I was under the impression sim market scanned the software, and if true, then how did a virus get through?

🤔

5 minutes ago, MaDDogz said:

I was under the impression sim market scanned the software, and if true, then how did a virus get through?

🤔

Do they really do that?

Thanks everyone for the advisory.  I was just preparing to update this morning.  Glad I happened to check forums first.

Nice job!

32 minutes ago, MaDDogz said:

I was under the impression sim market scanned the software, and if true, then how did a virus get through?

🤔

I'm by no means an expert but the way this virus behaves I don't believe it is initially picked up because it hides in a legitimate exe file.
It would appear that the virus only reveals itself after its host exe is run when it then tries to place and run svchost.exe.

It seems quite possible that the installer could show completely clean. I'm really not enough of an expert in how these things work to offer a definitive answer, but this is based on my experience with it where running various different malware and anti-virus tools showed my system was completely clean, only for it to then reactivate once I started an infected program.

Thanks for this headsup, I'm sure glad I was slow in installing due to other projects taking priority.

I did a scan on the installer with my Norton 360 and it did not turn up anything.  Regardless, this is going into the garbage bin.

 

I have both MS Security Essentials and Malwarebytes installed. 

No warnings.

 No problems with P3D4.5 Win 7.

Edited April 23, 20206 yr by Polymerman

Happily the developer has been in contact with me again today and apologised for first dismissing my concerns.

He is trying hard to rectify the issue.

I have some sympathy with him because when he scans the installer using Malwarebytes Premium it shows as clean. It seems that only certain products can detect the virus in the legitimate installer based on evidence from the AIG forum where one user reported that his AV picked up the virus while scanning the installer.
I've long since deleted the installer so can no longer check, and I have no intention of downloading it again until I hear that it is clean.

 

*Edit*
Just heard again from the dev who has been working on this all day. Credit where it is due.
He has confirmed the problem and believes he has identified it. He believes it is the SODE exe within the installer that is is infected.

He is working on a fix and a new, clean installer.

Edited April 23, 20206 yr by atco

I had the same warning.  I asked Simmarket about it and they told me to disable anti-virus because it was a false positive.  Um, how bout no?  I deleted the EXE before I ever executed it and will wait for a better installer. No scenery is worth a virus.

46 minutes ago, atco said:

Just heard again from the dev who has been working on this all day. Credit where it is due.
He has confirmed the problem and believes he has identified it. He believes it is the SODE exe within the installer that is is infected.

He is working on a fix and a new, clean installer.

This is really bad and unfortunate for this developer.

Cheers, Ed

Ran Malwarebytes and it found Yontoo adware which I've removed but nothing else.

Quote

Just heard again from the dev who has been working on this all day. Credit where it is due.
He has confirmed the problem and believes he has identified it. He believes it is the SODE exe within the installer that is is infected.

And I was just about to say that I didn't run the SODE install with Calvi, when the above was posted, so it seems to confirm.

Thanks for the warning! I just removed the downloaded file from my system. I never executed the file.

Al

I installed this a few days ago, and I did get a warning. I ran my virus scan again and it says my system is clean. I did, however, install the software (now I wish i had not). How would I know if I have a virus somewhere? Also, is there a way to get did of this now? I don't see any issued now but I certainly don't want to get one down the road.

Cheers, Pete

31 minutes ago, PilotPete99 said:

I installed this a few days ago, and I did get a warning. I ran my virus scan again and it says my system is clean. I did, however, install the software (now I wish i had not). How would I know if I have a virus somewhere? Also, is there a way to get did of this now? I don't see any issued now but I certainly don't want to get one down the road.

Cheers, Pete

Check if your Windows created a Restore Point before you installed this. If it did, just roll back. You won't lose your data.

Did you already have SODE installed?
In which case the virus wouldnt have been loaded...check your windows folder for a SVCHOST.EXE - apparently a sign of infection

 

Just now, keithb77 said:

Did you already have SODE installed?
In which case the virus wouldnt have been loaded...check your windows folder for a SVCHOST.EXE - apparently a sign of infection

 

I did, I have had SODE v 1.6.8 installed for both P3d 4.5 and P3d 5 since last week. I just installed Calvi two days ago. I will check for that file too.

Cheers, Pete

I see a bunch of files that include the term SVCHOST but no folders called SVCHOST.EXE. The files are all dated from 2019. Nothing specific called SVCHOST.EXE. Should I be removing any files or folders that include the term SVCHOST? I don't see that I have any recent restore points.

Cheers, Pete

Edited April 23, 20206 yr by PilotPete99