Warning! Current FSUIPC+WideFS Download Contains Malware

One of the files inside the archive zip file for WideFS 6.995, which is a prerequisite for FSUIPC 4.939, returned what turned out to be a false postitive malware detection.

Specifically, after downloading the WideFS.zip archive from http://www.schiratti.com/dowson.html, my Emsisoft anti-malware reported that the file WideFS Closer.exe is infected with Trojan.GenericKD.2079676 (B) and quarantined it. I submitted the file to Emsisoft for confirmation, and they re-evaluated it and confirmed it was a false positive detection.

Very doubtful. Probably a false positive somewhere.

Cheers,

Your Emsisoft anti-malware is mistaken and is reporting a false positive.

This version has been out for weeks now and if there was a problem it would have cleared up way before today.

I wouldn't assume it is a false positive. I wouldn't install it. Best trust your virusscanner.

But, I trust fsuipc is safe. To test i also downloaded the latest version and found no virus.

Maybe a trojan got in your downloaded files somewhere along the way. Possible if your computer was already infected with something.

Maybe you can use your virusscanner to clean the downloaded zip, and then install fsuipc.

Or try downloading again.

I would also do a full system scan.

Thanks for taking the time to give up a heads-up.

One of the files inside the archive zip file for WideFS 6.995, which is a prerequisite for FSUIPC 4.939, contains a malicious Trojan.

Uh no, WideFS is not a prerequisite for FSUIPC in any of its versions. It's an optional utility for running instrument panels on other computers connected to your network, not a prerequisite. If no one else is detecting any bad stuff in the download, better look to problems on your pc, Hoggy. You could try a scan with Trend Micro's free House Call on-demand virus detector.

Heres another useful Tool to check for anything running in the background that shouldn't be, like automatic ad generators that allow pesky pop up ads that many Anti Virus programs don't pick up or scan for !

Autoruns : https://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

JUNKWARE / AD WARE Removal tool, removes pesky Items / junkware from the Registery that could possibly be a Virus or Trojan , allow access to other files by hackers ,,,,,

other wise known as thisisu program.

I used both listed above, and it thoroughly cleaned some junk out of my computer without causing any problems .

I have a PAID version of Maleware Bytes on both my computers and it didn't even find some of this stuff !!

LINK : http://www.bleepingcomputer.com/download/junkware-removal-tool/

Junkware Removal Tool has the ability to remove the following types of programs:

• Ask Toolbar

• Babylon

• Browser Manager

• Claro / iSearch

• Conduit

• Coupon Printer for Windows

• Crossrider

• Facemoods / Funmoods

• iLivid

• IncrediBar

• MyWebSearch

• Searchqu

• Web Assistant

When run, Junkware Removal Tool will remove all traces of these programs including their files, Registry keys, and folders

I wouldn't assume it is a false positive. I wouldn't install it. Best trust your virusscanner.

Thank you. I do trust it, which is why I pay for it every year, and why I posted the results of its scan here.

But, I trust fsuipc is safe. To test i also downloaded the latest version and found no virus.

Almost all replies here are responding to an assertion which I did not make- I'm so sorry that my OP somehow failed to adequately convey WHERE I found the malware, or emphasize sufficiently that it was NOT in the FSUIPC zip file itself, but in the WideFS zip file which the official website lists as REQUIRED for the latest version of FSUIPC.

Here is a direct cut 'n paste of the verbiage on the official FSUIPC download page.

***********************************************

"WideServer7 is built into FSUIPC4, you will need the WideClient from the WideFS link below."

===and===

"The WideClient.exe included in this zip is to be used with the WideServer7 module which is included with FSUIPC4 from now on"

***********************************************

Words mean things. These are unambiguous words. It may just be a semantics problem, but the words "you will need" (not "you might need if you have 2 monitors") and "is to be used" (not "should be used for multiple monitor installations") are pretty clear- WideFS is REQUIRED for the latest Steam-compatible version of FSUIPC according to whoever wrote the download page descriptions.

That said, I never heard of WideFS before today, nor do I have multiple monitors. I do, however have a widescreen monitor, and assumed that might be what "WideFS" was for. I simply trust the author of FSUIPC to correctly characterize what the requirements are, and if some of the files on offer there are optional, to say so in plain English rather than using language that essentially means "this is required."

I re-downloaded both FSUIPC and WideFS, and again, Emsisoft Anti-Malware instantly screamed at me and quarantined one of the files inside the WideFS zip file. Rather than deleting it this time, I'm sending it to Emsisoft for a more in-depth analysis and I'll come back here and update the thread if/when I get a response.

Thanks to all who replied, and my apologies if my OP was unclear about where I found the malware.

I wish Pete visited this forum.

WideFS has nothing to do with multiple monitor support.

It is used to allow FSUIPC to communicate over a network to another PC.

Very handy for running gauges and such off of a second computer. Mostly for home cockpit use.

WideFS is not required for any use of FSUIPC unless you are using 2 computers.

I will bet today's paycheck that Pete's files are clean.

peace,

the Bean

I should have been more clear too. I downloaded both, fsuipc 4.939 and widefs 6.995.

Found no virus in either of the zip's.

(the widefs .zip does contain widefscloser.exe)

I meant, if you find a trojan, don't install,

but I doubt it's Pete Dowson's fault,

that's all. :)

il88pp.

What that note was telling you, is that for FS9 you had to install wideserver.dll in your fs9 modules folder in order to run wideFS. For FSX, the wide server is built into fsuipc so you don't need to do anything on th4e fsx machine (though you need a widefs key to activate it). Either way you need the wideclient app on any networked machines that you want connected to fs9 or fsx (in fsx simconnect works sort of the same way).

scott s.

.

I wish Pete visited this forum.

 

WideFS has nothing to do with multiple monitor support.

 

It is used to allow FSUIPC to communicate over a network to another PC.

 

Very handy for running gauges and such off of a second computer. Mostly for home cockpit use.

 

WideFS is not required for any use of FSUIPC unless you are using 2 computers.

 

I will bet today's paycheck that Pete's files are clean.

 

peace,

the Bean

OK, thanks for that info. I posted on the FSUIPC support forum that my Anti-Malware program had found malware in WideFS Closer.exe. So far, the prevailing opinion is that it's a false positive.

However, one responder there said "If it's really malware, why are you the only one to report it?" to which I would respectfully reply "because it's just possible that I'm the only one who is running software that detected it."

I sent it to Emsisoft and asked them to respond, and I'll report back when I hear from them. Meanwhile, since I don't, apparently, need WideFS to begin with, despite the verbiage on the download site saying that I do, I'll just install FSUIPC and move on.

Thanks.

What that note was telling you, is that for FS9 you had to install wideserver.dll in your fs9 modules folder in order to run wideFS. For FSX, the wide server is built into fsuipc so you don't need to do anything on th4e fsx machine (though you need a widefs key to activate it). Either way you need the wideclient app on any networked machines that you want connected to fs9 or fsx (in fsx simconnect works sort of the same way).

 

scott s.

.

Thanks, Scott, I have no doubt that your explanation is 100% accurate. However, although what you said above is probably the INTENT of the notes on the d/l page, that is NOT what the notes actually say.

I should have been more clear too. I downloaded both, fsuipc 4.939 and widefs 6.995.

Found no virus in either of the zip's.

(the widefs .zip does contain widefscloser.exe)

 

I meant, if you find a trojan, don't install,

but I doubt it's Pete Dowson's fault,

that's all. :)

il88pp.

Thanks. I'll post back here when I hear from Emsisoft.

No, it isn't what causes your FSX to crash. Names like "Trojan.GenericKD.2079676 (B)" are composed by the scanner and indicate that the heuristic algorithm in the scanner has found a code sequence that vaguely resembles a virus pattern so it flags it and gives it a name. These sorts of warnings are almost always false. A search for this virus name gets no hits other than the OP's post.

DJ

davidjones,

A Google search for Trojan.GenericKD finds loads of hits. It is indeed a heuristic detection, but that does not mean it's harmless.

dorianr,

FSUIPC is likely not the cause.

read the first sticky (top of forum) to see how to find your crash report from fsx.

then start a new thread with your crash problem.

No, it doesn't, if you search on that full name at the time I posted there were 3 - all referencing this conversation or EMI - none confirmed. If you search for less than the full name you will get more - which follows since that is a generic name. Note that I said "... warnings are almost always false", not "never". On the other hand, I do software for a living (including security) and never, ever, saw one of these sorts of 'detection' be confirmed. You can believe what you want to believe, of course.

DJ

Here is a direct cut 'n paste of the verbiage on the official FSUIPC download page.

Just for clarity, this is not Pete's website. His software is provided there courtesy of Enrico Schiratti, since it is a required support utility program for Enrico's "Project Magenta" gauge software.

Pete doesn't even have a website, but all his frequent updates may be downloaded from links provided in his official forum:

http://forum.simflight.com/forum/30-fsuipc-support-pete-dowson-modules/

Just as a follow up to all this - the OP's question has been answered at some length here and over at Pete's support site by the Admin there. There is no malware/virus except in EMI's imagination.

DJ

hmmm wonder if that cause my FSX to crash when I pull the FSUIP menu down 30% of the time my FSX restarts with a need to shutdown whith an Error encouter.

Have you in your FSX.cfg under [GRAPHICS] this line : HIGHMEMFIX=1

Clicking on menu's can give Errors and shut down FSX.

Jan

I just heard from Emsisoft, and they confirm that the WideFS zipfile I sent them did NOT contain malware. So it was a false positive as most surmised. Also, to their credit, they issued an update within minutes and when I logged in this afternoon, I got a popup saying that the item in my quarantine had been re-evaluated and found to be malware-free, did I want to restore it to its original location. Very pro, IMHO.

Not sure if this thread serves any purpose now, so maybe it would be cool to delete it to keep people from stumbling across it (or Google-finding it) and not reading this "false alarm" post.

Nah, we better keep it as a "Cautionary tale".

Cheers,