WARNING: Norton / Avira broke Automobilista

Discussion in 'Automobilista - Help & Support' started by IceCreamKimi, Mar 20, 2016.

  1. IceCreamKimi

    IceCreamKimi New Member AMS2 Club Member

    Joined:
    Mar 8, 2016
    Messages:
    22
    Likes Received:
    4
    While downloading the latest update for AMS Avira popped up saying that AMS.exe was the TR/Crypt.XPACK.gen trojan. While I'm sure it's a false positive it's probably something for the devs to look into.
     
  2. SaxOhare

    SaxOhare Well-Known Member AMS2 Club Member

    Joined:
    Mar 10, 2016
    Messages:
    2,235
    Likes Received:
    1,047
    It has 4 hits on Virustotal

    Bkav - W32.HfsAutoB.84F4
    Cyren - W32/Troj_Obfusc.N.gen!Eldorado
    F-Prot - W32/Troj_Obfusc.N.gen!Eldorado
    Rising - PE:Malware.XPACK-LNR/Heur!1.5594 [F]

    I hope they are false positive
     
  3. Whirlynerd

    Whirlynerd New Member AMS2 Club Member

    Joined:
    Mar 9, 2016
    Messages:
    1
    Likes Received:
    0
    I've had the current version of Automobilista installed since release but Norton decided to quarantine the executable as well as a list of other AMS files today. It does this every once in a while with other software but just the executable and it's only a matter of restoring the files from the Norton history and excluding them from future scans. However, Norton couldn't recover some of them (it kept asking for a folder to recover to but wouldn't accept any selected) so wouldn't recover any files. I did a game cache verify in Steam and this got it going again but it looks like it wiped out my configs in the process. I excluded the whole folder to avoid future grief.

    Hope this helps someone out there.
     
    • Agree Agree x 5
  4. GTSpeedster

    GTSpeedster Active Member AMS2 Club Member

    Joined:
    Jul 20, 2016
    Messages:
    81
    Likes Received:
    116
    I heard a talk some time ago about malware/virus being transmitted over via steam downloads from time to time. How certain are you this is a false positive?

    I mean, I also use Norton and I haven't had any issues so far. *EDIT: scratch that, just got red flagged as well.
     
    Last edited: Nov 2, 2016
  5. SaxOhare

    SaxOhare Well-Known Member AMS2 Club Member

    Joined:
    Mar 10, 2016
    Messages:
    2,235
    Likes Received:
    1,047
    ams.JPG
    ams.exe always has, and still is giving several positives on virustotal.com,
     
  6. Dave-NRTServers

    Dave-NRTServers New Member

    Joined:
    Mar 10, 2016
    Messages:
    6
    Likes Received:
    0
    I have a client that has told me, the free version of Avast reports the same thing..once he disabled it for the download/updates..it goes away.
    If hey does a manual scan on his system after downloading and install..it never throws the error again as if it was never there after re-enabling Avast.

    Dave
     
  7. GTSpeedster

    GTSpeedster Active Member AMS2 Club Member

    Joined:
    Jul 20, 2016
    Messages:
    81
    Likes Received:
    116
    Ok. But if that's a false positive why won't Reiza white list it with the antivirus manufacturers?
     
    • Agree Agree x 3
  8. traind

    traind Active Member AMS2 Club Member

    Joined:
    Nov 6, 2016
    Messages:
    103
    Likes Received:
    70
    McAfee is doing the same thing to me today....
     
    • Agree Agree x 1
  9. Marcel Kleene

    Marcel Kleene Member AMS2 Club Member

    Joined:
    Feb 16, 2016
    Messages:
    46
    Likes Received:
    24
    +1 on McAfee
     
  10. GTSpeedster

    GTSpeedster Active Member AMS2 Club Member

    Joined:
    Jul 20, 2016
    Messages:
    81
    Likes Received:
    116
    I think someone at Reiza should make an official comment on this issue. Even if only a brief one.

    We're all assuming it's just a case of a false positive but truth is we don't really know for sure, let alone what it is that the executable is doing to be picked up by so many different Antivirus.

    Some clarification wouldn't hurt.
     
    • Agree Agree x 1
  11. fischhaltefolie

    fischhaltefolie Well-Known Member AMS2 Club Member

    Joined:
    Mar 24, 2016
    Messages:
    560
    Likes Received:
    322
    Sorry for this being my first post, but McAfee regards ams.exe as trojan Artemis! und pushes it into quarantine. Excepting it and the whole automobilista folder from detecting is not succsesful. Some seconds and it's displaced again. Amsbeta works fine.
     
    • Like Like x 1
  12. Sascha Reynders

    Sascha Reynders New Member AMS2 Club Member

    Joined:
    Oct 2, 2016
    Messages:
    6
    Likes Received:
    1
    Same here with McAfee LiveSafe since today... Only way to work around it is disabling realtime scanning (which I do NOT like to do) and restore AMS.exe. After that it works until I re-enable realtime scanning, then it gets quarantined again. The exe from AMS Beta seems to be fine, it never gets quarantined.
    It would be nice if Reiza could look into this.
     
    • Agree Agree x 3
  13. Don King

    Don King New Member AMS2 Club Member

    Joined:
    Apr 3, 2016
    Messages:
    6
    Likes Received:
    0
    Norton , the nemesis of many sim racers for many years.
     
    • Funny Funny x 1
    • Optimistic Optimistic x 1
  14. Fred Crowe

    Fred Crowe New Member AMS2 Club Member

    Joined:
    Mar 19, 2016
    Messages:
    5
    Likes Received:
    0
    Same here Mcafee deleting my AMS executable.
     
    • Agree Agree x 1
  15. Sascha Reynders

    Sascha Reynders New Member AMS2 Club Member

    Joined:
    Oct 2, 2016
    Messages:
    6
    Likes Received:
    1
    It looks like McAfee is no longer quarantining the exe after the 1.1.5 update, at least not on my machine. How about the rest of you McAfee users ?
     
    • Agree Agree x 1
  16. Marcel Kleene

    Marcel Kleene Member AMS2 Club Member

    Joined:
    Feb 16, 2016
    Messages:
    46
    Likes Received:
    24
    Now I get a runtime error when I want to join the TT of the week. Offline no problem, online on servers as well...but when going to track in TT of the week, get a runtime error.
     
  17. SaxOhare

    SaxOhare Well-Known Member AMS2 Club Member

    Joined:
    Mar 10, 2016
    Messages:
    2,235
    Likes Received:
    1,047
    Are you sure your banner isn't to big? :)
     
  18. Renato Simioni

    Renato Simioni Administrator Staff Member

    Joined:
    Feb 14, 2016
    Messages:
    4,950
    Likes Received:
    47,041
    It is a false positive. We have already submitted AMS for whitelisting with Symantec (Norton) - they have confirmed detection will be removed from their product definitions in their next update.

    The issues with Norton have been ongoing since the early days of Game Stock Car, their algorithm doesnt seem to get on with our DRM leading to these false positives. Unfortunately as the exe gets updated in new releases there might be a window of time in which these false positives will be triggered again. We´ll try our best to avoid this sort of inconvenience to our users, but it´s on them as much as it is on us. The definitive solution may be to switch to any number of less overzealous, equally reliable Antivirus software out there.
     
    • Informative Informative x 3
    • Like Like x 1
    • Friendly Friendly x 1
  19. Easton1

    Easton1 New Member

    Joined:
    Apr 3, 2016
    Messages:
    3
    Likes Received:
    0
    Thanks for your reply.
    Norton still not fixed, I will try different antivirus at Norton renewal date.
     
  20. Jempy

    Jempy Member AMS2 Club Member

    Joined:
    Jun 21, 2016
    Messages:
    48
    Likes Received:
    6
    Norton is now fixed it seems ;)

    Update just downloaded and ams.exe remained at its place without any warning from Norton.
    Thanks Renato. :)
     

Share This Page