If You Have Cartes du Ciel - READ THIS THREAD:

[Dave In Vermont]

Hi Folkes:

I had a nasty & malicious surprise tonight. Malwarebytes 3.0 detected a trojan living in my edition 4.0 CdC and informed me it had quarantined the following:

Malware.Ransom.Age...

It stated it had been found in the CdC\exe. And it had removed CdC from my computer. So my copy of CdC is gone. I removed every trace of it manually after that! I'm about to go fire off a **WARNING** email to France on this matter. Now I don't claim to be a computer-geek - by any stretch of the imagination. I know more than the average user, but that's not saying much. But I know some of you folks out there are quite skilled in the field. So I ask some of you to say what you think of this malicious Surprise-du-Jour. I'll give the full story here:

I was using CdC at the time - looking for the current position of the <GRS> on Jupiter as we had a few breaks in the clouds this evening. While using CdC, I noted the program kept crashing on me, losing it's lock on Jupiter and giving me blank screens. And then the warning from the new trial of Malwarebytes 3 I've been running for about 5 days. My generally suspicious nature kicked in here:

I've seen some crooked software-programs that offer you a free-trial run. And these always find a boat-load of viruses - that no other programs ever find - and then want your money to get rid of them. Fly-By-Night software-programs that nobody ever heard of before. So I do know about that brand of crooks. But this is Malwarebytes! They always have been highly respected in the field, so my suspicions I noted, but erred on the side of caution and got CdC all-the-way out of my system. Malwarebytes had removed the vast majority of CdC anyways.

I think that's about all I know. Other people - with more computer-savvy - are encouraged to share their take on what happened to me here. The CdC was installed over a month ago and had given me no problems until this one tonight. I do visit their updates for Comets, Asteroids, and Satellites every day - if I remember to - so maybe something hitchhiked in on one of these? That RANSOMWARE-Flag from Malwarebytes nearly made me jump out of my moccasins!

As Malwarebytes isn't known for giving false-reports to people to get them to buy their goods, and I've still got 8 days of the Free-Trial of their new top-end program that also searches for this new Ransomware threat, I'm feeling I may well cough-up some £$$£'s for the thing.

Thoughts? Ideas? Warnings?

Dave

 

p.s. - my brain feels like this:

 

 

[Juicy6]

If you downloaded CDC from sourceforge I am 100% sure there are no viri or trojans in it.

[Ouroboros]

Dave, I'm shocked and somewhat relieved. I nearly downloaded the new edition of CdC the other day but didn't because I wanted to watch something on TV and decided I didn't have time. Phew!!!  I will hold fire until I know it's safe to download. 

Can you recall where you downloaded it from? I noticed that it seemed to be available from several sites. Is this right? 

You're doing the right thing to let them know. Have you posted this on Cloudy Nights too? 

[iPeace]

Just a thought. What if CdC is just as it always was, with no bad stuff in it, but your new detection software *thinks* it found something bad? In other words, false alarm? Trying to solve a problem that doesn't exist, and meanwhile getting in the way and being a royal pain in the asterism?

If the detection software looks for patterns of behavior that *may* be used for bad stuff, or are often combined to do the naughty, then it's possible that CdC triggers the detection in good faith.

By their very nature, detection programs get in the way. Get. In. The. Way. Not only in the way of bad software, but also in the way of good software. I fully understand that many computer users are willing to put up with this - or have no choice, or at least feel they have no choice.

As for myself, I discovered long ago that if I am going to get anything done with a computer, I have to take full responsibility for what gets installed on it - including prevention of installation of stuff I don't want.

If your cat keeps setting off the burglar alarm...

[Dave In Vermont]

I checked in Google, and it was found on different software-programs for detection of this sort of thing. So it doesn't look like Malwarebytes 3 cooked this up just to sell people some worthless software using fear as it's selling-point. And, as I noted, Malwarebytes is not Johnny-Come-Lately anti-virus/malware software. They've been around for many years and are quite highly regarded.

As was stated, you wonder if it's heuristics have invented this from 'smoke & mirrors' by mistake? Then all these other anti-virus/malware programs out there also 'smell' the same thing. So I, too, ran this possibility through my mind before. That's why I did Google the name 'Malware.Ransom.Age...' before sending-up this flare of warning. I hope it's nothing much. But how would I feel if I had this experience and decided to keep it to myself - and it turned out to be a dreadul thing and peoples' computers were dropping dead like flies?

And yes - I downloaded from SourceForge. That's why I'm suspecting that this 'nasty' came in as a hitchhiker on my daily downloads of the latest data on the telemetry of Comets, Asteroids, and Artificial-Satellites. I also checked the date on the spare zip-file I got from SourceForge: 03-24-2017 (which I scanned - nothing showing). I always scan any new software-programs before using - BUT - I haven't been scanning the daily-data of the movements of Comets, Astero....Etc.

I will see about that!

And that's all I know for now - EXCEPT - I went to the French website for Cartes du Ciel to try to dig-up an email-address for the writers of the CdC itself to inform them of this situation. And suddenly I started getting the same symptoms I got from my copy of CdC (looking for position of the <GRS> of Jupiter - remember?) - screen went crazy, then gave me 1/2 a screen. Nothing responding. Uh Oh!! I got out of there as fast as I could and re-booted my system. I'm runningfull scans right now as I type this.

I'd say that this now qualifies as being more than a little coincidence. I keep my systems quite well and clear of any creepy websites known for bugs, trojans, virus, or other junk! Science & News. I'm enough to bore anyone to death!  

Dave

[Pig]

Nice one Dave keep the info coming 

[iPeace]

Absolutely right to share this with us, regardless of the cause.

If visiting their website triggers detection - or indeed causes the same symptoms, well that is a clear sign indeed.

Conspiracy theories anyone? Who would want to bring the makers of free astronomy software into disrepute?

[Ouroboros]

Regardless of whether this is a false positive or real malware, I for one will not be downloading the latest version until I'm sure it's safe to do so. 

[wxsatuser]

Just been to the site and see no problem with it.

Webroot gives it a green tick, so should be ok.

Think you might be getting a false positive, I get very few false positives with Webroot.

[darknight]

well I still have the latest version installed even though I now no longer use it due to skytech being much better, I'm sure its 100% ok and things like malaware whatsitsface  just picks up false positives due to its no rythimic scans.

when I choose I can run and do 256 bit encryption and detector software and never found it on cdc if downloaded from the direct source.

unfortunately a lot of these programs seem so paranoid theres problems it makes people paranoid themselves.

I have never in around 40 years had a pc/or mac infected with anything. and that's not luck

[MarsG76]

Thanks for the heads up.

 

[Mr Spock]

Malwarebytes can give false positives - I have the premium version. It identifies some programs as PUPs (potentially unwanted programs). This does not mean they are a virus, malware or ransomeware.

For example, if you have AdvancedSystemCare, Malwarebytes is known to remove vital parts of this program. ASC is a suite of programs used by many to keep their systems healthy.

I've just run a scan as a precaution. As you can see below, it found nothing and so my CdC is fine. The detections are from my ASC suite which I have set to ignore - a pain but manageable.

I would suggest you have other problems on your PC - perhaps you have a virus affecting your programs, including CdC. You should run reliable security software now to determine the cause of your problem.

[Mark at Beaufort]

That is interesting Michael @Mr Spock - I have been using Malwarebytes Premium for a few years and it gets updated daily. However, my version is 2.2.1.1043. How did you get version 3.1.2?

[Mr Spock]

3.1.2 is the latest version. It is also a completely new version which has an annual license - maybe yours was a stand alone purchase.

Anyway, well worth the cash. Worth it for the ransomeware protection alone.

[Mark at Beaufort]

43 minutes ago, Mr Spock said:

3.1.2 is the latest version. It is also a completely new version which has an annual license - maybe yours was a stand alone purchase.

Anyway, well worth the cash. Worth it for the ransomeware protection alone.

Thanks Michael mine was an annual license and I have now upgraded to version 3.1.2 and it shows that my account is up to date. I agree with your comment about ransomeware protection which is why I took note of your scan display.

[SilverAstro]

 

3 hours ago, Dave In Vermont said:

before sending-up this flare of warning. I hope it's nothing much. But how would I feel if I had this experience and decided to keep it to myself - and it turned out to be a dreadul thing and peoples' computers were dropping dead like flies?

/

And suddenly I started getting the same symptoms I got from my copy of CdC (looking for position of the <GRS> of Jupiter - remember?) - screen went crazy,

There is no chat on the CdC discussion (yahoo)group about any problem with it. Lots of people there including Patrick (author)

Yep always good to raise a warning, thank you.

No I dont remember the GRS problem, if it has been an ongoing problem for a few days ? I would have expected lots about it on that group by now.

[Dave In Vermont]

Regards running a full anti-virus scan - way ahead of you. I use Zone-Alarm - which is Kaspersky's a-v. Ran the full-scan. 2.5 hours. Nothing showing. Scanned the CdC zip-file and an extracted one. Nothing showing. But as this happened and the only non-scanned software coming into my system has been the updates for the comets, asteroids, and satellites for the CdC - that is what I'm suspecting happened. Something piggybacked in on those?

As I've only had strange things happening when using CdC, and my brief visit to the French website for CdC, it's not something in my computer. I've had zero problems whatsoever. And I'm very security-conscious, running frequent scans and updating my a-v etc.

Malwarebytes 3 identified the location as the .exe of CdC. So I'm taking the cautious road here and not going near such until others with more experience with such give it an all-clear. It wasn't a 'PUP' (possible-unwanted-program). MB 3 identified it specifically as 'Malware.Ransom.Age...'when it sent up it's warning-flag on my screen. And as my MB 3 knew what this was, that might explain why my screen started manifesting the same symptoms on CdC's French website.

We can speculate it's nothing. Or it's paranoia. Or so forth and so-on and Bla! Bla! Bla! - But if I'm going to have anti-virus programs and Malwarebytes 3 and all - I'm going to listen when they send-up a warning and explanation as happened here. Otherwise, what's the point of using these protection-programs in the first place?

Dave

 

PS - SilverAstro: What "GRS problem?" I said I was looking to find the current position of the GRS on Jupiter as I was trying to view same - in between the clouds. CdC has good data on this.

[Mr Spock]

Taking my mod duties seriously, I've just downloaded all the CdC files. Each was then scanned individually with both Malwarebytes Premium and Kaspersky Anti-virus. No detections.

I updated all the elements in CdC. No detections.

I have websites covered by Malwarebytes Premium, Kaspersky Protection, OIbit Surfing Protection and Ads Removal and Bitdefender Traffic Light. CdC website is clean. Sourceforge threw up 44 ads removed and tracker Comscore Beacon but no threats.

I have no answer for what happened to you but as far as I can see, CdC, it's website and downloads are all clean

[r3i]

Just done a scan with Malwarebytes on my laptop where I have CdC V4 installed - no problems detected.

[groberts]

By co-incidence I had downloaded v4.0-3575 on two laptops on Friday + updated the comet catalogue.  I use AVG anti virus/malware and had no problems reported + CdC itself is working fine + just re-scanned both machines without any issues.

These things can spook you and Dave is right to take it seriously but in this complex world of computers strange / unexplained things do happen.  The evidence seems to point to a false positive but will watch this tread just to make sure.

 

[Bizibilder]

Just downloaded CdC V4 myself and no issues at all with Malwarebytes or my AV software.  The download was initiated from the CdC website.  Seems that the issue is with the OP on this one.

[Alien 13]

Another one trying it for the first time in many a year, downloaded ok no threats with win defender on win 10.

Alan

[Dave In Vermont]

Maybe it was a fluke? I don't know. But it strikes me as strange this only cropped up when I was using CdC and visiting their site. Run full scans - nothing detected anywhere.

I'll re-load CdC and see what happens. If the Malwarebytes 3 goes off on CdC again - what do you suggest? My Zone-Alarm/Kaspersky's didn't say a word. Just MB 3.

Weird -

Dave

[Mognet]

If it happens again, then it's probably worth reporting it to Malwarebytes as a probable false positive detection. I couldn't find a link on their site, but antivirus providers usually do provide a method of reporting.

False positives do happen from time to time. I've seen it happen with my employers software product, and I've read of a number of others too.

[Stub Mandrel]

6 hours ago, iPeace said:

Just a thought. What if CdC is just as it always was, with no bad stuff in it, but your new detection software *thinks* it found something bad? In other words, false alarm? Trying to solve a problem that doesn't exist, and meanwhile getting in the way and being a royal pain in the asterism?

That was my thought, things get flagged as false positives by 'heuristics' that look for things that appear to behave like malware, and these are probability based so sometimes get it wrong. If Malware Bytes threw up a false positive (Does Cartes du Ciel have a 'begging screen' looking for paypal donations - could be interpreted as 'ransomware'?) it's attempts to remove/halt the program wcopuld have nee the caus eof the crashes.