Link to home
Start Free TrialLog in
Avatar of redemption7
redemption7Flag for United States of America

asked on

join.me.exe - quarantined on a windows 2008 server and a windows 2003 server

Two of the servers I work with, located as separate schools, which have our Managed Antivirus running, have detected a file called join.me.exe and quarantined it.  Here is the path of the file on one of the servers:

C:\users\administrator\appdata\local\apps\2.0\02D4YAAV.6BL\2Y6ZKXGR.0KX\join..tion_43a0dbe7f0f75062_0001.0000_9871fcdc8aa605d7\join.me.exe

Should I take any action to try and clean my system further, other than deleting this item out of quarantine.  Has anyone seen this file get picked up as a Trojan.win32.generic!bt

Any advice on further action, dealing with this infection?
SOLUTION
Avatar of rmail
rmail
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Avatar of Leon Fester
Leon Fester
Flag of South Africa image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I believe this is a false positive in a recent VMware vCenter Protect (Shavlik) antivirus pattern update.  

Users who used the join.me service (same company as LogMeIn) show up in the quarantine with this file on December 22, 2012 (or subsequent antivirus scan) regardless of download date.  In all cases that we have tested, users downloaded the file directly from the Join.Me website. The parent directory contains other files from the same vendor.

This program is often used by vendors to provide remote support.  It's a well-known product that doesn't deserve a "high risk" rating from VMware/Shavlik. (although by definition, it does provide interactive access to a remote machine -- but only a the user's permission)
Avatar of redemption7

ASKER

thank you