FFTF Dynamic Trojan

[sfgiants13 83]

I've never had this before but after the latest version update I got an alert from Windows Defender about a trojan.  

 

Trojan:Win32/Wacatac.D!ml

 

Anyone else noticed this?

[netshadoe 144]

Yeah...Bitdefender picked it up too.

[micstatic 4,319]

offensive initials not allowed.  2nd addon this week with a virus

[Twenty6 693]

Since last week's Calvi update Trojan I'm a bit paranoid so I renamed the FFTF executable after Microsoft Defender flagged it this morning. This is fun!

[sfgiants13 83]

I emailed simmarket support on the installer.  I didn't know where else to email since their website doesn't exist anymore.

[G-RFRY 1,712]

3 minutes ago, sfgiants13 said:

I emailed simmarket support on the installer.  I didn't know where else to email since their website doesn't exist anymore.

https://www.fspsstore.com/

[sfgiants13 83]

Simmarket support forwarded my ticket to the developer so we’ll see.

[Bert Pieke 7,585]

I got it as well.. and have chosen to ignore the warning.. until further notice..

Edited April 29, 2020 by Bert Pieke

[edpatino 1,964]

7 hours ago, sfgiants13 said:

I emailed simmarket support on the installer.  I didn't know where else to email since their website doesn't exist anymore.

https://www.fspsstore.com/

For support, you can open a ticket here:

https://support.thefsps.com/index.php

Cheers, Ed

 

[edpatino 1,964]

25 minutes ago, Bert Pieke said:

I got it as well.. and have chosen to ignore the warning.. until further notice..

This could be very dangerous. The virus that came with Calvi Airport scenery placed a file into the Windows folder in your C drive and once activated it could spread over all your exe files, making necessary a clean re-install of those affected files/applications.

Cheers, Ed

Edited April 29, 2020 by edpatino

[Bert Pieke 7,585]

21 minutes ago, edpatino said:

This could be very dangerous. The virus that came with Calvi Airport scenery placed a file into the Windows folder in your C drive and once activated it could spread over all your exe files, making necessary a clean re-install of those affected files/applications.

Cheers, Ed

OK - disabled it..

[Skywolf 992]

happened on my end also.  

 

Any news?

[sfgiants13 83]

I also created a ticket on the above site. I’ll advise when I get a response.

[NickBo 102]

17 hours ago, edpatino said:

This could be very dangerous. The virus that came with Calvi Airport scenery placed a file into the Windows folder in your C drive and once activated it could spread over all your exe files, making necessary a clean re-install of those affected files/applications.

Cheers, Ed

It's way, way worse than having to re-install a few files/applications. If you have malicious files on your C drive it means that someone can have complete remote control over your computer. Like stealing all files, installing ransomware, attacking other devices on your local network, activating the mic or webcam, and so on.

As for the Win32/Wacatac.D!ml malware, here is a summary from https://malwarefixes.com/threats/trojanwin32-wacatac-dml/:

Quote

Trojan:Win32/Wacatac.D!ml is a detection by Windows Defender for a computer threat that can perform a number of malicious actions as commanded by remote attacker. Trojan:Win32/Wacatac.D!ml is so dangerous because it has this backdoor capability that will allow a hacker to control and dominate the infected computer.

I think these issues should be taken VERY seriously and the vendor and distributors should investigate this issue and take actions immediately and let us know what went wrong and how their actions will prevent this from happening again. It's totally unacceptable..

[vincentrouleau 71]

But, for me only Defender detected it. Malwarebytes did not detect it