Virus/malware Razeta.1 in Metrosimulator Beta 3.9?

General discussions

Moderator: senjer

Annika
Posts: 21
Joined: 28 Jan 2015, 20:49

Virus/malware Razeta.1 in Metrosimulator Beta 3.9?

Post by Annika »

Hi,
yesterday (probably because of an updated virus detection database) my son was playing MetroSimulator Beta 3.9 and our Virus protection system F-secure detected a virus/malware in several MetroSImulator -related files, blocked them or set those into quarantine so that Metrosimulator won't start any more (for examples the icon for it was removed from desktop and in the program folder there aren't any .exe -files where to start playing)

All affected files were readable from virus detection logs as well as the activitites how they were handled. The infection was called Razeta.1 (see the attachment). About this infection F-secures virus detection databays says
Category: Malware
Type: Other
Platform: W32
Aliases: Generic.malware.[variant], Generic.[variant], gen:win32.malware.[variant], Gen:variant.[variant]
Summary:A Generic Detection of a program that has features or behavior indicative of known malicious threats, such as trojans, worms or viruses.

...and the infected files were SimulatorDemo.exe and MetroSimulatorBeta.lnk .

I uninstalled the MetroSimulator Beta 3.9 and tried to install it again from the scratch. F-secure reacts immediately to these files again.

I wonder if other user's virus detection systems have reacted to these files and removed/disinfected/blocked/quarantined them? Is it possible that you would take contact in F-Secure company and go through the code together with them? Otherwise we are not able to play any more, because the code seems to be infected.
Attachments
Razeta.PNG
Razeta.PNG (6.85 KiB) Viewed 7687 times
User avatar
senjer
Posts: 1069
Joined: 13 Apr 2013, 11:31

Re: Virus/malware Razeta.1 in Metrosimulator Beta 3.9?

Post by senjer »

This problem occurred since the latest update of the anti-virus software. I have the same problem with F-Secure. But only 8 of the 56 biggest anti-virus software programs detect the .exe file as a virus as seen below.
Virus.png
Virus.png (86.98 KiB) Viewed 7677 times
I've send the file to F-Secure and I'm waiting on the results. Until then you have to wait otherwise it will be removed directly.

A weird thing is that there is nothing wrong with the .exe files used for the editor.

Sorry for the inconvenience.
User avatar
Metrogaming
Posts: 103
Joined: 28 Feb 2015, 16:31
Location: Paris, France

Re: Virus/malware Razeta.1 in Metrosimulator Beta 3.9?

Post by Metrogaming »

Bitdefender is also blocking the site and the forum (malware). Very strange. What is razeta virus what is it doing?
I love metro simulator beta! It's my drug!
User avatar
brozma
Posts: 487
Joined: 11 Sep 2013, 16:27
Location: Prague, Czech Republic

Re: Virus/malware Razeta.1 in Metrosimulator Beta 3.9?

Post by brozma »

Hmm, Strange! I have Avast and I don't have any problems with Metro Simulator Beta. Try another Anti-virus as ESET, Avast or AVG.
If you want to make a very fast ride, just disable ATB/ZUB, put trottle to 1.00 and enjoy.
In my Avatar is a Logo of a Prague metro.
Sorry for my bad English. I am Czech and i am learning English
UuIi
Posts: 14
Joined: 25 Dec 2014, 12:53

Re: Virus/malware Razeta.1 in Metrosimulator Beta 3.9?

Post by UuIi »

I have the same.. (it says that it's either blocked, restored, isolated or deleted)
Attachments
F-secure_MSbeta.png
F-secure_MSbeta.png (33.32 KiB) Viewed 7619 times
Ctrl+Shift+A.
User avatar
senjer
Posts: 1069
Joined: 13 Apr 2013, 11:31

Re: Virus/malware Razeta.1 in Metrosimulator Beta 3.9?

Post by senjer »

Good news for everybody, I just received an answer from F-Secure.
Hello,

Thank you for your submission.

The file you submitted is indeed clean. A database update will be released to resolve this issue.

For the meantime, you may exclude this file from Real-time Scanning. Instructions for exclusions can be found here:

Internet Security 2013/2014:

http://community.f-secure.com/t5/Securi ... ta-p/15398

Internet Security 2015:

http://community.f-secure.com/t5/Securi ... ta-p/56363

Policy Manager and PSB Workstation:

http://community.f-secure.com/t5/Manage ... ta-p/66013

For the latest database updates please visit this page:

http://www.f-secure.com/en/web/labs_glo ... l/view/140

We apologize for any inconveniences that this may have brought you. Should you have further questions, please do not hesitate to email us again.

Best regards,
--------
F-Secure Security Labs http://www.f-secure.com/weblog/
F-Secure Corporation http://www.f-secure.com/
This detection unintentionally triggered on a script file.
They will send this information to the other vendors too. and it should be fixed in one of the upcomming updates.
User avatar
Metrogaming
Posts: 103
Joined: 28 Feb 2015, 16:31
Location: Paris, France

Re: Virus/malware Razeta.1 in Metrosimulator Beta 3.9?

Post by Metrogaming »

Good!
I love metro simulator beta! It's my drug!
Annika
Posts: 21
Joined: 28 Jan 2015, 20:49

Re: Virus/malware Razeta.1 in Metrosimulator Beta 3.9?

Post by Annika »

Thank you senjer for handling this issue so quickly with F-Secure! And UuIi, nice to notice other users from Finland :) !
User avatar
senjer
Posts: 1069
Joined: 13 Apr 2013, 11:31

Re: Virus/malware Razeta.1 in Metrosimulator Beta 3.9?

Post by senjer »

It looks like they have fixed it with the 2015-09-01_07 update. You all can play the simulator again without any problems.
Thalys
Posts: 7
Joined: 27 Jun 2015, 18:53
Location: Chatham, Kent, United Kingdom

Re: Virus/malware Razeta.1 in Metrosimulator Beta 3.9?

Post by Thalys »

I'd thought so. I use Kaspersky Antivirus and it hadn't detected any malware. Kaspersky is normally very informative. I'd doubt that a game this popular would contain viruses, as there would be hardly any videos!
Thalys en NS = de mooiste treinen!
Post Reply