answered ORBX KTVL P3D V3 "FileRepSnxclass" adware detection...

[flyboy1953]

I've had false positives once in a rare while and while trying to install the latest KTVL for P3D V3

Just after the Simflightstore wrapper finishes and as the Installer starts I get a popup on this virus....

I'm worried because I have spent all day installing the P3D V3 compatible add ons that you have and there are quite a few that I have besides the ones in my signature...

And None of them have had problems.....

I read up on this virus and It can raise havoc and I don't need that.

Please research this and try installing after most recent download.... Mine was 12/14/2015 and I am just trying to install it now...

Thank you...

Flyboy

[Misha Cajic]

Well, it is definitely a false positive  We can guarantee the software doesn't have a virus in it, so it's fine to ignore.

[flyboy1953]

Why did it only do it in that installer? I am doing a boot scan and it shows the temp file created for the ktvl install as corrupt.... with this virus.

I used the same installer for others that also created temp files for the P3D V3 install and I also have installed everything available for P3D V3 and no problems...My question why this single one...

I understand if it happens to others as well... but I think you should check....

 

It isnt just saying it is unsafe.. it specifies a very well known virus that can mess up your browser as well as wreak havock....

Plkease research the virus on the web... " FileRepSnxclass "

[Misha Cajic]

If you downloaded the software from the FlightSimStore, there is no doubt that it's a false positive. All I can suggest is that maybe your download got corrupted due to a connection dropout, and so you could try redownloading the software. We don't put viruses in our products  

[Adam Banks]

I'm jumping in here as I only grabbed KTVL for P3Dv3 myself a couple of days ago (great stuff, Misha!!) ... and had no such trouble. I use Avast (free) on Win7x64.

 

What virus checker reports it?

 

It does occur to me, though, that while the original FSS file will be clean - the virus (if you're already infected from some other source) may be attaching itself (at random) to any temp file created by *any* install.

 

I'd do a thorough AV scan on your system - and also check to see if there are any specific scanners for that specific virus (there often are).

 

In all my years of using ORBX I've never had even so much as a false positive.

 

Adam.

[flyboy1953]

I did just that from a different server.... I used the cloud first and the second australia... both with same result and same virus.

I also used windows downloader to do a verification process.... same one again... Only That file. KTVL

 

[flyboy1953]

I guess if it is guaranteed... Who will come and disinfect my computer and spend a week re installing all my software?

[Adam Banks]

Two comments to add to the above (!):

 

1) Have you run an MD5 hash checker on the downloaded file to check that it's *totally identical* to the one on the server? There are free checkers out there.

 

2) Are you making sure you delete all the temp files after each aborted attempt? Otherwise, Windows may re-use the old/corrupt ones.

 

Adam.

[flyboy1953]

I have the same exact setup and never had a virus....

I use avast free.... and never had problems with anything.... that is  why this caught my attention...

I did not try to delete the temp file because the flightsim unwrapper says the directory is only temporary and it deletes it after install..

I will try it....

The boot scan is still going, I have a couple of terrbytes but the first two files it detected where the two temp file from orbx in my user directory the the flightsim created.... labeling them as corrupt.

I'll try the hash checker as soon as the bootscan is done.

I run FSX Steam and have all the US terrains, england, all the freeware North american airports and I am trying to duplicate the same on my P3D V3 install....

[Adam Banks]

Good luck with the scan! At least we're on the same A/V program

 

I think it only deletes the temp files after a *successful* install, so maybe the old/current ones were being re-used.

 

This is the (free) MD5 thing I use: http://www.winmd5.com/

 

One more thing to try: clean as much "junk" off the system drive as you can, then do a checkdisk then defrag. You may just have been very unlucky and hit a bad sector on the HD with that temp file. Cleaning up and defragging may just shunt everything away from that sector. I had a dodgy drive like that - it was fine unil it reached around 80% full, then it started hitting those bad sectors. Always a bad sign, as I don't think flagging the bad sectors ever helped me much ... the HD was basically on its way out.

 

Adam.

[Alex Goff]

All of our downloads are guaranteed safe and in use by thousands of others without infection. There is nothing more we can do to guarantee the safety beyond our automated regular scans of all hosted downloads. If the virus scanner flags the file it is a false positive, it has happened before and can happen again.

[flyboy1953]

Well....

1. Deleted the temp files created after running the flightsim installer....

2. Ran the hashtag checker on the latest file I downloaded and got the number.

3. Did the same for the file in flightsim using the the link to the file

Both numbers matched.

4. Downloaded again to a different hard disk

5. Ran the installer...

Same result, same virus....

Honestly, I dont think it is out of the realm of possibilities that the file could be infected.

Adam... Would you be willing to send me a copy of yours since you had no problem? or at least check the code to yours to the one in Flightsim.com?

Here is the code for the file: "OrbxFTXNAKTVL110_3.zip" = 39c049a08f26c69c214a792a139ddca9

Thanks again....

[Alex Goff]

Again, all products are scanned multiple times per day on the download servers. False flags are very common, especially in our line of work. Our files are downloaded by few users and change frequently which greatly raises the chance of files being mis-identified by virus scanners. One example, the Day/Night lights switcher was flagged as a trojan by several scanners for years.

 

Searching for "FileRepSnxclass" pulls up several posts for false flags from Avast!, one in particular being an installer for telescope guidance software, very similar to the KTVL installer being flagged.

 

You can download using a different CDN from the FlightSimStore which will serve a different copy of the same file. But if the hashes match then the installer you have downloaded is an intact copy of the same ones verified as clean already. Beyond this, there is really not much more we can do to reassure you that our installers are clean. It is of very high importance that the files downloaded by thousands of customers are clean and safe, otherwise it would be very hard to convince customers to purchase. So with that in mind hopefully the importance we place on that is enough to reassure that we do not have infected software hanging around.

[flyboy1953]

Alex...

The world isn't perfect and  out of 30 installs I have done over the last three days this is the "ONLY" one to do this.

I know what false positives are and have dealt with them. I am a retired engineer and am not stupid but the web is being hacked continuously.

As I mentioned to Adam.. if he could please check a known good file with the latest ones being offered....

If they are the same release, they should match.

This is a normal process of inspecting with a known good file that someone downloaded with the same exact environment.

If his has the same numbers I will consider it to be safe.

Mine, and the ones from three different servers... on the web checked to have the same numbers and guess what, they all failed with the same warning where none have before.

 

 

[flyboy1953]

Some people as myself use one computer to do their work and cant afford another...

I have had two viruses in 30 years of computing and that is because i am careful....

I have too much to lose.

So I take threats seriously.

Please don't downplay a threat just because you may have a spotless record....

You would look very foolish if one got by.

[Alex Goff]

Ok, what else can be done to prove the installer is clean?

 

The hash matches the copy I have which did not pull up a virus warning on install, nor was it flagged by Malwarebytes or MSE on a specific scan.

[Alex Goff]

 

Safe?

[flyboy1953]

That is why I am waiting for Adam...

He has the very same setup as myself... OS, Sim, AV... and a file that loaded without warnings.

Your computer could have different settings in your AV.

A proper comparison is with as close as the same exact environment and a known file that works with said environment...

I just downloaded and installed Southern California without a hitch but KTVL keeps singing the same song....

It is the only one of all that I have... and if you look at my signature, I have added quite a bit since.

Also... ORBX is using a new temp file system...

The older files would unwrap without any details as to where the temp files went.....

We'll see what Adam has to say....

Thanks.... if worse comes to worse, I can live without KTVL in P3D.

I'll try the next patch or version that comes out..

[Misha Cajic]

I'm sorry, but you are just creating work for yourself.

We can absolutely and positively guarantee our software doesn't have a virus and what you're getting is a false positive. If you aren't convinced about that already after our multiple replies, I'm afraid we can't help you.

[Penzoil3]

Scan of Tahoe installer with ESET.

[Triplane]

 

First, let me put on my flame-proof suit. Next, let me say that the free version of Avast is notorious for false positives. As my Daddy once told me, life's too short to dance with ugly women.

 

Doug

 

Merry Christmas from the Royal Princess somewhere in the eastern Caribbean.

 

 

 

 

[Adam Banks]

OK ... here goes!!!

 

1) I don't think I could send you my file (copyright reasons etc.) - unless ORBX specifically allow it (Misha/Alex?).

 

2) I re-ran the MD5 checker:  OrbxFTXNAKTVL110.zip = 39c049a08f26c69c214a792a139ddca9 .... same as yours and the same as when I first downloaded it.

 

3) I downloaded the file on my work PC then transferred it to my FS machine. Both have the same version of Avast (Free). I ran Avast for that file specifically and it reported clean (on both PCs). I also ran it against the payware Malware AntiBytes. Clean.

 

I'm generally pretty anal about security on my PCs (I work as a web developer, so often exchange files with clients). I usually have different A/V on different PC's but ended up just using one I liked best on all my machines (lazy!!!). However - I make sure they're all updated constantly. Is your Avast totally up-to-date (engine and definitions)?

 

Did you try my suggestion (in #10) to try and avoid a possible bad sector on the HD?

 

I go with the "false positive" theory - though I'm intrigued as to why I don't get it - unless we have different versions of Avast <??>. Mine is:

 

Engine: 11.1.2245

Defs: 151222-1

 

Did you try pointing to a different directory (or maybe different drive) for temporary unpacking?

 

Adam.

 

 

[flyboy1953]

Ok.... Ran the chkdisk and defrag..... Avast is exactly same specs....

May I ask what your avast settings are? as far as active file check?

Thanks Adam....

 

[Adam Banks]

48 minutes ago, flyboy1953 said:

May I ask what your avast settings are? as far as active file check?

 

 

Active Protection / File System Shield : all enabled (or set to defaults/on). I haven't set/unset any settings.

 

Adam.

[Misha Cajic]

Sorry, but you can either accept that there is no problems with the file, as we have told you countless times, and many others have proven above, or just don't install the scenery, if you still believe there is. Considering this answered and locking it.