wm_hooks.dll

Discussion in 'ewido anti-spyware forum' started by Itsme, Jan 9, 2006.

Thread Status:
Not open for further replies.
  1. Itsme

    Itsme Registered Member

    Joined:
    Jan 31, 2004
    Posts:
    148
    Hi,

    I am running 5 computers at my home, and I am also trialing Ewido. All computers have RealVNC installed (version4).

    While running Ewido on one of my desktops (win2k Sp4) I receive the popup messages "Infected object found!" referring to
    File: wm_hooks.dll
    Path: C:\Program Files\RealVNC\VNC4
    Infection: Not-A-Virus.RemoteAdmin.Win32.WinVNC.4

    It is not quite clear to me if Ewido identifies RealVNC as a remote administration application/server..

    or..if "Infected object.." means the that the dll has been changed/infected/compromised by whatever kind of malware...

    or ... if it means that the object is not infected but is considered as malware by Ewido?

    In the latter situation I would prefer to receive an other message like "Remote Administration Object found" instead of "Infected Object"

    Now I have the choice to Clean or do nothing... and I don't know what to do because in the first scenario.. I would like to clean... in the second... I would like to keep the dll as part of a good functioning application.

    Looking forward to hear from you

    Itsme
     
  2. peter.ewido

    peter.ewido former ewido team

    Joined:
    Nov 10, 2003
    Posts:
    737
    Location:
    Brno, Czech Republic
    It always says infected object... We will remove this definition until version 4.0 comes out with much better infection handling... Sorry for the inconvenience.
     
  3. Itsme

    Itsme Registered Member

    Joined:
    Jan 31, 2004
    Posts:
    148
    Hi, thank you for this swift reply.

    No need for me to remove it from the definition as I know what the program does. But many people will not and then... it could be better to be safe than sorry.

    Hasta la vista.

    Itsme
     
Thread Status:
Not open for further replies.