FSDreamTeam forum

Products Support => GSX Support FSX/P3D => Topic started by: Pirateinparadise on August 11, 2015, 02:26:43 pm

Title: Norton Security Suite still does not like GSX...
Post by: Pirateinparadise on August 11, 2015, 02:26:43 pm

I installed the latest update last night. Ever since, I have been getting warnings from Norton Security Suite.

I have been ignoring the warning about this "infection". What are the TUTO4PC, and freeSoftToday used for in GSX? Can you please verify that this is a false report?

Filename: couatl_updater.exe
Threat name: SAPE.Eorezo.m02Full Path: c:\steam\steamapps\common\fsx\fsdreamteam\couatl\couatl_updater.exe

On computers as of
8/10/2015 at 10:45:07 PM

Last Used
8/10/2015 at 10:47:20 PM

Startup Item
No

Launched
No

Threat type: Adware. Programs whose main purpose is to facilitate the delivery of advertising content.
____________________________

couatl_updater.exe Threat name: SAPE.Eorezo.m02
Locate

Very Few Users
Fewer than 5 users in the Norton Community have used this file.

Very New
This file was released less than 1 week  ago.

Low
This file risk is low.


Downloaded File couatl_updater.exe Threat name: SAPE.Eorezo.m02
 from virtualisoftware.com
Source: External Media

gsx_fsx_setup.tmp
 
File Created:

____________________________

File Actions

File: c:\users\pirate\appdata\local\fst_in_12\fst_in_12\1.10\ cnf.cyl No fix attempted
File: c:\users\pirate\appdata\local\fst_in_34\fst_in_34\1.10\ cnf.cyl No fix attempted
File: c:\users\pirate\appdata\local\fst_jp_46\fst_jp_46\1.10\ cnf.cyl No fix attempted
Infected file: c:\Steam\steamapps\common\FSX\fsdreamteam\couatl\ couatl_updater.exe No fix attempted
____________________________

Registry Actions

Registry change: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ upt4pc_in_4_RASAPI32 No fix attempted
Registry change: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\ upt4pc_in_4_RASMANCS No fix attempted
Registry change: HKEY_USERS\S-1-5-19\Software\ TutoTag No fix attempted
Registry change: HKEY_USERS\S-1-5-21-568563715-1811035065-3836907093-1000\Software\ TutoTag No fix attempted
Registry change: HKEY_USERS\S-1-5-20\Software\ TutoTag No fix attempted
Registry change: HKEY_USERS\.DEFAULT\Software\ TutoTag No fix attempted
Registry change: HKEY_USERS\S-1-5-19\Software\ tuto4pc No fix attempted
Registry change: HKEY_USERS\S-1-5-21-568563715-1811035065-3836907093-1000\Software\ tuto4pc No fix attempted
Registry change: HKEY_USERS\S-1-5-20\Software\ tuto4pc No fix attempted
Registry change: HKEY_USERS\.DEFAULT\Software\ tuto4pc No fix attempted
Registry change: HKEY_LOCAL_MACHINE\SOFTWARE\ Tuto4pc No fix attempted
Registry change: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ Tuto4pc_is1 No fix attempted
Registry change: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ tuto4pc_in_4_is1 No fix attempted
Registry change: HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\ TUTO4PC No fix attempted
Registry change: HKEY_USERS\S-1-5-21-568563715-1811035065-3836907093-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\ TUTO4PC No fix attempted
Registry change: HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\ TUTO4PC No fix attempted
Registry change: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\ TUTO4PC No fix attempted
Registry change: HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ TUTO4PC No fix attempted
Registry change: HKEY_USERS\S-1-5-21-568563715-1811035065-3836907093-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ TUTO4PC No fix attempted
Registry change: HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ TUTO4PC No fix attempted
Registry change: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ TUTO4PC No fix attempted
Registry change: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ fst_ar_66_is1 No fix attempted
Registry change: HKEY_LOCAL_MACHINE\SOFTWARE\ freeSoftToday No fix attempted
Registry change: HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\ freeSoftToday No fix attempted
Registry change: HKEY_USERS\S-1-5-21-568563715-1811035065-3836907093-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\ freeSoftToday No fix attempted
Registry change: HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\ freeSoftToday No fix attempted
Registry change: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\ freeSoftToday No fix attempted
Registry change: HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ freeSoftToday No fix attempted
Registry change: HKEY_USERS\S-1-5-21-568563715-1811035065-3836907093-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ freeSoftToday No fix attempted
Registry change: HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ freeSoftToday No fix attempted
Registry change: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ freeSoftToday No fix attempted
____________________________

File Thumbprint - SHA:
993ea1710d79e1822a14bfbad2623ebedf600e4287a2d599296f19918a274ab0
File Thumbprint - MD5:
Not available

Title: Re: Norton Security Suite still does not like GSX...
Post by: virtuali on August 11, 2015, 06:07:42 pm

Quote

I installed the latest update last night. Ever since, I have been getting warnings from Norton Security Suite.

It's very well known that Norton is defective and it's the worse offender with regard to false positives. It's funny that this time, it mistakenly reported the couatl_updater.exe, but to the main Couatl.exe, most likely because we HAVE reported Couatl.exe as a false positive to them, but never though Norton could be so bugged that it could also flag just the *updater* as a threat, which is absurd, since it's not encrypted, doesn't use any anti-tampering methods and doesn't do anything except downloading files...

We are keep getting surprised how much bugged an antivirus might be, and Norton is the absolute champion of bugs...

Quote

I have been ignoring the warning about this "infection". What are the TUTO4PC, and freeSoftToday used for in GSX? Can you please verify that this is a false report?

Yes, of course it's a false positive.

However, nothing in your log indicates that Norton (albeit mistakenly) reported the TUTO4PC and freeSoftToday trojans in any of our products. The Norton mistake about the couatl_updater.exe was ONLY about the  SAPE.Eorezo.m02, not these other two.

So, I would check your system, because you MIGHT be infected by these other two.

Or, it might just be ANOTHER false positive.