At 5:00 PM pst I found a trojan horse virus in the ShopBot control software download. Please do not download software until Shopbot corrects this.
I have alerted ShopBot about this virus.

Doug Dodd
FSR Custom WoodWorks

Hello Doug,

Which version did you download? From the SB control software version release notes posted on Shopbot's website:


Version 3.6.10
> Change Firmware loader name because of similarity to spyware name
> Fixes rare but errant behavior in 3D file that resulted from some optimization code (only one report)
> Fixes problem with file pauses/stops in drilling files; in general better reliability of file pauses/stops that occur in midst of Z actions


Did you download 3.4.27 or 3.6.38 when you got the virus alert?

Gerald

Doug- when you say "you found", what program were you running that found the virus, and what virus did it say was detected?

I loaded Version 3.6.36 on Friday and McAfee has not reported anything (yet).


D

I downloaded 3.6.38 and I was using BitDefender AntiVirus Pro 2011. The trojan horse that was found was in SBparts\Custom\????. The final location changes each time I run the installer. The virus name is "Gen:Trojan.Heur.bm0.sbL@GKmig".
I hope this is an error with BitDefender but I felt that it is better to announce it and be wrong than to not say anything and let it spread.

Doug Dodd
FSR Custom WoodWorks

I downloaded 3.6.38 and I was using BitDefender AntiVirus Pro 2011. The trojan horse that was found was in SBparts\Custom\????. The final location changes each time I run the installer. The virus name is "Gen:Trojan.Heur.bm0.sbL@GKmig".
I hope this is an error with BitDefender but I felt that it is better to announce it and be wrong than to not say anything and let it spread.

Doug Dodd
FSR Custom WoodWorks


Management, are you watching this thread? It seems to me that we either need a reassurance from Shopbot that this is a false alarm, or else we have a problem that needs attention.

Malware is no joke

Gerald

P.S. I downloaded 3.6.38 this morning and scanned it with Microsoft Security Essentials, showed no problems found.

Hello Doug- thanks for the extra info.

If the virus program is finding a file with the extension ".sbp" or ".sbc" you can "reasonably" safely ignore the warning.

Only one EXE file is located in the Custom folder on my computer: "MyVars.exe". Its function is not clear to me, if your virus warning is pointing to that file that may be more serious. Does anybody know why this file exists? There appear to be no other EXE or DLL's there (my settings are to show all hidden files, system files, etc).

SBP and SBC files are text and can be examined manually (use open with..), while it conceptually possible some script kiddie has cleverly modified one of the custom commands to spread a virus, it is very unlikely. Even then only about 4 or 5 of the files in the custom folder get used often. (XYfind home, ZZero, Spindle on/off, Spindle warmup, etc) For a virus writer that would be fairly worthless.

I am not personally familiar with BitDefender, I suspect is is false triggering on either extensions, or legitimate SBP commands in the files. Modern virus detectors mostly look for virus-typical patterns not actual viruses.

It would be worth noting which files it flags each time and see if these are text files or some other file type that may indeed be a virus.

Hope that helps-

D

This appears to be a false alarm. We have doubled checked and there is not a threat with installing ShopBot control software. It could be the case with Doug that this virus was on his computer in the custom folder and when ShopBot software was being installed his virus protection found this file when SB3 was updating the folder.


Dana,
The MyVars.exe is used to update the myvariables.sbc file. You can see its usage in the MTC.sbp and the drill offset.sbp file.

Hi Dana,

The MyVars.exe file is used to replace variables in the my_variables.sbc file from another sbc file. Basic usage, from the "Drill Offset.sbc" file:

&name = "c:\SbParts\TempVar.txt"
OPEN &name FOR OUTPUT AS #1

' write some variables to the file and close it - then call:

Shell "C:\SbParts\Custom\MyVars.exe c:\SbParts\TempVar.txt"

Ron

I'm also using Bit defender, and ran into the same thing. It's not actually a Trojan virus but a part of the program to adjust variables. Open the virus program up in an editor and you can see. I also asked the same question, and SB got back with me on what it was.