Missing Kuids? Post them here.

[ivomasek]

Hi Michal
<kuid:553702:11114>,<kuid:307216:120159>,<kuid:553702:11119>,<kuid:553702:11132>,<kuid:553702:11116>,<kuid:553702:11124>,<kuid:553702:11105>,<kuid:553702:80083>,<kuid:553702:80524>,<kuid:431492:5995>

Download:
https://www.uschovna.cz/zasilka/OPWWT9AEKK8VYJ5E-K2Y/7PACM6XIRK
clik of: STÁHNOUT ZÁSILKU

Ivo

 

[Forester1]

I got a severe threat detected in KUID3.7z Trojan:Script/Wacatac.B!ml "This program is dangerous and executes commands from an attacker". That was from Windows Defender, so it could be false positive.

 

[MasterTracklayer]

Could be a false positive? How could it be anything else? It isn`t even executable, save for inside Trainz, and even there, it cannot be what Windows Defender thinks it is, unless it is an infected Native Interface asset, which sounds unlikely.

 

[ivomasek]

Hi
The file is clean. I normally use the objects in my maps which are on DLS-Auran.

ivomasek
ID: 276055

 

[oldman777]

Hi Michal
<kuid:553702:11114>,<kuid:307216:120159>,<kuid:553702:11119>,<kuid:553702:11132>,<kuid:553702:11116>,<kuid:553702:11124>,<kuid:553702:11105>,<kuid:553702:80083>,<kuid:553702:80524>,<kuid:431492:5995>

Download:
https://www.uschovna.cz/zasilka/OPWWT9AEKK8VYJ5E-K2Y/7PACM6XIRK
clik of: STÁHNOUT ZÁSILKU

Ivo

None of the 60 antivirus programs found anything in this archive: https://www.virustotal.com/gui/file...4bdae1bf945c3beba8d2edd5dd94bf258dc?nocache=1

 

[Forester1]

Yeah, I don't know what its deal is, but it won't download it. I tried again and got the same result. Just in case others experience the same thing. I don't see any chance to override.

 

[1996]

these are for Tracksupervisor's NSW Illawarra & Southern Highlands

<kuid:62941:502>
<kuid:62941:16057>
<kuid:429700:100392>
<kuid:429700:100264>
<kuid:62941:16056>
<kuid:62941:16055>
<kuid:141417:27015>
<kuid:59904:777901>
<kuid:429700:100193>
<kuid:429700:100186>
<kuid:155664:2001830>
<kuid:155664:2001820>

 

[Mimes]

I got a severe threat detected in KUID3.7z Trojan:Script/Wacatac.B!ml "This program is dangerous and executes commands from an attacker". That was from Windows Defender, so it could be false positive.

My "daily bread" IP scanner tool as I am a network admin is vigorously detected and deleted by not-so-clever MS Defender as a super dangerous virus. I am puzzled as to why would a .7z be marked as dangerous - it is an archive, not an executable. Only if inside is exe then possibly yes, bit not .cdp.

 

[JCitron]

My "daily bread" IP scanner tool as I am a network admin is vigorously detected and deleted by not-so-clever MS Defender as a super dangerous virus. I am puzzled as to why would a .7z be marked as dangerous - it is an archive, not an executable. Only if inside is exe then possibly yes, bit not .cdp.

Defender, like many antimalware products, will scan inside archives. If malware is detected it'll delete or quarantine the infected file archive and all. It's possible to infect an asset. There is some malware that can infect image files and it's possible that a .tga file or a .png file was infected with something and the asset was trashed by Defender.

 

[ivomasek]

Hi Forester1
I am sending you the file in *rar.
Download:
https://www.uschovna.cz/zasilka/OPTX62HGTZHRDVJ5-XL3/L5EBNJLL4S

clik of: STÁHNOUT ZÁSILKU

Ivo

 

[Mimes]

Defender, like many antimalware products, will scan inside archives. If malware is detected it'll delete or quarantine the infected file archive and all. It's possible to infect an asset. There is some malware that can infect image files and it's possible that a .tga file or a .png file was infected with something and the asset was trashed by Defender.

Very true. However, I could not detect anything. That is quite clever from the hackers to target pngs etc. I did not think that was possible. It appears it is.

 

[oldman777]

I have always used various antiviruses from various well-known vendors and always got various issues from this. False positives and so on. A few years ago, I decided to get rid of it altogether.
I have removed a third-party antivirus and completely disabled Windows Defender via gpedit.msc.
All the issues and inconveniences went away with the antiviruses and the system working much faster. Nothing strange or suspicious has happened to the system over the years.

Warning: Do not try to do this if you do not have enough experience using a PC!

 

[Forester1]

Thank you so much, Ivo, that is very kind of you. It worked fine. Proof that Defender just doesn't like .7z for some reason, although I have plenty of assets stored in .7z.

 

[JAGG]

Random ignition based inventions usually do so...

 

[JCitron]

Very true. However, I could not detect anything. That is quite clever from the hackers to target pngs etc. I did not think that was possible. It appears it is.

That could've been a false positive. They happen, but yeah images can be infected.
https://gizmodo.com/malware-images-virus-photos-pictures-how-block-antiviru-1849572516

Fonts too and even binary-encoded EPS files. This technique was used to create the "Lino virus" that was aimed specifically at Linotronic imagesetters. These are large, I mean really, really large, film recording devices used to produce films for the printing industry. I can't find a link to any information on this one, thanks to the polluted search engines using directed searches, but it caused quite a stir in the early 90s.

The thing is any file containing binary data can be infected. Scary stuff!

 

[JCitron]

I have always used various antiviruses from various well-known vendors and always got various issues from this. False positives and so on. A few years ago, I decided to get rid of it altogether.
I have removed a third-party antivirus and completely disabled Windows Defender via gpedit.msc.
All the issues and inconveniences went away with the antiviruses and the system working much faster. Nothing strange or suspicious has happened to the system over the years.

Warning: Do not try to do this if you do not have enough experience using a PC!

Yes, the machines definitely run faster but there's still that risk that something can get in. It's not that you aren't careful in your browsing habits and work carefully, what used to be a safe website could be infected. Recently, as people have reported here, once safe Trainz-content websites are infected with droppers or some other malware that can then infect your system.

 

[oldman777]

Yes, the machines definitely run faster but there's still that risk that something can get in. It's not that you aren't careful in your browsing habits and work carefully, what used to be a safe website could be infected. Recently, as people have reported here, once safe Trainz-content websites are infected with droppers or some other malware that can then infect your system.

Can you give me some links to such infected sites? I really like experiments and I want to go to these sites and personally verify the existence of such threats.

 

[MasterTracklayer]

Now that is literally asking for trouble. I hope you don`t regret it.

 

[Forester1]

LOL! I would not want to go to such a site to verify and get the link!

 

[oldman777]

Now that is literally asking for trouble. I hope you don`t regret it.

I was obviously misunderstood, this is not bravado or thoughtlessness.
I always know with confidence what I'm doing or not doing it at all. I just want to help those who do not have self-confidence, tell them how to distinguish a fake site from a real one and what not to do to get into trouble.

That is why I wrote in my first message regarding this:

Warning: Do not try to do this if you do not have enough experience using a PC!