Rob Barrett's community posts

Conrad Sallian wrote:

Hi Rob,

This is from the recent message from Avast:

I'm very sorry that the signed file was blocked. The process is semi automatic based on virus definitions. If a page or file is suspicious, detection is created based on definitions. If this is a false positive detection, you need to report the detection as you did. Subsequently, the detection is reviewed manually by our specialists, who will determine whether the detection is correct or false. Even if it is a false detection, the detection is manually changed (turned off).

It's been 2022. Soon spaceships of earthlings will traverse the vast expanses of the Milky Way, and anti-virus companies will continue to manually add new legit software releases to exceptions, and require emailing a file no larger than 10 mb in an archive with the password "infected". :)

Truth.....

Conrad,
Did you see my link on the last post?

Hi Rob,

If all issues have been fixed it, just install the latest version. Otherwise, please send me the updated installation file and our ThreatLab will check it.

All Best,

Miro

AVG Customer Care Team
User-added image
AVG Support Center

https://www.avg.com/report-malicious-file


--------------- Original Message ---------------
From: Rob
Sent: 9/14/2022, 3:23 PM
To: support@help.avg.com
Subject: Re: AVG Customer Care - AVG: False positive file RMRESupportV8.exe

Those companies are big.. Try doing it with Msft....

So I am thinking that maybe you all, as the developer, can help to inform those companies of their errors

https://www.virustotal.com/gui/file/8c6764cecb249f71668631070b84f515566241a2b67177e­820c4e3d796a02d64/detection

I still have the old one but This has got to get fixed somehow.... Did you see the first link?

Conrad Sallian wrote:

Hi Rob,

Is it a freshly built installer?

Yes Conrad it is.... Most of my clients have AVG Free and now I have to go in an manually add the AVG folder Exception, which is a pain with A LOT of clients

So, I have been experiencing issues with clients that have AVG and Remote Utilities Host exe from MSI the msi configurator. All of a sudden, I am getting errors like exe can't be found due to the antivirus eating the file. I tried talking with AVG about it after submitting samples but they wouldn't listen.. This is what they said.
Thanks for your email. Please, check virustotal link -

https://www.virustotal.com/gui/file/8c6764cecb249f71668631070b84f515566241a2b67177e­820c4e3d796a02d64?nocache=1,

and our clean guidelines for more details
https://support.avg.com/supportarticleview?l=en&supporttype=home&urlname=avg-threat-lab-clean-guideline.

Thank you for your understanding.

Have a nice day.

Miro
AVG Customer Care Team
User-added image
AVG Support Center


Here is the results:


Basic Properties
MD5 a9d7effc8978c05bb06d704812be6a11
SHA-1 1400ba3ed9e1a0a8ad82fe281e1e60eda58a170a
SHA-256 8c6764cecb249f71668631070b84f515566241a2b67177e820c4e3d796a0­2d64
Vhash 01703e0f7d701013z11z401013z1015z13z101dz
Authentihash e7d227cb3f52c26a00ed9713719b79894e6f98f9570b50ea825ec1ec24d5­0a8e
Imphash 19b321cb7a9ce31c90397152f38b67ea
SSDEEP 393216:HFMfDRd5Luew5Pe8K6EKB5W+OilBRLOy2PvXeolk/j0vV066u3cSgEzcy:HED1uew5mmEQg+D3OvPvXeol0ju3cCzp
TLSH T1090733C2E3E00814F9FF437299F65F2C9A7AFC98AB79230E14E4B31574­A3D461916687
File type Win32 EXE
Magic PE32 executable for MS Windows (GUI) Intel 80386 32-bit
TrID UPX compressed Win32 Executable (66.6%)
TrID Win32 Executable (generic) (11%)
TrID WinArchiver Mountable compressed Archive (7.3%)
TrID OS/2 Executable (generic) (4.9%)
TrID Generic Win/DOS Executable (4.9%)
File size 17.33 MB (18173096 bytes)
PEiD packer UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
History
Creation Time 2019-07-02 13:49:38 UTC
Signature Date 03:31 PM 12/22/2020
First Submission 2022-09-09 14:26:08 UTC
Last Submission 2022-09-09 14:26:08 UTC
Last Analysis 2022-09-11 07:55:47 UTC
Signature Info
Signature Verification
A certificate was explicitly revoked by its issuer.
File Version Information
Copyright Copyright © 2019 Remote Utilities LLC. All rights reserved.
Product Remote Utilities
Description Remote Utilities
File Version 6.10.10.0
Date signed 2020-12-22 21:31:00 UTC
Signers
Remote Utilities LLC
Sectigo RSA Code Signing CA
USERTrust RSA Certification Authority
Sectigo (AAA)
Counter Signers
Symantec Time Stamping Services Signer - G4
Symantec Time Stamping Services CA - G2
Thawte Timestamping CA
X509 Certificates
Symantec Time Stamping Services CA - G2
Symantec Time Stamping Services Signer - G4
USERTrust RSA Certification Authority
Remote Utilities LLC
Sectigo RSA Code Signing CA
Portable Executable Info
Header
Target Machine Intel 386 or later processors and compatible processors
Compilation Timestamp 2019-07-02 13:49:38 UTC
Entry Point 21060288
Contained Sections 3
Sections
Name Virtual Address Virtual Size MD5 Chi2
UPX0 4096 20115456 d41d8cd98f00b204e9800998ecf8427e -1
UPX1 20119552 942080 17fae7ed8d11319ae1a1446ce4c278c1 121064.54
.rsrc 21061632 17223680 e3a0d47514d89c93abfb2fd8f402a626 870587.19
Imports
msvcrt.dll
version.dll
gdi32.dll
advapi32.dll
KERNEL32.DLL
SHFolder.dll
winspool.drv
netapi32.dll
shell32.dll
ole32.dll
Contained Resources By Type
RT_STRING 37
RT_RCDATA 11
RT_CURSOR 7
RT_GROUP_CURSOR 7
RT_ICON 6
UNICODEDATA 6
RT_GROUP_ICON 1
RT_VERSION 1
RT_MANIFEST 1
Contained Resources By Language
NEUTRAL 50
ENGLISH US 27
Contained Resources
SHA-256 File Type Type Language Entropy Chi2
26ad8bd8e5e67fa91f5e84623f14dfa392eba1b7742c1430f24039a16228­f0a2 unknown UNICODEDATA NEUTRAL 4.43 1344588.75
e0a16eb6441e280225f96b9fecb22f42ff8f3891f2c26121d96991b74f88­e9c9 unknown UNICODEDATA NEUTRAL 5.83 857141.5
85090d58aceb2ef630709a15e01e216740e85279abd5022b20b388a07015­c4db unknown UNICODEDATA NEUTRAL 5.65 39383.63
5b94876780408f50c0e7a298f9cb060f5bbcbc2ddf8894fb0edfa3a6b24d­35cd unknown UNICODEDATA NEUTRAL 5.13 1419150
4956615fe2817e88bbe53190d14a4b8f104706547b7eaf1852d686d86c7a­9f2c unknown UNICODEDATA NEUTRAL 5.25 1660242.5
Overlay
entropy 7.433434963226318
offset 18165248
chi2 10505.12
filetype unknown
md5 0fa93d29fc0ef891baf6a6c4170f3a3f
size 7848

Ok.... It looks like it worked.... NOW, how can I upload this to the existing hosts using the certified newly created version?

Pauline, I used the MSI configurator to do the last one that has been working for years but I just tried to create a host .exe that my clients can download from my website using custom server settings but I can't remember what steps I used for the exe and the silent install.