GearHeads Corner
December 15, 2019, 04:58:29 AM *
Welcome, Guest. Please login or register.

Login with username, password and session length
 
   Home   Help Search Login Register  
Pages: 1 [2]
  Print  
Author Topic: Virus Warnings  (Read 7383 times)
0 Members and 1 Guest are viewing this topic.
ArtF
Administrator
Hero Member
*****
Posts: 5477



View Profile
« Reply #15 on: March 07, 2017, 07:18:19 AM »

I find that of most of them now, virus scanners seem to simply say " I havent seen that often enough, so its a virus.". Its getting
to a ridiculou s level. Ironicall y its happening as it gets harder and harder to actually get a virus due to Windows security. Most of
them have gone down the "heuristic" road where they guess if its a virus or not..whic h of course leads to the "better safe than
sorry" way they decalre something off limits now.
   I use Microsoft s protectio n.. never seem to get trouble, but then Im pretty carefull as to what I open..

Art

Logged
Stojan
Newbie
*
Posts: 28


View Profile
« Reply #16 on: March 07, 2017, 08:28:25 PM »

Like I said before most virus authors depend on people not being attentive . You know the I am assuszuu the clever my uncle died last year leaving me millions, I need help to get my millions out of the country for this help I will give you half of my fortune my 4 wives and 20 children, please click on this link to help.

Nothing will jump out and attack you until you press the "I wonder what this does" button.

Many years ago and I do mean many... I was asked when commissio ning a network, which was the best virus protectio n and anti hack system I could recommend .

I still contend to this day you can't beat this system.

No floppy access, no usb access no network access offline operation only.

But wheres the fun in that.
Logged
Mooselake
Hero Member
*****
Posts: 604



View Profile
« Reply #17 on: March 08, 2017, 01:20:43 PM »

I am assuszuu the clever my uncle died last year leaving me millions, I need help to get my millions out of the country for this help I will give you half of my fortune my 4 wives and 20 children, please click on this link to help.
Can I skip the wives and get my pick of the kids?  If so, count me in...

Interesti ng article (put on your tinfoil had first) that towards the bottom discusses how the CIA reportedl y exploits virus scanners.  Perhaps Art could pick up some tricks to get rid of the annoying false alarms.

Kirk
Logged
DanL
Sr. Member
****
Posts: 362


View Profile
« Reply #18 on: March 09, 2017, 04:05:33 AM »

As the saying goes of course they do, if not them it's someone else, A lot of people forget how WW2 was won.

Over here they say what they do and no one realy cares.
Logged
Stojan
Newbie
*
Posts: 28


View Profile
« Reply #19 on: March 09, 2017, 08:52:50 AM »

As the saying goes of course they do, if not them it's someone else, A lot of people forget how WW2 was won.

Over here they say what they do and no one realy cares.

Just read the article, no surprises there really. Being the insignifi cant peon that I am I have nothing to worry about. Apart from my making the Obituary one day, that's about all the fame I will have in newspaper appearanc es.

But we the people voted and we the people allow them to do so.
Logged
DanL
Sr. Member
****
Posts: 362


View Profile
« Reply #20 on: March 10, 2017, 03:35:59 AM »

If they did not and if they could do it but just did not do it and something bad happened they will get their arse handed to them, Me I hope they do it.

Logged
Mooselake
Hero Member
*****
Posts: 604



View Profile
« Reply #21 on: August 31, 2019, 03:23:24 PM »

Argg, WinHozed.  I run the latest stable version of Windows Insider Preview on my laptop, early test for work back when I cared about such things.  The latest version has pronounce d GearoticS ETUP2.exe a deadly virus that will destroy humanity as we know it.  Chrome and M$ Edge refuse to download it while Firefox will download but w$ won't allow me to run it; I'll set an exception for the downloade d file and try again.

While I have Vexx 2.23 it was getting confused while I was trying celtic knots and thought I'd try a refresh before complaini ng.  Now the Gatesian fortune generator is demonstra ting it's evil empire aspect.  Unless it really contains spursint. f!cl, but I really doubt it.  It's a common complaint generated by their artificia l unintelli gencent cloudy scanner, were I cynical I'd say it's an attempt to fill the M$ coffers with their digital signing package.

Trojan:Win32/Spursint.F!cl

Kirk
Logged
Mooselake
Hero Member
*****
Posts: 604



View Profile
« Reply #22 on: August 31, 2019, 03:30:13 PM »

After whitelist ing it in WinHose Defiler all I got was the usual we're all gonna die if you run this, run anyway worked fine.  <sigh>

I did click the wrong download button the first time, the current developme nt file is GearoticS etup, no 2

Kirk
Logged
Mand
Newbie
*
Posts: 16


View Profile
« Reply #23 on: September 06, 2019, 11:23:45 AM »

Incidenta lly, I just (literally right now) got a Windows Security warning saying:

Threat detected: Trojan:Win32/Spursint.F!cl
Alert level: Severe
Category: Trojan
Details: This program is dangerous and executes commands from an attacker.
file: C:\Users\[username]\Downloads\GearoticSETUP2.exe

...anyway, I'm unconcern ed, but figured I'd post the note here in case others get similar messages and freak out or something (this warning appears to come from the MS "cloud analysis" security system).

Oh, and I forgot to note: anyone getting this same message will probably need to remove the file from quarantin e.
Logged
ArtF
Administrator
Hero Member
*****
Posts: 5477



View Profile
« Reply #24 on: September 06, 2019, 11:25:03 AM »

I really hate those virus AI sensors.. .

Art
Logged
Mooselake
Hero Member
*****
Posts: 604



View Profile
« Reply #25 on: September 06, 2019, 01:25:00 PM »

And they make it really hard for developer s, particula rly if you want to support anything before Windows 8.  You can make a private cert according to the direction s, for "local deploymen t only" - whatever that means.  However they say you can't deploy signed apps except on Win8 and up.

Makes me really glad I retired.. .

Kirk
Logged
BillM
Full Member
***
Posts: 106


View Profile
« Reply #26 on: November 21, 2019, 01:33:10 PM »

Art

The Windows 10 virus scanner seems to have the mistaken view that CoInstall .exe and Gearotics SETUP.exe contain viruses.   The error in particula r is "severe"  Trojan:Win32/Spursint.F!cl

There is apparentl y some character istic in the executabl e files that makes Windows think that the .exe files contains the Trojan virus.

In the past I've been able to simply ignore the virus scanner warnings.  While trying to eliminate a problem with the most current version of Vexx (missing msvcr120D DLL error) I ran  across another annoying Win10 "feature"

I tried copying the CoInstall and Gearotics SETUP exe files to a backup folder  and the files disappear ed.   I tracked this issue down to the Virus scanner & the erroneous Trojan:Win32/Spursint.F!cl detection .  I examined the Windows Security Virus protectio n history where I was able to restore the files and temporari ly allow(hence ignore) the Trojan:Win32/Spursint.F!cl detection .

After Gearotics & Vexx were successfu lly installed using the "stable" version of Gearotics, I re-enabled detection of Trojan:Win32/Spursint.F!cl viruses just in case some other software might really contain that virus

Bill
Logged
ArtF
Administrator
Hero Member
*****
Posts: 5477



View Profile
« Reply #27 on: November 21, 2019, 03:13:54 PM »

Bill:

 Thanks for the informati on. Im looking into how to stop these false readings. .

Art
Logged
BillM
Full Member
***
Posts: 106


View Profile
« Reply #28 on: November 21, 2019, 04:19:51 PM »

Art

I looked up some informati on about the type of virus warning being triggered .  I've tried to make some sense of the types of things Windows is concerned about as described in:
  https://www.malware-board.com/blog/remove-trojanwin32-spursintfcl-from-pc-simple-process

The name of the file probably has nothing to do with the detection .   There is perhaps some sort of windows feature where your programs are calling Windows system functions (probably defined in a windows system .dll file) to execute external .exe files or to get informati on from  memory locations external to the running program.

One example comes to mind: the relations hip between Vexx and Gearotics to get a gear from Gearotics, modify it in Vexx and then replace the modified gear back into Gearotics might resemble behaviors similar to the Trojan.

I'm not too familiar with Augie except for the simulatio n capabilit ies where pressing CONS button brings up another window.

After I re-enabled detection of  Trojan virus as soon as I tried to rename Gearotics Setup.exe to a different name the system  once again not only deleted the file I tried to rename but it also deleted the different versions of CoInstall .exe and Gearoitic s within the same windows folder.

To say that the virus protectio n is aggressiv e would be an understat ement.

Bill

Logged
Mooselake
Hero Member
*****
Posts: 604



View Profile
« Reply #29 on: November 23, 2019, 02:17:31 PM »

It might be simpler than that, the scanners look for "signature s", strings of code that match things found in virii.  One of these days they'll start deleting everythin g that includes the x86 equivalen t of x=2+2 after assigning the task to a new junior programme r.

Way back when I ran an email system, the new guy decided to block all email from aol.com (ancient floppy delivery system) because he got a spam email from an aol address.  I was out of town for a couple days, came back to a big mess...

Kirk
Logged
Pages: 1 [2]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.11 | SMF © 2006-2009, Simple Machines LLC Valid XHTML 1.0! Valid CSS!