Jump to content


- - - - -

Gem+ Download Corrupted?

GEM+

  • Please log in to reply
8 replies to this topic

#1 rdinoma

rdinoma

    Guy Ligier

  • Members
  • Pip
  • 3 posts
  • Interests:Grand Prix racing
  • Sim interest:GPL

Posted Dec 14 2017 - 03:27 PM

Just downloaded the GEMPackage_2.5.0.32.exe file from autosimsport.  Tried to install the .exe file and got a message from my Kaspersky anti virus program that the file contains a Trojan program named Backdoor.Win32.IRCBot.agil.  Is the Gem+ file corrupted, or is there an alternate site to download?  Thanks.

#2 Saiph

Saiph

    Drives 4 Team BDS

  • Supporter
  • PipPipPipPipPipPipPipPipPipPip
  • 1,801 posts
  • Gender:Male
  • Location:Aylesbury, UK
  • Interests:Computer gaming (esp. sims, strategy, RPG), real ale, live music, motor sports, boring the NSA/GCHQ to death.
  • Sim interest:GPL

Posted Dec 14 2017 - 04:00 PM

It's 99.999% certain to be a false alarm. Ignore Kaspersky, turn the anti-virus off temporarily, and try the install again. You should find that it works fine.

Alternatively, if you're not 100% confident, you could download GEM again from the "official" site here:

http://gem.grandprix.../downloads.html

Edited by Saiph, Dec 14 2017 - 04:09 PM.


#3 rdinoma

rdinoma

    Guy Ligier

  • Members
  • Pip
  • 3 posts
  • Interests:Grand Prix racing
  • Sim interest:GPL

Posted Dec 14 2017 - 06:08 PM

Thanks for the advice.  I did download from the alternate site you mentioned and got the same problem.  I finally got it to run under Kaspersky by listing as a "Trusted Application."

#4 John Woods

John Woods

    Be Somebody

  • Supporter
  • PipPipPipPipPipPipPipPipPipPip
  • 2,351 posts
  • Gender:Male
  • Interests:Too Much Fun
  • Sim interest:GPL

Posted Dec 16 2017 - 11:58 AM

Might want to make sure its not lurking around.
One of many descriptions linked below.

Backdoor Malware



:D

Edited by John Woods, Dec 16 2017 - 12:01 PM.


#5 Bill

Bill

    BRM Freak

  • Administrators
  • PipPipPipPipPipPipPipPipPipPip
  • 963 posts
  • Gender:Male
  • Location:U.S. Wise Va.

Posted Dec 16 2017 - 12:06 PM

let me know, we can always replace the download, I seem to remember this being a false positive because of the way the installer works...

#6 rdinoma

rdinoma

    Guy Ligier

  • Members
  • Pip
  • 3 posts
  • Interests:Grand Prix racing
  • Sim interest:GPL

Posted Dec 18 2017 - 09:31 AM

The malware is in a file named "//data0150" which seems to attach itself to the GEM+ file during the download process.  After installing as a "Trusted Application" in Kaspersky, I ran a full anti virus scan and cleaned out any residual pieces.  Thanks for your help and advice.  P.S.:  I did find an earlier thread on this Trojan in Igor (last comment October 16, 2017).

#7 Michkov

Michkov

    Denny Hulme

  • Members
  • PipPipPipPipPipPipPipPipPipPip
  • 848 posts
  • Gender:Male
  • Location:Graz
  • Sim interest:I am here to spam and wish to be deleted after registering

Posted Dec 19 2017 - 01:46 PM

View Postrdinoma, on Dec 18 2017 - 09:31 AM, said:

The malware is in a file named "//data0150" which seems to attach itself to the GEM+ file during the download process.  After installing as a "Trusted Application" in Kaspersky, I ran a full anti virus scan and cleaned out any residual pieces.  Thanks for your help and advice.  P.S.:  I did find an earlier thread on this Trojan in Igor (last comment October 16, 2017).

Have you got file paths for what your AV found?

#8 Yngwie

Yngwie

    Denny Hulme

  • Members
  • PipPipPipPipPipPipPipPipPipPip
  • 225 posts

Posted Dec 22 2017 - 04:25 AM

Well, if I take a look at the results of Virustotal.com, I'm pretty sure it's a false positive.

I guess something in the behaviour of the .exe is categorized as beeing malware. Due to the age and beeing developed for previous OSses I guess.

#9 John Woods

John Woods

    Be Somebody

  • Supporter
  • PipPipPipPipPipPipPipPipPipPip
  • 2,351 posts
  • Gender:Male
  • Interests:Too Much Fun
  • Sim interest:GPL

Posted Dec 23 2017 - 07:19 AM

View PostYngwie, on Dec 22 2017 - 04:25 AM, said:

Well, if I take a look at the results of Virustotal.com, I'm pretty sure it's a false positive.

Quote

Raising the global IT security level through sharing


Appreciate the link.



:D

Edited by John Woods, Dec 23 2017 - 07:23 AM.






Also tagged with one or more of these keywords: GEM+

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Sim Racing Links