I16FM.dll is reported as infected with malware

As stated above, ESET shows that I16FM.dll is infected with Win64/Packed.VMProtect.IR. I tried repairing but it doesn't help even when set to download through HTTP.

Same here!

here is also what virustotal says about it:

https://gyazo.com/505ce46ffa32db1dcdd75a7882905b7e

will deactivate the plane until this is safe.... was in the hotfix update. Previously it was ok.

It has been said that there are infections in latest updates in world.dll and DCS.exe files.

I16FM.dll is reported as infected with malware

Its behavioral...it says ony that it is packed.

Packed means that the coders don’t want to make it easy for others to analyze/reverse engineering the dll.

By it self it does not mean the file is a malware.

Many malwares are packed in order to make it difficult for the defenders to analyze it, but also many legitimate programs are packed because of copyright reasons.

Vmprotect is one of the best packers and the most difficult to defeat

After a restart even Windows Defender has a problem with it, if someone is surprised by not passing the Integrity Check next time.

Add me to the list:

It is a false positive,

 

please add dcs to your exclusion or wait for your antivirus definitions to update.

 

thank you

That's what they all say. First it's 'false positive', then they give you an address to send all your Rubles...though given the state of the Ruble maybe not...

:music_whistling: :pilotfly:

I find it worrying as well. Why is it identified as a trojan if it is not using the characteristics of a trojan?

I find it worrying as well. Why is it identified as a trojan if it is not using the characteristics of a trojan?

This is not uncommon, and goes back to the way virus scanners really work; it's not like they do DNA testing. One of my companies new releases triggered an algorithm once; took a little wile to get it resolved.

Honestly, there's not much to worry about. It's an annoyance, and as BN says, you can call it safe, or you can wait for the scanners to update. The latter is 'safer' if you don't fly the I16 every day.

I know how virus scanning works and lately I've been crashing helos when I need a break, so I'm waiting for the scanner to update.

I find it worrying as well. Why is it identified as a trojan if it is not using the characteristics of a trojan?

Because it's not that simple and straightforward?

Hi

I know this topic is a year old but just tonight eset again flagged this as the same vmprotect.  Seems odd that something that has been working fine for ages and that i fly regularly and has received no updates FOREVER... suddenly has characteristics that are flagging a positive, false or otherwise...  Anyone else seeing same?

I have found a problem with that file. It is recognized as malware by eset antivirus. So it removes and then the new update cannot continue... @BIGNEWY can you put a little of light in this please? I didn't have any problem before with this module.

5 hours ago, BIGNEWY said:

Hello, 

it will most likely be a false positive. 

You can either exclude it from your antivirus, or submit the file to your antivirus provider for inspection. 

We have not had any issues with our testers reporting it as a problem. 

thanks

Eset's real time file protection deletes the file before the updater even completes, so there is no file to submit. And "most likely" isn't exactly reassuring. Sounds like you are making an educated guess.