Virus Warning, need some recommendations

[KingGhidorah 209]

Just got a popup.

 

Object: C:\programfiles(x86)\EZCA\EZCA.exe

Threat: a variant of Win32/Packed.Thermida suspicious application

 

Error while Cleaning

Event occurred during an attempt to run the file by the application C:Windows\System32\rundll32.exe

 

 

My option is to Delete or to Ignore, and if I delete it, then there goes Ezdok.

 

 

I had booted up the computer and hadn't run FSX or done anything at all.  Ezdok has been installed for years now, and no recent updates or changes to it.  I recall seeing the same "Thermida" thing once or twice associated with a Flight1 wrapper, and it was a false alarm. 

 

What would my fellow flight simmers do with this?  Ignore it?  I don't want to have to go through the rigamarole of reinstalling Ezdok, and having to fool around with setting it up again.  My inclination is to blow it off.   Has anybody else gotten an alarm on this recently?

[FloG 148]

I am no computer expert, I haven't even heard of that "Thermidor" thing before, so I might be wrong here. However, I have the feeling that a. given the amount of people using Ezdok (and its relative age, plus no recent updates) it is unlikely that it actually is dangerous, and b. you say that this particular warning occured to you in context with the Fligth1 wrapper (which IIRC is also how Ezdok is sold?), which I also highly doubt to be malware.

Furthermore, I have had the experience that certain Anti-virus programs regard many flight sim addons as potential threats, simply because they're not so common. Why shouldn't that be the case with this particular program?

So ultimately, I'd most likely try to have a closer look at what Ezdok might be doing, but in general I would still consider it safe and ignore the warnings.

[charliearon 3,017]

You may also be able to go to your Anti-virus program and tell it that EZDOK is a safe program and to ignore warnings for it.

[ryanbatc 12,807]

Probably a false positive... Ask the ezca forums....

[srburger 0]

King,

 

I got the same alert, and NOD32 quarantined the EZCA.exe file. Like you, I've used EZDok for many years without problems.

 

Here's how I fixed it in NOD32:

 

1. Go into Quarantine, right-click on the file and choose Restore.

 

2. Go into Advanced Setup/Exclusions, select Add, then browse to EZCA.exe and Open it.

 

That did it for me.

 

Just a guess, but I'm assuming that this occurred after a NOD32 virus database update, and there must be a new virus out there that looks a lot like EZCA.exe.

[KingGhidorah 209]

Thank you, gentlemen, for your suggestions.

[James Bennett 52]

I've seen reports of the Flight1 software wrapper coming up as a false positive.

[EmileB 15]

 

King,

 

I got the same alert, and NOD32 quarantined the EZCA.exe file. Like you, I've used EZDok for many years without problems.

 

Here's how I fixed it in NOD32:

 

1. Go into Quarantine, right-click on the file and choose Restore.

 

2. Go into Advanced Setup/Exclusions, select Add, then browse to EZCA.exe and Open it.

 

That did it for me.

 

Just a guess, but I'm assuming that this occurred after a NOD32 virus database update, and there must be a new virus out there that looks a lot like EZCA.exe.

 

Wish I'd seen this thread before uninstalling EZCA - 'coz now even updates 1.16 and 1.17 are zapped by NOD32 :diablo: Original 1.15 from the Flight1 wrapper installs OK.  Looks like I'm going to have to disable NOD32 altogether while installing and then, as you suggested, add EZCA.exe to the exclusions.  Agree it's most likely that a new threat has characteristics too similar to EZCA.exe for NOD32 to ignore, why else would this start to happen right now and not before.  What a nuisance... :mad:

ADDENDUM : got EZCA installed again, and exclusion for EZCA.exe added to NOD32 after which no further nuisance reports (for now).  I also sent the file to ESET as a possible false positive.  Hopefully they will check it out and do something about it.

[Steve Cannell 4]

When I came apon this post, I couldn't resist offering a bit of advice that I know could help anyone using a Windows OS and especially Flight simmers.

 

I don't use Anti virus, Malware or any other security software. Not needed.

 

Daily Continues Mirror Image Backup !!

 

This has proven to be the only way to ensure my flight simming experience continues without frequent disasters.

It's no fun starting over.

 

My snapshot history goes back 380 days.

Best of all, I can go back to yesterday when FSX or P3D worked perfectly.  :-)

 

Cheers

Steve

[wims80 121]

Themida is a copy protection suite that encrypts executables. It's semi popular among weak malware developers, it can be used to hide the payload code of malware, therefore it's sometimes flagged by antivirus. It's not actually malware in and by itself

[Crashdive 2]

 

 

Daily Continues Mirror Image Backup !!

What B.U. program do you use?

[Steve Cannell 4]

I use Carbonite.

 

I like it because it's automatic, continues online backup of all my important files.

 

It daily or apon request takes mirror image snapshots of my C/ drive which contains Windows 8.1 and FSX to an external USB drive. This all takes place quietly in the background while I use the computer.

 

Daily snapshots is the key.

Weekly isn't frequent enough, When things go wrong it's usually not expected. Restoring an image works great but if several days has past it's hard to remember what changes, settings, installs, have been made. When snapshots are taken daily, restores are almost seamless.

 

I had nearly given up MSFS several times because of unresolvable issues that required a do over. No fun at all !

 

This is no longer a worry.

It's twice saved me this horrible experience of starting over and re-installing everything again.

 

Free trial is available.

 

Cheers

Steve

[AVSIM Admin 4]

This is an automatic message.

 

This topic has been moved from "MS FSX Forum" to "Hangar Chat". This move has been done for a number of possible reasons.

• The most likely reason is that the post was off topic.
• The topic could also have contained images or a video that were not appropriate to the original forum it was posted in.
• The images might not have been "illustrative" or "explanatory" in nature.
• The topic could have been moved because we deemed it to be more appropriately placed elsewhere.

Please ensure that your posts are "on topic" and contain illustrative images or videos as appropriate. Do not post videos or images just for entertainment purposes anywhere but in the screen shot or video forums. See our image posting rules here.

 

Members who continue to post off topic posts can be denied entry to specific forums in order to reduce and remove the practice. Your cooperation is appreciated.

[KingGhidorah 209]

Just to append it to the prior discussion for those who might encounter the same and wonder, I just got an identical Thermida warning on TOPCAT, on a different computer.

[JWMuller 5]

 

King,

 

I got the same alert, and NOD32 quarantined the EZCA.exe file. Like you, I've used EZDok for many years without problems.

 

Here's how I fixed it in NOD32:

 

1. Go into Quarantine, right-click on the file and choose Restore.

 

2. Go into Advanced Setup/Exclusions, select Add, then browse to EZCA.exe and Open it.

 

That did it for me.

 

Just a guess, but I'm assuming that this occurred after a NOD32 virus database update, and there must be a new virus out there that looks a lot like EZCA.exe.

 

But it must be a virus if the computer says it is?