Jump to content


- - - - -

Igor.exe Home Of A Trojan?


  • Please log in to reply
8 replies to this topic

#1 Alter

Alter

    Jochen Rindt

  • Supporter
  • PipPipPipPipPipPipPipPipPipPip
  • 162 posts
  • Gender:Male
  • Interests:GPL
  • Sim interest:GPL

Posted Oct 12 2017 - 09:22 AM

Hi Racers
New installation of GPL from scratch using the GPLworld installer. KAV moved iGOR.exe to quarantine because of Trojan.Win32.Snojan.bsbm. I doubt KAV is right. Any ideas?
Alter

#2 Yngwie

Yngwie

    Denny Hulme

  • Members
  • PipPipPipPipPipPipPipPipPipPip
  • 216 posts

Posted Oct 12 2017 - 09:26 AM

It's a false positive. Put the .exe to the exception list of your AV or turn it off when driving.

#3 Alter

Alter

    Jochen Rindt

  • Supporter
  • PipPipPipPipPipPipPipPipPipPip
  • 162 posts
  • Gender:Male
  • Interests:GPL
  • Sim interest:GPL

Posted Oct 12 2017 - 09:39 AM

Thank you. Thought it was a false too.
It' not easy to persuade KAV to leave iGOR.exe alone because it deletes or moves it to quarantine in seconds. You have to shut down KAV before.

Edited by Alter, Oct 12 2017 - 10:09 AM.


#4 Marx

Marx

    Denny Hulme

  • Supporter
  • PipPipPipPipPipPipPipPipPipPip
  • 67 posts
  • Gender:Male
  • Location:Addis Ababa. Ethiopia
  • Interests:GPL

Posted Oct 12 2017 - 12:31 PM

Interesting. My KAV detected exactly the same on my laptop today but my GPL installation is many years old. And I have been using KAV also for many years on the same laptop.

#5 gliebzeit

gliebzeit

    Targa Fan

  • Supporter
  • PipPipPipPipPipPipPipPipPipPip
  • 1,667 posts
  • Gender:Male
  • Location:Florida - USA
  • Interests:Old guy stuff...
  • Sim interest:GPL

Posted Oct 12 2017 - 01:41 PM

KAV or any virus detection program will update its database regularly.  So, even if you've had KAV and GPL on a particular computer at some point in time a database update then may flag GPL.

#6 max640

max640

    Jackie Ickx

  • Members
  • Pip
  • 1 posts
  • Gender:Male
  • Location:Spain
  • Sim interest:GPL

Posted Oct 12 2017 - 01:55 PM

Hi all,

The same has happened to me with KAV.... but it deleted the two files (iGOR.exe and GEM 2.exe). Now Itry to play GPL again  and if I have problems I'll reinstall the GEM complete. There is no alternative.
Thanks to Danny in any case. I supposed it could be a false positive and now Ihave it confirmed.

#7 Alter

Alter

    Jochen Rindt

  • Supporter
  • PipPipPipPipPipPipPipPipPipPip
  • 162 posts
  • Gender:Male
  • Interests:GPL
  • Sim interest:GPL

Posted Oct 15 2017 - 02:58 AM

Hi max640
In my case KAV didn't really delete the file. Maybe you find them in the quarantine directory to put them back to where they belong.
Alter

#8 Stefan Roess

Stefan Roess

    Denny Hulme

  • GPLLinks Team
  • PipPipPipPipPipPipPipPipPipPip
  • 1,657 posts
  • Gender:Male
  • Location:Bavaria, Germany
  • Interests:racing :)
  • Sim interest:GPL and P&G

Posted Oct 15 2017 - 01:44 PM

Kaspersky Internet Security has also put igor.exe to quarantine on my system.
I have added it to exceptions.

Edited by Stefan Roess, Oct 15 2017 - 01:45 PM.


#9 Saiph

Saiph

    Drives 4 Team BDS

  • Supporter
  • PipPipPipPipPipPipPipPipPipPip
  • 1,742 posts
  • Gender:Male
  • Location:Aylesbury, UK
  • Interests:Computer gaming (esp. sims, strategy, RPG), real ale, live music, motor sports, boring the NSA/GCHQ to death.
  • Sim interest:GPL

Posted Oct 15 2017 - 02:13 PM

View Postmax640, on Oct 12 2017 - 01:55 PM, said:

...... if I have problems I'll reinstall the GEM complete. There is no alternative. ......

It's always a good idea to keep a backup of your GPL installation so you can restore individual files which may get corrupted or deleted for various reasons.

I used to work for McAfee as a software QA test engineer, testing the VirusScan anti-virus engine, and doing false alarm testing on new AV driver sets. It was fairly common for new anti-virus drivers to false alarm on older files. When you need to write a completely new class of anti-virus driver to cope with a new breed of malware (eg when network-infecting 'worms' appeared) it's easy to forget about the safeguards which prevent your AV from triggering on older files. That's where my testing came in. If a driver set false-alarmed on my test rig, it got passed back to the researchers with the details of the failure, and a smiley message saying "Try again guys!".




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Sim Racing Links