Trend Micro offers this little freeware called RUBotted. It is still in beta. Apparently Returnil don't like it and pops up with warnings. Returnil would like to quarantine it. But RUBotted is fully legit and deserves better. Could you please look into this? Quote from Trend Micro's site:Monitor your computer for potential infection and suspicious activities associated with Bots. Upon discovering a potential infection, RUBotted prompts you to scan and clean your computer.RUBottet actually needs more development but that's not really the issue here. Trend Micro do not manufacture malware. ;)

Link: http://free.antivirus.com/rubotted/

Hi ePost and welcome to the forums :)

What is the text in messages for the detection?

Thanks
Mike

Thank you HColdmoon. 8) Here's the text. :) New message in RVS

Unknown () detected:
\DEVICE\HARDDISKVOLUME2\PROGRAM FILES\TREND MICRO\RUBOTTED\CONFIG\CONFIG.INI

Move to Quarantine

Please send a copy of the file to support (dash) tech (at) returnil (dot) com and reference this thread. In the interim, change your Virus Guard real time protection setting (preferences > Virus Guard tab) to "Do not use advanced rules analysis" and let me know if that provides relief from the detection.

Thanks
Mike

What file is it that you want me to email? I haven't changed any settings i the RUBotted program. It's all default. Everyone who installs RUBotted will have the file I wrote about above. So the problem is that Returnil is flagging a piece of legit Trend Micro software. Should i send your support a link to the RUBotted download and a link to this thread? I'm not sure what it is you need.

It's not just about me. The issue is of a more general kind...

-{ Quote: "change your Virus Guard real time protection setting (preferences > Virus Guard tab) to "Do not use advanced rules analysis" and let me know if that provides relief from the detection." }-
I never had advanced rules activated. Only proven rules. As I said: it's not just me. I'm not causing this. It really is Returnil flagging a legit Trend Micro program. I have RUBotted installed with it's default settings. That is also the case for Returnil. I have all settings as default. They way they were when I installed Returnil.

-{ Quote: "...What file is it that you want me to email?..." }-

C:\PROGRAM FILES\TREND MICRO\RUBOTTED\CONFIG\CONFIG.INI

-{ Quote: "I never had advanced rules activated. Only proven rules...." }-

That is OK. Please try changing the Virus Guard setting as I suggested in my previous post and let me know if the file is still flagged by RVS VG.

-{ Quote: "...As I said: it's not just me. I'm not causing this..." }-

I am aware of this. The actual detection (Ref: Unknown () detected: ) is generic and not precisely identified in the alert message. Having the file will allow us to investigate why it is being flagged...

Mike

-{ Quote: " Please try changing the Virus Guard setting as I suggested in my previous post and let me know if the file is still flagged by RVS VG. " }-Allright. Even though I don't see why I would want to lower the security level instead of having the issue solved. I'll email you support with the file and the thread link.

UPDATE: after changing the Virus Guard real time protection settings in -> preferences -> Virus Guard tab -> putting check mark in -> "Do not use advanced rules analysis", the popup still shows.

The problem is the same...

Ok, thanks for the verification and submission.

Mike

You're welcome. The case is now in the hands of your support guys. I'll let you know if here's any useful outcome of this.

A small mystery appeared. I got my Returnil from GAOTD. I activated it via the license code that I got as a message inside Returnil's GUI. And then it was valid for a year. But now the activation disappeared. And so did the message that had the licence code in it. I don't have a copy of it. The GUI writes that it's only the freeware edition I have now. Am I toast?

I downloaded on the 18. Okt. I don't understand a word of it. Not even the ordinary trial is active?