Virus Pattern

[midiguitar]

Hi Folks:

I've been lurking for a year or so, picking up all the great tips for this great package.  Two days ago my AVG virus scanner loaded new patterns and ID'd tfp15pro.exe as having the Vitru virus.  After a couple days of confusion and re-installing, I'm suspecting there could be a random code pattern match between TFP and Vitru (or it was in the factory install).  Upon fresh install (after a full uninstall), it pops right up immediately to quarantine TFP.  None of my other EXE or SCR files match Vitru.  Has anyone else seen this?  I guess the other possibility is a system file is infected and TFP is on the hot list of the virus' infection pattern.  I'll add that this appears on two different XP systems, both using AVG.  This virus is treated by reformatting and re-installing everything, so it's not a minor deal for users.   

Joel C.

[Draftcad]

Hi Joel and welcome to the forum,

AVG is well known for false positives. However, I'd suggest that you download and install Spybot http://www.safer-networking.org/index2.html  and Lavasoft http://www.lavasoft.com/
Both are free (and excellent) and will provide good cleaning results
I heard of programs infected with a virus, therefore they act as the virus and they are detected as a virus 

Let us know about the results

Pat

[superfess]

Hi
I have the same problem, did you run the program?

[Doug.S]

If you received TFP from IMSI directly then you are extremely unlikely to have a virus in TFP because there has never been any complaints or reports of viruses in TFP.

BUT, you might have received a bad file from some other source if you got TFP in some other way

And, it is possible you inadvertently downloaded the virus doing something on the www and it settled into TFP...but highly unlikely.

Unless you see virus symptoms (anything running that should not be or sending data when all should be quiet, etc.  Monitor your task manager/processes), most likely it is a false positive and you can set your virus scan tool to ignore TFP in the future.

Virus scanners search for certain code strings and it is possible that string is within TFP but is still safe code.  Run several different virus scan programs to see if it is found more than one time by different virus scanners.

[timf]

I moved from being a long time user of AVG to Microsoft Security Essentials (http://www.microsoft.com/en-au/security_essentials/default.aspx) because of the large increase in false positives and increase in software bloat.

Spybot and lavasoft are great, as is Malwarebytes.

Tim

[Robert W - "robban"]

Now will also McAffe Total Protection report TFP 15 as a Trojan W32/Rimecud.gen.az.
I will reinstall the program and se if it work after that
/Robert

[Robert W - "robban"]

Didn't help to reinstall program

Now will also McAffe Total Protection report TFP 15 as a Trojan W32/Rimecud.gen.az.
I will reinstall the program and se if it work after that
/Robert

[Ray Lilley]

I am also experiencing problems starting TFP.- windows cannot find C:\Program Files\IMSIDesign\TUR------

McAfee window pops up to say
  Trojan Removed
Detected W32/Rimecud.gen.oz
Quarantined from C:|ProgramFiles\imsidesign\turbofloorplan3dhome&landscapepro15\bin

I uninstalled TFP and reinstalled and after starting got the message-:
  Runtime Error
abnormal program termination

Ray

[Doug.S]

You could check with Google and with McAffee to see if they have noted this as a fasle positive.

Also do a search on your PC for any files that might be associated with the virus....and see where they are located.

You can check with other users like us to see if we have a similar file (and same exact file size).

And do you see any suspicious activities from the "virus"?

[Doug.S]

Detected W32/Rimecud.gen.oz

I did a whole C:\ drive search (using search everything) and found no "Rimecud".

So perhaps somehow you picked up this virus and it is still not gone...search your HD to see.

You might need to find an uninstall tool to get rid of the virus....look via Google for how to get rid of the virus.

[Draftcad]

McAfee window pops up to say
  Trojan Removed
Detected W32/Rimecud.gen.oz
Quarantined from C:|ProgramFiles\imsidesign\turbofloorplan3dhome&landscapepro15\bin

This is a tricky malware and what you found is not a false positive. According with Norton, it spreads by copying itself to the shared folder of certain file-sharing applications.
In other words, the worm deleted your TFP folder and replaced the content with the malware. Please, note that you must clean not only yor HD but also all the USBs or RW CDs and DVDs

After you clean all the disks and HDs, I'd suggest to unistall and perform a clean installation of TFP

Pat

[Robert W - "robban"]

Hi Pat Thanks for the info, I have both reinstall McAfee Total protection and TFP 15.1.C1.837 and it look like all is OK now I hope it will stay this way for now. 
Robert

[Draftcad]

Hi Robert,

Glad to know the problem is solved!
I am not a big fan of McAffe. Why this program allowed the malware to invade your system?
I'd suggest to add an extra (and free) real time protection with Lavasoft

Pat