HobbyKing.com New Products Flash Sale
Reply
Thread Tools
Old Jan 12, 2012, 03:33 AM
Registered User
Joined Dec 2011
3 Posts
Discussion
FeiyuTech Gound Control Software VIRUS!!!

Hi!

I just received my FeiyuTech FY-31AP autopilot module and HornetOSD modules tonight. I went to the FeiyuTech website and download their ground control software and my ESET NOD32 antivirus software is reporting their ground control software is infected with the WIN32/Packed.Enigma.AAA trojan. Has anyone else experienced this? Does anyone have a copy of their ground control software that isn't infected?
It's really pathetic that for $300.00USD, I buy something that is supported with virus infected software...

Thanks,
Aonghais
Aonghais MacLeod is offline Find More Posts by Aonghais MacLeod
Last edited by Aonghais MacLeod; Jan 12, 2012 at 03:43 AM. Reason: Added response from FeiyuTech
Reply With Quote
Sign up now
to remove ads between posts
Old Jan 13, 2012, 06:25 PM
Registered User
Joined Sep 2011
8 Posts
Packers are used to obfuscate (and sometimes compress) executables. This makes it harder (but not much) to reverse engineer them. It is possible that the company is using a packer to protect their software and the antivirus picks up a false positive because it has a signature for a virus that used the same obfuscation program.

It might also detect generic packer like behaviour.
Uranium is offline Find More Posts by Uranium
Reply With Quote
Old Jan 13, 2012, 10:05 PM
Registered User
Joined Dec 2011
3 Posts
I don't think so...

If you read the response from FeiyuTech, they admit there is a software module to perform internet updates that may cause this. I found that NOD32 deletes their installer as soon as it downloads from the internet. If I disable NOD32 and allow it to install, NOD32 deletes the installed executable as soon as I re-enable it. I find it suspicious that an antivirus program specifically recognizes this particular trojan whether its compiled into an installer, or not.

Why would they tell me to run their software with my firewall and antivirus off?????
Aonghais MacLeod is offline Find More Posts by Aonghais MacLeod
Last edited by Aonghais MacLeod; Jan 13, 2012 at 10:12 PM. Reason: Additions
Reply With Quote
Old Jan 14, 2012, 05:50 AM
g0t rabb1t?
ABLomas's Avatar
Lietuva, Vilnius
Joined Jul 2011
1,652 Posts
Well, AV is software. Software can have bugs. So... ?

What's "WIN32/Packed.Enigma.AAA"? Let me guess - some generic code, detected by AV, may be used for 3216518416813164 purposes?
I did quick google search, haven't found any detailed description about this "virus"...
ABLomas is online now Find More Posts by ABLomas
Reply With Quote
Old Jan 14, 2012, 08:39 AM
Suspended Account
Brunswick, OH
Joined Nov 2005
5,547 Posts
When I run a full virus scan, many of my executables that contain ftp clients or http api calls get incorrectly flagged as viruses. Since I wrote these executables, I know they are not. But they must contain the same api calls that some viruses contain. So I assume eset is wrongly identifying them.
HappyKillmore is offline Find More Posts by HappyKillmore
Reply With Quote  (Disabled)
Old Jan 14, 2012, 09:27 AM
vau
Registered User
UK
Joined Jan 2007
252 Posts
As Uranium has said, Eset has identified that a packer is in use - not an actual virus/Trojan. The developers are probably using Enigma Protector http://www.enigmaprotector.com/

This not only packs the exe making static analysis harder but also provides runtime protection making disassembly harder. I guess the developers are just keen to hide what their code is doing - probably because they don't want other people to reverse engineer or modify it.

It is not a cause for concern particularly. As with any software do not run it on a trusted system if you do not trust the source. If you're paranoid then run it on a dirty system and monitor what it is doing to the system checking for changes or behaviour not consistent with what you would expect of a GCS application.

Quote:
Why would they tell me to run their software with my firewall and antivirus off?????
To reduce support calls and problems. Remember security breaks everything.
vau is offline Find More Posts by vau
Last edited by vau; Jan 14, 2012 at 09:39 AM.
Reply With Quote
Old Jan 14, 2012, 05:18 PM
Registered User
Joined Dec 2011
3 Posts
OK. Makes a bit more sense now... I've been using ESET on >30 workstations and 5 servers for several years and never had any false positives before, some malware has gotten past ESET, but never false positives...

I'll just use it on an internet disabled laptop.
Aonghais MacLeod is offline Find More Posts by Aonghais MacLeod
Reply With Quote
Old Jan 21, 2012, 11:04 PM
Oopss. Oh well.
borneobear's Avatar
In the tropics
Joined Jan 2006
3,623 Posts
When I uploaded in December, I too got a Trogen Gen warning from my Norten Internet Security.
But I reloaded recently, and the virus warning is gone. They probably cleaned it up.

http://shop.fyetech.com/dl/fygcsv15.rar


I've been flying this GCS the past few days, no issues at all.


BB
borneobear is offline Find More Posts by borneobear
Reply With Quote
Reply


Thread Tools

Similar Threads
Category Thread Thread Starter Forum Replies Last Post
Discussion PowerLab Charge Control Software Quick Tour Tim Marks FMA Direct 15 Mar 31, 2014 07:09 AM
For Sale Conrad Flight Control - i2C escs & software configuration cable (UK) Joshbb Aircraft - Electric - Multirotor (FS/W) 1 Nov 01, 2011 05:38 PM
Discussion Anti-Virus Software Murocflyer Life, The Universe, and Politics 25 Feb 15, 2009 10:39 PM