Virus in Download Manager?

paperpusher

paperpusher
:'( Using TS2010, and downloading from Content Manager some where about 10 Jan onward, I was checking New Vehicle installs in the Download Station.
I chose to verify a vehicle called "police" and started its download to my computer. During this download, my TS2010 crashed. Since then every time I try to load the Trainz programs either into the Start or Content Manager or Quit, I cannot continue with out an Asset Database Update. It goes quickly, but once the start up screen comes on, I try to connect to Start / Content Manager etc. it starts the Asset Data Base all over again. I have received several "Dumps" into the Trainz folder.
I tried to restart the TDX file by renaming it and let the program do an ASSET DATABASE UPDATE and still the same problems arises.
Any suggestions to get my program running again.
 
That would be very unusual, as CDP files cannot contain viruses. However, it's likely that you've suffered a case of database corruption - try deleting the contents of <trainz install folder>/cache/internet.

Shane
 
I chose to verify a vehicle called "police" and started its download to my computer. During this download, my TS2010 crashed. Since then every time I try to load the Trainz programs either into the Start or Content Manager or Quit, I cannot continue with out an Asset Database Update. It goes quickly, but once the start up screen comes on, I try to connect to Start / Content Manager etc. it starts the Asset Data Base all over again. I have received several "Dumps" into the Trainz folder.

A bad asset can do that. Delete the asset you downloaded (or the asset that is currently listed by default in CMP) using TrainzUtil from the command line.
http://online.ts2009.com/mediaWiki/index.php/TrainzUtil
 
Tried and successfully ran TrainzUtil repairdatabase. But when I tried to run Trainz again, the same original problem came up and created a "Trainz-49933_3.dmp" file - Any other suggestions. I feel I will have to delete Trainz2010 (keeping my local file and my sessions and then re-installing the program again?
 
.cdp files are data files not executables. It would be extremely difficult to put Malware in them.

Cheerio John

I'm not so sure about that. If the underlying files are infected, they could be included in a CDP file just like infected files could be placed in a zip or .tar archive. The thing is this kind of infection is becoming more and more rare these days. Instead of wiping out someone's computer today, it's all about maximizing profit from some kind of background process used to steal information, or force the victim to pay up.

John
 
I'm not so sure about that. If the underlying files are infected, they could be included in a CDP file just like infected files could be placed in a zip or .tar archive. The thing is this kind of infection is becoming more and more rare these days. Instead of wiping out someone's computer today, it's all about maximizing profit from some kind of background process used to steal information, or force the victim to pay up.

John

Ok but you need something to execute. A .cdp file should only be processed by Trainz so it would need code inside Trainz to actually do anything based on the content of the .cdp. .zip is slightly different they can be an executable in their own right which is why Gmail doesn't accept .zip attachments but will accept .7z attachments. You could possibly have a go at an embedded .hmtl page and point it to an infected web page since I think Trainz now supports html.

I'm not saying that Malware could not be included in a .cdp only that it would be extremely difficult to get it into the execution path.

Cheerio John
 
.cdp files are data files not executables. It would be extremely difficult to put Malware in them.

.pdf files are data files, not executables, and are the current favoured mechanism for getting hijackware into PCs. It doesn't need code inside Trainz to actually do anything - it just needs a little bit of sloppy coding for errors such as buffer overflow.
 
Last edited:
.pdf files are data files, not executables, and are the current favoured mechanism for getting hijackware into PCs. It doesn't need code inside Trainz to actually do anything - it just needs a little bit of sloppy coding for errors such as buffer overflow.

True but Adobe never really did understand security, currently the favourite is an infected web page or advert. If you compare the market share of Trainz with that of Adobe Reader you'll soon see that Adobe Reader is a much more attractive target to decompile than Trainz ever was. Not only that but the format is exceptionally well documented as it is an ISO standard. ISO 32000-1 not only that but .pdf files are not pure data files, they can contain javascripts which is executed by the pdf reader. As far as I'm aware Trainz .cdp files do not contain javascripts. However Trainz does have scripts so I wonder if its sandboxed? Chrome does quite a nice job of sandboxing JAVA by the way, restricting what can be done by a java script etc.

Cheerio John
 
Back
Top