Metro simulator forums

Hi,
yesterday (probably because of an updated virus detection database) my son was playing MetroSimulator Beta 3.9 and our Virus protection system F-secure detected a virus/malware in several MetroSImulator -related files, blocked them or set those into quarantine so that Metrosimulator won't start any more (for examples the icon for it was removed from desktop and in the program folder there aren't any .exe -files where to start playing)

All affected files were readable from virus detection logs as well as the activitites how they were handled. The infection was called Razeta.1 (see the attachment). About this infection F-secures virus detection databays says
Category: Malware
Type: Other
Platform: W32
Aliases: Generic.malware.[variant], Generic.[variant], gen:win32.malware.[variant], Gen:variant.[variant]
Summary:A Generic Detection of a program that has features or behavior indicative of known malicious threats, such as trojans, worms or viruses.

...and the infected files were SimulatorDemo.exe and MetroSimulatorBeta.lnk .

I uninstalled the MetroSimulator Beta 3.9 and tried to install it again from the scratch. F-secure reacts immediately to these files again.

I wonder if other user's virus detection systems have reacted to these files and removed/disinfected/blocked/quarantined them? Is it possible that you would take contact in F-Secure company and go through the code together with them? Otherwise we are not able to play any more, because the code seems to be infected.

This problem occurred since the latest update of the anti-virus software. I have the same problem with F-Secure. But only 8 of the 56 biggest anti-virus software programs detect the .exe file as a virus as seen below. I've send the file to F-Secure and I'm waiting on the results. Until then you have to wait otherwise it will be removed directly.

A weird thing is that there is nothing wrong with the .exe files used for the editor.

Sorry for the inconvenience.

Bitdefender is also blocking the site and the forum (malware). Very strange. What is razeta virus what is it doing?

Hmm, Strange! I have Avast and I don't have any problems with Metro Simulator Beta. Try another Anti-virus as ESET, Avast or AVG.

I have the same.. (it says that it's either blocked, restored, isolated or deleted)

Good news for everybody, I just received an answer from F-Secure.

Hello,

Thank you for your submission.

The file you submitted is indeed clean. A database update will be released to resolve this issue.

For the meantime, you may exclude this file from Real-time Scanning. Instructions for exclusions can be found here:

Internet Security 2013/2014:

http://community.f-secure.com/t5/Securi ... ta-p/15398

Internet Security 2015:

http://community.f-secure.com/t5/Securi ... ta-p/56363

Policy Manager and PSB Workstation:

http://community.f-secure.com/t5/Manage ... ta-p/66013

For the latest database updates please visit this page:

http://www.f-secure.com/en/web/labs_glo ... l/view/140

We apologize for any inconveniences that this may have brought you. Should you have further questions, please do not hesitate to email us again.

Best regards,
--------
F-Secure Security Labs http://www.f-secure.com/weblog/
F-Secure Corporation http://www.f-secure.com/

This detection unintentionally triggered on a script file.

They will send this information to the other vendors too. and it should be fixed in one of the upcomming updates.

Good!

Thank you senjer for handling this issue so quickly with F-Secure! And UuIi, nice to notice other users from Finland !

It looks like they have fixed it with the 2015-09-01_07 update. You all can play the simulator again without any problems.

I'd thought so. I use Kaspersky Antivirus and it hadn't detected any malware. Kaspersky is normally very informative. I'd doubt that a game this popular would contain viruses, as there would be hardly any videos!