Tomatoshade Virus warning

[Senchai 24]

seems that it gives a virus warning now in multiple AVs and online scanners. Chrome doesn't even let one download anymore. 

As a Developer im aware of false flag warnings, still this one is a bit weird. Why does a tool, where there is not even an installer, that only modifies a few files in a folder has even the ability to be false flagged if its not reason. What process or signature could be used in such a tool? 

I had TS installed already before (so it has to be an update of multiple onlinescanners and av tools & win defender in the last few weeks), today i started the reflectionmaker and it was deleted by win defender same sec. Then i started to download new version, chrome didnt let me. Then i downloaded the file in Kali Linux (a penetration tester OS) and also here i found virus when scanning it. Then i uploaded to 3 online scanners where it gets checked by a lot of Avs, also half of them flagged it as virus.

Whats going on here? Maybe the dev can guarantee us that this is a false flag please. I dont have the time atm to make a full check of the file so maybe someone else can do, check for connections it does etc. But dont look in reflectionmaker then only, best to check the other files too.

Edited August 24, 2018 by SaenchaySor

[grandfred29 180]

Same thing for me with the update system inside tomato software with W10 defender

[Senchai 24]

so noone cares? not bad

[abandoned account 171]

The (lack of) reaction is exactly what I imagined. The general flight sim enthusiast probably don't realise what this means. As long as they don't see anything out of the ordinary and the FPS isn't affected, right...

Btw, step 1 in pretty much every install document for flight sim addons says "disable your antivirus" and people seem to follow that blindly without realising what it means. If you're a developer and create a product that AV flags as malware or it doesn't work correctly when AV is active, the problem is YOU as the developer and your product is flawed. And oh, same goes with your "must run with admin rights" and "disable UAC" requirements. If you're having trouble with write permission in protected directories, YOU'RE DOING IT WRONG. (I'm not talking about e.g. excluding texture files from the AV's real time scanning for performance reasons here.)

I guess the good old "I've never had any virus so I don't need AV" is still alive.

 

[Bobsk8 12,681]

3 minutes ago, tolip2 said:

The (lack of) reaction is exactly what I imagined. The general flight sim enthusiast probably don't realise what this means. As long as they don't see anything out of the ordinary and the FPS isn't affected, right...

Btw, step 1 in pretty much every install document for flight sim addons says "disable your antivirus" and people seem to follow that blindly without realising what it means. If you're a developer and create a product that AV flags as malware or it doesn't work correctly when AV is active, the problem is YOU as the developer and your product is flawed. And oh, same goes with your "must run with admin rights" and "disable UAC" requirements. If you're having trouble with write permission in protected directories, YOU'RE DOING IT WRONG. (I'm not talking about e.g. excluding texture files from the AV's real time scanning for performance reasons here.)

I guess the good old "I've never had any virus so I don't need AV" is still alive.

 

They will change their tune when they have to wipe their hard drive, reinstall windows, and all the flight sim stuff in order to get rid of the virus. 

[Jim Young 2,356]

I'm one of those who does not believe in anti-virus software but once or twice I did get the ransomware malware from Russia (several years ago).  I fixed the issue myself w/o reinstalling windows and stuff like that.  My golfing friend had it too and he used Norton Security but still got the malware.  He had Anti-Malwarebytes installed too.  But that was 3-4 years ago and the anti-virus/Malware programs can stop attacks for sure now.  Right?  Wrong!  The makers of Ransomware are not stupid.  They are in business. They simply change the program so it will avoid the anti-virus/malware programs.  When that happens and you have Norton Security installed (for instance), and you get the virus/malware and subsequently report it to Norton or McAfee, they will come up with another fix.  Then the virus developers will change the program again.  So, many of the viruses that hit your computer haven't even been diagnosed by the anti-virus or malware program yet!! The techs at Norton are still working on an fix. The best thing to do to avoid viruses is to stay away from sites that might contain a virus.  Fortunately, some browsers are providing warnings that you may be entering an unsafe website.  Porno sites, sites that offer free games, like solitaire, etc., have games and things that might link to a virus.  Political nuts are now placing viruses into news stories that might not be favorable to their views.  I go to some sites containing political news stories from around the world.  Suddenly, I'll get a warning my system has been detected to be vulnerable and they want to do a scan of the system (meaning they want to install the ransomware).  When I see this warning, I just shutdown my system and restart it as fast as I can.  You should never allow an unknown Internet site to scan your computer.  Windows Defender is supposed to stop ransomware but it cannot as ransomware developers keep changing the method used to deliver the malware.  If you ever get a virus or ransomware you probably will not be able to start up your computer without paying the big bucks but I was able to fix it by going on my laptop, searching for the virus or ransomware and there are thousands of solutions on how to remove it from your system.  Of course the people who develop virus/ransomware are aware of that too and will put the virus/malware in other locations. 

I used Malwarebytes but it quarantines any competitors software like Advanced System Care.  It's not malware but a competing product!!  You can exempt things like this in Malwarebytes but somehow they remove the exemptions and start quarantining the legitimate products again.  It has now been removed from my system.  I do think that Malware is more dangerous than viruses.

The false positives are there for a reason.  The anti-virus program developer wants you to renew your account and is essentially saying, "look, I saved you from a virus!! Make sure you renew every year!"  So, occasionally you might see a warning that a virus was detected and quarantined.   If you did not get false-positives and no warnings whatsoever of a virus, you might think twice about renewing your anti-virus software.  If you know you are downloading a product from a legitimate source like SimMarket, PCPilotShop, etc., you should know the products are scanned for viruses and malware before the product is even sold and delivered to you via a download.  So I would suggest turning off the anti-virus program and let the software install the product properly.  Like others have stated, Windows Defender is a good free program that will detect a virus or malware and I have yet to see it throw out false-positives!

Best regards,

Jim

[WarpD 824]

If you see a 'false positive' from most AV scanners... you really need to stop, notify the developer of the software in question.  They can send it to the AV companies who can look into it an determine whether it is or isn't a virus.  If it isn't (a truly false positive) then AV companies will adjust their software to prevent it from triggering again.

Until that happens... I wouldn't recommend installing any software that trips pretty much every AV scan out there.  Just my advice.

[Guest]

5 hours ago, tolip2 said:

I guess the good old "I've never had any virus so I don't need AV" is still alive.

I’D never get a virus, but I use the same Nortnon Security Antivirus 

[Guest]

5 hours ago, tolip2 said:

I guess the good old "I've never had any virus so I don't need AV" is still alive.

I’D never get a virus, but I use the same Nortnon Security Antivirus 

[abandoned account 171]

This thread was not whether or not you believe in antivirus in general. They certainly have their issues but this case is about a specific file that has been downloaded and blindly executed by likely thousands of users. In 95% of the cases probably using an administrator account without UAC or AV. Cause that's how we roll in the flight sim industry.

If half of the online scanners flagged the file as malware (that would probably be around 30 or so completely different, independent AV products), I think it would be slightly naive to disregard this issue as a false positive or marketing trick just be cause you "don't believe in antivirus".

If you don't care that someone else own your computer, all data on it, and potentially all other devices on your local network, then fine. By all means go ahead. If you do care however, I would recommend you do not download that file until the issue has been investigated. You should also not blindly accept when lazy developers tells you to disable vital security functions.

Unfortunately the "I will never get a virus" culture is very strong in this community. People seem to think that if you do get infected, your screen will turn upside down and little green aliens will walk around on the screen laughing at you. Then you run some removal tool and your computer is clean again. Things have evolved since the 90's.

 

Edited August 26, 2018 by tolip2

[virtualstuff 758]

10 hours ago, tolip2 said:

Unfortunately the "I will never get a virus" culture is very strong in this community. People seem to think that if you do get infected, your screen will turn upside down and little green aliens will walk around on the screen laughing at you. Then you run some removal tool and your computer is clean again. Things have evolved since the 90's.

 

I find your posting quite offensive and degrading to our fellow members, and is shouting around he found something and that is the only truth...
Maybe there are more here with a lot more technical knowledge then that you seem to give credit for.
You think it's that difficult to protect a simple PC or home network lol
Further do you have real prove, besides some online scanners, otherwise you make only a fool out of yourself with empty statements...

[Matt Piotrowski 3]

My anti virus quarantined tomato shade too. Anyone know what's going on? 

[WarpD 824]

If it is getting blocked by AV software,then it needs to be forwarded to the AV developers so they can evaluate.  You pay for the protection... trust it.

[Bobsk8 12,681]

19 hours ago, awf said:

I find your posting quite offensive and degrading to our fellow members, and is shouting around he found something and that is the only truth...
Maybe there are more here with a lot more technical knowledge then that you seem to give credit for.
You think it's that difficult to protect a simple PC or home network lol
Further do you have real prove, besides some online scanners, otherwise you make only a fool out of yourself with empty statements...

I sure wish I could figure out what you are trying to say.

[Senchai 24]

Thanks guys, i alreade thought im alone in the world of thinking individuals.

The problem here is i have no idea who the developer is. I cant see anything in the internet besides a dropbox download link, what already is suspicious enough if you ask me. And atm im a bit worried about simply start this app again. anyway i deleted it. So if someone can find out who is the dev, let me know pls...

Also to that moderator posted. Yes, im talking about Win defender. It deletes it same moment one starts it. Also Chrome and Firefox blocks it.

Also i never allowed any online scanner to browse my computer. I uploaded the file to be scanned. If you google you will see some chinese and japanese guys found this already too. Theres various upload reports where one can see it got detected as a virus.

Edited August 28, 2018 by SaenchaySor