Suspicious software - how to find out if it is malware or dangerous

[tankman1989]

We all come across apps that seem to either ask for a lot of access, sometimes more than seems necessary, or you are practicing due-diligence in finding out that the software is legitimate.

I came across Remote Utilities which is a remote support app that seems nice, but trying to research it is tough as those two words are so common the search pulls up so many results with both words even though it is typed in as one word, in quotes.

The reason I was concerned about the software (it gives full access to the PC) was the amount of activity in the support forum & the speed of the site (which hosts the Host to client connection) and it is blocked by a lot of AV & Malware programs.

It does not seem to like to be uninstalled as on a fresh OS install I'm now getting explorer crashes during uninstall.

The program looks good but there are a few red flags I want to clear up first.

 

[citizensmith]

Try virustotal.
Its often the type of tool thats' flagged up - what you could do with it. Nirsofts utilities get blocked a lot Alternativley. Put this in TEO and tell us the name.

 

[trevm999]

I have used it before and didn't have any issues. It was pretty awesome actually. I know other people that use it too. I haven't analyzed it security-wise though.

 

[tankman1989]

Thenks for the replies. I'll do some searching and see if anything pops up.

I installed Kasp Inet Sec 2013 & 2014 today on some machines, both times was prompted to "upgrade to current version" during install. After the install I installed Remote Utilities and only on the machine that was originally 2014 did it find it as a potential threat. Kind of odd, as I figured it would upgrade to the same software, but IDK for sure.

As far as Remote Utilities, I really like it and the features for a "light weight" app that offers a nice selection of user/computer licenses.

I'm going to setup my own server for hosting the sessions, if anyone has done this and has any advice it is welcome.

 

[ComputerRepairTech]

I used remote utilities for a while, I liked it however once my clients started running into a problem with copying and pasting popping up errors I had to stop using it.

Edit: remote utilities blamed it on one of the programs I use but I couldnt determine what it was. Maybe screenconnect, teamviewer, or gfi max or it was a problem with their software im not sure.

 

[alluseridsrejected]

It was always a pain for me when I get a computer in and it has all these programs installed on it and there are so many programs out there, I can never keep them all straight in my head which ones are good and which ones to axe. I know many become obvious after doing them over and over, but I was still never confident I was making the right choice on every single program I left in place or uninstalled.

What I used to do was have a computer handy with WOT installed and I would google each installed program I was not sure of to see the WOT rating. This worked pretty well but was tedious. Now I am using a program shouldiremoveit from http://www.shouldiremoveit.com/

I love this program. I just wish it was portable. It saves a ton of time by putting all the bad programs sorted from worst to best right in front of you. Of course I never just blindly follow it or WOT either one. They both can be wrong, but when you see that program you "think" is bad sorted up a the top of the list in red, it makes it much easier to know it needs to go!

 

[tankman1989]

Sorry if this is an "end user response" as someone tagged - it's only related to Admin utilities that keep springing up and I'm sure everyone has spent 10+ hours reviewing all aspects before using it in production..

So I found that when removing this with the regular uninstall (control panel/prog-features) it does a decent job and works quickly but I have a lingering question if everything is gone.

If I uninstall it with Kaspersky or Eset I get a major difference. In 3 cases with Kaspersky it required a reboot to remove and a complete advanced disinfection to remove it and during so, it locked just about every major feature of windows like explorer.exe, RDP, net use and lots more. I'm thinking this is so it can't escape from the environment. Eset was a little quicker but it still was time consuming.

I never had any problems like this with Teamviewer, LMI resc, G2MyPC, etc.

I guess the next end user will probably try this on 8 different machines & 6 AV's before using it, but hey, those end users sometimes know a few things.

 

[Kitten Kong]

What I used to do was have a computer handy with WOT installed and I would google each installed program I was not sure of to see the WOT rating. This worked pretty well but was tedious. Now I am using a program shouldiremoveit from http://www.shouldiremoveit.com/

Nice find, thanks for sharing. +rep

 

[trevm999]

Run OTL and see what it is leaving behind. Personally, I have seen GFI Max leave a ton of stuff behind, so it wouldn't surprise me.

 

[altrenda]

Process Explorer and Revo Uninstaller have a search feature built in to check on running or installed programs.

 

[anti]

You should be able to tell an out of place process in task manager. If it looks suspicious use the "Open file location" option. If it's running out of a temp folder or \AppData\ it warrants further inspection. Ditto for Program Files\001..003.

Anything named jufdsnkklvxfw.exe should just be a no brainer.

If you're still not sure, google the filename.