Menu

LEX File Exchange
EA Support Files
SC4 Wikipedia
Network Addon Mod
Dependencies
Chat

Author Topic: Ransomware  (Read 2778 times)

0 Members and 1 Guest are viewing this topic.

Offline jmelvin

  • LEX Scrutineers
  • Forums Councilmember
  • *
  • Posts: 113
  • Total likes: 13
  • Reputation: 2
Ransomware
« on: May 27, 2017, 01:05:22 AM »
I'm not sure where my comments should go so I will start here. This is the second day in a row that I have had this happen. I downloaded a file from the file exchange that has an executable installer in the ZIP. I tried to run the installer and noticed that it stopped midway through. I got a security warning on my system (Windows 7(64-bit) that said a program was doing suspicious activity related to Ransomware and was asked if I wanted to stop the program. You betcha!!!

The file I downloaded today was the BSC DAMN Diggis Streams Grass Base Set (v1.0). I don't remeber exactly which file I was trying to download yesterday.

We are dealing with EXE type files here that come inside a ZIP file. My Security software didn't catch any trouble in downloading the ZIP but did prevent the EXE from doing anything bad. Note: I do have my Windows Updates set to load automatically and I know that Microsoft put out a patch earlier this year dealing with Ransomware.

Questions:
1) Has anyone else run into this?
2) Is there a way to check if the files on the file exchange have been tampered with?

I should note that I I did download other files today that did not cause any trouble!!

Offline mgb204

Re: Ransomware
« Reply #1 on: May 27, 2017, 02:32:06 AM »
Your security software might give you a warning, but it doesn't necessarily follow that the file in question is actually problematic. It's an installer, when run it has the ability to do certain things in relation to your O/S (necessary for installing files), that could potentially do bad things.

What this comes down to is trust, i.e. do you trust the files or the source of them? Because almost certainly your security software doesn't have a clue what's actually in the installer. It's just assuming all installers of this type are bad for some reason. Such things are known as false positives, which are sadly more common than ever. The reason, rather than actually check something is bad, it's easier to assume they are and block them. Which has the side effect of making you feel protected, "wow, you just saved my computer, thanks anti-virus".

This should make for interesting observation - scanning the file with multiple AV software using a trusted online tool. Same file, but this time just the .exe inside the zip. I just downloaded it fresh to get accurate results. What this does question is how good your security software is, if it's so lazily coded to detect things? You might argue it's better safe than sorry, which is the line these companies often use. But then, most security software never seems to stop the real nasties from getting in. Because those making such things know how to get around this black/white list system with ease.

Long and short, I'm certain there is nothing wrong with the file. It's just not a commonly downloaded file and thus made it onto a blacklist without anyone bothering to check it properly.

Offline jmelvin

  • LEX Scrutineers
  • Forums Councilmember
  • *
  • Posts: 113
  • Total likes: 13
  • Reputation: 2
Re: Ransomware
« Reply #2 on: May 27, 2017, 04:40:56 PM »
Thank you for the quick response to my message mgb204.

Quote
Your security software might give you a warning, but it doesn't necessarily follow that the file in question is actually problematic. I

You were correct and it wasn't just a warning. My Norton Security software did not like the exe for the file trying to load into my system root directory where my Simcity game software resides and stopped the process from running to completion. When I saw the installer stop working part way through the install, I had to open the Task Manager and stop the process which was no longer responding. It was only then that the Norton warning screen popped up. There was no trouble with having the installer loading into the plugins folder within My Documents. I think the false indication happened because my Daeley management files are in my root folder. I got around this by running the installer and specifying the plugins folder in MY Documents as the destination which let installer run to completion.I then moved the files manually to my Daeley management files.

I had looked at the file date for the installer that comes in the ZIP download and saw that it matches with when the file was originally uploaded to the LEX so I thought it should be safe. This is just the first time where my security software stopped the process from running due to a false positive.

I must be the first user to run into this or at least no one has mentioned this happening to them. Hopefully this willl help other "unlucky' users if they run into this situation.

Thank you again for your quick response.

Offline Sunset_baby

Re: Ransomware
« Reply #3 on: May 27, 2017, 05:50:31 PM »
Quote
I must be the first user to run into this or at least no one has mentioned this happening to them

Actually, hardly more than a week ago the entire site was blocked for the same reason; Norton Blocking Site Based on False Positive

Offline bluewaves44

Re: Ransomware
« Reply #4 on: December 18, 2017, 06:41:48 AM »
What antivirus program should I install to prevent ransomware and other kinds of viruses?

Offline mgb204

Re: Ransomware
« Reply #5 on: December 18, 2017, 12:11:20 PM »
They are all equally terrible, so rather than waste money on one, get one that's free and doesn't continually bug you to pay for it. It will afford you some basic protection and like having a lock on your front door is a no brainer. However, having a lock on your front door, won't stop a thief with a brick. The simple fact is, most AV software is easily defeated and every system I see with viruses is not unprotected, but mostly down to users who clicked on things they shouldn't have. Personally I wouldn't look further than Microsoft Defender (integrated into Win8 / 10), or available as MS Security Essentials for Win7.

Security is more complex than simply having AV software, there are a number of sensible steps that combined will prevent the majority of problems. Mostly that means keeping your O/S, Browser and other software/drivers up-to date. But knowing/understanding the risks and taking caution when using the internet can severely reduce your chances of problems.

Offline Silur

Re: Ransomware
« Reply #6 on: December 18, 2017, 01:10:05 PM »
It's some kind of empty talk. This site lives for many years. 90% of the files have the certificate with the SC4 Devotion Command. For all these years I have not had any problems. THANK YOU JRJ  and EVERYONE WHO WORKS HERE ...
I think - Norton too stupid program in the World ... There are many problems with rural Norton with no security ...
« Last Edit: December 18, 2017, 01:52:11 PM by Silur »

Offline bluewaves44

Re: Ransomware
« Reply #7 on: December 20, 2017, 06:55:14 AM »
I agree. Norton is useless.