Announcement

Collapse
No announcement yet.

V-RayMax Converter PRO with malware

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • V-RayMax Converter PRO with malware

    Click image for larger version

Name:	trojan 2.jpg
Views:	235
Size:	35.6 KB
ID:	1219214

    I bought V-RayMax Converter PRO. It works well, but every time I open it, I get a warning from Norton that a trojan has just been quarantined. I have so far quarantined a dozen different trojans when opening this app. I contacted the developer, and they said put this in your exclusions in Norton (whose interface has changed, but the instructions have not) -%LOCALAPPDATA%\Autodesk\3dsMax\20xx - 64bit\ENU\scripts\MAXTools\VRayMaxConverterPro\. Nothing was in that folder. I searched for the VRayMaxConverterPro4.mse​ file and excluded it from Norton scans. But it doesn't ​work. Any ideas? Is this script safe?​

  • #2
    After an extended time talking to Norton support (over 5 hours!), they said that it appears that this site may be gathering information. Every time I open the plugin, I get a new warning about a "high-risk virus" (a different .dll every time) that may or may not be real or a false positive, according to Norton.

    It is a Russian URL: https://maxtools.3dzver.ru/vmcpro
    Last edited by brit_bunkley; 01-11-2024, 12:37 AM.

    Comment


    • #3
      That plugin/script is not part of Chaos (its third-party). Better contact the provider/distributer for support.
      Aleksandar Hadzhiev | chaos.com
      Chaos Support Representative | contact us

      Comment


      • #4
        Did you contact the developer? What did they say?

        Comment


        • #5
          I take this post to point out that vdenoise.exe in \ProgramData\Autodesk\ApplicationPlugins\VRay3dsMa x2025\bin has also been flagged as malware by Bitdefender.
          I have added it to the exclusion list and V-ray 7 has come back to life.​
          >B.

          Comment


          • #6
            Did you purchase it from the developer's website? I recently subscribed to a 3D model website, and half the stuff I downloaded was infected.
            Bobby Parker
            www.bobby-parker.com
            e-mail: info@bobby-parker.com
            phone: 2188206812

            My current hardware setup:
            • Ryzen 9 5900x CPU
            • 128gb Vengeance RGB Pro RAM
            • NVIDIA GeForce RTX 4090
            • ​Windows 11 Pro

            Comment


            • #7
              Probably, this is the first time you have encountered a case when an antivirus complains about completely harmless files or programs? I had a case when my antivirus (Kaspersky) deleted the memtest.exe program, considering it dangerous.
              I have been using this converter for a very long time and I have never had any similar problems with it. I think that other users can confirm this. In this case, you have absolutely nothing to fear. Just contact the developer and he will help you.
              It is also possible that your computer is infected with some kind of virus, which in turn can infect any files on the computer.​
              By the way, maybe someone else does not know, but there is a site where you can check files for viruses: https://www.virustotal.com/
              Last edited by phill_moris; 01-11-2024, 03:47 PM.

              Comment


              • #8
                Originally posted by glorybound View Post
                Did you purchase it from the developer's website? I recently subscribed to a 3D model website, and half the stuff I downloaded was infected.
                May I ask which one ?

                Comment


                • #9
                  https://3dskyfree.com/ It costs $35 a month and is full of viruses.
                  Bobby Parker
                  www.bobby-parker.com
                  e-mail: info@bobby-parker.com
                  phone: 2188206812

                  My current hardware setup:
                  • Ryzen 9 5900x CPU
                  • 128gb Vengeance RGB Pro RAM
                  • NVIDIA GeForce RTX 4090
                  • ​Windows 11 Pro

                  Comment


                  • #10
                    I always felt that 3Dsky was sketchy, and while searching for it (it wasn't bookmarked), I ran across 3dskyfree.com. I should have researched first since you can download all Evermotion libraries. It had something I needed, so I purchased a subscription and downloaded a few models for a project, but my virus software went haywire! My point is that some of these sights are meant to deceive. They change the URL slightly, and you get tricked.
                    Bobby Parker
                    www.bobby-parker.com
                    e-mail: info@bobby-parker.com
                    phone: 2188206812

                    My current hardware setup:
                    • Ryzen 9 5900x CPU
                    • 128gb Vengeance RGB Pro RAM
                    • NVIDIA GeForce RTX 4090
                    • ​Windows 11 Pro

                    Comment


                    • #11
                      There indeed are a lot of sites that (illegally) offer 3D models. And even if they are legit you need to be sure that all textures are included and the advertized models are for the right engine. As far as I know of the legal ones (besides the generally known like DesignConnected) for instance GreatCatalog is very organized and each 3D model is viruschecked, ZeelProject is a disaster with textures and materials so you have to assign and/or make materials yourself.

                      Comment


                      • #12
                        Turbosquid was my go-to, but it went into the toilet after they were bought out.
                        Bobby Parker
                        www.bobby-parker.com
                        e-mail: info@bobby-parker.com
                        phone: 2188206812

                        My current hardware setup:
                        • Ryzen 9 5900x CPU
                        • 128gb Vengeance RGB Pro RAM
                        • NVIDIA GeForce RTX 4090
                        • ​Windows 11 Pro

                        Comment


                        • #13
                          I talked to the Norton people yesterday for a total of 5+ hours (3 chat sessions and 2 phone calls with four technicians – each one higher up the rank). That “high risk” warning was unnerving. None of the exclusion methods that we tried worked on my computer.


                          They told me that, at worst, the plugin is gathering minor data (not serious or financial), but it was equally possible that it was a false positive. They said not to use exclusions on the general \AppData\Local\Temp\ file since that location might acquire viruses. That makes sense.


                          Either way, the warnings are confirmed not severe, so I’m okay with the warnings now and will live with them when I use the app. It works much better than the default Max scene converter.​ The developer says that it is a false positive. Noton says that it likely is.
                          Last edited by brit_bunkley; 02-11-2024, 05:18 PM.

                          Comment


                          • #14
                            I use Cgtrader all the time. Some of their models have viruses, but Max finds and deletes them quickly.

                            Comment


                            • #15
                              This problem with false positives of some antivirus software actually occurred before due to a temporary *.dll file that was created in the \AppData\Local\Temp folder to unpack the encrypted file when the converter was launched. Although this file is indeed safe, which was confirmed by several antivirus laboratories, this problem has already been solved by changing the encryption algorithm. Those users who encountered such a situation should simply download the latest current version (4.0043) and update the converter, after which the antivirus software will no longer cause false positives.
                              V-RayMax Converter PRO
                              MAXTools

                              Comment

                              Working...
                              X