Author Topic: Virus found  (Read 7498 times)

nbrich1

  • Misty Moorings Team
  • Hero Member
  • *
  • Posts: 3,462
  • Misty Flying Club VA, Sim Troubleshooting & Help
    • Misty Flying Club (MFC)
Re: Virus found
« Reply #15 on: July 31, 2018, 04:19:40 PM »
And always run stuff in windows 10 as administrator. I guess this OS needs to be told whose Boss even if it is the boss running and signed onto the OS.!!

Regards from Toronto, Canada. Home Airport CYYZ.
^----------------- Misty Flying Club -----------------^

stiletto2

  • Misty Moorings Team
  • Hero Member
  • *
  • Posts: 2,342
Re: Virus found
« Reply #16 on: July 31, 2018, 04:33:37 PM »
Thanks Rod, yes I was able to unzip and utilize the switcher and it worked well. You may not recall that this isn't my first problem with the switcher and W10. The first time, 10 would not allow me to run the switcher at all. I had to install the switcher on a W7 computer and move all the files, run the switcher and move them back in order to utilize the switcher file. So when I upgraded this computer and loaded W10 Pro and came up with second proble, this one, perhaps you can see my apprehension. Reading the undated FAQ NOTAM did not give me that warm and fuzzy feeling, added to the Google info, so I posted.

Hi BBQSteve,

I absolutely remembered that you were the one that was unable to execute the switcher.   We had quite a few posts back and forth.   That is one of the reasons that I wanted to know if you got the switcher loaded okay.  I was hopeful that you were able to put the switcher problem behind you  and....the good news is that now it works as advertised.  That's great!

Rod

jeff3163

  • Misty Moorings Team
  • Hero Member
  • *
  • Posts: 4,103
  • Watercraft-Panels-Paint
Re: Virus found
« Reply #17 on: July 31, 2018, 07:51:07 PM »
Misunderstood you. Here you go big guy:


http://i.prntscr.com/OxFAl-JtSpKbnRMjdtamkw.png

This link doesn't work.   ;)  This is what I get instead:

« Last Edit: July 31, 2018, 08:07:50 PM by jeff3163 »

Win10Pro64, MSFS 1.25.9.0, P3Dv4.3.29.25520, AMD Ryzen7 1800X@3.6 GHz , 32Gb RAM, GTX 1080 Ti, 2x42" Vizio Monitors, HTC Vive VR HMD, Saitek Yoke/Pedals/trim wheel, XBox360 Controller, G27 steering wheel w/shifter+pedals. :P

BBQSteve

  • Member
  • ***
  • Posts: 367
Re: Virus found
« Reply #18 on: July 31, 2018, 10:07:44 PM »
Works fine for me. It is a screen shot of Defender telling me of the trojan tells me that is severe and gives me a pid for action. Unfortunatley I can not copy the data and post it in either defend r or iprint so you'll kust have to take my word.

Stearmandriver

  • Jr. Member
  • **
  • Posts: 74
Re: Virus found
« Reply #19 on: August 02, 2018, 12:41:25 AM »
So this one's been resolved and I don't mean to keep it going, but for future reference, when unsure about a file's safety, this is a useful site:

https://www.virustotal.com/

It allows you to upload a file, then will scan it with like 40 different anti-virus tools (including all the big names) and will show you all the results. It's completely web based, so you don't download anything, so it's entirely safe.

The thing to understand is, almost ANY executable-type file will be flagged as a virus by at least a few of the tools; these are the "false positives" and are what make a meta-analysis like this so useful.  A true piece of malware will probably return at least around 80% positive results.

If I were home at a computer, I'd run the season switcher through and post the results.  Maybe someone else wants to.

BBQSteve

  • Member
  • ***
  • Posts: 367
Re: Virus found
« Reply #20 on: August 02, 2018, 08:34:12 AM »

ualani

  • Misty Moorings Team
  • Hero Member
  • *
  • Posts: 1,739
  • Legacy RTMM Library Manager
Re: Virus found
« Reply #21 on: August 02, 2018, 09:05:21 AM »
9/69 positive hits. It all comes down to who do you trust and believe: Rod, the developer of the Switcher, or a generic anti-virus scanner? Your call. Ironically, the scanner also says that Windows reports it as clean. Also, it's interesting that the positives all report it as different viruses.

Steve

« Last Edit: August 02, 2018, 09:18:49 AM by ualani »
Legacy RTMM Library Manager
Custom Objects Design
Legacy Scenery Design
Support


BBQSteve

  • Member
  • ***
  • Posts: 367
Re: Virus found
« Reply #22 on: August 02, 2018, 09:56:09 AM »
Yes, very interesting in which scans find it and how it gets reported. Does not show Defender in the list which keeps deleting it even after I allow it. Retried the exclusion again. My concern was not that I did not trust the file, but that it was being reported as a trojan. Wonder if it is due to the compiler. If left as a .bat file, wonder if it would have the same hits?

Penzoil3

  • Sr. Member
  • ****
  • Posts: 634
Re: Virus found
« Reply #23 on: August 02, 2018, 01:17:45 PM »
Beat it, just beat it, just get a dead horse and beat it...

BBQSteve

  • Member
  • ***
  • Posts: 367
Re: Virus found
« Reply #24 on: August 02, 2018, 01:35:41 PM »
It's not beating a dead horse, it's called learning. Learning why some items trigger a false positive and why some escape them all.

Ya know, you don't have to read it if your not interested.

Stearmandriver

  • Jr. Member
  • **
  • Posts: 74
Re: Virus found
« Reply #25 on: August 02, 2018, 02:09:22 PM »
Yeah, any file that is capable of changing anything about another program will be flagged by a few antivirus tools.  They all use different, proprietary detection criteria so it's hard to say for sure what an individual tool doesn't like about an individual file.

9 out of 6 is really nothing though.  I think if you run some other trusted files through, you'll be surprised at the results (I'm talking executables or scripts, not like images obviously).  I don't even get suspicious until the detection rate approaches 50%.

Steve also makes a good point that every tool that flagged it recognized it as a different piece of malware.  There's much more concurrence on a true piece of malware.

It's also worth noting that the only positives were no-name virus scanners.  The big names like Kaspersky, Norton, Malwarebytes etc are very over-cautious and will therfore often return false positives... But they won't often ALL miss something if it's real.  In fact, I'd say that's almost impossible.

So, this file is definitely clean... Which I know we'd already established, I'm just offering tips on a useful tool for future reference.

BBQSteve

  • Member
  • ***
  • Posts: 367
Re: Virus found
« Reply #26 on: August 02, 2018, 04:57:25 PM »
Good information, thanks.

jmsmth

  • Member
  • ***
  • Posts: 121
Re: Virus found
« Reply #27 on: August 03, 2018, 11:48:59 AM »
The discussion really does not contain a solution that I can understand anyhow.  BBQSteve in his post on Aug 02 states that defender deletes the file even after it has been added to ok list  That is what is happening with me also.  I have tried turning defender off and it still deletes it.  Am I going to have to get rid of defender altogether to get it to work or is there a work around some of you compluter guru's can help me with.  It would be very much appreciated.

Jim Smith

jeff3163

  • Misty Moorings Team
  • Hero Member
  • *
  • Posts: 4,103
  • Watercraft-Panels-Paint
Re: Virus found
« Reply #28 on: August 03, 2018, 12:13:24 PM »
I am slightly confused.  You can't download the zip, or you can't run the switcher in windows?   :-\

Do you have defender set to "Block" or "Warn" of threats?    :-\   Sometimes I get a file download that windows thinks is bad.  I have the option to keep it anyway, or discard.  Do you have that option?  Choose to keep it.

I do have Defender active on my system, and I just downloaded and opened the zip.  No issues at all.  I have not "excluded" the file either.  My system is just ok with it.  Weird.
« Last Edit: August 03, 2018, 12:48:07 PM by jeff3163 »

Win10Pro64, MSFS 1.25.9.0, P3Dv4.3.29.25520, AMD Ryzen7 1800X@3.6 GHz , 32Gb RAM, GTX 1080 Ti, 2x42" Vizio Monitors, HTC Vive VR HMD, Saitek Yoke/Pedals/trim wheel, XBox360 Controller, G27 steering wheel w/shifter+pedals. :P

BBQSteve

  • Member
  • ***
  • Posts: 367
Re: Virus found
« Reply #29 on: August 03, 2018, 01:11:00 PM »
Jim do this step-by-step:

1. Download the file.
2. Uzip and let defender quarantine/delete the file
3. Open windows Defender and Open Virus & Threat Protection
4. Open Threat History
5. Look at Quarantined Threats the file should be in there
6. Restore or allow it.
7. back up to Threat History and then select Allowed Threats
8. Select the file and hit allow
9. Back to  Virus & Threat Protection
10. Select Virus and Threat Protection Settings
11. Scroll down to Exclusions and hit Add or Remove
12. Hit Add an exclusion and find the file and add it

Back out and you should be good to go.