Synapse Zabelin Posted February 27, 2020 Share Posted February 27, 2020 I keep getting Trojan warnings from a Firestorm redirect. I added the site to Malwarebytes, then AVG flagged it as hostile. I removed the permission from Malwarebytes until I figure out what's going on. Have any of you experienced this, and is it a false warning? Link to comment Share on other sites More sharing options...
Selene Gregoire Posted February 27, 2020 Share Posted February 27, 2020 (edited) Download the viewer only from the official site. https://wiki.firestormviewer.org/downloads See also: https://wiki.firestormviewer.org/antivirus_whitelisting You may also want to join the inworld support group; https://www.firestormviewer.org/support/ ETA: To do a full clean reinstall: https://wiki.firestormviewer.org/fs_clean_install Edited February 27, 2020 by Selene Gregoire 6 Link to comment Share on other sites More sharing options...
bigmoe Whitfield Posted February 28, 2020 Share Posted February 28, 2020 yeah remove that exemption in malwarebytes, you did not indicate where you downloaded it from, the offiical version is clean. 7 Link to comment Share on other sites More sharing options...
Alwin Alcott Posted February 28, 2020 Share Posted February 28, 2020 10 hours ago, Synapse Zabelin said: from a Firestorm redirect ... deep sigh .. nowhere, never ever in the whole history of the www was warned to download only from the original websites. Clicking all links in your spamfolder ( if you have one) too? (sorry ...sarc .. but come on) 1 1 Link to comment Share on other sites More sharing options...
Ajay McDowwll Posted February 28, 2020 Share Posted February 28, 2020 15 hours ago, bigmoe Whitfield said: yeah remove that exemption in malwarebytes, you did not indicate where you downloaded it from, the offiical version is clean. Just to help clarify, this just started happening in Firestorm on 2/27/2020 around 2:00 PM SLT, on a viewer he installed on his machine upon our return to SL in October of 2019 after a near-10-year hiatus. Firestorm was downloaded from the official site. Source: he's my husband RL as well as partner in SL. I personally sent him the link for the download and was present for same. (Only jumping in because I just saw he'd posted here, and I have some computer availability right now to offer some additional details, whereas at his workplace he does not.) 1 Link to comment Share on other sites More sharing options...
Chic Aeon Posted February 28, 2020 Share Posted February 28, 2020 (edited) Are you (he) trying to say that there was a Trojan warning from AVG from a WEBSITE redirect from the Firestorm site? Or that when looking at something from within Firestorm using the external viewer there is a redirect that instigates a trojan warning? At the moment it is pretty unclear -- to me anyway. Anything on the web isn't a Firestorm viewer issue, but a web issue. There have been times in the past when virus checkers have mistakenly tagged viewers as malware. Since we haven't heard a huge outcry about this yet, I am guessing it is NOT the viewer that is the issue. More info is really needed. Edited February 28, 2020 by Chic Aeon adding info Link to comment Share on other sites More sharing options...
Ajay McDowwll Posted February 28, 2020 Share Posted February 28, 2020 11 minutes ago, Chic Aeon said: Are you (he) trying to say that there was a Trojan warning from AVG from a WEBSITE redirect from the Firestorm site? Or that when looking at something from within Firestorm using the external viewer there is a redirect that instigates a trojan warning? At the moment it is pretty unclear -- to me anyway. Anything on the web isn't a Firestorm viewer issue, but a web issue. There have been times in the past when virus checkers have mistakenly tagged viewers as malware. Since we haven't heard a huge outcry about this yet, I am guessing it is NOT the viewer that is the issue. More info is really needed. I believe the issue was a Malware Bytes warning related to Firestorm activity, but that was last night and I'm running on minimal sleep, so I'll leave the rest of that to him (as I should have left this entirely alone, frankly). The information regarding the source of his Firestorm software is solid, however. I agree more information is needed; I shouldn't have butted in, but I know him and saw how few details he'd left (he was on his cell, and he hates thumb typing so why did he not wait until he was home???) and also saw a few comments that... well, anyway. Shutting up. He's a big boy. He'll handle it. 1 Link to comment Share on other sites More sharing options...
Selene Gregoire Posted February 28, 2020 Share Posted February 28, 2020 16 minutes ago, Chic Aeon said: Since we haven't heard a huge outcry about this yet, I am guessing it is NOT the viewer that is the issue. https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Virus:DOS/Firestorm Not related to the FS viewer. Just a couple. 1 Link to comment Share on other sites More sharing options...
Selene Gregoire Posted February 28, 2020 Share Posted February 28, 2020 1 minute ago, Ajay McDowwll said: Malware Bytes warning related to Firestorm activity Malwarebytes seems to be having some problems lately. It keeps trying to renew my sub when it isn't time yet. 3 Link to comment Share on other sites More sharing options...
Ajay McDowwll Posted February 28, 2020 Share Posted February 28, 2020 Well, it's reassuring (albeit not "good") that there's someone else who's having issues and it's likely a software problem (outside of FS, obviously). If he's too wiped to log in, I'll let him know. Thank you everyone for your help -- it's truly appreciated, my own stupid-sleepy brain responses notwithstanding 😳 2 Link to comment Share on other sites More sharing options...
Synapse Zabelin Posted February 28, 2020 Author Share Posted February 28, 2020 7 hours ago, Chic Aeon said: Are you (he) trying to say that there was a Trojan warning from AVG from a WEBSITE redirect from the Firestorm site? Or that when looking at something from within Firestorm using the external viewer there is a redirect that instigates a trojan warning? At the moment it is pretty unclear -- to me anyway. Anything on the web isn't a Firestorm viewer issue, but a web issue. There have been times in the past when virus checkers have mistakenly tagged viewers as malware. Since we haven't heard a huge outcry about this yet, I am guessing it is NOT the viewer that is the issue. More info is really needed. My apologies to everyone for minimal information. I was typing on my phone when I posted this. The following is information from Malwarebytes: Malwarebytes www.malwarebytes.com -Log Details- Protection Event Date: 2/27/20 Protection Event Time: 5:16 PM Log File: bce7c47a-59ae-11ea-bf70-94de800bb66f.json -Blocked Website Details- Malicious Website: 1 , C:\Program Files\Firestorm-Releasex64\Firestorm-Releasex64.exe, Blocked, -1, -1, 0.0.0 -Website Data- Category: Trojan Domain: docleaner-trk.com IP Address: 138.201.126.227 Port: 80 Type: Outbound File: C:\Program Files\Firestorm-Releasex64\Firestorm-Releasex64.exe (end) Please note that the domain that it is trying to redirect to is docleaner-trk.com and it's located in the Firestorm directory. I get the same information from AVG. I downloaded from the official site but this activity has started just recently (in the past two weeks.) I understand that some Anti-Virus software do not play well with certain platforms. I've had that issue with AVG before, but when Malwarebytes AND AVG started notifying me I became concerned. My original post was meant to ask if there were any known issues with Firestorm that would cause this. If not, I will do more research. Again, my apologies for minimal information. Link to comment Share on other sites More sharing options...
Selene Gregoire Posted February 29, 2020 Share Posted February 29, 2020 (edited) I've been using Malwarebytes for 20 years now and it has never alerted me to anything regarding Firestorm in the past however many years it has been since FS was released. The issue is not with the viewer. ETA: I was also on the FS support team for over 5 years so I probably do know what I am talking about. Edited February 29, 2020 by Selene Gregoire 2 Link to comment Share on other sites More sharing options...
Synapse Zabelin Posted February 29, 2020 Author Share Posted February 29, 2020 16 minutes ago, Selene Gregoire said: I've been using Malwarebytes for 20 years now and it has never alerted me to anything regarding Firestorm in the past however many years it has been since FS was released. The issue is not with the viewer. ETA: I was also on the FS support team for over 5 years so I probably do know what I am talking about. I have no doubt in regards to your credentials 🙂 I'm moving toward it being an infection that wasn't cleaned by my protective programs. I am currently checking on that now. I intend to send questions to both AVG and Malwarebytes in regards to this situation. I only asked here because it was based in my Firestorm directory. Link to comment Share on other sites More sharing options...
Lindal Kidd Posted February 29, 2020 Share Posted February 29, 2020 Probably should alert the Firestorm team to this, too. I'm sure they will want to know someone may be stashing Bad Things in their directory. Calling @WhirlyFizzle! Link to comment Share on other sites More sharing options...
Selene Gregoire Posted February 29, 2020 Share Posted February 29, 2020 (edited) 1 hour ago, Lindal Kidd said: Probably should alert the Firestorm team to this, too. I'm sure they will want to know someone may be stashing Bad Things in their directory. Calling @WhirlyFizzle! This is something that does occur periodically and there isn't anything they can really do about it. Quote Some anti-virus programs (and firewalls and anti-malware programs) will incorrectly flag a viewer - or necessary components of a viewer - as a virus or threat. They may remove the suspected part completely, rendering all or part of the viewer slow or non-functional. There is at least one anti-virus program which will scan every file placed on your computer, even if created by an authorized program. This can affect Firestorm (or any viewer) in that it will scan each and every texture placed in cache, slowing down performance of the viewer significantly, keeping objects and/or textures from rezzing, and keeping CPU usage high. https://wiki.firestormviewer.org/antivirus_whitelisting See also: AVG 2011 incorrectly flags the viewer as malware, and “disables” a required component, SLPlugin. To fix this: Reinstall the viewer (there is no need to uninstall first; you can install on top); If AVG reports a problem with SLPlugin.exe, ignore the warning, as it is a false positive. https://wiki.firestormviewer.org/antivirus Edited February 29, 2020 by Selene Gregoire 1 Link to comment Share on other sites More sharing options...
Lindal Kidd Posted February 29, 2020 Share Posted February 29, 2020 Yes, Selene. But is that file the AV software flagged actually a part of Firestorm, or did something else put it there? Link to comment Share on other sites More sharing options...
Selene Gregoire Posted February 29, 2020 Share Posted February 29, 2020 48 minutes ago, Lindal Kidd said: Yes, Selene. But is that file the AV software flagged actually a part of Firestorm, or did something else put it there? If you are thinking someone did it deliberately then the OP is lying about having dled from the official site. This is not a repeat of Emerald. Some other culprit (such as a porn dialer) has imbedded itself in another program (FS) to hide. There is nothing in the FS coding that would redirect to a website that is not the official site or server and certainly not to docleaner-trk.com, whatever kind of scam that is. I'll never forget the couple that brought in a pc crammed so full of porn dialers it couldn't function. It took 12 hours to clear all that mess out and then another 18 hours to run defrag and cleanup. Then, when he had loaded it up with porn dialers again, they bring it back and the B accuses us of putting the porn dialers on their computer! She absolutely refused to believe her husband was surfing porn on the net. 1 Link to comment Share on other sites More sharing options...
Lindal Kidd Posted February 29, 2020 Share Posted February 29, 2020 Right. I'm not saying FS put anything bad in the viewer. I googled the file, docleaner-trk.com that Malwarebytes flagged in the OP's computer. It's definitely malware. My guess is that some other program or website snuck it in there. Link to comment Share on other sites More sharing options...
IxBabexI Posted January 8, 2022 Share Posted January 8, 2022 could it maybe be from a tv rezzed on the sim? Link to comment Share on other sites More sharing options...
Maryanne Solo Posted January 8, 2022 Share Posted January 8, 2022 On 3/1/2020 at 4:13 AM, Selene Gregoire said: She absolutely refused to believe her husband was surfing porn on the net. Link to comment Share on other sites More sharing options...
Neena Andretti Posted January 23, 2022 Share Posted January 23, 2022 If I visit a particular sim, I get the same Malwarebytes notification no matter which viewer I use (Alchemy or Firestorm, each downloaded from their official sources). I wonder if there is some object on the sim trying to use dullahan, SL's media utility, to connect to an unsavory website... but I have shared media turned off, so I don't know what path it is taking to try and convince the viewer to load a random website. It only happens on this one sim, too. Link to comment Share on other sites More sharing options...
Recommended Posts
Please take a moment to consider if this thread is worth bumping.
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now