Jump to content
  • 0

Malware attached itself to friends Firestorm

Kyrellyan

Asked by Kyrellyan,

 Share
You are about to reply to a thread that has been inactive for 1175 days.

Please take a moment to consider if this thread is worth bumping.

Question

Kyrellyan

Kyrellyan

Posted
Posted

Friend recently commented that they keep getting notificatioin from their virus scanner that there is an issue with secondlife.  Quick google search showed that it's malware that uses push notifications.

Quote

Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
29/01/2021 21:13:21,High,An intrusion attempt by inpagepush.com was blocked.,Blocked,No Action Required,Web Attack: Unwanted Push Advertisement Website 5,No Action Required,No Action Required,"inpagepush.com (139.45.195.147, 443)",https://inpagepush.com,"TOMSPC (192.168.1.152, 63983)",inpagepush.com (139.45.195.147),"TCP, https"
Network traffic from <b>https://inpagepush.com</b> matches the signature of a known attack.  The attack was resulted from \DEVICE\HARDDISKVOLUME6\PROGRAM FILES\FIRESTORM-RELEASEX64\SLPLUGIN.EXE.  To stop being notified for this type of traffic, in the <b>Actions</b> panel, click <b>Stop Notifying Me</b>.

My question is, how can they remove it?  Anyone have advice?

 

 

Link to comment
Share on other sites

3 answers to this question

Recommended Posts

  • -1
Rolig Loon

Rolig Loon

Posted
Posted (edited)

Some antivirus programs, notably AVG, often flag Second Life viewers with a false positive.  Also, some AV programs are overly aggressive, scanning every single file that is seen by your viewer.  That behavior can slow down performance dramatically.  Take a look at the Firestorm wiki >>> https://wiki.firestormviewer.org/antivirus.  That may not be the issue with your friend's case, specifically, but it is one to be aware of.

Edited by Rolig Loon
Link to comment
Share on other sites
  • -1
panterapolnocy

panterapolnocy

Posted
Posted (edited)

Firestorm viewer is no longer code-signed since the beginning of 2018. See the blog post here: https://www.firestormviewer.org/firestorm-update-5-0-11-53634/

Quote

We have stopped code-signing our windows binary due to costs and lack of benefits. Expect that your antivirus or firewall may warn you that the software is not trusted. If you downloaded it from THIS website, IT IS SAFE.

Then please take a look here if you have any doubts: https://wiki.phoenixviewer.com/is_my_viewer_safe ; After reading this wiki article you may consider taking a peek here, too: https://wiki.firestormviewer.org/antivirus_whitelisting - from what I can see your friend is using Norton, there is a tab for it.

Nonetheless, slplugin.exe is used to launch web content - antivirus program may flag the file due to the fact, that media on a prim or website visited in the inworld browser does contain the malicious code - that is not the fault of the viewer itself. Please take a look at this post:

Still, your friend may want to do a full-system scan just to be sure that other parts of the OS are healthy.

Edited by panterapolnocy
Link to comment
Share on other sites
You are about to reply to a thread that has been inactive for 1175 days.

Please take a moment to consider if this thread is worth bumping.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to question listing
×
×
  • Create New...