Jump to content
Sign in to follow this  
Hauer

Virus warning when updating Calvi St.Catherine Airport LFKC

Recommended Posts

I was under the impression sim market scanned the software, and if true, then how did a virus get through?

🤔


Luke Pype

Share this post


Link to post
Share on other sites
5 minutes ago, MaDDogz said:

I was under the impression sim market scanned the software, and if true, then how did a virus get through?

🤔

Do they really do that?

Thanks everyone for the advisory.  I was just preparing to update this morning.  Glad I happened to check forums first.

Nice job!


Aaron Ortega

AMD Ryzen 7 5800X3D 3.4 GHz 8-Core Processor, Asus TUF GAMING X570-PLUS (WI-FI) ATX AM4 Motherboard, Samsung 980 Pro 2 TB M.2-2280 PCIe 4.0 X4 NVME Solid State Drive, SAMSUNG 870 QVO SATA III SSD 4TB, Asus TUF GAMING GeForce RTX 3090 24 GB Video Card, ASUS ROG STRIX 850G 850W Gold Power Supply, Windows 10 x64 Home

Share this post


Link to post
Share on other sites
32 minutes ago, MaDDogz said:

I was under the impression sim market scanned the software, and if true, then how did a virus get through?

🤔

I'm by no means an expert but the way this virus behaves I don't believe it is initially picked up because it hides in a legitimate exe file.
It would appear that the virus only reveals itself after its host exe is run when it then tries to place and run svchost.exe.

It seems quite possible that the installer could show completely clean. I'm really not enough of an expert in how these things work to offer a definitive answer, but this is based on my experience with it where running various different malware and anti-virus tools showed my system was completely clean, only for it to then reactivate once I started an infected program.

  • Like 1

Share this post


Link to post
Share on other sites

Thanks for this headsup, I'm sure glad I was slow in installing due to other projects taking priority.

I did a scan on the installer with my Norton 360 and it did not turn up anything.  Regardless, this is going into the garbage bin.


Bryan Wallis aka "fltsimguy"

Maple Bay, British Columbia

Near CAM3

Share this post


Link to post
Share on other sites

Happily the developer has been in contact with me again today and apologised for first dismissing my concerns.

He is trying hard to rectify the issue.

I have some sympathy with him because when he scans the installer using Malwarebytes Premium it shows as clean. It seems that only certain products can detect the virus in the legitimate installer based on evidence from the AIG forum where one user reported that his AV picked up the virus while scanning the installer.
I've long since deleted the installer so can no longer check, and I have no intention of downloading it again until I hear that it is clean.

 

*Edit*
Just heard again from the dev who has been working on this all day. Credit where it is due.
He has confirmed the problem and believes he has identified it. He believes it is the SODE exe within the installer that is is infected.

He is working on a fix and a new, clean installer.

Edited by atco
  • Upvote 1

Share this post


Link to post
Share on other sites

I had the same warning.  I asked Simmarket about it and they told me to disable anti-virus because it was a false positive.  Um, how bout no?  I deleted the EXE before I ever executed it and will wait for a better installer. No scenery is worth a virus.

Share this post


Link to post
Share on other sites
46 minutes ago, atco said:

Just heard again from the dev who has been working on this all day. Credit where it is due.
He has confirmed the problem and believes he has identified it. He believes it is the SODE exe within the installer that is is infected.

He is working on a fix and a new, clean installer.

This is really bad and unfortunate for this developer.

Cheers, Ed


Cheers, Ed

MSFS Steam - Win10 Home x64 // Rig: Corsair Graphite 760T Full Tower - ASUS MBoard Maximus XII Hero Z490 - CPU Intel i9-10900K - 64GB RAM - MSI RTX2080 Super 8GB - [1xNVMe M.2 1TB + 1xNVMe M.2 2TB (Samsung)] + [1xSSD 1TB + 1xSSD 2TB (Crucial)] + [1xSSD 1TB (Samsung)] + 1 HDD Seagate 2TB + 1 HDD Seagate External 4TB - Monitor LG 29UC97C UWHD Curved - PSU Corsair RM1000x - VR Oculus Rift // MSFS Steam - Win 10 Home x64 - Gaming Laptop CUK ASUS Strix - CPU Intel i7-8750H - 32GB RAM - RTX2070 8GB - SSD 2TB + HDD 2TB // Thrustmaster FCS & MS XBOX Controllers

Share this post


Link to post
Share on other sites

Ran Malwarebytes and it found Yontoo adware which I've removed but nothing else.

Quote

Just heard again from the dev who has been working on this all day. Credit where it is due.
He has confirmed the problem and believes he has identified it. He believes it is the SODE exe within the installer that is is infected.

And I was just about to say that I didn't run the SODE install with Calvi, when the above was posted, so it seems to confirm.


...

Share this post


Link to post
Share on other sites

Thanks for the warning! I just removed the downloaded file from my system. I never executed the file.

Al


Al Kaupa

Digital Storm purchased 8/17/2011; Win7x64: Asus P8P67 Deluxe; Intel i7 2600K@3,9 GHZ; nVidia GTX 560Ti; 8GB DDR3 1600 Corsair Dominator; Power Corsair HX 750W; Samsung 850 EVO 500GB SSD; 300GB WD VelociRaptor; 1TB Seagate.

Share this post


Link to post
Share on other sites

I installed this a few days ago, and I did get a warning. I ran my virus scan again and it says my system is clean. I did, however, install the software (now I wish i had not). How would I know if I have a virus somewhere? Also, is there a way to get did of this now? I don't see any issued now but I certainly don't want to get one down the road.

Cheers, Pete


Pete Solov - Lake in the Hills 3CK

and Schaumburg Regional 06C
Proud AOPA Member - PPL 2001
Real World Piper Cherokee Pilot

Share this post


Link to post
Share on other sites
31 minutes ago, PilotPete99 said:

I installed this a few days ago, and I did get a warning. I ran my virus scan again and it says my system is clean. I did, however, install the software (now I wish i had not). How would I know if I have a virus somewhere? Also, is there a way to get did of this now? I don't see any issued now but I certainly don't want to get one down the road.

Cheers, Pete

Check if your Windows created a Restore Point before you installed this. If it did, just roll back. You won't lose your data.

Share this post


Link to post
Share on other sites

Did you already have SODE installed?
In which case the virus wouldnt have been loaded...check your windows folder for a SVCHOST.EXE - apparently a sign of infection

 


...

Share this post


Link to post
Share on other sites
Just now, keithb77 said:

Did you already have SODE installed?
In which case the virus wouldnt have been loaded...check your windows folder for a SVCHOST.EXE - apparently a sign of infection

 

I did, I have had SODE v 1.6.8 installed for both P3d 4.5 and P3d 5 since last week. I just installed Calvi two days ago. I will check for that file too.

Cheers, Pete


Pete Solov - Lake in the Hills 3CK

and Schaumburg Regional 06C
Proud AOPA Member - PPL 2001
Real World Piper Cherokee Pilot

Share this post


Link to post
Share on other sites

I see a bunch of files that include the term SVCHOST but no folders called SVCHOST.EXE. The files are all dated from 2019. Nothing specific called SVCHOST.EXE. Should I be removing any files or folders that include the term SVCHOST? I don't see that I have any recent restore points.

Cheers, Pete

Edited by PilotPete99

Pete Solov - Lake in the Hills 3CK

and Schaumburg Regional 06C
Proud AOPA Member - PPL 2001
Real World Piper Cherokee Pilot

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Tom Allensworth,
    Founder of AVSIM Online


  • Flight Simulation's Premier Resource!

    AVSIM is a free service to the flight simulation community. AVSIM is staffed completely by volunteers and all funds donated to AVSIM go directly back to supporting the community. Your donation here helps to pay our bandwidth costs, emergency funding, and other general costs that crop up from time to time. Thank you for your support!

    Click here for more information and to see all donations year to date.
×
×
  • Create New...