Tomatoshade Virus warning

[Senchai 24]

I have contacted the dev. lets see what he says. I asked hm to write here, if he just replies to me then i just add what he said. Ill let you know

[GEKtheReaper 364]

On 8/26/2018 at 9:29 PM, awf said:

I find your posting quite offensive and degrading to our fellow members, and is shouting around he found something and that is the only truth...

As @Bobsk8 stated, I also can't understand what you want to tell us. Furthermore, I don't see any offence in what @tolip2 has written.

Off topic: I use paid AV and it sure protected me from some bad things (even when most of the time it flagged false positives, I will never run my internet connected PC without protection). Although Win Def has made some major steps foreward, it still laks behind SW dev specialized in protection.

What @Jim Young shares with us is true (partly). He is right that after the malicious code gets detected, it will be changed by those who created it but this does not mean that the flagged version dissapears from the internet entierly over night, meaning that those running no AV at all, have higher risks in getting it.

ON TOPIC: The DEVS (for addons) should drop / change the way they protect they're files. Most of the time those coded protections trigger the AV. I don't use tomatoshade but I never installed any SW that was flagged by AV without checking it first (on devs forums or by sending it for analysis to my AV provider).

[Senchai 24]

Ok, another update. Dev himself will write this somewhere too but just to bring this down a bt again (i started it so i feel responsible) i want to let you know that he assured me that theres nothing going on and thats hes working on the solution.

 

[F737MAX 5,586]

50 minutes ago, SaenchaySor said:

Ok, another update. Dev himself will write this somewhere too but just to bring this down a bt again (i started it so i feel responsible) i want to let you know that he assured me that theres nothing going on and thats hes working on the solution.

Don't apologise or feel responsible for telling the community that a product is *potentially* risky.
What you experienced with multiple AV scans showing problems and your browser refusing to download the tool is noteworthy. Thank you for pointing it out.

It is up to the developer to show us (rather than just assure) that their tool is safe. Too many developers tell us to turn off AV features / run with administrator rights when installing their products. At some point, it's possible that someone will upload something nasty within a product like this, because so many simmers reduce or turn off their AV protection, making us easy targets.

[Bobsk8 12,681]

29 minutes ago, F737NG said:

Don't apologise or feel responsible for telling the community that a product is *potentially* risky.
What you experienced with multiple AV scans showing problems and your browser refusing to download the tool is noteworthy. Thank you for pointing it out.

It is up to the developer to show us (rather than just assure) that their tool is safe. Too many developers tell us to turn off AV features / run with administrator rights when installing their products. At some point, it's possible that someone will upload something nasty within a product like this, because so many simmers reduce or turn off their AV protection, making us easy targets.

I have never turned off my AV or UAC, have installed so many add ons, I can't even begin to guess how many over the years, and never had a  problem. Have never had a virus either.. 

Edited August 28, 2018 by Bobsk8

[Senchai 24]

From the dev:
 

Hi there. Last week (or the week before, I can't remember), the DynamicReflection Maker of TomatoShade got flagged as a virus by some AntiVirus scanners (according to VirusTotal.com it is flagged by 8 out of 66 AntiVirus softwares). I couldn't react on it because I was on holiday until last weekend - so sorry for the delayed answer. So what I can say is: it is a false positive. There isn't any virus in it and I never would do something like that. Because everybody could say that, I wanted to give you a quick prove for that: The executable is compressed with a well known application called UPX. This software is older than some of you here in this discord server (first public release was in 1998) and it is quite well known. It is completly open source (hosted on GitHub) and the simple goal is to make executables smaller. Downside is: some (stupid) anti malware scanners see a thread in this. My personal opinion on antivirus software is: almost all of them are snake oil. I know that a lot of you got more suspicious about virus warnings after the thing that happened earlier this year. I won't judge you about this, but here is an example for a false positive 🙂 Ok, if you want to check it: go to the UPX Github page and download the latest release (https://upx.github.io/). Download the zip named upx-3.95-win32.zip. Inside this zip, you will find an exectable called upx.exe. Extract it into the folder where the dynamic reflection maker is stored. Next, in the file explorer, hold down shift while pressing the right mouse button. You will find an entry called Open command promt here in the popup window. After pressing it, the normal windows command promt window will open. Enter the following into it: upx -d DynamicReflectionMaker.exe - this will decompress the executable. It will have a size of about 6.5MB. Now upload this executable to VirusTotal.com and see the result. Only one scanner will remain as a potential virus warning - but hey, thats McAfee.

 

If you want to compress the executable again, enter the following line into the command promt: upx.exe -9 DynamicReflectionMaker.exe (I am using version 3.3.0.0 locally here, so the checksum won't be equal with the latest version. If you download an older version of UPX, you will get the exact same executable as it is inside the zip). After compressing it, you will get the virus warnings back. To prevent any further problems, I modified the zip of the current version and have the uncompressed executble now in it. I'll stop using UPX for further releases.

[abandoned account 171]

On 8/26/2018 at 8:29 PM, awf said:

I find your posting quite offensive and degrading to our fellow members, and is shouting around he found something and that is the only truth...
Maybe there are more here with a lot more technical knowledge then that you seem to give credit for.
You think it's that difficult to protect a simple PC or home network lol
Further do you have real prove, besides some online scanners, otherwise you make only a fool out of yourself with empty statements...

First you call my posting offensive and degrading, which I definitely don't think it was. Then you "lol" me and tell me I make a fool out of myself with empty statements. That's certainly an interesting way of having a discussion.

About the "real prove". I was simply saying that if 30 or so independent AV scanners flag something as malware, it's definitely worth investigating. It does not automatically mean that it's the end of the world, and it does not automatically mean it's a false positive. It means that it's important enough to investigate manually.

Yes I'm still frustrated about lazy developers telling us to do bad things. The fact that the community is not seriously questioning this (but rather defending it) is a clear sign that people generally don't understand the impact. I'm not expecting the general flightsimmer to be a computer security expert or malware reverse engineer but it's sad to see that every time someone brings up these things, the response is always e.g. "I've never had a virus" or "I can't possibly get a virus" or "AV sucks, stop bothering us".

If you know enough about security, you would be humble enough to never make such a statement. If you do get infected you would likely not even know about it as most malware are virtually undetectable. Even if you do detect it, recovering is seldom as easy as running some cleanup tool. Most people probably think of viruses as ransomware or annoying browser popups with big flashing images on your screen. That's not how it works in most cases. I could go on here but I guess I'm just making an even bigger fool out of myself with these empty statements.

 

[virtualstuff 758]

4 hours ago, tolip2 said:

First you call my posting offensive and degrading, which I definitely don't think it was. Then you "lol" me and tell me I make a fool out of myself with empty statements. That's certainly an interesting way of having a discussion.

About the "real prove". I was simply saying that if 30 or so independent AV scanners flag something as malware, it's definitely worth investigating. It does not automatically mean that it's the end of the world, and it does not automatically mean it's a false positive. It means that it's important enough to investigate manually.

Yes I'm still frustrated about lazy developers telling us to do bad things. The fact that the community is not seriously questioning this (but rather defending it) is a clear sign that people generally don't understand the impact. I'm not expecting the general flightsimmer to be a computer security expert or malware reverse engineer but it's sad to see that every time someone brings up these things, the response is always e.g. "I've never had a virus" or "I can't possibly get a virus" or "AV sucks, stop bothering us".

If you know enough about security, you would be humble enough to never make such a statement. If you do get infected you would likely not even know about it as most malware are virtually undetectable. Even if you do detect it, recovering is seldom as easy as running some cleanup tool. Most people probably think of viruses as ransomware or annoying browser popups with big flashing images on your screen. That's not how it works in most cases. I could go on here but I guess I'm just making an even bigger fool out of myself with these empty statements.

 

Actually it's still an empty statement(s), what a user should do before posting and give others a warning is simple homework...
For example contact first the developer or sent the file to your virus protection software company,
and based on facts then post a topic here, not the other way around based on emotions 😉

Your post I reacted to had a condescending and almost patronising tone... and I apologize for the lol remark...

"quote that is what you said"

Unfortunately the "I will never get a virus" culture is very strong in this community. People seem to think that if you do get infected, your screen will turn upside down and little green aliens will walk around on the screen laughing at you. Then you run some removal tool and your computer is clean again. Things have evolved since the 90's.

"quote end"

As for knowledge, yes I have a little clue what's happening in the background in 30 year IT (now lol myself ;-))

I apologize my post was also a bit strong worded, but was trigged by your tone.

Have a nice evening gentlemen...

[Barbs 2]

So has anyone (the developer of this program) actually sovled this issue by having the software cleared by the major AV companies (eg.  Windows Defender)?  I can't even download the package without it being immediately deleted so can't do anything like creating exceptions.

And before you ask... NO, I will not disable my AV and then download something from the internet.