Hello my company uses Avast Pro, We currently have a good amount of pc’s with it installed. We use Radmin Tool to remote into Machines, but as of recently (since 9/11) it seems to be putting the EXE for Radmin (when we goto connect) into the Chest and then we can no longer remote into the machine.
the file name : Famltrf2.Exe
Localtion : C:\Windows\SysWOW64\rserver30
for now, we’ve been having people disable Shields for 10 mins and hit yes to confirm BEFORE we remote in so that it doesn’t block us from getting in. Is there a way around this?
send to virus@avast.com in a password protected zip file
mail subject: False Positive / undetected sample (select subject according to your case)
zip password: infected
thats hard to do in reality. I mean it installs that file on the server / client version of the pc… and when we use the “viewer” it connects to the server on their machine activating that file. It seems to stop the remote tools ability to move the mouse and keyboard. but continues to let us view whats going on… But once we disconnect. you can no longer even view or remote into the machine. (because it moves it into the chest AFTER we get the view ability for the first time). So we can actually see it popping up in RED and going into chest on the users machine.
when avast detect and remove this file from your computer … what malware name does it give the file?
is it the one seen in my post above?.. Win32:PUP-gen [PUP]
No i’m not sure how to do that… but it’s time to go home, I’ll pick this thread back up in the morning. thanks for your time in helping! I’ll be sure to try to figure how to report it tomorrow morning.