TurboCAD Forums

The Ultimate Resource for TurboCAD Knowledge

Register
 
When replying to a specific statement be sure to quote the previous post.

Is this Safe?
Read 3427 times
* August 02, 2016, 03:01:54 PM
Hi Everyone,

For a while now I have been having not only TC problems but also strange things happening with my computer since loading TC & the updates.
I just had a computer geek run his brain over my computer to check it out & he installed some software & found three viruses that have been affecting the operation of the computer.
One is:
Log
TurboCAD Professional Platinum Downloader__3687_i1924291908_il254610.exe - a variant of Win32/Amonetize.WM potentially unwanted application - cleaned by deleting [1]

There are two others he said not to mention at this stage as he wants to look into them but they are not good by what he said!

He mentioned NOT to have this one above on my or any computer for that matter, so how do I reload TC without getting this & the others back again?

I require some help so I can reload TC & get to it, if I can reload it without loading viruses with it?

I personally know nothing about it?

Cheers
David



Logged


* August 02, 2016, 03:03:58 PM
#1
The other question is:
Is this the reason why TC runs a muck sometimes?

Cheers
David

Logged


* August 02, 2016, 03:34:58 PM
#2
Obviously no idea what other two your friend found but I just searched my computer and I don't have the downloader you mentioned, this may be because I don't install updates to TC but download the latest full build (using save-as to save to computer before installing), downloading updates works very well for most but my computer doesn't like them and TC got screwed up a few times after applying updates so I stopped doing it.

Installing the full build is a bit more hassle than updating but it does mean I start with a clean TC each time and copying over some things like templates materials etc is pretty straightforward.

I can't say the downloader is definitely for the patches because I don't have Lightworks so its possible its for that,  but as I say I can't find it on my computer and patches and Lightworks should be the only difference between my computer and other peoples..

Logged


* August 02, 2016, 03:41:31 PM
#3
Hi Andy,

The files are hard to find & are hidden as was the case with my computer.
My antivirus software, anti malware, win10 Scan etc could not find any issues, he loaded Eset Nod32 & found them instantly, they were hidden files that didn't show even when selecting " show hidden files" ?
Or doing a search for them found nothing as well?

Obviously I know nothing about this & it's out of my league entirely?

Cheers
David

Logged


* August 02, 2016, 05:35:24 PM
#4


The packager  Win32/Amonetize.WM  isn't necessarily a virus. It can install adware, change your home page, and similar changes. It probably wouldn't compromise your TC performance. Was the downloader part of a trial package, or part of a purchase? From where did you procure it? It's hard to believe that IMSI would ship out a package with adware in it, but some 3rd party site might.

Mark

Hi Everyone,

For a while now I have been having not only TC problems but also strange things happening with my computer since loading TC & the updates.
I just had a computer geek run his brain over my computer to check it out & he installed some software & found three viruses that have been affecting the operation of the computer.
One is:
Log
TurboCAD Professional Platinum Downloader__3687_i1924291908_il254610.exe - a variant of Win32/Amonetize.WM potentially unwanted application - cleaned by deleting [1]

There are two others he said not to mention at this stage as he wants to look into them but they are not good by what he said!

He mentioned NOT to have this one above on my or any computer for that matter, so how do I reload TC without getting this & the others back again?

I require some help so I can reload TC & get to it, if I can reload it without loading viruses with it?

I personally know nothing about it?

Cheers
David

Logged
TCW Pro 14.2
TC Deluxe 16.2 Build 53.2


* August 02, 2016, 05:52:14 PM
#5
Hi Mark,
Thanks for the reply!

That's what I don't understand, I purchased the Boxed CD & have had two Update downloads from TC, no third party involved?

I am going to reinstall the program now & then see if the same file-files load again as they are not on my computer at the moment.

Thanks again Mark!

Cheers
David

Logged


August 02, 2016, 10:26:19 PM
#6
Keep in mind that Virus Detectors have False Positives.  Any program that makes changes to your computer's operating system (as an update will do) can be interpreted as a virus.


Jeff


Logged
TC Pro Platinum 2019, 2018, 2017, 2016 & 2015 (all with LightWorks & RedSDK) & V21
System: i7-5820K @ 3.30GHz, ASRock X99 Extreme4, 16GB DDR4-2133 RAM, Gigabyte GTX 970, Samsung NVMe SSD 950 (256GB), Windows 7 Pro (64-bit) SP1


* August 03, 2016, 02:17:21 AM
#7
Hi Jeff,
Thanks for the reply!

I'm afraid it's all beyond my knowledge to be totally honest.
I see what your saying though!

I reloaded from the CD & the files did not appear, I downloaded the update & the files did not appear either so they have come from somewhere else.

The computer guy I had take a look at the computer was concerned about a couple of things & has taken all the data to look at to see what functionality it all serves, he said he can run the functionality of the files to see what is what.
It amazed me when he hooked his laptop into my computer, pressed a couple of keys & streamlined my whole computer contents into his laptop in less than a minute, it blew me away actually just how fast it all happened.

He's a knowledgeable guy with computers & software, ex Navy technician, he said to give him a little time & he will tell me exactly where they came from & what they are all about, apparently all the info is in the computer & the software, if you know what your looking for?.

Like he said, those files should should Not be there in the first place!

Anyway we shall see when he gets back to me about it all.

Thanks Jeff,

Cheers
David

Logged


* August 03, 2016, 05:00:57 AM
#8
Even though that suspect spyware has TurboCad Professional in the name doesn't mean it came with TCAD. Viruses and spyware are getting quite sneaky these days. Just because there is a familiar wording in file names doesn't mean that the virus/spyware is associated with that publisher. It is a way for the attackers to try and hide there malicious software.

Logged
TC 21 Deluxe, TC 20 Platinum, TC 2015 Platinum, TC 2016 Platinum, TC 2017 Platinum
i7- 3770 Ivy Bridge 3.4 GHz, 16G Crucial Ballistic, ASRock Extreme 4, EVGA 1060 SSC, Windows 10 Pro 64 Bit


August 03, 2016, 09:47:43 AM
#9
Willeng,

I'm interested to know what your friend says. Honestly I think he is being a bit alarmist and that program is probably just a false positive. I have had terrible problems with Unhandled Exception errors, installation issues and other hard to diagnose problems whenever Eset is on a user's machine.

Ex Navy guy huh? Unless you're involved in government infrastructure projects, are an entrepreneur with several million dollar ideas that competitors would like to know, are under some sort of surveillance or have other reasons to be ultra paranoid I'm guessing that he's providing you with a level of security that is overkill for your situation. However, I could be wrong. Like I say I'm interested to know what he comes back and tells you.


Logged


* August 03, 2016, 04:24:24 PM
#10
Hi Everyone,

Jason,
Yes, I see what your saying & yes, people will do anything these days, I totally agree with that!

Travis,
I'm not that concerned to be honest with you, but it didn't hurt to ask the question to be sure as I have no idea & admit it openly.
Yes, the computer guy is only trying to be helpful, I don't think he has much better things to do in this area now he is semi retired & he wants to feel important I guess?
I hope he doesn't read that though?

I am interested to know what he says although I probably won't understand his Jargon!

Thanks for the replies!

Cheers
David

Logged


* August 03, 2016, 05:07:11 PM
#11
Hi Travis,
Just thinking about your reply, which was sort of expected!
I think you may have slightly missed the point.

Two of the most important things we have in life besides Family are: Security & Privacy.
Anything that denies individuals of these is wrong, full stop!

You don't have to be a yuppy millionaire or a nerdy government agency to warrant these things, everybody, Black, White or Brindle has a right to be secure & have privacy, if we let that slide the whole world will turn to Sh*t as is happening & has been happening for a long time.
I'm sure you will agree?

If things are wrong, then they are wrong!

Cheers
David


Logged


* August 03, 2016, 06:40:58 PM
#12
David,
maybe it has something to do with this > very interesting  ;D

http://forums.turbocad.com/index.php/topic,18208.msg108961.html#msg108961

Logged
"What do I know, I'm still learning"..
Windows 7 64 bit HP > on a stock HP laptop with 4gb-2.4 GHz.Turbocad 2019-2018-2017, TurboCad Platinum 21.Using LightWorks, Anilab lab 5. ATI Mobility Radeon HD 4500/5100 and HP all in one desktop with Nvidia Geforce 210, open gl 3.3


* August 03, 2016, 06:52:33 PM
#13
Hi Dean,

Yes, that is interesting & shouldn't be allowed to be honest unless consent is given!

Not sure if that is the issue at hand or not?

Cheers
David

Logged


August 04, 2016, 11:56:11 AM
#14
Willeng,

I am a full supporter of adequate security absolutely. But I think it's more about the perceived value of the target when considering which solution to use.

For instance, I don't own a very nice car. It's decent but nothing special. Therefore I don't have a thumbprint entry system with lojack and yada yada yada on it. Not because I don't want to protect my valuables but because the average car thief is not interested in my vehicle. It's enough to lock the doors so the random passerby can't easily go rummaging through it and steal the $20.00 I keep in the center console for emergencies.

Likewise my machine at home is secure enough. I run malware bytes from time to time and keep Microsoft Security essentials running but I don't need Kaspersky or Eset or some of the other highly aggressive anti-virus programs on it because they cause more trouble than they are worth. Not because they aren't good solutions but because the value of my machine as a target is quite low so the inconvenience of using them outweighs my need for overzealous security.

There have been times in my life, when I worked in other industries, for other employers that my devices were high value targets, as were my coworkers'. At that time I had relentless security, not just on my desktop and laptop but my phone as well. Although it was often a pain in the backside it was not only worth it but absolutely necessary.

Logged


* August 04, 2016, 02:22:53 PM
#15
Hi Travis,

I understand where you are coming from & as usual there are two sides of a coin & also how we think about things as a whole.

There are many who have a lot of personal things on computers, including bank accounts, credit card numbers, identity etc etc even though they are an average joe.
Then you have say TC users that may be prototyping new designs that may well be worth millions to them.
I don't believe that every TC user is a casual user or a retired person that no longer participates in a profession, I am sure that many trades people or prototype designers rely on TC & need security.
The security starts with the program itself not having malware or adware or connecting to foreign companies etc, the implications of these things may be small to some & absolutely devastating to others.

You mention your car, now how about I take that from you & you can't afford another one, then all of a sudden that car was worth more to you than you realized in the first place?

I guess the only way to do it these days is to have TC on another computer that is not online, which is what I will be doing as I do actually have several things I want to design that need to remain in my hands only, as would many other people have I am sure.

Cheers
David










« Last Edit: August 04, 2016, 02:55:15 PM by willeng »

Logged


August 05, 2016, 08:37:45 AM
#16
David,

I totally understand. Our programmers are in Russia though. Not much we can do about having error reports that send info to them. In my opinion it's security's responsibility not to register false positives.

If I own a nightclub and my security is turning away guests that I want in my establishment I'm going to reprimand my security staff not my guests.

The words "potentially unwanted program" come to mind here. It's 'potentially' unwanted, not definitely unwanted. Most security have white lists you can add this stuff too if it interferes with operation. I'm in school for IT with an emphasis in security. Security is about a balance between security and functionality. You may have a drawbridge but you've still got to let shipments of food and goods into your castle right? Just keep an eye out for those trojan horses though!

Anyway I could talk about this stuff all day. Big interest for me.

Love having you on the forums. You've really picked the software up quick and have some great posts. Still hoping for a tutorial on some of those ethereal looking renders!
« Last Edit: August 05, 2016, 08:40:01 AM by TravisFleenor »

Logged


* August 05, 2016, 03:44:39 PM
#17
Hi Travis,

Yeah, we can waste a lot of time keeping this going so it's best to end it here.

Basically what it is saying by "potentially unwanted program" it is or is having or showing the "capacity to develop" into something in the future that is a security threat to everyone.

Personally I think Russia would be the worst place that I would want my details going to seeing that they are the world leaders in computer theft & scams, it's huge business in Russia.

Nuclear weapons also have the "Potential" to destroy the planet or millions of lives, does that make them less of a threat?

Like mentioned it's good to debate a point of view & it's how we look at things also.

Cheers
David





Logged


* August 06, 2016, 06:15:09 AM
#18
Personally I think Russia would be the worst place that I would want my details going to seeing that they are the world leaders in computer theft & scams, it's huge business in Russia.
But the TCW programmers are probably from Russia. He is for the sister product (Designcad). If you're going to worry about that, consider that the computer you're typing on and probably every electronic device you own was manufactured in East Asia -- often China.

Here's something that no one ever mentions about AV. The main way that AV works is by scanning your files for signatures of viruses. But it has to know about the viruses first. People send in copies of infected software and the AV company adds them to their database. This process can take a long time. The Stuxnet virus was probably in the wild for 2 years before it was detected.

The upshot is, if you want to be sure that files you have downloaded do not contain viruses, you need to let them "incubate" on your system for a week or 2. Then scan them, preferably with more than one AV (but not on the same computer, since multiple AV on a computer doesn't work well).

The other way that AV works is by looking for unusual behavior, and then checking to see if that particular software is allowed that behavior. So if a new version of TCW comes out and connects to the internet (don't know if TCW still does this, but it used to), it will be flagged as a virus. In some cases the software manufacture has to go to the AV site and register its new software. But there are so many AV companies, and every update has to be added as well.

Is it possible that the files on your computer were from a trial you used Before purchasing TCW?

Logged
TCW Pro 14.2
TC Deluxe 16.2 Build 53.2


August 08, 2016, 12:09:39 PM
#19
David,

That is not what potentially unwanted program means. It simply means it is a program that displays behaviors that may mean it's unwanted by the user.

"A PUP (potentially unwanted program) is a program that may be unwanted, despite the possibility that users consented to download it. PUPs include spyware, adware, and dialers, and are often downloaded in conjunction with a program that the user wants."

A PUP is only a threat if you don't trust the entity who developed it. It is potentially something you didn't want. It doesn't have the potential to turn from something you do want to something you don't. It will be what it is. If you want it now, you'll want it later, unless your wants change. It isn't going to morph into something it isn't already. Our products aren't security risks nor do we put any third party spyware in our install process like a lot of companies do but because they interface with many different parts of the OS many antivirus flag certain .dlls as PUPs sometimes. It's called a false positive. It's very common with a lot of legitimate software.

The kind of behavior you are talking about requires extremely advanced programming and isn't delivered by viruses. It's delivered in rootkits. Feel free to wiki that stuff. Super interesting.

Essentially, you are the head of security and your antivirus is your security staff. Every time your staff runs across something they think is fishy they will come and ask you if they should do anything about it or not. Some staff you can hire are really suspicious. They worry about every little sound they hear, every guest that comes over. Some are a little more lax. They ignore more and bother you less. Some staff make decisions to exclude guests without even asking you, and they do so really quietly. They don't even mention they refused someone access. These usually interfere with installation and use of some safe programs. It's up to you what kind of staff you want to hire. But, at the end of the day you are the head of security. If you know where a guest came from and you trust the person who sent them over then you can tell your security staff they it's ok for them to be on the premises.
   
I can say with full confidence that nothing delivered in an install of TurboCAD is a security risk, malware or potentially dangerous. Viruses simply don't work like that. Any contact with Russia is due to the fact that our software is written in Russia by Russian programmers who get all the error reports. They are really nice guys, not criminals. I talk to them often. Dave Taylor just got back from visiting them for a week about a month ago. They aren't dropping zero day exploits in the software or anything like that. Besides, if the Ruskies wanted to infiltrate US cyber defenses using a CAD program it wouldn't be TurboCAD. AutoDesk has a lock on the infrastructure market.

Logged


* August 08, 2016, 03:16:58 PM
#20
I support Travis, trust the guy's in Russia, they are great guys, really.

I have got a lot of help from them in my ppm work, i never have any doubt at all to send them my ppm files in example.
Even if i maybe use 1-2000 hour on a file, i trust them.
They write this program, who can know better how to solve a problem with it then them ??

Torfinn

Logged
V18, V19, V20, V21, 2015/ 16/ 17/ 18 Pro. Platinum
Deluxe V20, V21, 2015/ 16/ 17
RedSDK enabled
Windows 10 Home Premium 64 bit, 32 GB
NVIDIA Geforce GTX 780m, 1 GB


* August 14, 2016, 07:56:39 PM
#21


The packager  Win32/Amonetize.WM  isn't necessarily a virus. It can install adware, change your home page, and similar changes. It probably wouldn't compromise your TC performance. Was the downloader part of a trial package, or part of a purchase? From where did you procure it? It's hard to believe that IMSI would ship out a package with adware in it, but some 3rd party site might.

Mark

Hi Everyone,

For a while now I have been having not only TC problems but also strange things happening with my computer since loading TC & the updates.
I just had a computer geek run his brain over my computer to check it out & he installed some software & found three viruses that have been affecting the operation of the computer.
One is:
Log
TurboCAD Professional Platinum Downloader__3687_i1924291908_il254610.exe - a variant of Win32/Amonetize.WM potentially unwanted application - cleaned by deleting [1]

There are two others he said not to mention at this stage as he wants to look into them but they are not good by what he said!

He mentioned NOT to have this one above on my or any computer for that matter, so how do I reload TC without getting this & the others back again?

I require some help so I can reload TC & get to it, if I can reload it without loading viruses with it?

I personally know nothing about it?

Cheers
David

TurboCAD 2016 has a new feature in the Help menu called Show Pop-up Notifications. The "Amonetize.WM" may be related to that. They recently sent out updates to most editions, going back to version 20, to install this feature. When TurboCAD starts, you get a Pop-up window advertising something sold by the TurboCAD Design Group. You can checkmark it to not show, but it still runs in the background until TurboCAD is shut down.

Logged
John R.

V17—V21, 2015—2019
Designer, Deluxe, (Professional, Expert, Basic), Platinum
RedSDK enabled
Windows 10 Pro (1803), 64-bit