FSUIPC

Discussion in 'NOD32 version 2 Forum' started by nevillevaneerten, Oct 30, 2006.

Thread Status:
Not open for further replies.
  1. nevillevaneerten

    nevillevaneerten Registered Member

    Joined:
    Oct 30, 2006
    Posts:
    4
    FSUIPC is an add-on for MS flight simulator. With the latest version of MS FS they have changed the way add-on programs talk to it through something called SimConnect. There are probably 100 programs available that talk to MSFS through the above listed program.

    Although it is not a virus NOD32 recognises it as a possible New-Heur_PE virus. It will not allow me to open it, execute it, receive it as an email, send it, unzip it, even if I turn off NOD 32.

    I cannot send it to you to analyse it from my quarantine either so can only tell you where to get it from.

    I would really appreciate your help here. I file can be found at

    http://fsuipc.simflight.com/beta/Install_FSUIPC4_4023.zip

    Home page for the product is

    http://www.schiratti.com/dowson.html


    Regards,

    Neville
     
  2. ASpace

    ASpace Guest

    Hello .

    Only virus analysts can tell if that application is malware or not .

    You say you couldn't send it but have you tried that :
    If a copy of it is saved in the quarantine , open NOD32's Control Center -> NOD32 System Tools -> Quarantine -> select the suspected file and right click on it , choose Submit for analysis and follow the instructions.It would be sent via ThreatSense

    Email samples sending : samples@eset.com
     
  3. nevillevaneerten

    nevillevaneerten Registered Member

    Joined:
    Oct 30, 2006
    Posts:
    4
    Hi. Yep tried that but even that cannot be done. That's why I sent a link. I presumed this forum was monitored by NOD32. Would you mind downloading it and sending it for me please.

    Regards
    Neville
     
  4. covaro

    covaro Registered Member

    Joined:
    Jul 4, 2006
    Posts:
    149
    Location:
    Abingdon, MD, USA
    Out of the interest of fairness, I uploaded this file to Virustotal out of curiousity. Fortinet and Panda both also flag this file as suspicious. Which makes me wonder if this person is using a common virus tactic or something in his code somewhere that makes the AVs freak out.

    -Cov
     
  5. ctrlaltdelete

    ctrlaltdelete Registered Member

    Joined:
    Oct 16, 2005
    Posts:
    318
    Location:
    NL
    A linkscanner gave me this result;


    File size: 1591.0K

    Install_FSUIPC4_4023.zip - archive ZIP
    >Install_FSUIPC4_4023.zip/Install FSUIPC4.exe packed by PETITE
    >>Install_FSUIPC4_4023.zip/Install FSUIPC4.exe - decompression error!
     
  6. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    Apparently so, Cov, because the creator warns of compatability problems with the software and antivirus programs, both in the readme file and in his forum:

    http://forums.simflight.com/viewtopic.php?t=56456

    I tried downloading the .zip file myself and also had NOD32 intercept it. However, ThreatSense asked me if I wanted to send the sample to Eset, so I told it yes, and gave a link to this thread as a comment.

    I believe you can probably get this program to download, install, and run if you set up the right series of AMON and IMON exclusions. However, I might wait to see what Eset has to say about it before doing so.
     
  7. nevillevaneerten

    nevillevaneerten Registered Member

    Joined:
    Oct 30, 2006
    Posts:
    4
    Thanks for your help so far. I trust this well known developer in the flight sim world, and I think its being downloaded around 8000times. Generally speaking how long does it take for Eset to come up with a fix? If it generally takes days, any help in regard to Imon and Amon would be appreciated by this semi-literate computer user.

    Unfortunately the simmarket forum requires manual acceptance into the forum, so as yet I cannot post a question there for possible work around.

    Regards

    Neville
     
  8. covaro

    covaro Registered Member

    Joined:
    Jul 4, 2006
    Posts:
    149
    Location:
    Abingdon, MD, USA
    Depends on the priority of the problem. In the event of a FP I would imagine the priority is based on how many possible users this could be affecting, as that would be the comparable judge compared to how fast a virus is spreading out in the wild.

    -Cov
     
  9. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    My guess is that it probably would take days. Since I do not actually run these programs myself, I cannot tell you exactly what to do. However, here is a general outline of what I would do:
    • Go to AMON --> uncheck "File system monitor (AMON) enabled".
    • Go to IMON --> uncheck "Internet monitor (IMON) enabled".
    • Download the .zip file; extract it; install it.
    • Go to AMON --> Setup --> Exclusions. Create exclusions for any .exe and .dll files included within the program. You may also include an exclusion for the .exe file used by the Flight Simulator itself. If you are not sure, you may try excluding the entire folder.
    • Go to IMON --> Setup --> Miscellaneous --> Exclusion --> Edit. Make exclusions similar to those made for AMON.
    • Now go back and reenable AMON and IMON.
    Take note that as of now, there is no way to make exclusions for the On-Demand scanner. If you run any manual scans of your computer, you will run the risk of having these files detected all over again. At least with the AMON exclusions, you should be able to restore them from Quarantine without have them bounce straight back in.
     
  10. mrtwolman

    mrtwolman Eset Staff Account

    Joined:
    Dec 5, 2002
    Posts:
    613
    Being a flightsim fan myself I have alerted virus lab gangstaz to take a carefull look on the file.
     
  11. nevillevaneerten

    nevillevaneerten Registered Member

    Joined:
    Oct 30, 2006
    Posts:
    4
Thread Status:
Not open for further replies.