Ngork? Malware?

B

BYS

n3wb
Jul 15, 2024
9
1
Los Angeles, CA
Can someone help me understand the signifigance of this? My background with BI and Windows security is weak so I don't know how to react to this. I did search the Internet including this wonderful site but really am at a loss if this should be of concern. Thank you.

BLUE_IRIS_SCREEN_SHOT.jpg
 
No concern. But if you don't plan to use it as a way to access your system remotely, simply don't run it. It isn't needed unless you use that particular program.

It is how the "unknown Publisher" or "potential virus" or "compromised" messages are generated (just called virus moving forward in the rest of this post for simplicity).

It is not a virus, rather it is whatever antivirus you are using has flagged it as a potential virus. Some programs look at the total number of users and below a certain number, it is flagged. These specialty type files/programs get false positives all the time.

You can check the file with VirusTotal , an antivirus website owned by Google that runs it thru a lot of different antivirus algorithms.


5.9.4.0 Triggers Webroot Malware Alert for NGROK.EXE

I just installed 5.9.4.0 on two of my BI servers, and my security software, WebRoot, immediately flagged NGROK.EXE at %temp%\pft7d4b.tmp\ as W32.Malware.Gen. I immediateliy rolled back to 5.9.3.4 and scanned both machines, to be safe. Is this a false positive? Does a perfectly safe NGROK.EXE...
ipcamtalk.com ipcamtalk.com
 
  • Like
Reactions: mteky2 and bp2008
Thank you. So (again layperson speaking) it is part of BI not some malware that latched onto BI? What scared me is I installed a free app called MiniTool Partition Wizard on the same day and Windows Defender spotted Ngork but in subsequent scans would not complete until I deleted MiniTool. Im not saying something nefarious is happening but MiniTool's orgins are China and they do a good job of obscuring that fact.
 
Yes, it was a recent add-on into BI for people that used that a means to view their system remotely.

If you don't use it now, no need to switch or run it.

5.9.4 - June 20, 2024 NGROK

5.9.4 - June 20, 2024 The automation of NGROK for remote access is now built-in. You no longer have to register tokens, create batch files or find ways to always keep NGROK open and running. After creating your NGROK account, just copy/paste your authtoken into the Settings/Web server page and...
ipcamtalk.com ipcamtalk.com
 
You must log in or register to reply here.
Top Bottom