11 replies to this topic

[rdinoma]

Just downloaded the GEMPackage_2.5.0.32.exe file from autosimsport.  Tried to install the .exe file and got a message from my Kaspersky anti virus program that the file contains a Trojan program named Backdoor.Win32.IRCBot.agil.  Is the Gem+ file corrupted, or is there an alternate site to download?  Thanks.

[Saiph]

It's 99.999% certain to be a false alarm. Ignore Kaspersky, turn the anti-virus off temporarily, and try the install again. You should find that it works fine.

Alternatively, if you're not 100% confident, you could download GEM again from the "official" site here:

https://gem.grandprix.../downloads.html

Edited by Saiph, Dec 14 2017 - 04:09 PM.

[rdinoma]

Thanks for the advice.  I did download from the alternate site you mentioned and got the same problem.  I finally got it to run under Kaspersky by listing as a "Trusted Application."

[John Woods]

Might want to make sure its not lurking around.
One of many descriptions linked below.

Backdoor Malware

Edited by John Woods, Dec 16 2017 - 12:01 PM.

[Bill]

let me know, we can always replace the download, I seem to remember this being a false positive because of the way the installer works...

[rdinoma]

The malware is in a file named "//data0150" which seems to attach itself to the GEM+ file during the download process.  After installing as a "Trusted Application" in Kaspersky, I ran a full anti virus scan and cleaned out any residual pieces.  Thanks for your help and advice.  P.S.:  I did find an earlier thread on this Trojan in Igor (last comment October 16, 2017).

[Michkov]

rdinoma, on Dec 18 2017 - 09:31 AM, said:

The malware is in a file named "//data0150" which seems to attach itself to the GEM+ file during the download process.  After installing as a "Trusted Application" in Kaspersky, I ran a full anti virus scan and cleaned out any residual pieces.  Thanks for your help and advice.  P.S.:  I did find an earlier thread on this Trojan in Igor (last comment October 16, 2017).

Have you got file paths for what your AV found?

[Yngwie]

Well, if I take a look at the results of Virustotal.com, I'm pretty sure it's a false positive.

I guess something in the behaviour of the .exe is categorized as beeing malware. Due to the age and beeing developed for previous OSses I guess.

[John Woods]

Yngwie, on Dec 22 2017 - 04:25 AM, said:

Well, if I take a look at the results of Virustotal.com, I'm pretty sure it's a false positive.

Quote

Raising the global IT security level through sharing

Appreciate the link.

Edited by John Woods, Dec 23 2017 - 07:23 AM.

[SneakiestDuke68]

Hello,
I know that is old topic but i have information for users which use Kaspersky Anti-virus. I contacted with Kaspersky lab and i send them GEM package installer + GEM2.exe + IGOR.exe for check. Today kaspersky lab send me a message that was in a 101% false positive alarm and they fixed it in anti-virus. So, update anti-virus database and after this you can using GEM package installer, GEM2 and IGOR without disabling anti-virus. I tested it and kaspersky AV now no block this applications.
Greetings.

[Brocky05]

good to know thank you

[ginetto]

Thank you Sneakiest Duke 68, way to go!