Trojan warnings

[Synapse Zabelin]

I keep getting Trojan warnings from a Firestorm redirect. I added the site to Malwarebytes, then AVG flagged it as hostile. I removed the permission from Malwarebytes until I figure out what's going on. Have any of you experienced this, and is it a false warning?

[Selene Gregoire]

Download the viewer only from the official site. https://wiki.firestormviewer.org/downloads

See also: https://wiki.firestormviewer.org/antivirus_whitelisting

You may also want to join the inworld support group; https://www.firestormviewer.org/support/

 

ETA: To do a full clean reinstall: https://wiki.firestormviewer.org/fs_clean_install

Edited February 27, 2020 by Selene Gregoire

[bigmoe Whitfield]

yeah remove that exemption in malwarebytes,  you did not indicate where you downloaded it from,  the offiical version is clean.

[Alwin Alcott]

10 hours ago, Synapse Zabelin said:

 from a Firestorm redirect

... deep sigh  ..  nowhere, never ever in the whole history of the www was warned to download only from the original websites.
Clicking all links in your spamfolder ( if you have one)  too?


(sorry ...sarc .. but come on)

[Ajay McDowwll]

15 hours ago, bigmoe Whitfield said:

yeah remove that exemption in malwarebytes,  you did not indicate where you downloaded it from,  the offiical version is clean.

Just to help clarify, this just started happening in Firestorm on 2/27/2020 around 2:00 PM SLT, on a viewer he installed on his machine upon our return to SL in October of 2019 after a near-10-year hiatus.

Firestorm was downloaded from the official site.

Source:  he's my husband RL as well as partner in SL.  I personally sent him the link for the download and was present for same.

(Only jumping in because I just saw he'd posted here, and I have some computer availability right now to offer some additional details, whereas at his workplace he does not.)

[Chic Aeon]

Are you (he) trying to say that there was a Trojan warning from AVG from a WEBSITE redirect from the Firestorm site?   Or that when looking at something from within Firestorm using the external viewer there is a redirect that instigates a trojan warning?    At the moment it is pretty unclear -- to me anyway.

Anything on the web isn't a Firestorm viewer issue, but a web issue.  There have been times in the past when virus checkers have mistakenly tagged viewers as malware.  Since we haven't heard a huge outcry about this yet, I am guessing it is NOT the viewer that is the issue. 

More info is really needed.    

Edited February 28, 2020 by Chic Aeon
adding info

[Ajay McDowwll]

11 minutes ago, Chic Aeon said:

Are you (he) trying to say that there was a Trojan warning from AVG from a WEBSITE redirect from the Firestorm site?   Or that when looking at something from within Firestorm using the external viewer there is a redirect that instigates a trojan warning?    At the moment it is pretty unclear -- to me anyway.

Anything on the web isn't a Firestorm viewer issue, but a web issue.  There have been times in the past when virus checkers have mistakenly tagged viewers as malware.  Since we haven't heard a huge outcry about this yet, I am guessing it is NOT the viewer that is the issue. 

More info is really needed.    

I believe the issue was a Malware Bytes warning related to Firestorm activity, but that was last night and I'm running on minimal sleep, so I'll leave the rest of that to him (as I should have left this entirely alone, frankly). 

The information regarding the source of his Firestorm software is solid, however.

I agree more information is needed; I shouldn't have butted in, but I know him and saw how few details he'd left (he was on his cell, and he hates thumb typing so why did he not wait until he was home???) and also saw a few comments that... well, anyway.

Shutting up.  He's a big boy.  He'll handle it.

[Selene Gregoire]

16 minutes ago, Chic Aeon said:

Since we haven't heard a huge outcry about this yet, I am guessing it is NOT the viewer that is the issue. 

https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Virus:DOS/Firestorm  Not related to the FS viewer.

Just a couple.

[Selene Gregoire]

1 minute ago, Ajay McDowwll said:

Malware Bytes warning related to Firestorm activity

Malwarebytes seems to be having some problems lately. It keeps trying to renew my sub when it isn't time yet.

[Ajay McDowwll]

Well, it's reassuring (albeit not "good") that there's someone else who's having issues and it's likely a software problem (outside of FS, obviously). 

If he's too wiped to log in, I'll let him know.  Thank you everyone for your help -- it's truly appreciated, my own stupid-sleepy brain responses notwithstanding 😳

[Synapse Zabelin]

7 hours ago, Chic Aeon said:

Are you (he) trying to say that there was a Trojan warning from AVG from a WEBSITE redirect from the Firestorm site?   Or that when looking at something from within Firestorm using the external viewer there is a redirect that instigates a trojan warning?    At the moment it is pretty unclear -- to me anyway.

Anything on the web isn't a Firestorm viewer issue, but a web issue.  There have been times in the past when virus checkers have mistakenly tagged viewers as malware.  Since we haven't heard a huge outcry about this yet, I am guessing it is NOT the viewer that is the issue. 

More info is really needed.    

My apologies to everyone for minimal information. I was typing on my phone when I posted this. The following is information from Malwarebytes:

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 2/27/20
Protection Event Time: 5:16 PM
Log File: bce7c47a-59ae-11ea-bf70-94de800bb66f.json

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files\Firestorm-Releasex64\Firestorm-Releasex64.exe, Blocked, -1, -1, 0.0.0

-Website Data-
Category: Trojan
Domain: docleaner-trk.com
IP Address: 138.201.126.227
Port: 80
Type: Outbound
File: C:\Program Files\Firestorm-Releasex64\Firestorm-Releasex64.exe

(end)

Please note that the domain that it is trying to redirect to is docleaner-trk.com and it's located in the Firestorm directory. I get the same information from AVG. I downloaded from the official site but this activity has started just recently (in the past two weeks.) I understand that some Anti-Virus software do not play well with certain platforms. I've had that issue with AVG before, but when Malwarebytes AND AVG started notifying me I became concerned. My original post was meant to ask if there were any known issues with Firestorm that would cause this. If not, I will do more research.

Again, my apologies for minimal information.

[Selene Gregoire]

I've been using Malwarebytes for 20 years now and it has never alerted me to anything regarding Firestorm in the past however many years it has been since FS was released.

The issue is not with the viewer.

ETA: I was also on the FS support team for over 5 years so I probably do know what I am talking about.

 

Edited February 29, 2020 by Selene Gregoire

[Synapse Zabelin]

16 minutes ago, Selene Gregoire said:

I've been using Malwarebytes for 20 years now and it has never alerted me to anything regarding Firestorm in the past however many years it has been since FS was released.

The issue is not with the viewer.

ETA: I was also on the FS support team for over 5 years so I probably do know what I am talking about.

 

I have no doubt in regards to your credentials 🙂 I'm moving toward it being an infection that wasn't cleaned by my protective programs. I am currently checking on that now. I intend to send questions to both AVG and Malwarebytes in regards to this situation. I only asked here because it was based in my Firestorm directory.

 

[Lindal Kidd]

Probably should alert the Firestorm team to this, too.  I'm sure they will want to know someone may be stashing Bad Things in their directory.

Calling @WhirlyFizzle!

[Selene Gregoire]

1 hour ago, Lindal Kidd said:

Probably should alert the Firestorm team to this, too.  I'm sure they will want to know someone may be stashing Bad Things in their directory.

Calling @WhirlyFizzle!

This is something that does occur periodically and there isn't anything they can really do about it.

Quote

Some anti-virus programs (and firewalls and anti-malware programs) will incorrectly flag a viewer - or necessary components of a viewer - as a virus or threat. They may remove the suspected part completely, rendering all or part of the viewer slow or non-functional. There is at least one anti-virus program which will scan every file placed on your computer, even if created by an authorized program. This can affect Firestorm (or any viewer) in that it will scan each and every texture placed in cache, slowing down performance of the viewer significantly, keeping objects and/or textures from rezzing, and keeping CPU usage high.

https://wiki.firestormviewer.org/antivirus_whitelisting

 

See also:

AVG 2011 incorrectly flags the viewer as malware, and “disables” a required component, SLPlugin. To fix this:

• Reinstall the viewer (there is no need to uninstall first; you can install on top);
• If AVG reports a problem with SLPlugin.exe, ignore the warning, as it is a false positive.

 

https://wiki.firestormviewer.org/antivirus

Edited February 29, 2020 by Selene Gregoire

[Lindal Kidd]

Yes, Selene.  But is that file the AV software flagged actually a part of Firestorm, or did something else put it there?

[Selene Gregoire]

48 minutes ago, Lindal Kidd said:

Yes, Selene.  But is that file the AV software flagged actually a part of Firestorm, or did something else put it there?

If you are thinking someone did it deliberately then the OP is lying about having dled from the official site. This is not a repeat of Emerald. Some other culprit (such as a porn dialer) has imbedded itself in another program (FS) to hide. There is nothing in the FS coding that would redirect to a website that is not the official site or server and certainly not to docleaner-trk.com, whatever kind of scam that is.

I'll never forget the couple that brought in a pc crammed so full of porn dialers it couldn't function. It took 12 hours to clear all that mess out and then another 18 hours to run defrag and cleanup. Then, when he had loaded it up with porn dialers again, they bring it back and the B accuses us of putting the porn dialers on their computer! She absolutely refused to believe her husband was surfing porn on the net. 

[Lindal Kidd]

Right.  I'm not saying FS put anything bad in the viewer.  I googled the file,  docleaner-trk.com  that Malwarebytes flagged in the OP's computer.  It's definitely malware.  My guess is that some other program or website snuck it in there.

[IxBabexI]

 

 

 

could it maybe be from a tv rezzed on the sim?

 

 

[Maryanne Solo]

On 3/1/2020 at 4:13 AM, Selene Gregoire said:

She absolutely refused to believe her husband was surfing porn on the net. 

 

[Neena Andretti]

If I visit a particular sim, I get the same Malwarebytes notification no matter which viewer I use (Alchemy or Firestorm, each downloaded from their official sources). I wonder if there is some object on the sim trying to use dullahan, SL's media utility, to connect to an unsavory website... but I have shared media turned off, so I don't know what path it is taking to try and convince the viewer to load a random website. It only happens on this one sim, too.