Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by ConradS

  1. Forgot to share a link with the customer request. Here it is. For your convenience I've also attached a zipped file in question. The archive password is 'infected'. Well, the file is not infected, of course. It's just a stupid tradition among antivirus software vendors to demand "zip file with the password 'infected'" :) rutserv.zip
  2. Hello Malwarebytes, Our customer reports here that Remote Utilities Host main executable file rutserv.exe is being flagged as malicious by MalwareBytes. Could you please check this? File details Name: rutserv.exe Hash: ce5ba1e5d70d95d52b89a1b8278ff8dd4d1e25c38c90ca202b43bdc014795d78 Signature: yes, EV Code Signing issued to Remote Utilities LLC by Digicert Inc. P.S. VirusTotal reports doesn't show anything but we are reporting this anyway. Perhaps, the VT Malwarebytes engine shows different results than the one in the software. Thanks.
  3. Hi Mieke, That's good to know. Unfortunately, we cannot test each and every engine of 60+ out there, that's why we use VirusTotal. Thank you.
  4. Hello, New version of Remote Utilities has been released. According to VirusTotal Malwarebytes heuristics detects the following files as malware: https://www.virustotal.com/gui/file/76de0734b74659ca76e9fc5462fe125e17cd65790da255738c5a018cea9b7dac/detection/f-76de0734b74659ca76e9fc5462fe125e17cd65790da255738c5a018cea9b7dac-1616638194 Please, remove the detection. Thanks.
  5. Hello, So you never whitelist remote access software based on digital signature? What about TeamViewer? Tech support scam has nothing to do with malware. It is social engineering.
  6. According to VirusTotal report Malwarebytes detects the Host file again. https://www.virustotal.com/gui/file/d4d3ef9196b5dac53d1e06d738eb3e529578752bf9e8cfd2900a600d5f10a7e5/detection
  7. Sorry for bothering you again, but here is a log our customer sent to us right now (I removed some personally identifiable information from the log): One question to you, sorry if that sounds a bit sarcastic. Are Malware virus analysts aware of the existing of digital certificates? I mean, that would really helped them a lot in their work if they were. For example, they could simply exclude the files digitally signed by Remote Utilities LLC (EV Code Signing issued by Digicert and Comodo) from the detection. That would save us all time and effort. What's the point detecting the same version/file over and over again if it's signed and not altered?
  8. Hi Mieke, Here is the VIrusTotal report https://www.virustotal.com/gui/file/d4d3ef9196b5dac53d1e06d738eb3e529578752bf9e8cfd2900a600d5f10a7e5/detection . It shows the detection. However, the VirusTotal report on the Agent file (which I initially reported in this thread) no longer shows a detection. Thanks.
  9. Hello, There is still the same detection on another similar file (Host), here is the VirusTotal report: https://www.virustotal.com/gui/file/d4d3ef9196b5dac53d1e06d738eb3e529578752bf9e8cfd2900a600d5f10a7e5/detection Thanks.
  10. Additional information - this is a new version which was only released a few days ago. Quite expectedly there are a number of false positves. Any Remote Utilities files including this one are signed with either an EV Code Signing certificate (Digicert) or Code Signing certificate (Comodo) issued to Remote Utilities LLC.
  11. Here is the VirusTotal report: https://www.virustotal.com/gui/file/53da1a16c1cd90fa7dd43e4e6d4bfb8b36ce8eb1d8918dda7aef01e9befbd1ff/detection/f-53da1a16c1cd90fa7dd43e4e6d4bfb8b36ce8eb1d8918dda7aef01e9befbd1ff-1615173008
  12. Sorry, forgot to provide the file information: SHA=256: 53da1a16c1cd90fa7dd43e4e6d4bfb8b36ce8eb1d8918dda7aef01e9befbd1ff
  13. Hello, According to VirusTotal.com Remote Utilities Agent is mistakenly detected as Malware.AI.4277518362 . Please, remove the detection.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.