SEARCH

The How-To Geek Forums Have Migrated to Discourse

How-To Geek Forums / Geek Stuff

(SOLVED) Comodo scan

(15 posts)
  • Started 6 years ago by BobJam
  • Latest reply from jack7h3r1pp3r
  • Topic Viewed 2917 times

BobJam
BobJam
Posts: 1052

I have the Comodo firewall installed, and I ran a scan today with it (the Defense + module, which is a rudimentary HIPS, has an on-demand virus scanning capability), and it showed six detections.

Four of them, according to the people on the Comodo forum, are false positives. They are simply Windows time zone routines.

But there are two that I'm a little concerned about, and they are both associated with CrossLoop:

The reason I'm asking about them here instead of the Comodo forum is because the Geek has written a piece about CrossLoop, and I know ScottW has used it (with me and I thank him for that), and the Comodo people seem to not be too aware of what CrossLoop is.

I know CrossLoop uses the TightVNC open source module, and it is a Remote Assistance type of software. Hence, it likely uses something similar to a trojan to manipulate someone else's desktop.

My AntiVir virus scan DID NOT detect anything on this, which makes me believe more that this is a false positive.

I Googled these detections, and all I got was removal techniques. I'm reluctant to remove these things because I don't want to disable Crossloop if indeed they are false positives and CrossLoop needs them.

Thoughts??

(Whoops . . . I see I posted this thing in the Vista forum, and I should have done it in another forum.)

Posted 6 years ago
Top
 
Lighthouse
Lighthouse
Posts: 13598

BobJam. Do you want me to send you one of the Crossloop .dlls (or exe's) to compare with yours?

Posted 6 years ago
Top
 
whs
whs
Posts: 17584

BobJam, a completely unrelated question: What is the snipping tool you were using for the above posting. I like the comment fields. I use FSCapture which is similar, but not quite as nice.

Posted 6 years ago
Top
 
BobJam
BobJam
Posts: 1052

LH,

Yes . . . thanks. And is there some software I can use to do a bit-by-bit comparison?

whs,

I use SnagIt by Techsmith. Have been using it for about ten years now and have been very satisfied. It has a lot of capabilities to edit images. In fact, I also use it as a graphics editing program.

Posted 6 years ago
Top
 
Lighthouse
Lighthouse
Posts: 13598

OK. .dll en route by email. Ironocally, I would have to send .exe's via Crossloop (I do know another way, but a bit dodgy)

Posted 6 years ago
Top
 
BobJam
BobJam
Posts: 1052

LH,

Got it . . . thanks. File has the same number of bytes as mine. But wanted to compare the two in more depth. Don't know how to do it though, so I'll repeat my question to you: Is there some software I can use to do a bit-by-bit comparison?

I DID run an Antivir scan on my file, and it came up clean.

Thinking about doing some on line scans on it too.

I'm pretty sure my detections with the Comodo scan were false positives, but . . . I'm pretty paranoid about this stuff.

Posted 6 years ago
Top
 
whs
whs
Posts: 17584

BobJam, thanks for the Snaglt hint. I'll have to talk to my finance minister whether $50 are in the budget.

Posted 6 years ago
Top
 
BobJam
BobJam
Posts: 1052

whs,

Yeah, I haven't found any free ones that have the same editing capability as SnagIt. Gadwin's Print Screen is a good free screen capture utility but it doesn't have any of the editing capabilities that SnagIt has.

I take it your "finance minister" is the . . . BOSS! I.e. your other half that controls the purse strings (and a lot of other stuff too . . . like mine even has her own remote and over-rides mine and changes the channels on the TV whether I like it or not)

Posted 6 years ago
Top
 
whs
whs
Posts: 17584

Well, we men are really the disadvantaged species. But the TV problem I solved by putting one into every room.

Posted 6 years ago
Top
 
ScottW
ScottW
Posts: 6609

There's no need to send files through e-mail to verify they are the same. Just post a cryptographic hash. I have copied below the MD5 hash for the two files in question from my system. I have scanned these files with multiple virus and spyware scanners and they have not been called out.

VNCHooks.dll (MD5) => 12320B551BF9555C02CC114ACEABDE96
winvnc.exe (MD5) => F58F2F89A111B08A26EAD3A8FD56B65C

Posted 6 years ago
Top
 
ScottW
ScottW
Posts: 6609

Bob, but wait, there's more! I also have tzchange.exe files on my system that are not called out as malware.

I just remembered that we were using virustotal.com in another thread to check for viruses. It uses 36 different scanning engines. I gave it vnchooks.dll and it returns 7 hits out of 36 scanners. However, most of the hits have a little note that it's not a virus. For example:

Kaspersky: "not-a-virus:RemoteAdmin.Win32.WinVNC-based.b"
McAfee: "potentially unwanted program RemAdm-TightVNC"

BTW, you also get an MD5 hash on the file and if it has already been scanned recently, it will show you the last results.

As for the remote control in my home theater, I have a fancy universal, programmable, learning remote that is so complicated that The Boss has never bothered to learn how to use it. She doesn't need to because she can just order me to change channels!

Posted 6 years ago
Top
 
BobJam
BobJam
Posts: 1052

Thanks, ScottW. The digital fingerprints (MD5 Algorithm) for your files and mine are the SAME. Cool . . . now I'm at peace ('till the BOSS changes the channel . . . or orders ME to do it, ScottW . . . all of which will be solved when I implement whs's solution).

And ScottW, that Virustotal site is pretty slick.

LH, Scott, or Sarah . . . you can mark this thread solved.

Posted 6 years ago
Top
 
jack7h3r1pp3r
jack7h3r1pp3r
Posts: 2815

@bobjam you can mark it as solved too all you have to do is go up to your first post and hit the edit link and edit the title :)

Posted 6 years ago
Top
 
BobJam
BobJam
Posts: 1052

Done . . . thanks, jack (learn something new every day).

Posted 6 years ago
Top
 
jack7h3r1pp3r
jack7h3r1pp3r
Posts: 2815

glad i could be of help and it does look like i arrived at just the right moment lol :D

Posted 6 years ago
Top
 



Topic Closed

This topic has been closed to new replies.