Hello Guest it is May 10, 2021, 11:08:20 PM

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - difalkner

Pages: 1
Mach4 General Discussion / Mach4 build files infected?
« on: February 01, 2019, 12:14:26 PM »
First post here though I visit for answers when I need them.  Here is a problem I just ran into -

Mach4 has been running fine ever since I built the CNC router a little over 2 years ago. A couple of days ago, at the end of running a short job, Mach4 froze on the very last line. I didn't think much of it, just figured it was a Windows 7 thing although it hasn't done this before.

I can't tell you which build I was running on Mach4 but it was probably way back around, possibly 3196. It was working so I didn't see any reason to update it. I am running Windows 7 Home Premium and using Kaspersky Total Security, neither of which has given me any issue.

So I shut the CNC down, restarted the computer, and then restarted the CNC. When I tried to launch Mach4 I got trojan warnings from Kaspersky and it proceeded to delete the 'offending malware'. I went to the FTP site and downloaded several of the updates and tried to install one. Each one I downloaded came with a malware warning but I downloaded them anyway, figuring that Kaspersky and Mach4 have all of a sudden decided not to play nicely together.

I tried the install and it goes about 5% and then Kaspersky finds the Mach4 core dll file to be bad and deletes it. I tried several versions of the updates. I can disable Kaspersky and the install goes just fine and Mach4 starts and runs the CNC without issue. If I enable Kaspersky again and try to run Mach4 then errors and warnings start popping up again. Once that happens Mach4 will no longer run even if I disable Kaspersky again, I have to do the process over.

Kaspersky is updated with the latest database and is set to pretty much default settings except that I have auto updates disabled on it and on the computer. Windows Defender is disabled, as well. I use Dropbox for my files so this computer is connected to the Internet and will stay that way. I realize a lot of folks don't like the controller computer to be connected to the Internet but using Dropbox is the way I transfer files, don't want to use a thumb drive. I have the ability to disable Wi-Fi on this computer and it is often NOT connected when I'm running larger files with longer run times. For short jobs that only take a few minutes I leave it connected.

Well, now it gets interesting... I had an IT guru friend download one of the Hobby files from the Mach4 FTP site and run that file through a Sandbox to see what came back. He is in a different location than me and used his own gear to do this test so it wasn't connected or related to anything I gave him. The file was a 100% hit for a known malicious hash. Since two separate AV engines flagged the files I'm guessing the ArtSoft site has been compromised, at least the FTP page for the downloads.

Right now everything is working because I added the files and folders to the exclusion list in Kaspersky. But that's not very reassuring so I hope they know about it and do something about this.


Pages: 1