These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

Ships & Modules

 
  • Topic is locked indefinitely.
 

Pyfa 1.16.x trojan infected?
Author
Previous Topic Next Topic
Lord Nyaxx
Duo d'un homme
La Division Bleue
#1 - 2015-11-09 18:41:25 UTC
So, I reaaaally love PYFA for all my fitting need but it seems to me (if I believe my AVG) that the last 2 build have the IDP.ARES.Generic trojan in it, which I google and which look pretty bad to have. Any other persons got this, workarounds? Thanks
Thron Legacy
White Zulu
Scorpion Federation
#2 - 2015-11-09 19:59:25 UTC
whats yo antivirus?
Lord Nyaxx
Duo d'un homme
La Division Bleue
#3 - 2015-11-10 01:03:37 UTC
AVG as stated, free edition.
Nevermind, went back to using EVEHQ, will do as well and didn't cause any alarm from my anti-virus.
A Ingus
Purveyors of Uber Research Valuables and Ships
#4 - 2015-11-11 14:33:04 UTC
ditto
W0lf Crendraven
Federal Navy Academy
Gallente Federation
#5 - 2015-11-11 21:13:42 UTC
could be a form of payback by kadesh (if you dont know, he cheated in the AT and won a few trillion isk, which then all got taken away)
Sobaan Tali
Caldari Quick Reaction Force
#6 - 2015-11-14 09:30:29 UTC
Maybe a false positive as well, and more than likely considering the program in question. Sometimes, an AV will choose caution over trusting a file it isn't completely 100% sure of. That's by design. Just to err on the side of caution, I'd say stick with alternatives like EFT for now until it gets addressed. Programs like PyFa can get flagged by zealous AV's because they -- or a file they contain -- resemble a virus or worm, but only because they operate in a similar fashion despite being legitimate rather than being malicious. Not that your AV is necessarily mistaken, just being protective and prudent.

"Tomahawks?"

"----in' A, right?"

"Trouble is, those things cost like a million and a half each."

"----, you pay me half that and I'll hump in some c4 and blow the ---- out of it my own damn self."
Sable Blitzmann
24th Imperial Crusade
Amarr Empire
#7 - 2015-11-14 22:55:30 UTC
I can assure everyone that this is a false positive. AVG is known for them, and a possible reason this has only just now spring up is because we updated all of the binaries (python, libraries, etc).

It may also be due to the fact that pyfa can now act as a server and opens a port to handle CREST connections. This port is only open when the user requests CREST functions, and shuts down after 60 seconds or when the needed function is completely. AV software may be able to detect this kind of stuff, and thus flag it. I am not too versed on the different ways AV software detects threats.

Regardless, I have notified AVG of the false positive.

W0lf Crendraven wrote:
could be a form of payback by kadesh (if you dont know, he cheated in the AT and won a few trillion isk, which then all got taken away)


I've got to say, this is a pretty pessimistic outlook on things. I have been handling the majority of pyfa development and releases for the past 2 years, along with Kadesh's support. The fact that Kadesh was banned from AT has no adverse effect on pyfa itself.

I would also like to mention that the source code of pyfa is freely available for review. You can see for yourself if worried, and run it through your own python interpreter rather than trusting the release binaries.
Sable Blitzmann
24th Imperial Crusade
Amarr Empire
#8 - 2015-11-14 22:59:09 UTC
Noctaly
Core Industry.
Goonswarm Federation
#9 - 2015-11-15 12:41:52 UTC  |  Edited by: Noctaly
deleted