats...

Offline Bradford1040

  • Newbie
  • *
  • Posts: 1
Re: VNCHOOKS.DLL
« Reply #6 on: July 30, 2012, 11:38:10 AM »
it shows up also as I am downloading opensuse 12.1