Jump to content
Sign in to follow this  
furger

Malicious code detected in SimServer.exe (Trojan-Ransom.Win32.Blocker.kdwe)

Recommended Posts

Incidentally has anyone gotten the server working properly with Bitdefender Firewall?  I have added an exception for simserver.exe (all ports and all protocols) but it doesn't allow my devices to connect (though I can connect to is from the PC itself).  However when I turn off Bitdefender Firewall and enable the regular Windows 10 firewall, it works ok (and yes I added a similar exception to the Windows Firewall).

Regards,


Hilkiah G. Lavinier

P3d v4.3, ORBX (global/trees/vector/LC,airports), Envshade/Envtek, Pilot2ATC, PRO-ATC, Navigraph, PFPX, ASCA/AS, Freemesh 2.0, Aivlasoft EFB v2, Various addon airports, FSL A319X/A320X, PMDG 737/777/747, TFDI 717, QW 787, Carenados jets

Intel i7 4790k (no OC & no hyperthreading), 16gb, Nvidia 980ti (no OC), 3xSSDs, Acer Predator XB281HK (4K resolution), Windows 10 (1803 build) - runs P3D 

Intel NUC7i7BNH i7, 16gb, M2 ssd, Windows 10 (build 1803) - runs AS/ASCA, Pilot2ATC, Aivlasoft EFB 

Share this post


Link to post
Share on other sites

Thanks for the feedback. Let me wait 24 hours before uploading this, since yesterday my original 3.1.0.1 version also passed without errors.

In the meantime, feel free to use this version, since it will match the AVSIM version.

I don't believe the upload process breaks anything, as I did a byte-wise comparison and the AVSIM version matched my .zip. So that's not a source of error.

Regards

Mark


Mark Foti

Author of aviaworx - https://www.aviaworx.com

logo_avsim.png

Share this post


Link to post
Share on other sites

I wanted to let everyone know that I heard back from Kaspersky, and after a few emails back and forth they determined it was indeed a false positive. There was never anything wrong on Marks end or with the software. 

However, as Mark fixed the issue before Kaspersky got too it, this all may be a moot point. Thanks for the quick response to your customers Mark! Excellent service as usual. 


Matt Bernard
20+ Years Commercial/GA A&P/PLST

Share this post


Link to post
Share on other sites

Hi Mark

Great, you have managed it. Also Kaspersky (at least in the environment I am current running) doesn't complain anymore on the download drawn from your google drive.

Thank you

Andreas


Andreas Furger

Share this post


Link to post
Share on other sites

Thanks for the feedback!

I've now uploaded that version (3.1.0.2) to AVSIM and once its available, I will update the links.

Hope that finalizes this topic :-)


Mark Foti

Author of aviaworx - https://www.aviaworx.com

logo_avsim.png

Share this post


Link to post
Share on other sites

Hi Mark.....think we still have a problem.

I am doing a flight and realized I didn't have simserver running so I went to start it....and noticed my exe was missing.  I went back to the zipfile and tried to extract it from there and sure enough, Bitdefender didn't let me.  I then uploaded the last file I donwloaded (which was ok at the time) to the online virus scan and again sure enough 7 scanners detected viruses/malware:

https://www.virustotal.com/en/file/564c9339f90279ae78e6e211eb34e0434e46669aeb5d5e7d5d05a3ed7b7de63d/analysis/1499308249/

 

I then used your link (http://library.avsim.net/esearch.php?DLID=200324) and redownloaded the zipfile and ....viruses detected.  I am thinking, could it be some sort of timed malware which is dormant which then 'wakes up' after x number of days or hours?  Can anyone else try and see if they are getting malware detection also?


Hilkiah G. Lavinier

P3d v4.3, ORBX (global/trees/vector/LC,airports), Envshade/Envtek, Pilot2ATC, PRO-ATC, Navigraph, PFPX, ASCA/AS, Freemesh 2.0, Aivlasoft EFB v2, Various addon airports, FSL A319X/A320X, PMDG 737/777/747, TFDI 717, QW 787, Carenados jets

Intel i7 4790k (no OC & no hyperthreading), 16gb, Nvidia 980ti (no OC), 3xSSDs, Acer Predator XB281HK (4K resolution), Windows 10 (1803 build) - runs P3D 

Intel NUC7i7BNH i7, 16gb, M2 ssd, Windows 10 (build 1803) - runs AS/ASCA, Pilot2ATC, Aivlasoft EFB 

Share this post


Link to post
Share on other sites

The MOST easy and pretty safe way to solve that problems:

Setup proper exceptions in your AV suite for ALL folders of your sim, addons etc....

Deactivate your AV suite during your sim session, as long as you don't surf to suspicious websites during flyling you won't need it.


System: i9 9900k@4.9 - 32 GB RAM - Aorus 1080ti --- Sim/Addons: P3D v5 + ProSim737
Signature3.png

Share this post


Link to post
Share on other sites
On 7/6/2017 at 4:35 AM, Hilkiah said:

Hi Mark.....think we still have a problem.

I am doing a flight and realized I didn't have simserver running so I went to start it....and noticed my exe was missing.  I went back to the zipfile and tried to extract it from there and sure enough, Bitdefender didn't let me.  I then uploaded the last file I donwloaded (which was ok at the time) to the online virus scan and again sure enough 7 scanners detected viruses/malware:

https://www.virustotal.com/en/file/564c9339f90279ae78e6e211eb34e0434e46669aeb5d5e7d5d05a3ed7b7de63d/analysis/1499308249/

 

I then used your link (http://library.avsim.net/esearch.php?DLID=200324) and redownloaded the zipfile and ....viruses detected.  I am thinking, could it be some sort of timed malware which is dormant which then 'wakes up' after x number of days or hours?  Can anyone else try and see if they are getting malware detection also?

Hi Hilkiah,

sorry for not responding until now, but I have contacted BitDefender in the meantime and asked them to do a more in-depth analysis of the application. If you run a new scan via VirusTotal, you should see that no major AV software is reporting anything suspicious, including Kaspersky and BitDefender. At least, that's the case as per today, see also:

https://virustotal.com/en/file/95fe6149536d26381ecda35900dd2c06c43693f5e774154ea773de0321458529/analysis/1499612242/

I hope this reassures everyone that there is indeed no virus/malware contained within SimServer.

PS a binary executable contained in a zip archive doesn't change. A virus is not something biological which changes over time. Malware either exists or it doesn't - but the compiled binary will not change over time. And AV software doesn't actually run the application (such as VirusTotal), it just scans for patterns within the binary file.

Best Regards

Mark


Mark Foti

Author of aviaworx - https://www.aviaworx.com

logo_avsim.png

Share this post


Link to post
Share on other sites

Could this be why whenever I right click or click on SimServer.exe my system goes to a crawl.  This also happens with the OverheadClient.exe too... note.. no other files exhibit this behaviour..


Craig Read, EGLL

Share this post


Link to post
Share on other sites
On 8/29/2017 at 8:27 PM, craig_read said:

Could this be why whenever I right click or click on SimServer.exe my system goes to a crawl.  This also happens with the OverheadClient.exe too... note.. no other files exhibit this behaviour..

Hi Craig,

I would be very surprised by this.

SimServer should not cause high CPU usage (you can check it with the Task Manager).

The OverheadClient does cause a CPU load, but since this is designed to run on a different PC, I think this is acceptable.

Regards

Mark


Mark Foti

Author of aviaworx - https://www.aviaworx.com

logo_avsim.png

Share this post


Link to post
Share on other sites

Running the application is fine, simply highlighting it in explorer causes this, not execution.


Craig Read, EGLL

Share this post


Link to post
Share on other sites

I use standard windows anti-virus, so windows defender.  Like I said simply selecting the file, for example if I want to look at the properties of the file takes an age.  I'm assuming the machine is doing some background checking and this is why it takes so long.


Craig Read, EGLL

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Tom Allensworth,
    Founder of AVSIM Online


  • Flight Simulation's Premier Resource!

    AVSIM is a free service to the flight simulation community. AVSIM is staffed completely by volunteers and all funds donated to AVSIM go directly back to supporting the community. Your donation here helps to pay our bandwidth costs, emergency funding, and other general costs that crop up from time to time. Thank you for your support!

    Click here for more information and to see all donations year to date.
×
×
  • Create New...