resolved Vector virus notification

[Jon Clarke]

Most unusal experience a short time ago. I ran the Vector AEC and got an error notice which referred to something about FSUIPC. The shortcut disappeared from my desktop and was also gone from the Vector files. I then uninstalled Vector to reinstall from my zip manual copy. Ran the Central to install from backup copy and got the below notice. Windows defender also gave me a virus notice. A Trojan which I id not copy the name of. Just got the virus notice again it is

Trojan:Win32/Fuery.B!cl.

[Jon Clarke]

I am trying to download Vector again from Direct but it stops with the same notice as i posted above. All about a virus

[Jon Clarke]

Just done a manual download of Vector. Scanned the extracted file with Windows Defender and get the virus threat notice.

Trojan:Win32/Fuery.B!cl.

[Nick Cooper]

Which file is it identifying as a virus?

[Jon Clarke]

Hi Nick. I have had Defender localise the file. Here is a pic of the Defender notice with File ID'd

I just ran a defender scan on that individual zip file and it showed this virus as in the folder.

 

[Nick Cooper]

I am guessing that  gibberish means the control panel, 

FTX GLOBAL VECTOR Configuration Tool.exe.

 

Try asking Defender to check the existing file in your FTX_VECTOR folder.

My copy of Defender is much more laid back than yours and thinks it is not a threat.

 

Normally, I would download the product myself as a test but you will forgive me, I hope,

for not downloading 8 GB only to delete it again.

[Jon Clarke]

In order to reinstall vector i first uninstalled it so there is no longer  vector folder in orbx in the sim. I am now stuck with not being able to reinstall because the install is stopped by Central and or Defender.

I need to know if the described/named Trojan is really a danger or not. If not i could disable Defender when reinstalling.

Maybe an Orbx person with access to Direct can check it out.

 I have to go out now, but hope that this will be followed up and I will return to this thread as soon as I can.

[Nick Cooper]

Hello again.

This is the definition of the "virus" from this microsoft site.

 

Quote

This threat detection is a heuristic cloud protection rule that protects against new and emerging malware threats. 

 

If you think the Vector Control panel is a new and emerging malware threat, please do not install it.

If you think that the warning is because Defender detects an .exe file and does not recognise it, so is reporting it as a potential

threat then go ahead and install it.

If you think the servers are infected, please do not go ahead and install it.

 

There have been enough false positives and assurances that the FTX servers are not infected to allow you to make an informed decision. 

[Jon Clarke]

Here is my update. I disabled Defender to reinstall Vector successfully. Not wanting to be without an AV programme, i then enabled Defender. Started the AEC and after a few seconds the AEC shutdown and disappeared totally. No longer on desktop nor in the Orbx/Vector folder.

Disabled Defender , installed Avast, reinstalled Vector, all working OK.

The strange thing is that none of these problems existed at the time of my initial installation of 1.52 the day it was released. The same manual download copy was used to install it that I tried last night, with problems at all. It must have been something in a Defender update that has triggered this.

I already had the whole of the P3D folder as an Exclude with Defender

My main concern is not that the AEC is working again, but that Defender has to be disabled/replaced. I find Avast too intrusive hence my choosing Defender, but it seems Defender is intrusive as well !

The other very important concern is that Defender actually found a named Trojan virus. It wasn't just "something suspicious" but it has a name etc.

 

Nick you say that your version of Defender is more laid back. What are your settings in Defender? I also use Windows 10 so maybe you can assist and let me see if my settings are higher than yours. Do you only use Defender as your AV? Have you tried running the AEC with Defender enabled recently?

[Nick Cooper]

Hello again.

 

If you disable anti virus software in order to install a file that the anti virus software

wants to delete, unless you first create an exception from scanning before restarting

the anti virus software, it will of course find the file again and delete or quarantine it.

That seems to be what has happened to you.

As you say, it is not the file that has changed, it is the virus definition.

 

I would repeat that it is not identifying a virus, it is identifying a file that it suspects

might be a virus because it does not recognise it.

All .exe files are a potential threat because by definition, they are capable of making changes,

unlike say texture dds or scenery bgl files which are entirely passive.

 

This is the definition of Trojan:Win32/Fuery.B!cl from this microsoft site.

 

Quote

This threat detection is a heuristic cloud protection rule that protects against new and emerging malware threats. 

 

I have directed Defender on your behalf to scan only 

FTX GLOBAL VECTOR Configuration Tool.exe.

It does not identify it as a threat, presumably because I have told it that the file is not a threat.

 

I have excluded all my flight simulation software folders from scanning and most

of the .exe files as well, for this reason, my copy of Defender is more laid back.

It is totally unnecessary to have anti virus software constantly scanning files that are

in everyday use and is often the cause of slow loading of the simulator.

 

Given that these days, routers have a firewall built in, as does windows, the most likely

way for a virus to get into a PC is through invitation by the user.

Opening attachments or links in e mails is one common way or clicking on links on 

rogue websites.

Almost always there is an input by the user that should not have been made.

 

For these reasons I find that Windows Defender is perfectly adequate protection.

Occasionally, I will run Malwarebytes and Spybot Search and Destroy but I would

not dream of having them running in the background.

 

 

[Jon Clarke]

Many thanks to you Nick for your efforts. They are appreciated.

The latest is that i now have the AEC working again, Defender up and running, Avast removed, and no problems....yet.

I agree with you regarding the main thrust of your post referring to all the "exceptions, "firewalls" etc.

The big difference here I think was that Defender was not set an Exclude/Exception for a zip file that was on my desktop waiting for install. I have the whole of my P3D disk Excluded from Defender but the Vector zip was not in that folder. It was a new install zip file not residing in the Excluded P3D Disk, hence it was being scanned by Defender.

 I now know that if a reinstall of Vector is required I need to disable Defender during install, then remove the Vector zip file off to another storage drive. Then hopefully I can run the AEC OK as it will then be residing in the Excluded P3D folder and not subject to a scan.

Again, many thanks for your help.