virus warning
colin-t
Registered Users Posts: 18 
Master Explorer
Master Explorer
trying to update map on GO 5000 download failed and norton issued a warning my doom virus code execution,
i now have no maps ar all?
i now have no maps ar all?
1
Comments
-
Same problem with MyDrive Connect and START50.
Virus warning [Norton AV] after updating MyDrive Connect and trying to update device
- Uninstalled MyDrive Connect
- Reinstalled MyDrive Connect
- Trying again (Downloading map in progress)
Will tell you the result
0 -
-
Hi Doug,
I think the main problem is that norton detects an intrusion and interrupts the upload to the device:
plz see
26.02.2020 11:29:44,Infos,Statistische IPS-ErkennungsÜbertragung,Gesendet,Keine Aktion erforderlich,26.02.2020 11:29:45,Norton AntiVirus,Statistische IPS-ErkennungsÜbertragung,"Signature ID: 20401 <br>Local or Remote Attacker: 1 <br>Remote Port: 51307 <br>Local Port: 3129 <br>Protocol: 6 <br>Signature Set Version: 20200225.061 <br>Application Name: \DEVICE\HARDDISKVOLUME5\PROGRAM FILES (X86)\MYDRIVE CONNECT\TOMTOM MYDRIVE CONNECT.EXE <br>Offending URL: <br>Date Detected: Wed, 26 Feb 2020 10:29:44 GMT <br>Application File Checksum: 8A99F8876B39B782959736950DFFAFFA <br>Application File Information: 4.2.7.3966 <br>Network Data: 434D50520014000078DAEDC7410A40600084D1A1286BD7B1111B1B4EE51A166EE0867E7209F55E7D4DB3CED3D8A5CED2E655959A6F1FD796B4E5EDFD709C0100000000FEE40603340493 <br>Sub-signature ID: 65542 <br>Signature Properties: 4628 <br>Referer URL: <br>Application File SHA256: 7347F29B8CDFDB68BF4D317FF14852304CA78D1AA368BA69CACE8A30ADD40AC0 <br>Application File CreateTime: 0 <br>IPSSubmissionID: a948a862-ec8f-11ea-8d43-806e6f6e6963 <br>Application File Reputation: 63 <br>Application File Prevalence: 139 <br>Forwarded For: <br>Signature Response: 1 <br>Remote Address: 169.254.255.1 <br>Message Disposition: 3 <br> <br>OS-Country:49 <br>OS-Language:German <br>Processor:Intel64 Family 6 Model 78 Stepping 3 <br>System:Windows 10 build 18362 <br>Platform-GUID:21195EB8-252A-4EDA-A388-D069ED54E9CC <br>Telem-ID:D5E27967-0494-41E5-9637-77A0FFF16092 <br>HWID:E2FA5ECB-8A74-14ED-E4F7-6EE533682CDE <br>Hostname-MD5:81DD7DA6A959DA1D14E8C491DF781C29 <br>DateSubmitted:Wed, 26 Feb 2020 10:29:44 GMT <br>Product:Norton Security 22.20.1.69"
I am trying to update the device with a fresh installation of MYDRIVE CONNECT.
We will see what happens...
OK, Norton still interrupts the upload.
I now try to delete the downloaded maps (as told in Doug's link).
But after that I have no idea any more.
I Will keep you updated.0 -
Hi
@LouiXIV
Maybe... How to Exclude Files From Norton Antivirus Scans
https://www.lifewire.com/exclude-files-from-norton-antivirus-scans-153348
ATB YFM0 -
Hi @YamFazMan ,
Excluding Files from Scan (or better from Autoprotect) maybe avoid the problem.
But how can I be sure, the file is not infected and Norton only returns false positive results?
Loui
0 -
TomTom MyDrive Connect is doing something that Norton Security does not like, It is sending a MyDoom A Worm Code. Why? I don´t know. This kind of problem was posted
quite a while ago:
https://discussions.tomtom.com/en/discussion/1037011/tomtom-trucker-6000-europe-v10-10-map-update-problem
Tomtom doesn´t seem to have done anything about it, so the solution (quick & dirty) is to deactivate the firewall for the duration of the map update...1 -
Hi all
@YamFazMan
In my own experience, it's usually the firewall that blocks MDC. But exclusion can also be done in the antivirus.
According to the Norton report posted, this is an IPS (Intrusion Prevention Scan Norton) alert related to the firewall.
@LouiXIV
For the alert message "My Doom" it's a false positive. All major antivirus/firewall software considers TomTom software to be safe.
Some firewalls block connections with TomTom secure servers, even the one built into Windows (Defender)
I would not advise you to deactivate your firewall, download a map can take a long time and your PC would be unprotected against the Web. It would be dangerous for your PC.
You can try to create a complete exception/exclusion for MyDrive Connect software in Norton Firewall, this file:
C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe
This is what I have to do on my PC with my Kaspersky firewall otherwise the maps will not install on my TomTom device.
I don't know how Norton works but I have found this if it can help you. The links are in English but at the bottom left of the pages you can choose another language (German). To try:
Allow a blocked program in the Smart Firewall Norton:
https://support.norton.com/sp/en/uk/home/current/solutions/v6958602
and/or Add a program to Program Control Norton:
https://support.norton.com/sp/en/uk/home/current/solutions/v1028102
In addition, because our TomTom devices are considered as network adapters (removable) switch the TomTom device as a "Trusted Network". It should be named "TomTom" or "Remote NDIS Compatible Device". I would choose "Full Trust".
Change the trust level of your device:
https://support.norton.com/sp/en/uk/home/current/solutions/v9802264
Intrusion Prevention exclusion list:
https://support.norton.com/sp/en/uk/home/current/solutions/v37652136
I hope this will help you.
Regards.2 -
Very strange.
I set up an exception for MyDrive in Scan and AutoProtect.
If I install a map on the device memory, this works without problems, but I have to install the map on the inserted SD card because the map is too large, then Norton blocks the upload again (after 10-12% have already been uploaded)
I have no explanation for this behavior.0 -
Hi
@LAURE123
I used to run Bitdefender Anti-virus and the Bitdefender firewall is a right royal Pain
I would set-up MyDrive Connect in the Bitdefender Whitelist... When I logged out MyDrive and logged back in... Bitdefender would arbitrarily decide to remove MyDrive Connect from the whitelist and block access through the firewall
Bitdefender Support even sent a custom fix to install but nothing worked for me, in the end I gave up on BitDefender....
ATB YFM0 -
Hi, I have a tomtom Via52, Yesterday I saw that there was a new update approx 8GB new charts etc. After downloading abt 9/10% I got an attacq from a computer 169.254.255.1 and 169.254.255.2 named My doom a worm code execution. I have tried several times to get this download but that is impossible. My Via 52 is empty and not working. How can I solve this problem. Hope to hear from someone. Thanks.
0 -
Hi Colin:
Maybe it was due to this new "Corolla-virus" that is spreading around the world.
Are you using your GPS in a Toyota Corolla? Maybe it got infected...
Michael
Corolla-virus
0 -
Hi
@Joopie10
See this thread... Are you using Norton Anti-virus ???
Here... https://discussions.tomtom.com/en/discussion/1121495/virus-warning/p1
ATB YFM2 -
Hi
@YamFazMan
The MDC problem with firewalls is quite subtle and not always easy to work around. Often there is no alert message. These are not the installation files but the https activity. During the process there are several inbound and outbound connections at the same time. The most frustrating: the firewall authorizes the download on the PC but blocks the transfer on the TomTom device of course after the old file has been deleted.
It took me a while to find the right settings for Kaspersky, MDC and the TomTom device (network adapter). This is what I tried to transpose for Norton in my previous message but it's not obvious or simple.
@colin-t and @LouiXIV I hope your map installation has finally been successful. 🤞
Regards.1 -
@YamFazMan @Joopie10
I have merged both topics into one, just to keep the discussion under one thread.
I will forward the reports to the team.
Regards
Vikram0 -
Some advice from our 2nd Line team to troubleshoot this-
The firewall's settings might require knowledge of ports used in MyDrive Connect. All the communication (inbound and outbound, local and remote) via the following TCP ports should be allowed.
The most important are:
80 Main communication port
443 HTTPS (required for logins, associations and all kind of encrypted contents)
3128, 3129 Internal communication ports
4000 The Web connector port of MyDrive Connect (to communicate with the browser)
Regards
Vikram
0 -
I'm having the same wormy problem while updating the Europe Map.
All of the other maps go on just fine but I'm struggling with Europe.
Port 6479 to
Dest 169.254.255.1 : 3129
Now to fiddle with the firewall but MyConnect is already set up as safe in Firewall and Anti Virus . so the answer in Norton doesn't seem straight forward
As for the SD card that became unrecognisable and had to be reformatted before it could be used again.0 -
Norton Security
Security/Advanced/Network/Intrusion Prevention switch to off
Firewall and Anti Virus remain active but Maps Update OK1 -
I'm having the same problem with the Europe map and Norton. Is switching off the firewall the only way of fixing this and is it safe? I need my maps!0
-
Hi @cleavon_little
See the following
https://discussions.tomtom.com/en/discussion/comment/1694890/#Comment_1694890
Doug0 -
Same problem too. Norton keeps warning for 'MyDoom A Worm Code Execution'. Update map Europe can not be installed. Reinstalled My Drive Connect. Made exception for MDC in Norton. Nothing works. Anyone a solution for this problem?1
-
Hello All,
We have raised a ticket for this problem. Along with the community we have also seen a similar trend of contacts to our customer service.
I have added all the above cases to the ticket.
Thanks
Vikram3 -
Thanks to All,
I am switching now to the german discussion board.
Did not know that this exists
There they noticed the same.:
https://discussions.tomtom.com/de/discussion/1121479/neue-kartenversion-10-45#latest
See you. 0 -
I am having the same problem with Norton and currently without a map.0
Moderator
