FeiyuTech Gound Control Software VIRUS!!! - RC Groups
Thread Tools
Jan 12, 2012, 03:33 AM
Registered User

FeiyuTech Gound Control Software VIRUS!!!


I just received my FeiyuTech FY-31AP autopilot module and HornetOSD modules tonight. I went to the FeiyuTech website and download their ground control software and my ESET NOD32 antivirus software is reporting their ground control software is infected with the WIN32/Packed.Enigma.AAA trojan. Has anyone else experienced this? Does anyone have a copy of their ground control software that isn't infected?
It's really pathetic that for $300.00USD, I buy something that is supported with virus infected software...

Last edited by Aonghais MacLeod; Jan 12, 2012 at 03:43 AM. Reason: Added response from FeiyuTech
Sign up now
to remove ads between posts
Jan 13, 2012, 06:25 PM
Registered User
Packers are used to obfuscate (and sometimes compress) executables. This makes it harder (but not much) to reverse engineer them. It is possible that the company is using a packer to protect their software and the antivirus picks up a false positive because it has a signature for a virus that used the same obfuscation program.

It might also detect generic packer like behaviour.
Jan 13, 2012, 10:05 PM
Registered User
I don't think so...

If you read the response from FeiyuTech, they admit there is a software module to perform internet updates that may cause this. I found that NOD32 deletes their installer as soon as it downloads from the internet. If I disable NOD32 and allow it to install, NOD32 deletes the installed executable as soon as I re-enable it. I find it suspicious that an antivirus program specifically recognizes this particular trojan whether its compiled into an installer, or not.

Why would they tell me to run their software with my firewall and antivirus off?????
Last edited by Aonghais MacLeod; Jan 13, 2012 at 10:12 PM. Reason: Additions
Jan 14, 2012, 05:50 AM
g0t rabb1t?
ABLomas's Avatar
Well, AV is software. Software can have bugs. So... ?

What's "WIN32/Packed.Enigma.AAA"? Let me guess - some generic code, detected by AV, may be used for 3216518416813164 purposes?
I did quick google search, haven't found any detailed description about this "virus"...
Jan 14, 2012, 08:39 AM
Suspended Account
When I run a full virus scan, many of my executables that contain ftp clients or http api calls get incorrectly flagged as viruses. Since I wrote these executables, I know they are not. But they must contain the same api calls that some viruses contain. So I assume eset is wrongly identifying them.
Jan 14, 2012, 09:27 AM
Registered User
As Uranium has said, Eset has identified that a packer is in use - not an actual virus/Trojan. The developers are probably using Enigma Protector http://www.enigmaprotector.com/

This not only packs the exe making static analysis harder but also provides runtime protection making disassembly harder. I guess the developers are just keen to hide what their code is doing - probably because they don't want other people to reverse engineer or modify it.

It is not a cause for concern particularly. As with any software do not run it on a trusted system if you do not trust the source. If you're paranoid then run it on a dirty system and monitor what it is doing to the system checking for changes or behaviour not consistent with what you would expect of a GCS application.

Why would they tell me to run their software with my firewall and antivirus off?????
To reduce support calls and problems. Remember security breaks everything.
Last edited by vau; Jan 14, 2012 at 09:39 AM.
Jan 14, 2012, 05:18 PM
Registered User
OK. Makes a bit more sense now... I've been using ESET on >30 workstations and 5 servers for several years and never had any false positives before, some malware has gotten past ESET, but never false positives...

I'll just use it on an internet disabled laptop.
Jan 21, 2012, 11:04 PM
Oopss. Oh well.
borneobear's Avatar
When I uploaded in December, I too got a Trogen Gen warning from my Norten Internet Security.
But I reloaded recently, and the virus warning is gone. They probably cleaned it up.


I've been flying this GCS the past few days, no issues at all.


Thread Tools

Similar Threads
Category Thread Thread Starter Forum Replies Last Post
Discussion PowerLab Charge Control Software Quick Tour Tim Marks FMA Direct 15 Mar 31, 2014 07:09 AM
For Sale Conrad Flight Control - i2C escs & software configuration cable (UK) Joshbb Aircraft - Electric - Multirotor (FS/W) 1 Nov 01, 2011 05:38 PM
Discussion Anti-Virus Software Murocflyer Life, The Universe, and Politics 25 Feb 15, 2009 10:39 PM