jacobmulder Posted March 1, 2015 Share Posted March 1, 2015 I have been in contact with the FlightSim store regarding a Trojan.Gen.SMH Virus and realise I should have raised the issue here as I received a brush off from Andres Bottini, below is the corospondence sent to them. After downloading the above mentioned library and the installation my NORTON 360 detected a Trojan.Gen.SMH Virus which according to the Norton report is in the ftxlights_day.exe and has blocked this part of the FTX Lights program, I also make you aware that a Dutch friend has received the same Virus when after buying and downloading Norway, he also has sent you an email, I cannot believe that you are not aware of this problem at this stage, see attachement of the Norton report. Regards Jacob Hi Jacob, It is a false positive all items on our servers are virus free, I would suggest to deactivate your anti virus when installing the software. Cheers Andres Bottino, below my last response to Andres. Hi Andres Let me assure you that Trojan.Gen.SMH is NOT!!! a false Positive like you claim it to be, may I suggest you have a look at this link and learn what Trojan.Gen.SMH can do to a computer, >http://rescueyourcomputer.blogspot.nl/2014/11/easy-guide-to-remove-trajangensmh-get.html Let me assure you that this Virus came in when I used the ORBX Cloud server to download Orbx Library FSX/P3Dv1 version 150215, I done this by mistake as I have always used the MY FTX server before, I then had to consult Norton to remove this Trojan.Gen.SMH from the ftxlights.day.exe , I am not completely Computer illiterate, I have many Obx FTX programs installed for my FSX and have never experienced any Virus alerts through Norton 360 before so instead of just brushing this off and ignoring the problem at least investigate, maybe some one has infected your servers. Regards. Jacob Link to comment Share on other sites More sharing options...
Ed Correia Posted March 1, 2015 Share Posted March 1, 2015 Couple of things. Firstly, files from MyFTX, Orbx Cloud & Drive are identical and virus free. Secondly, sorry but it is a false positive. Been reported numerous times since it (ftxlights_day.exe) was created http://www.orbxsystems.com/forum/topic/93040-mcafee-giving-trojan-warning-for-orbx-light-file/?hl=%2Bfalse+%2Bpositive#entry845747 http://www.orbxsystems.com/forum/topic/93415-virus-in-ftxlights-dayexe/?hl=%2Bfalse+%2Bpositive#entry849201 http://www.orbxsystems.com/forum/topic/92910-ftxorbxlibs-150215-ftx-lights-dayexe-contains-trojangensmh/?hl=%2Bfalse+%2Bpositive#entry844522 Link to comment Share on other sites More sharing options...
jacobmulder Posted March 6, 2015 Author Share Posted March 6, 2015 Hi Ed. So what would you suggest we do with the ftxlights_day.exe where this Trojan.Gen.SMH settles itself. I also find it very risky on my part to follow the Orbx team members advice with previous customers having corruption problems to deactivate their Anti Virus during a download from any ORBX download server. By the way I have always used a download manager Jacob Link to comment Share on other sites More sharing options...
Ed Correia Posted March 6, 2015 Share Posted March 6, 2015 Hi Jacob, I do not think that any sort of virus has attached itself to the exe. My hunch is that the heuristic functions of the AV that picks up on the behaviour of the exe which simply swaps a bgl file. In the ORBX\Scripts\Lights folder you will see a ON & OFF folder with a bgl inside. Depending if you want lights On or Off, that particular bgl is swapped with the one in the Scenery\Global\scenery folder. Personally, I use MSE and have it exclude my sim folders from real time scanning. All files that we host and those sent to FSS for release are clean, so apart from that guarantee, that is all I can offer for now. Link to comment Share on other sites More sharing options...
Alex Goff Posted March 6, 2015 Share Posted March 6, 2015 Hi Ed. So what would you suggest we do with the ftxlights_day.exe where this Trojan.Gen.SMH settles itself. I also find it very risky on my part to follow the Orbx team members advice with previous customers having corruption problems to deactivate their Anti Virus during a download from any ORBX download server. By the way I have always used a download manager Jacob There is no advice to turn off anti-virus when downloading. In certain cases they may get in the way of installs so deactivating then would be useful but only in those specific cases. The download servers are scanned and monitored for viruses, the lights switcher is not one of them. It simply behaves in a way (an exe modifying files) that is falsely flagged. Link to comment Share on other sites More sharing options...
Jay Kae Posted March 6, 2015 Share Posted March 6, 2015 and Alex is correct and Jacob, I would appreciate it if you would kick the panic mongering tone down a little. Now let ME assure YOU that my servers are 100% virus and trojan and warez free, this gets guaranteed by a continuous cycle of scanning with the lastest versions of the corporate versions of all 10 major anti-virus companies. This runs on a cron job basis and the behaviour you are seeing is indeed like the behaviour of that trojan but that does not mean it IS that trojan, my servers get the database files several hours before they get pushed to normal customers, the second they are received by my servers they get run and verified against the hash of the files and authentication takes place for all 10 of those companies. So please, do not sit there and cause unnecessary angst about this with other users, thank you PS Do yourself a favour and boot Norton out the window, bloatware at best nowadays and whenever you are in doubt, just run your URL in this https://www.virustotal.com/en/ Notice how Symantec is not there once you run a file like the Orbxlibs ? The reason why is that Symantec is one of the slowest companies to update their libraries, Kaspersky usually beats Symantec by 4-15 hours in updating their databases Link to comment Share on other sites More sharing options...
jacobmulder Posted March 10, 2015 Author Share Posted March 10, 2015 First of all I did not kick the panic button as you put it Jay Kea, and I did not raise any Panic Mongering tone as you put it all I did was raise what I thought needed the attention of the Administrators of ORBX. When any of your ORBX clients think there is an issue with anything it is our right to raise that through the correct Forum section. Jay Kae I do not like your response however that is your right, if you have a good look through my signature of all the ORBX products I have downloaded over the years and never had a problem with Norton 360 until that particular time I downloaded that latest library, then I felt it my right to raise it with you guys, I now consider this matter closed Thank you. Jacob Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.