False positive- Radmin v2.2?

[david_avast]

 

Kind of frustrated at the moment. Apparently, avast decided to call my Remote Administrator (aka RADMIN) a virus and nuked it off my machine. I use this program quite a bit in my network to control machines and reboot machines when need be.

I checked with virustotal and it seems about 45% of them think it's a virus.

http://www.virustotal.com/analisis/b4619829f5de67e7adc24a639cc605c6

Any way I can get avast to fix this one? Even though on this report it doesn't call it a virus. Avast was my last hope in hoping I could avoid virus checkers "nuking on impact" when it finds it.

[FreewheelinFrank]

It not actually a false positive- the file is correctly identified as a tool which can be used maliciously in the wrong hands.

You'll need to exclude the file from future scans. There's a facility for doing this in avast! A forum search should bring up some more information.

[Lisandro]

You need to use the Exclusion lists:

For the Standard Shield provider (on-access scanning):
Left click the 'a' blue icon, click on the provider icon at left and then Customize.
Go to Advanced tab and click on Add button...

For the other providers (on-demand scanning such as the screen-saver or the Simple User Interface):
Right click the 'a' blue icon, click Program Settings.
Go to Exclusions tab and click on Add button...

You can use wildcards like * and ?.
But be careful, you should 'exclude' that many files that let your system in danger.

[jsejtko]

Hello guys,

This false positive will be corrected in next vps update. All the tools like this remoteAdmin will be taken as false positives. All of them are stored and ready to be detected, but only if avast will be able to disable detection of them -> potential unwanted programs.

Regards

[DavidR]

Kind of frustrated at the moment. Apparently, avast decided to call my Remote Administrator (aka RADMIN) a virus and nuked it off my machine. I use this program quite a bit in my network to control machines and reboot machines when need be.

Lets not forget it is the user decision that nuked it off your machine and not avast, it detects and alerts, the safest option is, 'first do no harm' don't delete, send virus to the chest and investigate.

This allows for restoring the detected file and being able to exclude it from scans if identified as a false positive or tool.

[david_avast]

Kind of frustrated at the moment. Apparently, avast decided to call my Remote Administrator (aka RADMIN) a virus and nuked it off my machine. I use this program quite a bit in my network to control machines and reboot machines when need be.

Lets not forget it is the user decision that nuked it off your machine and not avast, it detects and alerts, the safest option is, 'first do no harm' don't delete, send virus to the chest and investigate.

This allows for restoring the detected file and being able to exclude it from scans if identified as a false positive or tool.

Well when it nuked it last night I told it "no action" (clicked on the button) and it still nuked it anyway.

[Lisandro]

Well when it nuked it last night I told it "no action" (clicked on the button) and it still nuked it anyway.

Something is weird, it's not intended to work this way... no action is just 'no execute, no run', not delete, for sure.

[DavidR]

Well when it nuked it last night I told it "no action" (clicked on the button) and it still nuked it anyway.

Something is weird, it's not intended to work this way... no action is just 'no execute, no run', not delete, for sure.

Absolutely, the file should still be in the original location, avast just wouldn't let it run. Hopefully you should now have updated the VPS and you can run the program again.

[david_avast]

Updated:

Added the r_server.exe file to the exceptions. So now it no longer deletes it but it still doesn't allow it to run. As soon as it's loaded to memory the Avast dialog box pops up and says virus, and I tell it no action. When I try to run it again, I can't. It says I have no access to run the file.

Maybe uninstall/reinstall avast?


Another strange thing I just discovered is if I move the slider to "custom" and click ok, and I go back and check it, it's back to "normal" again.

[Lisandro]

This false positive will be corrected in next vps update.

You need to wait the next update or, if it is still released, update your virus database.
Maybe the file starts another process that runs in memory.
Are you really really sure this is a clean file?

[david_avast]

This false positive will be corrected in next vps update.

You need to wait the next update or, if it is still released, update your virus database.
Maybe the file starts another process that runs in memory.
Are you really really sure this is a clean file?

Well it came from Radmin's site when I bought a copy of it (a little over 4+ yrs ago) for about $50 if memory serves. It's my primary way to control my sister's laptop in NY, while I live in IL. I don't get to quite see the laptop every day of the week if you get my drift. Sure I could have her ship it to me for something serious and for something minor I guess I could resort to Windows Netmeeting on the worst case scenario

I guess my only other option is to use Remote Desktop (windows) and install ultraVNC. Least so far in my testing, Avast isn't deactivating that one.

[Lisandro]

I see. Most probably a false positive as this tool can be used by malicious software to connect to your computer.
You can test LogMeIn also, very good one with a free version.
https://secure.logmein.com/