FSX and Anti-Virus software. Oops...

[PRB]

I knew better than this. I think… My Flight Sim computer has never had any anti-virus or anti-malware software beyond what came with Windows 7. I don’t use that computer for much beyond flight simming anyway. But, this past weekend my Win10 laptop went into drydock and I was researching how to “root” an old Galaxy 5 phone that don’t use anymore. I thought I might turn it into a dedicated car GPS. All the YouTube videos on this started by saying I had to “root” it first. So it was while researching on how to “root” my phone that I got hit with one of those “Your computer has been locked. Call Microsoft support at 1-900-123-4567...” scams. Luckily it didn’t take over my computer, and a BleachBit pass cleaned it. After that I decided to install Kaspersky anti-virus on that machine. I already had it on my Win10 laptop and I bought two licenses, so I was all good there. As soon as I installed it I ran a full scan. Bad idea…

Kaspersky flagged MANY of my payware airplane installers. The message I got for each of them was: “Not a virus, but… this file has been identified as having remote administration capabilities and could be used to screw you”. Something like that. The odd thing is, in some cases Kaspersky allowed me to add this .exe file to an exclusion list, but in other cases it just flat out deleted them! So it just deleted several payware installers! I expect the “remote administration” software it found in those files is related to piracy detection, and that’s an entirely different, and interesting, discussion for another time… But it gets worse.

FSX will no longer start. I get the welcome screen, but that’s it. I shut down Kaspersky and restarted the computer, with no change. Kaspersky must have deleted something important… All the files it said it deleted, in the logs it produces, were in my archive of saved aircraft installers and downloads, not in the FSX installed location. And you can’t get the deleted files back anyway. They’re gone forever.

So my guess is that Kaspersky deleted some “suspicious” files and dlls from various aircraft in my SimObjects folder and didn’t tell me about it. You know, those dlls with “remote administration” code in them… Hmm. Anyway, my next step will be to start deleting planes from my SimObjects folder, one by one, to see if that allows FSX to start again.

[Moses03]

Sorry to hear that Paul. I guess a system restore is not an option?

Anyways, hope you get it sorted.

[Hanimichal]

I have Kaspersky for 5 years now, they have exelent suport.
When the Kaspersky not aloed me to instal the FSX@WAR I have mailed the team suport about this and they did they job in next they back me telling is was just a false positive, and they updated the antivirus in next I have instaled it without problems

[erican2]

I have ran Kaspersky for years without any problems, Have a look in the quarantine section and you should be able to reinstate them and add them to the exclusion list.
Open Kaspersky/more tools/quarantine.
If you are lucky your missing files should be in here.

[PRB]

Sorry to hear that Paul. I guess a system restore is not an option?

Anyways, hope you get it sorted.

System restore would be an option, but it hasn't come to that yet. As for the aircraft installers that it deleted, I have all that stuff backed up, so I haven't lost anything there. I just don't know what it deleted from the FSX installation.

[PRB]

I have Kaspersky for 5 years now, they have exelent suport.
When the Kaspersky not aloed me to instal the FSX@WAR I have mailed the team suport about this and they did they job in next they back me telling is was just a false positive, and they updated the antivirus in next I have instaled it without problems

I have ran Kaspersky for years without any problems, Have a look in the quarantine section and you should be able to reinstate them and add them to the exclusion list.
Open Kaspersky/more tools/quarantine.
If you are lucky your missing files should be in here.

Kaspersky is a great tool, and I have spoke to them a couple of times and they have indeed been very helpful. I may do so again... Strange thing is, during the scan, it would sometimes ask me if I wanted to delete something, ignore it, or add it to the exclusion list. But in other cases, it just deleted them without asking. In the list of stuff it deleted, I didn't see anything from the FSX install location, just aircraft installers, which were located in a different place. It did ask about a dll in my gauges folder, and I selected to add it to the exclusion list. I don't think I looked at the actual quarantine list, yet. I'll go find that next.

[Dangerous Beans]

Hi Paul, I cant help with your FSX problem but as for the popup that started the whole thing I'm 99.99999% sure it was fake and part of a tech support scam.

It hadn't locked your PC and at most had just locked that particular session of the browser which can be fixed by going to the task manager and closing it.
Most of these type of scams originate in India and the problems start when you call the number.

There are quite a few Youtube channels dedicated to messing with these scum bags and are well worth a look see if you want to find out more.
My favourite at the moment is Jim Browning https://www.youtube.com/channel/UCBN...AprVcZZ3ic84vw he's a real hero in the scam baiting scene that really deserves more subs than he currently has.

[PRB]

Hi Paul, I cant help with your FSX problem but as for the popup that started the whole thing I'm 99.99999% sure it was fake and part of a tech support scam.

It hadn't locked your PC and at most had just locked that particular session of the browser which can be fixed by going to the task manager and closing it.
Most of these type of scams originate in India and the problems start when you call the number.

There are quite a few Youtube channels dedicated to messing with these scum bags and are well worth a look see if you want to find out more.
My favourite at the moment is Jim Browning https://www.youtube.com/channel/UCBN...AprVcZZ3ic84vw he's a real hero in the scam baiting scene that really deserves more subs than he currently has.

Rgr that DB. It was only the browser that was locked. A reboot and a BleachBit pass cleared everything. And I have been watching those U-Tube videos where people mess with the scammers. Very entertaining indeed...

[PRB]

Well, I'm back up and running with FSX. First, I found Kaspersky's quarantine control panel and restored the one (1) file that it deleted from my FSX install directory that was preventing FSX from starting. It was from a popular payware outfit, which will remain un-named here, in the interest of "fire prevention", lol... The first time I restored it, it was immediately deleted again. So I had to tell Kaspersky not to delete stuff it thinks is dangerous without asking, and then restore it again. And I restored all the installers it deleted from my archive of downloaded planes. And I set Kaspersky to not load and start scanning automatically when the computer boots. That's ok for the Win10 laptop, but not for this flight sim box (obviously).

[Moses03]

Great to hear Paul. You have to keep an eye on those Russian virus guys...