Jump to content
You are about to reply to a thread that has been inactive for 243 days.

Please take a moment to consider if this thread is worth bumping.

Recommended Posts

Download the viewer only from the official site. https://wiki.firestormviewer.org/downloads

See also: https://wiki.firestormviewer.org/antivirus_whitelisting

You may also want to join the inworld support group; https://www.firestormviewer.org/support/

 

ETA: To do a full clean reinstall: https://wiki.firestormviewer.org/fs_clean_install

Edited by Selene Gregoire
  • Like 6
Link to post
Share on other sites
10 hours ago, Synapse Zabelin said:

 from a Firestorm redirect

... deep sigh  ..  nowhere, never ever in the whole history of the www was warned to download only from the original websites.
Clicking all links in your spamfolder ( if you have one)  too?


(sorry ...sarc .. but come on)

  • Haha 1
Link to post
Share on other sites
15 hours ago, bigmoe Whitfield said:

yeah remove that exemption in malwarebytes,  you did not indicate where you downloaded it from,  the offiical version is clean.

Just to help clarify, this just started happening in Firestorm on 2/27/2020 around 2:00 PM SLT, on a viewer he installed on his machine upon our return to SL in October of 2019 after a near-10-year hiatus.

Firestorm was downloaded from the official site.

Source:  he's my husband RL as well as partner in SL.  I personally sent him the link for the download and was present for same.

(Only jumping in because I just saw he'd posted here, and I have some computer availability right now to offer some additional details, whereas at his workplace he does not.)

  • Like 1
Link to post
Share on other sites

Are you (he) trying to say that there was a Trojan warning from AVG from a WEBSITE redirect from the Firestorm site?   Or that when looking at something from within Firestorm using the external viewer there is a redirect that instigates a trojan warning?    At the moment it is pretty unclear -- to me anyway.

Anything on the web isn't a Firestorm viewer issue, but a web issue.  There have been times in the past when virus checkers have mistakenly tagged viewers as malware.  Since we haven't heard a huge outcry about this yet, I am guessing it is NOT the viewer that is the issue. 

More info is really needed.    

Edited by Chic Aeon
adding info
Link to post
Share on other sites
11 minutes ago, Chic Aeon said:

Are you (he) trying to say that there was a Trojan warning from AVG from a WEBSITE redirect from the Firestorm site?   Or that when looking at something from within Firestorm using the external viewer there is a redirect that instigates a trojan warning?    At the moment it is pretty unclear -- to me anyway.

Anything on the web isn't a Firestorm viewer issue, but a web issue.  There have been times in the past when virus checkers have mistakenly tagged viewers as malware.  Since we haven't heard a huge outcry about this yet, I am guessing it is NOT the viewer that is the issue. 

More info is really needed.    

I believe the issue was a Malware Bytes warning related to Firestorm activity, but that was last night and I'm running on minimal sleep, so I'll leave the rest of that to him (as I should have left this entirely alone, frankly). 

The information regarding the source of his Firestorm software is solid, however.

I agree more information is needed; I shouldn't have butted in, but I know him and saw how few details he'd left (he was on his cell, and he hates thumb typing so why did he not wait until he was home???) and also saw a few comments that... well, anyway.

Shutting up.  He's a big boy.  He'll handle it.

  • Haha 1
Link to post
Share on other sites

Well, it's reassuring (albeit not "good") that there's someone else who's having issues and it's likely a software problem (outside of FS, obviously). 

If he's too wiped to log in, I'll let him know.  Thank you everyone for your help -- it's truly appreciated, my own stupid-sleepy brain responses notwithstanding 😳

  • Like 2
Link to post
Share on other sites
7 hours ago, Chic Aeon said:

Are you (he) trying to say that there was a Trojan warning from AVG from a WEBSITE redirect from the Firestorm site?   Or that when looking at something from within Firestorm using the external viewer there is a redirect that instigates a trojan warning?    At the moment it is pretty unclear -- to me anyway.

Anything on the web isn't a Firestorm viewer issue, but a web issue.  There have been times in the past when virus checkers have mistakenly tagged viewers as malware.  Since we haven't heard a huge outcry about this yet, I am guessing it is NOT the viewer that is the issue. 

More info is really needed.    

My apologies to everyone for minimal information. I was typing on my phone when I posted this. The following is information from Malwarebytes:

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 2/27/20
Protection Event Time: 5:16 PM
Log File: bce7c47a-59ae-11ea-bf70-94de800bb66f.json

-Blocked Website Details-
Malicious Website: 1
, C:\Program Files\Firestorm-Releasex64\Firestorm-Releasex64.exe, Blocked, -1, -1, 0.0.0

-Website Data-
Category: Trojan
Domain: docleaner-trk.com
IP Address: 138.201.126.227
Port: 80
Type: Outbound
File: C:\Program Files\Firestorm-Releasex64\Firestorm-Releasex64.exe

(end)

Please note that the domain that it is trying to redirect to is docleaner-trk.com and it's located in the Firestorm directory. I get the same information from AVG. I downloaded from the official site but this activity has started just recently (in the past two weeks.) I understand that some Anti-Virus software do not play well with certain platforms. I've had that issue with AVG before, but when Malwarebytes AND AVG started notifying me I became concerned. My original post was meant to ask if there were any known issues with Firestorm that would cause this. If not, I will do more research.

Again, my apologies for minimal information.

Link to post
Share on other sites

I've been using Malwarebytes for 20 years now and it has never alerted me to anything regarding Firestorm in the past however many years it has been since FS was released.

The issue is not with the viewer.

ETA: I was also on the FS support team for over 5 years so I probably do know what I am talking about.

 

Edited by Selene Gregoire
  • Like 1
Link to post
Share on other sites
16 minutes ago, Selene Gregoire said:

I've been using Malwarebytes for 20 years now and it has never alerted me to anything regarding Firestorm in the past however many years it has been since FS was released.

The issue is not with the viewer.

ETA: I was also on the FS support team for over 5 years so I probably do know what I am talking about.

 

I have no doubt in regards to your credentials 🙂 I'm moving toward it being an infection that wasn't cleaned by my protective programs. I am currently checking on that now. I intend to send questions to both AVG and Malwarebytes in regards to this situation. I only asked here because it was based in my Firestorm directory.

 

Link to post
Share on other sites
1 hour ago, Lindal Kidd said:

Probably should alert the Firestorm team to this, too.  I'm sure they will want to know someone may be stashing Bad Things in their directory.

Calling @WhirlyFizzle!

This is something that does occur periodically and there isn't anything they can really do about it.

Quote

Some anti-virus programs (and firewalls and anti-malware programs) will incorrectly flag a viewer - or necessary components of a viewer - as a virus or threat. They may remove the suspected part completely, rendering all or part of the viewer slow or non-functional. There is at least one anti-virus program which will scan every file placed on your computer, even if created by an authorized program. This can affect Firestorm (or any viewer) in that it will scan each and every texture placed in cache, slowing down performance of the viewer significantly, keeping objects and/or textures from rezzing, and keeping CPU usage high.

https://wiki.firestormviewer.org/antivirus_whitelisting

 

See also:

AVG 2011 incorrectly flags the viewer as malware, and “disables” a required component, SLPlugin. To fix this:

  • Reinstall the viewer (there is no need to uninstall first; you can install on top);
  • If AVG reports a problem with SLPlugin.exe, ignore the warning, as it is a false positive.
 
Edited by Selene Gregoire
  • Like 1
Link to post
Share on other sites
48 minutes ago, Lindal Kidd said:

Yes, Selene.  But is that file the AV software flagged actually a part of Firestorm, or did something else put it there?

If you are thinking someone did it deliberately then the OP is lying about having dled from the official site. This is not a repeat of Emerald. Some other culprit (such as a porn dialer) has imbedded itself in another program (FS) to hide. There is nothing in the FS coding that would redirect to a website that is not the official site or server and certainly not to docleaner-trk.com, whatever kind of scam that is.

I'll never forget the couple that brought in a pc crammed so full of porn dialers it couldn't function. It took 12 hours to clear all that mess out and then another 18 hours to run defrag and cleanup. Then, when he had loaded it up with porn dialers again, they bring it back and the B accuses us of putting the porn dialers on their computer! She absolutely refused to believe her husband was surfing porn on the net. :S

Link to post
Share on other sites

Right.  I'm not saying FS put anything bad in the viewer.  I googled the file,  docleaner-trk.com  that Malwarebytes flagged in the OP's computer.  It's definitely malware.  My guess is that some other program or website snuck it in there.

Link to post
Share on other sites
You are about to reply to a thread that has been inactive for 243 days.

Please take a moment to consider if this thread is worth bumping.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...