Virus/malware Razeta.1 in Metrosimulator Beta 3.9?
Posted: 29 Aug 2015, 15:58
Hi,
yesterday (probably because of an updated virus detection database) my son was playing MetroSimulator Beta 3.9 and our Virus protection system F-secure detected a virus/malware in several MetroSImulator -related files, blocked them or set those into quarantine so that Metrosimulator won't start any more (for examples the icon for it was removed from desktop and in the program folder there aren't any .exe -files where to start playing)
All affected files were readable from virus detection logs as well as the activitites how they were handled. The infection was called Razeta.1 (see the attachment). About this infection F-secures virus detection databays says
Category: Malware
Type: Other
Platform: W32
Aliases: Generic.malware.[variant], Generic.[variant], gen:win32.malware.[variant], Gen:variant.[variant]
Summary:A Generic Detection of a program that has features or behavior indicative of known malicious threats, such as trojans, worms or viruses.
...and the infected files were SimulatorDemo.exe and MetroSimulatorBeta.lnk .
I uninstalled the MetroSimulator Beta 3.9 and tried to install it again from the scratch. F-secure reacts immediately to these files again.
I wonder if other user's virus detection systems have reacted to these files and removed/disinfected/blocked/quarantined them? Is it possible that you would take contact in F-Secure company and go through the code together with them? Otherwise we are not able to play any more, because the code seems to be infected.
yesterday (probably because of an updated virus detection database) my son was playing MetroSimulator Beta 3.9 and our Virus protection system F-secure detected a virus/malware in several MetroSImulator -related files, blocked them or set those into quarantine so that Metrosimulator won't start any more (for examples the icon for it was removed from desktop and in the program folder there aren't any .exe -files where to start playing)
All affected files were readable from virus detection logs as well as the activitites how they were handled. The infection was called Razeta.1 (see the attachment). About this infection F-secures virus detection databays says
Category: Malware
Type: Other
Platform: W32
Aliases: Generic.malware.[variant], Generic.[variant], gen:win32.malware.[variant], Gen:variant.[variant]
Summary:A Generic Detection of a program that has features or behavior indicative of known malicious threats, such as trojans, worms or viruses.
...and the infected files were SimulatorDemo.exe and MetroSimulatorBeta.lnk .
I uninstalled the MetroSimulator Beta 3.9 and tried to install it again from the scratch. F-secure reacts immediately to these files again.
I wonder if other user's virus detection systems have reacted to these files and removed/disinfected/blocked/quarantined them? Is it possible that you would take contact in F-Secure company and go through the code together with them? Otherwise we are not able to play any more, because the code seems to be infected.