TotalVirus False-Positive EZhelp

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

TotalVirus False-Positive EZhelp

L1 Bithead

As of 2/27/2020  TotalVirus is reporting EZhelp.20.exe as Generic.ml  for Palo Alto Networks

Please help.

I updated EZhelp20.exe to include the latest winvnc.exe released this week by ultravnc.com  version 1.2.3.0 updated to 1.2.4.0 for security and features update.  This small change is triggering a false positive.

 

EZhelp is not a virus, malware, hacker tool or trojan and is not misleading in any way. Ezhelp does exactly what our users expect it to do and nothing more. It is a private helpdesk support program that uses ultravnc. Ezhelp is a portable program, that when ran by the user, puts its files in the user’s temp folder and it removes them when the user closes the program. The included files are SecureVNCPlugin.dsm, VNChooks.dll and winvnc.exe which can be found at the widely popular www.uvnc.com website. The included ultravnc.ini file increases security by preventing the user from accidentally allowing incoming connections into their own PC and only allows an outgoing secure encrypted connection to our helpdesk upon the user’s request. Those evaluating the software can look in the temp file and verify all of this. I am the author of the program and have been using it for two decades. Occasionally, EZhelp is updated to include the latest winvnc.exe from www.utravnc.com for its feature and security updates.  Compiled with the popular Autoit default settings using UPX compression to reduce the file size by 30%

 

The virustotal link is for this detection is here https://www.virustotal.com/gui/file/48bb201df975b6b34380a3a1805707b12cf55ee1f4e22a83de3c46c6445cbd4d...

 

EZhelp20.exe  can be downloaded directly from here http://ezhelp.github.io/software/EZhelp20.exe

 

Thank you in advance

CPC

9 REPLIES 9

Hello,

 

Thank you for the new info, l will check again and update.

 

Best

Himani

Himani Singh

Hello,

 

Can you zip this file "EZhelp20.exe " with password "infected" and host somewhere we can download? Also, include the previous file that was not considered as malicious.

 

kind regards

Himani Singh

Hello

 

Here is a link for you.  This zip includes several other zip files including the current version and previous version and a readme file for more information..

https://1drv.ms/u/s!AvUqD-bsZBOogaAbHgzQPF2_UBNZEQ?e=UrRa1G

 

If this information does not help get the program whitelisted.. please let me know how to escalate this issue ASAP.  Again, I can walk someone line by line through the source code step by step as needed.   I would think you have my email and phone number already via my profile if needed.  It is very important, for us to use this program to support remote workers, especially now with corvid 19 and more workers working remotely from their homes.

 

Thank you

CPC

Hello.

 

We are rechecking this file on your request and I will update you. 

 

Thanks

Himani Singh

Hello,

 

The file is rechecked based on the information provided by you, we have marked this file as clean. I hope this helps.

 

Best

 

Himani Singh
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!