• There seems to be an uptick in Political comments in recent months. Those of us who are long time members of the site know that Political and Religious content has been banned for years. Nothing has changed. Please leave all political and religious comments out of the forums.

    If you recently joined the forums you were not presented with this restriction in the terms of service. This was due to a conversion error when we went from vBulletin to Xenforo. We have updated our terms of service to reflect these corrections.

    Please note any post refering to a politician will be considered political even if it is intended to be humor. Our experience is these topics have a way of dividing the forums and causing deep resentment among members. It is a poison to the community. We appreciate compliance with the rules.

    The Staff of SOH

  • Server side Maintenance is done. We still have an update to the forum software to run but that one will have to wait for a better time.

Alleged malware in AlphaSim file

S

Skyblazer100

Members +
Hello everyone, sorry that I haven't contributed in such a long time but I have just been reading and learning here.
Well, here's my problem: I have been using for years a German virus scanner ANTI VIR personal which is reputed to be an effective, albeit sometimes too "picky" scanner. I have regularly downloaded - some even years ago - free Alpha Sim aircraft as well as those AlphaSim jets recently adapted by Tango Romeo. They all ran fine (and still do) until about three weeks ago when this scanner aftre an update indicated that most Alpha Sim MDL.files are infected by a trojan horse they call TR/Dropper.Gen. In my Korean campagin almost all AI aircraft mdl files (e.g. F1_AI_B-29, F-82, F-84, TU-2, F-84 to name just a few) are affected as well.
Is this by any chance a known issue in the community? By computer is acting normally, a scan with the MS malware removal tool or ad-aware showed nothing bad.
Another indication that there might be no real problem after all seems to me that I have saved my CFS2 files on DVDs, some several years old also. And when I checked the files saved there it also indicated malware, which rules out any recent infection on my computer HDD.
I have reported this to the ANTIVIR people, they insist that it contains malware criteria.
 
Both Sophos and McAffee indicate its discovery was last week.
That probably rules out your DVDs of some years back.. and the Alpha_ models from the past.

Most likely a False Alarm, I'd say.

SD
 
Skyblazer100 said:
I have reported this to the ANTIVIR people, they insist that it contains malware criteria.
Click to expand...

Naturally they will say this in defense their highly rated product. But (A) having 'malware criteria' isn't necessary the evidence of true malware (could be a false positive) and (B) if they're really on point here, they should be willing to pass the details of such criteria to you so you can forward it to the vendors for their edification and correction. It could be something as simple as a harmless proprietary Alphasim signature tag in the mdl hex code that closely resembles code in known malware.

One way to avoid this is by keeping sims and game programs on separate internal drives or partitions:
http://www.sim-outhouse.com/sohforums/showthread.php?t=351
 
Here is a post that has many Links to Website that are dedicated to this Sim.http://www.simviation.com/cgi-bin/ya...1117604819/all

Not all links are working but most are. Read it from page one to the last since it not only has Links to Websites dedicate to this Sim but many it also has many tips on how to improve your flying experience thru this Sim.

If you have any question come back here and we as a community will help along.:wavey:
 
Skyblazer....

As the person who assembled the Fox Four files and the Tango_Romeo mods to some AlphaSim models, I can assure you that none of the models contain a virus or trojan-dropper. I run several heavy-duty commercial AV/SW programs that would have caught anything amiss. Plus, SimV and SOH maintain very strong AV screening practices.

'Too Picky' is not a good definition of the message you are seeing....it's more like 'Not Detailed Enough'. Several AV programs have a very loose definition of virus/sw files......and most throw an indication that a file 'maybe an undesirable file' without any real grounds to do so.

For example, all of the Fox Four files were originally part of 'self-extracting zip' files (self-installers). Which means that the files probably retain a 'tag' indicating that.....and any indication that a file has been associated with an executable file (such as a self-extractor) can be interpreted as suspicious.

As a caveat, I can't speak for the security of any of our/my files that have been uploaded at pirate sites....and there are some out there.

And BTW..... welcome to the Outhouse! :wavey:
 
Also....

....all of the files mentioned probably contain email links, as well as links to the producer's website. These links are actually being interpreted as 'suspicious' by some of the less detailed scanners. :kilroy:
 
Thank you very much for your quick responses. Especially the fact that some of TR's files (that I have used and enjoyed from the first days of the F-86 Sabre campaign and where we solved the "German helo problem" together) were indicated convinces me that this must be a false alarm. Furthermore the Defense of Australia files with the P-40 Schuftie is included as well as the Just Flight Pearl Harbor Campaign. Over the weekend my daughter who is a computer programmer will be here and I'll have her check this over with her professional virus scanning tools. I'll let you know about to outcome.
 
Hello everyone,

my virus scanner had a big engine update and, guess what, the alleged virus warnings are gone completely, they were false warnings as I had presumed all along. I am posting this just in case anyone was worrying about AlphaSim files.
 
I use Anti vir and had a similar warning for the same alleged trojan, on files that had been clear before - it was in 2 or 3 disparate files on my external hard drive. I assumed they were false positives. I haven't scanned with the new update yet, so be interesting to see if they are now OK.
 
You must log in or register to reply here.
Back
Top