Virus Warnings

a note about any virus warnings.
DanL
Old Timer
Posts: 362
Joined: Wed Sep 10, 2014 1:35 pm

Re: Virus Warnings

Post by DanL »

If they did not and if they could do it but just did not do it and something bad happened they will get their arse handed to them, Me I hope they do it.

User avatar
Mooselake
Old Timer
Posts: 522
Joined: Sun Dec 26, 2010 12:21 pm
Location: Mooselake Manor

Re: Virus Warnings

Post by Mooselake »

Argg, WinHozed.  I run the latest stable version of Windows Insider Preview on my laptop, early test for work back when I cared about such things.  The latest version has pronounced GearoticSETUP2.exe a deadly virus that will destroy humanity as we know it.  Chrome and M$ Edge refuse to download it while Firefox will download but w$ won't allow me to run it; I'll set an exception for the downloaded file and try again.

While I have Vexx 2.23 it was getting confused while I was trying celtic knots and thought I'd try a refresh before complaining.  Now the Gatesian fortune generator is demonstrating it's evil empire aspect.  Unless it really contains spursint.f!cl, but I really doubt it.  It's a common complaint generated by their artificial unintelligencent cloudy scanner, were I cynical I'd say it's an attempt to fill the M$ coffers with their digital signing package.

Trojan:Win32/Spursint.F!cl

Kirk
User avatar
Mooselake
Old Timer
Posts: 522
Joined: Sun Dec 26, 2010 12:21 pm
Location: Mooselake Manor

Re: Virus Warnings

Post by Mooselake »

After whitelisting it in WinHose Defiler all I got was the usual we're all gonna die if you run this, run anyway worked fine.&nbsp; <sigh>

I did click the wrong download button the first time, the current development file is GearoticSetup, no 2

Kirk
Mand
Old Timer
Posts: 17
Joined: Sun Jan 21, 2018 1:30 pm

Re: Virus Warnings

Post by Mand »

Incidentally, I just (literally right now) got a Windows Security warning saying:

Threat detected: Trojan:Win32/Spursint.F!cl
Alert level: Severe
Category: Trojan
Details: This program is dangerous and executes commands from an attacker.
file: C:\Users\[username]\Downloads\GearoticSETUP2.exe

...anyway, I'm unconcerned, but figured I'd post the note here in case others get similar messages and freak out or something (this warning appears to come from the MS "cloud analysis" security system).

Oh, and I forgot to note: anyone getting this same message will probably need to remove the file from quarantine.
User avatar
ArtF
Global Moderator
Global Moderator
Posts: 4586
Joined: Sun Sep 05, 2010 6:14 am
Contact:

Re: Virus Warnings

Post by ArtF »

I really hate those virus AI sensors...

Art
User avatar
Mooselake
Old Timer
Posts: 522
Joined: Sun Dec 26, 2010 12:21 pm
Location: Mooselake Manor

Re: Virus Warnings

Post by Mooselake »

And they make it really hard for developers, particularly if you want to support anything before Windows 8.&nbsp; You can make a private cert according to the directions, for "local deployment only" - whatever that means.&nbsp; However they say you can't deploy signed apps except on Win8 and up.

Makes me really glad I retired...

Kirk
BillM
Old Timer
Posts: 191
Joined: Wed Jan 06, 2016 10:12 am
Location: Mystic CT

Re: Virus Warnings

Post by BillM »

Art

The Windows 10 virus scanner seems to have the mistaken view that CoInstall.exe and GearoticsSETUP.exe contain viruses.&nbsp; The error in particular is "severe"&nbsp; Trojan:Win32/Spursint.F!cl

There is apparently some characteristic in the executable files that makes Windows think that the .exe files contains the Trojan virus.

In the past I've been able to simply ignore the virus scanner warnings.&nbsp; While trying to eliminate a problem with the most current version of Vexx (missing msvcr120D DLL error) I ran&nbsp; across another annoying Win10 "feature"

I tried copying the CoInstall and GearoticsSETUP exe files to a backup folder&nbsp; and the files disappeared.&nbsp; I tracked this issue down to the Virus scanner & the erroneous Trojan:Win32/Spursint.F!cl detection.&nbsp; I examined the Windows Security Virus protection history where I was able to restore the files and temporarily allow(hence ignore) the Trojan:Win32/Spursint.F!cl detection.

After Gearotics & Vexx were successfully installed using the "stable" version of Gearotics, I re-enabled detection of Trojan:Win32/Spursint.F!cl viruses just in case some other software might really contain that virus

Bill
User avatar
ArtF
Global Moderator
Global Moderator
Posts: 4586
Joined: Sun Sep 05, 2010 6:14 am
Contact:

Re: Virus Warnings

Post by ArtF »

Bill:

Thanks for the information. Im looking into how to stop these false readings..

Art
BillM
Old Timer
Posts: 191
Joined: Wed Jan 06, 2016 10:12 am
Location: Mystic CT

Re: Virus Warnings

Post by BillM »

Art

I looked up some information about the type of virus warning being triggered.&nbsp; I've tried to make some sense of the types of things Windows is concerned about as described in:
&nbsp; https://www.malware-board.com/blog/remo ... le-process

The name of the file probably has nothing to do with the detection.&nbsp; There is perhaps some sort of windows feature where your programs are calling Windows system functions (probably defined in a windows system .dll file) to execute external .exe files or to get information from&nbsp; memory locations external to the running program.

One example comes to mind: the relationship between Vexx and Gearotics to get a gear from Gearotics, modify it in Vexx and then replace the modified gear back into Gearotics might resemble behaviors similar to the Trojan.

I'm not too familiar with Augie except for the simulation capabilities where pressing CONS button brings up another window.

After I re-enabled detection of&nbsp; Trojan virus as soon as I tried to rename GearoticsSetup.exe to a different name the system&nbsp; once again not only deleted the file I tried to rename but it also deleted the different versions of CoInstall.exe and Gearoitics within the same windows folder.

To say that the virus protection is aggressive would be an understatement.

Bill

User avatar
Mooselake
Old Timer
Posts: 522
Joined: Sun Dec 26, 2010 12:21 pm
Location: Mooselake Manor

Re: Virus Warnings

Post by Mooselake »

It might be simpler than that, the scanners look for "signatures", strings of code that match things found in virii.&nbsp; One of these days they'll start deleting everything that includes the x86 equivalent of x=2+2 after assigning the task to a new junior programmer.

Way back when I ran an email system, the new guy decided to block all email from aol.com (ancient floppy delivery system) because he got a spam email from an aol address.&nbsp; I was out of town for a couple days, came back to a big mess...

Kirk
Tva2fsq
Old Timer
Posts: 1
Joined: Sun Jan 05, 2020 12:58 pm

Re: Virus Warnings

Post by Tva2fsq »

The absolute worse thing about virus scanners is their privacy.&nbsp; Almost all of them send every single link you click on to their servers. Many also send personal information as well at the same time.&nbsp; They do this at a low level on the operating system and have full access to encrypted and VPN tunnels.&nbsp; They then sell this information to other services including governments.
Tom
Steve Truscott
Old Timer
Posts: 9
Joined: Fri Nov 30, 2012 11:48 am

Re: Virus Warnings

Post by Steve Truscott »

The smoke got out of my notebook so I replaced it. The old one was reasonably up to date but I don't know which version I was running. I tried to down load Gearotic again and Microsoft defender throws a hissy fit about a trojan and deletes the file. I found a backup of an old file, Gearotic throws a tantrum about an expired file and Microsoft deletes it.
I found a very old I5 with Gearotic on it and same result. I am not comfortable turning off any virus protection and actually I am not sure how to do that. Any step by step suggestions?
Steve Truscott temporarily in Denver Colorado
Richard Cullin
Old Timer
Posts: 152
Joined: Sat Jun 02, 2012 5:45 am

Re: Virus Warnings

Post by Richard Cullin »

the msi version downloads ok with chrome ,&nbsp; and installed after clicking on run anyway
it also runs ok
User avatar
ArtF
Global Moderator
Global Moderator
Posts: 4586
Joined: Sun Sep 05, 2010 6:14 am
Contact:

Re: Virus Warnings

Post by ArtF »

Hi:

Yes, if on Win10, please use the msi installer at www.gearotic.com in the downloads tab. Youll find it
doesnt trigger a Virus warning and just notifies you the program is from a non-trusted source. (You have to pay
to be trusted.. :) )

Thx
Art
Steve Truscott
Old Timer
Posts: 9
Joined: Fri Nov 30, 2012 11:48 am

Re: Virus Warnings

Post by Steve Truscott »

That works and now I have gearotic running. I had msi and iso mixed up in my head. No use having a CD image I thought.
Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests