Date   

Re: To everyone reporting that Commander has stopped working because their Anti-malware has reported it to be infected with a virus

Steve K8JQ
 

How does one open Windows Defender to see anti-virus activity?

I see a Start menu listing for "Windows Defender Firewall with Advanced Security on Local Computer" but that does not seem to deal with the anti-virus part of Windows Defender.

Steve, K8JQ


On 4/5/2020 11:57 AM, g4wjs wrote:
On 05/04/2020 16:47, Carl Licari-NX5T wrote:
I'm not getting a malware alert. When I try to launch DxLab it says commander. exe does not exist.
I don't have CI-V Commander1453.exe, the latest I have is CI-V Commander 1440.exe and cannot get the update installed.
Any ideas?

Thx
Carl
NX5T

Carl,

open up Windows Defender, go to History, check Quarantined items, press the View details button. Locate the entry for the quarantined Commander.exe (probably labelled Trojan:Win32/Azden.B!cl), select it and press the Restore button.





Re: To everyone reporting that Commander has stopped working because their Anti-malware has reported it to be infected with a virus

g4wjs
 

On 05/04/2020 17:50, Peter Laws wrote:
On Sun, Apr 5, 2020 at 11:11 AM g4wjs <bill.8@...> wrote:


that's OK but in my opinion it is much easier to simply tell Defender to
restore the file it quarantined.
Sure, if that's an option.  I was not offered that option.  As I
mentioned in another thread, Windows Defender seems to have changed
how it operates.

Hi Peter,

Windows Defender seems to have two modes of operation. If it quarantines something via its so-called realtime protection it adds the item to the quarantined items list. OTOH if it quarantines something as a result of a scan, it puts it into another list where the restore action is confusingly called "Allow". Either way, restoring or allowing, gets the quarantined item released and restored in my experience.


--
73

Bill

G4WJS.


Re: The Sky is falling

Tom Schaefer NY4I
 

Maybe it is a benefit of working in the IT Industry including security that I look at any report first as a false positive until proven otherwise. Reports are scrutinized of course but we never take action until we confirm the finding. I can see why others outside the field or relevant experience would look at it the exact opposite as if the tool is gospel—that is rarely the case. All software is suspect and subject to a “reasonableness test”.

Tom NY4I


Re: Prop View

Dave AA6YQ
 

* more AA6YQ comments below

Same thing

* That implies that the "security problem" exists at the web site that PropView is consulting to obtain the current sunspot number,
the URL for which you will find in the "Prediction URLs" panel on the Configuration window's Prediction tab.

* My instance of PropView specifies

http://services.swpc.noaa.gov/text/predicted-sunspot-radio-flux.txt

* and does not report any error.

73,

Dave, AA6YQ

On 4/5/2020 12:50 PM, Dave AA6YQ wrote:


+ AA6YQ comments below

Ok No images,,

It is telling me that it can not download the sunspot numbers from,..... security problem

+ As a diagnostic step, reboot Windows into "Safe mode with networking", and then start PropView. Any change in behavior?


Re: Prop View

Joe WB9SBD
 

Same thing

On 4/5/2020 12:50 PM, Dave AA6YQ wrote:
+ AA6YQ comments below

Ok No images,,

It is telling me that it can not download the sunspot numbers from,.....  security problem

+ As a diagnostic step, reboot Windows into "Safe mode with networking", and then start PropView. Any change in behavior?

      73,

             Dave, AA6YQ








Re: The Sky is falling

Mike Flowers
 

Dave is the Bobby Fischer of software developers!!

 

- 73 and good DX de Mike, K6MKF, NCDXC Secretary

 

From: DXLab@groups.io <DXLab@groups.io> On Behalf Of David Bunte
Sent: Sunday, April 05, 2020 10:55
To: DXLab@groups.io
Subject: Re: [DXLab] The Sky is falling

 

Thank God Dave is very good at chess.

 

Dave - K9FN

 

On Sun, Apr 5, 2020 at 1:44 PM Dave AA6YQ <aa6yq@...> wrote:

+ AA6YQ comments below

This surge in Microsoft-related false positives have gone past me.

+ Take a look at

<https://groups.io/g/DXLab>

+ This group has been averaging 750 posts per month. There have been 219 posts in the first 5 days of April, doubling the usual rate. Most of those posts are reports of Microsoft anti-malware damage, or requests for assistance in correcting that damage.

+ Helping ~20 users restore their damaged systems to operation feels like playing ~20 simultaneous chess games.

       73,

             Dave, AA6YQ







Re: The Sky is falling

David Bunte
 

Thank God Dave is very good at chess.

Dave - K9FN

On Sun, Apr 5, 2020 at 1:44 PM Dave AA6YQ <aa6yq@...> wrote:
+ AA6YQ comments below

This surge in Microsoft-related false positives have gone past me.

+ Take a look at

<https://groups.io/g/DXLab>

+ This group has been averaging 750 posts per month. There have been 219 posts in the first 5 days of April, doubling the usual rate. Most of those posts are reports of Microsoft anti-malware damage, or requests for assistance in correcting that damage.

+ Helping ~20 users restore their damaged systems to operation feels like playing ~20 simultaneous chess games.

       73,

             Dave, AA6YQ








Re: To everyone reporting that Commander has stopped working because their Anti-malware has reported it to be infected with a virus

Dave AA6YQ
 

+ AA6YQ comments below

Upon further review when doing a lookup in DXKeeper I get Callbook Error: Not connected to Pathfinder. Is this related?

+ If you're anti-malware application can decide to spontaneously damage Commander, it can decide to spontaneously damage any of your DXLab applications.

+ As a diagnostic step, boot Windows into "Safe mode with networking". Start DXKeeper and Pathfinder. Can you now perform callbook lookups?

73,

Dave, AA6YQ


Re: Prop View

Dave AA6YQ
 

+ AA6YQ comments below

Ok No images,,

It is telling me that it can not download the sunspot numbers from,..... security problem

+ As a diagnostic step, reboot Windows into "Safe mode with networking", and then start PropView. Any change in behavior?

73,

Dave, AA6YQ


Re: To everyone reporting that Commander has stopped working because their Anti-malware has reported it to be infected with a virus

Dave AA6YQ
 

+ AA6YQ comments below

Update: I changed the name of Commander1440.exe to Commander.exe and got Commander to launch and did the upgrade to Commander1455.exe. Now the old rename of 1440 to Commander.exe is in the folder with Commander1455.exe.

+ No. When you upgraded to Commander 14.5.5, the Launcher

1. deleted CI-V Commander.exe

2. made a copy of CI-V Commander1455.exe and renamed that copy CI-V Commander.exe

+ Unless you manually change things, CI-V Commander.exe will always be the version of Commander to which you last upgraded.


Shud I now delete the renamed 1440 file and then rename the 1455 file to Commander.exe?

+ No.


How can I see what Commander is actually running?

+ Look in the title bar of Commander's Main window.

73,

Dave, AA6YQ


Re: Prop View

Dave AA6YQ
 

+ AA6YQ comments below

I tried to open PV just now and I am getting this error.

+ Your post did not include an error message. Attachments are not conveyed here.

73,

Dave, AA6YQ


Re: The Sky is falling

Dave AA6YQ
 

+ AA6YQ comments below

This surge in Microsoft-related false positives have gone past me.

+ Take a look at

<https://groups.io/g/DXLab>

+ This group has been averaging 750 posts per month. There have been 219 posts in the first 5 days of April, doubling the usual rate. Most of those posts are reports of Microsoft anti-malware damage, or requests for assistance in correcting that damage.

+ Helping ~20 users restore their damaged systems to operation feels like playing ~20 simultaneous chess games.

73,

Dave, AA6YQ


Re: To everyone reporting that Commander has stopped working because their Anti-malware has reported it to be infected with a virus

Carl Licari-NX5T
 

I did the restore and now do not get the callbook error.

Thanks!
Carl
NX5T


Re: qso not accepted by lotw

Dave AA6YQ
 

+ AA6YQ comments below

Trying to do this, but in step 2, the check box for "Permit uploading of QSO's already uploaded to LOTW" is greyed out.

+ On the "QSL Configuration" window's LoTW tab, there is a TQSL panel at the bottom.

+ What version number appears to the immediate right of "TQSL" in the panel's caption?

+ What is present the panel's "TQSL.exe pathname" box?

73,

Dave, AA6YQ


Re: Launcher slow to load

Dave AA6YQ
 

+ AA6QY comments below

Several weeks (maybe months) ago, I noticed that Launcher was slow to load after a reboot. Slow means several minutes. Actually I believe the Launcher did load but the app did not show up on the desk top. After several minutes, Launcher would appear and all would work great. If I closed launcher and re-launched Launcher would still be slow. Launcher would show as running in Task Manager even though the app would not display on the desk top. If I click on the Launcher icon, it would say that DXLabLauncher was already running. After the computer has been running for about 30 minutes or so, this behavior went away and all seemed normal.

For various reasons, I recently rebuild the computer. With minimal apps installed (browsers, email client, sound card drivers, etc...) I did a fresh install of Launcher. The behavior is the same. I don't know about after 30 minutes yet, though. There is no error log file. An exception has been added to Windows Defender. This is a Win10 Pro machine with the latest patches.

Suggestions?

+ As diagnostic step, please reboot Windows into "Safe mode with networking", and then start the Launcher. Any change in behavior?

73,

Dave, AA6YQ


Re: To everyone reporting that Commander has stopped working because their Anti-malware has reported it to be infected with a virus

Peter Laws / N5UWY
 

On Sun, Apr 5, 2020 at 11:11 AM g4wjs <bill.8@...> wrote:



that's OK but in my opinion it is much easier to simply tell Defender to
restore the file it quarantined.

Sure, if that's an option. I was not offered that option. As I
mentioned in another thread, Windows Defender seems to have changed
how it operates.



--
Peter Laws | N5UWY | plaws plaws net | Travel by Train!


Another Way For Antivirus to Get You

Mike Rhodes
 

A number of programs will "offer" you additional goodies such as McAfee AV, etc. They do this by default rather than allowing you to 'opt in'. Be aware and 'opt out" if you are already running an AV. If you end up with TWO (or more) AV programs running on your PC, you will have major issues, not only with getting files quarantined but with being able to uninstall the offenders.

Mike / W8DN


Re: To everyone reporting that Commander has stopped working because their Anti-malware has reported it to be infected with a virus

Carl Licari-NX5T
 

Upon further review when doing a lookup in DXKeeper I get Callbook Error: Not connected to Pathfinder. Is this related?

Carl
NX5T


Re: To everyone reporting that Commander has stopped working because their Anti-malware has reported it to be infected with a virus

g4wjs
 

On 05/04/2020 17:09, Carl Licari-NX5T wrote:
Bill...
I received no alert from Windows Defender so I made copies of both 1440 and 1455. I then deleted the renamed 1440 to Commander.exe file, then renamed 1455 file to Commander.exe and all appears to be working fine now.

Carl
NX5T
Carl,

that's OK but in my opinion it is much easier to simply tell Defender to restore the file it quarantined.



--
73

Bill

G4WJS.


Re: To everyone reporting that Commander has stopped working because their Anti-malware has reported it to be infected with a virus

Carl Licari-NX5T
 

Bill...
I received no alert from Windows Defender so I made copies of both 1440 and 1455. I then deleted the renamed 1440 to Commander.exe file, then renamed 1455 file to Commander.exe and all appears to be working fine now.

Carl
NX5T