Plugger69 Posted July 11, 2013 Share Posted July 11, 2013 Hi Guys, I'm sure there is an explanation for this, or at least I hope there is. After my recent un-install and then re-install of FSX along with FTX Australia and also Brisbane Intl YBBN, I just did a Norton scan as I had also downloaded and installed a couple of freeware aircraft and as I do after all installations, I run Norton and it came up that there was a security threat that came up with the following : Category: Quarantine Date & Time,Risk,Activity,Status,Recommended Action,Path - Filename 2013-07-11 17:46:46,High,ftxlights_day.exe (Suspicious.Cloud.7.EP) detected by Auto-Protect,Quarantined,Resolved - No Action Required,c:\program files (x86)\microsoft games\microsoft flight simulator x\orbx\scripts\ftxlights_day.exe When I then click on more details it has the following information :Full Path: c:\program files (x86)\microsoft games\microsoft flight simulator x\orbx\scripts\ftxlights_day.exe Threat: Suspicious.Cloud.7.EP It then has this information under file insight : On computers as of Not Available Last Used 11/07/2013 at 5:46:46 PM Startup Item No Launched No ____________________________ ____________________________ Unknown Number of users in the Norton Community that have used this file: Unknown ____________________________ Unknown This file release is currently not known. ____________________________ High This file risk is high. ____________________________ Threat Details Threat type: Heuristic Virus. Detection of a threat based on malware heuristics. ____________________________ ____________________________ File Actions File: c:\program files (x86)\microsoft games\microsoft flight simulator x\orbx\scripts\ftxlights_day.exe Removed ____________________________ File Thumbprint - SHA: 3a1d83c965c987bbf9f59dd81688c15cc77ab6c6e5f27fc58f3c4ab01857f36c ____________________________ File Thumbprint - MD5: 575456a07756d4740de9a0d74fed4b36 ____________________________ What it has now done is deleted the FTX Day and removed it as a security threat but it still allows me to use and click on FTX Night Lights...Could someone give me a please explain and how can I bring my FTX Day back up to use please. Cheers, Chris Link to comment Share on other sites More sharing options...
Ian Routley Posted July 11, 2013 Share Posted July 11, 2013 Typically Norton 'Quarantines" the file ... which would appear to be what it is informing you on this occasion. Perhaps Check the Quarantine section within Norton's user interface, and instruct it to restore the file. Link to comment Share on other sites More sharing options...
Plugger69 Posted July 11, 2013 Author Share Posted July 11, 2013 Ian, You are a scholar and a legend my friend. Just followed your instructions and BINGO ! I restored it from quarantine and I excluded that from all future scans and FTX Day lets me select it again. Just out of curiosity, is there any reason that it would have done that in the first place ? Cheers, Chris Link to comment Share on other sites More sharing options...
Ian Routley Posted July 11, 2013 Share Posted July 11, 2013 From memory, we have seen this before. The 'signature' used to detect the virus cross-reacts with a legitimate program. It can also be an issue with overly aggressive heuristic scans that object to FTXDay changing files within the Program Files directory. Not as bad as McAfee though, but don't get me started ..... Link to comment Share on other sites More sharing options...
fltsimguy Posted July 11, 2013 Share Posted July 11, 2013 Suggest you take the time to learn how to use Nortons exclude from scan features, IE like exclude FSX folder and all subfolders. Pet peeve..using "urgent" for topic titles for computer gaming. Link to comment Share on other sites More sharing options...
Plugger69 Posted July 12, 2013 Author Share Posted July 12, 2013 Thanks again Ian, much appreciated and point taken fltsimguy about he "Urgent" for topic titles...) Cheers, Chris Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.