Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ComboFix False Positive on Remote Utilities Software


  • Please log in to reply
20 replies to this topic

#1 remote-utilities

remote-utilities

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 16 November 2016 - 05:11 PM

Hi,

 

This Josh Tech Support for Usoris Systems LLC. We've received multiple complaints from our commercial end-users that have informed us in regards to ComboFix deleting a module on our Remote Utilities software during use. They've stated that they have never had this issue in the past with ComboFix running along with our Remote Utilities. I'm wondering if the developers have a communication channel where I could forward this type of request?

 

Thanks!



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:21 AM

Posted 16 November 2016 - 05:16 PM

I will pass along the information to sUBs, the developer but he most likely will want to see a log.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 remote-utilities

remote-utilities
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 16 November 2016 - 05:21 PM

We'll try to solicit one from our users or do it ourselves. Thanks for the help!



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:21 AM

Posted 16 November 2016 - 05:44 PM

Not a problem but just so you are aware, ComboFix was never designed to be a remote support tool...though I know many use it as such.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 remote-utilities

remote-utilities
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 16 November 2016 - 05:48 PM

We don't actually use our product as such but you're right some users do tend to commercialize our product along with ComboFix



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:21 AM

Posted 17 November 2016 - 06:41 AM

I provided sUBs a link to this topic...he read it but definitely needs to see a log where your software module was removed.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 remote-utilities

remote-utilities
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 24 November 2016 - 09:20 PM

Sorry for the late reply.. Logfiles: http://www.dropbox.com/s/1gaxr9opbjvwrtk/ComboFix%20Log%20False%20Positive.txt?dl=0

 

Aside from deleting our Host software while it was running. Combohost also deleted a beta version of our software which was not yet even installed and still an .msi file. 

 

S2 RManService;Usoris - Host;d:\program files (x86)\Remote Utilities Test\rutserv.exe;d:\program files (x86)\Remote Utilities Test\rutserv.exe [x]



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:21 AM

Posted 24 November 2016 - 09:40 PM

I have passed along the above information to sUBs.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 remote-utilities

remote-utilities
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 24 November 2016 - 09:50 PM

Thanks Quietman!



#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:21 AM

Posted 25 November 2016 - 06:38 AM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:21 AM

Posted 25 November 2016 - 08:43 AM

sUBs looked at your log and asked which one of the deletions is related to your program?
 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\CrashLog_20161005.txt
c:\cflog\EPLog.txt
c:\programdata\ntuser.pol
c:\programdata\Roaming


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 remote-utilities

remote-utilities
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 29 November 2016 - 06:40 AM

Hi, 

 

I apologize for the wrong information. I re-verified this issue by using it myself. CF doesnt actually delete our program, what it does is it stops our program from booting-up again after CF finishes and reboots the computer. Not sure if its related to any of the deleted files above. 



#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:21 AM

Posted 29 November 2016 - 06:53 AM

I will update sUBs...not sure if he can do anything about CF keeping your program from booting-up again but it doesn't hurt to check with him.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 remote-utilities

remote-utilities
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:21 PM

Posted 29 November 2016 - 07:27 AM

Wait let me double check this again.. I just ran CF again and this time it deleted all the files in our program.. Let me do some additional testing to get more information.. Sorry about this.. 



#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:21 AM

Posted 29 November 2016 - 07:35 AM

Ok.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users