Trojan in download manager and couatl.exe?

[conchulio]

Hello,

i recently downloaded the "Stand-alone addon manager" to update all my FSDT airports. Everything went well until i started FSX: my antivirus program said the following:

...fsx\fsdreamteam\couatl\couatl.exe (diagnosis: Malware family: Trojan.Win32.Packer.EnigmaProtector1.1X-1.3X (ep))...

Is there something wrong with couatl?

In addition, from the following airports i cant see the buildings anymore: FSDT KORD, KJFK and KLAS. Quite strange is the fact that at FSDT LSZH everything is well...

I checked the scenery library but nothing wrong here...

I would be glad for any kind of support

Sincerly

Conchi

[Bruce Hamilton]

There is nothing wrong with Couatl or the addon manager, but every virus scanner sees it as bad.  You have to exclude it from your scanner.

[Frank Lindberg]

There is nothing wrong with Couatl or the addon manager, but every virus scanner sees it as bad.  You have to exclude it from your scanner.

I have to agree with Bruce  Don't worry.

[conchulio]

ah ok, great!

Well, hopefully my buidings will repear then after i reconfigure my scanner...  thx guys!

Conchi

[virtuali]

Be sure you also install the scenery with the antivirus entirely off because, if you simply configure the scanner to exclude the file in the FSX folder, it will still remove the file when it's in the temporary folder created by the installer (which is always different) so, the file will be blocked anyway at install time.

[Hnla]

It has a Trojan?

  My computer is cluttered enough..

[777captain]

It has a Trojan?

  My computer is cluttered enough..

Read virtuali's post again.

[cmpbllsjc]

It has a Trojan?

  My computer is cluttered enough..

How did you go from the user name "Boone Gorges" with an avatar of a guy to the user name "Brittney" with a pic of a woman?

I didn't know a user could change their user name, avatar yes, but I thought your user name was set in stone. Not that I would want to change mine, but I am curious.

[virtuali]

It has a Trojan?

Are you joking ? Do you think we would know about a trojan in our software, and didn't do anything about it ? It's obviously a bug of the antivirus used.

Not all of them have this problem, only those using aggressive heuristic methods instead of just a database of file that *proven* to be threats, only to brag about the ability to discover viruses not yet discovered. This leads to a lot false positives, like in this case.

So, in fact, the antivirus product is causing more damage than the threat is supposed to stop, since it's preventing you to use a legit software.

[Hnla]

Well I trust my antivirus more than I trust the download because the software company in the .exe is "Unknown" and "Untrusted"

[conchulio]

Be sure you also install the scenery with the antivirus entirely off because, if you simply configure the scanner to exclude the file in the FSX folder, it will still remove the file when it's in the temporary folder created by the installer (which is always different) so, the file will be blocked anyway at install time.

It was only the .exe file. I had my antivirus software running while installing all my FSDT products and none had been detected as a virus or so. I just had to reconfigure the "rules" of the program and everything went back to normal including the buildings which reappeared, fortunately 

[virtuali]

Well I trust my antivirus more than I trust the download because the software company in the .exe is "Unknown" and "Untrusted"

Not valid in our case, since we SIGN all our executable with an Authenticode digital signature certificate, which costs us money every year to renew, just to indicate users the software is NOT coming from an "Unknown".

If your Couatl.exe is indicated as "Unknown", this might indicate exactly the opposite: it has been ALTERED on your hard-disk, and it's not the version we distributed. That's the whole point of having a digital signature in the first place...

If the executable has been altered in your hard disk, this might happen for the following reasons:

1) Your antivirus, which has mistakenly identified it as a thread, also tried to "heal" it, which modifies the file and, of course, will destroy the digital signature, so the file would appear to be made by an "Unknown" publisher.

OR

2) You already had a real virus, that obviously didn't come with our software, that *infected* our exe, and this will also result in the digital signature being invalid.

I can only confirm, the Couatl.exe file which is located on the FSX\fsdreamteam\Couatl folder IS digitally signed, you can check this by right-clicking on it, select "Properties", and see if it has a "Digital Signature" tab. If there's no such tab, or the Digital Signature is reported as invalid, it means the copy you have on your system has been MODIFIED by "something" on your system, as explained above.

[Hnla]

my computer has been acting weird and slow ever since I downloaded couatl.exe

[Anders Bermann]

Come on!
The reason for your 'slow' computer must come from elsewhere...

I have run FSDreamTeam's software quite comfortably for years! WITHOUT any problems!
I have recently ported to FSX, and are also (of course) using couatl.exe without any issues... Just configuring "Microsoft's Security Essentials" (<-- antivirus software in my case!) BEFORE installation, as Umberto already has explained, clears out any problems...

The file 'couatl.exe' IS digitally signed!!!
I've included a screenshot below as proof!

Please! You have absolutely NO reason to distrust the software being provided here...
Besides - FSDT wouldn't stay 'in business' very long, if their software was filled with spyware/malware...

Couatl.exe is NOT malicious, so please just stop ignoring the explanations, by continuing to insist that your performance problems, are caused by software provided here...

[virtuali]

my computer has been acting weird and slow ever since I downloaded couatl.exe

Obviously impossible, since that file is launched ONLY by FSX, and it quits whenever FSX quits, which means it's not possible your computer would become slower because of it.