Results 1 to 14 of 14

Thread: Virus warning ModUpdater.exe ?

  1. #1
    Junior Member
    Join Date
    Sep 2015
    Location
    Austria
    Posts
    11
    My Devices
    Steam
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)

    Virus warning ModUpdater.exe ?

    First: Thankx NoEx for your great work !

    I just updated the current FreeCamMod version from MEGA but when unpacking, Defender shows a virus warning (Trojan:Win32/Skeeyah.A!rfn). Is this a false alarm or is the file actually infected ?

  2. #2
    Senior Member nudnick's Avatar
    Join Date
    Apr 2014
    Location
    USA
    Posts
    202
    My Devices
    android, PC
    Mentioned
    5 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Ginsonic View Post
    First: Thankx NoEx for your great work !

    I just updated the current FreeCamMod version from MEGA but when unpacking, Defender shows a virus warning (Trojan:Win32/Skeeyah.A!rfn). Is this a false alarm or is the file actually infected ?
    Unfortunately I am now seeing this same thing. When trying to launch the Mod, I get prompt that there is an update, but when I go to click OK to get the update, I get error that "The server is not responding. Either its under maintenance or dwon. Please try again later ..."

    I have come to discover that Windows Defender (I'm on win10) is completely removing and quarantine the file "ModUpdater.exe". I actually went out and re-downloaded from Mega as well, unzipped the rar and watched the ModUpdater just disapper. Then went back and downloaded again and unzipped it and before it could remove the ModUpdater.exe I double clicked it and it came up stating that it can not run the executable because it is a virus. I then checked Windows Defender Quarantine tab and sure enough, its removing the file from my system.

    Are me and Ginsonic the only ones experiencing this?



    Ginsonic ... are you running Windows 10?

  3. #3
    New Member
    Join Date
    Jun 2016
    Location
    USA
    Posts
    3
    My Devices
    Tablet, PC, Phone
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I am getting this as well.

    It has identified it as a Trojan:Win32/Skeeyah.A!rfn

  4. #4
    Moderator
    Join Date
    Jun 2012
    Location
    bye bye
    Posts
    3,278
    My Devices
    Ipad, PC
    Mentioned
    26 Post(s)
    Tagged
    0 Thread(s)
    its the french trojan horse! cameras where just a means to an end! unless somethings went grossly wrong you can just ingore the warning, noex has been a fine contributor to the community so as trusted as any.

    question what anti virius are you boys using? is it possibley
    the same one?

    edit - ah windows defender i misread...what little ive used of it is that its acrazy pos....imo ingoreit

  5. #5
    Senior Member nudnick's Avatar
    Join Date
    Apr 2014
    Location
    USA
    Posts
    202
    My Devices
    android, PC
    Mentioned
    5 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Heretic View Post
    its the french trojan horse! cameras where just a means to an end! unless somethings went grossly wrong you can just ingore the warning, noex has been a fine contributor to the community so as trusted as any.

    question what anti virius are you boys using? is it possibley
    the same one?

    edit - ah windows defender i misread...what little ive used of it is that its acrazy pos....imo ingoreit
    I agree ... and can't thank NoEx enough for his contributions. Would love to hear "your" opinion on this NoEx. It's hard to ignore the Skeeyah.A!rfn file when you start reading up on it ... creepy

    http://malwarefixes.com/threats/troj...2skeeyah-arfn/
    Last edited by nudnick; 01-07-2017 at 09:59 AM. Reason: added link to article

  6. #6
    Junior Member
    Join Date
    Sep 2015
    Location
    Austria
    Posts
    11
    My Devices
    Steam
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by nudnick View Post
    Ginsonic ... are you running Windows 10?
    Yes, I am running Windows 10 x64 !

    And I really will not exclude the file from virus scanning until it is confirmed, that this is a false alert...
    Last edited by Ginsonic; 01-07-2017 at 09:46 AM.

  7. #7
    Moderator
    Join Date
    Jun 2012
    Location
    bye bye
    Posts
    3,278
    My Devices
    Ipad, PC
    Mentioned
    26 Post(s)
    Tagged
    0 Thread(s)
    agreed boys @NoEx can confirm but heyyyyy pinall used to have cigsburns and a few aidsneedles

  8. #8
    Senior Member NoEx's Avatar
    Join Date
    Mar 2015
    Location
    Lost in Space
    Posts
    167
    My Devices
    PC
    Mentioned
    15 Post(s)
    Tagged
    0 Thread(s)
    Obviously this is a false positive, it's been flagged by Windows Defender recently because the file has not changed for a long time and it's detected as a trojan horse since a few days.

    Unfortunately I can't really do much against that, I got to find a way to modify its signature, I guess it's flagged as a malicious file because it's downloading and dropping an exe file.

  9. #9
    Senior Member nudnick's Avatar
    Join Date
    Apr 2014
    Location
    USA
    Posts
    202
    My Devices
    android, PC
    Mentioned
    5 Post(s)
    Tagged
    0 Thread(s)
    Good deal ... I'm going for it ... I'm going to restore the file. I'll report back the results later ....

  10. #10
    Senior Member nudnick's Avatar
    Join Date
    Apr 2014
    Location
    USA
    Posts
    202
    My Devices
    android, PC
    Mentioned
    5 Post(s)
    Tagged
    0 Thread(s)
    So I restored the file in Windows Defender and ran the updater and got this:



    I'm just KIDDING !!!

    Everything seems to be fine. I restored the file in Windows Defender and it now shows that the "Skeeyah.A!rfn" file was deleted, but the "allow" page is empty. Mod is updated and running fine ...

  11. #11
    Moderator Jeff Strong's Avatar
    Join Date
    Feb 2012
    Location
    MI, USA
    Posts
    6,923
    My Devices
    iPad 4, PC, PS3, 360
    Mentioned
    23 Post(s)
    Tagged
    0 Thread(s)

  12. #12
    Senior Member NoEx's Avatar
    Join Date
    Mar 2015
    Location
    Lost in Space
    Posts
    167
    My Devices
    PC
    Mentioned
    15 Post(s)
    Tagged
    0 Thread(s)
    OK, I've modified ModUpdater.exe file a bit to change its signature, Windows Defender shouldn't detect it anymore as a threat.

    Re-download the mod from here: https://mega.nz/#!FkcG1TCZ!BJrvkAjMz...CjwjXd2kNcIZ1E, it contains the updated ModUpdater.exe file, just extract it and replace the old file, other files remain unchanged.

  13. #13
    Senior Member nudnick's Avatar
    Join Date
    Apr 2014
    Location
    USA
    Posts
    202
    My Devices
    android, PC
    Mentioned
    5 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by NoEx View Post
    OK, I've modified ModUpdater.exe file a bit to change its signature, Windows Defender shouldn't detect it anymore as a threat.
    Excellent! Thanks NoEx!

  14. #14
    Junior Member
    Join Date
    Sep 2015
    Location
    Austria
    Posts
    11
    My Devices
    Steam
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Thanks, works now !

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •