rvsmon.exe is spyware

Discussion in 'Returnil releases' started by halen666, Oct 2, 2009.

Thread Status:
Not open for further replies.
  1. halen666

    halen666 Registered Member

    Joined:
    Oct 2, 2009
    Posts:
    2
    hey, I was using a sniffer in my system (windows 7 64 bit). rvsmon.exe seems to be sending info from my computer to your website, even though I checked the box that says "Do not collect or report any malicios info" the process is connecting to 92.zoral-3.terabit.com.ua (91.193.166.92). Why is that?? why it is sending information away to that websiteo_O What personal info is sending and why we were not told about it??. I know you guys made this program free, but that does not mean you can get data from our systems. I try to kill the connection, but the process starts it again. I know I am not infected with any other type of spyware, for I just created a virtual system and the connection is there. I have disable the anti-virus portion, and I am not updating the database; however, the connection is still open and I can;t kill it. I don;t want to kill the process cause I know it is the main service for returnil.

    You guys can use any sniffer (wireshark, tcpdump, etc and you will see the connecting sending info. You can even see it with netstat. I think I am going to uninstallreturnil from my main system. I don;t like people messing with it
     
  2. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Hello halen666 and welcome to the forums :)

    If you still have the Virus Guard active, it will check for signature updates. You also need to deactivate the preferences > communications Tab "Allow Remote control" option. This allows remote management in networks, but is also needed for sending alert messages, assigning license number(s), etc.

    From our website FAQs: http://www.returnilvirtualsystem.com/support/faq
    There is no spyware in Returnil Virtual System nor will there be!

    Mike
     
  3. dncholas

    dncholas Registered Member

    Joined:
    Feb 20, 2010
    Posts:
    1
    After going through system security logs and reports for a separate issue I checked all of my Zone Alarm firewall logs and noticed that this program has been trying to connect to your site in the Ukraine every 10-20 minutes for many days since installing Returnil. So many logs of this being blocked it's hard to find any other program being blocked in the logs. While I don't believe this is malicious I still do find it suspicious and irritating. I first blocked it at start up then saved the block because tired of it trying to connect each time I start pc but had no idea it was trying to use up that much bandwidth that consistently. I never did really test the software and may be missing out on a great piece of it but I just uninstalled it and will never allow any software on my system running that kind of communications and do not see the purpose of that much communication for a program I never used. It sounded interesting and why I installed it but have been to busy to try. If you decide in the future to fix this constant comms then I will reconsider and try it.
     
  4. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Hello dncholas and welcome to the forums :)

    As has been discussed in other threads dealing with the communications, RVS is connecting to check for new Virus Guard signatures and to (potentially) upload malware behavioral/sample data if RVS has already been registered. If your registration is pending, the communications will also include this.

    If you are using the Virus Guard feature, you do want up to date signatures don't you? Also be aware that part of what the data collection is gathering is information on good files/behaviors that are being used to train the new AI/Machine learning component that will supersede the current Virus Guard antimalware feature in the next generation.

    There are discussions with instructions for deactivating communications which you should be able to locate quickly with a search. With that said however, the amount of bandwidth used to perform these ordinary maintenance functions is controlled by the setting in the preferences > Virus Guard TAB > Data collection policy and is set to 33 KB/s by default (lower dialup speed).

    I encourage you to take it for a drive and kick the tires ;)

    I would ask you to go through all the discussions in all three Returnil Support forum sections so you have a good grasp of what RVS is, does, and how you can adjust your preferences to better suit your computing environment.

    Mike
     
Thread Status:
Not open for further replies.