Jump to content

Sign in to follow this  
Hauer

Virus warning when updating Calvi St.Catherine Airport LFKC

Recommended Posts

I was under the impression sim market scanned the software, and if true, then how did a virus get through?

🤔


Luke Pype

Share this post


Link to post
Share on other sites
5 minutes ago, MaDDogz said:

I was under the impression sim market scanned the software, and if true, then how did a virus get through?

🤔

Do they really do that?

Thanks everyone for the advisory.  I was just preparing to update this morning.  Glad I happened to check forums first.

Nice job!


Aaron Ortega

Share this post


Link to post
Share on other sites
32 minutes ago, MaDDogz said:

I was under the impression sim market scanned the software, and if true, then how did a virus get through?

🤔

I'm by no means an expert but the way this virus behaves I don't believe it is initially picked up because it hides in a legitimate exe file.
It would appear that the virus only reveals itself after its host exe is run when it then tries to place and run svchost.exe.

It seems quite possible that the installer could show completely clean. I'm really not enough of an expert in how these things work to offer a definitive answer, but this is based on my experience with it where running various different malware and anti-virus tools showed my system was completely clean, only for it to then reactivate once I started an infected program.

  • Like 1

Share this post


Link to post
Share on other sites

Thanks for this headsup, I'm sure glad I was slow in installing due to other projects taking priority.

I did a scan on the installer with my Norton 360 and it did not turn up anything.  Regardless, this is going into the garbage bin.


Bryan Wallis aka "fltsimguy"

Maple Bay, British Columbia

Near CAM3

Share this post


Link to post
Share on other sites
Posted (edited)

Happily the developer has been in contact with me again today and apologised for first dismissing my concerns.

He is trying hard to rectify the issue.

I have some sympathy with him because when he scans the installer using Malwarebytes Premium it shows as clean. It seems that only certain products can detect the virus in the legitimate installer based on evidence from the AIG forum where one user reported that his AV picked up the virus while scanning the installer.
I've long since deleted the installer so can no longer check, and I have no intention of downloading it again until I hear that it is clean.

 

*Edit*
Just heard again from the dev who has been working on this all day. Credit where it is due.
He has confirmed the problem and believes he has identified it. He believes it is the SODE exe within the installer that is is infected.

He is working on a fix and a new, clean installer.

Edited by atco
  • Upvote 1

Share this post


Link to post
Share on other sites

I had the same warning.  I asked Simmarket about it and they told me to disable anti-virus because it was a false positive.  Um, how bout no?  I deleted the EXE before I ever executed it and will wait for a better installer. No scenery is worth a virus.

Share this post


Link to post
Share on other sites
46 minutes ago, atco said:

Just heard again from the dev who has been working on this all day. Credit where it is due.
He has confirmed the problem and believes he has identified it. He believes it is the SODE exe within the installer that is is infected.

He is working on a fix and a new, clean installer.

This is really bad and unfortunate for this developer.

Cheers, Ed


Ed Patino

MSFS & P3Dv4.5hf3 - Win 10 Home x64 // Rig: Corsair Graphite 760T Full Tower - ASUS MBoard Maximus XI Hero Z390 - CPU Intel i7-8086k 6-cores - 32GB RAM - MSI Nvidia GeForce GTX1080Ti 11GB - 3 x SSD x 1TB Crucial/Samsung + 1 x SSD 2TB Crucial + 1 HDD Seagate 2TB + 1 HDD Seagate Ext 2TB - Monitor LG 29UC97C UWHD Curved - PSU Corsair RM1000x - VR Oculus Rift // MSFS & P3Dv4.5hf3 - Win 10 Home x64 - Gaming Laptop CUK ASUS Strix - CPU Intel i7-8750H - 32GB RAM - Nvidia RTX 2070 - 2TB SSD - 2TB HDD // Thrustmaster FCS & MS XBOX Controllers

Share this post


Link to post
Share on other sites

Ran Malwarebytes and it found Yontoo adware which I've removed but nothing else.

Quote

Just heard again from the dev who has been working on this all day. Credit where it is due.
He has confirmed the problem and believes he has identified it. He believes it is the SODE exe within the installer that is is infected.

And I was just about to say that I didn't run the SODE install with Calvi, when the above was posted, so it seems to confirm.


...

Share this post


Link to post
Share on other sites

Thanks for the warning! I just removed the downloaded file from my system. I never executed the file.

Al


Al Kaupa

Digital Storm purchased 8/17/2011; Win7x64: Asus P8P67 Deluxe; Intel i7 2600K@3,9 GHZ; nVidia GTX 560Ti; 8GB DDR3 1600 Corsair Dominator; Power Corsair HX 750W; Samsung 850 EVO 500GB SSD; 300GB WD VelociRaptor; 1TB Seagate.

Share this post


Link to post
Share on other sites

I installed this a few days ago, and I did get a warning. I ran my virus scan again and it says my system is clean. I did, however, install the software (now I wish i had not). How would I know if I have a virus somewhere? Also, is there a way to get did of this now? I don't see any issued now but I certainly don't want to get one down the road.

Cheers, Pete


Pete Solov - Lake in the Hills 3CK

and Schaumburg Regional 06C
Proud AOPA Member - PPL 2001
Real World Piper Cherokee Pilot

Share this post


Link to post
Share on other sites
31 minutes ago, PilotPete99 said:

I installed this a few days ago, and I did get a warning. I ran my virus scan again and it says my system is clean. I did, however, install the software (now I wish i had not). How would I know if I have a virus somewhere? Also, is there a way to get did of this now? I don't see any issued now but I certainly don't want to get one down the road.

Cheers, Pete

Check if your Windows created a Restore Point before you installed this. If it did, just roll back. You won't lose your data.


Rick Almeida

Share this post


Link to post
Share on other sites

Did you already have SODE installed?
In which case the virus wouldnt have been loaded...check your windows folder for a SVCHOST.EXE - apparently a sign of infection

 


...

Share this post


Link to post
Share on other sites
Just now, keithb77 said:

Did you already have SODE installed?
In which case the virus wouldnt have been loaded...check your windows folder for a SVCHOST.EXE - apparently a sign of infection

 

I did, I have had SODE v 1.6.8 installed for both P3d 4.5 and P3d 5 since last week. I just installed Calvi two days ago. I will check for that file too.

Cheers, Pete


Pete Solov - Lake in the Hills 3CK

and Schaumburg Regional 06C
Proud AOPA Member - PPL 2001
Real World Piper Cherokee Pilot

Share this post


Link to post
Share on other sites
Posted (edited)

I see a bunch of files that include the term SVCHOST but no folders called SVCHOST.EXE. The files are all dated from 2019. Nothing specific called SVCHOST.EXE. Should I be removing any files or folders that include the term SVCHOST? I don't see that I have any recent restore points.

Cheers, Pete

Edited by PilotPete99

Pete Solov - Lake in the Hills 3CK

and Schaumburg Regional 06C
Proud AOPA Member - PPL 2001
Real World Piper Cherokee Pilot

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Tom Allensworth,
    Founder of AVSIM Online


  • Flight Simulation's Premier Resource!

    AVSIM is a free service to the flight simulation community. AVSIM is staffed completely by volunteers and all funds donated to AVSIM go directly back to supporting the community. Your donation here helps to pay our bandwidth costs, emergency funding, and other general costs that crop up from time to time. Thank you for your support!

    Click here for more information and to see all donations year to date.
  • Donation Goals

    AVSIM's 2020 Fundraising Goal

    Donate to our annual general fundraising goal. This donation keeps our doors open and providing you service 24 x 7 x 365. Your donation here helps to pay our bandwidth costs, emergency funding, and other general costs that crop up from time to time. We reset this goal every new year for the following year's goal.


    28%
    $7,170.00 of $25,000.00 Donate Now
×
×
  • Create New...