|
|
Odd threat detected.
About Truespace Archives
These pages are a copy of the official truespace forums prior to their removal somewhere around 2011.
They are retained here for archive purposes only.
Odd threat detected. // Roundtable
Post by Mitch // Apr 17, 2008, 5:34am
|
Mitch
Total Posts: 70
|
To-day everything started normal when all of a sudden my NOD32 AntiVirus program started to pop up problems with my tueSpace exe files.
I let them delete a number of these exe files but then it also targeted my TS751_Web_Inst.exe file. I turned on my other computer and went to these same files and again NOD32 detected them as a threat.
This is extremely odd.
Threat -- "Win32/Adware.LastDefender application".
Something strange is going on here.
Any ideas? |
Post by Mitch // Apr 17, 2008, 5:58am
|
Mitch
Total Posts: 70
|
This threat resulted after NOD32 updated to the latest definitions.
"NOD32 - v.3034 (20080417)
Virus signature database updates:
Win32/Adware.LastDefender (4)"
I have contacted Caligari and tech support is to get back to me. |
Post by frootee // Apr 17, 2008, 5:59am
|
frootee
Total Posts: 2667
|
have you tried an adware cleaning application? I use ad-aware; works well. |
Post by Mitch // Apr 17, 2008, 6:02am
|
Mitch
Total Posts: 70
|
The problem is that only trueSpace executable files are being tagged.
I do not want to delete these paid for files. |
Post by jamesmc // Apr 17, 2008, 6:09am
|
jamesmc
Total Posts: 2566
|
Most virus protection Software has ways to allow programs to be "cleared" all the time without "flagging" them.
For instance, in the image below from my ZoneAlarm Anti-Virus, I can manually change the status of each "?" to allowed status.
Most virus protection and ad prevention programs should have these options.
This options can be changed (as seen in the second image.) |
Post by Mitch // Apr 17, 2008, 6:29am
|
Mitch
Total Posts: 70
|
I am on Vista. All of a sudden to-day my Antivirus program started to go crazy after the new definitions were updated.
My trueSpace install executables are being found and tagged as being a threat. The Antivirus program is refusing my attempts to do anything other than Quarantine, Delete or Rename the files. This is occurring on two computers.
The Antivirus program refuses to close.
I take these warnings serious as a result of past experiences.
I am waiting for tech support to comment on what is going on. |
Post by jamesmc // Apr 17, 2008, 6:36am
|
jamesmc
Total Posts: 2566
|
I am on Vista. All of a sudden to-day my Antivirus program started to go crazy after the new definitions were updated.
My trueSpace install executables are being found and tagged as being a threat. The Antivirus program is refusing my attempts to do anything other than Quarantine, Delete or Rename the files. This is occurring on two computers.
The Antivirus program refuses to close.
I take these warnings serious as a result of past experiences.
I am waiting for tech support to comment on what is going on.
Dunno Mitch,
I'm still on XP.
Could be an issue with Vista Administrator as I've read where Vista gives a lot of grief with some programs because of privileges. |
Post by frootee // Apr 17, 2008, 6:38am
|
frootee
Total Posts: 2667
|
Have you Called Tech support? I would not wait on them to check the forums.
Also, you should be able to download the executables, since you paid for them. Did you get 7.51 on a cd or a download? In either case, you should be able to download them again. Check with customer service (i.e. Remy Santos) on the procedure for setting up your online account.
Froo |
Post by Ambrose // Apr 17, 2008, 6:47am
|
Ambrose
Total Posts: 261
|
Techsupport can't do much if anything, hopefully wrong ;)
Download Avast and have to do an boot up scan after you updates it.
I was running, before losing my job, Panda Antivirs for years and thought all was good, it was totally filled with viruses that had totall control over it...
Good luck, I take alook tomorow, must rush now, later...
SeYa/Ambrose... |
Post by Mitch // Apr 17, 2008, 6:52am
|
Mitch
Total Posts: 70
|
I am sure this will be cleared up by ESET and Caligari.
I have over 1 terabyte of files on each of my computers.
Would you not find it odd that only trueSpace install executable are being found and tagged out of hundreds of thousands of files?
I am sure this is not a problem but my computers are being locked down in the mean time. This has never occurred before so of course I am a little concerned. |
Post by Jack Edwards // Apr 17, 2008, 6:55am
|
Jack Edwards
Total Posts: 4062
|
Sounds like a problem with the latest virus definitions. Thought it could be that a virus has attached itself to just the TrueSpace files, that seem highly unlikely. |
Post by Mitch // Apr 17, 2008, 6:55am
|
Mitch
Total Posts: 70
|
Frootee these are install executables I just downloaded from Caligari two days ago. |
Post by TomG // Apr 17, 2008, 7:01am
|
TomG
Total Posts: 3397
|
At a guess, the virus definition updates have flagged certain kinds of code or code statements, and those happen to appear harmlessly in tS. However the anti virus app doesnt know that so is seeing them as harmful.
I would contact the anti virus company too and let them know.
As for your files, if bought and paid for, you can always download the installs again, you won't be left high and dry without them! So no matter what your anti virus does to them, you won't have problems getting another copy of the files if that's what it comes to.
Neither of two anti virus programs I have here see any threat in the tS files, so something in the anti virus patterns for your anti virus software is identifying some code or code that is "similar to" as being a problem.
HTH!
Tom
EDIT - as a PS, viruses CAN embed themselves in existing files if they manage to get on your machine. So while the exe's are virus free when you download them from us, if your machine is infected, it is possible it could write itself into a file on your machine that it regards as suitable. So it is not 100% impossible that you are not infected. This is why I would check with the anti virus company themselves, to be sure what is going on. |
Post by Mitch // Apr 17, 2008, 7:07am
|
Mitch
Total Posts: 70
|
Tom the strange thing is that this is the latest update for to-day.
http://www.eset.com/support/updates.php
I am sure this will be cleared up soon but at the moment it is a concern. |
Post by Norm // Apr 17, 2008, 7:19am
|
Norm
Total Posts: 862
|
Tech support is not able to help in this regard except to reiterate some items.
The antivirus software is going to do this for "untrusted" software. If you went in and untrusted everything on machine, the antivirus would choke on the results. As mentioned, there are options to trust software. You are in control of these options so you have to research the help for your anti virus and discover what needs to be done. I would not be alarmed though. If there was a problem we would have many many more folks with same scenario happening. This just is not the case. |
Post by TomG // Apr 17, 2008, 7:21am
|
TomG
Total Posts: 3397
|
Not strange about it being today's update - any update will bring new rules for the AV software and specify what it counts as virus and what it doesnt. The rules are generally heuristic, ie if code "looks similar to" rather than "is identical to".
If there happens to be a sequence of bytes in the tS exe that "looks similar to" some new definition that counts as a virus, or an update to the rule that defines what "looks similar to", then the AV software can start identifying viruses in files it previously did not view as having viruses.
As noted, viruses CAN embed themselves in existing files. So while we know the exe files are clean here, and they may have been clean on download, they could now be infected on your machine. This seems unlikely to me (given it is just the tS files), but it is not impossible.
You need to report the virus to the AV company, tell them you have no reason to think the exes are infected, and see what they can tell you. It could be their AV detection rules / definitions need updating to not identify something as a virus when it is not (you do get "false positives" in AV detection). It could be there is a virus on your machine and its chosen these files to hide itself inside.
Naturally our devs have been informed too at this end, but nothing to stop you going ahead and requesting direct assistance from the AV company yourself too.
HTH!
Tom |
Post by TomG // Apr 17, 2008, 7:26am
|
TomG
Total Posts: 3397
|
PS - looking like the same threat is generating other false positives:
http://www.wilderssecurity.com/showthread.php?p=1224195
Quote there from an Eset moderator is "An update with a fix will be released shortly."
I would still go ahead and inform ESET so they can account for the tS executables too in the work they are doing, and to be 100% sure that this is a false positive on your machine.
HTH!
Tom |
Post by Mitch // Apr 17, 2008, 7:37am
|
Mitch
Total Posts: 70
|
Tom and Norm I have been in touch with Eset tech support.
They have requested a copy of the files that are causing the threat response.
I told them I can not do this because the files belong to Caligari.
One of the files is TS751_Web_Inst.exe I downloaded two days ago.
I believe this has become more than I want to deal with.
If you or Caligari wish to go further please refer to my account for
email information.
Thank you.
John Mitchinson |
Post by jamesmc // Apr 17, 2008, 7:57am
|
jamesmc
Total Posts: 2566
|
Just a thought.
I went to the Eset Website and they have an "Online Scanner."
Why not use it and see if it comes up with the same results as your per machine can? |
Post by TomG // Apr 17, 2008, 8:14am
|
TomG
Total Posts: 3397
|
Just forward their email to me, thomas@caligari.com. I can then get in touch with them directly. One option is to download and scan the trial version, which should generate the same false positive at a guess. They can freely download that for themselves if they want to test it.
Not using the online scanner as it scans the whole machine, and that will take forever with the amount of stuff I have on my machine :)
Thanks!
Tom |
Post by jamesmc // Apr 17, 2008, 8:18am
|
jamesmc
Total Posts: 2566
|
Just forward their email to me, thomas@caligari.com. I can then get in touch with them directly. One option is to download and scan the trial version, which should generate the same false positive at a guess. They can freely download that for themselves if they want to test it.
Not using the online scanner as it scans the whole machine, and that will take forever with the amount of stuff I have on my machine :)
Thanks!
Tom
Weenie! :D
/joking |
Post by Mitch // Apr 17, 2008, 8:28am
|
Mitch
Total Posts: 70
|
Thanks Tom, Norm and all forum members for you help and patience.
This is one of the most civil and helpful forums on the Net to-day.
Tom I have forwarded the e-mail I received from Eset to you.
I am sure that the threat definitions will be updated soon to remove this problem. |
Post by TomG // Apr 17, 2008, 8:40am
|
TomG
Total Posts: 3397
|
Haha James :) Also I dont want it quarantining my tS installs either ;) I might find that something of a problem!
Thanks Mitch, mailed them and we'll see what they say, will try to find a way to get a file for them to inspect and confirm if the exe registers as a false positive. Will keep you updated!
Tom |
Post by TomG // Apr 17, 2008, 9:29am
|
TomG
Total Posts: 3397
|
Fast and helpful replies confirmed this was a false positive. In fact, the definitions had already been updated today to correct that before we even got in touch, and the 3035 version of the signatures removed the false positive.
Mitch is back up and running.
Thanks!
Tom |
Post by Mitch // Apr 17, 2008, 9:31am
|
Mitch
Total Posts: 70
|
My threat definitions have just been updated and my files have all been restored. Tom got through to ESET and got the problem solved.
Things are back to normal. |
Post by Mitch // Apr 17, 2008, 9:34am
|
Mitch
Total Posts: 70
|
I cleared my cache before posting Tom but you beat me to it. |
|
