Correct key for the route did not found
- Thread starter sura
- Start date
Hi guys, thx for all replies and comments so far.
It seems that all my work was for nothing, since it is not possible to crosscheck all my +56.000 CDPs i downloaded in the last 2 years. So, thank You for your support, it seems i must delete all content from my PC inclusive my route.
As farewell some images before i delete the route and all content:
Thanks again and stay well!
SurA
:wave:
EDIT:
RED ALERT OVER!!!
After checking my CM, i found 3 suspicious files, see attached image:
I deleted those files, made a DB-repair and i can drive my route again so i have not delete everything!!!
Author of the suspicious content is ilyon, KUID:833171
Be careful and may you check those contents with a tag (bot)
Happy Trainzing!
Sura
It seems that all my work was for nothing, since it is not possible to crosscheck all my +56.000 CDPs i downloaded in the last 2 years. So, thank You for your support, it seems i must delete all content from my PC inclusive my route.
As farewell some images before i delete the route and all content:
Thanks again and stay well!
SurA
:wave:
EDIT:
RED ALERT OVER!!!
After checking my CM, i found 3 suspicious files, see attached image:
I deleted those files, made a DB-repair and i can drive my route again so i have not delete everything!!!
Author of the suspicious content is ilyon, KUID:833171
Be careful and may you check those contents with a tag (bot)
Happy Trainzing!
Sura
Last edited:
hiawathamr
DLC developer for Trainz
I'm soooo happy you managed to fix the issue!
Just for the fun of it, I'm going to give those items a test run in a test folder (not my real content folder) and see what I run into (as I like dealing with these sort of things )
Cheers
Just for the fun of it, I'm going to give those items a test run in a test folder (not my real content folder) and see what I run into (as I like dealing with these sort of things
)Cheers
kcwright_rm
Cumberland & Eastern RRTC
those seem VERY off, but they are by the same guy so who knows?
I would try them, but the PC might go windows XP mode in the process
I would try them, but the PC might go windows XP mode in the process
ColPrice2002
Well-known member
Well done!
I hope that N3V are able to help "clean" the DLS - assuming that they are DLS assets.
Colin
I hope that N3V are able to help "clean" the DLS - assuming that they are DLS assets.
Colin
I'm soooo happy you managed to fix the issue!
Just for the fun of it, I'm going to give those items a test run in a test folder (not my real content folder) and see what I run into (as I like dealing with these sort of things
Cheers
Remember to wear a mask and gloves and get out the pointy tweezers to pull out the nasty script.
So it seems that these assets are a form of lame ransomware. Very interesting indeed. I assume that trainzscript is limited to just working in the game so your computer should be fine.
ALL YOUR BASE ARE BELONG TO US
https://www.youtube.com/watch?v=qItugh-fFgg
William
ALL YOUR BASE ARE BELONG TO US
https://www.youtube.com/watch?v=qItugh-fFgg
William
Last edited:
ZecMurphy
Community Assistant
Hi All, especially Sura
Thank you everyone for letting us know which assets are causing this message to appear. We are looking into this, as it is not appropriate for DLS content to be 'locked' in this way, especially if it can affect routes/sessions that don't use the content.
Regards
Thank you everyone for letting us know which assets are causing this message to appear. We are looking into this, as it is not appropriate for DLS content to be 'locked' in this way, especially if it can affect routes/sessions that don't use the content.
Regards
Many thanks for your input, jordon412.
As a result I consider to delete downloaded assets from authors ilyon, Sandrilyon, BUGOR, Leshyi1990, Volaner and vologda.
But before I start deleting anything I need to know some more.
Q1: How can I set up CM to find _all_ mentioned 'obscure' authors in one set? I've tried without success by using "OR" between each author?
2 examples for assets including assets from mentioned authors:
I've looked up some dependants from author "Leshy1990" within my installations. I found out that this concerns - as an example - <kuid2:69871:3515:1> "TRS19 - The Mann, Prom, Laramee - Session 3" from author philskene. Used asset from Leshy1990 here is: <kuid:771786:100069> (four-conveyor).
The second check listed the asset <kuid:166065:101071> "EMM Model Railway Layout FYNE FETTLE v1.1 TRS19" from author euromodeller. Used asset from Leshy1990 here is: <kuid:771786:100292> (n_boy_1).
Q2: My next question is: Should we delete all assets from that authors? As a result we get missing dependencies, see above example routes/sessions.
I have also installed some other assets from that authors...
Hopefully N3V will post a statement for users how to deal with that:
As a result I consider to delete downloaded assets from authors ilyon, Sandrilyon, BUGOR, Leshyi1990, Volaner and vologda.
But before I start deleting anything I need to know some more.
Q1: How can I set up CM to find _all_ mentioned 'obscure' authors in one set? I've tried without success by using "OR" between each author?
2 examples for assets including assets from mentioned authors:
I've looked up some dependants from author "Leshy1990" within my installations. I found out that this concerns - as an example - <kuid2:69871:3515:1> "TRS19 - The Mann, Prom, Laramee - Session 3" from author philskene. Used asset from Leshy1990 here is: <kuid:771786:100069> (four-conveyor).
The second check listed the asset <kuid:166065:101071> "EMM Model Railway Layout FYNE FETTLE v1.1 TRS19" from author euromodeller. Used asset from Leshy1990 here is: <kuid:771786:100292> (n_boy_1).
Q2: My next question is: Should we delete all assets from that authors? As a result we get missing dependencies, see above example routes/sessions.
I have also installed some other assets from that authors...
Hopefully N3V will post a statement for users how to deal with that:
Last edited:
RUSSIAN BOTS INCLUDED IN N3V PAYWARE DLC!
3 RUSSIAN BOTS ARE INCLUDED IN THE SESSION 'DAYTIME PASSENGER TRAIN TO ROSTOV', <KUID2:766034:100118:3>, FOR DEMON35'S ROSTOV UZEL 2018, <KUID2:766034:100117:3>. THEY ARE ALL MADE BY VOLOGDA: V_EP1M-644(BOT)_V3, <KUID2:78638:100600:3>, V 2ES5K-060A(BOT), <KUID:78638:100601>, AND V 2ES5K-060B(BOT), <KUID:78638:100602>. N3V PLEASE TAKE ACTION IMMEDIATELY!
3 RUSSIAN BOTS ARE INCLUDED IN THE SESSION 'DAYTIME PASSENGER TRAIN TO ROSTOV', <KUID2:766034:100118:3>, FOR DEMON35'S ROSTOV UZEL 2018, <KUID2:766034:100117:3>. THEY ARE ALL MADE BY VOLOGDA: V_EP1M-644(BOT)_V3, <KUID2:78638:100600:3>, V 2ES5K-060A(BOT), <KUID:78638:100601>, AND V 2ES5K-060B(BOT), <KUID:78638:100602>. N3V PLEASE TAKE ACTION IMMEDIATELY!
I am not professional, but would keep the deletion-process rather under limits. I really do not believe that all content of all those authors contains ransomware. Best is BTW to wait until the control-process ends by Zec and his colleagues. BTW i checked how much content do i have from the mentioned authors:
i installed 21 content from the 5 authors (of which 3 proved to contain ransomware)
BUT
they have 13150 content on the DLS!
Is it technically possible to check all scripts of those contents which contain the tag (bot) AND are from those authors?
i installed 21 content from the 5 authors (of which 3 proved to contain ransomware)
BUT
they have 13150 content on the DLS!
Is it technically possible to check all scripts of those contents which contain the tag (bot) AND are from those authors?
for all users, who don't know how to setup a custom filter for that issue in content manager (CM) of TRS19 ...
Here's an example for setting up the appropriate custom filter in CM:
(Hopefully you will be able to view the following text accordingly in font: "Fixedsys"). Havn't used a jpg as almost all free image-hosting sites delete them after a while.
If you can't view it in a suitable manner please copy the rest of the following text into your default text-editor.
+------------------------------------------------------------------------------+
| File Edit Developer Content |
| \/ Filter: [Custom... ] [search ] |
| |
| [Installed ] [True ] (-)(+) |
| [Scripted ] [True ] (-)(+) |
| [AND ] (-)(+) |
| [Author ] [ilyon ] (-)(+) |
| [OR ] (-)(+) |
| [Author ] [sandrilyon ] (-)(+) |
| [OR ] (-)(+) |
| [Author ] [bugor ] (-)(+) |
| [OR ] (-)(+) |
| [Author ] [leshyi1990 ] (-)(+) |
| [OR ] (-)(+) |
| [Author ] [volaner ] (-)(+) |
| [OR ] (-)(+) |
| [Author ] [vologda ] (-)(+) |
+------------------------------------------------------------------------------+
| Name |Status |Asset ID |Author |and so on... |
+------------------------------------------------------------------------------+
| Xxxxx xxx yyyyyy <kuid:nnnnnn:12345:2> zzzz dd-MM-YYYY |
| |
| |
| |
| |
| |
| |
| |
| |
+------------------------------------------------------------------------------+
Here's an example for setting up the appropriate custom filter in CM:
(Hopefully you will be able to view the following text accordingly in font: "Fixedsys"). Havn't used a jpg as almost all free image-hosting sites delete them after a while.
If you can't view it in a suitable manner please copy the rest of the following text into your default text-editor.
+------------------------------------------------------------------------------+
| File Edit Developer Content |
| \/ Filter: [Custom... ] [search ] |
| |
| [Installed ] [True ] (-)(+) |
| [Scripted ] [True ] (-)(+) |
| [AND ] (-)(+) |
| [Author ] [ilyon ] (-)(+) |
| [OR ] (-)(+) |
| [Author ] [sandrilyon ] (-)(+) |
| [OR ] (-)(+) |
| [Author ] [bugor ] (-)(+) |
| [OR ] (-)(+) |
| [Author ] [leshyi1990 ] (-)(+) |
| [OR ] (-)(+) |
| [Author ] [volaner ] (-)(+) |
| [OR ] (-)(+) |
| [Author ] [vologda ] (-)(+) |
+------------------------------------------------------------------------------+
| Name |Status |Asset ID |Author |and so on... |
+------------------------------------------------------------------------------+
| Xxxxx xxx yyyyyy <kuid:nnnnnn:12345:2> zzzz dd-MM-YYYY |
| |
| |
| |
| |
| |
| |
| |
| |
+------------------------------------------------------------------------------+
Last edited:
I think we're best to let N3V handle this. The word "bot" is referring to non-drivable consists and doesn't necessarily mean the assets are infected with the ransomware script. The script appears to be a recent thing and I don't think it affects all the assets by these users.
The other thing to consider is one user may have created the infected assets and not necessarily the one that uploaded them. Keep in mind that assets are cloned, copied, shared, and reskinned so it's difficult to pinpoint the exact source of the script in the first place unless the original user was "smart" enough to put his name or some other telltale sign in the code comments. The only way to find out if the ransomware is included is to test the assets, unfortunately, unless N3V can do this on the server, the assets need to be downloaded to be checked.
Are there any volunteers?
Sit tight and see how Zec and the rest of the company handle this rather than panic. We can't be blaming and accusing innocent users for someone else's evil deeds.
The other thing to consider is one user may have created the infected assets and not necessarily the one that uploaded them. Keep in mind that assets are cloned, copied, shared, and reskinned so it's difficult to pinpoint the exact source of the script in the first place unless the original user was "smart" enough to put his name or some other telltale sign in the code comments. The only way to find out if the ransomware is included is to test the assets, unfortunately, unless N3V can do this on the server, the assets need to be downloaded to be checked.
Are there any volunteers?
Sit tight and see how Zec and the rest of the company handle this rather than panic. We can't be blaming and accusing innocent users for someone else's evil deeds.
Sandrilyon
New member
The problem is not with assets with [bot] prefix. Forget about this. The topicstarter found wrong kuids that cause the issue with message "The route is payware..."
The real assets that destroy the map are used to protect the payware route of copying (not selling on Auran). So, if one of those assets is present on map, and the user doesn't have the key (also .cdp asset), you cannot play on the route and will get the message and session is ended.
Check out these assets below. Kuid with scenery type has a .gse file inside with "script" and "class" tag in config.txt. This .gse file refers to the authorization key. Inside of config.txt your will also find tag "privilege" with permit-listing=0, so you will never see this asses in editor, but after changing this tag to 1, you will able to place asset on your route. And this asset will brake your route.
This is the list of all kuids that have blocking script:
So, 20 of these assets are renewed by uploading the new version of kuid without the script inside and tag listing-permit=0. Someone who dowloaded them need to renew to the newest version in order to get rid of the route blocking issue.
The real assets that destroy the map are used to protect the payware route of copying (not selling on Auran). So, if one of those assets is present on map, and the user doesn't have the key (also .cdp asset), you cannot play on the route and will get the message and session is ended.
Check out these assets below. Kuid with scenery type has a .gse file inside with "script" and "class" tag in config.txt. This .gse file refers to the authorization key. Inside of config.txt your will also find tag "privilege" with permit-listing=0, so you will never see this asses in editor, but after changing this tag to 1, you will able to place asset on your route. And this asset will brake your route.
This is the list of all kuids that have blocking script:
Code:
<kuid:568300:101274> ra2 12 22<kuid:833171:100450> SMV Murro
<kuid2:806431:145730:1> Znak 1850km
<kuid2:806431:145729:1> Znak 1850km2
<kuid:810247:10127> Kalitka1
<kuid2:806431:102799:1> wl_grass_yaloo
<kuid:810247:100136> Sound pole
<kuid:803640:25006> SM_12 old3
<kuid:882895:47445> RED_KTU
<kuid:424437:100012> PL_out_1m_y_s_a
<kuid:568300:100103> old_hall
<kuid2:806431:100905:1> gravel pbr wl
<kuid:348398:10025> Old shed 4
<kuid:708875:100147> ak dom 1et. 5.4
<kuid:803640:102387> LEP opora BP-110-1-2
<kuid:209691:10002> ktm_lib
<kuid:833171:100448> FMA Town house
<kuid:882895:25808> FMA Industrial modul08
<kuid:833171:100449> d_v_up_2 (no lods)
<kuid:568300:101376> d_dom_1et_61
<kuid:348398:6789> d_dom_1et_14
<kuid:209691:10001> Charbon
<kuid2:806431:600166:1> Bz_rock_wood
<kuid:708875:20319> ans9_1960
<kuid2:424437:113827:1> AC4 5300 NR-III-5 pzSo, 20 of these assets are renewed by uploading the new version of kuid without the script inside and tag listing-permit=0. Someone who dowloaded them need to renew to the newest version in order to get rid of the route blocking issue.
Last edited: