cauldron Posted April 4, 2019 Posted April 4, 2019 My windows10 detected a trojan during my torrent update to 2.9.8.81: Trojan:Script/Foretype.A!ml affected file: file: F:\DCS World Master folder\DCS World OpenBeta\_downloads\.torrents\NEVADA_terrain.common\40\40d60dc8e61d82a222450845c79f5bd85639f11ebd01429c0eb3989896af68f4 I am not an expert in these systems so i have allowed windows to kill it. Posting for Devs, and others who may have had similar issues.
RogueSqdn Posted April 4, 2019 Posted April 4, 2019 Seconded DEFENSOR FORTIS Spoiler Systems: Falcon NW Talon: Ryzen 9 5950X @4.9GHz, 64GB DDR4, RTX 3090 FE; Falcon NW Mach V: Core i7 3930K @3.2GHz, 32GB DDR3, GTX 1080 FE Cockpit: MonsterTech MTX F, 42" 4K TV, HP Reverb G2, Oculus Rift S, PointCTRL Controls: RS F16SGRH CE, RS F18CGRH, VPC T-50CM2, VFX, WarBRD (Grips); VPC T-50CM2, RS FSSB R3L (Bases); Winwing F/A-18C, VPC T-50CM3, VPC T-50CM, TM Warthog, Cougar (Throttles); VPC ACE2 (Rudders)
Skopro_PL Posted April 4, 2019 Posted April 4, 2019 same | 8700k @4.9 | Gigabyte Gaming 7 | 32gb Tridentz @3000 | EVGA 1080 TI SC2 | CV1 | VKB MCG PRO [sigpic]https://drive.google.com/file/d/1FeLGqKyJ3K08k3z-7XaegWgRuGRGkKUs/view?usp=sharing[/sigpic]
ARM505 Posted April 4, 2019 Posted April 4, 2019 Same. https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Trojan%3aScript%2fForetype.A!ml&threatid=2147724345 Not much detail there, but Windows Defender seems pretty sure of itself. A 2017 entry as well....
zoldar Posted April 4, 2019 Posted April 4, 2019 I was chatting with online support about this. They are aware and have contacted Microsoft about the issue. I see the same issue with the release version.
enigma6584 Posted April 4, 2019 Posted April 4, 2019 Got the same warning with my release version update yesterday.
xaoslaad Posted April 4, 2019 Posted April 4, 2019 I saw this on one of my systems. Never saw it on the other...
ED Team c0ff Posted April 5, 2019 ED Team Posted April 5, 2019 False positive. Nevada (and any other terrain) does not contain executable files. Dmitry S. Baikov @ Eagle Dynamics LockOn FC2 Soundtrack Remastered out NOW everywhere - https://band.link/LockOnFC2.
derammo Posted April 5, 2019 Posted April 5, 2019 (edited) False positive. Nevada (and any other terrain) does not contain executable files. With all due respect, I don't think that is how malware works. You can still have malware embedded in a non-executable file, for example anything that is compressed or a PDF or something like that. When the target software reads the specially crafted sequence of data, it hits vulnerabilities in the software doing the reading or decompressing. Some of those can be used to get it to execute malware. Data execution prevention stops some of that, but not all. I agree that most likely this is a false positive, but it would be better to follow up on it just in case. The view that only executable code poses a threat is not at all up to date with current realities. If these chunks of torrent files (sorry, not familiar with their implementation) are compressed or encrypted, then you could probably just make a tiny harmless change to the terrain files and see if compression and encryption change the file enough to no longer trigger the anti virus signature. That seems way better than expecting all your customers to turn off their anti virus to install the latest version of the software. Otherwise, reach out to Microsoft and see if they can look at your stuff to see if their pattern can be fixed. PS: I am in no way claiming to be an expert on this topic. So you can feel free to correct if I said something inaccurate above. I'm not here to have a debate about malware tech :) Edited April 5, 2019 by derammo
derammo Posted April 5, 2019 Posted April 5, 2019 For now, I simply uninstalled the Nevada terrain so I can update to the latest software. Presumably, the next release will have slightly different files or maybe you can just try to repackage like I suggested?
Recommended Posts