Virus/malware Razeta.1 in Metrosimulator Beta 3.9?

General discussions

Moderators: senjer, Tom

Annika
Posts: 21
Joined: 28 Jan 2015, 20:49

Virus/malware Razeta.1 in Metrosimulator Beta 3.9?

Post by Annika » 29 Aug 2015, 15:58

Hi,
yesterday (probably because of an updated virus detection database) my son was playing MetroSimulator Beta 3.9 and our Virus protection system F-secure detected a virus/malware in several MetroSImulator -related files, blocked them or set those into quarantine so that Metrosimulator won't start any more (for examples the icon for it was removed from desktop and in the program folder there aren't any .exe -files where to start playing)

All affected files were readable from virus detection logs as well as the activitites how they were handled. The infection was called Razeta.1 (see the attachment). About this infection F-secures virus detection databays says
Category: Malware
Type: Other
Platform: W32
Aliases: Generic.malware.[variant], Generic.[variant], gen:win32.malware.[variant], Gen:variant.[variant]
Summary:A Generic Detection of a program that has features or behavior indicative of known malicious threats, such as trojans, worms or viruses.

...and the infected files were SimulatorDemo.exe and MetroSimulatorBeta.lnk .

I uninstalled the MetroSimulator Beta 3.9 and tried to install it again from the scratch. F-secure reacts immediately to these files again.

I wonder if other user's virus detection systems have reacted to these files and removed/disinfected/blocked/quarantined them? Is it possible that you would take contact in F-Secure company and go through the code together with them? Otherwise we are not able to play any more, because the code seems to be infected.
Attachments
Razeta.PNG
Razeta.PNG (6.85 KiB) Viewed 4584 times

User avatar
senjer
Posts: 1056
Joined: 13 Apr 2013, 11:31

Re: Virus/malware Razeta.1 in Metrosimulator Beta 3.9?

Post by senjer » 29 Aug 2015, 17:20

This problem occurred since the latest update of the anti-virus software. I have the same problem with F-Secure. But only 8 of the 56 biggest anti-virus software programs detect the .exe file as a virus as seen below.
Virus.png
Virus.png (86.98 KiB) Viewed 4574 times
I've send the file to F-Secure and I'm waiting on the results. Until then you have to wait otherwise it will be removed directly.

A weird thing is that there is nothing wrong with the .exe files used for the editor.

Sorry for the inconvenience.

User avatar
Metrogaming
Posts: 103
Joined: 28 Feb 2015, 16:31
Location: Paris, France

Re: Virus/malware Razeta.1 in Metrosimulator Beta 3.9?

Post by Metrogaming » 29 Aug 2015, 19:42

Bitdefender is also blocking the site and the forum (malware). Very strange. What is razeta virus what is it doing?
I love metro simulator beta! It's my drug!

User avatar
brozma
Posts: 330
Joined: 11 Sep 2013, 16:27
Location: Prague, Czech Republic

Re: Virus/malware Razeta.1 in Metrosimulator Beta 3.9?

Post by brozma » 29 Aug 2015, 20:35

Hmm, Strange! I have Avast and I don't have any problems with Metro Simulator Beta. Try another Anti-virus as ESET, Avast or AVG.
If you want to make a very fast ride, just disable ATB/ZUB, put trottle to 1.00 and enjoy.
In my Avatar is a Logo of a Prague metro.
Sorry for my bad English. I am Czech and i am learning English

UuIi
Posts: 14
Joined: 25 Dec 2014, 12:53

Re: Virus/malware Razeta.1 in Metrosimulator Beta 3.9?

Post by UuIi » 30 Aug 2015, 09:58

I have the same.. (it says that it's either blocked, restored, isolated or deleted)
Attachments
F-secure_MSbeta.png
F-secure_MSbeta.png (33.32 KiB) Viewed 4516 times
Ctrl+Shift+A.

User avatar
senjer
Posts: 1056
Joined: 13 Apr 2013, 11:31

Re: Virus/malware Razeta.1 in Metrosimulator Beta 3.9?

Post by senjer » 30 Aug 2015, 12:14

Good news for everybody, I just received an answer from F-Secure.
Hello,

Thank you for your submission.

The file you submitted is indeed clean. A database update will be released to resolve this issue.

For the meantime, you may exclude this file from Real-time Scanning. Instructions for exclusions can be found here:

Internet Security 2013/2014:

http://community.f-secure.com/t5/Securi ... ta-p/15398

Internet Security 2015:

http://community.f-secure.com/t5/Securi ... ta-p/56363

Policy Manager and PSB Workstation:

http://community.f-secure.com/t5/Manage ... ta-p/66013

For the latest database updates please visit this page:

http://www.f-secure.com/en/web/labs_glo ... l/view/140

We apologize for any inconveniences that this may have brought you. Should you have further questions, please do not hesitate to email us again.

Best regards,
--------
F-Secure Security Labs http://www.f-secure.com/weblog/
F-Secure Corporation http://www.f-secure.com/
This detection unintentionally triggered on a script file.
They will send this information to the other vendors too. and it should be fixed in one of the upcomming updates.

User avatar
Metrogaming
Posts: 103
Joined: 28 Feb 2015, 16:31
Location: Paris, France

Re: Virus/malware Razeta.1 in Metrosimulator Beta 3.9?

Post by Metrogaming » 30 Aug 2015, 14:04

Good!
I love metro simulator beta! It's my drug!

Annika
Posts: 21
Joined: 28 Jan 2015, 20:49

Re: Virus/malware Razeta.1 in Metrosimulator Beta 3.9?

Post by Annika » 30 Aug 2015, 20:09

Thank you senjer for handling this issue so quickly with F-Secure! And UuIi, nice to notice other users from Finland :) !

User avatar
senjer
Posts: 1056
Joined: 13 Apr 2013, 11:31

Re: Virus/malware Razeta.1 in Metrosimulator Beta 3.9?

Post by senjer » 01 Sep 2015, 18:32

It looks like they have fixed it with the 2015-09-01_07 update. You all can play the simulator again without any problems.

Thalys
Posts: 7
Joined: 27 Jun 2015, 18:53
Location: Chatham, Kent, United Kingdom

Re: Virus/malware Razeta.1 in Metrosimulator Beta 3.9?

Post by Thalys » 16 Sep 2015, 17:56

I'd thought so. I use Kaspersky Antivirus and it hadn't detected any malware. Kaspersky is normally very informative. I'd doubt that a game this popular would contain viruses, as there would be hardly any videos!
Thalys en NS = de mooiste treinen!

Post Reply