Archived

This topic is now archived and is closed to further replies.

ailchim

Positive security package results Flight1 FLT1CHK4.DLL

Recommended Posts

In Dec 2008, my McAfee Total Protection 2009 security package started recording positives in respect of FLT1CHK4.DLL, which it quarantined/deleted as the Artemis Trojan, whatever that is.I believe similar problems have previously existed with other security packages and there are a number of posts on the subject in Flight1 forum.This produced problems with GE Pro, Level D 767 and the ATR and indeed loading FS9 itself, as I got a "Bad Licence" message from the Level D 767 as soon as I tried to start FS9.That was partially resolved with Flight1's assistance by loading an alternate version of the DLL but McAfee is also unhappy with other related files also and so the 767 and ATR are presently un-installed.The thing is left in limbo really, with Flight1 advocating using a security package which will accept or ignore their files and Mcafee apparently not willing to make an exception for the DLL's - at least they haven't advised me one way or the other.As of yesterday, I am now having similar trouble with FLT1CHK4.DLL with Lavasoft Ad-Aware Anniversary edition. It now feels as if the walls are closing in.Is anyone else having these troubles or have any solutions to them? If they are, I'd urge them to take the issue up with Flight1 and the security package vendors because otherwise, these excellent packages are going to become increasingly difficult to use.

Share this post


Link to post
Share on other sites
Help AVSIM continue to serve you!
Please donate today!

In Dec 2008, my McAfee Total Protection 2009 security package started recording positives in respect of FLT1CHK4.DLL, which it quarantined/deleted as the Artemis Trojan, whatever that is.I believe similar problems have previously existed with other security packages and there are a number of posts on the subject in Flight1 forum.This produced problems with GE Pro, Level D 767 and the ATR and indeed loading FS9 itself, as I got a "Bad Licence" message from the Level D 767 as soon as I tried to start FS9.That was partially resolved with Flight1's assistance by loading an alternate version of the DLL but McAfee is also unhappy with other related files also and so the 767 and ATR are presently un-installed.The thing is left in limbo really, with Flight1 advocating using a security package which will accept or ignore their files and Mcafee apparently not willing to make an exception for the DLL's - at least they haven't advised me one way or the other.As of yesterday, I am now having similar trouble with FLT1CHK4.DLL with Lavasoft Ad-Aware Anniversary edition. It now feels as if the walls are closing in.Is anyone else having these troubles or have any solutions to them? If they are, I'd urge them to take the issue up with Flight1 and the security package vendors because otherwise, these excellent packages are going to become increasingly difficult to use.
I've been running Mcafee for years and have all those above mentioned addon AC. I havent had any problems with the flight1 products and trojan detection. This is on WinXP SP2. And FSX SP1 not FS9.

Share this post


Link to post
Share on other sites
In Dec 2008, my McAfee Total Protection 2009 security package started recording positives in respect of FLT1CHK4.DLL, which it quarantined/deleted as the Artemis Trojan, whatever that is.
The file may be infected. You can submit it to McAfee using the instructions here and they will tell you if it is or not:http://vil.nai.com/vil/submit-sample.aspxNo manufacturer, Flight 1 included, can guarantee you that their own files are free from virus - although it is unlikely and unusual. Perhaps the virus is in their distributed files? The solution is to submit the file in question to McAfee. Maybe it is a false positive, but they would be in a better position to tell you if you submit it. If it is a false positive, and you decide you trust Flight 1, you can tell your anti-virus software not to scan in that particular directory.It could also be that your workstation is otherwise compromised, and that infections are spreading to these files from other files on your workstation. Do you use any cracked or pirated software? If you do, your system is virtually guaranteed to be infected by software designed to engage your workstation surreptitiously in a botnet. How do you think all those botnets get built? They get built by capitalizing on people's greed/avarice and the simplicity of providing people with cracked, stolen software and/or pr0n. Could anyone be doing any late-night surfing on your workstation without your knowledge? Perhaps you should consider a new hard disk, or a trip to your local geek to reinstall your OS.

Share this post


Link to post
Share on other sites

I had BitDefender report FLT1CHK3.DLL as a virus.I really would like to know what kind of sneaky stuff Flight1 is doing.

Share this post


Link to post
Share on other sites
I had BitDefender report FLT1CHK3.DLL as a virus.I really would like to know what kind of sneaky stuff Flight1 is doing.
They're not doing anything 'sneaky'. It's a false positive unless your pc is compromised as stated above.A top level Flight Sim add-on company isn't likely to do anything 'sneaky' involving installing viruses on customer's PCs, unless they want heaps of bad press, loss of revenue when users vote with their feet, and utimately the business folding. Think about it, people. Talking%20Ear%20Off.gif

Share this post


Link to post
Share on other sites
I had BitDefender report FLT1CHK3.DLL as a virus.I really would like to know what kind of sneaky stuff Flight1 is doing.
All of these companies such as McAfee, Norton, et alia are well aware of the false positives their programs generate, and refuse to take action to eliminate their problem.Take it up with McAfee or whomever's product is being used.

Share this post


Link to post
Share on other sites

Thanks for the responses. Sorry for a delay in replying but our phone line was down yesterday.In order:-----> Daveo Which version of Mcafee? My problems started when I moved from their 2008 Internet Security Suite to the 2009 Total Internet Security. For some reason, McAfee think it's sensible to try to charge your more to renew the subscription on the old product that you can buy the new one for! Prior to that, I was able to run GE Pro, Level D 767 and the ATR without problem. Similarly with Ad-aware, no problem until I upgraded to the new freeware Anniversary Edition.This is what worries me - doesn't matter what security product you use, how do you know that the day after you fork out $XXX for the latest add-on, you won't get an update to your security package which stops you running it?-----> FSXMissionguy & N4GixReported it to Mcafee (and Flight1) as soon as the problem started. Other than an initial acknowledgement from McAfee have heard nothing and they don't seem to respond to informal communication, only their own procedural reporting. Flight1 have been helpful up to a point but their basic poistion is "get another security product".The Ad-aware problem has also been reported to them via the suspicious file submission process.I most definitely have no pirated software whatsoever. Nobody else uses my PC and the second machine on the network is protected by the 3-user Mcafee licence. McAfee is always fully on. I have no positives on any other files despite regular updates & scans-----> FSXMissionguy, FlilotUK & McCrashInteresting - Bitdefender is the 4th security package I have heard of giving these reports - my 2, Bitdefender and a 4th which was reported on the Flight1 forum but which has now dropped over the 12 month archive limit.I'm absolutely not accusing Flight1 of anything improper whatsoever. However, it's clear from the "bad licence" error message I get from the flt1chk4.dll file isn't in place that it's collecting product registration information & - probably - sending it for verification. I can see how that looks bad to a security package.And whatever they are doing, I can't use the products without changing my security product.I have to say that Mcafee does NOT allow you to "trust" an item it regards as a trojan. This is part of Flight1's argument that we should select our scurity products to suit their system. You must form your own opinion of that.

Share this post


Link to post
Share on other sites
Interesting - Bitdefender is the 4th security package I have heard of giving these reports - my 2, Bitdefender and a 4th which was reported on the Flight1 forum but which has now dropped over the 12 month archive limit.
Make ESET NOD32 #5. I have to disable the whole security system completely because 2 files are flagged hot while downloading. However, when the wrapper is complete, i can enable NOD32 and install (and use the software) without problems. That's why i didn't forward the quarantined files for evaluation.

Share this post


Link to post
Share on other sites

The bottom line with these security products is that it is too difficult to always change products because of them. What are we to do? Recall CD's and DVD's in case of false-positives?We have been getting false positives for years, and so have other vendors, especially when you distribute so many products. We have replacement DLL's in our FAQ forum for some DLL versions to help get around false positives.The bottom line is that any virus scanner should have the ability to allow for exclusions. If not, then that is a huge failing in their design. If your virus scanner does not have the ability to do that, then you really should get one that does.Regarding your situation, we are not getting many extra reports as of late, so I wonder if you have your heuristics turned up too high. Plus, see if you can exclude the file. If a file is 1, 2, 3, years or older, and it has been in a product for that long, it is pretty well certain it is a false-positive.I did hear somewhere that McAffee REMOVED the ability to add exclusions. I can't verify it, but I also read they were considering adding it back. I do not know the status of this.There are maybe 25 different security vendors we have to contend with, so do realize that there is little we can do to stop false-positives. It is the nature of being in this business. We have dealt with these companies before, but I believe it is through the same channels others, such as you, use. We have no special channels to speak to them.Also note, that when a company verifies a false-positive, such as McAffee, and if they DO NOT adjust their DAT files, then that should be taken into account during the evaluation of their software. Even if we replaced the DLL's, that is zero guarantee the report would go away. We use different compilers and applications to make our products. DLL's and EXE's will get examined more closely. Also, when you distribute files that are almost 2 Gigabytes and size, any portion of those files could have a matching pattern. So you have to see what we are up against.I can guarantee you Flight1, as well as most all of the vendors in this industry, would never put spyware on a users system. So always do your checking, post in forums and ask questions, and make sure you have a security product that can allow you to do what you want with your system.Thanks,Steve HalpernFlight One Software

Share this post


Link to post
Share on other sites

SteveThanks for stating your position here as well as on your own forum and thank you also for the assistance a couple of months ago, even though this hasn't got 2 out of the 3 products back in operation. Mcafee have been completely uncommunicative which is why when we first spoke back in December, I hoped you might be able to exert some influence, which I certainly don't seem to be able to.I want to make it crystal clear again that I'm not accusing Flight1 of any malpractice of the sort security packages are really meant to prevent. However, you are definitely doing something other add-on vendors don't as I'm not having the same problem anywhere else - yet. Maybe others have had the problem with other vendors and I've just been lucky.Correct me if I'm wrong - the DLL (s) in question aren't a part of the add-on as the average user would understand it are they? They are part of the Flight1 licence checking routine which is common to several (if not all) products aren't they? e.g. it's not part of the LevelD 767, it's part of the Flight1 e-commerce system which sells it.I do agree that if I'd known McAfee was going to do this and I couldn't over-ride it, I wouldn't have purchased it. But then, the preceding version didn't cause a problem and why would I anticipate one with 2 such reputable brands? And that's the issue, because even if we accept that it's our responsibility to check your systems will operate with common security packages (which I don't and also don't think is entirely practical, since we won't know 'til we buy them, when it's too late), we are always exposed to an upgrade or update which alters the ground rules.The very least you could consider doing is to post a clear warning early in the Flight1 purchasing process as to which security packages are not going to allow your products to work. That allows the consumer to decide whether to part with his money for the add-on AND a new security package. The truth is 99% of your customers are innocents abroad, like me, and are not going to go trawling through the forums for potential snags before they buy.

Share this post


Link to post
Share on other sites
-----> Daveo Which version of Mcafee? My problems started when I moved from their 2008 Internet Security Suite to the 2009 Total Internet Security. For some reason, McAfee think it's sensible to try to charge your more to renew the subscription on the old product that you can buy the new one for! Prior to that, I was able to run GE Pro, Level D 767 and the ATR without problem. Similarly with Ad-aware, no problem until I upgraded to the new freeware Anniversary Edition.This is what worries me - doesn't matter what security product you use, how do you know that the day after you fork out $XXX for the latest add-on, you won't get an update to your security package which stops you running it?
Im running Internet Security Suite 9.0 build 9.0.295. Started with 2007. with this setup. Hade the earlier versions also 7,6 5 etc...My builds got updated with the updates thru renewels. I ran with Norton in 2004 and 2005 before it became too much of a resource hog.

Share this post


Link to post
Share on other sites
The very least you could consider doing is to post a clear warning early in the Flight1 purchasing process as to which security packages are not going to allow your products to work. That allows the consumer to decide whether to part with his money for the add-on AND a new security package.
If only it were so easy...We don't use the Flight1 wrapper, because we developed our own, and we were hit by the same kind of issues over time ( and, ironically, when an user encounters this problem, the "why don't you use the Flight1 wrapper" suggestion comes very often... ) and I assure you there's no way to be able to alert users of all potential problems, with accurate info.The reason for this is very simple: all antivirus usually have live updates, at least weekly, but sometimes even daily. We observed several case of a live update for a certain antivirus package that reported our software as a false positive, only to be fixed THE DAY AFTER, with another live update!How do you manage something like this ? We would have to stop developing addons, and spend the whole working day just to watch and test ALL available antivirus brands, in case a weekly update made by one of them breaks compatibility, that might very well be restored in a few days.Even worse: imagine a certain antivirus would always worked, and we posted constant reports of that being "safe" to use. What about people buying it after having followed our reports, and then discover the same antivirus would suddendly stop to work with our software, because of a live update ?The real issue is: an antivirus software is not a "fire and forget" solution, that you just install, keep it updated and not having to worry again, ever. This is what the antivirus venders would like to make you believe, so you purchase their software. Unfortunately, any security program is quite complex and it has to have several config options, that the user IS supposed to know how to operate and what they do exactly because they WILL break compatibility with something, somewere. For example, an antivirus software that doesn't let the user to explicitely trust a file to be clean and exclude it from scanning, is severely flawed. For the same reason, any antivirus that doesn't allow to turn off the heuristic scanning method ( which means "I don't know if this file is dangerous, but I'm trying to guess, but looking at what it does" ) is fundamentally flawed as well.These two options are usually the most important ones that HAVE to be under user control, and they usually can fix 99% of the false positive problems. If your antivirus doesn't allow to set them, change it with something else.A suggestion to check that at least the suspected file hasn't been infected by something else AFTER it was installed, is to use the digital signature (of course, the software vendor should have it signed in the first place). If the digital signature, that you can check by right-clicking on the file to look at its Properties, is there, you can be sure the file is bit-per-bit identical to the original version so, it hasn't been altered on your machine by something else, like a virus. This would leave you only with the very unlikely explanation that the developer distributed it with a virus inside and signed it which, even if it is possible, is VERY unlikely because, it would be reported as a true positive by ALL the antivirus at the same time so, if wouldn't go unnoticed for sure!best regards,Umberto Colapicchioni / VIRTUALIhttp://www.fsdreamteam.com

Share this post


Link to post
Share on other sites
They're not doing anything 'sneaky'. It's a false positive unless your pc is compromised as stated above.A top level Flight Sim add-on company isn't likely to do anything 'sneaky' involving installing viruses on customer's PCs, unless they want heaps of bad press, loss of revenue when users vote with their feet, and utimately the business folding. Think about it, people. Talking%20Ear%20Off.gif
I didn't say they would put a virus in it!

Share this post


Link to post
Share on other sites
I didn't say they would put a virus in it!
True, you said this;"I really would like to know what kind of sneaky stuff Flight1 is doing."Looking up the proper definition of sneaky is easy, but would you care to offer your definition, as used in the line above?The .DLL file installed by Flight1 is used to verify a valid installation. There hasn't been any covert actions by Flight1 to hide the file's existance or purpose.I anxiously await your clarification on the statement quoted above.

Share this post


Link to post
Share on other sites

Ok I did an ATR and a Level-D test flight. No issues with latest Mcafee. I think just maybe your settings are more towards the paranoid side and maybe on auto where you dont get the chance to choose what action to take. Im not sure. I have options available to trust a suspect program if need be which happens with some of my IRC stuff. some of my bot scripts, even the weather script I have came up as a false because it does Out itself to WXunderground to pull up reports via an http script also. It may look suspicious to the AV program but it is still a legit script.Are you running FSX or FS9 by the way??

Share this post


Link to post
Share on other sites