Conrad Sallian's community posts

Hi Rob,

I saw the link and the false positive detections. However, the certificate information is wrong - well, outdated. Even if you use the version 6.10 to build a custom installer there must be another certificate, a valid one issued by DigiCert. Here is a screenshot:



Have you tried to reconfigure your build? That should help.

Hi Rob,

Is it a freshly built installer?

Hello,

One of those rare moments when it's not us who are getting blamed for the false positives, but the antivirus engine that generated them :)

Hello,

This registry location has data >> HKEY_LOCAL_MACHINE\SOFTWARE\Usoris\Remote Utilities Host\.

This registry entry contains the Host settings.

Well they do contain a different port number than your documents show, and also include a <server_private_key> and a <server_public_key>. Can these be used to track the attacker?

Neither of the this data can help with tracking the attacker. Only the logs can tell what was the originating IP address that was connecting to the machine. However, even that may not be necessary since it may be an address of a proxy server somewhere in India or Pakistan and knowing it won't help much.

I have blocked known ports on my firewall, but it would seem that an attacker can set their own ports. This is just a game of Whacka-Mole.

I'm sorry, but the software such as Remote Utilities cannot miraculously appear on your computer out of thin air. If it has been found on your computer, it only means that someone had gained unauthorized access to you computer (or network) previously and Remote Utilities being installed on your machine is your least problem. This is fighting with the effect, not the cause.

Hello,

Thank you for your message.

So my question is, how was your product installed on a Windows 10 Professional Desktop, without my knowledge or approval.

I'm sorry, but we have no idea how it could be installed. Perhaps, someone got unauthorized access to your computer and installed it (this is the most viable hypothesis). This can be applied to just about any software, not only Remote Utilities.

My next question is, how do I know what information / data has been downloaded from my Windows Desktop, and wh ere it was sent.

Unfortunately, we cannot answer this question either simply because if someone gains unauthorized access to your computer they can copy any information from it anywhere. How could we possibly know what information they may steal from that PC?

As per using Remote Utilities, we disclose what information is collected and how it is used in our privacy policy.

Remote Utilities is software for legitimate remote access and remote support. We bear no responsibility for unauthorized use of this software.

Hope that helps.

Hello Alessandro,

Thank you for your feedback.

Please, note that the purpose of this warning message/banner is to generally notify the user about the fact of someone being connected to their computer, not to give any specific details of the connection (i.e. the user is supposed to act immediately and terminate the connection if it's not authorized).

Also, this window is only shown in the free version because it's the one which was abused most. The commercial version doesn't show this banner.

Thanks.

Hello Jeff,

Neither RU Server nor Host provides IP address  binding. There used to be one on the Host long time ago, but we removed that feature because it was no longer necessary.

Thanks.

Hi Daniel ,

Thank you for your message.

Yes, this is one of our servers. The reason why your security software says that it might be malicious is that someone may use our legitimate software for malicious purpose and that use was detected. However, this doesn't make the server itself or the software malicious (which is pretty hard to explain to security experts given their level of paranoia:) ).

In other words, the fact that hackers use Windows or Linux to build viruses doesn't make these OSes malicious per se. Unfortunately, modern security software is mostly "reputation-based" and immediately flags benign software as a virus or "suspicious" if it was used at least once in some illegal activity (see technical support scam).

Hope that helps.

Hello,

We have rebuilt beta 12 (the files have now been replaced). Please, download them here and try installing again.

Let us know if the issue persists.

Thanks.

Hi Dave,

You are welcome.