Nod32 and Dameware MRC

Discussion in 'NOD32 version 2 Forum' started by aqtech, Aug 21, 2008.

Thread Status:
Not open for further replies.
  1. aqtech

    aqtech Registered Member

    Joined:
    Aug 21, 2008
    Posts:
    3
    I've been receiving these alerts today from a very high percentage of the PCs on one of the networks I manage. We use Dameware to remotely manage the PCs. It seems odd that I would be receiving this message from nearly all of the machines all at once. Is anybody else having this problem?? Is this a legitimate infection that has spread, or a false positive??

     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    Please send the file in an archive protected with the password "infected" and "False positive" in the subject to samples[at]eset.com. It may not be necessarily false positive as commercial tools for remote administration are detected as potentially unsafe applications.
     
  3. Ghosttown

    Ghosttown Registered Member

    Joined:
    Aug 22, 2008
    Posts:
    4
    We also have the same problem, using ESET NOD32 v3.0.669 Business Edition.

    Gerrit
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    I've installed Dameware 6 on a computer running fully updated ESS and didn't get any warning during installation. Are you using the most current version 3378? If so, please submit the file as described in my previous post.
     
  5. Ghosttown

    Ghosttown Registered Member

    Joined:
    Aug 22, 2008
    Posts:
    4
    Hello Marcos,

    It is not the installed software, which gives the problem/alert. It is the remote client, which is being installed on a client when Dameware Mini Remote Control is being used to manage a remote client. At that moment, DWRCS.exe is being installed on the client as a service.

    The problem occurs on this client. The alert is also triggered on some clients where the service runs, when the service is updated and a restore point is created.

    BTW, our version is indeed 3378.

    Gerrit
     
  6. Armin Pfeffer

    Armin Pfeffer Registered Member

    Joined:
    Aug 22, 2008
    Posts:
    2
    Same problem here. Using V2.70.39 (we still have some NT machines)
    Started with signature 3374 and still exists with 3379.
    DWRCS.exe v. 5.0.1.1 and 5.5.0.0 are suspected.
    The fact, that a remote control tool is suspicious is not the problem.
    The problem is, that every way we tried to EXCLUDE the file in AMON is obviously ignored. Lower case/ capitals, short path, long file names, no help, the file is found and checked.
    Any way around? The tool is definitley okay, only a little bit outdated. But that will never be changed just because of NOD32 not willing to live with Dameware 5.5
     
  7. roo_B_con

    roo_B_con Registered Member

    Joined:
    Jul 16, 2008
    Posts:
    1
    hi there,

    just got the response that solution is about to come with one of the next updates - they're working on it, please hold on just a little ;)
     
  8. Armin Pfeffer

    Armin Pfeffer Registered Member

    Joined:
    Aug 22, 2008
    Posts:
    2
    Replying to myself: fur us it seems solved with signature 3380..
    Any other experiences?

    greeting from germany
    Armin
     
  9. aqtech

    aqtech Registered Member

    Joined:
    Aug 21, 2008
    Posts:
    3
    3380 seems to have fixed it for us as well. Thanks!!
     
Thread Status:
Not open for further replies.