OnCourse Software

Good morning,

Yesterday I bought PF3 v3.16.0 and PFE to XPX to use with X-Plane 11.55.

After unzipping the download file and executing the PF3 Setup program, Kaspersky Internet Security blocked the start operation after finding a DNS Trojan.

There were no PF3 logs created as the setup was not far enough along to create anything. I cannot find further event logs, but if you direct me to something specific, I'll be glad to locate them and attach an update.

I have attached screen shots of all I have. 1) The event log from Kaspersky details the virus error and 2) the associated Windows 10 execution error warning. That is generated since Kaspersky is blocking execution.

It appears the UDS:Trojan.Win32.Delf is embedded in the PF3_Installation_Setup.exe//data0051 module.

After spending $60USD, I would appreciate a CLEAN install file so I can attempt to use the product. It is apparent that the download store/server has been severely compromised.

I have received the purchase validation email and license key. All I need is a clean setup package.

My windows system is as follows:

* Windows 10x64; MSI Gaming 7, LGA-3; Intel i7 5930K 3.9MHz; 64GB RAM DDR4 2133MHz;
* NVIDIA GeForce GTX1080 Ti 11GB DDR5 VRAM
* Samsung M.2 SSD850 500GB Windows 10 boot drive
* Samsung SSD840 500GB X-Plane 11 dedicated drive
* Samsung SSD85 1TB X-Plane 11 Custom Scenery drive mlinked to XP11

Please advise,

Best regards,

CaptJon

The installation file IS clean I can assure you. You're getting a false positive from Kasperky. I use the same AV as yourself and it drives mad most of the time.

Thank you for your quick reply.

I would really like to believe that, however I have NOT gotten any false positive, nor any other warnings of this nature in easily the past three plus years. And I use this system globally.

The one time I have allowed an exclusion, about 10 years ago -- I lost about a week rebuilding after the virus attached my FAT table.

I'm sure you can understand, I'm more than hesitant on this. If you cannot provide any further support than this, I am going to need a refund. I have never requested a refund for software, but I have gotten zero value and thus far zero support.

What warranty can you provide if my allowing this exception results in ransom ware or a DNS? If the answer is zero 'buyer assumes all risk', then I'll need a refund.

If you 'allow exceptions' when you get a Kaspersky warning by rote, then it is logical that this package is NOT secure, and you simply pass this Trojan to all global users. IF I was getting this 'false positive' downloading hundreds of files from global site such as xp.org, etc. with global users, I would buy into your logic.

Again, I'm not seeing what I can justify as a 'false positive'.

Again, I am requesting a clean install that will scan clean.

Regards,

CaptJon

CaptJohn,

I assume that Kaspersky have a procedure (like most respectable AV providers) for submitting a suspected "false positive". They should check the file and update their definitions to allow it.

It may take a day or so but it is the way to be comfortable and, at the same time, help others.

I never take anybody's word that a file is safe.

John

There is a significant problem with Kaspersky flagging some VB6 executables as false positives; I have recently been developing new PF3 code for Dave and Kaspersky has flagged the modules as Trojans on several occasions - I *know* that there is nothing bad with the code, yet it still happens.

I will be following this up with Kaspersky. To be honest I'm starting to reconsider whether I should be using their software, after a good few years, as I'm finding the latest updates very intrusive - I'm hitting similar 'false positive' issues with some of my C# code too.

Cheers,
Martin

flycaptjon wrote: *

Thu Aug 04, 2022 6:37 pm

Thank you for your quick reply.

I would really like to believe that, however I have NOT gotten any false positive, nor any other warnings of this nature in easily the past three plus years. And I use this system globally.

The one time I have allowed an exclusion, about 10 years ago -- I lost about a week rebuilding after the virus attached my FAT table.

I'm sure you can understand, I'm more than hesitant on this. If you cannot provide any further support than this, I am going to need a refund. I have never requested a refund for software, but I have gotten zero value and thus far zero support.

What warranty can you provide if my allowing this exception results in ransom ware or a DNS? If the answer is zero 'buyer assumes all risk', then I'll need a refund.

If you 'allow exceptions' when you get a Kaspersky warning by rote, then it is logical that this package is NOT secure, and you simply pass this Trojan to all global users. IF I was getting this 'false positive' downloading hundreds of files from global site such as xp.org, etc. with global users, I would buy into your logic.

Again, I'm not seeing what I can justify as a 'false positive'.

Again, I am requesting a clean install that will scan clean.

Regards,

CaptJon

The way AV's detect trojans and such is they search for known footprints... our code is first compiled and then compressed, so there's always a chance a very similar footprint can be created during that process. That doesn't mean it's a trojan. As one of our other users suggested, please forward it to Kaspersky for checking.

We've been providing flight simulator software for nearly 30 years and can assure you we do not release virus ridden code. However, if you don't wish to have the file(s) checked by Kaspersky and/or don't wish to install the program, please email me direct and I'll gladly provide a full refund, despite that being against our general terms of not refunding digital media.

OK, while having a coffee I just submitted the file to the Kaspersky Threat Intelligence Portal https://opentip.kaspersky.com/ with the following result:


Yet I too get the software blocked by Kaspersky when I try to execute it on my machine. So it seems that their own software is inconsistent (you will notice that this piece of software has been checked previously on TIP). I have just submitted a Technical Support request to Kaspersky.

Martin

I raised this issue with Kaspersky Technical Support and they have confirmed that it is a false positive - a fix will apparently be included in their next database update. (The screenshot that I included previously was for the Cumulative Update file which has been known to have similar issues, but I did actually raise the issue against the Full Installer - my mistake.)

Cheers,
Martin