Trend Micro RUBotted and Returnil

Discussion in 'General Returnil discussions' started by ePost, Nov 3, 2009.

Thread Status:
Not open for further replies.
  1. ePost

    ePost Registered Member

    Joined:
    Feb 23, 2009
    Posts:
    105
    Trend Micro offers this little freeware called RUBotted. It is still in beta. Apparently Returnil don't like it and pops up with warnings. Returnil would like to quarantine it. But RUBotted is fully legit and deserves better. Could you please look into this? Quote from Trend Micro's site:
    Monitor your computer for potential infection and suspicious activities associated with Bots. Upon discovering a potential infection, RUBotted prompts you to scan and clean your computer.​
    RUBottet actually needs more development but that's not really the issue here. Trend Micro do not manufacture malware. ;)

    Link: http://free.antivirus.com/rubotted/
     
  2. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Hi ePost and welcome to the forums :)

    What is the text in messages for the detection?

    Thanks
    Mike
     
  3. ePost

    ePost Registered Member

    Joined:
    Feb 23, 2009
    Posts:
    105
    Thank you HColdmoon. :cool: Here's the text. :)
    New message in RVS

    Unknown () detected:
    \DEVICE\HARDDISKVOLUME2\PROGRAM FILES\TREND MICRO\RUBOTTED\CONFIG\CONFIG.INI

    Move to Quarantine​
     
  4. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Please send a copy of the file to support (dash) tech (at) returnil (dot) com and reference this thread. In the interim, change your Virus Guard real time protection setting (preferences > Virus Guard tab) to "Do not use advanced rules analysis" and let me know if that provides relief from the detection.

    Thanks
    Mike
     
  5. ePost

    ePost Registered Member

    Joined:
    Feb 23, 2009
    Posts:
    105
    What file is it that you want me to email? I haven't changed any settings i the RUBotted program. It's all default. Everyone who installs RUBotted will have the file I wrote about above. So the problem is that Returnil is flagging a piece of legit Trend Micro software. Should i send your support a link to the RUBotted download and a link to this thread? I'm not sure what it is you need.

    It's not just about me. The issue is of a more general kind...
     
  6. ePost

    ePost Registered Member

    Joined:
    Feb 23, 2009
    Posts:
    105
    I never had advanced rules activated. Only proven rules. As I said: it's not just me. I'm not causing this. It really is Returnil flagging a legit Trend Micro program. I have RUBotted installed with it's default settings. That is also the case for Returnil. I have all settings as default. They way they were when I installed Returnil.
     
  7. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    C:\PROGRAM FILES\TREND MICRO\RUBOTTED\CONFIG\CONFIG.INI

    That is OK. Please try changing the Virus Guard setting as I suggested in my previous post and let me know if the file is still flagged by RVS VG.

    I am aware of this. The actual detection (Ref: Unknown () detected: ) is generic and not precisely identified in the alert message. Having the file will allow us to investigate why it is being flagged...

    Mike
     
  8. ePost

    ePost Registered Member

    Joined:
    Feb 23, 2009
    Posts:
    105
    Allright. Even though I don't see why I would want to lower the security level instead of having the issue solved. I'll email you support with the file and the thread link.

    UPDATE: after changing the Virus Guard real time protection settings in -> preferences -> Virus Guard tab -> putting check mark in -> "Do not use advanced rules analysis", the popup still shows.

    The problem is the same...
     
    Last edited: Nov 4, 2009
  9. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    Ok, thanks for the verification and submission.

    Mike
     
  10. ePost

    ePost Registered Member

    Joined:
    Feb 23, 2009
    Posts:
    105
    You're welcome. The case is now in the hands of your support guys. I'll let you know if here's any useful outcome of this.
     
  11. ePost

    ePost Registered Member

    Joined:
    Feb 23, 2009
    Posts:
    105
    A small mystery appeared. I got my Returnil from GAOTD. I activated it via the license code that I got as a message inside Returnil's GUI. And then it was valid for a year. But now the activation disappeared. And so did the message that had the licence code in it. I don't have a copy of it. The GUI writes that it's only the freeware edition I have now. Am I toast?
     
  12. ePost

    ePost Registered Member

    Joined:
    Feb 23, 2009
    Posts:
    105
    I downloaded on the 18. Okt. I don't understand a word of it. Not even the ordinary trial is active?
     
Thread Status:
Not open for further replies.