Topics

Vara Virus Alert


Tony
 

All:

Anyone else getting a virus alert when launching Vara 1.7.2? Probably nothing, but in my case, McAfee quarantines VARA.EXE.

Tony -K2MO


Andrew OBrien
 

When installing for W3VG he got an AVG virus alert but we ignored it and so far, so good.
Andy K3UK

On Thu, Mar 8, 2018 at 1:13 PM, Anthony Bombardiere <DXDX@...> wrote:
All:

Anyone else getting a virus alert when launching Vara 1.7.2? Probably nothing, but in my case, McAfee quarantines VARA.EXE.

Tony -K2MO






W6IDS <w6ids@...>
 

Hi Tony,

Never had an alert here for VARA at any time.  All's well.  I stopped with McAfee long ago due to false positives but that's just MY case.

Howard W6IDS

On 3/8/2018 1:13 PM, Anthony Bombardiere wrote:
All:

Anyone else getting a virus alert when launching Vara 1.7.2? Probably nothing, but in my case, McAfee quarantines VARA.EXE.

Tony -K2MO


Tony
 

Andy - Howard:

It does seem to be a false alert. Thank you both.

Tony

On Mar 8, 2018, at 1:41 PM, W6IDS <w6ids@...> wrote:

Hi Tony,

Never had an alert here for VARA at any time. All's well. I stopped with McAfee long ago due to false positives but that's just MY case.

Howard W6IDS


On 3/8/2018 1:13 PM, Anthony Bombardiere wrote:
All:

Anyone else getting a virus alert when launching Vara 1.7.2? Probably nothing, but in my case, McAfee quarantines VARA.EXE.

Tony -K2MO



Bob Morris
 

Had the same issue.  Windows Defender (WD) would keep removing VARA.EXE as malware/PUP.  Had to add the C:\VARA directory to WD's Exclusion under Virus & Threat Protection.


Graham
 

Its notable,  now with the  issue  being  frozen for  some  period of time , these  virus alerts continue .?


Steinar LA5VNA
 

Symantec also remove this file

LA5VNA S

On 09.07.2018 22.57, Bob Morris wrote:
Had the same issue.  Windows Defender (WD) would keep removing VARA.EXE as malware/PUP.  Had to add the C:\VARA directory to WD's Exclusion under Virus & Threat Protection.



Steinar LA5VNA
 

On 12.07.2018 10.12, Steinar Aanesland wrote:
Symantec also remove this file

LA5VNA S




On 09.07.2018 22.57, Bob Morris wrote:
Had the same issue.  Windows Defender (WD) would keep removing VARA.EXE as malware/PUP.  Had to add the C:\VARA directory to WD's Exclusion under Virus & Threat Protection.





Steinar LA5VNA
 







Symantec detect this:

"W32.IRCBot.NG is a worm that spreads through removable drives, MSN Messenger, and by exploiting the Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability (BID 31874) and the Microsoft Windows Shortcut 'LNK/PIF' Files Automatic File Execution Vulnerability (BID 41732). It also opens a back door on the compromised computer. "

LA5VNA Steinar















On 12.07.2018 10.30, Steinar Aanesland wrote:
https://www.virustotal.com/nb/file/e83280126553e9ecc8b398a9698255f2cce42dd5f463fc57cfebbde76a277526/analysis/


LA5VNA S



On 12.07.2018 10.12, Steinar Aanesland wrote:
Symantec also remove this file

LA5VNA S




On 09.07.2018 22.57, Bob Morris wrote:
Had the same issue.  Windows Defender (WD) would keep removing VARA.EXE as malware/PUP.  Had to add the C:\VARA directory to WD's Exclusion under Virus & Threat Protection.













Graham
 

Its quite simple Steiner , some people  like to  jam  vhf voice repeaters , some people like to report files and web sites as being  contaminated , the  advice  for  repeater jamming  was  always just ignore them ,  some  users  are  quite  capable of  monitoring  net work  traffic , im sure  they would  of  reported non expected activity by  now ,  as far was  anyone  can tell , nothing  has yet to be observed , other than  spurious  detections 

73-G,


Steinar LA5VNA
 

What have this to do with jamming repeaters???

S LA5VNA

On 12.07.2018 18.26, Graham wrote:
Its quite simple Steiner , some people  like to  jam  vhf voice repeaters , some people like to report files and web sites as being  contaminated , the  advice  for  repeater jamming  was  always just ignore them ,  some  users  are  quite  capable of  monitoring  net work  traffic , im sure  they would  of  reported non expected activity by  now ,  as far was  anyone  can tell , nothing  has yet to be observed , other than  spurious  detections

73-G,



K6ETA
 

Hi Steinar,

I think Graham is saying that someone is maliciously reporting VARA as containing a worm or virus to the Norton and other security folks. I'm not sure that would explain what we have here, but that seems to be Graham's point...

Steve K6ETA


------ Original Message ------

From: Steinar Aanesland
To: main@digitalradio.groups.io
Sent: July 12, 2018 at 1:25 PM
Subject: Re: [digitalradio] Vara Virus Alert

What have this to do with jamming repeaters???

S LA5VNA


On 12.07.2018 18.26, Graham wrote:
Its quite simple Steiner , some people  like to  jam  vhf voice repeaters , some people like to report files and web sites as being  contaminated , the  advice  for  repeater jamming  was  always just ignore them ,  some  users  are  quite  capable of  monitoring  net work  traffic , im sure  they would  of  reported non expected activity by  now ,  as far was  anyone  can tell , nothing  has yet to be observed , other than  spurious  detections



------ Original Message ------

From: Steinar Aanesland
To: main@digitalradio.groups.io
Sent: July 12, 2018 at 1:25 PM
Subject: Re: [digitalradio] Vara Virus Alert

What have this to do with jamming repeaters??? S LA5VNA On 12.07.2018 18.26, Graham wrote: Its quite simple Steiner , some people like to jam vhf voice repeaters , some people like to report files and web sites as being contaminated , the advice for repeater jamming was always just ignore them , some users are quite capable of monitoring net work traffic , im sure they would of reported non expected activity by now , as far was anyone can tell , nothing has yet to be observed , other than spurious detections 73-G,


Steinar LA5VNA
 

Thanks for the explanation. Just wanted to help.

LA5VNA S

On 12.07.2018 23.18, K6ETA wrote:
Hi Steinar,

I think Graham is saying that someone is maliciously reporting VARA as containing a worm or virus to the Norton and other security folks. I'm not sure that would explain what we have here, but that seems to be Graham's point...

Steve K6ETA


------ Original Message ------

From: Steinar Aanesland
To: main@digitalradio.groups.io
Sent: July 12, 2018 at 1:25 PM
Subject: Re: [digitalradio] Vara Virus Alert

What have this to do with jamming repeaters???

S LA5VNA


On 12.07.2018 18.26, Graham wrote:
Its quite simple Steiner , some peoplelike tojamvhf voice repeaters , some people like to report files and web sites as beingcontaminated , theadviceforrepeater jammingwasalways just ignore them ,someusersarequitecapable ofmonitoringnet worktraffic , im surethey wouldofreported non expected activity bynow ,as far wasanyonecan tell , nothinghas yet to be observed , other thanspuriousdetections



------ Original Message ------

From: Steinar Aanesland
To: main@digitalradio.groups.io
Sent: July 12, 2018 at 1:25 PM
Subject: Re: [digitalradio] Vara Virus Alert

What have this to do with jamming repeaters??? S LA5VNA On 12.07.2018 18.26, Graham wrote: Its quite simple Steiner , some people like to jam vhf voice repeaters , some people like to report files and web sites as being contaminated , the advice for repeater jamming was always just ignore them , some users are quite capable of monitoring net work traffic , im sure they would of reported non expected activity by now , as far was anyone can tell , nothing has yet to be observed , other than spurious detections 73-G,



Graham
 

Yes ,

During testing , each new  version  was  intercepted  by  Avast on my pc , with the  precursor , that it had  ' found something very significant' indicating  it had discovered some code with a  ''name'' ,  and insisted in  uploading the  file  to the   ''virus lab''  then  some hours later , came the  response , that the  file  was ok ..a pain , as the only way to  continue was to defeat Avast, with occasionally 2 or 3 new issues a night , 

As the  issue has now remained  frozen for  some  period of time ,  if  now it is being  flagged  as corrupted , a signature  'must' of been  added  to the  virus data  base, the  same happened  with  various issues of the  ROS-HF mode ,  though ,  As far as I can  remember ,  the Opera  system has not  suffered from this ?

Noting this is also a  commercial venture, which would  raise the  bar as to collateral damage and as of yet, it  seem's no spurious activity  has been reported, other than those  of the reporting  software .however , deployment seem's to be  in good  health and the  FM version is gaining momentum , latest issues  surround ctcs  repeater  control  , afforded by the  win-link software and  tx to  rx times  of analogue repeaters 

73-Graham

 


Graham
 

VARA 2-2-1  re registered with  Microsoft  Defender 

version  2-2-1 now  passing  microsoft defender  scan 

https://www.microsoft.com/en-us/wdsi/submission/6212a7db-6972-4509-aa60-494984f1237a

This only applies to  new  users  , there  are  NO CHANGES  to  the  Vara  modem 
the  new issue is the  same as  the  old  issue , only  the re-issued  2-2-1  is now  registered [again]

Some applications  are still  reporting issues , however, since the MS-Defender registration
the  name of the  reported issue  has  changed .... 

my  Avast  did  report 2-2-1 as  '' win32 malware gen''  , the  re registered 2-2-1  is  now  reported  as  'no issues'  

Apparently,  The BPQ  terminal  is also  flagged by  some  applications  ..and so on .. to  infinitum 

73-Graham