virus warning — TomTom Community

virus warning

colin-tcolin-t Posts: 13 [Apprentice Traveler]
trying to update map on GO 5000 download failed and norton issued a warning my doom virus code execution,
i now have no maps ar all?
«1

Comments

  • LouiXIVLouiXIV Posts: 8 [Master Traveler]
    edited February 2020
    Same problem with MyDrive Connect and START50.
    Virus warning [Norton AV] after updating MyDrive Connect and trying to update device
    - Uninstalled MyDrive Connect
    - Reinstalled MyDrive Connect
    - Trying again (Downloading map in progress)

    Will tell you the result ;)
  • LouiXIVLouiXIV Posts: 8 [Master Traveler]
    edited February 2020
    Hi Doug,

    I think the main problem is that norton detects an intrusion and interrupts the upload to the device:

    plz see p2md9putksdc.png

    26.02.2020 11:29:44,Infos,Statistische IPS-ErkennungsÜbertragung,Gesendet,Keine Aktion erforderlich,26.02.2020 11:29:45,Norton AntiVirus,Statistische IPS-ErkennungsÜbertragung,"Signature ID: 20401 <br>Local or Remote Attacker: 1 <br>Remote Port: 51307 <br>Local Port: 3129 <br>Protocol: 6 <br>Signature Set Version: 20200225.061 <br>Application Name: \DEVICE\HARDDISKVOLUME5\PROGRAM FILES (X86)\MYDRIVE CONNECT\TOMTOM MYDRIVE CONNECT.EXE <br>Offending URL: <br>Date Detected: Wed, 26 Feb 2020 10:29:44 GMT <br>Application File Checksum: 8A99F8876B39B782959736950DFFAFFA <br>Application File Information: 4.2.7.3966 <br>Network Data: 434D50520014000078DAEDC7410A40600084D1A1286BD7B1111B1B4EE51A166EE0867E7209F55E7D4DB3CED3D8A5CED2E655959A6F1FD796B4E5EDFD709C0100000000FEE40603340493 <br>Sub-signature ID: 65542 <br>Signature Properties: 4628 <br>Referer URL: <br>Application File SHA256: 7347F29B8CDFDB68BF4D317FF14852304CA78D1AA368BA69CACE8A30ADD40AC0 <br>Application File CreateTime: 0 <br>IPSSubmissionID: a948a862-ec8f-11ea-8d43-806e6f6e6963 <br>Application File Reputation: 63 <br>Application File Prevalence: 139 <br>Forwarded For: <br>Signature Response: 1 <br>Remote Address: 169.254.255.1 <br>Message Disposition: 3 <br> <br>OS-Country:49 <br>OS-Language:German <br>Processor:Intel64 Family 6 Model 78 Stepping 3 <br>System:Windows 10 build 18362 <br>Platform-GUID:21195EB8-252A-4EDA-A388-D069ED54E9CC <br>Telem-ID:D5E27967-0494-41E5-9637-77A0FFF16092 <br>HWID:E2FA5ECB-8A74-14ED-E4F7-6EE533682CDE <br>Hostname-MD5:81DD7DA6A959DA1D14E8C491DF781C29 <br>DateSubmitted:Wed, 26 Feb 2020 10:29:44 GMT <br>Product:Norton Security 22.20.1.69"


    I am trying to update the device with a fresh installation of MYDRIVE CONNECT.
    We will see what happens...

    OK, Norton still interrupts the upload.
    I now try to delete the downloaded maps (as told in Doug's link).
    But after that I have no idea any more.
    I Will keep you updated.
  • DougLapDougLap Posts: 8,003
    Superuser
    Hi @LouiXIV

    Sorry can't help you with Norton. I had problems with Norton years ago and have not gone near it since as a result.

    Hope you fresh installation sorts it.

    Doug
  • YamFazManYamFazMan Posts: 19,475
    Superusers
    Hi
    @LouiXIV

    Maybe... How to Exclude Files From Norton Antivirus Scans
    https://www.lifewire.com/exclude-files-from-norton-antivirus-scans-153348

    ATB YFM
  • LouiXIVLouiXIV Posts: 8 [Master Traveler]
    Hi @YamFazMan ,

    Excluding Files from Scan (or better from Autoprotect) maybe avoid the problem.
    But how can I be sure, the file is not infected and Norton only returns false positive results?

    Loui
  • YamFazManYamFazMan Posts: 19,475
    Superusers
    edited February 2020
    Hi
    @LouiXIV

    Tomtom use an unusual Secure Network system for MyDrive Connect updates... I guess Norton thinks this looks suspicious....

    ATB YFM
  • AdiMUConthe roadAdiMUConthe road Posts: 1 [New Traveler]
    TomTom MyDrive Connect is doing something that Norton Security does not like, It is sending a MyDoom A Worm Code. Why? I don´t know. This kind of problem was posted
    quite a while ago:
    https://discussions.tomtom.com/en/discussion/1037011/tomtom-trucker-6000-europe-v10-10-map-update-problem

    Tomtom doesn´t seem to have done anything about it, so the solution (quick & dirty) is to deactivate the firewall for the duration of the map update...
  • LAURE123LAURE123 Posts: 1,632
    Superuser
    edited February 2020
    Hi all

    @YamFazMan
    In my own experience, it's usually the firewall that blocks MDC. But exclusion can also be done in the antivirus.
    According to the Norton report posted, this is an IPS (Intrusion Prevention Scan Norton) alert related to the firewall.

    @LouiXIV

    For the alert message "My Doom" it's a false positive. All major antivirus/firewall software considers TomTom software to be safe.
    Some firewalls block connections with TomTom secure servers, even the one built into Windows (Defender)

    I would not advise you to deactivate your firewall, download a map can take a long time and your PC would be unprotected against the Web. It would be dangerous for your PC.

    You can try to create a complete exception/exclusion for MyDrive Connect software in Norton Firewall, this file:
    C:\Program Files (x86)\MyDrive Connect\TomTom MyDrive Connect.exe
    This is what I have to do on my PC with my Kaspersky firewall otherwise the maps will not install on my TomTom device.

    I don't know how Norton works but I have found this if it can help you. The links are in English but at the bottom left of the pages you can choose another language (German). To try:

    Allow a blocked program in the Smart Firewall Norton:
    https://support.norton.com/sp/en/uk/home/current/solutions/v6958602

    and/or Add a program to Program Control Norton:
    https://support.norton.com/sp/en/uk/home/current/solutions/v1028102

    In addition, because our TomTom devices are considered as network adapters (removable) switch the TomTom device as a "Trusted Network". It should be named "TomTom" or "Remote NDIS Compatible Device". I would choose "Full Trust".

    Change the trust level of your device:
    https://support.norton.com/sp/en/uk/home/current/solutions/v9802264

    Intrusion Prevention exclusion list:
    https://support.norton.com/sp/en/uk/home/current/solutions/v37652136

    I hope this will help you.

    Regards.
  • LouiXIVLouiXIV Posts: 8 [Master Traveler]
    Very strange.

    I set up an exception for MyDrive in Scan and AutoProtect.

    If I install a map on the device memory, this works without problems, but I have to install the map on the inserted SD card because the map is too large, then Norton blocks the upload again (after 10-12% have already been uploaded)

    I have no explanation for this behavior.
  • YamFazManYamFazMan Posts: 19,475
    Superusers
    edited February 2020
    Hi
    @LAURE123

    I used to run Bitdefender Anti-virus and the Bitdefender firewall is a right royal Pain
    I would set-up MyDrive Connect in the Bitdefender Whitelist... When I logged out MyDrive and logged back in... Bitdefender would arbitrarily decide to remove MyDrive Connect from the whitelist and block access through the firewall
    Bitdefender Support even sent a custom fix to install but nothing worked for me, in the end I gave up on BitDefender....

    ATB YFM
  • Joopie10Joopie10 Posts: 1 [New Seeker]
    Hi, I have a tomtom Via52, Yesterday I saw that there was a new update approx 8GB new charts etc. After downloading abt 9/10% I got an attacq from a computer 169.254.255.1 and 169.254.255.2 named My doom a worm code execution. I have tried several times to get this download but that is impossible. My Via 52 is empty and not working. How can I solve this problem. Hope to hear from someone. Thanks.
  • ST1300_PanEuropeanST1300_PanEuropean Posts: 80 [Outstanding Wayfarer]
    Hi Colin:

    Maybe it was due to this new "Corolla-virus" that is spreading around the world.

    Are you using your GPS in a Toyota Corolla? Maybe it got infected... :)

    Michael

    Corolla-virus
    corollavirus.jpg
  • YamFazManYamFazMan Posts: 19,475
    Superusers
    edited February 2020
    Hi
    @Joopie10

    See this thread... Are you using Norton Anti-virus ???
    Here... https://discussions.tomtom.com/en/discussion/1121495/virus-warning/p1

    ATB YFM
  • LAURE123LAURE123 Posts: 1,632
    Superuser
    edited February 2020
    Hi

    @YamFazMan
    The MDC problem with firewalls is quite subtle and not always easy to work around. Often there is no alert message. These are not the installation files but the https activity. During the process there are several inbound and outbound connections at the same time. The most frustrating: the firewall authorizes the download on the PC but blocks the transfer on the TomTom device of course after the old file has been deleted.

    It took me a while to find the right settings for Kaspersky, MDC and the TomTom device (network adapter). This is what I tried to transpose for Norton in my previous message but it's not obvious or simple.

    @colin-t and @LouiXIV I hope your map installation has finally been successful. 🤞

    Regards.
  • VikramKVikramK Posts: 11,954 Moderator
    @YamFazMan @Joopie10

    I have merged both topics into one, just to keep the discussion under one thread.

    I will forward the reports to the team.

    Regards
    Vikram
  • VikramKVikramK Posts: 11,954 Moderator
    Some advice from our 2nd Line team to troubleshoot this-

    The firewall's settings might require knowledge of ports used in MyDrive Connect. All the communication (inbound and outbound, local and remote) via the following TCP ports should be allowed.

    The most important are:

    80 Main communication port

    443 HTTPS (required for logins, associations and all kind of encrypted contents)

    3128, 3129 Internal communication ports

    4000 The Web connector port of MyDrive Connect (to communicate with the browser)

    Regards
    Vikram
  • tinfiretinfire Posts: 14 [Master Traveler]
    edited February 2020
    I'm having the same wormy problem while updating the Europe Map.
    All of the other maps go on just fine but I'm struggling with Europe.
    Port 6479 to
    Dest 169.254.255.1 : 3129

    Now to fiddle with the firewall but MyConnect is already set up as safe in Firewall and Anti Virus . so the answer in Norton doesn't seem straight forward

    As for the SD card that became unrecognisable and had to be reformatted before it could be used again.
  • tinfiretinfire Posts: 14 [Master Traveler]
    Norton Security

    Security/Advanced/Network/Intrusion Prevention switch to off

    Firewall and Anti Virus remain active but Maps Update OK
  • cleavon_littlecleavon_little Posts: 1 [Novice Seeker]
    I'm having the same problem with the Europe map and Norton. Is switching off the firewall the only way of fixing this and is it safe? I need my maps!
  • EB9000EB9000 Posts: 1 [New Traveler]
    Same problem too. Norton keeps warning for 'MyDoom A Worm Code Execution'. Update map Europe can not be installed. Reinstalled My Drive Connect. Made exception for MDC in Norton. Nothing works. Anyone a solution for this problem?
  • VikramKVikramK Posts: 11,954 Moderator
    edited February 2020
    Hello All,

    We have raised a ticket for this problem. Along with the community we have also seen a similar trend of contacts to our customer service.

    I have added all the above cases to the ticket.

    Thanks
    Vikram
  • LouiXIVLouiXIV Posts: 8 [Master Traveler]
    Thanks to All,

    I am switching now to the german discussion board.
    Did not know that this exists :)

    There they noticed the same.:
    https://discussions.tomtom.com/de/discussion/1121479/neue-kartenversion-10-45#latest

    See you. ;)
  • timTT123timTT123 Posts: 1 [Apprentice Seeker]
    I am having the same problem with Norton and currently without a map.
Sign In or Register to comment.

Who's Online in this Category0