As of 2/27/2020 TotalVirus is reporting EZhelp.20.exe as Generic.ml for Palo Alto Networks
I updated EZhelp20.exe to include the latest winvnc.exe released this week by ultravnc.com version 188.8.131.52 updated to 184.108.40.206 for security and features update. This small change is triggering a false positive.
EZhelp is not a virus, malware, hacker tool or trojan and is not misleading in any way. Ezhelp does exactly what our users expect it to do and nothing more. It is a private helpdesk support program that uses ultravnc. Ezhelp is a portable program, that when ran by the user, puts its files in the user’s temp folder and it removes them when the user closes the program. The included files are SecureVNCPlugin.dsm, VNChooks.dll and winvnc.exe which can be found at the widely popular www.uvnc.com website. The included ultravnc.ini file increases security by preventing the user from accidentally allowing incoming connections into their own PC and only allows an outgoing secure encrypted connection to our helpdesk upon the user’s request. Those evaluating the software can look in the temp file and verify all of this. I am the author of the program and have been using it for two decades. Occasionally, EZhelp is updated to include the latest winvnc.exe from www.utravnc.com for its feature and security updates. Compiled with the popular Autoit default settings using UPX compression to reduce the file size by 30%
The virustotal link is for this detection is here https://www.virustotal.com/gui/file/48bb201df975b6b34380a3a1805707b12cf55ee1f4e22a83de3c46c6445cbd4d...
EZhelp20.exe can be downloaded directly from here http://ezhelp.github.io/software/EZhelp20.exe
Thank you in advance
Solved! Go to Solution.
I have submitted the re-check request based on the hash. We could not download the file because the file was not zipped by a password, and will be blocked by the firewalls.
I heard back from our malware team, we have decided to keep this as malware based on their analysis.
Thanks for your effort.
Who and how do I contact someone to correct this?
I can review the source code with them line by line if needed.
The program does exactly what our clients expect it to do and nothing more. It provides a secure reverse connection to only our helpdesk support using the popular winvnc. More secure then winvnc alone. It does nothing more then it should and I not misleading in any way.
I will also add... I few weeks ago when I submitted this, you did not consider it malware. It then included winvnc version 220.127.116.11. The only change in the program since is then it includes the updated opensoruce. winvnc.exe 18.104.22.168 from www.ultravnc.com instead of 22.214.171.124
Can you zip this file "EZhelp20.exe " with password "infected" and host somewhere we can download? Also, include the previous file that was not considered as malicious.
Here is a link for you. This zip includes several other zip files including the current version and previous version and a readme file for more information..
If this information does not help get the program whitelisted.. please let me know how to escalate this issue ASAP. Again, I can walk someone line by line through the source code step by step as needed. I would think you have my email and phone number already via my profile if needed. It is very important, for us to use this program to support remote workers, especially now with corvid 19 and more workers working remotely from their homes.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!