Kaspersky Alarming Virus Warning

Post your bug reports here. Include information that helps us to understand and reproduce the bug.
ben8238723
Posts: 8
Joined: Wed Nov 30, 2016 11:46 pm

Kaspersky Alarming Virus Warning

Postby ben8238723 » Thu Dec 01, 2016 2:19 pm

I installed 10.1 update with no problem yesterday afternoon but this morning woke up to these virus notices and a locked down computer which demanded disinfection from:

FCOutDrw.dll Trojan-Banker.Win32.Banbra.vdfk
FontCreatorSetup.exe/data0083 Trojan-Banker.Win32.Banbra.vdfk
FontCreatorSetup.exe UDS:DangerousObjectMulti.Generic

You can see how it's reported in VirusTotal here:
https://www.virustotal.com/en/file/f2b5 ... 480601892/

I hope and presume this is a false alarm, but obviously for Kaspersky users this is a problem.

Bhikkhu Pesala
Top Typographer
Top Typographer
Posts: 6359
Joined: Tue Oct 29, 2002 5:28 am
Location: Seven Kings, London UK
Contact:

Re: Kaspersky Alarming Virus Warning

Postby Bhikkhu Pesala » Thu Dec 01, 2016 2:38 pm

Yes, of course it's a false alarm. If I am not mistaken you can run FontCreator 10.1 without this DLL, but the preview of outlines will not be quite as smooth.

Is it your experience that FontCreator runs, or does it fail to start due to the missing DLL?
My FontsReviews: MainTypeFont CreatorHelpFC10.1 Pro + MT7.0 @ Win10

Patrick Schoenbach
Posts: 15
Joined: Sat Feb 06, 2016 2:36 pm

Re: Kaspersky Alarming Virus Warning

Postby Patrick Schoenbach » Thu Dec 01, 2016 6:26 pm

Confirmed.

Erwin Denissen
Moderator
Moderator
Posts: 6087
Joined: Fri Oct 04, 2002 12:41 am
Location: De Bilt, The Netherlands
Contact:

Re: Kaspersky Alarming Virus Warning

Postby Erwin Denissen » Thu Dec 01, 2016 7:05 pm

Another customer just forwarded a report from Anti-Virus Lab, Kaspersky Lab HQ:

Thank you for sending a file for analysis to the Anti-Virus Lab.

Kaspersky Anti-Virus has scanned files.

No malware detected in files:
FontCreatorSetup.exe

We will thoroughly analyze files. If the result of the analysis is different from this scan result, you will be notified via email within 5 days.

This is an automatically generated message. Please, do not reply to it.
Erwin Denissen
High-Logic
Proven Font Technology

ben8238723
Posts: 8
Joined: Wed Nov 30, 2016 11:46 pm

Re: Kaspersky Alarming Virus Warning

Postby ben8238723 » Fri Dec 02, 2016 5:41 am

Bhikkhu Pesala wrote:If I am not mistaken you can run FontCreator 10.1 without this DLL, but the preview of outlines will not be quite as smooth.

Is it your experience that FontCreator runs, or does it fail to start due to the missing DLL?


FontCreator does still run, and very oddly having the virus scanner delete FCOutDrw.dll fixed a rendering problem I was seeing and reported here. So maybe the font isn't as smooth in preview, but it actually looks right/better, it isn't screwing up when displaying overlapped curves.

Erwin Denissen
Moderator
Moderator
Posts: 6087
Joined: Fri Oct 04, 2002 12:41 am
Location: De Bilt, The Netherlands
Contact:

Re: Kaspersky Alarming Virus Warning

Postby Erwin Denissen » Fri Dec 02, 2016 7:47 am

ben8238723 wrote:
Bhikkhu Pesala wrote:If I am not mistaken you can run FontCreator 10.1 without this DLL, but the preview of outlines will not be quite as smooth.

Is it your experience that FontCreator runs, or does it fail to start due to the missing DLL?


FontCreator does still run, and very oddly having the virus scanner delete FCOutDrw.dll fixed a rendering problem I was seeing and reported here. So maybe the font isn't as smooth in preview, but it actually looks right/better, it isn't screwing up when displaying overlapped curves.

FCOutDrw is a new dynamic linked library (DLL) which is used to draw smooth glyph outlines. If the file is removed, FontCreator will use the old drawing method.

The new method uses the even-odd rule when it comes to determining whether an area is inside or outside while the old method uses the non-zero winding rule.
See: https://en.wikipedia.org/wiki/Nonzero-rule
Erwin Denissen
High-Logic
Proven Font Technology

ben8238723
Posts: 8
Joined: Wed Nov 30, 2016 11:46 pm

Re: Kaspersky Alarming Virus Warning

Postby ben8238723 » Fri Dec 02, 2016 2:41 pm

Erwin Denissen wrote:The new method uses the even-odd rule when it comes to determining whether an area is inside or outside while the old method uses the non-zero winding rule.
See: https://en.wikipedia.org/wiki/Nonzero-rule


Thanks for the detailed explanation. Just curious, why would the new method use the even-odd rule? Is it to try to highlight and discourage people leaving curve overlaps in a font or something? Ultimately the fonts seem to render okay either way when used as a font, but maybe it's bad form.

Erwin Denissen
Moderator
Moderator
Posts: 6087
Joined: Fri Oct 04, 2002 12:41 am
Location: De Bilt, The Netherlands
Contact:

Re: Kaspersky Alarming Virus Warning

Postby Erwin Denissen » Fri Dec 02, 2016 2:44 pm

The new method uses the graphical device interface to draw outlines, which should be faster, and is smooth. The downside at the moment is the fact we can't change the fill mode.

oldnewdraw.png
oldnewdraw.png (13.74 KiB) Viewed 306 times

The first line is drawn with the old method, the second line is the improved one.

The "F" consist of a single contour that is self-intersecting.
Erwin Denissen
High-Logic
Proven Font Technology

KaizenNeko
Posts: 6
Joined: Sat Feb 15, 2014 8:29 pm

Re: Kaspersky Alarming Virus Warning

Postby KaizenNeko » Thu Dec 08, 2016 12:34 pm

Bumping this to make a note that Windows Defender is now also flagging and removing it.

Windows 10 Pro
Definitions version: 1.233.1718.0

Erwin Denissen
Moderator
Moderator
Posts: 6087
Joined: Fri Oct 04, 2002 12:41 am
Location: De Bilt, The Netherlands
Contact:

Re: Kaspersky Alarming Virus Warning

Postby Erwin Denissen » Thu Dec 08, 2016 12:45 pm

I've just scanned all files with Windows Defender version 1.233.1724.0 and it didn't find any issues.

What file(s) are flagged on your system?
Erwin Denissen
High-Logic
Proven Font Technology

Leon Gauthier
Posts: 53
Joined: Thu May 07, 2015 6:07 am

Re: Kaspersky Alarming Virus Warning

Postby Leon Gauthier » Thu Dec 08, 2016 8:44 pm

In Windows 10.1 Pro, Windows Defender just flagged FCOutDrw.dll as a Trojan on my machine ...
More precisely, it said:
"There is a problem [TrojanSpy:Win32/Banker] in [FCOutDrw.dll] You should run a full system scan to fix it." Even now after I removed the file from quarantine.

I am looking for ways to alert Microsoft.

MikeW
Posts: 346
Joined: Mon May 20, 2013 2:51 pm

Re: Kaspersky Alarming Virus Warning

Postby MikeW » Thu Dec 08, 2016 10:23 pm

My PC gets scanned everyday by Win Defender. I just did a manual scan on the SysWOW64 folder and there was no issue even though the noted DLL is present. Also Win 10.1 Pro.

Weird.

Mike

Erwin Denissen
Moderator
Moderator
Posts: 6087
Joined: Fri Oct 04, 2002 12:41 am
Location: De Bilt, The Netherlands
Contact:

Re: Kaspersky Alarming Virus Warning

Postby Erwin Denissen » Thu Dec 08, 2016 10:33 pm

Can you send that file to us, so we can compare it with ours?

Or upload it to https://www.virustotal.com/ and let us know the processed url.

We've just uploaded it at:
https://www.virustotal.com/en/file/1e16 ... 481236460/

SHA256: 1e1667da19564b097fc5497d53d40f230640956a452f4833c118d9bf5cbf21fd
File name: FCOutDrw.dll
Detection ratio: 0 / 54
Analysis date: 2016-12-08 22:34:20 UTC
Erwin Denissen
High-Logic
Proven Font Technology

Leon Gauthier
Posts: 53
Joined: Thu May 07, 2015 6:07 am

Re: Kaspersky Alarming Virus Warning

Postby Leon Gauthier » Thu Dec 08, 2016 10:53 pm

I performed a complete scan with Windows Defender and it listed more items associated with this detected "Trojan":

containerfile:C:\Users\Nick\AppData\Local\Temp\FontCreatorSetup.exe
containerfile:C:\Users\Nick\Downloads\FontCreatorSetup.exe
file:C:\Users\Nick\AppData\Local\Temp\FontCreatorSetup.exe->(inno#000083)
file:C:\Users\Nick\Downloads\FontCreatorSetup.exe->(inno#000083)

Which I suppose are just the locations of where this dll came from although I do not understand why the setup.exe is in two different places..

Erwin Denissen
Moderator
Moderator
Posts: 6087
Joined: Fri Oct 04, 2002 12:41 am
Location: De Bilt, The Netherlands
Contact:

Re: Kaspersky Alarming Virus Warning

Postby Erwin Denissen » Thu Dec 08, 2016 11:00 pm

Can you upload them to virustotal, or send them to me?

We've just released another maintenance release, so I wonder what Defender has to say about it. On my system it all runs just fine :o
Erwin Denissen
High-Logic
Proven Font Technology


Return to “FontCreator - Bug Reports”

Who is online

Users browsing this forum: No registered users and 2 guests