Jump to content
Sign in to follow this  
greg100o

Zone Alarm Antivirus users having trouble with "infected" installers?

Recommended Posts

Today all of my base and installers for all of my PSS aircraft were declared infected with the win32.multidropper.z virus and erased by Zone Alarm. I tried to redownload them from PSS and they are immediately erased declared infected, so now I have no way to download from PSS. This occured after today's virus update.I am not sure what to do, as I am sure this is some misidentification. With this program one cannot tell the program to ignore certain files.Could PSS contact Zone Alarm to let them know of the problem? I am sure many users will be affected. Gee and with another update promised before Christmas!Greg


Greg Clark

Share this post


Link to post
Guest NormanB

Greg,What you see, as you guessed, is a false positive - basically when something in the installers is very similar to a known threat.You could disable the antivirus for the few minutes that you would be downloading and installing the aircraft, or are you saying that ZA also deleted the installed aircraft?

Share this post


Link to post

Norman,It deletes just the installers. I will try disabling the antivirus on download, that is a good idea, but it will just delete them all on the next scan.Is there a way for a software publisher like your company to communicate the problem to the antivirus manufacturer? I have no real way to submit your installer files to them to look at.Greg


Greg Clark

Share this post


Link to post

Norman, I tried this and it downloaded successfully. The second I re-enabled the antivirus it found the file and deleted it!I have a real problem here, and I would guess go do thousands who use Zone Alarm.Greg


Greg Clark

Share this post


Link to post
Guest Knikolaes

I for one never did like Zone Alarm. I tried it once and it kept telling me a lot of my FS installers were "infected", including PSS. I highly doubt PSS and Flight1 wrappers would be bloody infected LOL.I also stay away from Nortonand McAffee too as they kill your computer resources (they are like the AOL of antivirus software :-P ) Right now Iam using EXTrust, but now I am on the opposie end of the spectrum. Had it installed on my machine for 6 months and no viruses detected -- with broadband that is literally impossible!!!!I think both you and I, as well as others out there, might get a lot of use out of this if we can get suggestions for a good antivirus that is thorough, but doesnt take over your machine like a ###### LOL.Did you get the aircraft working okay, though? I know once you have PSS aircraft installed you can actually back them up, which I learned saves me a LOT of trouble with long downloads later on (since the PSS installer spends an hour and a half on each install, but to back up the aircraft manually takes a couple minutes to reinstall when I need to reinstall FS).

Share this post


Link to post

Fortunately it deletes the installer only, not the actual aircraft. So I guess I could update by turning off antivirus and doing the install, and the the installer will disappear when I restart the antivirus.I would like a better solution though which is to eliminate the false positive on scansGreg


Greg Clark

Share this post


Link to post
Guest Knikolaes

Well I guess looking at the glass as half full, better to have an overly paranoid AV than an underparanoid one. However, I can't remember so you may want to check this -- isn't there a setting in the option of your AV that enable you to be "asked" before a file is deleted? Seems to me even Zonealarm had that -- that way you can choose to allow files individually -- much like a firewall asks you whenever a program tries to connect to the net.I know Nofun and McAwdward have this, and was sure ZoneAlarm had it too.

Share this post


Link to post
Guest Knikolaes

Okay I just checked out ZoneAlarm Security Suite v6.0+ (I forget the exact version number . . . it's a long one LOL)If you click to access your antivirus and spyware tab, then click "advanced options", and look for something called "automatic treatment", it gives you three choices:* Alert Me - do not treat automatically* Try to repair, and alert me if repair fails* Try to repair, quarentine if repair fails (recommended)If you just have the Antivirus software and not the security suite, you should still have these options in your settings somewhere. I just downloaded the demo version of the latest software from ZA (and they changed it a LOT - I like it!) and found this right away. I recommend checking option 1 - that way you get asked what action to take. On almost every AV software I own this is th option I choose because it keeps me more alert as to what is happening with my computer.Actually installing this was rather disturbing LOL -- EZtrust didn't pick most of this up -- according to the ZA Firewall (which mind you I installed this program 10 minutes ago) it has blocked 164 attempts of outside access to my computer **laughs** I certainly hope that is just my Broadband Modem and ISP talking back and forth LOL.Anyway, try those settings as I find it helps to just click "allow" to let FS Add-ons do their thing without exposing my computer to other threats during the time window in question.:-)**EDIT** -- Zonealarm seems to think that Multidropper virus is in almost every FS addon I have with an EXE file. It just tried to "treat" my Flight1 Text-O-Matic programs and a few other add-on load editors as well. My theory here is that this is NOT a PSS issue. I would write to Zonealarm and ask them about that virus signature as I bet you anything it has to do with the way a lot of current FS programs access the .NET framework (Norman or anyone PLEASE correct me if I am wrong).I thought you might would liek to knwo this as this is too random and far fetched to be a PSS issue. If Zonealarm is freaking out on Flight1 wrappers, Text-O-Matic, PSS installers and even some of my Feelthere installers, something is up with Zonealarm, not PSS.To both PSS and Greg, I hope this information helps. Any other Zonealarm users out there encountering this issue, it seems to be that particular signature - win32.multidropper.z - that it sees in FS add-ons and this needs to be taken into consideration for future troubleshooting.Happy holidays, all :-) I'll post here if I find anything more in detail other than what I have already found.

Share this post


Link to post
Guest LAX5x5

Well it's not just Zone Alarm. I just went to my folder where I keep my installers in order to update and install the pax loader and suddenly my Computer Associates av deleted 4 PSS installers due to win32.multidropper.z virus.

Share this post


Link to post
Guest LAX5x5

I just wanted to add how odd it was that the PSS 777 base installer and livery installer files were on my hd for over a month, and only this evening, when I opened the folder where they were kept, did my anti-virus delete them. Unfortunately, from what I can tell, the CA anti-virus program I am using automatically deletes suspected zip files and there is no way of just quarantining them for me to restore or delete zip files as I see fit. I've sent CA an email about this and am hoping for a resolution to this matter.-Ely edited for signature

Share this post


Link to post
Guest Knikolaes

Unfortunately I have noticed that any AV that has this definition may see it.I just got to checking -- and I noticed a VERY VERY distinct pattern here . . . 1) - it was after doing an AV UPDATE to the latest definitions that this started happening2) All installers that were involved were programs designed to access the internet -- the PSS, Flight1 and related installers alll connect to the internet to get their job done.2) All installers involved use password authentication or some sort of authenticity process to verify who you are.I am thinking that an update that may have been released lately could be seeing these installers as a malicious file because of their nature. I would VERY STRONGLY recommend reporting ALL of this (I would copy and paste my findings above and here as well) to the AV sites and see what they say back, although it will be a few days as not even the AV people will be around for the holidays. If they are then they are nuts.The Flight1 text-o-matic files I mentioned above -- it was the INSTALLERS that were caught, not the program itself (I went back and looked at the log more in detail). A number of other installers were caught as well by both of my AV software.The BIG BIG BIG pattern here is that it was after I updated the definitions that this all started happening. Yet I know for a fact that the particular virus definition in question here has been around a long time. This narrows it down to 3 things:1) The AV software is just seeing the authentication process of the installers as a threat.2) A new virus is out and is actually specifically attacking or embedding itself in these types of installer files to snag your password information.3) There is a corruption in the signature database.FYI -- Easytrust, Zonealarm and a few others out there use the SAME definition sources to get their definitions, so if there has been a mistake in the definition file update, multiple AV's will be affected by it. It seems I am in the same boat you are, now, and only after I ran an update on both programs.I am hoping it is just an error, but I am assuming the worst, and as we speak I am letting the AV delete ALL of my installers, then I am reformatting windows and reformatting my FS drive. It will take me approximately 3 weeks to rebuild my sim, but I have 2 weeks until school starts again, so i better get cracking LOL.It may be nothing, but I never play around when it comes to viruses, and I plan fully to take all measures to be safe.Now the good part -- after I get done reformatting, I install AV, scan, and find no threats, then download a PSS installer on a fresh copy of windows and the AV freaks out on it, then I will KNOW that it is DEFINATELY the AV's error, because I know and trust PSS, Flight1, Dreamfleet and PMDG, and ALL of their installers came up as having this definition during my scan after the update, and I know for a fact that there is NO possibility that all of those developers could be knowingly distributing a virus.Gonna do a quick Christmas flight though before I reformat LOL.FYI - I am reporting this to the AV developers as well to see if they have had many reports come in from other folks with this sort of issue, but I am not waiting for a reply before I do my sweep :-)

Share this post


Link to post

Thanks for this information. I have an old vesion of the Zone Alarm Security Suite [5.1]. I never had the courage to upgrade to version 6 after reading about horrific system problems after installing it.My version lacks the ability to decide on whether to delete a file or not.I did report the problem to Zone Alarm, and all they said was to exclude the folder where the file resides from future scans. They did not seem interested in modifying their detection scheme for to eliminate the false positive. Their solution did not work by the way, somehow even with the folder excluded, ZA still immediately detects and eliminates it...Maybe if we all complain to our respective Anti virus companies, they will do something about it.Perhaps someone more computer savvy than I could forward this thread to Zone Alarm.I also still think that although this is not a PSS isolated issue a software company might have better luck with the antivirus companies than a single consumer. PSS and others will be in big trouble if no one can download their products within a couple of weeks when we all have the new antivirus definiations. After all who knows more about the details of the installer than PSS in terms of being able to troubleshoot?As I recall there was an issue similarly with a file from one of Active Sky's products being detected as a virus and they modified it.What do you think Norman and Graham?Greg


Greg Clark

Share this post


Link to post
Guest BAW1085

I had this problem and removed WINZIP which cured it ! I now use WINRAR without any problems.

Share this post


Link to post
Guest Knikolaes

>I had this problem and removed WINZIP which cured it ! I now>use WINRAR without any problems.THAT is interesting. Will have to check that olution out.Currently I use WinRARA for working with files, but unfortunately I upload to AVSIM and AVSIM does not allow RAR uploads :-( So thus I have to keep Winzip for compatability with 98 percent of the Sim community.Trust me - if the community switched to RAR preference I'd be VERY happy.

Share this post


Link to post
Guest Knikolaes

Greg,Indeed -- I will write them again as well andmake it clear it is not as simple as "excluding the folder" - especially when your downloads are actually organized and seperated into multiple folders LOL. And I WANT virus scan to scan my FS downloads!!! That's all i ever download!LOL. siwwy wabbits. I wite them again.

Share this post


Link to post
Sign in to follow this  
  • Tom Allensworth,
    Founder of AVSIM Online


  • Flight Simulation's Premier Resource!

    AVSIM is a free service to the flight simulation community. AVSIM is staffed completely by volunteers and all funds donated to AVSIM go directly back to supporting the community. Your donation here helps to pay our bandwidth costs, emergency funding, and other general costs that crop up from time to time. Thank you for your support!

    Click here for more information and to see all donations year to date.
×
×
  • Create New...