FSUIPC

FSUIPC is an add-on for MS flight simulator. With the latest version of MS FS they have changed the way add-on programs talk to it through something called SimConnect. There are probably 100 programs available that talk to MSFS through the above listed program.

Although it is not a virus NOD32 recognises it as a possible New-Heur_PE virus. It will not allow me to open it, execute it, receive it as an email, send it, unzip it, even if I turn off NOD 32.

I cannot send it to you to analyse it from my quarantine either so can only tell you where to get it from.

I would really appreciate your help here. I file can be found at

http://fsuipc.simflight.com/beta/Install_FSUIPC4_4023.zip

Home page for the product is

http://www.schiratti.com/dowson.html


Regards,

Neville

 

Hello .

Only virus analysts can tell if that application is malware or not .

You say you couldn't send it but have you tried that :
If a copy of it is saved in the quarantine , open NOD32's Control Center -> NOD32 System Tools -> Quarantine -> select the suspected file and right click on it , choose Submit for analysis and follow the instructions.It would be sent via ThreatSense

Email samples sending : samples@eset.com

 

Hi. Yep tried that but even that cannot be done. That's why I sent a link. I presumed this forum was monitored by NOD32. Would you mind downloading it and sending it for me please.

Regards
Neville

 

Out of the interest of fairness, I uploaded this file to Virustotal out of curiousity. Fortinet and Panda both also flag this file as suspicious. Which makes me wonder if this person is using a common virus tactic or something in his code somewhere that makes the AVs freak out.

-Cov

 

A linkscanner gave me this result;


File size: 1591.0K

Install_FSUIPC4_4023.zip - archive ZIP
>Install_FSUIPC4_4023.zip/Install FSUIPC4.exe packed by PETITE
>>Install_FSUIPC4_4023.zip/Install FSUIPC4.exe - decompression error!

 

Apparently so, Cov, because the creator warns of compatability problems with the software and antivirus programs, both in the readme file and in his forum:

http://forums.simflight.com/viewtopic.php?t=56456

I tried downloading the .zip file myself and also had NOD32 intercept it. However, ThreatSense asked me if I wanted to send the sample to Eset, so I told it yes, and gave a link to this thread as a comment.

I believe you can probably get this program to download, install, and run if you set up the right series of AMON and IMON exclusions. However, I might wait to see what Eset has to say about it before doing so.

 

Thanks for your help so far. I trust this well known developer in the flight sim world, and I think its being downloaded around 8000times. Generally speaking how long does it take for Eset to come up with a fix? If it generally takes days, any help in regard to Imon and Amon would be appreciated by this semi-literate computer user.

Unfortunately the simmarket forum requires manual acceptance into the forum, so as yet I cannot post a question there for possible work around.

Regards

Neville

 

Depends on the priority of the problem. In the event of a FP I would imagine the priority is based on how many possible users this could be affecting, as that would be the comparable judge compared to how fast a virus is spreading out in the wild.

-Cov

 

My guess is that it probably would take days. Since I do not actually run these programs myself, I cannot tell you exactly what to do. However, here is a general outline of what I would do:

• Go to AMON --> uncheck "File system monitor (AMON) enabled".
• Go to IMON --> uncheck "Internet monitor (IMON) enabled".
• Download the .zip file; extract it; install it.
• Go to AMON --> Setup --> Exclusions. Create exclusions for any .exe and .dll files included within the program. You may also include an exclusion for the .exe file used by the Flight Simulator itself. If you are not sure, you may try excluding the entire folder.
• Go to IMON --> Setup --> Miscellaneous --> Exclusion --> Edit. Make exclusions similar to those made for AMON.
• Now go back and reenable AMON and IMON.

Take note that as of now, there is no way to make exclusions for the On-Demand scanner. If you run any manual scans of your computer, you will run the risk of having these files detected all over again. At least with the AMON exclusions, you should be able to restore them from Quarantine without have them bounce straight back in.

 

Being a flightsim fan myself I have alerted virus lab gangstaz to take a carefull look on the file.

 

Thanks