Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: https://forum.uvnc.com/viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864

Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc

Virus attack when Ultra VNC is activated

Post Reply
Eric
Posts: 4
Joined: 2004-06-23 18:40

Virus attack when Ultra VNC is activated

Post by Eric »

I have been using Ultra VNC quite frequently and everytime I use Ultra VNC on port 5900 I get virus attacking some of the windows\system32 files on my Windows 2000 Server PC.
When the 5900 port is removed when I am not using Ultra VNC, the virus problem do not appear.
Is there any way to prevent this virus problem ?
User avatar
Rudi De Vos
Admin & Developer
Admin & Developer
Posts: 6863
Joined: 2004-04-23 10:21
Contact:

Post by Rudi De Vos »

Any idea what files...are attacked

There are some driver files vncdrv.dll and vnchelp.dll
in that directory if the driver is installed.

Is it a real attack, or your virus scanner is just dedecting
the access to thoose files....

You could use an other port then the default 5900 for testing
Eric
Posts: 4
Joined: 2004-06-23 18:40

Post by Eric »

The virus name that constantly appears when Ultra VNC is activated is W32.Randex.gen and the file that is constantly attacked is c:\winnt\system32\msgfix.exe.
Sometimes other files in this folder are attacked too.

My internet and email access seems to be also affected by this virus.

My Norton Anti-virus software is able to detect and kill this virus but the virus keeps coming back.

When I disable the VNC port, the virus attack stop.
prandal
20
20
Posts: 36
Joined: 2004-06-08 15:24

Post by prandal »

Install good antivirus on all your PCs, make sure they are up to date. Fully patch all your boxes. And firewall your internet connection. Problem solved.

It is NOT UtraVNC's fault.
Last edited by prandal on 2004-06-24 20:05, edited 1 time in total.
mbrown
20
20
Posts: 44
Joined: 2004-04-24 02:20
Location: Chicago, IL USA

Post by mbrown »

Did you try to eliminate the virus? Always check some authority on viruses when you are given a virus name. I use the Symantec Anti-virus Research center. www.sarc.com

Check out the page below on your virus. I would bet it keeps coming back because there are registry entries in the Run key that activates the virus files again upon login. Read this document and follow the instructions for manual removal:

http://securityresponse.symantec.com/av ... x.gen.html
Michael
donem
Former moderator
Former moderator
Posts: 4
Joined: 2004-04-27 16:24

Post by donem »

There is a free online virus scanner available hereif you do not have one.
Post Reply