locked
Problem with Win32/RealVNC RRS feed

  • Question

  • Everyday at 9:00 a.m. and 11:00 p.m i get the message below from Windows Live One Care.

     

    Program Name: RemoteAcess:Win32/RealVNC

    Action: Quarantine Failed

     

    My question is, Windows Live One Care is really blocking RealVNC or OneCare failed to block it and someone is accessing my computer?

     

     

    Wednesday, July 25, 2007 2:49 PM

Answers

  • I believe that it is malware being detected, not a inbound access being blocked. The fact that it appears like clockwork, indicates that the malware may be located in your System Restore points or is being picked up during a Quick Scan. I think it is the former, though. Open OneCare, click on Change settings and create the support log report. It should reveal the location of the threat.

    Quarantine Failed, means that the threat was not able to be removed from where it is located - most often because it is within a zip/compressed file or a mail store - as removing the threat could cause the source file to be damaged. The threat is blocked, but the message and prompt is annoying. You can also contact support for help with removal - http://help.live.com/help.aspx?project=onecarev2

    -steve

     

    Wednesday, July 25, 2007 5:56 PM
    Moderator

All replies

  • I believe that it is malware being detected, not a inbound access being blocked. The fact that it appears like clockwork, indicates that the malware may be located in your System Restore points or is being picked up during a Quick Scan. I think it is the former, though. Open OneCare, click on Change settings and create the support log report. It should reveal the location of the threat.

    Quarantine Failed, means that the threat was not able to be removed from where it is located - most often because it is within a zip/compressed file or a mail store - as removing the threat could cause the source file to be damaged. The threat is blocked, but the message and prompt is annoying. You can also contact support for help with removal - http://help.live.com/help.aspx?project=onecarev2

    -steve

     

    Wednesday, July 25, 2007 5:56 PM
    Moderator
  • Steve, thanks, this information is useful.

    Thursday, July 26, 2007 2:31 PM
  • You're very welcome.

    -steve

    Thursday, July 26, 2007 3:29 PM
    Moderator
  • If you have Ultimate Boot CD for Windows (UBCD4Win) installed on your computer, OneCare beta 2.0 will find RealVNC and UltraVNC.  It lists the following, among other files:

     

    File Name: D:\Install\Ultimate boot CD for Windows\UBCD4WinV255.exe
    Threat Severity: Medium
    Threat Category: Remote Control Software
    Contained Object:

    (RarSfx)->plugin\VNCServer\winvnc4.exe

    and

     

    File Name: D:\Install\pebuilder313\pebuilder.iso
    Threat Severity: Medium
    Threat Category: Remote Control Software
    Contained Object: (RarSfx)->plugin\VNCServer\winvnc4.exe
    Threat found by On Demand Scan: (ANTIVIRUS_ONDEMAND)
    Threat Status: Quarantine failed

     

    I am certainly glad that the quarantine failed; I would not want OneCare to break my UltimateBoot CD for Windows setup. 

     

    It lists both the files in the Plugin directory, and also the files in the ISO image that UBCD4Win creates.

     

    I know that remote control software is a POTENTIAL threat, especially if you don't know it's there.  I added the Ultimate Boot CD folder (and the backup folder on my other hard drive) as excluded locations for OneCare.

    Saturday, August 11, 2007 9:52 PM
  • I meant to add:  Obviously, if you have RealVNC installed, it will also flag that as a threat.

    Saturday, August 11, 2007 9:53 PM
  • Thanks for that information.

    -steve

     

    Tuesday, August 14, 2007 12:23 AM
    Moderator
  •  

    tengo problemas con el win32/realvnc, necesito solucionarlo digame por favor como
    Wednesday, April 2, 2008 1:11 AM
  •  erikita1974 wrote:

     

    tengo problemas con el win32/realvnc, necesito solucionarlo digame por favor como

     

    Question Translated at http://translator.live.com:

     

    tengo problemas con el win32/realvnc, necesito solucionarlo digame por favor como

    Answer:

    If you are using Windows Live OneCare and you have been infected, but OneCare did not detect or cannot remove the malware, please contact support to report this and for help with removal.

    How to reach support (FAQ) - http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=2421771&SiteID=2

     

    If  you are not using Windows Live OneCare, you are off topic for this forum. This is not a general forum for viruses, spyware, or Windows Help. For help with spyware issues, you may want to try the forums here: 

    http://aumha.net/ For help with virus removal, contact the maker of your Antivirus program.

    If you are in North America, you can call 866-727-2338 for help with virus and spyware infections. See http://www.microsoft.com/protect/support/default.mspx for details. For international information, see your local subsidiary Support site.

     

    Answer Translated at http://translator.live.com/Default.aspx :

    Si usted está utilizando Windows Live OneCare y le han infectado, pero OneCare no detectó ni puede quitar el malware, entre en contacto con por favor la ayuda para divulgar esto y para la ayuda con retiro.
    Cómo alcanzar la ayuda (FAQ) - http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=2421771&SiteID=2

    Si  usted no está utilizando Windows Live OneCare, usted está de asunto para este foro. Esto no es un foro general para los virus, el spyware, o la ayuda de Windows. Para la ayuda con las ediciones del spyware, usted puede querer intentar los foros aquí: 
    http://aumha.net/ para la ayuda con retiro del virus, entra en contacto con el fabricante de su programa de antivirus.
    Si usted está en Norteamérica, usted puede llamar 866-727-2338 para la ayuda con infecciones del virus y del spyware. Vea http://www.microsoft.com/protect/support/default.mspx para los detalles. Para la información internacional, vea su sitio subsidiario local de la ayuda.

    -steve

    Wednesday, April 2, 2008 4:41 PM
    Moderator