02-27-2020 10:36 AM
As of 2/27/2020 TotalVirus is reporting EZhelp.20.exe as Generic.ml for Palo Alto Networks
Please help.
I updated EZhelp20.exe to include the latest winvnc.exe released this week by ultravnc.com version 1.2.3.0 updated to 1.2.4.0 for security and features update. This small change is triggering a false positive.
EZhelp is not a virus, malware, hacker tool or trojan and is not misleading in any way. Ezhelp does exactly what our users expect it to do and nothing more. It is a private helpdesk support program that uses ultravnc. Ezhelp is a portable program, that when ran by the user, puts its files in the user’s temp folder and it removes them when the user closes the program. The included files are SecureVNCPlugin.dsm, VNChooks.dll and winvnc.exe which can be found at the widely popular www.uvnc.com website. The included ultravnc.ini file increases security by preventing the user from accidentally allowing incoming connections into their own PC and only allows an outgoing secure encrypted connection to our helpdesk upon the user’s request. Those evaluating the software can look in the temp file and verify all of this. I am the author of the program and have been using it for two decades. Occasionally, EZhelp is updated to include the latest winvnc.exe from www.utravnc.com for its feature and security updates. Compiled with the popular Autoit default settings using UPX compression to reduce the file size by 30%
The virustotal link is for this detection is here https://www.virustotal.com/gui/file/48bb201df975b6b34380a3a1805707b12cf55ee1f4e22a83de3c46c6445cbd4d...
EZhelp20.exe can be downloaded directly from here http://ezhelp.github.io/software/EZhelp20.exe
Thank you in advance
CPC
03-09-2020 12:22 AM
Hello,
The file is rechecked based on the information provided by you, we have marked this file as clean. I hope this helps.
Best
03-02-2020 10:56 AM
Hello,
I have submitted the re-check request based on the hash. We could not download the file because the file was not zipped by a password, and will be blocked by the firewalls.
Best
Himani
03-03-2020 09:56 AM
Hello,
I heard back from our malware team, we have decided to keep this as malware based on their analysis.
Best Regards,
Himani
03-03-2020 10:05 AM
Thanks for your effort.
Who and how do I contact someone to correct this?
I can review the source code with them line by line if needed.
The program does exactly what our clients expect it to do and nothing more. It provides a secure reverse connection to only our helpdesk support using the popular winvnc. More secure then winvnc alone. It does nothing more then it should and I not misleading in any way.
Thanks
CPC
03-03-2020 10:20 AM
I will also add... I few weeks ago when I submitted this, you did not consider it malware. It then included winvnc version 1.2.3.0. The only change in the program since is then it includes the updated opensoruce. winvnc.exe 1.2.4.0 from www.ultravnc.com instead of 1.2.3.0
03-03-2020 03:26 PM
Hello,
Thank you for the new info, l will check again and update.
Best
Himani
03-04-2020 10:26 AM
Hello,
Can you zip this file "EZhelp20.exe " with password "infected" and host somewhere we can download? Also, include the previous file that was not considered as malicious.
kind regards
03-04-2020 02:08 PM
Hello
Here is a link for you. This zip includes several other zip files including the current version and previous version and a readme file for more information..
https://1drv.ms/u/s!AvUqD-bsZBOogaAbHgzQPF2_UBNZEQ?e=UrRa1G
If this information does not help get the program whitelisted.. please let me know how to escalate this issue ASAP. Again, I can walk someone line by line through the source code step by step as needed. I would think you have my email and phone number already via my profile if needed. It is very important, for us to use this program to support remote workers, especially now with corvid 19 and more workers working remotely from their homes.
Thank you
CPC
03-06-2020 08:05 AM
Hello.
We are rechecking this file on your request and I will update you.
Thanks
03-09-2020 12:22 AM
Hello,
The file is rechecked based on the information provided by you, we have marked this file as clean. I hope this helps.
Best
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
