• Effective immediately we will be deleting, without notice, any negative threads or posts that deal with the use of encryption and streaming of scanner audio.

    We've noticed a huge increase in rants and negative posts that revolve around agencies going to encryption due to the broadcasting of scanner audio on the internet. It's now worn out and continues to be the same recycled rants. These rants hijack the threads and derail the conversation. They no longer have a place anywhere on this forum other than in the designated threads in the Rants forum in the Tavern.

    If you violate these guidelines your post will be deleted without notice and an infraction will be issued. We are not against discussion of this issue. You just need to do it in the right place. For example:
    https://forums.radioreference.com/rants/224104-official-thread-live-audio-feeds-scanners-wait-encryption.html

WARNING Infected GRE CD

Status
Not open for further replies.

DaveNF2G

Member
Premium Subscriber
Joined
Jan 23, 2001
Messages
9,176
Location
Rensselaer, NY
#1
The CD I received with a new GRE PSR-800 was infected with a virus.

Infected file: EZScanCD.exe|[Armadillo]

Threat: Win32:MalOb-CA[Cryp]

The infected file is the autorun menu for the programs on the CD and does not show the "|[Armadillo]" as part of its filename in Windows Explorer. The only way to detect the infection is to scan the CD. People might not be inclined to do so on a commercial CD received from a reputable company, but somebody has managed to victimize GRE.
 

DaveNF2G

Member
Premium Subscriber
Joined
Jan 23, 2001
Messages
9,176
Location
Rensselaer, NY
#4
No, it is not.

If you install the EZScan software from the infected CD, your computer will be infected. I know because I ASSumed it was false and went ahead anyway. My laptop lost its ability to communicate via USB or Ethernet, applications that could be used to repair the damage would not start, and various drivers were disabled or removed randomly on subsequent bootups. I very nearly had to reinstall Windows XP before I got the mess cleaned up, after several hours of work.
 
Joined
Mar 2, 2004
Messages
196
Location
Oakland, Michigan
#5
I gave the GRE CD to our IT people, a group that manages PC security for a fortune 500 company. They came back and told me CD is fine, no viruses.

Stop the spread of misinformation, there is no virus in the GRE CD. If you experienced issues after installing the GRE software, I would look else where.
 
Last edited by a moderator:

loumaag

Silent Key - Aug 2014
Joined
Oct 20, 2002
Messages
12,911
Location
Katy, TX
#9
Okay, this is silly (not the OP, the reaction).

Folks, if there are any more snarky comments made, I will just issue infractions. No warnings. If you know the OP is wrong, just move on, if you think he is right and have nothing to really add, just move on.
 

DaveNF2G

Member
Premium Subscriber
Joined
Jan 23, 2001
Messages
9,176
Location
Rensselaer, NY
#10
I would like the geniuses who swear the virus alert is false to explain the chaos that was invoked on my laptop after I used it.
 
Joined
Feb 19, 2013
Messages
283
Location
rome georgia
#11
there allways the possablty a hacker could acess certain programs that have backdoors or some butthead at main store or facorty infected it themself it has happend but not often just hope nomore go thru that sorry too hear about that its why i mainly run linux
 
Joined
Mar 14, 2004
Messages
264
#13
this is precisely why I have a VM that i clone for software installs, and if something bangs it up...I close the window.
 
Joined
Apr 21, 2005
Messages
658
Location
Caribou, Maine
#15
"False Positives" can be just as damaging as a real virus (or malware). About four years ago, the anti-virus program that I was using suddenly decided that I had two files in the Windows System32 directory that were "infected" and quarantined and deleted them all by itself. Within about two minutes the two files which were part of Windows were needed by the operating system and the machine crashed. When restarted the machine refused to start up because the files were "damaged or missing". Luckily, I was able to put the drive in another machine and replace the missing files from a backup. Needless to say as soon as I started the machine again I uninstalled the anti-virus software (which I won't identify) and installed another vendor's anti-virus software. By the way, I have seen false positives on many different anti-virus and anti-malware programs. One of the programs that I use will upload a copy of what it thinks is malware to the company for analysis. Several times after a few days it has politely asked if I want to restore the program which had been quarantined.

Mark
 

rdale

Completely Banned for the Greater Good
Joined
Feb 3, 2001
Messages
11,356
Location
Lansing, MI
#16
Dave's symptoms don't match what that malware is known for doing, so I think Mark has it right.

Time for a new anti-virus package.
 
Joined
Mar 8, 2004
Messages
52
Location
Northern Westchester County, NY
#17
Well......

Just scanned the CD copy I have for the 800; it was burned for me by a recent recipient so should be fairly current, plus my archived copies (Disclaimer: I don't have any GRE scanners, but I have friends who ask me from time to time if I can can take a look at theirs or program them). I use AVG as my security software, which seems to not be too trigger happy. I found the same file present. My friend has not reported any issues with his installation on his machine. I didn't feel up to trying to install from the CD I have and risk any of my machines. I'm not faulting GRE, but two reported incidences means that there is a possibility of a corrupted batch of CD's. That is all Dave is trying to get across, not that there is some sort of conspiracy. I even scan my Moto software hard copies prior to installation; I am not paranoid, just prudent. If you cannot reproduce it on your copy, then assume your copy is not affected and go ahead and use it. But scanning ANY installation CD is ALWAYS a good idea; I even scan files I download from CNET. Doesn't cost me anything extra but the time, and the potential for avoiding harm outweighs any inconvenience. Don't be haters 'cause the brother's sounding the alarm; Dave did it to alert to the possibility of an issue. 'Nuff said.
 
Joined
Feb 19, 2013
Messages
283
Location
rome georgia
#18
i wasnt i just know that like with any tech bizz when they fire someone who does that stuff or hes mad ect he can build currpt stuff burn it too a cd or many cds its how alot of pc get infected and that cause botnets too be built i avg too awsume software only AV ill use on windows but ima linuxman at heart i just hope they get thing fixed forem i hate seeing this kinda stuff its sad thought but happends alot ;/
 

DaveNF2G

Member
Premium Subscriber
Joined
Jan 23, 2001
Messages
9,176
Location
Rensselaer, NY
#19
To those who attributed positive motives to my original posting, I say 'thank you.' You are correct. I am a happy GRE (and Uniden and Radio Shack) customer with no axe to grind against any of those companies. I am not Chicken Little. I still have the CD and if anyone nearby would like to scan it themselves, we can meet over coffee or something so you can see that the alert was genuine.

As to whether or not my choice of AV software is problematic, I would be more concerned about virus scanners that failed to identify threats, even if said threats were remote.

Right after a Moderator warned about snarky comments, I made one of my own ("geniuses") and for that I apologize. I plead incompetence due to illness (severe head cold) at the time. :)
 

mikey60

Member
Premium Subscriber
Joined
Sep 15, 2003
Messages
3,512
Location
Oakland County Michigan
#20
The CD I received with a new GRE PSR-800 was infected with a virus.

Infected file: EZScanCD.exe|[Armadillo]

Threat: Win32:MalOb-CA[Cryp]

The infected file is the autorun menu for the programs on the CD and does not show the "|[Armadillo]" as part of its filename in Windows Explorer. The only way to detect the infection is to scan the CD. People might not be inclined to do so on a commercial CD received from a reputable company, but somebody has managed to victimize GRE.
Armadillo is a software protection system. I use it with my PSREdit software to handle the licensing control on the software. It will also encrypt the program code as part of it's protection.

What sometimes happens is a malware author will create a malware program and protect it using Armadillo. Some of the AntiVirus programs that are out there then see the Armadillo signatures and include them in their signature data files. When that happens, any software that uses the Armadillo package to protect their software are likely to be detected as the malware, even though no malware exists.

I've had this happen on a couple of occasions with my PSREdit software, where I can say with 100% certainty there is no malware. Since the listing above shows Armadillo, I'd say it's likely that this is a false positive on the anti-virus software you're using, which will probably be corrected in the near future with any updates that are applied to the signature files.

Mike
 
Status
Not open for further replies.
Top